summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-12-19 12:24:14 +0100
committerChristian Grothoff <christian@grothoff.org>2021-12-19 12:24:14 +0100
commit64e64141962fbea4e8acea87f57f98e93360a7c4 (patch)
tree37653111c82d9bc3e3440a2b8a0ccef756aea4b0
parent5f57dbbc7b1e1ed21fff24daa537b949727b7966 (diff)
downloadmerchant-64e64141962fbea4e8acea87f57f98e93360a7c4.tar.gz
merchant-64e64141962fbea4e8acea87f57f98e93360a7c4.tar.bz2
merchant-64e64141962fbea4e8acea87f57f98e93360a7c4.zip
introduce new data type for the post-orders hash used for idempotency checks, as well as the hash and salt for authentication checks
-rw-r--r--src/backend/taler-merchant-httpd.c10
-rw-r--r--src/backend/taler-merchant-httpd.h8
-rw-r--r--src/backend/taler-merchant-httpd_get-orders-ID.c2
-rw-r--r--src/backend/taler-merchant-httpd_post-orders-ID-claim.c2
-rw-r--r--src/backend/taler-merchant-httpd_private-delete-orders-ID.c2
-rw-r--r--src/backend/taler-merchant-httpd_private-get-instances-ID.c2
-rw-r--r--src/backend/taler-merchant-httpd_private-get-orders-ID.c2
-rw-r--r--src/backend/taler-merchant-httpd_private-get-orders.c2
-rw-r--r--src/backend/taler-merchant-httpd_private-post-orders.c16
-rw-r--r--src/backenddb/plugin_merchantdb_postgres.c4
-rw-r--r--src/include/taler_merchantdb_plugin.h52
11 files changed, 73 insertions, 29 deletions
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index cae16909..f2de7373 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -150,8 +150,8 @@ char *TMH_default_auth;
enum GNUNET_GenericReturnValue
TMH_check_auth (const char *token,
- const struct GNUNET_ShortHashCode *salt,
- const struct GNUNET_HashCode *hash)
+ struct TALER_MerchantAuthenticationSaltP *salt,
+ struct TALER_MerchantAuthenticationHashP *hash)
{
struct GNUNET_HashCode val;
char *dec;
@@ -180,7 +180,7 @@ TMH_check_auth (const char *token,
0));
GNUNET_free (dec);
return (0 == GNUNET_memcmp (&val,
- hash))
+ &hash->hash))
? GNUNET_OK
: GNUNET_SYSERR;
}
@@ -188,8 +188,8 @@ TMH_check_auth (const char *token,
void
TMH_compute_auth (const char *token,
- struct GNUNET_ShortHashCode *salt,
- struct GNUNET_HashCode *hash)
+ struct TALER_MerchantAuthenticationSaltP *salt,
+ struct TALER_MerchantAuthenticationHashP *hash)
{
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
salt,
diff --git a/src/backend/taler-merchant-httpd.h b/src/backend/taler-merchant-httpd.h
index 93ca63d3..fce507ef 100644
--- a/src/backend/taler-merchant-httpd.h
+++ b/src/backend/taler-merchant-httpd.h
@@ -680,8 +680,8 @@ TMH_reload_instances (const char *id);
*/
enum GNUNET_GenericReturnValue
TMH_check_auth (const char *token,
- const struct GNUNET_ShortHashCode *salt,
- const struct GNUNET_HashCode *hash);
+ struct TALER_MerchantAuthenticationSaltP *salt,
+ struct TALER_MerchantAuthenticationHashP *hash);
/**
@@ -694,8 +694,8 @@ TMH_check_auth (const char *token,
*/
void
TMH_compute_auth (const char *token,
- struct GNUNET_ShortHashCode *salt,
- struct GNUNET_HashCode *hash);
+ struct TALER_MerchantAuthenticationSaltP *salt,
+ struct TALER_MerchantAuthenticationHashP *hash);
#endif
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c
index db1c3fee..d6abdc62 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -1083,7 +1083,7 @@ TMH_get_orders_ID (const struct TMH_RequestHandler *rh,
else
{
struct TALER_ClaimTokenP db_claim_token;
- struct GNUNET_HashCode unused; /* h_post_data */
+ struct TALER_MerchantPostDataHashP unused;
qs = TMH_db->lookup_order (TMH_db->cls,
hc->instance->settings.id,
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-claim.c b/src/backend/taler-merchant-httpd_post-orders-ID-claim.c
index 16990d4b..1f9d8e2b 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-claim.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-claim.c
@@ -122,7 +122,7 @@ claim_order (const char *instance_id,
/* Now we need to claim the order. */
{
- struct GNUNET_HashCode unused;
+ struct TALER_MerchantPostDataHashP unused;
struct GNUNET_TIME_Timestamp timestamp;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_timestamp ("timestamp",
