diff options
Diffstat (limited to 'src/exchange')
6 files changed, 68 insertions, 132 deletions
diff --git a/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c b/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c index eade5cd1a..75ce3d76b 100644 --- a/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c +++ b/src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c @@ -56,28 +56,18 @@ TEH_handler_management_denominations_HDP_revoke ( if (GNUNET_NO == res) return MHD_YES; /* failure */ } + if (GNUNET_OK != + TALER_exchange_offline_denomination_revoke_verify ( + h_denom_pub, + &TEH_master_public_key, + &master_sig)) { - struct TALER_MasterDenominationKeyRevocationPS rm = { - .purpose.purpose = htonl ( - TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED), - .purpose.size = htonl (sizeof (rm)), - .h_denom_pub = *h_denom_pub - }; - - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify ( - TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED, - &rm, - &master_sig.eddsa_signature, - &TEH_master_public_key.eddsa_pub)) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_MANAGEMENT_DENOMINATION_REVOKE_SIGNATURE_INVALID, - NULL); - } + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_MANAGEMENT_DENOMINATION_REVOKE_SIGNATURE_INVALID, + NULL); } qs = TEH_plugin->insert_denomination_revocation (TEH_plugin->cls, NULL, diff --git a/src/exchange/taler-exchange-httpd_management_post_keys.c b/src/exchange/taler-exchange-httpd_management_post_keys.c index 2ac69a1db..43ca5f8c4 100644 --- a/src/exchange/taler-exchange-httpd_management_post_keys.c +++ b/src/exchange/taler-exchange-httpd_management_post_keys.c @@ -269,23 +269,15 @@ add_keys (void *cls, /* check signature is valid */ { - struct TALER_ExchangeSigningKeyValidityPS skv = { - .purpose.purpose = htonl ( - TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY), - .purpose.size = htonl (sizeof (skv)), - .master_public_key = TEH_master_public_key, - .start = x, - .expire = y, - .end = z, - .signkey_pub = akc->s_sigs[i].exchange_pub - }; - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify ( - TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, - &skv, - &akc->s_sigs[i].master_sig.eddsa_signature, - &TEH_master_public_key.eddsa_pub)) + TALER_exchange_offline_signkey_validity_verify ( + &akc->s_sigs[i].exchange_pub, + x, + y, + z, + &TEH_master_public_key, + & + & akc->s_sigs[i].master_sig)) { GNUNET_break_op (0); return TALER_MHD_reply_with_error ( diff --git a/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c b/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c index 63a4f0c65..8a462f967 100644 --- a/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c +++ b/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c @@ -56,28 +56,17 @@ TEH_handler_management_signkeys_EP_revoke ( if (GNUNET_NO == res) return MHD_YES; /* failure */ } + if (GNUNET_OK != + TALER_exchange_offline_signkey_revoke_verify (exchange_pub, + &TEH_master_public_key, + &master_sig)) { - struct TALER_MasterSigningKeyRevocationPS rm = { - .purpose.purpose = htonl ( - TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED), - .purpose.size = htonl (sizeof (rm)), - .exchange_pub = *exchange_pub - }; - - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify ( - TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED, - &rm, - &master_sig.eddsa_signature, - &TEH_master_public_key.eddsa_pub)) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_MANAGEMENT_SIGNKEY_REVOKE_SIGNATURE_INVALID, - NULL); - } + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_MANAGEMENT_SIGNKEY_REVOKE_SIGNATURE_INVALID, + NULL); } qs = TEH_plugin->insert_signkey_revocation (TEH_plugin->cls, NULL, diff --git a/src/exchange/taler-exchange-httpd_management_wire.c b/src/exchange/taler-exchange-httpd_management_wire.c index 2ec42c3bc..15e5b3610 100644 --- a/src/exchange/taler-exchange-httpd_management_wire.c +++ b/src/exchange/taler-exchange-httpd_management_wire.c @@ -168,29 +168,18 @@ TEH_handler_management_denominations_wire ( if (GNUNET_NO == res) return MHD_YES; /* failure */ } + if (GNUNET_OK != + TALER_exchange_offline_wire_add_verify (awc.payto_uri, + awc.validity_start, + &TEH_master_public_key, + &awc.master_sig_add)) { - struct TALER_MasterAddWirePS aw = { - .