summaryrefslogtreecommitdiff
path: root/src/exchange
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-12-04 20:29:18 +0100
committerChristian Grothoff <christian@grothoff.org>2020-12-04 20:29:18 +0100
commit6cceb617af887df49df74729bb1813bbd75a1346 (patch)
tree867616e235e6a1d84790f6c7c73f60900cbe2bb7 /src/exchange
parent9b290fb26b2d18725858508bc14ae0933fff0250 (diff)
downloadexchange-6cceb617af887df49df74729bb1813bbd75a1346.tar.gz
exchange-6cceb617af887df49df74729bb1813bbd75a1346.tar.bz2
exchange-6cceb617af887df49df74729bb1813bbd75a1346.zip
centralize (most) offline signing/verifying operations into offline_signatures.c
Diffstat (limited to 'src/exchange')
-rw-r--r--src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c32
-rw-r--r--src/exchange/taler-exchange-httpd_management_post_keys.c24
-rw-r--r--src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c31
-rw-r--r--src/exchange/taler-exchange-httpd_management_wire.c33
-rw-r--r--src/exchange/taler-exchange-httpd_management_wire_disable.c35
-rw-r--r--src/exchange/taler-exchange-httpd_management_wire_fees.c45
6 files changed, 68 insertions, 132 deletions
diff --git a/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c b/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c
index eade5cd1..75ce3d76 100644
--- a/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c
+++ b/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c
@@ -56,28 +56,18 @@ TEH_handler_management_denominations_HDP_revoke (
if (GNUNET_NO == res)
return MHD_YES; /* failure */
}
+ if (GNUNET_OK !=
+ TALER_exchange_offline_denomination_revoke_verify (
+ h_denom_pub,
+ &TEH_master_public_key,
+ &master_sig))
{
- struct TALER_MasterDenominationKeyRevocationPS rm = {
- .purpose.purpose = htonl (
- TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED),
- .purpose.size = htonl (sizeof (rm)),
- .h_denom_pub = *h_denom_pub
- };
-
- if (GNUNET_OK !=
- GNUNET_CRYPTO_eddsa_verify (
- TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED,
- &rm,
- &master_sig.eddsa_signature,
- &TEH_master_public_key.eddsa_pub))
- {
- GNUNET_break_op (0);
- return TALER_MHD_reply_with_error (
- connection,
- MHD_HTTP_FORBIDDEN,
- TALER_EC_EXCHANGE_MANAGEMENT_DENOMINATION_REVOKE_SIGNATURE_INVALID,
- NULL);
- }
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_FORBIDDEN,
+ TALER_EC_EXCHANGE_MANAGEMENT_DENOMINATION_REVOKE_SIGNATURE_INVALID,
+ NULL);
}
qs = TEH_plugin->insert_denomination_revocation (TEH_plugin->cls,
NULL,
diff --git a/src/exchange/taler-exchange-httpd_management_post_keys.c b/src/exchange/taler-exchange-httpd_management_post_keys.c
index 2ac69a1d..43ca5f8c 100644
--- a/src/exchange/taler-exchange-httpd_management_post_keys.c
+++ b/src/exchange/taler-exchange-httpd_management_post_keys.c
@@ -269,23 +269,15 @@ add_keys (void *cls,
/* check signature is valid */
{
- struct TALER_ExchangeSigningKeyValidityPS skv = {
- .purpose.purpose = htonl (
- TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY),
- .purpose.size = htonl (sizeof (skv)),
- .master_public_key = TEH_master_public_key,
- .start = x,
- .expire = y,
- .end = z,
