exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE

secmod_signatures.c (7916B)

      1 /*
      2   This file is part of TALER
      3   Copyright (C) 2020, 2021 Taler Systems SA
      4 
      5   TALER is free software; you can redistribute it and/or modify it under the
      6   terms of the GNU General Public License as published by the Free Software
      7   Foundation; either version 3, or (at your option) any later version.
      8 
      9   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
     10   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
     11   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
     12 
     13   You should have received a copy of the GNU General Public License along with
     14   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
     15 */
     16 /**
     17  * @file secmod_signatures.c
     18  * @brief Utility functions for Taler security module signatures
     19  * @author Christian Grothoff
     20  */
     21 #include "taler/taler_util.h"
     22 #include "taler/taler_signatures.h"
     23 
     24 
     25 /**
     26  * @brief format used by the signing crypto helper when affirming
     27  *        that it created an exchange signing key.
     28  */
     29 struct TALER_SigningKeyAnnouncementPS
     30 {
     31 
     32   /**
     33    * Purpose must be #TALER_SIGNATURE_SM_SIGNING_KEY.
     34    * Used with an EdDSA signature of a `struct TALER_SecurityModulePublicKeyP`.
     35    */
     36   struct GNUNET_CRYPTO_SignaturePurpose purpose;
     37 
     38   /**
     39    * Public signing key of the exchange this is about.
     40    */
     41   struct TALER_ExchangePublicKeyP exchange_pub;
     42 
     43   /**
     44    * When does the key become available?
     45    */
     46   struct GNUNET_TIME_TimestampNBO anchor_time;
     47 
     48   /**
     49    * How long is the key available after @e anchor_time?
     50    */
     51   struct GNUNET_TIME_RelativeNBO duration;
     52 
     53 };
     54 
     55 
     56 void
     57 TALER_exchange_secmod_eddsa_sign (
     58   const struct TALER_ExchangePublicKeyP *exchange_pub,
     59   struct GNUNET_TIME_Timestamp start_sign,
     60   struct GNUNET_TIME_Relative duration,
     61   const struct TALER_SecurityModulePrivateKeyP *secm_priv,
     62   struct TALER_SecurityModuleSignatureP *secm_sig)
     63 {
     64   struct TALER_SigningKeyAnnouncementPS ska = {
     65     .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
     66     .purpose.size = htonl (sizeof (ska)),
     67     .exchange_pub = *exchange_pub,
     68     .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
     69     .duration = GNUNET_TIME_relative_hton (duration)
     70   };
     71 
     72   GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
     73                             &ska,
     74                             &secm_sig->eddsa_signature);
     75 }
     76 
     77 
     78 enum GNUNET_GenericReturnValue
     79 TALER_exchange_secmod_eddsa_verify (
     80   const struct TALER_ExchangePublicKeyP *exchange_pub,
     81   struct GNUNET_TIME_Timestamp start_sign,
     82   struct GNUNET_TIME_Relative duration,
     83   const struct TALER_SecurityModulePublicKeyP *secm_pub,
     84   const struct TALER_SecurityModuleSignatureP *secm_sig)
     85 {
     86   struct TALER_SigningKeyAnnouncementPS ska = {
     87     .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
     88     .purpose.size = htonl (sizeof (ska)),
     89     .exchange_pub = *exchange_pub,
     90     .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
     91     .duration = GNUNET_TIME_relative_hton (duration)
     92   };
     93 
     94   return
     95     GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_SIGNING_KEY,
     96                                 &ska,
     97                                 &secm_sig->eddsa_signature,
     98                                 &secm_pub->eddsa_pub);
     99 }
    100 
    101 
    102 /**
    103  * @brief format used by the denomination crypto helper when affirming
    104  *        that it created a denomination key.
    105  */
    106 struct TALER_DenominationKeyAnnouncementPS
    107 {
    108 
    109   /**
    110    * Purpose must be #TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY.
    111    * Used with an EdDSA signature of a `struct TALER_SecurityModulePublicKeyP`.
    112    */
    113   struct GNUNET_CRYPTO_SignaturePurpose purpose;
    114 
    115   /**
    116    * Hash of the denomination public key.
    117    */
    118   struct TALER_DenominationHashP h_denom;
    119 
    120   /**
    121    * Hash of the section name in the configuration of this denomination.
    122    */
    123   struct GNUNET_HashCode h_section_name;
    124 
    125   /**
    126    * When does the key become available?
    127    */
    128   struct GNUNET_TIME_TimestampNBO anchor_time;
    129 
    130   /**
    131    * How long is the key available after @e anchor_time?
