summaryrefslogtreecommitdiff
path: root/src/util/secmod_signatures.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/secmod_signatures.c')
-rw-r--r--src/util/secmod_signatures.c141
1 files changed, 131 insertions, 10 deletions
diff --git a/src/util/secmod_signatures.c b/src/util/secmod_signatures.c
index 077ce229a..3b539d5fe 100644
--- a/src/util/secmod_signatures.c
+++ b/src/util/secmod_signatures.c
@@ -23,10 +23,41 @@
#include "taler_signatures.h"
+/**
+ * @brief format used by the signing crypto helper when affirming
+ * that it created an exchange signing key.
+ */
+struct TALER_SigningKeyAnnouncementPS
+{
+
+ /**
+ * Purpose must be #TALER_SIGNATURE_SM_SIGNING_KEY.
+ * Used with an EdDSA signature of a `struct TALER_SecurityModulePublicKeyP`.
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+ /**
+ * Public signing key of the exchange this is about.
+ */
+ struct TALER_ExchangePublicKeyP exchange_pub;
+
+ /**
+ * When does the key become available?
+ */
+ struct GNUNET_TIME_TimestampNBO anchor_time;
+
+ /**
+ * How long is the key available after @e anchor_time?
+ */
+ struct GNUNET_TIME_RelativeNBO duration;
+
+};
+
+
void
TALER_exchange_secmod_eddsa_sign (
const struct TALER_ExchangePublicKeyP *exchange_pub,
- struct GNUNET_TIME_Absolute start_sign,
+ struct GNUNET_TIME_Timestamp start_sign,
struct GNUNET_TIME_Relative duration,
const struct TALER_SecurityModulePrivateKeyP *secm_priv,
struct TALER_SecurityModuleSignatureP *secm_sig)
@@ -35,7 +66,7 @@ TALER_exchange_secmod_eddsa_sign (
.purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
.purpose.size = htonl (sizeof (ska)),
.exchange_pub = *exchange_pub,
- .anchor_time = GNUNET_TIME_absolute_hton (start_sign),
+ .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
.duration = GNUNET_TIME_relative_hton (duration)
};
@@ -48,7 +79,7 @@ TALER_exchange_secmod_eddsa_sign (
enum GNUNET_GenericReturnValue
TALER_exchange_secmod_eddsa_verify (
const struct TALER_ExchangePublicKeyP *exchange_pub,
- struct GNUNET_TIME_Absolute start_sign,
+ struct GNUNET_TIME_Timestamp start_sign,
struct GNUNET_TIME_Relative duration,
const struct TALER_SecurityModulePublicKeyP *secm_pub,
const struct TALER_SecurityModuleSignatureP *secm_sig)
@@ -57,7 +88,7 @@ TALER_exchange_secmod_eddsa_verify (
.purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
.purpose.size = htonl (sizeof (ska)),
.exchange_pub = *exchange_pub,
- .anchor_time = GNUNET_TIME_absolute_hton (start_sign),
+ .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
.duration = GNUNET_TIME_relative_hton (duration)
};
@@ -69,11 +100,46 @@ TALER_exchange_secmod_eddsa_verify (
}
+/**
+ * @brief format used by the denomination crypto helper when affirming
+ * that it created a denomination key.
+ */
+struct TALER_DenominationKeyAnnouncementPS
+{
+
+ /**
+ * Purpose must be #TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY.
+ * Used with an EdDSA signature of a `struct TALER_SecurityModulePublicKeyP`.
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+ /**
+ * Hash of the denomination public key.
+ */
+ struct TALER_DenominationHashP h_denom;
+
+ /**
+ * Hash of the section name in the configuration of this denomination.
+ */
+ struct GNUNET_HashCode h_section_name;
+
+ /**
+ * When does the key become available?
+ */
+ struct GNUNET_TIME_TimestampNBO anchor_time;
+
+ /**
+ * How long is the key available after @e anchor_time?
