diff options
Diffstat (limited to 'src/util/secmod_signatures.c')
-rw-r--r-- | src/util/secmod_signatures.c | 141 |
1 files changed, 131 insertions, 10 deletions
diff --git a/src/util/secmod_signatures.c b/src/util/secmod_signatures.c index 077ce229a..3b539d5fe 100644 --- a/src/util/secmod_signatures.c +++ b/src/util/secmod_signatures.c @@ -23,10 +23,41 @@ #include "taler_signatures.h" +/** + * @brief format used by the signing crypto helper when affirming + * that it created an exchange signing key. + */ +struct TALER_SigningKeyAnnouncementPS +{ + + /** + * Purpose must be #TALER_SIGNATURE_SM_SIGNING_KEY. + * Used with an EdDSA signature of a `struct TALER_SecurityModulePublicKeyP`. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Public signing key of the exchange this is about. + */ + struct TALER_ExchangePublicKeyP exchange_pub; + + /** + * When does the key become available? + */ + struct GNUNET_TIME_TimestampNBO anchor_time; + + /** + * How long is the key available after @e anchor_time? + */ + struct GNUNET_TIME_RelativeNBO duration; + +}; + + void TALER_exchange_secmod_eddsa_sign ( const struct TALER_ExchangePublicKeyP *exchange_pub, - struct GNUNET_TIME_Absolute start_sign, + struct GNUNET_TIME_Timestamp start_sign, struct GNUNET_TIME_Relative duration, const struct TALER_SecurityModulePrivateKeyP *secm_priv, struct TALER_SecurityModuleSignatureP *secm_sig) @@ -35,7 +66,7 @@ TALER_exchange_secmod_eddsa_sign ( .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY), .purpose.size = htonl (sizeof (ska)), .exchange_pub = *exchange_pub, - .anchor_time = GNUNET_TIME_absolute_hton (start_sign), + .anchor_time = GNUNET_TIME_timestamp_hton (start_sign), .duration = GNUNET_TIME_relative_hton (duration) }; @@ -48,7 +79,7 @@ TALER_exchange_secmod_eddsa_sign ( enum GNUNET_GenericReturnValue TALER_exchange_secmod_eddsa_verify ( const struct TALER_ExchangePublicKeyP *exchange_pub, - struct GNUNET_TIME_Absolute start_sign, + struct GNUNET_TIME_Timestamp start_sign, struct GNUNET_TIME_Relative duration, const struct TALER_SecurityModulePublicKeyP *secm_pub, const struct TALER_SecurityModuleSignatureP *secm_sig) @@ -57,7 +88,7 @@ TALER_exchange_secmod_eddsa_verify ( .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY), .purpose.size = htonl (sizeof (ska)), .exchange_pub = *exchange_pub, - .anchor_time = GNUNET_TIME_absolute_hton (start_sign), + .anchor_time = GNUNET_TIME_timestamp_hton (start_sign), .duration = GNUNET_TIME_relative_hton (duration) }; @@ -69,11 +100,46 @@ TALER_exchange_secmod_eddsa_verify ( } +/** + * @brief format used by the denomination crypto helper when affirming + * that it created a denomination key. + */ +struct TALER_DenominationKeyAnnouncementPS +{ + + /** + * Purpose must be #TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY. + * Used with an EdDSA signature of a `struct TALER_SecurityModulePublicKeyP`. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Hash of the denomination public key. + */ + struct TALER_DenominationHashP h_denom; + + /** + * Hash of the section name in the configuration of this denomination. + */ + struct GNUNET_HashCode h_section_name; + + /** + * When does the key become available? + */ + struct GNUNET_TIME_TimestampNBO anchor_time; + + /** + * How long is the key available after @e anchor_time? + */ + struct GNUNET_TIME_RelativeNBO duration_withdraw; + +}; + void TALER_exchange_secmod_rsa_sign ( const struct TALER_RsaPubHashP *h_rsa, const char *section_name, - struct GNUNET_TIME_Absolute start_sign, + struct GNUNET_TIME_Timestamp start_sign, struct GNUNET_TIME_Relative duration, const struct TALER_SecurityModulePrivateKeyP *secm_priv, struct TALER_SecurityModuleSignatureP *secm_sig) @@ -81,8 +147,8 @@ TALER_exchange_secmod_rsa_sign ( struct TALER_DenominationKeyAnnouncementPS dka = { .