introduce new data type for the post-orders hash used for idempotency checks, as well as the hash and salt for authentication checks

author: Christian Grothoff <christian@grothoff.org> 2021-12-19 12:24:14 +0100
committer: Christian Grothoff <christian@grothoff.org> 2021-12-19 12:24:14 +0100
commit: 64e64141962fbea4e8acea87f57f98e93360a7c4 (patch)
tree: 37653111c82d9bc3e3440a2b8a0ccef756aea4b0
parent: 5f57dbbc7b1e1ed21fff24daa537b949727b7966 (diff)
11 files changed, 73 insertions, 29 deletions
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index cae16909..f2de7373 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -150,8 +150,8 @@ char *TMH_default_auth;
 
 enum GNUNET_GenericReturnValue
 TMH_check_auth (const char *token,
-                const struct GNUNET_ShortHashCode *salt,
-                const struct GNUNET_HashCode *hash)
+                struct TALER_MerchantAuthenticationSaltP *salt,
+                struct TALER_MerchantAuthenticationHashP *hash)
 {
   struct GNUNET_HashCode val;
   char *dec;
@@ -180,7 +180,7 @@ TMH_check_auth (const char *token,
                                     0));
   GNUNET_free (dec);
   return (0 == GNUNET_memcmp (&val,
-                              hash))
+                              &hash->hash))
     ? GNUNET_OK
     : GNUNET_SYSERR;
 }
@@ -188,8 +188,8 @@ TMH_check_auth (const char *token,
 
 void
 TMH_compute_auth (const char *token,
-                  struct GNUNET_ShortHashCode *salt,
-                  struct GNUNET_HashCode *hash)
+                  struct TALER_MerchantAuthenticationSaltP *salt,
+                  struct TALER_MerchantAuthenticationHashP *hash)
 {
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
                               salt,
diff --git a/src/backend/taler-merchant-httpd.h b/src/backend/taler-merchant-httpd.h
index 93ca63d3..fce507ef 100644
--- a/src/backend/taler-merchant-httpd.h
+++ b/src/backend/taler-merchant-httpd.h
@@ -680,8 +680,8 @@ TMH_reload_instances (const char *id);
  */
 enum GNUNET_GenericReturnValue
 TMH_check_auth (const char *token,
-                const struct GNUNET_ShortHashCode *salt,
-                const struct GNUNET_HashCode *hash);
+                struct TALER_MerchantAuthenticationSaltP *salt,
+                struct TALER_MerchantAuthenticationHashP *hash);
 
 
 /**
@@ -694,8 +694,8 @@ TMH_check_auth (const char *token,
  */
 void
 TMH_compute_auth (const char *token,
-                  struct GNUNET_ShortHashCode *salt,
-                  struct GNUNET_HashCode *hash);
+                  struct TALER_MerchantAuthenticationSaltP *salt,
+                  struct TALER_MerchantAuthenticationHashP *hash);
 
 
 #endif
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c
index db1c3fee..d6abdc62 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -1083,7 +1083,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
   else
   {
     struct TALER_ClaimTokenP db_claim_token;
-    struct GNUNET_HashCode unused; /* h_post_data */
+    struct TALER_MerchantPostDataHashP unused;
 
     qs = TMH_db->lookup_order (TMH_db->cls,
                                hc->instance->settings.id,
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-claim.c b/src/backend/taler-merchant-httpd_post-orders-ID-claim.c
index 16990d4b..1f9d8e2b 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-claim.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-claim.c
@@ -122,7 +122,7 @@ claim_order (const char *instance_id,
   /* Now we need to claim the order. */
 
   {
-    struct GNUNET_HashCode unused;
+    struct TALER_MerchantPostDataHashP unused;
     struct GNUNET_TIME_Timestamp timestamp;
     struct GNUNET_JSON_Specification spec[] = {
       GNUNET_JSON_spec_timestamp ("timestamp",
diff --git a/src/backend/taler-merchant-httpd_private-delete-orders-ID.c b/src/backend/taler-merchant-httpd_private-delete-orders-ID.c
index b9dd4bc9..9eaa8b0e 100644
--- a/src/backend/taler-merchant-httpd_private-delete-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_private-delete-orders-ID.c
@@ -63,7 +63,7 @@ TMH_private_delete_orders_ID (const struct TMH_RequestHandler *rh,
                                        NULL);
   case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
     {
-      struct GNUNET_HashCode unused;
+      struct TALER_MerchantPostDataHashP unused;
 
       qs = TMH_db->lookup_order (TMH_db->cls,
                                  mi->settings.id,
diff --git a/src/backend/taler-merchant-httpd_private-get-instances-ID.c b/src/backend/taler-merchant-httpd_private-get-instances-ID.c
index 85b3c7df..5087d637 100644
--- a/src/backend/taler-merchant-httpd_private-get-instances-ID.c
+++ b/src/backend/taler-merchant-httpd_private-get-instances-ID.c
@@ -63,7 +63,7 @@ get_instances_ID (struct TMH_MerchantInstance *mi,
 
