6 files changed, 68 insertions, 132 deletions

diff --git a/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c b/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c
index eade5cd1a..75ce3d76b 100644
--- a/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c
+++ b/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c
@@ -56,28 +56,18 @@ TEH_handler_management_denominations_HDP_revoke (
     if (GNUNET_NO == res)
       return MHD_YES; /* failure */
   }
+  if (GNUNET_OK !=
+      TALER_exchange_offline_denomination_revoke_verify (
+        h_denom_pub,
+        &TEH_master_public_key,
+        &master_sig))
   {
-    struct TALER_MasterDenominationKeyRevocationPS rm = {
-      .purpose.purpose = htonl (
-        TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED),
-      .purpose.size = htonl (sizeof (rm)),
-      .h_denom_pub = *h_denom_pub
-    };
-
-    if (GNUNET_OK !=
-        GNUNET_CRYPTO_eddsa_verify (
-          TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED,
-          &rm,
-          &master_sig.eddsa_signature,
-          &TEH_master_public_key.eddsa_pub))
-    {
-      GNUNET_break_op (0);
-      return TALER_MHD_reply_with_error (
-        connection,
-        MHD_HTTP_FORBIDDEN,
-        TALER_EC_EXCHANGE_MANAGEMENT_DENOMINATION_REVOKE_SIGNATURE_INVALID,
-        NULL);
-    }
+    GNUNET_break_op (0);
+    return TALER_MHD_reply_with_error (
+      connection,
+      MHD_HTTP_FORBIDDEN,
+      TALER_EC_EXCHANGE_MANAGEMENT_DENOMINATION_REVOKE_SIGNATURE_INVALID,
+      NULL);
   }
   qs = TEH_plugin->insert_denomination_revocation (TEH_plugin->cls,
                                                    NULL,
diff --git a/src/exchange/taler-exchange-httpd_management_post_keys.c b/src/exchange/taler-exchange-httpd_management_post_keys.c
index 2ac69a1db..43ca5f8c4 100644
--- a/src/exchange/taler-exchange-httpd_management_post_keys.c
+++ b/src/exchange/taler-exchange-httpd_management_post_keys.c
@@ -269,23 +269,15 @@ add_keys (void *cls,
 