- .signkey_pub = akc->s_sigs[i].exchange_pub
- };
-
if (GNUNET_OK !=
- GNUNET_CRYPTO_eddsa_verify (
- TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
- &skv,
- &akc->s_sigs[i].master_sig.eddsa_signature,
- &TEH_master_public_key.eddsa_pub))
+ TALER_exchange_offline_signkey_validity_verify (
+ &akc->s_sigs[i].exchange_pub,
+ x,
+ y,
+ z,
+ &TEH_master_public_key,
+ &
+ & akc->s_sigs[i].master_sig))
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (
diff --git a/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c b/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c
index 63a4f0c6..8a462f96 100644
--- a/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c
+++ b/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c
@@ -56,28 +56,17 @@ TEH_handler_management_signkeys_EP_revoke (
if (GNUNET_NO == res)
return MHD_YES; /* failure */
}
+ if (GNUNET_OK !=
+ TALER_exchange_offline_signkey_revoke_verify (exchange_pub,
+ &TEH_master_public_key,
+ &master_sig))
{
- struct TALER_MasterSigningKeyRevocationPS rm = {
- .purpose.purpose = htonl (
- TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED),
- .purpose.size = htonl (sizeof (rm)),
- .exchange_pub = *exchange_pub
- };
-
- if (GNUNET_OK !=
- GNUNET_CRYPTO_eddsa_verify (
- TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED,
- &rm,
- &master_sig.eddsa_signature,
- &TEH_master_public_key.eddsa_pub))
- {
- GNUNET_break_op (0);
- return TALER_MHD_reply_with_error (
- connection,
- MHD_HTTP_FORBIDDEN,
- TALER_EC_EXCHANGE_MANAGEMENT_SIGNKEY_REVOKE_SIGNATURE_INVALID,
- NULL);
- }
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_FORBIDDEN,
+ TALER_EC_EXCHANGE_MANAGEMENT_SIGNKEY_REVOKE_SIGNATURE_INVALID,
+ NULL);
}
qs = TEH_plugin->insert_signkey_revocation (TEH_plugin->cls,
NULL,
diff --git a/src/exchange/taler-exchange-httpd_management_wire.c b/src/exchange/taler-exchange-httpd_management_wire.c
index 2ec42c3b..15e5b361 100644
--- a/src/exchange/taler-exchange-httpd_management_wire.c
+++ b/src/exchange/taler-exchange-httpd_management_wire.c
@@ -168,29 +168,18 @@ TEH_handler_management_denominations_wire (
if (GNUNET_NO == res)
return MHD_YES; /* failure */
}
+ if (GNUNET_OK !=
+ TALER_exchange_offline_wire_add_verify (awc.payto_uri,
+ awc.validity_start,
+ &TEH_master_public_key,
+ &awc.master_sig_add))
{
- struct TALER_MasterAddWirePS aw = {
- .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_ADD_WIRE),
- .purpose.size = htonl (sizeof (aw)),
- .start_date = GNUNET_TIME_absolute_hton (awc.validity_start),
- };
-
- TALER_exchange_wire_signature_hash (awc.payto_uri,
- &aw.h_wire);
- if (GNUNET_OK !=
- GNUNET_CRYPTO_eddsa_verify (
- TALER_SIGNATURE_MASTER_ADD_WIRE,
- &aw,
- &awc.master_sig_add.eddsa_signature,
- &TEH_master_public_key.eddsa_pub))
- {
- GNUNET_break_op (0);
- return TALER_MHD_reply_with_error (
- connection,
- MHD_HTTP_FORBIDDEN,
- TALER_EC_EXCHANGE_MANAGEMENT_WIRE_ADD_SIGNATURE_INVALID,
- NULL);
- }
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_FORBIDDEN,
+ TALER_EC_EXCHANGE_MANAGEMENT_WIRE_ADD_SIGNATURE_INVALID,
+ NULL);
}
if (GNUNET_OK !=