   auth = GNUNET_JSON_PACK (
     GNUNET_JSON_pack_string ("method",
-                             GNUNET_is_zero (mi->auth.auth_hash.bits)
+                             GNUNET_is_zero (&mi->auth.auth_hash)
                                                     ? "external"
                                                     : "token"));
   return TALER_MHD_REPLY_JSON_PACK (
diff --git a/src/backend/taler-merchant-httpd_private-get-orders-ID.c b/src/backend/taler-merchant-httpd_private-get-orders-ID.c
index 328ffbf0..b4067f56 100644
--- a/src/backend/taler-merchant-httpd_private-get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_private-get-orders-ID.c
@@ -1012,7 +1012,7 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh,
   }
 
   {
-    struct GNUNET_HashCode unused;
+    struct TALER_MerchantPostDataHashP unused;
     json_t *ct = NULL;
 
     /* We need the order for two cases:  Either when the contract doesn't exist yet,
diff --git a/src/backend/taler-merchant-httpd_private-get-orders.c b/src/backend/taler-merchant-httpd_private-get-orders.c
index 29b6e65a..444e564d 100644
--- a/src/backend/taler-merchant-httpd_private-get-orders.c
+++ b/src/backend/taler-merchant-httpd_private-get-orders.c
@@ -328,7 +328,7 @@ add_order (void *cls,
   if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
   {
     /* Might still be unclaimed, so try order table */
-    struct GNUNET_HashCode unused;
+    struct TALER_MerchantPostDataHashP unused;
 
     qs = TMH_db->lookup_order (TMH_db->cls,
                                po->instance_id,
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c
index 35cdf790..666505f9 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -197,7 +197,7 @@ struct InventoryProduct
 static enum GNUNET_DB_QueryStatus
 execute_transaction (struct TMH_HandlerContext *hc,
                      const char *order_id,
-                     const struct GNUNET_HashCode *h_post_data,
+                     const struct TALER_MerchantPostDataHashP *h_post_data,
                      struct GNUNET_TIME_Timestamp pay_deadline,
                      const json_t *order,
                      const struct TALER_ClaimTokenP *claim_token,
@@ -315,7 +315,7 @@ execute_transaction (struct TMH_HandlerContext *hc,
 static MHD_RESULT
 execute_order (struct MHD_Connection *connection,
                struct TMH_HandlerContext *hc,
-               const struct GNUNET_HashCode *h_post_data,
+               const struct TALER_MerchantPostDataHashP *h_post_data,
                json_t *order,
                const struct TALER_ClaimTokenP *claim_token,
                unsigned int inventory_products_length,
@@ -424,7 +424,7 @@ execute_order (struct MHD_Connection *connection,
   {
     struct TALER_ClaimTokenP token;
     json_t *contract_terms;
-    struct GNUNET_HashCode orig_post;
+    struct TALER_MerchantPostDataHashP orig_post;
 
     TMH_db->preflight (TMH_db->cls);
     qs = TMH_db->lookup_order (TMH_db->cls,
@@ -640,7 +640,7 @@ execute_order (struct MHD_Connection *connection,
 static MHD_RESULT
 patch_order (struct MHD_Connection *connection,
              struct TMH_HandlerContext *hc,
-             const struct GNUNET_HashCode *h_post_data,
+             const struct TALER_MerchantPostDataHashP *h_post_data,
              json_t *order,
              const struct TALER_ClaimTokenP *claim_token,
              struct GNUNET_TIME_Relative refund_delay,
@@ -1105,7 +1105,7 @@ patch_order (struct MHD_Connection *connection,
 static MHD_RESULT
 add_payment_details (struct MHD_Connection *connection,
                      struct TMH_HandlerContext *hc,
-                     const struct GNUNET_HashCode *h_post_data,
+                     const struct TALER_MerchantPostDataHashP *h_post_data,
                      json_t *order,
                      const struct TALER_ClaimTokenP *claim_token,
                      struct GNUNET_TIME_Relative refund_delay,
@@ -1178,7 +1178,7 @@ add_payment_details (struct MHD_Connection *connection,
 static MHD_RESULT
 merge_inventory (struct MHD_Connection *connection,
                  struct TMH_HandlerContext *hc,
-                 const struct GNUNET_HashCode *h_post_data,
+                 const struct TALER_MerchantPostDataHashP *h_post_data,
                  json_t *order,
                  const struct TALER_ClaimTokenP *claim_token,
                  struct GNUNET_TIME_Relative refund_delay,
@@ -1357,7 +1357,7 @@ TMH_private_post_orders (const struct TMH_RequestHandler *rh,
     GNUNET_JSON_spec_end ()
   };
   enum GNUNET_GenericReturnValue ret;
-  struct GNUNET_HashCode h_post_data;
+  struct TALER_MerchantPostDataHashP h_post_data;
 
