commit af479c0192a15818e925e8bfe0c5130de45b1790
parent cb54440ec7e53d9e6aef489b053ea497cbfed092
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Wed, 5 Nov 2025 23:35:41 +0100
fix initialization of mailbox
Diffstat:
2 files changed, 10 insertions(+), 13 deletions(-)
diff --git a/packages/taler-util/src/types-taler-mailbox.ts b/packages/taler-util/src/types-taler-mailbox.ts
@@ -106,7 +106,7 @@ buildCodecForObject<MailboxMessageKeys>()
.property("signingKeyType", codecForConstString("EdDSA"))
.property("encryptionKey", codecForString())
.property("encryptionKeyType", codecForConstString("X25519"))
- .property("expiration", codecForTimestamp)
+ .property("expiration", codecForNumber())
.build("TalerMailboxApi.MailboxMessageKeys");
@@ -136,7 +136,7 @@ export interface MailboxMessageKeys {
encryptionKeyType?: string;
// Expiration of this mapping.
- expiration: Timestamp;
+ expiration: number;
}
diff --git a/packages/taler-wallet-core/src/mailbox.ts b/packages/taler-wallet-core/src/mailbox.ts
@@ -143,7 +143,8 @@ export async function updateMailboxKeys(
wex: WalletExecutionContext,
mailboxConf: MailboxConfiguration,
): Promise<void> {
- const signingKey = eddsaGetPublic(decodeCrock(mailboxConf.privateKey));
+ const privateSigningKey = decodeCrock(mailboxConf.privateKey);
+ const signingKey = eddsaGetPublic(privateSigningKey);
const encryptionKey = hpkeSecretKeyGetPublic(decodeCrock(mailboxConf.privateEncryptionKey));
// Message header: 8 byte + 64 byte SHA512 digest to sign
// We hash ktype|key|encKtype|encKey|expiration
@@ -155,23 +156,22 @@ export async function updateMailboxKeys(
throw Error("mailbox can not expire, invalid")
}
vExpNbo.setBigUint64(0, BigInt(mailboxConf.expiration.t_s));
- const digestBuffer = new Uint8Array([...stringToBytes("EdDSA"),
- ...signingKey,
- ...stringToBytes("X25519"),
+ const digestBuffer = new Uint8Array([...stringToBytes("X25519"),
...encryptionKey,
...(new Uint8Array(expNboBuffer))]);
- vMsg.setUint32(0, vMsg.byteLength);
+ const digest = sha512(digestBuffer);
+ vMsg.setUint32(0, messageHeader.byteLength + digest.length);
// FIXME: Where is gana?
vMsg.setUint32(4, 1224);
- const msgToSign = new Uint8Array([...(new Uint8Array(messageHeader)), ...sha512(digestBuffer)]);
+ const msgToSign = new Uint8Array([...(new Uint8Array(messageHeader)), ...digest]);
// FIXME sign
- const signature = eddsaSign(msgToSign, signingKey)
+ const signature = eddsaSign(msgToSign, privateSigningKey);
const keys: MailboxMessageKeys = {
signingKey: encodeCrock(signingKey),
signingKeyType: "EdDSA", // FIXME only supported key type ATM,
encryptionKey: encodeCrock(encryptionKey),
encryptionKeyType: "X25519", // FIXME only supported encryption key type ATM
- expiration: mailboxConf.expiration,
+ expiration: mailboxConf.expiration.t_s,
};
const req: MailboxMessageKeysUpdateRequest = {
keys: keys,
@@ -224,10 +224,7 @@ export async function initMailbox(
privateEncryptionKey: hpkeKey,
expiration: AbsoluteTime.toProtocolTimestamp(nowInAYear)
};
- logger.error(mailboxBaseUrl);
- logger.error("before update keys");
await updateMailboxKeys(wex, mailboxConf);
- logger.error("after update keys");
await wex.db.runReadWriteTx(
{
storeNames: ["mailboxConfigurations"],