diff --git a/src/backend/taler-merchant-httpd_private-delete-orders-ID.c b/src/backend/taler-merchant-httpd_private-delete-orders-ID.c
index b9dd4bc9..9eaa8b0e 100644
--- a/src/backend/taler-merchant-httpd_private-delete-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_private-delete-orders-ID.c
@@ -63,7 +63,7 @@ TMH_private_delete_orders_ID (const struct TMH_RequestHandler *rh,
NULL);
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
{
- struct GNUNET_HashCode unused;
+ struct TALER_MerchantPostDataHashP unused;
qs = TMH_db->lookup_order (TMH_db->cls,
mi->settings.id,
diff --git a/src/backend/taler-merchant-httpd_private-get-instances-ID.c b/src/backend/taler-merchant-httpd_private-get-instances-ID.c
index 85b3c7df..5087d637 100644
--- a/src/backend/taler-merchant-httpd_private-get-instances-ID.c
+++ b/src/backend/taler-merchant-httpd_private-get-instances-ID.c
@@ -63,7 +63,7 @@ get_instances_ID (struct TMH_MerchantInstance *mi,
auth = GNUNET_JSON_PACK (
GNUNET_JSON_pack_string ("method",
- GNUNET_is_zero (mi->auth.auth_hash.bits)
+ GNUNET_is_zero (&mi->auth.auth_hash)
? "external"
: "token"));
return TALER_MHD_REPLY_JSON_PACK (
diff --git a/src/backend/taler-merchant-httpd_private-get-orders-ID.c b/src/backend/taler-merchant-httpd_private-get-orders-ID.c
index 328ffbf0..b4067f56 100644
--- a/src/backend/taler-merchant-httpd_private-get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_private-get-orders-ID.c
@@ -1012,7 +1012,7 @@ TMH_private_get_orders_ID (const struct TMH_RequestHandler *rh,
}
{
- struct GNUNET_HashCode unused;
+ struct TALER_MerchantPostDataHashP unused;
json_t *ct = NULL;
/* We need the order for two cases: Either when the contract doesn't exist yet,
diff --git a/src/backend/taler-merchant-httpd_private-get-orders.c b/src/backend/taler-merchant-httpd_private-get-orders.c
index 29b6e65a..444e564d 100644
--- a/src/backend/taler-merchant-httpd_private-get-orders.c
+++ b/src/backend/taler-merchant-httpd_private-get-orders.c
@@ -328,7 +328,7 @@ add_order (void *cls,
if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
{
/* Might still be unclaimed, so try order table */
- struct GNUNET_HashCode unused;
+ struct TALER_MerchantPostDataHashP unused;
qs = TMH_db->lookup_order (TMH_db->cls,
po->instance_id,
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c
index 35cdf790..666505f9 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -197,7 +197,7 @@ struct InventoryProduct
static enum GNUNET_DB_QueryStatus
execute_transaction (struct TMH_HandlerContext *hc,
const char *order_id,
- const struct GNUNET_HashCode *h_post_data,
+ const struct TALER_MerchantPostDataHashP *h_post_data,
struct GNUNET_TIME_Timestamp pay_deadline,
const json_t *order,
const struct TALER_ClaimTokenP *claim_token,
@@ -315,7 +315,7 @@ execute_transaction (struct TMH_HandlerContext *hc,
static MHD_RESULT
execute_order (struct MHD_Connection *connection,
struct TMH_HandlerContext *hc,
- const struct GNUNET_HashCode *h_post_data,
+ const struct TALER_MerchantPostDataHashP *h_post_data,
json_t *order,
const struct TALER_ClaimTokenP *claim_token,
unsigned int inventory_products_length,
@@ -424,7 +424,7 @@ execute_order (struct MHD_Connection *connection,
{
struct TALER_ClaimTokenP token;
json_t *contract_terms;
- struct GNUNET_HashCode orig_post;
+ struct TALER_MerchantPostDataHashP orig_post;
TMH_db->preflight (TMH_db->cls);
qs = TMH_db->lookup_order (TMH_db->cls,
@@ -640,7 +640,7 @@ execute_order (struct MHD_Connection *connection,
static MHD_RESULT
patch_order (struct MHD_Connection *connection,
struct TMH_HandlerContext *hc,
- const struct GNUNET_HashCode *h_post_data,
+ const struct TALER_MerchantPostDataHashP *h_post_data,
json_t *order,
const struct TALER_ClaimTokenP *claim_token,
struct GNUNET_TIME_Relative refund_delay,
@@ -1105,7 +1105,7 @@ patch_order (struct MHD_Connection *connection,
static MHD_RESULT
add_payment_details (struct MHD_Connection *connection,
struct TMH_HandlerContext *hc,
- const struct GNUNET_HashCode *h_post_data,
+ const struct TALER_MerchantPostDataHashP *h_post_data,
