Line data Source code
1 : /*
2 : This file is part of TALER
3 : Copyright (C) 2020, 2021 Taler Systems SA
4 :
5 : TALER is free software; you can redistribute it and/or modify it under the
6 : terms of the GNU General Public License as published by the Free Software
7 : Foundation; either version 3, or (at your option) any later version.
8 :
9 : TALER is distributed in the hope that it will be useful, but WITHOUT ANY
10 : WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
11 : A PARTICULAR PURPOSE. See the GNU General Public License for more details.
12 :
13 : You should have received a copy of the GNU General Public License along with
14 : TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
15 : */
16 : /**
17 : * @file secmod_signatures.c
18 : * @brief Utility functions for Taler security module signatures
19 : * @author Christian Grothoff
20 : */
21 : #include "platform.h"
22 : #include "taler_util.h"
23 : #include "taler_signatures.h"
24 :
25 :
26 : /**
27 : * @brief format used by the signing crypto helper when affirming
28 : * that it created an exchange signing key.
29 : */
30 : struct TALER_SigningKeyAnnouncementPS
31 : {
32 :
33 : /**
34 : * Purpose must be #TALER_SIGNATURE_SM_SIGNING_KEY.
35 : * Used with an EdDSA signature of a `struct TALER_SecurityModulePublicKeyP`.
36 : */
37 : struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
38 :
39 : /**
40 : * Public signing key of the exchange this is about.
41 : */
42 : struct TALER_ExchangePublicKeyP exchange_pub;
43 :
44 : /**
45 : * When does the key become available?
46 : */
47 : struct GNUNET_TIME_TimestampNBO anchor_time;
48 :
49 : /**
50 : * How long is the key available after @e anchor_time?
51 : */
52 : struct GNUNET_TIME_RelativeNBO duration;
53 :
54 : };
55 :
56 :
57 : void
58 81 : TALER_exchange_secmod_eddsa_sign (
59 : const struct TALER_ExchangePublicKeyP *exchange_pub,
60 : struct GNUNET_TIME_Timestamp start_sign,
61 : struct GNUNET_TIME_Relative duration,
62 : const struct TALER_SecurityModulePrivateKeyP *secm_priv,
63 : struct TALER_SecurityModuleSignatureP *secm_sig)
64 : {
65 81 : struct TALER_SigningKeyAnnouncementPS ska = {
66 81 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
67 81 : .purpose.size = htonl (sizeof (ska)),
68 : .exchange_pub = *exchange_pub,
69 81 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
70 81 : .duration = GNUNET_TIME_relative_hton (duration)
71 : };
72 :
73 81 : GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
74 : &ska,
75 : &secm_sig->eddsa_signature);
76 81 : }
77 :
78 :
79 : enum GNUNET_GenericReturnValue
80 81 : TALER_exchange_secmod_eddsa_verify (
81 : const struct TALER_ExchangePublicKeyP *exchange_pub,
82 : struct GNUNET_TIME_Timestamp start_sign,
83 : struct GNUNET_TIME_Relative duration,
84 : const struct TALER_SecurityModulePublicKeyP *secm_pub,
85 : const struct TALER_SecurityModuleSignatureP *secm_sig)
86 : {
87 81 : struct TALER_SigningKeyAnnouncementPS ska = {
88 81 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
89 81 : .purpose.size = htonl (sizeof (ska)),
90 : .exchange_pub = *exchange_pub,
91 81 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
92 81 : .duration = GNUNET_TIME_relative_hton (duration)
93 : };
94 :
95 : return
96 81 : GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_SIGNING_KEY,
97 : &ska,
98 : &secm_sig->eddsa_signature,
99 : &secm_pub->eddsa_pub);
100 : }
101 :
102 :
103 : /**
104 : * @brief format used by the denomination crypto helper when affirming
105 : * that it created a denomination key.
106 : */
107 : struct TALER_DenominationKeyAnnouncementPS
108 : {
109 :
110 : /**
111 : * Purpose must be #TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY.
112 : * Used with an EdDSA signature of a `struct TALER_SecurityModulePublicKeyP`.
113 : */
114 : struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
115 :
116 : /**
117 : * Hash of the denomination public key.
118 : */
119 : struct TALER_DenominationHashP h_denom;
120 :
121 : /**
122 : * Hash of the section name in the configuration of this denomination.
123 : */
124 : struct GNUNET_HashCode h_section_name;
125 :
126 : /**
127 : * When does the key become available?
128 : */
129 : struct GNUNET_TIME_TimestampNBO anchor_time;
130 :
131 : /**
132 : * How long is the key available after @e anchor_time?
