From 60fe2395fde7fe99d77aa7e583b9a407af605ddf Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sat, 27 Oct 2018 18:39:12 +0200
Subject: clean up  struct TALER_ExchangeSigningKeyValidityPS  (long-standing
 fixme: should not have contained the signature itself)

---
 src/exchange-lib/exchange_api_handle.c       | 44 +++++++++++++---------------
 src/exchange-tools/taler-exchange-keycheck.c |  6 ++--
 src/exchange-tools/taler-exchange-keyup.c    |  7 ++---
 src/exchange/taler-exchange-httpd_keystate.c | 14 +++++----
 src/include/taler_exchangedb_lib.h           |  6 ++++
 src/include/taler_signatures.h               |  7 -----
 6 files changed, 40 insertions(+), 44 deletions(-)

diff --git a/src/exchange-lib/exchange_api_handle.c b/src/exchange-lib/exchange_api_handle.c
index 27ee257d9..895d1f1dd 100644
--- a/src/exchange-lib/exchange_api_handle.c
+++ b/src/exchange-lib/exchange_api_handle.c
@@ -42,9 +42,9 @@
 #define TALER_PROTOCOL_AGE 0
 
 /**
- * Current version for (local) JSON serialization of persisted 
+ * Current version for (local) JSON serialization of persisted
  * /keys data.
- */ 
+ */
 #define TALER_SERIALIZATION_FORMAT_VERSION 0
 
 
@@ -223,9 +223,10 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key,
                     const struct TALER_MasterPublicKeyP *master_key)
 {
   struct TALER_ExchangeSigningKeyValidityPS sign_key_issue;
+  struct TALER_MasterSignatureP sign_key_issue_sig;
   struct GNUNET_JSON_Specification spec[] = {
     GNUNET_JSON_spec_fixed_auto ("master_sig",
-                                 &sign_key->master_sig),
+                                 &sign_key_issue_sig),
     GNUNET_JSON_spec_fixed_auto ("key",
                                  &sign_key->key),
     GNUNET_JSON_spec_absolute_time ("stamp_start",
@@ -250,10 +251,7 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key,
     return GNUNET_OK;
   sign_key_issue.signkey_pub = sign_key->key;
   sign_key_issue.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY);
-  sign_key_issue.purpose.size =
-    htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS)
-	   - offsetof (struct TALER_ExchangeSigningKeyValidityPS,
-		       purpose));
+  sign_key_issue.purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS));
   sign_key_issue.master_public_key = *master_key;
   sign_key_issue.start = GNUNET_TIME_absolute_hton (sign_key->valid_from);
   sign_key_issue.expire = GNUNET_TIME_absolute_hton (sign_key->valid_until);
@@ -261,7 +259,7 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key,
   if (GNUNET_OK !=
       GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
 				  &sign_key_issue.purpose,
-				  &sign_key->master_sig.eddsa_signature,
+				  &sign_key_issue_sig.eddsa_signature,
 				  &master_key->eddsa_pub))
   {
     GNUNET_break_op (0);
@@ -477,7 +475,7 @@ parse_json_auditor (struct TALER_EXCHANGE_AuditorInformation *auditor,
       TALER_amount_hton (&kv.fee_refund,
 			 &dk->fee_refund);
       kv.denom_hash = dk->h_key;
-      
+
       if (GNUNET_OK !=
 	  GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS,
 				      &kv.purpose,
@@ -527,7 +525,7 @@ decode_keys_json (const json_t *resp_obj,
 				 &sig),
     GNUNET_JSON_spec_fixed_auto ("eddsa_pub",
 				 &pub),
-    /* sig and pub must be first, as we skip those if 
+    /* sig and pub must be first, as we skip those if
        check_sig is false! */
     GNUNET_JSON_spec_fixed_auto ("master_public_key",
 				 &key_data->master_pub),
@@ -591,11 +589,11 @@ decode_keys_json (const json_t *resp_obj,
 			     NULL, NULL));
 
