summaryrefslogtreecommitdiff
path: root/src/util
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2018-04-02 14:24:45 +0200
committerChristian Grothoff <christian@grothoff.org>2018-04-02 14:29:44 +0200
commitcb55c1a3af9f56a6da38e5589e72df0b70d355b1 (patch)
tree5f9a3af7d9073249f77ce56c690844a6cb27c3e7 /src/util
parent7a20062bafed42f937c5388aed09042aad7014c0 (diff)
downloadexchange-cb55c1a3af9f56a6da38e5589e72df0b70d355b1.tar.gz
exchange-cb55c1a3af9f56a6da38e5589e72df0b70d355b1.tar.bz2
exchange-cb55c1a3af9f56a6da38e5589e72df0b70d355b1.zip
Changing configuration structure to enable multiple accounts.
This change enables using multiple wire plugins at the same time. Also, we now distinguish between the wire plugin (i.e. EBICS or taler_bank) and the wire method (i.e. SEPA or x-taler-bank) that the wire plugin is implementing. The "taler-bank" wire method was renamed from "test" to "x-taler-bank". This also changes the format of the /wire response of the exchange, as we now need to return multiple accounts. Note that wire fees are specified per wire method, not per wire account. taler-exchange-keyup now automatically signs all of the /wire responses in the location specified by the configuration. Account identification in wire plugins was changed to use payto://-URLs instead of method-specific JSON fields. Signing and validation of /wire responses was moved from each wire plugin to a generic validation method in libtalerutil (crypto) or libtalerjson (for JSON-formatted inputs). Convenience methods were added to generate JSON for wire accounts (salting, signing). Various section and option names were adjusted to streamline the configuration and make it more consistent overall. Documentation was updated as well.
Diffstat (limited to 'src/util')
-rw-r--r--src/util/Makefile.am1
-rw-r--r--src/util/crypto_wire.c108
2 files changed, 109 insertions, 0 deletions
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index 4f9a6367d..89b31ebba 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -43,6 +43,7 @@ libtalerutil_wallet_la_LDFLAGS = \
libtalerutil_la_SOURCES = \
amount.c \
crypto.c \
+ crypto_wire.c \
util.c \
os_installation.c
diff --git a/src/util/crypto_wire.c b/src/util/crypto_wire.c
new file mode 100644
index 000000000..494573ffa
--- /dev/null
+++ b/src/util/crypto_wire.c
@@ -0,0 +1,108 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2018 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file util/crypto_wire.c
+ * @brief functions for making and verifying /wire account signatures
+ * @author Christian Grothoff <christian@grothoff.org>
+ */
+#include "platform.h"
+#include "taler_crypto_lib.h"
+#include "taler_signatures.h"
+
+/**
+ * Compute the hash of the given wire details. The resulting
+ * hash is what is put into the contract.
+ *
+ * @param payto_url bank account
+ * @param salt salt used to eliminate brute-force inversion
+ * @param hc[out] set to the hash
+ */
+void
+TALER_wire_signature_hash (const char *payto_url,
+ const char *salt,
+ struct GNUNET_HashCode *hc)
+{
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (hc,
+ sizeof (*hc),
+ salt,
+ strlen (salt) + 1,
+ payto_url,
+ strlen (payto_url) + 1,
+ "wire-signature",
+ strlen ("wire-signature"),
+ NULL, 0));
+}
+
+
+/**
+ * Check the signature in @a wire_s.
+ *
+ * @param payto_url URL that is signed
+ * @param salt the salt used to salt the @a payto_url when hashing
+ * @param master_pub master public key of the exchange
+ * @param master_sig signature of the exchange
+ * @return #GNUNET_OK if signature is valid
+ */
+int
+TALER_wire_signature_check (const char *payto_url,
+ const char *salt,
+ const struct TALER_MasterPublicKeyP *master_pub,
+ const struct TALER_MasterSignatureP *master_sig)
+{
+ struct TALER_MasterWireDetailsPS wd;
+
+ wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
+ wd.purpose.size = htonl (sizeof (wd));
+ TALER_wire_signature_hash (payto_url,
+ salt,
+ &wd.h_wire_details);
+ return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_WIRE_DETAILS,
+ &wd.purpose,
+ &master_sig->eddsa_signature,
+ &master_pub->eddsa_pub);
+}
+
+
+/**
+ * Create a signed wire statement for the given account.
+ *
+ * @param payto_url account specification
+ * @param salt the salt used to salt the @a payto_url when hashing
+ * @param master_priv private key to sign with
+ * @param master_sig[out] where to write the signature
+ */
+void
+TALER_wire_signature_make (const char *payto_url,
+ const char *salt,
+ const struct TALER_MasterPrivateKeyP *master_priv,
+ struct TALER_MasterSignatureP *master_sig)
+{
+ struct TALER_MasterWireDetailsPS wd;
+
+ wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
+ wd.purpose.size = htonl (sizeof (wd));
+ TALER_wire_signature_hash (payto_url,
+ salt,
+ &wd.h_wire_details);
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
+ &wd.purpose,
+ &master_sig->eddsa_signature));
+}
+
+
+/* end of crypto_wire.c */