133 : */
134 : struct GNUNET_TIME_RelativeNBO duration_withdraw;
135 :
136 : };
137 :
138 : void
139 9 : TALER_exchange_secmod_rsa_sign (
140 : const struct TALER_RsaPubHashP *h_rsa,
141 : const char *section_name,
142 : struct GNUNET_TIME_Timestamp start_sign,
143 : struct GNUNET_TIME_Relative duration,
144 : const struct TALER_SecurityModulePrivateKeyP *secm_priv,
145 : struct TALER_SecurityModuleSignatureP *secm_sig)
146 : {
147 9 : struct TALER_DenominationKeyAnnouncementPS dka = {
148 9 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
149 9 : .purpose.size = htonl (sizeof (dka)),
150 : .h_denom.hash = h_rsa->hash,
151 9 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
152 9 : .duration_withdraw = GNUNET_TIME_relative_hton (duration)
153 : };
154 :
155 9 : GNUNET_CRYPTO_hash (section_name,
156 9 : strlen (section_name) + 1,
157 : &dka.h_section_name);
158 9 : GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
159 : &dka,
160 : &secm_sig->eddsa_signature);
161 :
162 9 : }
163 :
164 :
165 : enum GNUNET_GenericReturnValue
166 81 : TALER_exchange_secmod_rsa_verify (
167 : const struct TALER_RsaPubHashP *h_rsa,
168 : const char *section_name,
169 : struct GNUNET_TIME_Timestamp start_sign,
170 : struct GNUNET_TIME_Relative duration,
171 : const struct TALER_SecurityModulePublicKeyP *secm_pub,
172 : const struct TALER_SecurityModuleSignatureP *secm_sig)
173 : {
174 81 : struct TALER_DenominationKeyAnnouncementPS dka = {
175 81 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
176 81 : .purpose.size = htonl (sizeof (dka)),
177 : .h_denom.hash = h_rsa->hash,
178 81 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
179 81 : .duration_withdraw = GNUNET_TIME_relative_hton (duration)
180 : };
181 :
182 81 : GNUNET_CRYPTO_hash (section_name,
183 81 : strlen (section_name) + 1,
184 : &dka.h_section_name);
185 : return
186 81 : GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY,
187 : &dka,
188 : &secm_sig->eddsa_signature,
189 : &secm_pub->eddsa_pub);
190 : }
191 :
192 :
193 : void
194 9 : TALER_exchange_secmod_cs_sign (
195 : const struct TALER_CsPubHashP *h_cs,
196 : const char *section_name,
197 : struct GNUNET_TIME_Timestamp start_sign,
198 : struct GNUNET_TIME_Relative duration,
199 : const struct TALER_SecurityModulePrivateKeyP *secm_priv,
200 : struct TALER_SecurityModuleSignatureP *secm_sig)
201 : {
202 9 : struct TALER_DenominationKeyAnnouncementPS dka = {
203 9 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
204 9 : .purpose.size = htonl (sizeof (dka)),
205 : .h_denom.hash = h_cs->hash,
206 9 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
207 9 : .duration_withdraw = GNUNET_TIME_relative_hton (duration)
208 : };
209 :
210 9 : GNUNET_CRYPTO_hash (section_name,
211 9 : strlen (section_name) + 1,
212 : &dka.h_section_name);
213 9 : GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
214 : &dka,
215 : &secm_sig->eddsa_signature);
216 :
217 9 : }
218 :
219 :
220 : enum GNUNET_GenericReturnValue
221 81 : TALER_exchange_secmod_cs_verify (
222 : const struct TALER_CsPubHashP *h_cs,
223 : const char *section_name,
224 : struct GNUNET_TIME_Timestamp start_sign,
225 : struct GNUNET_TIME_Relative duration,
226 : const struct TALER_SecurityModulePublicKeyP *secm_pub,
227 : const struct TALER_SecurityModuleSignatureP *secm_sig)
228 : {
229 81 : struct TALER_DenominationKeyAnnouncementPS dka = {
230 81 : .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
231 81 : .purpose.size = htonl (sizeof (dka)),
232 : .h_denom.hash = h_cs->hash,
233 81 : .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
234 81 : .duration_withdraw = GNUNET_TIME_relative_hton (duration)
235 : };
236 :
237 81 : GNUNET_CRYPTO_hash (section_name,
238 81 : strlen (section_name) + 1,
239 : &dka.h_section_name);
240 : return
241 81 : GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY,
242 : &dka,
243 : &secm_sig->eddsa_signature,
244 : &secm_pub->eddsa_pub);
245 : }
246 :
247 :
248 : /* end of secmod_signatures.c */
|