    132    */
    133   struct GNUNET_TIME_RelativeNBO duration_withdraw;
    134 
    135 };
    136 
    137 void
    138 TALER_exchange_secmod_rsa_sign (
    139   const struct TALER_RsaPubHashP *h_rsa,
    140   const char *section_name,
    141   struct GNUNET_TIME_Timestamp start_sign,
    142   struct GNUNET_TIME_Relative duration,
    143   const struct TALER_SecurityModulePrivateKeyP *secm_priv,
    144   struct TALER_SecurityModuleSignatureP *secm_sig)
    145 {
    146   struct TALER_DenominationKeyAnnouncementPS dka = {
    147     .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
    148     .purpose.size = htonl (sizeof (dka)),
    149     .h_denom.hash = h_rsa->hash,
    150     .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
    151     .duration_withdraw = GNUNET_TIME_relative_hton (duration)
    152   };
    153 
    154   GNUNET_CRYPTO_hash (section_name,
    155                       strlen (section_name) + 1,
    156                       &dka.h_section_name);
    157   GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
    158                             &dka,
    159                             &secm_sig->eddsa_signature);
    160 
    161 }
    162 
    163 
    164 enum GNUNET_GenericReturnValue
    165 TALER_exchange_secmod_rsa_verify (
    166   const struct TALER_RsaPubHashP *h_rsa,
    167   const char *section_name,
    168   struct GNUNET_TIME_Timestamp start_sign,
    169   struct GNUNET_TIME_Relative duration,
    170   const struct TALER_SecurityModulePublicKeyP *secm_pub,
    171   const struct TALER_SecurityModuleSignatureP *secm_sig)
    172 {
    173   struct TALER_DenominationKeyAnnouncementPS dka = {
    174     .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
    175     .purpose.size = htonl (sizeof (dka)),
    176     .h_denom.hash = h_rsa->hash,
    177     .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
    178     .duration_withdraw = GNUNET_TIME_relative_hton (duration)
    179   };
    180 
    181   GNUNET_CRYPTO_hash (section_name,
    182                       strlen (section_name) + 1,
    183                       &dka.h_section_name);
    184   return
    185     GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY,
    186                                 &dka,
    187                                 &secm_sig->eddsa_signature,
    188                                 &secm_pub->eddsa_pub);
    189 }
    190 
    191 
    192 void
    193 TALER_exchange_secmod_cs_sign (
    194   const struct TALER_CsPubHashP *h_cs,
    195   const char *section_name,
    196   struct GNUNET_TIME_Timestamp start_sign,
    197   struct GNUNET_TIME_Relative duration,
    198   const struct TALER_SecurityModulePrivateKeyP *secm_priv,
    199   struct TALER_SecurityModuleSignatureP *secm_sig)
    200 {
    201   struct TALER_DenominationKeyAnnouncementPS dka = {
    202     .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
    203     .purpose.size = htonl (sizeof (dka)),
    204     .h_denom.hash = h_cs->hash,
    205     .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
    206     .duration_withdraw = GNUNET_TIME_relative_hton (duration)
    207   };
    208 
    209   GNUNET_CRYPTO_hash (section_name,
    210                       strlen (section_name) + 1,
    211                       &dka.h_section_name);
    212   GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
    213                             &dka,
    214                             &secm_sig->eddsa_signature);
    215 
    216 }
    217 
    218 
    219 enum GNUNET_GenericReturnValue
    220 TALER_exchange_secmod_cs_verify (
    221   const struct TALER_CsPubHashP *h_cs,
    222   const char *section_name,
    223   struct GNUNET_TIME_Timestamp start_sign,
    224   struct GNUNET_TIME_Relative duration,
    225   const struct TALER_SecurityModulePublicKeyP *secm_pub,
    226   const struct TALER_SecurityModuleSignatureP *secm_sig)
    227 {
    228   struct TALER_DenominationKeyAnnouncementPS dka = {
    229     .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
    230     .purpose.size = htonl (sizeof (dka)),
    231     .h_denom.hash = h_cs->hash,
    232     .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
    233     .duration_withdraw = GNUNET_TIME_relative_hton (duration)
    234   };
    235 
    236   GNUNET_CRYPTO_hash (section_name,
    237                       strlen (section_name) + 1,
    238                       &dka.h_section_name);
    239   return
    240     GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY,
    241                                 &dka,
    242                                 &secm_sig->eddsa_signature,
    243                                 &secm_pub->eddsa_pub);
    244 }
    245 
    246 
    247 /* end of secmod_signatures.c */