From 747ae5ef094731650911838a51e49db778b18ab6 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 31 Mar 2022 12:37:39 +0200 Subject: privatize more signature structs, simplify code --- src/util/exchange_signatures.c | 52 ++++++++++++ src/util/offline_signatures.c | 177 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 228 insertions(+), 1 deletion(-) (limited to 'src/util') diff --git a/src/util/exchange_signatures.c b/src/util/exchange_signatures.c index 4890ca206..4bfa822f1 100644 --- a/src/util/exchange_signatures.c +++ b/src/util/exchange_signatures.c @@ -23,6 +23,8 @@ #include "taler_signatures.h" +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Format used to generate the signature on a confirmation * from the exchange that a deposit request succeeded. @@ -91,6 +93,8 @@ struct TALER_DepositConfirmationPS }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_deposit_confirmation_sign ( @@ -172,6 +176,8 @@ TALER_exchange_online_deposit_confirmation_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Format used to generate the signature on a request to refund * a coin into the account of the customer. @@ -213,6 +219,8 @@ struct TALER_RefundConfirmationPS struct TALER_AmountNBO refund_amount; }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_refund_confirmation_sign ( @@ -276,6 +284,8 @@ TALER_exchange_online_refund_confirmation_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Format of the block signed by the Exchange in response to a successful * "/refresh/melt" request. Hereby the exchange affirms that all of the @@ -303,6 +313,8 @@ struct TALER_RefreshMeltConfirmationPS }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_melt_confirmation_sign ( @@ -347,6 +359,8 @@ TALER_exchange_online_melt_confirmation_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Signature made by the exchange over the full set of keys, used * to detect cheating exchanges that give out different sets to @@ -372,6 +386,8 @@ struct TALER_ExchangeKeySetPS struct GNUNET_HashCode hc GNUNET_PACKED; }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_key_set_sign ( @@ -418,6 +434,8 @@ TALER_exchange_online_key_set_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Signature by which an exchange affirms that an account * successfully passed the KYC checks. @@ -442,6 +460,8 @@ struct TALER_ExchangeAccountSetupSuccessPS struct GNUNET_TIME_TimestampNBO timestamp; }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_account_setup_success_sign ( @@ -490,6 +510,8 @@ TALER_exchange_online_account_setup_success_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Format internally used for packing the detailed information * to generate the signature for /track/transfer signatures. @@ -524,6 +546,8 @@ struct TALER_WireDepositDetailP }; +GNUNET_NETWORK_STRUCT_END + void TALER_exchange_online_wire_deposit_append ( @@ -549,6 +573,8 @@ TALER_exchange_online_wire_deposit_append ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Format used to generate the signature for /wire/deposit * replies. @@ -589,6 +615,8 @@ struct TALER_WireDepositDataPS }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_wire_deposit_sign ( @@ -650,6 +678,8 @@ TALER_exchange_online_wire_deposit_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * Details affirmed by the exchange about a wire transfer the exchange * claims to have done with respect to a deposit operation. @@ -698,6 +728,8 @@ struct TALER_ConfirmWirePS }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_confirm_wire_sign ( @@ -761,6 +793,8 @@ TALER_exchange_online_confirm_wire_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * Response by which the exchange affirms that it will * refund a coin as part of the emergency /recoup @@ -799,6 +833,8 @@ struct TALER_RecoupConfirmationPS struct TALER_ReservePublicKeyP reserve_pub; }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_confirm_recoup_sign ( @@ -851,6 +887,8 @@ TALER_exchange_online_confirm_recoup_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * Response by which the exchange affirms that it will refund a refreshed coin * as part of the emergency /recoup protocol. The recoup will go back to the @@ -888,6 +926,8 @@ struct TALER_RecoupRefreshConfirmationPS struct TALER_CoinSpendPublicKeyP old_coin_pub; }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_confirm_recoup_refresh_sign ( @@ -945,6 +985,8 @@ TALER_exchange_online_confirm_recoup_refresh_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * Response by which the exchange affirms that it does not * currently know a denomination by the given hash. @@ -968,6 +1010,8 @@ struct TALER_DenominationUnknownAffirmationPS struct TALER_DenominationHashP h_denom_pub; }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_denomination_unknown_sign ( @@ -1012,6 +1056,8 @@ TALER_exchange_online_denomination_unknown_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * Response by which the exchange affirms that it does not * currently consider the given denomination to be valid @@ -1042,6 +1088,8 @@ struct TALER_DenominationExpiredAffirmationPS }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_denomination_expired_sign ( @@ -1100,6 +1148,8 @@ TALER_exchange_online_denomination_expired_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * Response by which the exchange affirms that it has * closed a reserve and send back the funds. @@ -1143,6 +1193,8 @@ struct TALER_ReserveCloseConfirmationPS struct TALER_WireTransferIdentifierRawP wtid; }; +GNUNET_NETWORK_STRUCT_END + enum TALER_ErrorCode TALER_exchange_online_reserve_closed_sign ( diff --git a/src/util/offline_signatures.c b/src/util/offline_signatures.c index 6c99b2963..13c007f12 100644 --- a/src/util/offline_signatures.c +++ b/src/util/offline_signatures.c @@ -23,6 +23,8 @@ #include "taler_signatures.h" +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Signature made by the exchange offline key over the information of * an auditor to be added to the exchange's set of auditors. @@ -51,6 +53,7 @@ struct TALER_MasterAddAuditorPS */ struct GNUNET_HashCode h_auditor_url GNUNET_PACKED; }; +GNUNET_NETWORK_STRUCT_END void @@ -103,6 +106,8 @@ TALER_exchange_offline_auditor_add_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Signature made by the exchange offline key over the information of * an auditor to be removed from the exchange's set of auditors. @@ -127,6 +132,7 @@ struct TALER_MasterDelAuditorPS struct TALER_AuditorPublicKeyP auditor_pub; }; +GNUNET_NETWORK_STRUCT_END void @@ -171,6 +177,8 @@ TALER_exchange_offline_auditor_del_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Message confirming that a denomination key was revoked. */ @@ -188,6 +196,8 @@ struct TALER_MasterDenominationKeyRevocationPS }; +GNUNET_NETWORK_STRUCT_END + void TALER_exchange_offline_denomination_revoke_sign ( @@ -228,6 +238,8 @@ TALER_exchange_offline_denomination_revoke_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Message confirming that an exchange online signing key was revoked. */ @@ -245,6 +257,8 @@ struct TALER_MasterSigningKeyRevocationPS }; +GNUNET_NETWORK_STRUCT_END + void TALER_exchange_offline_signkey_revoke_sign ( @@ -286,6 +300,55 @@ TALER_exchange_offline_signkey_revoke_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + +/** + * @brief Information about a signing key of the exchange. Signing keys are used + * to sign exchange messages other than coins, i.e. to confirm that a + * deposit was successful or that a refresh was accepted. + */ +struct TALER_ExchangeSigningKeyValidityPS +{ + + /** + * Purpose is #TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * When does this signing key begin to be valid? + */ + struct GNUNET_TIME_TimestampNBO start; + + /** + * When does this signing key expire? Note: This is currently when + * the Exchange will definitively stop using it. Signatures made with + * the key remain valid until @e end. When checking validity periods, + * clients should allow for some overlap between keys and tolerate + * the use of either key during the overlap time (due to the + * possibility of clock skew). + */ + struct GNUNET_TIME_TimestampNBO expire; + + /** + * When do signatures with this signing key become invalid? After + * this point, these signatures cannot be used in (legal) disputes + * anymore, as the Exchange is then allowed to destroy its side of the + * evidence. @e end is expected to be significantly larger than @e + * expire (by a year or more). + */ + struct GNUNET_TIME_TimestampNBO end; + + /** + * The public online signing key that the exchange will use + * between @e start and @e expire. + */ + struct TALER_ExchangePublicKeyP signkey_pub; +}; + +GNUNET_NETWORK_STRUCT_END + + void TALER_exchange_offline_signkey_validity_sign ( const struct TALER_ExchangePublicKeyP *exchange_pub, @@ -339,6 +402,91 @@ TALER_exchange_offline_signkey_validity_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + +/** + * @brief Information about a denomination key. Denomination keys + * are used to sign coins of a certain value into existence. + * + * FIXME: remove this from the public API... + */ +struct TALER_DenominationKeyValidityPS +{ + + /** + * Purpose is #TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * The long-term offline master key of the exchange that was + * used to create @e signature. + * + * FIXME: remove this member? + */ + struct TALER_MasterPublicKeyP master; + + /** + * Start time of the validity period for this key. + */ + struct GNUNET_TIME_TimestampNBO start; + + /** + * The