From f239b01be196f5ce64fdd9f0a6f42a11077c33c6 Mon Sep 17 00:00:00 2001 From: Gian Demarmels Date: Sat, 1 Jan 2022 12:41:49 +0100 Subject: secmod cs signatures implementation --- src/include/taler_crypto_lib.h | 55 +++++++++++++++++++++++++++++++++++++++ src/include/taler_signatures.h | 7 ++++- src/util/secmod_signatures.c | 59 ++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 118 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index bf82b8f0e..ff145cc41 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -408,6 +408,20 @@ struct TALER_WireSalt }; +/** + * Hash used to represent an CS public key. Does not include age + * restrictions and is ONLY for CS. Used ONLY for interactions with the CS + * security module. + */ +struct TALER_CsPubHashP +{ + /** + * Actual hash value. + */ + struct GNUNET_HashCode hash; +}; + + /** * Hash used to represent an RSA public key. Does not include age * restrictions and is ONLY for RSA. Used ONLY for interactions with the RSA @@ -2448,6 +2462,47 @@ TALER_exchange_secmod_rsa_verify ( const struct TALER_SecurityModuleSignatureP *secm_sig); +/** + * Create security module denomination signature. + * + * @param h_cs hash of the CS public key to sign + * @param section_name name of the section in the configuration + * @param start_sign starting point of validity for signing + * @param duration how long will the key be in use + * @param secm_priv security module key to sign with + * @param[out] secm_sig where to write the signature + */ +void +TALER_exchange_secmod_cs_sign ( + const struct TALER_CsPubHashP *h_cs, + const char *section_name, + struct GNUNET_TIME_Timestamp start_sign, + struct GNUNET_TIME_Relative duration, + const struct TALER_SecurityModulePrivateKeyP *secm_priv, + struct TALER_SecurityModuleSignatureP *secm_sig); + + +/** + * Verify security module denomination signature. + * + * @param h_cs hash of the public key to validate + * @param section_name name of the section in the configuration + * @param start_sign starting point of validity for signing + * @param duration how long will the key be in use + * @param secm_pub public key to verify against + * @param secm_sig the signature the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_secmod_cs_verify ( + const struct TALER_CsPubHashP *h_cs, + const char *section_name, + struct GNUNET_TIME_Timestamp start_sign, + struct GNUNET_TIME_Relative duration, + const struct TALER_SecurityModulePublicKeyP *secm_pub, + const struct TALER_SecurityModuleSignatureP *secm_sig); + + /** * Create denomination key validity signature by the auditor. * diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index 3ad1121ca..3c31a4b60 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -287,6 +287,11 @@ */ #define TALER_SIGNATURE_SM_SIGNING_KEY 1251 +/** + * Signature on a denomination key announcement. + */ +#define TALER_SIGNATURE_SM_CS_DENOMINATION_KEY 1252 + /*******************/ /* Test signatures */ /*******************/ @@ -341,7 +346,7 @@ struct TALER_DenominationKeyAnnouncementPS /** * Hash of the denomination public key. */ - struct TALER_RsaPubHashP h_rsa; + struct TALER_DenominationHash h_denom; /** * Hash of the section name in the configuration of this denomination. diff --git a/src/util/secmod_signatures.c b/src/util/secmod_signatures.c index 9cb15bcf5..8e629ebbc 100644 --- a/src/util/secmod_signatures.c +++ b/src/util/secmod_signatures.c @@ -81,7 +81,7 @@ TALER_exchange_secmod_rsa_sign ( struct TALER_DenominationKeyAnnouncementPS dka = { .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY), .purpose.size = htonl (sizeof (dka)), - .h_rsa = *h_rsa, + .h_denom.hash = h_rsa->hash, .anchor_time = GNUNET_TIME_timestamp_hton (start_sign), .duration_withdraw = GNUNET_TIME_relative_hton (duration) }; @@ -108,7 +108,7 @@ TALER_exchange_secmod_rsa_verify ( struct TALER_DenominationKeyAnnouncementPS dka = { .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY), .purpose.size = htonl (sizeof (dka)), - .h_rsa = *h_rsa, + .h_denom.hash = h_rsa->hash, .anchor_time = GNUNET_TIME_timestamp_hton (start_sign), .duration_withdraw = GNUNET_TIME_relative_hton (duration) }; @@ -124,4 +124,59 @@ TALER_exchange_secmod_rsa_verify ( } +void +TALER_exchange_secmod_cs_sign ( + const struct TALER_CsPubHashP *h_cs, + const char *section_name, + struct GNUNET_TIME_Timestamp start_sign, + struct GNUNET_TIME_Relative duration, + const struct TALER_SecurityModulePrivateKeyP *secm_priv, + struct TALER_SecurityModuleSignatureP *secm_sig) +{ + struct TALER_DenominationKeyAnnouncementPS dka = { + .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY), + .purpose.size = htonl (sizeof (dka)), + .h_denom.hash = h_cs->hash, + .anchor_time = GNUNET_TIME_timestamp_hton (start_sign), + .duration_withdraw = GNUNET_TIME_relative_hton (duration) + }; + + GNUNET_CRYPTO_hash (section_name, + strlen (section_name) + 1, + &dka.h_section_name); + GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv, + &dka, + &secm_sig->eddsa_signature); + +} + + +enum GNUNET_GenericReturnValue +TALER_exchange_secmod_cs_verify ( + const struct TALER_CsPubHashP *h_cs, + const char *section_name, + struct GNUNET_TIME_Timestamp start_sign, + struct GNUNET_TIME_Relative duration, + const struct TALER_SecurityModulePublicKeyP *secm_pub, + const struct TALER_SecurityModuleSignatureP *secm_sig) +{ + struct TALER_DenominationKeyAnnouncementPS dka = { + .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY), + .purpose.size = htonl (sizeof (dka)), + .h_denom.hash = h_cs->hash, + .anchor_time = GNUNET_TIME_timestamp_hton (start_sign), + .duration_withdraw = GNUNET_TIME_relative_hton (duration) + }; + + GNUNET_CRYPTO_hash (section_name, + strlen (section_name) + 1, + &dka.h_section_name); + return + GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY, + &dka, + &secm_sig->eddsa_signature, + &secm_pub->eddsa_pub); +} + + /* end of secmod_signatures.c */ -- cgit v1.2.3