json_t *order,
const struct TALER_ClaimTokenP *claim_token,
struct GNUNET_TIME_Relative refund_delay,
@@ -1178,7 +1178,7 @@ add_payment_details (struct MHD_Connection *connection,
static MHD_RESULT
merge_inventory (struct MHD_Connection *connection,
struct TMH_HandlerContext *hc,
- const struct GNUNET_HashCode *h_post_data,
+ const struct TALER_MerchantPostDataHashP *h_post_data,
json_t *order,
const struct TALER_ClaimTokenP *claim_token,
struct GNUNET_TIME_Relative refund_delay,
@@ -1357,7 +1357,7 @@ TMH_private_post_orders (const struct TMH_RequestHandler *rh,
GNUNET_JSON_spec_end ()
};
enum GNUNET_GenericReturnValue ret;
- struct GNUNET_HashCode h_post_data;
+ struct TALER_MerchantPostDataHashP h_post_data;
(void) rh;
ret = TALER_MHD_parse_json_data (connection,
@@ -1407,7 +1407,7 @@ TMH_private_post_orders (const struct TMH_RequestHandler *rh,
}
GNUNET_CRYPTO_hash (req_body_enc,
strlen (req_body_enc),
- &h_post_data);
+ &h_post_data.hash);
GNUNET_free (req_body_enc);
}
diff --git a/src/backenddb/plugin_merchantdb_postgres.c b/src/backenddb/plugin_merchantdb_postgres.c
index e7c53a62..5465b4e8 100644
--- a/src/backenddb/plugin_merchantdb_postgres.c
+++ b/src/backenddb/plugin_merchantdb_postgres.c
@@ -1639,7 +1639,7 @@ postgres_lookup_order (void *cls,
const char *instance_id,
const char *order_id,
struct TALER_ClaimTokenP *claim_token,
- struct GNUNET_HashCode *h_post_data,
+ struct TALER_MerchantPostDataHashP *h_post_data,
json_t **contract_terms)
{
struct PostgresClosure *pg = cls;
@@ -1881,7 +1881,7 @@ static enum GNUNET_DB_QueryStatus
postgres_insert_order (void *cls,
const char *instance_id,
const char *order_id,
- const struct GNUNET_HashCode *h_post_data,
+ const struct TALER_MerchantPostDataHashP *h_post_data,
struct GNUNET_TIME_Timestamp pay_deadline,
const struct TALER_ClaimTokenP *claim_token,
const json_t *contract_terms)
diff --git a/src/include/taler_merchantdb_plugin.h b/src/include/taler_merchantdb_plugin.h
index b4dc17b2..d301eeef 100644
--- a/src/include/taler_merchantdb_plugin.h
+++ b/src/include/taler_merchantdb_plugin.h
@@ -33,6 +33,50 @@
struct TALER_MERCHANTDB_Plugin;
+GNUNET_NETWORK_STRUCT_BEGIN
+
+
+/**
+ * @brief Hash over an order request, used for the idempotency check.
+ */
+struct TALER_MerchantPostDataHashP
+{
+ /**
+ * The authentication hash is a SHA-512 hash code.
+ */
+ struct GNUNET_HashCode hash;
+};
+
+
+/**
+ * @brief Hash used for client authenticiation. Computed with a
+ * `struct TALER_MerchantAuthenticationSaltP`.
+ */
+struct TALER_MerchantAuthenticationHashP
+{
+ /**
+ * The authentication hash is a SHA-512 hash code.
+ * All zeros if authentication is off.
+ */
+ struct GNUNET_HashCode hash;
+};
+
+
+/**
+ * @brief Salt used for client authenticiation.
+ */
+struct TALER_MerchantAuthenticationSaltP
+{
+ /**
+ * The authentication salt is a 256-bit value.
+ */
+ uint32_t salt[256 / 8 / sizeof(uint32_t)]; /* = 8 */
+};
+
+
+GNUNET_NETWORK_STRUCT_END
+
+
/**
* Details about a wire account of the merchant.
*/
@@ -68,13 +112,13 @@ struct TALER_MERCHANTDB_InstanceAuthSettings
/**
* Hash used for authentication. All zero if authentication is off.
*/
- struct GNUNET_HashCode auth_hash;
+ struct TALER_MerchantAuthenticationHashP auth_hash;
/**
* Salt used to hash the "Authentication" header, the result must then
* match the @e auth_hash.
*/
- struct GNUNET_ShortHashCode auth_salt;
+ struct TALER_MerchantAuthenticationSaltP auth_salt;
};
/**
@@ -1184,7 +1228,7 @@ struct TALER_MERCHANTDB_Plugin
const char *instance_id,
const char *order_id,
struct TALER_ClaimTokenP *claim_token,
- struct GNUNET_HashCode *h_post_data,
+ struct TALER_MerchantPostDataHashP *h_post_data,
json_t **contract_terms);
@@ -1240,7 +1284,7 @@ struct TALER_MERCHANTDB_Plugin
(*insert_order)(void *cls,
const char *instance_id,
const char *order_id,
- const struct GNUNET_HashCode *h_post_data,
+ const struct TALER_MerchantPostDataHashP *h_post_data,
struct GNUNET_TIME_Timestamp pay_deadline,
const struct TALER_ClaimTokenP *claim_token,
const json_t *contract_terms);