exchange will sign fresh coins between @e start and this time. + * @e expire_withdraw will be somewhat larger than @e start to + * ensure a sufficiently large anonymity set, while also allowing + * the Exchange to limit the financial damage in case of a key being + * compromised. Thus, exchanges with low volume are expected to have a + * longer withdraw period (@e expire_withdraw - @e start) than exchanges + * with high transaction volume. The period may also differ between + * types of coins. A exchange may also have a few denomination keys + * with the same value with overlapping validity periods, to address + * issues such as clock skew. + */ + struct GNUNET_TIME_TimestampNBO expire_withdraw; + + /** + * Coins signed with the denomination key must be spent or refreshed + * between @e start and this expiration time. After this time, the + * exchange will refuse transactions involving this key as it will + * "drop" the table with double-spending information (shortly after) + * this time. Note that wallets should refresh coins significantly + * before this time to be on the safe side. @e expire_deposit must be + * significantly larger than @e expire_withdraw (by months or even + * years). + */ + struct GNUNET_TIME_TimestampNBO expire_deposit; + + /** + * When do signatures with this denomination key become invalid? + * After this point, these signatures cannot be used in (legal) + * disputes anymore, as the Exchange is then allowed to destroy its side + * of the evidence. @e expire_legal is expected to be significantly + * larger than @e expire_deposit (by a year or more). + */ + struct GNUNET_TIME_TimestampNBO expire_legal; + + /** + * The value of the coins signed with this denomination key. + */ + struct TALER_AmountNBO value; + + /** + * Fees for the coin. + */ + struct TALER_DenomFeeSetNBOP fees; + + /** + * Hash code of the denomination public key. (Used to avoid having + * the variable-size RSA key in this struct.) + */ + struct TALER_DenominationHashP denom_hash GNUNET_PACKED; + +}; + +GNUNET_NETWORK_STRUCT_END + + void TALER_exchange_offline_denom_validity_sign ( const struct TALER_DenominationHashP *h_denom_pub, @@ -412,6 +560,8 @@ TALER_exchange_offline_denom_validity_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Signature made by the exchange offline key over the information of * a payto:// URI to be added to the exchange's set of active wire accounts. @@ -436,6 +586,8 @@ struct TALER_MasterAddWirePS struct TALER_PaytoHashP h_payto GNUNET_PACKED; }; +GNUNET_NETWORK_STRUCT_END + void TALER_exchange_offline_wire_add_sign ( @@ -482,6 +634,8 @@ TALER_exchange_offline_wire_add_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Signature made by the exchange offline key over the information of * a wire method to be removed to the exchange's set of active accounts. @@ -507,6 +661,8 @@ struct TALER_MasterDelWirePS }; +GNUNET_NETWORK_STRUCT_END + void TALER_exchange_offline_wire_del_sign ( @@ -553,6 +709,8 @@ TALER_exchange_offline_wire_del_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Information signed by the exchange's master * key stating the wire fee to be paid per wire transfer. @@ -590,6 +748,8 @@ struct TALER_MasterWireFeePS }; +GNUNET_NETWORK_STRUCT_END + void TALER_exchange_offline_wire_fee_sign ( @@ -647,6 +807,8 @@ TALER_exchange_offline_wire_fee_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * Global fees charged by the exchange independent of * denomination or wire method. @@ -705,9 +867,10 @@ struct TALER_MasterGlobalFeePS */ uint32_t purse_account_limit; - }; +GNUNET_NETWORK_STRUCT_END + void TALER_exchange_offline_global_fee_sign ( @@ -773,6 +936,8 @@ TALER_exchange_offline_global_fee_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Signature made by the exchange offline key over the * configuration of an extension. @@ -791,6 +956,8 @@ struct TALER_MasterExtensionConfigurationPS struct TALER_ExtensionConfigHashP h_config GNUNET_PACKED; }; +GNUNET_NETWORK_STRUCT_END + void TALER_exchange_offline_extension_config_hash_sign ( @@ -829,6 +996,8 @@ TALER_exchange_offline_extension_config_hash_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * @brief Information signed by the exchange's master * key affirming the IBAN details for the exchange. @@ -848,6 +1017,8 @@ struct TALER_MasterWireDetailsPS }; +GNUNET_NETWORK_STRUCT_END + enum GNUNET_GenericReturnValue TALER_exchange_wire_signature_check ( @@ -888,6 +1059,8 @@ TALER_exchange_wire_signature_make ( } +GNUNET_NETWORK_STRUCT_BEGIN + /** * Message signed by account to merge a purse into a reserve. */ @@ -906,6 +1079,8 @@ struct TALER_PartnerConfigurationPS struct GNUNET_HashCode h_url; }; +GNUNET_NETWORK_STRUCT_END + void TALER_exchange_offline_partner_details_sign ( -- cgit v1.2.3