+ */
+ struct GNUNET_TIME_RelativeNBO duration_withdraw;
+
+};
+
void
TALER_exchange_secmod_rsa_sign (
const struct TALER_RsaPubHashP *h_rsa,
const char *section_name,
- struct GNUNET_TIME_Absolute start_sign,
+ struct GNUNET_TIME_Timestamp start_sign,
struct GNUNET_TIME_Relative duration,
const struct TALER_SecurityModulePrivateKeyP *secm_priv,
struct TALER_SecurityModuleSignatureP *secm_sig)
@@ -81,8 +147,8 @@ TALER_exchange_secmod_rsa_sign (
struct TALER_DenominationKeyAnnouncementPS dka = {
.purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
.purpose.size = htonl (sizeof (dka)),
- .h_rsa = *h_rsa,
- .anchor_time = GNUNET_TIME_absolute_hton (start_sign),
+ .h_denom.hash = h_rsa->hash,
+ .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
.duration_withdraw = GNUNET_TIME_relative_hton (duration)
};
@@ -100,7 +166,7 @@ enum GNUNET_GenericReturnValue
TALER_exchange_secmod_rsa_verify (
const struct TALER_RsaPubHashP *h_rsa,
const char *section_name,
- struct GNUNET_TIME_Absolute start_sign,
+ struct GNUNET_TIME_Timestamp start_sign,
struct GNUNET_TIME_Relative duration,
const struct TALER_SecurityModulePublicKeyP *secm_pub,
const struct TALER_SecurityModuleSignatureP *secm_sig)
@@ -108,8 +174,8 @@ TALER_exchange_secmod_rsa_verify (
struct TALER_DenominationKeyAnnouncementPS dka = {
.purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
.purpose.size = htonl (sizeof (dka)),
- .h_rsa = *h_rsa,
- .anchor_time = GNUNET_TIME_absolute_hton (start_sign),
+ .h_denom.hash = h_rsa->hash,
+ .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
.duration_withdraw = GNUNET_TIME_relative_hton (duration)
};
@@ -124,4 +190,59 @@ TALER_exchange_secmod_rsa_verify (
}
+void
+TALER_exchange_secmod_cs_sign (
+ const struct TALER_CsPubHashP *h_cs,
+ const char *section_name,
+ struct GNUNET_TIME_Timestamp start_sign,
+ struct GNUNET_TIME_Relative duration,
+ const struct TALER_SecurityModulePrivateKeyP *secm_priv,
+ struct TALER_SecurityModuleSignatureP *secm_sig)
+{
+ struct TALER_DenominationKeyAnnouncementPS dka = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
+ .purpose.size = htonl (sizeof (dka)),
+ .h_denom.hash = h_cs->hash,
+ .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
+ .duration_withdraw = GNUNET_TIME_relative_hton (duration)
+ };
+
+ GNUNET_CRYPTO_hash (section_name,
+ strlen (section_name) + 1,
+ &dka.h_section_name);
+ GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
+ &dka,
+ &secm_sig->eddsa_signature);
+
+}
+
+
+enum GNUNET_GenericReturnValue
+TALER_exchange_secmod_cs_verify (
+ const struct TALER_CsPubHashP *h_cs,
+ const char *section_name,
+ struct GNUNET_TIME_Timestamp start_sign,
+ struct GNUNET_TIME_Relative duration,
+ const struct TALER_SecurityModulePublicKeyP *secm_pub,
+ const struct TALER_SecurityModuleSignatureP *secm_sig)
+{
+ struct TALER_DenominationKeyAnnouncementPS dka = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
+ .purpose.size = htonl (sizeof (dka)),
+ .h_denom.hash = h_cs->hash,
+ .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
+ .duration_withdraw = GNUNET_TIME_relative_hton (duration)
+ };
+
+ GNUNET_CRYPTO_hash (section_name,
+ strlen (section_name) + 1,
+ &dka.h_section_name);
+ return
+ GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY,
+ &dka,
+ &secm_sig->eddsa_signature,
+ &secm_pub->eddsa_pub);
+}
+
+
/* end of secmod_signatures.c */