aboutsummaryrefslogtreecommitdiff
path: root/src/util
diff options
context:
space:
mode:
Diffstat (limited to 'src/util')
-rw-r--r--src/util/Makefile.am1
-rw-r--r--src/util/crypto_helper_denom.c25
-rw-r--r--src/util/crypto_helper_esign.c38
-rw-r--r--src/util/secmod_signatures.c126
-rw-r--r--src/util/taler-helper-crypto-eddsa.c15
-rw-r--r--src/util/taler-helper-crypto-rsa.c19
6 files changed, 163 insertions, 61 deletions
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index c65a3ef17..bf460a57d 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -70,6 +70,7 @@ libtalerutil_la_SOURCES = \
mhd.c \
offline_signatures.c \
payto.c \
+ secmod_signatures.c \
taler_error_codes.c \
url.c \
util.c \
diff --git a/src/util/crypto_helper_denom.c b/src/util/crypto_helper_denom.c
index 547336e7c..fa8a820b5 100644
--- a/src/util/crypto_helper_denom.c
+++ b/src/util/crypto_helper_denom.c
@@ -277,12 +277,7 @@ handle_mt_avail (struct TALER_CRYPTO_DenominationHelper *dh,
{
struct TALER_DenominationPublicKey denom_pub;
- struct TALER_DenominationKeyAnnouncementPS dka = {
- .purpose.purpose = htonl (TALER_SIGNATURE_SM_DENOMINATION_KEY),
- .purpose.size = htonl (sizeof (dka)),
- .anchor_time = kan->anchor_time,
- .duration_withdraw = kan->duration_withdraw
- };
+ struct GNUNET_HashCode h_denom_pub;
denom_pub.rsa_public_key
= GNUNET_CRYPTO_rsa_public_key_decode (buf,
@@ -293,15 +288,15 @@ handle_mt_avail (struct TALER_CRYPTO_DenominationHelper *dh,
return GNUNET_SYSERR;
}
GNUNET_CRYPTO_rsa_public_key_hash (denom_pub.rsa_public_key,
- &dka.h_denom_pub);
- GNUNET_CRYPTO_hash (section_name,
- strlen (section_name) + 1,
- &dka.h_section_name);
+ &h_denom_pub);
if (GNUNET_OK !=
- GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_DENOMINATION_KEY,
- &dka,
- &kan->secm_sig.eddsa_signature,
- &kan->secm_pub.eddsa_pub))
+ TALER_exchange_secmod_rsa_verify (
+ &h_denom_pub,
+ section_name,
+ GNUNET_TIME_absolute_ntoh (kan->anchor_time),
+ GNUNET_TIME_relative_ntoh (kan->duration_withdraw),
+ &kan->secm_pub,
+ &kan->secm_sig))
{
GNUNET_break_op (0);
GNUNET_CRYPTO_rsa_public_key_free (denom_pub.rsa_public_key);
@@ -311,7 +306,7 @@ handle_mt_avail (struct TALER_CRYPTO_DenominationHelper *dh,
section_name,
GNUNET_TIME_absolute_ntoh (kan->anchor_time),
GNUNET_TIME_relative_ntoh (kan->duration_withdraw),
- &dka.h_denom_pub,
+ &h_denom_pub,
&denom_pub,
&kan->secm_pub,
&kan->secm_sig);
diff --git a/src/util/crypto_helper_esign.c b/src/util/crypto_helper_esign.c
index f21d013f1..fde7f48ee 100644
--- a/src/util/crypto_helper_esign.c
+++ b/src/util/crypto_helper_esign.c
@@ -258,31 +258,23 @@ handle_mt_avail (struct TALER_CRYPTO_ExchangeSignHelper *esh,
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
+ if (GNUNET_OK !=
+ TALER_exchange_secmod_eddsa_verify (
+ &kan->exchange_pub,
+ GNUNET_TIME_absolute_ntoh (kan->anchor_time),
+ GNUNET_TIME_relative_ntoh (kan->duration),
+ &kan->secm_pub,
+ &kan->secm_sig))
{
- struct TALER_SigningKeyAnnouncementPS ska = {
- .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
- .purpose.size = htonl (sizeof (ska)),
- .exchange_pub = kan->exchange_pub,
- .anchor_time = kan->anchor_time,
- .duration = kan->duration
- };
-
- if (GNUNET_OK !=
- GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_SIGNING_KEY,
- &ska,
- &kan->secm_sig.eddsa_signature,
- &kan->secm_pub.eddsa_pub))
- {
