Line data Source code
1 : /*
2 : This file is part of TALER
3 : Copyright (C) 2020, 2021 Taler Systems SA
4 :
5 : TALER is free software; you can redistribute it and/or modify it under the
6 : terms of the GNU General Public License as published by the Free Software
7 : Foundation; either version 3, or (at your option) any later version.
8 :
9 : TALER is distributed in the hope that it will be useful, but WITHOUT ANY
10 : WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
11 : A PARTICULAR PURPOSE. See the GNU General Public License for more details.
12 :
13 : You should have received a copy of the GNU General Public License along with
14 : TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
15 : */
16 : /**
17 : * @file secmod_signatures.c
18 : * @brief Utility functions for Taler security module signatures
19 : * @author Christian Grothoff
20 : */
21 : #include "taler/taler_util.h"
22 : #include "taler/taler_signatures.h"
23 :
24 :
25 : /**
26 : * @brief format used by the signing crypto helper when affirming
27 : * that it created an exchange signing key.
28 : */
29 : struct TALER_SigningKeyAnnouncementPS
30 : {
31 :
32 : /**
33 : * Purpose must be #TALER_SIGNATURE_SM_SIGNING_KEY.
34 : * Used with an EdDSA signature of a `struct TALER_SecurityModulePublicKeyP`.
35 : */
36 : struct GNUNET_CRYPTO_SignaturePurpose purpose;
37 :
38 : /**
39 : * Public signing key of the exchange this is about.
40 : */
41 : struct TALER_ExchangePublicKeyP exchange_pub;
42 :
43 : /**
44 : * When does the key become available?
45 : */
46 : struct GNUNET_TIME_TimestampNBO anchor_time;
47 :
48 : /**
49 : * How long is the key available after @e anchor_time?
50 : */
51 : struct GNUNET_TIME_RelativeNBO duration;
52 :
53 : };
54 :
55 :
56 : void
57 102 : TALER_exchange_secmod_eddsa_sign (
58 : const struct TALER_ExchangePublicKeyP *exchange_pub,
59 : struct GNUNET_TIME_Timestamp start_sign,
60 : struct GNUNET_TIME_Relative duration,
61 : const struct TALER_SecurityModulePrivateKeyP *secm_priv,
62 : struct TALER_SecurityModuleSignatureP *secm_sig)
63 : {
64 102 : struct TALER_SigningKeyAnnouncementPS ska = {
65 102 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
66 102 : .purpose.size = htonl (sizeof (ska)),
67 : .exchange_pub = *exchange_pub,
68 102 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
69 102 : .duration = GNUNET_TIME_relative_hton (duration)
70 : };
71 :
72 102 : GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
73 : &ska,
74 : &secm_sig->eddsa_signature);
75 102 : }
76 :
77 :
78 : enum GNUNET_GenericReturnValue
79 144 : TALER_exchange_secmod_eddsa_verify (
80 : const struct TALER_ExchangePublicKeyP *exchange_pub,
81 : struct GNUNET_TIME_Timestamp start_sign,
82 : struct GNUNET_TIME_Relative duration,
83 : const struct TALER_SecurityModulePublicKeyP *secm_pub,
84 : const struct TALER_SecurityModuleSignatureP *secm_sig)
85 : {
86 144 : struct TALER_SigningKeyAnnouncementPS ska = {
87 144 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
88 144 : .purpose.size = htonl (sizeof (ska)),
89 : .exchange_pub = *exchange_pub,
90 144 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
91 144 : .duration = GNUNET_TIME_relative_hton (duration)
92 : };
93 :
94 : return
95 144 : GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_SIGNING_KEY,
96 : &ska,
97 : &secm_sig->eddsa_signature,
98 : &secm_pub->eddsa_pub);
99 : }
100 :
101 :
102 : /**
103 : * @brief format used by the denomination crypto helper when affirming
104 : * that it created a denomination key.
105 : */
106 : struct TALER_DenominationKeyAnnouncementPS
107 : {
108 :
109 : /**
110 : * Purpose must be #TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY.
111 : * Used with an EdDSA signature of a `struct TALER_SecurityModulePublicKeyP`.
112 : */
113 : struct GNUNET_CRYPTO_SignaturePurpose purpose;
114 :
115 : /**
116 : * Hash of the denomination public key.
117 : */
118 : struct TALER_DenominationHashP h_denom;
119 :
120 : /**
121 : * Hash of the section name in the configuration of this denomination.
122 : */
123 : struct GNUNET_HashCode h_section_name;
124 :
125 : /**
126 : * When does the key become available?
127 : */
128 : struct GNUNET_TIME_TimestampNBO anchor_time;
129 :
130 : /**
131 : * How long is the key available after @e anchor_time?
