aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/include/taler_mint_service.h11
-rw-r--r--src/mint-lib/mint_api_deposit.c13
-rw-r--r--src/mint-lib/mint_api_handle.c34
-rw-r--r--src/mint/taler-mint-httpd_keystate.c9
-rw-r--r--src/mint/taler-mint-httpd_keystate.h4
-rw-r--r--src/mint/taler-mint-httpd_responses.c24
6 files changed, 64 insertions, 31 deletions
diff --git a/src/include/taler_mint_service.h b/src/include/taler_mint_service.h
index 5ee2331f4..7822d6200 100644
--- a/src/include/taler_mint_service.h
+++ b/src/include/taler_mint_service.h
@@ -316,13 +316,16 @@ TALER_MINT_get_keys (const struct TALER_MINT_Handle *mint);
/**
- * Obtain the current signing key from the mint.
+ * Test if the given @a pub is a the current signing key from the mint
+ * according to @a keys.
*
* @param keys the mint's key set
- * @return sk current online signing key for the mint, NULL on error
+ * @param pub claimed current online signing key for the mint
+ * @return #GNUNET_OK if @a pub is (according to /keys) a current signing key
*/
-const struct TALER_MintPublicKeyP *
-TALER_MINT_get_signing_key (const struct TALER_MINT_Keys *keys);
+int
+TALER_MINT_test_signing_key (const struct TALER_MINT_Keys *keys,
+ const struct TALER_MintPublicKeyP *pub);
/**
diff --git a/src/mint-lib/mint_api_deposit.c b/src/mint-lib/mint_api_deposit.c
index 008634f20..c6258033c 100644
--- a/src/mint-lib/mint_api_deposit.c
+++ b/src/mint-lib/mint_api_deposit.c
@@ -129,10 +129,11 @@ verify_deposit_signature_ok (const struct TALER_MINT_DepositHandle *dh,
json_t *json)
{
struct TALER_MintSignatureP mint_sig;
+ struct TALER_MintPublicKeyP mint_pub;
const struct TALER_MINT_Keys *key_state;
- const struct TALER_MintPublicKeyP *mint_pub;
struct MAJ_Specification spec[] = {
MAJ_spec_fixed_auto ("sig", &mint_sig),
+ MAJ_spec_fixed_auto ("pub", &mint_pub),
MAJ_spec_end
};
@@ -144,12 +145,18 @@ verify_deposit_signature_ok (const struct TALER_MINT_DepositHandle *dh,
return GNUNET_SYSERR;
}
key_state = TALER_MINT_get_keys (dh->mint);
- mint_pub = TALER_MINT_get_signing_key (key_state);
+ if (GNUNET_OK !=
+ TALER_MINT_test_signing_key (key_state,
+ &mint_pub))
+ {
+ GNUNET_break_op (0);
+ return GNUNET_SYSERR;
+ }
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MINT_CONFIRM_DEPOSIT,
&dh->depconf.purpose,
&mint_sig.eddsa_signature,
- &mint_pub->eddsa_pub))
+ &mint_pub.eddsa_pub))
{
GNUNET_break_op (0);
return GNUNET_SYSERR;
diff --git a/src/mint-lib/mint_api_handle.c b/src/mint-lib/mint_api_handle.c
index 918a0abf4..8b5b2e42c 100644
--- a/src/mint-lib/mint_api_handle.c
+++ b/src/mint-lib/mint_api_handle.c
@@ -425,7 +425,7 @@ decode_keys_json (json_t *resp_obj,
struct TALER_MintSignatureP sig;
struct TALER_MintKeySetPS ks;
struct GNUNET_HashContext *hash_context;
- const struct TALER_MintPublicKeyP *pub;
+ struct TALER_MintPublicKeyP pub;
if (JSON_OBJECT != json_typeof (resp_obj))
return GNUNET_SYSERR;
@@ -438,6 +438,8 @@ decode_keys_json (json_t *resp_obj,
&key_data->master_pub),
MAJ_spec_fixed_auto ("eddsa_sig",
&sig),
+ MAJ_spec_fixed_auto ("eddsa_pub",
+ &pub),
MAJ_spec_absolute_time ("list_issue_date",
&list_issue_date),
MAJ_spec_end
@@ -504,13 +506,14 @@ decode_keys_json (json_t *resp_obj,
GNUNET_CRYPTO_hash_context_finish (hash_context,
&ks.hc);
hash_context = NULL;
- pub = TALER_MINT_get_signing_key (key_data);
- EXITIF (NULL == pub);
+ EXITIF (GNUNET_OK !=
+ TALER_MINT_test_signing_key (key_data,
+ &pub));
EXITIF (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MINT_KEY_SET,
&ks.purpose,
&sig.eddsa_signature,
- &pub->eddsa_pub));
+ &pub.eddsa_pub));
return GNUNET_OK;
EXITIF_exit:
@@ -771,23 +774,30 @@ TALER_MINT_disconnect (struct TALER_MINT_Handle *mint)
/**
- * Obtain the current signing key from the mint.