- GNUNET_break_op (0);
- return GNUNET_SYSERR;
- }
- esh->ekc (esh->ekc_cls,
- GNUNET_TIME_absolute_ntoh (kan->anchor_time),
- GNUNET_TIME_relative_ntoh (kan->duration),
- &kan->exchange_pub,
- &kan->secm_pub,
- &kan->secm_sig);
+ GNUNET_break_op (0);
+ return GNUNET_SYSERR;
}
+ esh->ekc (esh->ekc_cls,
+ GNUNET_TIME_absolute_ntoh (kan->anchor_time),
+ GNUNET_TIME_relative_ntoh (kan->duration),
+ &kan->exchange_pub,
+ &kan->secm_pub,
+ &kan->secm_sig);
return GNUNET_OK;
}
diff --git a/src/util/secmod_signatures.c b/src/util/secmod_signatures.c
new file mode 100644
index 000000000..5a2e338ce
--- /dev/null
+++ b/src/util/secmod_signatures.c
@@ -0,0 +1,126 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2020 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file secmod_signatures.c
+ * @brief Utility functions for Taler security module signatures
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_util.h"
+#include "taler_signatures.h"
+
+
+void
+TALER_exchange_secmod_eddsa_sign (
+ const struct TALER_ExchangePublicKeyP *exchange_pub,
+ struct GNUNET_TIME_Absolute start_sign,
+ struct GNUNET_TIME_Relative duration,
+ const struct TALER_SecurityModulePrivateKeyP *secm_priv,
+ struct TALER_SecurityModuleSignatureP *secm_sig)
+{
+ struct TALER_SigningKeyAnnouncementPS ska = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
+ .purpose.size = htonl (sizeof (ska)),
+ .exchange_pub = *exchange_pub,
+ .anchor_time = GNUNET_TIME_absolute_hton (start_sign),
+ .duration = GNUNET_TIME_relative_hton (duration)
+ };
+
+ GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
+ &ska,
+ &secm_sig->eddsa_signature);
+}
+
+
+int
+TALER_exchange_secmod_eddsa_verify (
+ const struct TALER_ExchangePublicKeyP *exchange_pub,
+ struct GNUNET_TIME_Absolute start_sign,
+ struct GNUNET_TIME_Relative duration,
+ const struct TALER_SecurityModulePublicKeyP *secm_pub,
+ const struct TALER_SecurityModuleSignatureP *secm_sig)
+{
+ struct TALER_SigningKeyAnnouncementPS ska = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
+ .purpose.size = htonl (sizeof (ska)),
+ .exchange_pub = *exchange_pub,
+ .anchor_time = GNUNET_TIME_absolute_hton (start_sign),
+ .duration = GNUNET_TIME_relative_hton (duration)
+ };
+
+ return
+ GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_SIGNING_KEY,
+ &ska,
+ &secm_sig->eddsa_signature,
+ &secm_pub->eddsa_pub);
+}
+
+
+void
+TALER_exchange_secmod_rsa_sign (
+ const struct GNUNET_HashCode *h_denom_pub,
+ const char *section_name,
+ struct GNUNET_TIME_Absolute start_sign,
+ struct GNUNET_TIME_Relative duration,
+ const struct TALER_SecurityModulePrivateKeyP *secm_priv,
+ struct TALER_SecurityModuleSignatureP *secm_sig)
+{
+ struct TALER_DenominationKeyAnnouncementPS dka = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_SM_DENOMINATION_KEY),
+ .purpose.size = htonl (sizeof (dka)),
+ .h_denom_pub = *h_denom_pub,
+ .anchor_time = GNUNET_TIME_absolute_hton (start_sign),
+ .duration_withdraw = GNUNET_TIME_relative_hton (duration)
+ };
+
+ GNUNET_CRYPTO_hash (section_name,
+ strlen (section_name) + 1,
+ &dka.h_section_name);
+ GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
+ &dka,
+ &secm_sig->eddsa_signature);
+
+}
+
+
+int
+TALER_exchange_secmod_rsa_verify (
+ const struct GNUNET_HashCode *h_denom_pub,
+ const char *section_name,
+ struct GNUNET_TIME_Absolute start_sign,