TALER_exchange_wire_signature_check (awc.payto_uri,
diff --git a/src/exchange/taler-exchange-httpd_management_wire_disable.c b/src/exchange/taler-exchange-httpd_management_wire_disable.c
index af5942a1..51b81160 100644
--- a/src/exchange/taler-exchange-httpd_management_wire_disable.c
+++ b/src/exchange/taler-exchange-httpd_management_wire_disable.c
@@ -161,30 +161,19 @@ TEH_handler_management_denominations_wire_disable (
if (GNUNET_NO == res)
return MHD_YES; /* failure */
}
+ if (GNUNET_OK !=
+ TALER_exchange_offline_wire_del_verify (
+ awc.payto_uri,
+ awc.validity_end,
+ &TEH_master_public_key,
+ &awc.master_sig))
{
- struct TALER_MasterDelWirePS aw = {
- .purpose.purpose = htonl (
- TALER_SIGNATURE_MASTER_DEL_WIRE),
- .purpose.size = htonl (sizeof (aw)),
- .end_date = GNUNET_TIME_absolute_hton (awc.validity_end),
- };
-
- TALER_exchange_wire_signature_hash (awc.payto_uri,
- &aw.h_wire);
- if (GNUNET_OK !=
- GNUNET_CRYPTO_eddsa_verify (
- TALER_SIGNATURE_MASTER_DEL_WIRE,
- &aw,
- &awc.master_sig.eddsa_signature,
- &TEH_master_public_key.eddsa_pub))
- {
- GNUNET_break_op (0);
- return TALER_MHD_reply_with_error (
- connection,
- MHD_HTTP_FORBIDDEN,
- TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DEL_SIGNATURE_INVALID,
- NULL);
- }
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_FORBIDDEN,
+ TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DEL_SIGNATURE_INVALID,
+ NULL);
}
qs = TEH_DB_run_transaction (connection,
"del wire",
diff --git a/src/exchange/taler-exchange-httpd_management_wire_fees.c b/src/exchange/taler-exchange-httpd_management_wire_fees.c
index 58f2c41d..9878821c 100644
--- a/src/exchange/taler-exchange-httpd_management_wire_fees.c
+++ b/src/exchange/taler-exchange-httpd_management_wire_fees.c
@@ -221,36 +221,23 @@ TEH_handler_management_post_wire_fees (
TEH_currency);
}
+ if (GNUNET_OK !=
+ TALER_exchange_offline_wire_fee_verify (
+ afc.wire_method,
+ afc.start_time,
+ afc.end_time,
+ &afc.wire_fee,
+ &afc.closing_fee,
+ &TEH_master_public_key,
+ &afc.master_sig))
{
- struct TALER_MasterWireFeePS wf = {
- .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_FEES),
- .purpose.size = htonl (sizeof (wf)),
- .start_date = GNUNET_TIME_absolute_hton (afc.start_time),
- .end_date = GNUNET_TIME_absolute_hton (afc.end_time),
- };
-
- TALER_amount_hton (&wf.wire_fee,
- &afc.wire_fee);
- TALER_amount_hton (&wf.closing_fee,
- &afc.closing_fee);
- GNUNET_CRYPTO_hash (afc.wire_method,
- strlen (afc.wire_method) + 1,
- &wf.h_wire_method);
- if (GNUNET_OK !=
- GNUNET_CRYPTO_eddsa_verify (
- TALER_SIGNATURE_MASTER_WIRE_FEES,
- &wf,
- &afc.master_sig.eddsa_signature,
- &TEH_master_public_key.eddsa_pub))
- {
- /* signature invalid */
- GNUNET_break_op (0);
- return TALER_MHD_reply_with_error (
- connection,
- MHD_HTTP_FORBIDDEN,
- TALER_EC_EXCHANGE_MANAGEMENT_WIRE_FEE_SIGNATURE_INVALID,
- NULL);
- }
+ /* signature invalid */
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_error (
+ connection,
+ MHD_HTTP_FORBIDDEN,
+ TALER_EC_EXCHANGE_MANAGEMENT_WIRE_FEE_SIGNATURE_INVALID,
+ NULL);
}
qs = TEH_DB_run_transaction (connection,