commit 76c96fad246393f205e4ad4fdc1abb98582a1849
parent 8d1e83097d360916c07552b7765339727760e2a8
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 4 Jun 2024 14:59:22 +0200
move ID computation into libtalerutil
Diffstat:
3 files changed, 65 insertions(+), 20 deletions(-)
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
@@ -1273,6 +1273,20 @@ struct TALER_AgeCommitmentHash
};
/**
+ * @brief KYC measure authorization hash.
+ * Hashes over the AccountAccessToken, the
+ * row ID and the offset. Used in the
+ * ID of /kyc-upload/ and /kyc-start/.
+ */
+struct TALER_KycMeasureAuthorizationHash
+{
+ /**
+ * The hash is a SHA-256 hash code.
+ */
+ struct GNUNET_ShortHashCode shash;
+};
+
+/**
* @brief Signature of an age with the private key for the corresponding age group of an age commitment.
*/
struct TALER_AgeAttestation
@@ -1796,6 +1810,24 @@ TALER_coin_pub_hash (const struct TALER_CoinSpendPublicKeyP *coin_pub,
/**
+ * Hashes the @a access_token, @a row and @a offset
+ * to compute an authorization hash used in the
+ * /kyc-upload/ and /kyc-start/ endpoints.
+ *
+ * @param access_token the access token
+ * @param row the database row
+ * @param offset the offset of the measure in the array
+ * @param[out] mah set to the hash
+ */
+void
+TALER_kyc_measure_authorization_hash (
+ const struct TALER_AccountAccessTokenP *access_token,
+ uint64_t row,
+ uint32_t offset,
+ struct TALER_KycMeasureAuthorizationHash *mah);
+
+
+/**
* Compute the hash of a payto URI.
*
* @param payto URI to hash
diff --git a/src/kyclogic/kyclogic_api.c b/src/kyclogic/kyclogic_api.c
@@ -2117,35 +2117,21 @@ TALER_KYCLOGIC_measure_to_requirement (
{
struct TALER_KYCLOGIC_KycCheck *kc;
json_t *kri;
- struct GNUNET_ShortHashCode shv;
- uint64_t be = GNUNET_htonll (row_id);
- uint32_t be32 = htonl ((uint32_t) offset);
+ struct TALER_KycMeasureAuthorizationHash shv;
char *ids;
char *xids;
- GNUNET_assert (offset <= UINT_MAX);
- GNUNET_assert (offset <= UINT32_MAX);
kc = find_check (check_name);
if (NULL == kc)
{
GNUNET_break (0);
return NULL;
}
- /* FIXME: should be moved to someplace
- in util/crypto as the $ID-handlers
- need exactly the same computation! */
- GNUNET_assert (
- GNUNET_YES ==
- GNUNET_CRYPTO_kdf (&shv,
- sizeof (shv),
- &be,
- sizeof (be),
- access_token,
- sizeof (*access_token),
- &be32,
- sizeof (be32),
- NULL,
- 0));
+ GNUNET_assert (offset <= UINT32_MAX);
+ TALER_kyc_measure_authorization_hash (access_token,
+ row_id,
+ (uint32_t) offset,
+ &shv);
switch (kc->type)
{
case TALER_KYCLOGIC_CT_INFO:
@@ -2157,6 +2143,7 @@ TALER_KYCLOGIC_measure_to_requirement (
GNUNET_JSON_pack_object_incref ("description_i18n",
(json_t *) kc->description_i18n));
case TALER_KYCLOGIC_CT_FORM:
+ GNUNET_assert (offset <= UINT_MAX);
ids = GNUNET_STRINGS_data_to_string_alloc (&shv,
sizeof (shv));
GNUNET_asprintf (&xids,
@@ -2177,6 +2164,7 @@ TALER_KYCLOGIC_measure_to_requirement (
GNUNET_free (xids);
return kri;
case TALER_KYCLOGIC_CT_LINK:
+ GNUNET_assert (offset <= UINT_MAX);
ids = GNUNET_STRINGS_data_to_string_alloc (&shv,
sizeof (shv));
GNUNET_asprintf (&xids,
diff --git a/src/util/crypto.c b/src/util/crypto.c
@@ -541,4 +541,29 @@ TALER_denomination_group_get_key (
}
+void
+TALER_kyc_measure_authorization_hash (
+ const struct TALER_AccountAccessTokenP *access_token,
+ uint64_t row,
+ uint32_t offset,
+ struct TALER_KycMeasureAuthorizationHash *mah)
+{
+ uint64_t be64 = GNUNET_htonll (row);
+ uint32_t be32 = htonl ((uint32_t) offset);
+
+ GNUNET_assert (
+ GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (mah,
+ sizeof (*mah),
+ &be64,
+ sizeof (be64),
+ access_token,
+ sizeof (*access_token),
+ &be32,
+ sizeof (be32),
+ NULL,
+ 0));
+}
+
+
/* end of crypto.c */