   /* parse the master public key and issue date of the response */
-  if (check_sig) 
+  if (check_sig)
     hash_context = GNUNET_CRYPTO_hash_context_start ();
   else
     hash_context = NULL;
-  
+
   /* parse the signing keys */
   {
     json_t *sign_keys_array;
@@ -1157,7 +1155,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange,
     GNUNET_JSON_spec_end()
   };
   struct TALER_EXCHANGE_Keys key_data;
- 
+
   if (NULL == data)
     return;
   if (GNUNET_OK !=
@@ -1175,7 +1173,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange,
     {
       GNUNET_break (0);
       return;
-    }    
+    }
   memset (&key_data,
 	  0,
           sizeof (struct TALER_EXCHANGE_Keys));
@@ -1226,7 +1224,7 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange)
   {
     const struct TALER_EXCHANGE_SigningPublicKey *sk = &kd->sign_keys[i];
     json_t *signkey;
-    
+
     if (now.abs_value_us > sk->valid_until.abs_value_us)
       continue; /* skip keys that have expired */
     signkey = json_pack ("{s:o, s:o, s:o, s:o, s:o}",
@@ -1247,13 +1245,13 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange)
     }
     json_array_append_new (signkeys,
 			   signkey);
-  }		 
+  }
   denoms = json_array ();
   for (unsigned int i=0;i<kd->num_denom_keys;i++)
   {
     const struct TALER_EXCHANGE_DenomPublicKey *dk = &kd->denom_keys[i];
     json_t *denom;
-    
+
     if (now.abs_value_us > dk->expire_deposit.abs_value_us)
       continue; /* skip keys that have expired */
     denom = json_pack ("{s:o, s:o, s:o, s:o, s:o "
@@ -1290,13 +1288,13 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange)
     }
     json_array_append_new (denoms,
 			   denom);
-  }		 
+  }
   auditors = json_array ();
   for (unsigned int i=0;i<kd->num_auditors;i++)
   {
     const struct TALER_EXCHANGE_AuditorInformation *ai = &kd->auditors[i];
     json_t *a;
-    json_t *adenoms; 
+    json_t *adenoms;
 
     adenoms = json_array ();
     for (unsigned int j=0;j<ai->num_denom_keys;j++)
@@ -1319,7 +1317,7 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange)
       json_array_append_new (adenoms,
 			     k);
     }
-    
+
     a = json_pack ("{s:s, s:o, s:o}",
 		   "auditor_pub",
 		   GNUNET_JSON_from_data_auto (&ai->auditor_pub),
@@ -1334,11 +1332,11 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange)
     }
     json_array_append_new (auditors,
 			   a);
-  }		 
+  }
   keys = json_pack ("{s:s, s:o, s:o, s:o, s:o"
 		    ",s:o, s:o}",
 		    /* 1 */
-		    "version", 
+		    "version",
 		    kd->version,
 		    "master_public_key",
 		    GNUNET_JSON_from_data_auto (&kd->master_pub),
@@ -1414,7 +1412,7 @@ TALER_EXCHANGE_connect (struct GNUNET_CURL_Context *ctx,
     case TALER_EXCHANGE_OPTION_DATA:
     {
       const json_t *data = va_arg (ap, const json_t *);
-      
+
       deserialize_data (exchange,
 			data);
       break;
diff --git a/src/exchange-tools/taler-exchange-keycheck.c b/src/exchange-tools/taler-exchange-keycheck.c
index 8018e3521..74b73cd09 100644
--- a/src/exchange-tools/taler-exchange-keycheck.c
+++ b/src/exchange-tools/taler-exchange-keycheck.c
@@ -64,9 +64,7 @@ signkeys_iter (void *cls,
               (GNUNET_TIME_absolute_ntoh (ski->issue.start)));
 
   if (ntohl (ski->issue.purpose.size) !=
-      (sizeof (struct TALER_ExchangeSigningKeyValidityPS) -
-       offsetof (struct TALER_ExchangeSigningKeyValidityPS,
-                 purpose)))
+      (sizeof (struct TALER_ExchangeSigningKeyValidityPS)))
   {
     fprintf (stderr,
              "Signing key `%s' has invalid purpose size\n",
@@ -85,7 +83,7 @@ signkeys_iter (void *cls,
   if (GNUNET_OK !=
       GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
                                   &ski->issue.purpose,
-                                  &ski->issue.signature.eddsa_signature,
+                                  &ski->master_sig.eddsa_signature,
                                   &ski->issue.master_public_key.eddsa_pub))
   {
     fprintf (stderr,
diff --git a/src/exchange-tools/taler-exchange-keyup.c b/src/exchange-tools/taler-exchange-keyup.c
index 22c72d5cc..cf774957f 100644
--- a/src/exchange-tools/taler-exchange-keyup.c
+++ b/src/exchange-tools/taler-exchange-keyup.c
@@ -472,14 +472,11 @@ create_signkey_issue_priv (struct GNUNET_TIME_Absolute start,
   GNUNET_CRYPTO_eddsa_key_get_public (&pi->signkey_priv.eddsa_priv,
                                       &issue->signkey_pub.eddsa_pub);
   issue->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY);
-  issue->purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS) -
-                               offsetof (struct TALER_ExchangeSigningKeyValidityPS,
-                                         purpose));
-
+  issue->purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS));
   GNUNET_assert (GNUNET_OK ==
                  GNUNET_CRYPTO_eddsa_sign (&master_priv.eddsa_priv,
                                            &issue->purpose,
-                                           &issue->signature.eddsa_signature));
+                                           &pi->master_sig.eddsa_signature));
 }
 