+ * Test if the given @a pub is a the current signing key from the mint
+ * according to @a keys.
*
* @param keys the mint's key set
- * @return sk current online signing key for the mint, NULL on error
+ * @param pub claimed current online signing key for the mint
+ * @return #GNUNET_OK if @a pub is (according to /keys) a current signing key
*/
-const struct TALER_MintPublicKeyP *
-TALER_MINT_get_signing_key (const struct TALER_MINT_Keys *keys)
+int
+TALER_MINT_test_signing_key (const struct TALER_MINT_Keys *keys,
+ const struct TALER_MintPublicKeyP *pub)
{
struct GNUNET_TIME_Absolute now;
unsigned int i;
+ /* we will check using a tolerance of 1h for the time */
now = GNUNET_TIME_absolute_get ();
for (i=0;i<keys->num_sign_keys;i++)
- if ( (keys->sign_keys[i].valid_from.abs_value_us <= now.abs_value_us) &&
- (keys->sign_keys[i].valid_until.abs_value_us > now.abs_value_us) )
- return &keys->sign_keys[i].key;
- return NULL;
+ if ( (keys->sign_keys[i].valid_from.abs_value_us <= now.abs_value_us + 60 * 60 * 1000LL * 1000LL) &&
+ (keys->sign_keys[i].valid_until.abs_value_us > now.abs_value_us - 60 * 60 * 1000LL * 1000LL) &&
+ (0 == memcmp (pub,
+ &keys->sign_keys[i].key,
+ sizeof (struct TALER_MintPublicKeyP))) )
+ return GNUNET_OK;
+ return GNUNET_SYSERR;
}
diff --git a/src/mint/taler-mint-httpd_keystate.c b/src/mint/taler-mint-httpd_keystate.c
index 096023ac5..dea898587 100644
--- a/src/mint/taler-mint-httpd_keystate.c
+++ b/src/mint/taler-mint-httpd_keystate.c
@@ -519,13 +519,15 @@ TMH_KS_acquire (void)
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"No valid signing key found!\n");
- keys = json_pack ("{s:o, s:o, s:o, s:o, s:o}",
+ keys = json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o}",
"master_public_key",
TALER_json_from_data (&TMH_master_public_key,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)),
"signkeys", key_state->sign_keys_array,
"denoms", key_state->denom_keys_array,
"list_issue_date", TALER_json_from_abs (key_state->reload_time),
+ "eddsa_pub", TALER_json_from_data (&key_state->current_sign_key_issue.issue.signkey_pub,
+ sizeof (struct TALER_MintPublicKeyP)),
"eddsa_sig", TALER_json_from_data (&sig,
sizeof (struct TALER_MintSignatureP)));
key_state->keys_json = json_dumps (keys,
@@ -714,16 +716,19 @@ read_again:
* Sign the message in @a purpose with the mint's signing key.
