From 324bf3f980542cb9f209ee7edc6f142c5c34e5a2 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 24 Mar 2015 17:53:13 +0100 Subject: fix #3484: sign over full key set as well --- src/include/taler_signatures.h | 32 +++++++++++++++++++++++++++++++- src/mint/taler-mint-httpd_keystate.c | 21 ++++++++++++++++++++- 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index 3ad97a577..007a309f3 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -83,6 +83,11 @@ */ #define TALER_SIGNATURE_MINT_DEPOSIT 7 +/** + * Signature where the Mint confirms the full /keys response set. + */ +#define TALER_SIGNATURE_KEYS_SET 8 + /***********************/ /* Merchant signatures */ @@ -345,6 +350,31 @@ struct TALER_MINT_SignKeyIssue }; +/** + * Signature made by the mint over the full set of keys, used + * to detect cheating mints that give out different sets to + * different users. + */ +struct TALER_MINT_KeySetSignature +{ + + /** + * Purpose is #TALER_SIGNATURE_KEYS_SET + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Time of the key set issue. + */ + struct GNUNET_TIME_AbsoluteNBO list_issue_date; + + /** + * Hash over the "inner" JSON with the key set. + */ + struct GNUNET_HashCode hc; +}; + + /** * Information about a denomination key. Denomination keys * are used to sign coins of a certain value into existence. @@ -358,7 +388,7 @@ struct TALER_MINT_DenomKeyIssue struct TALER_MasterSignature signature; /** - * Purpose ist #TALER_SIGNATURE_MASTER_DENOM. + * Purpose is #TALER_SIGNATURE_MASTER_DENOM. */ struct GNUNET_CRYPTO_EccSignaturePurpose purpose; diff --git a/src/mint/taler-mint-httpd_keystate.c b/src/mint/taler-mint-httpd_keystate.c index b795323ee..c29c5c516 100644 --- a/src/mint/taler-mint-httpd_keystate.c +++ b/src/mint/taler-mint-httpd_keystate.c @@ -378,6 +378,9 @@ TALER_MINT_key_state_acquire (void) struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get (); struct MintKeyState *key_state; json_t *keys; + char *inner; + struct TALER_MINT_KeySetSignature ks; + struct TALER_MintSignature sig; GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex)); if (internal_key_state->next_reload.abs_value_us <= now.abs_value_us) @@ -413,8 +416,24 @@ TALER_MINT_key_state_acquire (void) "signkeys", key_state->sign_keys_array, "denoms", key_state->denom_keys_array, "list_issue_date", TALER_JSON_from_abs (key_state->reload_time)); + inner = json_dumps (keys, + JSON_INDENT(2)); + ks.purpose.size = htonl (sizeof (ks)); + ks.purpose.purpose = htonl (TALER_SIGNATURE_KEYS_SET); + ks.list_issue_date = GNUNET_TIME_absolute_hton (key_state->reload_time); + GNUNET_CRYPTO_hash (inner, + strlen (inner), + &ks.hc); + GNUNET_free (inner); + TALER_MINT_keys_sign (&ks.purpose, + &sig); + keys = json_pack ("{s:o, s:o}", + "keys", keys, + "eddsa-signature", TALER_JSON_from_eddsa_sig (&ks.purpose, + &sig.eddsa_signature)); key_state->keys_json = json_dumps (keys, - JSON_INDENT(2)); + JSON_INDENT (2)); + json_decref (keys); internal_key_state = key_state; } key_state = internal_key_state; -- cgit v1.2.3