 
diff --git a/src/exchange/taler-exchange-httpd_keystate.c b/src/exchange/taler-exchange-httpd_keystate.c
index 413b9d1bd..45b8846f1 100644
--- a/src/exchange/taler-exchange-httpd_keystate.c
+++ b/src/exchange/taler-exchange-httpd_keystate.c
@@ -795,10 +795,12 @@ reload_keys_denom_iter (void *cls,
  * Convert the public part of a sign key issue to a JSON object.
  *
  * @param ski the sign key issue
+ * @param ski_sig signature over @a ski
  * @return a JSON object describing the sign key issue (public part)
  */
 static json_t *
-sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski)
+sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski,
+                        struct TALER_MasterSignatureP *ski_sig)
 {
   return
     json_pack ("{s:o, s:o, s:o, s:o, s:o}",
@@ -809,7 +811,7 @@ sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski)
                "stamp_end",
                GNUNET_JSON_from_time_abs (GNUNET_TIME_absolute_ntoh (ski->end)),
                "master_sig",
-               GNUNET_JSON_from_data_auto (&ski->signature),
+               GNUNET_JSON_from_data_auto (ski_sig),
                "key",
                GNUNET_JSON_from_data_auto (&ski->signkey_pub));
 }
@@ -823,6 +825,7 @@ sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski)
  * @param cls closure with the `struct ResponseFactoryContext *`
  * @param filename name of the file the key came from
  * @param ski the sign key issue
+ * @param ski_sig signature over @a ski
  * @return #GNUNET_OK to continue to iterate,
  *  #GNUNET_NO to stop iteration with no error,
  *  #GNUNET_SYSERR to abort iteration with error!
@@ -878,7 +881,8 @@ reload_keys_sign_iter (void *cls,
   }
   GNUNET_assert (0 ==
                  json_array_append_new (rfc->sign_keys_array,
-                                        sign_key_issue_to_json (&ski->issue)));
+                                        sign_key_issue_to_json (&ski->issue,
+                                                                &ski->master_sig)));
 
   return GNUNET_OK;
 }
@@ -1670,7 +1674,7 @@ TEH_KS_acquire_ (const char *location)
        (internal_key_state->next_reload.abs_value_us <= now.abs_value_us) )
   {
     struct TEH_KS_StateHandle *ks = internal_key_state;
-    
+
     internal_key_state = NULL;
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
 		"KS released in acquire due to expiration\n");
@@ -1976,7 +1980,7 @@ TEH_KS_free ()
   if (NULL != internal_key_state)
   {
     struct TEH_KS_StateHandle *ks = internal_key_state;
-    
+
     internal_key_state = NULL;
     TEH_KS_release (ks);
   }
diff --git a/src/include/taler_exchangedb_lib.h b/src/include/taler_exchangedb_lib.h
index b89dd087d..f942c5fbb 100644
--- a/src/include/taler_exchangedb_lib.h
+++ b/src/include/taler_exchangedb_lib.h
@@ -55,10 +55,16 @@ struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP
    */
   struct TALER_ExchangePrivateKeyP signkey_priv;
 
+  /**
+   * Signature over @e issue
+   */
+  struct TALER_MasterSignatureP master_sig;
+
   /**
    * Public information about a exchange signing key.
    */
   struct TALER_ExchangeSigningKeyValidityPS issue;
+
 };
 
 
diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h
index 428fa96ec..512198fe8 100644
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@@ -607,13 +607,6 @@ struct TALER_RefreshMeltConfirmationPS
  */
 struct TALER_ExchangeSigningKeyValidityPS
 {
-  /**
-   * Signature over the signing key (by the master key of the exchange).
-   *
-   * FIXME: should be moved outside of the "PS" struct, this is ugly.
-   * (and makes this struct different from all of the others)
-   */
-  struct TALER_MasterSignatureP signature;
 
   /**
    * Purpose is #TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY.
-- 
cgit v1.2.3