132 : */
133 : struct GNUNET_TIME_RelativeNBO duration_withdraw;
134 :
135 : };
136 :
137 : void
138 267 : TALER_exchange_secmod_rsa_sign (
139 : const struct TALER_RsaPubHashP *h_rsa,
140 : const char *section_name,
141 : struct GNUNET_TIME_Timestamp start_sign,
142 : struct GNUNET_TIME_Relative duration,
143 : const struct TALER_SecurityModulePrivateKeyP *secm_priv,
144 : struct TALER_SecurityModuleSignatureP *secm_sig)
145 : {
146 267 : struct TALER_DenominationKeyAnnouncementPS dka = {
147 267 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
148 267 : .purpose.size = htonl (sizeof (dka)),
149 : .h_denom.hash = h_rsa->hash,
150 267 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
151 267 : .duration_withdraw = GNUNET_TIME_relative_hton (duration)
152 : };
153 :
154 267 : GNUNET_CRYPTO_hash (section_name,
155 267 : strlen (section_name) + 1,
156 : &dka.h_section_name);
157 267 : GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
158 : &dka,
159 : &secm_sig->eddsa_signature);
160 :
161 267 : }
162 :
163 :
164 : enum GNUNET_GenericReturnValue
165 847 : TALER_exchange_secmod_rsa_verify (
166 : const struct TALER_RsaPubHashP *h_rsa,
167 : const char *section_name,
168 : struct GNUNET_TIME_Timestamp start_sign,
169 : struct GNUNET_TIME_Relative duration,
170 : const struct TALER_SecurityModulePublicKeyP *secm_pub,
171 : const struct TALER_SecurityModuleSignatureP *secm_sig)
172 : {
173 847 : struct TALER_DenominationKeyAnnouncementPS dka = {
174 847 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
175 847 : .purpose.size = htonl (sizeof (dka)),
176 : .h_denom.hash = h_rsa->hash,
177 847 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
178 847 : .duration_withdraw = GNUNET_TIME_relative_hton (duration)
179 : };
180 :
181 847 : GNUNET_CRYPTO_hash (section_name,
182 847 : strlen (section_name) + 1,
183 : &dka.h_section_name);
184 : return
185 847 : GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY,
186 : &dka,
187 : &secm_sig->eddsa_signature,
188 : &secm_pub->eddsa_pub);
189 : }
190 :
191 :
192 : void
193 223 : TALER_exchange_secmod_cs_sign (
194 : const struct TALER_CsPubHashP *h_cs,
195 : const char *section_name,
196 : struct GNUNET_TIME_Timestamp start_sign,
197 : struct GNUNET_TIME_Relative duration,
198 : const struct TALER_SecurityModulePrivateKeyP *secm_priv,
199 : struct TALER_SecurityModuleSignatureP *secm_sig)
200 : {
201 223 : struct TALER_DenominationKeyAnnouncementPS dka = {
202 223 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
203 223 : .purpose.size = htonl (sizeof (dka)),
204 : .h_denom.hash = h_cs->hash,
205 223 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
206 223 : .duration_withdraw = GNUNET_TIME_relative_hton (duration)
207 : };
208 :
209 223 : GNUNET_CRYPTO_hash (section_name,
210 223 : strlen (section_name) + 1,
211 : &dka.h_section_name);
212 223 : GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
213 : &dka,
214 : &secm_sig->eddsa_signature);
215 :
216 223 : }
217 :
218 :
219 : enum GNUNET_GenericReturnValue
220 706 : TALER_exchange_secmod_cs_verify (
221 : const struct TALER_CsPubHashP *h_cs,
222 : const char *section_name,
223 : struct GNUNET_TIME_Timestamp start_sign,
224 : struct GNUNET_TIME_Relative duration,
225 : const struct TALER_SecurityModulePublicKeyP *secm_pub,
226 : const struct TALER_SecurityModuleSignatureP *secm_sig)
227 : {
228 706 : struct TALER_DenominationKeyAnnouncementPS dka = {
229 706 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
230 706 : .purpose.size = htonl (sizeof (dka)),
231 : .h_denom.hash = h_cs->hash,
232 706 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
233 706 : .duration_withdraw = GNUNET_TIME_relative_hton (duration)
234 : };
235 :
236 706 : GNUNET_CRYPTO_hash (section_name,
237 706 : strlen (section_name) + 1,
238 : &dka.h_section_name);
239 : return
240 706 : GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY,
241 : &dka,
242 : &secm_sig->eddsa_signature,
243 : &secm_pub->eddsa_pub);
244 : }
245 :
246 :
247 : /* end of secmod_signatures.c */
|
