From d8922f82e5f6853c35a8a282e51471da908bdacf Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 9 Oct 2021 16:11:04 +0200 Subject: -introduce 'struct TALER_WireSalt' --- src/include/taler_crypto_lib.h | 20 +++++++++++++++++--- src/json/json_wire.c | 21 +++++++++++---------- src/util/crypto_wire.c | 28 ++++++++++++++++++++++++---- 3 files changed, 52 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 71579170a..0284fc55b 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -359,6 +359,20 @@ struct TALER_ClaimTokenP }; +/** + * Salt used to hash a merchant's payto:// URI to + * compute the "h_wire" (say for deposit requests). + */ +struct TALER_WireSalt +{ + /** + * Actual salt value. + * FIXME: #7032: change to 16 byte value! + */ + struct GNUNET_HashCode data; +}; + + GNUNET_NETWORK_STRUCT_END @@ -1658,7 +1672,7 @@ TALER_exchange_wire_signature_make ( */ void TALER_merchant_wire_signature_hash (const char *payto_uri, - const char *salt, + const struct TALER_WireSalt *salt, struct GNUNET_HashCode *hc); @@ -1674,7 +1688,7 @@ TALER_merchant_wire_signature_hash (const char *payto_uri, enum GNUNET_GenericReturnValue TALER_merchant_wire_signature_check ( const char *payto_uri, - const char *salt, + const struct TALER_WireSalt *salt, const struct TALER_MerchantPublicKeyP *merch_pub, const struct TALER_MerchantSignatureP *merch_sig); @@ -1690,7 +1704,7 @@ TALER_merchant_wire_signature_check ( void TALER_merchant_wire_signature_make ( const char *payto_uri, - const char *salt, + const struct TALER_WireSalt *salt, const struct TALER_MerchantPrivateKeyP *merch_priv, struct TALER_MerchantSignatureP *merch_sig); diff --git a/src/json/json_wire.c b/src/json/json_wire.c index e8620728a..7ec21da65 100644 --- a/src/json/json_wire.c +++ b/src/json/json_wire.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2018 Taler Systems SA + Copyright (C) 2018, 2021 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -37,13 +37,12 @@ TALER_JSON_merchant_wire_signature_hash (const json_t *wire_s, struct GNUNET_HashCode *hc) { const char *payto_uri; - const char *salt; - /* Current merchant backend will always make the salt - a `struct GNUNET_HashCode`, but *we* do not insist - on that. */ + struct TALER_WireSalt salt; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_string ("payto_uri", &payto_uri), - GNUNET_JSON_spec_string ("salt", &salt), + GNUNET_JSON_spec_string ("payto_uri", + &payto_uri), + GNUNET_JSON_spec_fixed_auto ("salt", + &salt), GNUNET_JSON_spec_end () }; @@ -73,7 +72,7 @@ TALER_JSON_merchant_wire_signature_hash (const json_t *wire_s, } } TALER_merchant_wire_signature_hash (payto_uri, - salt, + &salt, hc); return GNUNET_OK; } @@ -95,8 +94,10 @@ TALER_JSON_exchange_wire_signature_check ( const char *payto_uri; struct TALER_MasterSignatureP master_sig; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_string ("payto_uri", &payto_uri), - GNUNET_JSON_spec_fixed_auto ("master_sig", &master_sig), + GNUNET_JSON_spec_string ("payto_uri", + &payto_uri), + GNUNET_JSON_spec_fixed_auto ("master_sig", + &master_sig), GNUNET_JSON_spec_end () }; diff --git a/src/util/crypto_wire.c b/src/util/crypto_wire.c index 0d31720a7..ee3215ca6 100644 --- a/src/util/crypto_wire.c +++ b/src/util/crypto_wire.c @@ -110,19 +110,39 @@ TALER_exchange_wire_signature_make ( */ void TALER_merchant_wire_signature_hash (const char *payto_uri, - const char *salt, + const struct TALER_WireSalt *salt, struct GNUNET_HashCode *hc) { +#if FIXED_7032 + /* new logic to use once #7032 is being addressed */ GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (hc, sizeof (*hc), salt, - strlen (salt) + 1, + sizeof (*salt), payto_uri, strlen (payto_uri) + 1, "merchant-wire-signature", strlen ("merchant-wire-signature"), NULL, 0)); +#else + /* compatibility logic to avoid protocol breakage... */ + char *sstr; + + sstr = GNUNET_STRINGS_data_to_string_alloc (salt, + sizeof (*salt)); + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (hc, + sizeof (*hc), + sstr, + strlen (sstr) + 1, + payto_uri, + strlen (payto_uri) + 1, + "merchant-wire-signature", + strlen ("merchant-wire-signature"), + NULL, 0)); + GNUNET_free (sstr); +#endif } @@ -146,7 +166,7 @@ TALER_merchant_wire_signature_hash (const char *payto_uri, enum GNUNET_GenericReturnValue TALER_merchant_wire_signature_check ( const char *payto_uri, - const char *salt, + const struct TALER_WireSalt *salt, const struct TALER_MerchantPublicKeyP *merch_pub, const struct TALER_MerchantSignatureP *merch_sig) { @@ -176,7 +196,7 @@ TALER_merchant_wire_signature_check ( void TALER_merchant_wire_signature_make ( const char *payto_uri, - const char *salt, + const struct TALER_WireSalt *salt, const struct TALER_MerchantPrivateKeyP *merch_priv, struct TALER_MerchantSignatureP *merch_sig) { -- cgit v1.2.3