[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] 13/37: secmod cs signatures implementation
From: |
gnunet |
Subject: |
[taler-exchange] 13/37: secmod cs signatures implementation |
Date: |
Fri, 04 Feb 2022 16:53:43 +0100 |
This is an automated email from the git hooks/post-receive script.
gian-demarmels pushed a commit to branch master
in repository exchange.
commit f239b01be196f5ce64fdd9f0a6f42a11077c33c6
Author: Gian Demarmels <gian@demarmels.org>
AuthorDate: Sat Jan 1 12:41:49 2022 +0100
secmod cs signatures implementation
---
src/include/taler_crypto_lib.h | 55 +++++++++++++++++++++++++++++++++++++++
src/include/taler_signatures.h | 7 ++++-
src/util/secmod_signatures.c | 59 ++++++++++++++++++++++++++++++++++++++++--
3 files changed, 118 insertions(+), 3 deletions(-)
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index bf82b8f0..ff145cc4 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -408,6 +408,20 @@ struct TALER_WireSalt
};
+/**
+ * Hash used to represent an CS public key. Does not include age
+ * restrictions and is ONLY for CS. Used ONLY for interactions with the CS
+ * security module.
+ */
+struct TALER_CsPubHashP
+{
+ /**
+ * Actual hash value.
+ */
+ struct GNUNET_HashCode hash;
+};
+
+
/**
* Hash used to represent an RSA public key. Does not include age
* restrictions and is ONLY for RSA. Used ONLY for interactions with the RSA
@@ -2448,6 +2462,47 @@ TALER_exchange_secmod_rsa_verify (
const struct TALER_SecurityModuleSignatureP *secm_sig);
+/**
+ * Create security module denomination signature.
+ *
+ * @param h_cs hash of the CS public key to sign
+ * @param section_name name of the section in the configuration
+ * @param start_sign starting point of validity for signing
+ * @param duration how long will the key be in use
+ * @param secm_priv security module key to sign with
+ * @param[out] secm_sig where to write the signature
+ */
+void
+TALER_exchange_secmod_cs_sign (
+ const struct TALER_CsPubHashP *h_cs,
+ const char *section_name,
+ struct GNUNET_TIME_Timestamp start_sign,
+ struct GNUNET_TIME_Relative duration,
+ const struct TALER_SecurityModulePrivateKeyP *secm_priv,
+ struct TALER_SecurityModuleSignatureP *secm_sig);
+
+
+/**
+ * Verify security module denomination signature.
+ *
+ * @param h_cs hash of the public key to validate
+ * @param section_name name of the section in the configuration
+ * @param start_sign starting point of validity for signing
+ * @param duration how long will the key be in use
+ * @param secm_pub public key to verify against
+ * @param secm_sig the signature the signature
+ * @return #GNUNET_OK if the signature is valid
+ */
+enum GNUNET_GenericReturnValue
+TALER_exchange_secmod_cs_verify (
+ const struct TALER_CsPubHashP *h_cs,
+ const char *section_name,
+ struct GNUNET_TIME_Timestamp start_sign,
+ struct GNUNET_TIME_Relative duration,
+ const struct TALER_SecurityModulePublicKeyP *secm_pub,
+ const struct TALER_SecurityModuleSignatureP *secm_sig);
+
+
/**
* Create denomination key validity signature by the auditor.
*
diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h
index 3ad1121c..3c31a4b6 100644
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@@ -287,6 +287,11 @@
*/
#define TALER_SIGNATURE_SM_SIGNING_KEY 1251
+/**
+ * Signature on a denomination key announcement.
+ */
+#define TALER_SIGNATURE_SM_CS_DENOMINATION_KEY 1252
+
/*******************/
/* Test signatures */
/*******************/
@@ -341,7 +346,7 @@ struct TALER_DenominationKeyAnnouncementPS
/**
* Hash of the denomination public key.