+ struct GNUNET_TIME_Relative duration,
+ const struct TALER_SecurityModulePublicKeyP *secm_pub,
+ const struct TALER_SecurityModuleSignatureP *secm_sig)
+{
+ struct TALER_DenominationKeyAnnouncementPS dka = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_SM_DENOMINATION_KEY),
+ .purpose.size = htonl (sizeof (dka)),
+ .anchor_time = GNUNET_TIME_absolute_hton (start_sign),
+ .duration_withdraw = GNUNET_TIME_relative_hton (duration)
+ };
+
+ GNUNET_CRYPTO_hash (section_name,
+ strlen (section_name) + 1,
+ &dka.h_section_name);
+ return
+ GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_DENOMINATION_KEY,
+ &dka,
+ &secm_sig->eddsa_signature,
+ &secm_pub->eddsa_pub);
+}
+
+
+/* end of secmod_signatures.c */
diff --git a/src/util/taler-helper-crypto-eddsa.c b/src/util/taler-helper-crypto-eddsa.c
index e5147b2b6..af1cc24d6 100644
--- a/src/util/taler-helper-crypto-eddsa.c
+++ b/src/util/taler-helper-crypto-eddsa.c
@@ -606,13 +606,6 @@ static int
notify_client_key_add (struct Client *client,
const struct Key *key)
{
- struct TALER_SigningKeyAnnouncementPS ska = {
- .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
- .purpose.size = htonl (sizeof (ska)),
- .exchange_pub = key->exchange_pub,
- .anchor_time = GNUNET_TIME_absolute_hton (key->anchor),
- .duration = GNUNET_TIME_relative_hton (duration)
- };
struct TALER_CRYPTO_EddsaKeyAvailableNotification an = {
.header.size = htons (sizeof (an)),
.header.type = htons (TALER_HELPER_EDDSA_MT_AVAIL),
@@ -622,9 +615,11 @@ notify_client_key_add (struct Client *client,
.secm_pub = smpub
};
- GNUNET_CRYPTO_eddsa_sign (&smpriv.eddsa_priv,
- &ska,
- &an.secm_sig.eddsa_signature);
+ TALER_exchange_secmod_eddsa_sign (&key->exchange_pub,
+ key->anchor,
+ duration,
+ &smpriv,
+ &an.secm_sig);
if (GNUNET_OK !=
transmit (&client->addr,
client->addr_size,
diff --git a/src/util/taler-helper-crypto-rsa.c b/src/util/taler-helper-crypto-rsa.c
index 977056743..aeb747d9b 100644
--- a/src/util/taler-helper-crypto-rsa.c
+++ b/src/util/taler-helper-crypto-rsa.c
@@ -708,22 +708,12 @@ notify_client_dk_add (struct Client *client,
{
struct Denomination *denom = dk->denom;
size_t nlen = strlen (denom->section) + 1;
- struct TALER_DenominationKeyAnnouncementPS dka = {
- .purpose.purpose = htonl (TALER_SIGNATURE_SM_DENOMINATION_KEY),
- .purpose.size = htonl (sizeof (dka)),
- .h_denom_pub = dk->h_denom_pub,
- .anchor_time = GNUNET_TIME_absolute_hton (dk->anchor),
- .duration_withdraw = GNUNET_TIME_relative_hton (denom->duration_withdraw)
- };
struct TALER_CRYPTO_RsaKeyAvailableNotification *an;
size_t buf_len;
void *buf;
void *p;
size_t tlen;
- GNUNET_CRYPTO_hash (denom->section,
- nlen,
- &dka.h_section_name);
buf_len = GNUNET_CRYPTO_rsa_public_key_encode (dk->denom_pub.rsa_public_key,
&buf);
GNUNET_assert (buf_len < UINT16_MAX);
@@ -737,9 +727,12 @@ notify_client_dk_add (struct Client *client,
an->section_name_len = htons ((uint16_t) nlen);
an->anchor_time = GNUNET_TIME_absolute_hton (dk->anchor);
an->duration_withdraw = GNUNET_TIME_relative_hton (denom->duration_withdraw);
- GNUNET_CRYPTO_eddsa_sign (&smpriv.eddsa_priv,
- &dka,
- &an->secm_sig.eddsa_signature);
+ TALER_exchange_secmod_rsa_sign (&dk->h_denom_pub,
+ denom->section,
+ dk->anchor,
+ denom->duration_withdraw,
+ &smpriv,
+ &an->secm_sig);
an->secm_pub = smpub;
p = (void *) &an[1];
memcpy (p,