     /* check signature is valid */
     {
-      struct TALER_ExchangeSigningKeyValidityPS skv = {
-        .purpose.purpose = htonl (
-          TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY),
-        .purpose.size = htonl (sizeof (skv)),
-        .master_public_key = TEH_master_public_key,
-        .start = x,
-        .expire = y,
-        .end = z,
-        .signkey_pub = akc->s_sigs[i].exchange_pub
-      };
-
       if (GNUNET_OK !=
-          GNUNET_CRYPTO_eddsa_verify (
-            TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
-            &skv,
-            &akc->s_sigs[i].master_sig.eddsa_signature,
-            &TEH_master_public_key.eddsa_pub))
+          TALER_exchange_offline_signkey_validity_verify (
+            &akc->s_sigs[i].exchange_pub,
+            x,
+            y,
+            z,
+            &TEH_master_public_key,
+            &
+            & akc->s_sigs[i].master_sig))
       {
         GNUNET_break_op (0);
         return TALER_MHD_reply_with_error (
diff --git a/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c b/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c
index 63a4f0c65..8a462f967 100644
--- a/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c
+++ b/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c
@@ -56,28 +56,17 @@ TEH_handler_management_signkeys_EP_revoke (
     if (GNUNET_NO == res)
       return MHD_YES; /* failure */
   }
+  if (GNUNET_OK !=
+      TALER_exchange_offline_signkey_revoke_verify (exchange_pub,
+                                                    &TEH_master_public_key,
+                                                    &master_sig))
   {
-    struct TALER_MasterSigningKeyRevocationPS rm = {
-      .purpose.purpose = htonl (
-        TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED),
-      .purpose.size = htonl (sizeof (rm)),
-      .exchange_pub = *exchange_pub
-    };
-
-    if (GNUNET_OK !=
-        GNUNET_CRYPTO_eddsa_verify (
-          TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED,
-          &rm,
-          &master_sig.eddsa_signature,
-          &TEH_master_public_key.eddsa_pub))
-    {
-      GNUNET_break_op (0);
-      return TALER_MHD_reply_with_error (
-        connection,
-        MHD_HTTP_FORBIDDEN,
-        TALER_EC_EXCHANGE_MANAGEMENT_SIGNKEY_REVOKE_SIGNATURE_INVALID,
-        NULL);
-    }
+    GNUNET_break_op (0);
+    return TALER_MHD_reply_with_error (
+      connection,
+      MHD_HTTP_FORBIDDEN,
+      TALER_EC_EXCHANGE_MANAGEMENT_SIGNKEY_REVOKE_SIGNATURE_INVALID,
+      NULL);
   }
   qs = TEH_plugin->insert_signkey_revocation (TEH_plugin->cls,
                                               NULL,
diff --git a/src/exchange/taler-exchange-httpd_management_wire.c b/src/exchange/taler-exchange-httpd_management_wire.c
index 2ec42c3bc..15e5b3610 100644
--- a/src/exchange/taler-exchange-httpd_management_wire.c
+++ b/src/exchange/taler-exchange-httpd_management_wire.c
@@ -168,29 +168,18 @@ TEH_handler_management_denominations_wire (
     if (GNUNET_NO == res)
       return MHD_YES; /* failure */
   }
+  if (GNUNET_OK !=
+      TALER_exchange_offline_wire_add_verify (awc.payto_uri,
+                                              awc.validity_start,
+                                              &TEH_master_public_key,
+                                              &awc.master_sig_add))
   {
-    struct TALER_MasterAddWirePS aw = {
-      .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_ADD_WIRE),
-      .purpose.size = htonl (sizeof (aw)),
-      .start_date = GNUNET_TIME_absolute_hton (awc.validity_start),
-    };
-
-    TALER_exchange_wire_signature_hash (awc.payto_uri,
-                                        &aw.h_wire);
-    if (GNUNET_OK !=
-        GNUNET_CRYPTO_eddsa_verify (
-          TALER_SIGNATURE_MASTER_ADD_WIRE,
-          &aw,
-          &awc.master_sig_add.eddsa_signature,
-          &TEH_master_public_key.eddsa_pub))
-    {
-      GNUNET_break_op (0);
-      return TALER_MHD_reply_with_error (
-        connection,
-        MHD_HTTP_FORBIDDEN,
-        TALER_EC_EXCHANGE_MANAGEMENT_WIRE_ADD_SIGNATURE_INVALID,
-        NULL);
-    }
+    GNUNET_break_op (0);
+    return TALER_MHD_reply_with_error (
+      connection,
+      MHD_HTTP_FORBIDDEN,
+      TALER_EC_EXCHANGE_MANAGEMENT_WIRE_ADD_SIGNATURE_INVALID,
+      NULL);
   }
   if (GNUNET_OK !=
       TALER_exchange_wire_signature_check (awc.payto_uri,
diff --git a/src/exchange/taler-exchange-httpd_management_wire_disable.c b/src/exchange/taler-exchange-httpd_management_wire_disable.c
index af5942a1b..51b811604 100644
--- a/src/exchange/taler-exchange-httpd_management_wire_disable.c
+++ b/src/exchange/taler-exchange-httpd_management_wire_disable.c
@@ -161,30 +161,19 @@ TEH_handler_management_denominations_wire_disable (
     if (GNUNET_NO == res)
       return MHD_YES; /* failure */
   }
+  if (GNUNET_OK !=
+      TALER_exchange_offline_wire_del_verify (
+        awc.payto_uri,
+        awc.validity_end,
+        &TEH_master_public_key,
+        &awc.master_sig))
   {
-    struct TALER_MasterDelWirePS aw = {
-      .purpose.purpose = htonl (
-        TALER_SIGNATURE_MASTER_DEL_WIRE),
-      .purpose.size = htonl (sizeof (aw)),
-      .end_date = GNUNET_TIME_absolute_hton (awc.validity_end),
-    };
-
-    TALER_exchange_wire_signature_hash (awc.payto_uri,
-                                        &aw.h_wire);
-    if (GNUNET_OK !=
-        GNUNET_CRYPTO_eddsa_verify (
-          TALER_SIGNATURE_MASTER_DEL_WIRE,
-          &aw,
-          &awc.master_sig.eddsa_signature,
-          &TEH_master_public_key.eddsa_pub))
-    {
-      GNUNET_break_op (0);
-      return TALER_MHD_reply_with_error (
-        connection,
-        MHD_HTTP_FORBIDDEN,
-        TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DEL_SIGNATURE_INVALID,
-        NULL);
-    }
+    GNUNET_break_op (0);
+    return TALER_MHD_reply_with_error (
+      connection,
+      MHD_HTTP_FORBIDDEN,
+      TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DEL_SIGNATURE_INVALID,
+      NULL);
   }
   qs = TEH_DB_run_transaction (connection,
                                "del wire",
diff --git a/src/exchange/taler-exchange-httpd_management_wire_fees.c b/src/exchange/taler-exchange-httpd_management_wire_fees.c
index 58f2c41d7..9878821c1 100644
--- a/src/exchange/taler-exchange-httpd_management_wire_fees.c
+++ b/src/exchange/taler-exchange-httpd_management_wire_fees.c
@@ -221,36 +221,23 @@ TEH_handler_management_post_wire_fees (
                                        TEH_currency);
   }
 
+  if (GNUNET_OK !=
+      TALER_exchange_offline_wire_fee_verify (
+        afc.wire_method,
+        afc.start_time,
+        afc.end_time,
+        &afc.wire_fee,
+        &afc.closing_fee,
+        &TEH_master_public_key,
+        &afc.master_sig))
   {
-    struct TALER_MasterWireFeePS wf = {
-      .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_FEES),
-      .purpose.size = htonl (sizeof (wf)),
-      .start_date = GNUNET_TIME_absolute_hton (afc.start_time),
-      .end_date = GNUNET_TIME_absolute_hton (afc.end_time),
-    };
-
-    TALER_amount_hton (&wf.wire_fee,
-                       &afc.wire_fee);
-    TALER_amount_hton (&wf.closing_fee,
-                       &afc.closing_fee);
-    GNUNET_CRYPTO_hash (afc.wire_method,
-                        strlen (afc.wire_method) + 1,
-                        &wf.h_wire_method);
-    if (GNUNET_OK !=
-        GNUNET_CRYPTO_eddsa_verify (
-          TALER_SIGNATURE_MASTER_WIRE_FEES,
-          &wf,
-          &afc.master_sig.eddsa_signature,
-          &TEH_master_public_key.eddsa_pub))
-    {
-      /* signature invalid */
-      GNUNET_break_op (0);
-      return TALER_MHD_reply_with_error (
-        connection,
-        MHD_HTTP_FORBIDDEN,
-        TALER_EC_EXCHANGE_MANAGEMENT_WIRE_FEE_SIGNATURE_INVALID,
-        NULL);
-    }
+    /* signature invalid */
+    GNUNET_break_op (0);
+    return TALER_MHD_reply_with_error (
+      connection,
+      MHD_HTTP_FORBIDDEN,
+      TALER_EC_EXCHANGE_MANAGEMENT_WIRE_FEE_SIGNATURE_INVALID,
+      NULL);
   }
 
   qs = TEH_DB_run_transaction (connection,