commit e85280ffc61f6aad93b4bd055254ebcf28f3eb05
parent d168b5c70f033d15fe9d46ab340c5eb627074ce0
Author: Christian Grothoff <christian@grothoff.org>
Date: Sat, 21 Jun 2025 19:26:42 +0200
factor out TALER_merchant_instance_auth_hash_with_salt logic to avoid implementing it 3x
Diffstat:
7 files changed, 19 insertions(+), 88 deletions(-)
diff --git a/configure.ac b/configure.ac
@@ -253,12 +253,12 @@ AS_CASE([$with_exchange],
CPPFLAGS="-I$with_exchange/include $CPPFLAGS $POSTGRESQL_CPPFLAGS"])
AC_CHECK_HEADERS([taler/taler_util.h],
- [AC_CHECK_LIB([talerutil], [TALER_kyc_measure_authorization_hash], libtalerutil=1)])
+ [AC_CHECK_LIB([talerutil], [TALER_merchant_instance_auth_hash_with_salt], libtalerutil=1)])
AM_CONDITIONAL(HAVE_TALERUTIL, test x$libtalerutil = x1)
AS_IF([test $libtalerutil != 1],
[AC_MSG_ERROR([[
***
-*** You need libtalerutil >= 0.13.0 to build this program.
+*** You need libtalerutil >= 1.1.0 (ABI v8) to build this program.
*** This library is part of the GNU Taler exchange, available at
*** https://taler.net
*** ]])])
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
@@ -473,7 +473,7 @@ TMH_check_auth (const char *token,
struct TALER_MerchantAuthenticationSaltP *salt,
struct TALER_MerchantAuthenticationHashP *hash)
{
- struct GNUNET_HashCode val;
+ struct TALER_MerchantAuthenticationHashP val;
char *dec;
size_t dec_len;
@@ -491,22 +491,13 @@ TMH_check_auth (const char *token,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Checking against token with salt %s\n",
TALER_B2S (salt));
- // FIXME: factor into common routine in libtalerutil
- // see also taler-merchant-passwd and same call below!
- GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (&val,
- sizeof (val),
- salt,
- sizeof (*salt),
- dec,
- dec_len,
- "merchant-instance-auth",
- strlen ("merchant-instance-auth"),
- NULL,
- 0));
+ TALER_merchant_instance_auth_hash_with_salt (&val,
+ salt,
+ dec);
GNUNET_free (dec);
- return (0 == GNUNET_memcmp (&val,
- &hash->hash))
+ return (0 ==
+ GNUNET_memcmp (&val,
+ hash))
? GNUNET_OK
: GNUNET_SYSERR;
}
@@ -568,8 +559,7 @@ TMH_check_auth_instance (const char *token,
}
-// FIXME: factor into common routine in libtalerutil
-// see also taler-merchant-passwd!
+// FIXME: comment!?
void
TMH_compute_auth (const char *token,
struct TALER_MerchantAuthenticationSaltP *salt,
@@ -581,17 +571,9 @@ TMH_compute_auth (const char *token,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Computing initial auth using token with salt %s\n",
TALER_B2S (salt));
- GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (hash,
- sizeof (*hash),
- salt,
- sizeof (*salt),
- token,
- strlen (token),
- "merchant-instance-auth",
- strlen ("merchant-instance-auth"),
- NULL,
- 0));
+ TALER_merchant_instance_auth_hash_with_salt (hash,
+ salt,
+ token);
}
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -197,7 +197,7 @@ struct DepositConfirmation
* private key to the corresponding age group. Might be all zeroes for no
* age attestation.
*/
- struct TALER_AgeAttestation minimum_age_sig;
+ struct TALER_AgeAttestationP minimum_age_sig;
/**
* If a minimum age was required (i. e. pc->minimum_age is large enough),
diff --git a/src/include/taler_merchant_service.h b/src/include/taler_merchant_service.h
@@ -3571,7 +3571,7 @@ struct TALER_MERCHANT_PayCoin
/**
* Coin's age commitment. Might be NULL, if not applicable.
*/
- const struct TALER_AgeCommitmentHash *h_age_commitment;
+ const struct TALER_AgeCommitmentHashP *h_age_commitment;
/**
* Amount this coin contributes to (including fee).
diff --git a/src/include/taler_merchantdb_plugin.h b/src/include/taler_merchantdb_plugin.h
@@ -40,44 +40,6 @@ GNUNET_NETWORK_STRUCT_BEGIN
/**
- * @brief Hash over an order request, used for the idempotency check.
- */
-struct TALER_MerchantPostDataHashP
-{
- /**
- * The authentication hash is a SHA-512 hash code.
- */
- struct GNUNET_HashCode hash;
-};
-
-
-/**
- * @brief Hash used for client authenticiation. Computed with a
- * `struct TALER_MerchantAuthenticationSaltP`.
- */
-struct TALER_MerchantAuthenticationHashP
-{
- /**
- * The authentication hash is a SHA-512 hash code.
- * All zeros if authentication is off.
- */
- struct GNUNET_HashCode hash;
-};
-
-
-/**
- * @brief Salt used for client authenticiation.
- */
-struct TALER_MerchantAuthenticationSaltP
-{
- /**
- * The authentication salt is a 256-bit value.
- */
- uint32_t salt[256 / 8 / sizeof(uint32_t)]; /* = 8 */
-};
-
-
-/**
* Format of the data hashed to generate the notification
* string whenever the KYC status for an account has
* changed.
diff --git a/src/merchant-tools/taler-merchant-passwd.c b/src/merchant-tools/taler-merchant-passwd.c
@@ -81,22 +81,9 @@ run (void *cls,
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
&ias.auth_salt,
sizeof (ias.auth_salt));
- fprintf (stderr,
- "Hashing %s/%s\n",
- TALER_B2S (&ias.auth_salt),
- pw);
- // FIXME: use TMH_compute_auth here!
- GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (&ias.auth_hash,
- sizeof (ias.auth_hash),
- &ias.auth_salt,
- sizeof (ias.auth_salt),
- pw,
- strlen (pw),
- "merchant-instance-auth",
- strlen ("merchant-instance-auth"),
- NULL,
- 0));
+ TALER_merchant_instance_auth_hash_with_salt (&ias.auth_hash,
+ &ias.auth_salt,
+ pw);
if (GNUNET_OK !=
plugin->connect (plugin->cls))
{
diff --git a/src/testing/testing_api_cmd_pay_order.c b/src/testing/testing_api_cmd_pay_order.c
@@ -297,7 +297,7 @@ build_coins (struct TALER_MERCHANT_PayCoin **pc,
const struct TALER_DenominationSignature *denom_sig;
const struct TALER_Amount *denom_value;
const struct TALER_EXCHANGE_DenomPublicKey *denom_pub;
- const struct TALER_AgeCommitmentHash *h_age_commitment;
+ const struct TALER_AgeCommitmentHashP *h_age_commitment;
GNUNET_assert (GNUNET_OK ==
TALER_TESTING_get_trait_coin_priv (coin_cmd,