   (void) rh;
   ret = TALER_MHD_parse_json_data (connection,
@@ -1407,7 +1407,7 @@ TMH_private_post_orders (const struct TMH_RequestHandler *rh,
     }
     GNUNET_CRYPTO_hash (req_body_enc,
                         strlen (req_body_enc),
-                        &h_post_data);
+                        &h_post_data.hash);
     GNUNET_free (req_body_enc);
   }
 
diff --git a/src/backenddb/plugin_merchantdb_postgres.c b/src/backenddb/plugin_merchantdb_postgres.c
index e7c53a62..5465b4e8 100644
--- a/src/backenddb/plugin_merchantdb_postgres.c
+++ b/src/backenddb/plugin_merchantdb_postgres.c
@@ -1639,7 +1639,7 @@ postgres_lookup_order (void *cls,
                        const char *instance_id,
                        const char *order_id,
                        struct TALER_ClaimTokenP *claim_token,
-                       struct GNUNET_HashCode *h_post_data,
+                       struct TALER_MerchantPostDataHashP *h_post_data,
                        json_t **contract_terms)
 {
   struct PostgresClosure *pg = cls;
@@ -1881,7 +1881,7 @@ static enum GNUNET_DB_QueryStatus
 postgres_insert_order (void *cls,
                        const char *instance_id,
                        const char *order_id,
-                       const struct GNUNET_HashCode *h_post_data,
+                       const struct TALER_MerchantPostDataHashP *h_post_data,
                        struct GNUNET_TIME_Timestamp pay_deadline,
                        const struct TALER_ClaimTokenP *claim_token,
                        const json_t *contract_terms)
diff --git a/src/include/taler_merchantdb_plugin.h b/src/include/taler_merchantdb_plugin.h
index b4dc17b2..d301eeef 100644
--- a/src/include/taler_merchantdb_plugin.h
+++ b/src/include/taler_merchantdb_plugin.h
@@ -33,6 +33,50 @@
 struct TALER_MERCHANTDB_Plugin;
 
 
+GNUNET_NETWORK_STRUCT_BEGIN
+
+
+/**
+ * @brief Hash over an order request, used for the idempotency check.
+ */
+struct TALER_MerchantPostDataHashP
+{
+  /**
+   * The authentication hash is a SHA-512 hash code.
+   */
+  struct GNUNET_HashCode hash;
+};
+
+
+/**
+ * @brief Hash used for client authenticiation. Computed with a
+ * `struct TALER_MerchantAuthenticationSaltP`.
+ */
+struct TALER_MerchantAuthenticationHashP
+{
+  /**
+   * The authentication hash is a SHA-512 hash code.
+   * All zeros if authentication is off.
+   */
+  struct GNUNET_HashCode hash;
+};
+
+
+/**
+ * @brief Salt used for client authenticiation.
+ */
+struct TALER_MerchantAuthenticationSaltP
+{
+  /**
+   * The authentication salt is a 256-bit value.
+   */
+  uint32_t salt[256 / 8 / sizeof(uint32_t)];  /* = 8 */
+};
+
+
+GNUNET_NETWORK_STRUCT_END
+
+
 /**
  * Details about a wire account of the merchant.
  */
@@ -68,13 +112,13 @@ struct TALER_MERCHANTDB_InstanceAuthSettings
   /**
    * Hash used for authentication.  All zero if authentication is off.
    */
-  struct GNUNET_HashCode auth_hash;
+  struct TALER_MerchantAuthenticationHashP auth_hash;
 
   /**
    * Salt used to hash the "Authentication" header, the result must then
    * match the @e auth_hash.
    */
-  struct GNUNET_ShortHashCode auth_salt;
+  struct TALER_MerchantAuthenticationSaltP auth_salt;
 };
 
 /**
@@ -1184,7 +1228,7 @@ struct TALER_MERCHANTDB_Plugin
                   const char *instance_id,
                   const char *order_id,
                   struct TALER_ClaimTokenP *claim_token,
-                  struct GNUNET_HashCode *h_post_data,
+                  struct TALER_MerchantPostDataHashP *h_post_data,
                   json_t **contract_terms);
 
 
@@ -1240,7 +1284,7 @@ struct TALER_MERCHANTDB_Plugin
   (*insert_order)(void *cls,
                   const char *instance_id,
                   const char *order_id,
-                  const struct GNUNET_HashCode *h_post_data,
+                  const struct TALER_MerchantPostDataHashP *h_post_data,
                   struct GNUNET_TIME_Timestamp pay_deadline,
                   const struct TALER_ClaimTokenP *claim_token,
                   const json_t *contract_terms);
author	Christian Grothoff <christian@grothoff.org>	2021-12-19 12:24:14 +0100
committer	Christian Grothoff <christian@grothoff.org>	2021-12-19 12:24:14 +0100
commit	64e64141962fbea4e8acea87f57f98e93360a7c4 (patch)
tree	37653111c82d9bc3e3440a2b8a0ccef756aea4b0
parent	5f57dbbc7b1e1ed21fff24daa537b949727b7966 (diff)