commit 0d758d8dc96c6b44a2edf016ab63ac120816c78a
parent a9514bda3c0d5de7390fd01ca0eaecc91d5af9c1
Author: Casaburi Johannes <johannes.casaburi@students.bfh.ch>
Date: Sun, 7 Apr 2024 23:09:07 +0200
added donau signing
Diffstat:
5 files changed, 108 insertions(+), 25 deletions(-)
diff --git a/src/donau/donau-httpd_keys.c b/src/donau/donau-httpd_keys.c
@@ -1210,6 +1210,68 @@ DH_handler_keys (struct DH_RequestContext *rc,
}
+enum TALER_ErrorCode
+DH_keys_donau_sign_ (
+ const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+ struct DONAU_DonauPublicKeyP *pub,
+ struct DONAU_DonauSignatureP *sig)
+{
+ struct DH_KeyStateHandle *ksh;
+ enum TALER_ErrorCode ec;
+
+ ksh = DH_keys_get_state ();
+ if (NULL == ksh)
+ {
+ /* This *can* happen if the Donau's crypto helper is not running
+ or had some bad error. */
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Cannot sign request, no valid signing keys available.\n");
+ return TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING;
+ }
+
+ /* need to "cast" because TALER_CRYPTO works with TALER_Exchange.. */
+ struct TALER_ExchangePublicKeyP donau_pub = {
+ .eddsa_pub = pub->eddsa_pub
+ };
+ struct TALER_ExchangeSignatureP donau_sig = {
+ .eddsa_signature = sig->eddsa_sig
+ };
+
+ // FIXME NEEDED?
+ // TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_EDDSA]++;
+ ec = TALER_CRYPTO_helper_esign_sign_ (esh,
+ purpose,
+ &donau_pub,
+ &donau_sig);
+ if (TALER_EC_NONE != ec)
+ return ec;
+ {
+ /* Here we check here that 'pub' is set to an exchange public key that is
+ actually signed by the master key! Otherwise, we happily continue to
+ use key material even if the offline signatures have not been made
+ yet! */
+ struct GNUNET_PeerIdentity pid;
+ struct SigningKey *sk;
+
+ pid.public_key = pub->eddsa_pub;
+ sk = GNUNET_CONTAINER_multipeermap_get (esign_keys,
+ &pid);
+ if (NULL == sk)
+ {
+ /* just to be safe, zero out the (valid) signature, as the key
+ should not or no longer be used */
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Cannot sign, offline key signatures are missing!\n");
+ memset (sig,
+ 0,
+ sizeof (*sig));
+ return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
+ }
+ }
+ return ec;
+}
+
+
#if DEAD
/**
* Callback used to set headers in a response.
diff --git a/src/donau/donau-httpd_keys.h b/src/donau/donau-httpd_keys.h
@@ -65,6 +65,50 @@ struct DH_DonationUnitKey
};
+/**
+ * Sign the message in @a purpose with the exchange's signing key.
+ *
+ * The @a purpose data is the beginning of the data of which the signature is
+ * to be created. The `size` field in @a purpose must correctly indicate the
+ * number of bytes of the data structure, including its header. Use
+ * #TEH_keys_exchange_sign() instead of calling this function directly!
+ *
+ * @param purpose the message to sign
+ * @param[out] pub set to the current public signing key of the exchange
+ * @param[out] sig signature over purpose using current signing key
+ * @return #TALER_EC_NONE on success
+ */
+enum TALER_ErrorCode
+DH_keys_donau_sign_ (
+ const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+ struct DONAU_DonauPublicKeyP *pub,
+ struct DONAU_DonauSignatureP *sig);
+
+/**
+ * @ingroup crypto
+ * @brief EdDSA sign a given block.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param[out] pub where to store the public key to use for the signing
+ * @param[out] sig where to write the signature
+ * @return #TALER_EC_NONE on success
+ */
+#define DH_keys_donau_sign(ps,pub,sig) \
+ ({ \
+ /* check size is set correctly */ \
+ GNUNET_assert (htonl ((ps)->purpose.size) == \
+ sizeof (*ps)); \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)); \
+ DH_keys_donau_sign_ (&(ps)->purpose, \
+ pub, \
+ sig); \
+ })
/**
* Resumes all suspended /keys requests, we may now have key material
diff --git a/src/donaudb/0002-signkey_revocations.sql b/src/donaudb/0002-signkey_revocations.sql
@@ -1,22 +0,0 @@
---
--- This file is part of TALER
--- Copyright (C) 2023 Taler Systems SA
---
--- TALER is free software; you can redistribute it and/or modify it under the
--- terms of the GNU General Public License as published by the Free Software
--- Foundation; either version 3, or (at your option) any later version.
---
--- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
--- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
--- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
---
--- You should have received a copy of the GNU General Public License along with
--- TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
---
-
-CREATE TABLE signkey_revocations
- (signkey_revocations_serial_id BIGINT GENERATED BY DEFAULT AS IDENTITY UNIQUE
- ,dsk_serial INT8 PRIMARY KEY REFERENCES donau_sign_keys (dsk_serial) ON DELETE CASCADE
- );
-COMMENT ON TABLE signkey_revocations
- IS 'Table storing which online signing keys have been revoked';
diff --git a/src/donaudb/donau-0001.sql b/src/donaudb/donau-0001.sql
@@ -19,7 +19,7 @@ BEGIN;
SELECT _v.register_patch('donau-0001', NULL, NULL);
CREATE SCHEMA donau;
-COMMENT ON SCHEMA donau IS 'taler-donau data';
+COMMENT ON SCHEMA donau IS 'donau data';
SET search_path TO donau;
diff --git a/src/donaudb/drop.sql b/src/donaudb/drop.sql
@@ -25,7 +25,6 @@ WITH xpatches AS (
SELECT _v.unregister_patch(xpatches.patch_name)
FROM xpatches;
--- FIXME
--- DROP SCHEMA donau CASCADE;
+DROP SCHEMA donau CASCADE;
COMMIT;
