diff options
-rw-r--r-- | src/exchange-lib/exchange_api_handle.c | 44 | ||||
-rw-r--r-- | src/exchange-tools/taler-exchange-keycheck.c | 6 | ||||
-rw-r--r-- | src/exchange-tools/taler-exchange-keyup.c | 7 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_keystate.c | 14 | ||||
-rw-r--r-- | src/include/taler_exchangedb_lib.h | 6 | ||||
-rw-r--r-- | src/include/taler_signatures.h | 7 |
6 files changed, 40 insertions, 44 deletions
diff --git a/src/exchange-lib/exchange_api_handle.c b/src/exchange-lib/exchange_api_handle.c index 27ee257d9..895d1f1dd 100644 --- a/src/exchange-lib/exchange_api_handle.c +++ b/src/exchange-lib/exchange_api_handle.c @@ -42,9 +42,9 @@ #define TALER_PROTOCOL_AGE 0 /** - * Current version for (local) JSON serialization of persisted + * Current version for (local) JSON serialization of persisted * /keys data. - */ + */ #define TALER_SERIALIZATION_FORMAT_VERSION 0 @@ -223,9 +223,10 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key, const struct TALER_MasterPublicKeyP *master_key) { struct TALER_ExchangeSigningKeyValidityPS sign_key_issue; + struct TALER_MasterSignatureP sign_key_issue_sig; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_fixed_auto ("master_sig", - &sign_key->master_sig), + &sign_key_issue_sig), GNUNET_JSON_spec_fixed_auto ("key", &sign_key->key), GNUNET_JSON_spec_absolute_time ("stamp_start", @@ -250,10 +251,7 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key, return GNUNET_OK; sign_key_issue.signkey_pub = sign_key->key; sign_key_issue.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY); - sign_key_issue.purpose.size = - htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS) - - offsetof (struct TALER_ExchangeSigningKeyValidityPS, - purpose)); + sign_key_issue.purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS)); sign_key_issue.master_public_key = *master_key; sign_key_issue.start = GNUNET_TIME_absolute_hton (sign_key->valid_from); sign_key_issue.expire = GNUNET_TIME_absolute_hton (sign_key->valid_until); @@ -261,7 +259,7 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key, if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, &sign_key_issue.purpose, - &sign_key->master_sig.eddsa_signature, + &sign_key_issue_sig.eddsa_signature, &master_key->eddsa_pub)) { GNUNET_break_op (0); @@ -477,7 +475,7 @@ parse_json_auditor (struct TALER_EXCHANGE_AuditorInformation *auditor, TALER_amount_hton (&kv.fee_refund, &dk->fee_refund); kv.denom_hash = dk->h_key; - + if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS, &kv.purpose, @@ -527,7 +525,7 @@ decode_keys_json (const json_t *resp_obj, &sig), GNUNET_JSON_spec_fixed_auto ("eddsa_pub", &pub), - /* sig and pub must be first, as we skip those if + /* sig and pub must be first, as we skip those if check_sig is false! */ GNUNET_JSON_spec_fixed_auto ("master_public_key", &key_data->master_pub), @@ -591,11 +589,11 @@ decode_keys_json (const json_t *resp_obj, NULL, NULL)); /* parse the master public key and issue date of the response */ - if (check_sig) + if (check_sig) hash_context = GNUNET_CRYPTO_hash_context_start (); else hash_context = NULL; - + /* parse the signing keys */ { json_t *sign_keys_array; @@ -1157,7 +1155,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange, GNUNET_JSON_spec_end() }; struct TALER_EXCHANGE_Keys key_data; - + if (NULL == data) return; if (GNUNET_OK != @@ -1175,7 +1173,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange, { GNUNET_break (0); return; - } + } memset (&key_data, 0, sizeof (struct TALER_EXCHANGE_Keys)); @@ -1226,7 +1224,7 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange) { const struct TALER_EXCHANGE_SigningPublicKey *sk = &kd->sign_keys[i]; json_t *signkey; - + if (now.abs_value_us > sk->valid_until.abs_value_us) continue; /* skip keys that have expired */ signkey = json_pack ("{s:o, s:o, s:o, s:o, s:o}", @@ -1247,13 +1245,13 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange) } json_array_append_new (signkeys, signkey); - } + } denoms = json_array (); for (unsigned int i=0;i<kd->num_denom_keys;i++) { const struct TALER_EXCHANGE_DenomPublicKey *dk = &kd->denom_keys[i]; json_t *denom; - + if (now.abs_value_us > dk->expire_deposit.abs_value_us) continue; /* skip keys that have expired */ denom = json_pack ("{s:o, s:o, s:o, s:o, s:o " @@ -1290,13 +1288,13 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange) } json_array_append_new (denoms, denom); - } + } auditors = json_array (); for (unsigned int i=0;i<kd->num_auditors;i++) { const struct TALER_EXCHANGE_AuditorInformation *ai = &kd->auditors[i]; json_t *a; - json_t *adenoms; + json_t *adenoms; adenoms = json_array (); for (unsigned int j=0;j<ai->num_denom_keys;j++) @@ -1319,7 +1317,7 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange) json_array_append_new (adenoms, k); } - + a = json_pack ("{s:s, s:o, s:o}", "auditor_pub", GNUNET_JSON_from_data_auto (&ai->auditor_pub), @@ -1334,11 +1332,11 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange) } json_array_append_new (auditors, a); - } + } keys = json_pack ("{s:s, s:o, s:o, s:o, s:o" ",s:o, s:o}", /* 1 */ - "version", + "version", kd->version, "master_public_key", GNUNET_JSON_from_data_auto (&kd->master_pub), @@ -1414,7 +1412,7 @@ TALER_EXCHANGE_connect (struct GNUNET_CURL_Context *ctx, case TALER_EXCHANGE_OPTION_DATA: { const json_t *data = va_arg (ap, const json_t *); - + deserialize_data (exchange, data); break; diff --git a/src/exchange-tools/taler-exchange-keycheck.c b/src/exchange-tools/taler-exchange-keycheck.c index 8018e3521..74b73cd09 100644 --- a/src/exchange-tools/taler-exchange-keycheck.c +++ b/src/exchange-tools/taler-exchange-keycheck.c @@ -64,9 +64,7 @@ signkeys_iter (void *cls, (GNUNET_TIME_absolute_ntoh (ski->issue.start))); if (ntohl (ski->issue.purpose.size) != - (sizeof (struct TALER_ExchangeSigningKeyValidityPS) - - offsetof (struct TALER_ExchangeSigningKeyValidityPS, - purpose))) + (sizeof (struct TALER_ExchangeSigningKeyValidityPS))) { fprintf (stderr, "Signing key `%s' has invalid purpose size\n", @@ -85,7 +83,7 @@ signkeys_iter (void *cls, if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, &ski->issue.purpose, - &ski->issue.signature.eddsa_signature, + &ski->master_sig.eddsa_signature, &ski->issue.master_public_key.eddsa_pub)) { fprintf (stderr, diff --git a/src/exchange-tools/taler-exchange-keyup.c b/src/exchange-tools/taler-exchange-keyup.c index 22c72d5cc..cf774957f 100644 --- a/src/exchange-tools/taler-exchange-keyup.c +++ b/src/exchange-tools/taler-exchange-keyup.c @@ -472,14 +472,11 @@ create_signkey_issue_priv (struct GNUNET_TIME_Absolute start, GNUNET_CRYPTO_eddsa_key_get_public (&pi->signkey_priv.eddsa_priv, &issue->signkey_pub.eddsa_pub); issue->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY); - issue->purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS) - - offsetof (struct TALER_ExchangeSigningKeyValidityPS, - purpose)); - + issue->purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS)); GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (&master_priv.eddsa_priv, &issue->purpose, - &issue->signature.eddsa_signature)); + &pi->master_sig.eddsa_signature)); } diff --git a/src/exchange/taler-exchange-httpd_keystate.c b/src/exchange/taler-exchange-httpd_keystate.c index 413b9d1bd..45b8846f1 100644 --- a/src/exchange/taler-exchange-httpd_keystate.c +++ b/src/exchange/taler-exchange-httpd_keystate.c @@ -795,10 +795,12 @@ reload_keys_denom_iter (void *cls, * Convert the public part of a sign key issue to a JSON object. * * @param ski the sign key issue + * @param ski_sig signature over @a ski * @return a JSON object describing the sign key issue (public part) */ static json_t * -sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski) +sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski, + struct TALER_MasterSignatureP *ski_sig) { return json_pack ("{s:o, s:o, s:o, s:o, s:o}", @@ -809,7 +811,7 @@ sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski) "stamp_end", GNUNET_JSON_from_time_abs (GNUNET_TIME_absolute_ntoh (ski->end)), "master_sig", - GNUNET_JSON_from_data_auto (&ski->signature), + GNUNET_JSON_from_data_auto (ski_sig), "key", GNUNET_JSON_from_data_auto (&ski->signkey_pub)); } @@ -823,6 +825,7 @@ sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski) * @param cls closure with the `struct ResponseFactoryContext *` * @param filename name of the file the key came from * @param ski the sign key issue + * @param ski_sig signature over @a ski * @return #GNUNET_OK to continue to iterate, * #GNUNET_NO to stop iteration with no error, * #GNUNET_SYSERR to abort iteration with error! @@ -878,7 +881,8 @@ reload_keys_sign_iter (void *cls, } GNUNET_assert (0 == json_array_append_new (rfc->sign_keys_array, - sign_key_issue_to_json (&ski->issue))); + sign_key_issue_to_json (&ski->issue, + &ski->master_sig))); return GNUNET_OK; } @@ -1670,7 +1674,7 @@ TEH_KS_acquire_ (const char *location) (internal_key_state->next_reload.abs_value_us <= now.abs_value_us) ) { struct TEH_KS_StateHandle *ks = internal_key_state; - + internal_key_state = NULL; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "KS released in acquire due to expiration\n"); @@ -1976,7 +1980,7 @@ TEH_KS_free () if (NULL != internal_key_state) { struct TEH_KS_StateHandle *ks = internal_key_state; - + internal_key_state = NULL; TEH_KS_release (ks); } diff --git a/src/include/taler_exchangedb_lib.h b/src/include/taler_exchangedb_lib.h index b89dd087d..f942c5fbb 100644 --- a/src/include/taler_exchangedb_lib.h +++ b/src/include/taler_exchangedb_lib.h @@ -56,9 +56,15 @@ struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP struct TALER_ExchangePrivateKeyP signkey_priv; /** + * Signature over @e issue + */ + struct TALER_MasterSignatureP master_sig; + + /** * Public information about a exchange signing key. */ struct TALER_ExchangeSigningKeyValidityPS issue; + }; diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index 428fa96ec..512198fe8 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -607,13 +607,6 @@ struct TALER_RefreshMeltConfirmationPS */ struct TALER_ExchangeSigningKeyValidityPS { - /** - * Signature over the signing key (by the master key of the exchange). - * - * FIXME: should be moved outside of the "PS" struct, this is ugly. - * (and makes this struct different from all of the others) - */ - struct TALER_MasterSignatureP signature; /** * Purpose is #TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY. |