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY), .purpose.size = htonl (sizeof (dka)), - .h_rsa = *h_rsa, - .anchor_time = GNUNET_TIME_absolute_hton (start_sign), + .h_denom.hash = h_rsa->hash, + .anchor_time = GNUNET_TIME_timestamp_hton (start_sign), .duration_withdraw = GNUNET_TIME_relative_hton (duration) }; @@ -100,7 +166,7 @@ enum GNUNET_GenericReturnValue TALER_exchange_secmod_rsa_verify ( const struct TALER_RsaPubHashP *h_rsa, const char *section_name, - struct GNUNET_TIME_Absolute start_sign, + struct GNUNET_TIME_Timestamp start_sign, struct GNUNET_TIME_Relative duration, const struct TALER_SecurityModulePublicKeyP *secm_pub, const struct TALER_SecurityModuleSignatureP *secm_sig) @@ -108,8 +174,8 @@ TALER_exchange_secmod_rsa_verify ( struct TALER_DenominationKeyAnnouncementPS dka = { .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY), .purpose.size = htonl (sizeof (dka)), - .h_rsa = *h_rsa, - .anchor_time = GNUNET_TIME_absolute_hton (start_sign), + .h_denom.hash = h_rsa->hash, + .anchor_time = GNUNET_TIME_timestamp_hton (start_sign), .duration_withdraw = GNUNET_TIME_relative_hton (duration) }; @@ -124,4 +190,59 @@ TALER_exchange_secmod_rsa_verify ( } +void +TALER_exchange_secmod_cs_sign ( + const struct TALER_CsPubHashP *h_cs, + const char *section_name, + struct GNUNET_TIME_Timestamp start_sign, + struct GNUNET_TIME_Relative duration, + const struct TALER_SecurityModulePrivateKeyP *secm_priv, + struct TALER_SecurityModuleSignatureP *secm_sig) +{ + struct TALER_DenominationKeyAnnouncementPS dka = { + .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY), + .purpose.size = htonl (sizeof (dka)), + .h_denom.hash = h_cs->hash, + .anchor_time = GNUNET_TIME_timestamp_hton (start_sign), + .duration_withdraw = GNUNET_TIME_relative_hton (duration) + }; + + GNUNET_CRYPTO_hash (section_name, + strlen (section_name) + 1, + &dka.h_section_name); + GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv, + &dka, + &secm_sig->eddsa_signature); + +} + + +enum GNUNET_GenericReturnValue +TALER_exchange_secmod_cs_verify ( + const struct TALER_CsPubHashP *h_cs, + const char *section_name, + struct GNUNET_TIME_Timestamp start_sign, + struct GNUNET_TIME_Relative duration, + const struct TALER_SecurityModulePublicKeyP *secm_pub, + const struct TALER_SecurityModuleSignatureP *secm_sig) +{ + struct TALER_DenominationKeyAnnouncementPS dka = { + .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY), + .purpose.size = htonl (sizeof (dka)), + .h_denom.hash = h_cs->hash, + .anchor_time = GNUNET_TIME_timestamp_hton (start_sign), + .duration_withdraw = GNUNET_TIME_relative_hton (duration) + }; + + GNUNET_CRYPTO_hash (section_name, + strlen (section_name) + 1, + &dka.h_section_name); + return + GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY, + &dka, + &secm_sig->eddsa_signature, + &secm_pub->eddsa_pub); +} + + /* end of secmod_signatures.c */ |