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_ADD_WIRE), - .purpose.size = htonl (sizeof (aw)), - .start_date = GNUNET_TIME_absolute_hton (awc.validity_start), - }; - - TALER_exchange_wire_signature_hash (awc.payto_uri, - &aw.h_wire); - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify ( - TALER_SIGNATURE_MASTER_ADD_WIRE, - &aw, - &awc.master_sig_add.eddsa_signature, - &TEH_master_public_key.eddsa_pub)) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_MANAGEMENT_WIRE_ADD_SIGNATURE_INVALID, - NULL); - } + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_MANAGEMENT_WIRE_ADD_SIGNATURE_INVALID, + NULL); } if (GNUNET_OK != TALER_exchange_wire_signature_check (awc.payto_uri, diff --git a/src/exchange/taler-exchange-httpd_management_wire_disable.c b/src/exchange/taler-exchange-httpd_management_wire_disable.c index af5942a1b..51b811604 100644 --- a/src/exchange/taler-exchange-httpd_management_wire_disable.c +++ b/src/exchange/taler-exchange-httpd_management_wire_disable.c @@ -161,30 +161,19 @@ TEH_handler_management_denominations_wire_disable ( if (GNUNET_NO == res) return MHD_YES; /* failure */ } + if (GNUNET_OK != + TALER_exchange_offline_wire_del_verify ( + awc.payto_uri, + awc.validity_end, + &TEH_master_public_key, + &awc.master_sig)) { - struct TALER_MasterDelWirePS aw = { - .purpose.purpose = htonl ( - TALER_SIGNATURE_MASTER_DEL_WIRE), - .purpose.size = htonl (sizeof (aw)), - .end_date = GNUNET_TIME_absolute_hton (awc.validity_end), - }; - - TALER_exchange_wire_signature_hash (awc.payto_uri, - &aw.h_wire); - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify ( - TALER_SIGNATURE_MASTER_DEL_WIRE, - &aw, - &awc.master_sig.eddsa_signature, - &TEH_master_public_key.eddsa_pub)) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DEL_SIGNATURE_INVALID, - NULL); - } + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DEL_SIGNATURE_INVALID, + NULL); } qs = TEH_DB_run_transaction (connection, "del wire", diff --git a/src/exchange/taler-exchange-httpd_management_wire_fees.c b/src/exchange/taler-exchange-httpd_management_wire_fees.c index 58f2c41d7..9878821c1 100644 --- a/src/exchange/taler-exchange-httpd_management_wire_fees.c +++ b/src/exchange/taler-exchange-httpd_management_wire_fees.c @@ -221,36 +221,23 @@ TEH_handler_management_post_wire_fees ( TEH_currency); } + if (GNUNET_OK != + TALER_exchange_offline_wire_fee_verify ( + afc.wire_method, + afc.start_time, + afc.end_time, + &afc.wire_fee, + &afc.closing_fee, + &TEH_master_public_key, + &afc.master_sig)) { - struct TALER_MasterWireFeePS wf = { - .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_FEES), - .purpose.size = htonl (sizeof (wf)), - .start_date = GNUNET_TIME_absolute_hton (afc.start_time), - .end_date = GNUNET_TIME_absolute_hton (afc.end_time), - }; - - TALER_amount_hton (&wf.wire_fee, - &afc.wire_fee); - TALER_amount_hton (&wf.closing_fee, - &afc.closing_fee); - GNUNET_CRYPTO_hash (afc.wire_method, - strlen (afc.wire_method) + 1, - &wf.h_wire_method); - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify ( - TALER_SIGNATURE_MASTER_WIRE_FEES, - &wf, - &afc.master_sig.eddsa_signature, - &TEH_master_public_key.eddsa_pub)) - { - /* signature invalid */ - GNUNET_break_op (0); - return TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_MANAGEMENT_WIRE_FEE_SIGNATURE_INVALID, - NULL); - } + /* signature invalid */ + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_MANAGEMENT_WIRE_FEE_SIGNATURE_INVALID, + NULL); } qs = TEH_DB_run_transaction (connection, |