From 36a7ac723e25f5de1e48ff1aa7000c6062e9e71a Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Wed, 13 Sep 2017 21:43:10 +0200
Subject: do keep signing over DKs even for cherry-picked /keys replies

---
 src/exchange-lib/exchange_api_handle.c       |  5 +++--
 src/exchange/taler-exchange-httpd_keystate.c | 30 ++++++++++++++++++++++++++--
 2 files changed, 31 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/exchange-lib/exchange_api_handle.c b/src/exchange-lib/exchange_api_handle.c
index 91309cc5e..822c9c7b4 100644
--- a/src/exchange-lib/exchange_api_handle.c
+++ b/src/exchange-lib/exchange_api_handle.c
@@ -285,7 +285,6 @@ parse_json_denomkey (struct TALER_EXCHANGE_DenomPublicKey *denom_key,
   struct TALER_DenominationKeyValidityPS denom_key_issue;
   struct GNUNET_CRYPTO_RsaPublicKey *pk;
   struct GNUNET_CRYPTO_EddsaSignature sig;
-
   struct GNUNET_JSON_Specification spec[] = {
     GNUNET_JSON_spec_fixed_auto ("master_sig",
 				 &sig),
@@ -320,7 +319,9 @@ parse_json_denomkey (struct TALER_EXCHANGE_DenomPublicKey *denom_key,
     return GNUNET_SYSERR;
   }
 
-  memset (&denom_key_issue, 0, sizeof (denom_key_issue));
+  memset (&denom_key_issue,
+          0,
+          sizeof (denom_key_issue));
   GNUNET_CRYPTO_rsa_public_key_hash (pk,
                                      &denom_key_issue.denom_hash);
   denom_key_issue.purpose.purpose
diff --git a/src/exchange/taler-exchange-httpd_keystate.c b/src/exchange/taler-exchange-httpd_keystate.c
index ddc04bda0..04cf6ae43 100644
--- a/src/exchange/taler-exchange-httpd_keystate.c
+++ b/src/exchange/taler-exchange-httpd_keystate.c
@@ -229,6 +229,11 @@ struct ResponseBuilderContext
    */
   struct GNUNET_TIME_Absolute last_issue_date;
 
+  /**
+   * Used for computing the hash over all the denomination keys.
+   */
+  struct GNUNET_HashContext *hash_context;
+
   /**
    * Flag set to #GNUNET_SYSERR on internal errors
    */
@@ -252,6 +257,7 @@ denom_keys_to_json (void *cls,
 {
   struct ResponseBuilderContext *rbc = cls;
   struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki = value;
+  struct GNUNET_HashCode denom_key_hash;
 
   if (rbc->last_issue_date.abs_value_us >=
       GNUNET_TIME_absolute_ntoh (dki->issue.properties.start).abs_value_us)
@@ -291,6 +297,11 @@ denom_keys_to_json (void *cls,
     };
     return GNUNET_OK; /* skip, key known to client */
   }
+  GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub.rsa_public_key,
+                                     &denom_key_hash);
+  GNUNET_CRYPTO_hash_context_read (rbc->hash_context,
+                                   &denom_key_hash,
+                                   sizeof (struct GNUNET_HashCode));
   if (0 !=
       json_array_append_new (rbc->denom_keys_array,
                              denom_key_issue_to_json (&dki->denom_pub,
@@ -1390,13 +1401,25 @@ TEH_KS_handler_keys (struct TEH_RequestHandler *rh,
     rbc.denom_keys_array = json_array ();
     rbc.auditors_array = json_deep_copy (key_state->auditors_array);
     rbc.last_issue_date = last_issue_date;
+    rbc.hash_context = GNUNET_CRYPTO_hash_context_start ();
     GNUNET_CONTAINER_multihashmap_iterate (key_state->denomkey_map,
                                            &denom_keys_to_json,
                                            &rbc);
     if (GNUNET_NO == rbc.error)
     {
       json_t *keys;
-
+      struct TALER_ExchangeKeySetPS ks;
+      struct TALER_ExchangeSignatureP sig;
+
+      ks.purpose.size = htonl (sizeof (ks));
+      ks.purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_KEY_SET);
+      ks.list_issue_date = GNUNET_TIME_absolute_hton (key_state->reload_time);
+      GNUNET_CRYPTO_hash_context_finish (key_state->hash_context,
+                                         &ks.hc);
+      GNUNET_assert (GNUNET_OK ==
+                     GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv,
+                                               &ks.purpose,
+                                               &sig.eddsa_signature));
       keys = json_pack ("{s:s, s:o, s:O, s:o, s:O, s:o, s:o}",
                         "version", TALER_PROTOCOL_VERSION,
                         "master_public_key", GNUNET_JSON_from_data_auto (&TEH_master_public_key),
@@ -1404,7 +1427,10 @@ TEH_KS_handler_keys (struct TEH_RequestHandler *rh,
                         "denoms", rbc.denom_keys_array,
                         "payback", key_state->payback_array,
                         "auditors", rbc.auditors_array,
-                        "list_issue_date", GNUNET_JSON_from_time_abs (key_state->reload_time));
+                        "list_issue_date", GNUNET_JSON_from_time_abs (key_state->reload_time),
+                        "eddsa_pub", GNUNET_JSON_from_data_auto (&key_state->current_sign_key_issue.issue.signkey_pub),
+                        "eddsa_sig", GNUNET_JSON_from_data_auto (&sig));
+
       rbc.denom_keys_array = NULL;
       rbc.auditors_array = NULL;
       json = json_dumps (keys,
-- 
cgit v1.2.3