diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/taler_crypto_lib.h | 32 | ||||
| -rw-r--r-- | src/kyclogic/kyclogic_api.c | 28 | ||||
| -rw-r--r-- | src/util/crypto.c | 25 |
3 files changed, 65 insertions, 20 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index ad5f77445..3b4d0c7e0 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -1272,6 +1272,20 @@ struct TALER_AgeCommitmentHash }; /** + * @brief KYC measure authorization hash. + * Hashes over the AccountAccessToken, the + * row ID and the offset. Used in the + * ID of /kyc-upload/ and /kyc-start/. + */ +struct TALER_KycMeasureAuthorizationHash +{ + /** + * The hash is a SHA-256 hash code. + */ + struct GNUNET_ShortHashCode shash; +}; + +/** * @brief Signature of an age with the private key for the corresponding age group of an age commitment. */ struct TALER_AgeAttestation @@ -1795,6 +1809,24 @@ TALER_coin_pub_hash (const struct TALER_CoinSpendPublicKeyP *coin_pub, /** + * Hashes the @a access_token, @a row and @a offset + * to compute an authorization hash used in the + * /kyc-upload/ and /kyc-start/ endpoints. + * + * @param access_token the access token + * @param row the database row + * @param offset the offset of the measure in the array + * @param[out] mah set to the hash + */ +void +TALER_kyc_measure_authorization_hash ( + const struct TALER_AccountAccessTokenP *access_token, + uint64_t row, + uint32_t offset, + struct TALER_KycMeasureAuthorizationHash *mah); + + +/** * Compute the hash of a payto URI. * * @param payto URI to hash diff --git a/src/kyclogic/kyclogic_api.c b/src/kyclogic/kyclogic_api.c index c4faead6c..19b02c899 100644 --- a/src/kyclogic/kyclogic_api.c +++ b/src/kyclogic/kyclogic_api.c @@ -2117,35 +2117,21 @@ TALER_KYCLOGIC_measure_to_requirement ( { struct TALER_KYCLOGIC_KycCheck *kc; json_t *kri; - struct GNUNET_ShortHashCode shv; - uint64_t be = GNUNET_htonll (row_id); - uint32_t be32 = htonl ((uint32_t) offset); + struct TALER_KycMeasureAuthorizationHash shv; char *ids; char *xids; - GNUNET_assert (offset <= UINT_MAX); - GNUNET_assert (offset <= UINT32_MAX); kc = find_check (check_name); if (NULL == kc) { GNUNET_break (0); return NULL; } - /* FIXME: should be moved to someplace - in util/crypto as the $ID-handlers - need exactly the same computation! */ - GNUNET_assert ( - GNUNET_YES == - GNUNET_CRYPTO_kdf (&shv, - sizeof (shv), - &be, - sizeof (be), - access_token, - sizeof (*access_token), - &be32, - sizeof (be32), - NULL, - 0)); + GNUNET_assert (offset <= UINT32_MAX); + TALER_kyc_measure_authorization_hash (access_token, + row_id, + (uint32_t) offset, + &shv); switch (kc->type) { case TALER_KYCLOGIC_CT_INFO: @@ -2157,6 +2143,7 @@ TALER_KYCLOGIC_measure_to_requirement ( GNUNET_JSON_pack_object_incref ("description_i18n", (json_t *) kc->description_i18n)); case TALER_KYCLOGIC_CT_FORM: + GNUNET_assert (offset <= UINT_MAX); ids = GNUNET_STRINGS_data_to_string_alloc (&shv, sizeof (shv)); GNUNET_asprintf (&xids, @@ -2177,6 +2164,7 @@ TALER_KYCLOGIC_measure_to_requirement ( GNUNET_free (xids); return kri; case TALER_KYCLOGIC_CT_LINK: + GNUNET_assert (offset <= UINT_MAX); ids = GNUNET_STRINGS_data_to_string_alloc (&shv, sizeof (shv)); GNUNET_asprintf (&xids, diff --git a/src/util/crypto.c b/src/util/crypto.c index 4735af3b0..be361ea31 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -541,4 +541,29 @@ TALER_denomination_group_get_key ( } +void +TALER_kyc_measure_authorization_hash ( + const struct TALER_AccountAccessTokenP *access_token, + uint64_t row, + uint32_t offset, + struct TALER_KycMeasureAuthorizationHash *mah) +{ + uint64_t be64 = GNUNET_htonll (row); + uint32_t be32 = htonl ((uint32_t) offset); + + GNUNET_assert ( + GNUNET_YES == + GNUNET_CRYPTO_kdf (mah, + sizeof (*mah), + &be64, + sizeof (be64), + access_token, + sizeof (*access_token), + &be32, + sizeof (be32), + NULL, + 0)); +} + + /* end of crypto.c */ |