*
* @param purpose the message to sign
+ * @param[out] pub set to the current public signing key of the mint
* @param[out] sig signature over purpose using current signing key
*/
void
TMH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
- struct TALER_MintSignatureP *sig)
+ struct TALER_MintPublicKeyP *pub,
+ struct TALER_MintSignatureP *sig)
{
struct TMH_KS_StateHandle *key_state;
key_state = TMH_KS_acquire ();
+ *pub = key_state->current_sign_key_issue.issue.signkey_pub;
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv,
purpose,
diff --git a/src/mint/taler-mint-httpd_keystate.h b/src/mint/taler-mint-httpd_keystate.h
index bcdd01f56..5abb006cb 100644
--- a/src/mint/taler-mint-httpd_keystate.h
+++ b/src/mint/taler-mint-httpd_keystate.h
@@ -74,7 +74,7 @@ enum TMH_KS_DenominationKeyUse {
* The key is to be usd for a /deposit or /refresh (melt) operation.
*/
TMH_KS_DKU_DEPOSIT
-
+
};
@@ -110,10 +110,12 @@ TMH_KS_loop (void);
* key.
*
* @param purpose the message to sign
+ * @param[out] pub set to the current public signing key of the mint
* @param[out] sig signature over purpose using current signing key
*/
void
TMH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+ struct TALER_MintPublicKeyP *pub,
struct TALER_MintSignatureP *sig);
diff --git a/src/mint/taler-mint-httpd_responses.c b/src/mint/taler-mint-httpd_responses.c
index bb7a72f8e..fdb5137ec 100644
--- a/src/mint/taler-mint-httpd_responses.c
+++ b/src/mint/taler-mint-httpd_responses.c
@@ -348,8 +348,8 @@ TMH_RESPONSE_reply_deposit_success (struct MHD_Connection *connection,
const struct TALER_Amount *amount_without_fee)
{
struct TALER_DepositConfirmationPS dc;
+ struct TALER_MintPublicKeyP pub;
struct TALER_MintSignatureP sig;
- json_t *sig_json;
dc.purpose.purpose = htonl (TALER_SIGNATURE_MINT_CONFIRM_DEPOSIT);
dc.purpose.size = htonl (sizeof (struct TALER_DepositConfirmationPS));
@@ -363,14 +363,16 @@ TMH_RESPONSE_reply_deposit_success (struct MHD_Connection *connection,
dc.coin_pub = *coin_pub;
dc.merchant = *merchant;
TMH_KS_sign (&dc.purpose,
+ &pub,
&sig);
- sig_json = TALER_json_from_data (&sig,
- sizeof (sig));
return TMH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:s, s:o}",
"status", "DEPOSIT_OK",
- "sig", sig_json);
+ "sig", TALER_json_from_data (&sig,
+ sizeof (sig)),
+ "pub", TALER_json_from_data (&pub,
+ sizeof (pub)));
}
@@ -735,6 +737,7 @@ TMH_RESPONSE_reply_refresh_melt_success (struct MHD_Connection *connection,
uint16_t noreveal_index)
{
struct TALER_RefreshMeltConfirmationPS body;
+ struct TALER_MintPublicKeyP pub;
struct TALER_MintSignatureP sig;
json_t *sig_json;
@@ -743,15 +746,18 @@ TMH_RESPONSE_reply_refresh_melt_success (struct MHD_Connection *connection,
body.session_hash = *session_hash;
body.noreveal_index = htons (noreveal_index);
TMH_KS_sign (&body.purpose,
- &sig);
- sig_json = TALER_json_from_eddsa_sig (&body.purpose,
- &sig.eddsa_signature);
+ &pub,
+ &sig);
+ sig_json = TALER_json_from_data (&sig,
+ sizeof (sig));
GNUNET_assert (NULL != sig_json);
return TMH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK,
- "{s:i, s:o}",
+ "{s:i, s:o, s:o}",
"noreveal_index", (int) noreveal_index,
- "signature", sig_json);
+ "mint_sig", sig_json,
+ "mint_pub", TALER_json_from_data (&pub,
+ sizeof (pub)));
}