*/
- struct TALER_RsaPubHashP h_rsa;
+ struct TALER_DenominationHash h_denom;
/**
* Hash of the section name in the configuration of this denomination.
diff --git a/src/util/secmod_signatures.c b/src/util/secmod_signatures.c
index 9cb15bcf..8e629ebb 100644
--- a/src/util/secmod_signatures.c
+++ b/src/util/secmod_signatures.c
@@ -81,7 +81,7 @@ TALER_exchange_secmod_rsa_sign (
struct TALER_DenominationKeyAnnouncementPS dka = {
.purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
.purpose.size = htonl (sizeof (dka)),
- .h_rsa = *h_rsa,
+ .h_denom.hash = h_rsa->hash,
.anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
.duration_withdraw = GNUNET_TIME_relative_hton (duration)
};
@@ -108,7 +108,7 @@ TALER_exchange_secmod_rsa_verify (
struct TALER_DenominationKeyAnnouncementPS dka = {
.purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
.purpose.size = htonl (sizeof (dka)),
- .h_rsa = *h_rsa,
+ .h_denom.hash = h_rsa->hash,
.anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
.duration_withdraw = GNUNET_TIME_relative_hton (duration)
};
@@ -124,4 +124,59 @@ TALER_exchange_secmod_rsa_verify (
}
+void
+TALER_exchange_secmod_cs_sign (
+ const struct TALER_CsPubHashP *h_cs,
+ const char *section_name,
+ struct GNUNET_TIME_Timestamp start_sign,
+ struct GNUNET_TIME_Relative duration,
+ const struct TALER_SecurityModulePrivateKeyP *secm_priv,
+ struct TALER_SecurityModuleSignatureP *secm_sig)
+{
+ struct TALER_DenominationKeyAnnouncementPS dka = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
+ .purpose.size = htonl (sizeof (dka)),
+ .h_denom.hash = h_cs->hash,
+ .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
+ .duration_withdraw = GNUNET_TIME_relative_hton (duration)
+ };
+
+ GNUNET_CRYPTO_hash (section_name,
+ strlen (section_name) + 1,
+ &dka.h_section_name);
+ GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
+ &dka,
+ &secm_sig->eddsa_signature);
+
+}
+
+
+enum GNUNET_GenericReturnValue
+TALER_exchange_secmod_cs_verify (
+ const struct TALER_CsPubHashP *h_cs,
+ const char *section_name,
+ struct GNUNET_TIME_Timestamp start_sign,
+ struct GNUNET_TIME_Relative duration,
+ const struct TALER_SecurityModulePublicKeyP *secm_pub,
+ const struct TALER_SecurityModuleSignatureP *secm_sig)
+{
+ struct TALER_DenominationKeyAnnouncementPS dka = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
+ .purpose.size = htonl (sizeof (dka)),
+ .h_denom.hash = h_cs->hash,
+ .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
+ .duration_withdraw = GNUNET_TIME_relative_hton (duration)
+ };
+
+ GNUNET_CRYPTO_hash (section_name,
+ strlen (section_name) + 1,
+ &dka.h_section_name);
+ return
+ GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY,
+ &dka,
+ &secm_sig->eddsa_signature,
+ &secm_pub->eddsa_pub);
+}
+
+
/* end of secmod_signatures.c */
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-exchange] 03/37: added CS get R functionality and planchet setup, (continued)
- [taler-exchange] 03/37: added CS get R functionality and planchet setup, gnunet, 2022/02/04
- [taler-exchange] 01/37: added CS data structures, implemented CS keypair, gnunet, 2022/02/04
- [taler-exchange] 04/37: implemented planchet_prepare for CS, gnunet, 2022/02/04
- [taler-exchange] 05/37: sign_blinded implementation, gnunet, 2022/02/04
- [taler-exchange] 09/37: utility functions, gnunet, 2022/02/04
- [taler-exchange] 02/37: CS planchet create and withdraw create, gnunet, 2022/02/04
- [taler-exchange] 12/37: fix const due to changes in TALER_planchet_prepare, gnunet, 2022/02/04
- [taler-exchange] 18/37: implement TALER_CRYPTO_helper_cs_r_derive and related tests, gnunet, 2022/02/04
- [taler-exchange] 06/37: add sign and verify implementation, gnunet, 2022/02/04
- [taler-exchange] 07/37: implement exchange_api_csr, gnunet, 2022/02/04
- [taler-exchange] 13/37: secmod cs signatures implementation,
gnunet <=
- [taler-exchange] 11/37: clean up cs implementation, gnunet, 2022/02/04
- [taler-exchange] 16/37: revocation, gnunet, 2022/02/04
- [taler-exchange] 17/37: implement secmod cs derive R, gnunet, 2022/02/04
- [taler-exchange] 08/37: fixed CS signatures and cleanup/refactoring, gnunet, 2022/02/04
- [taler-exchange] 14/37: initial cs_secmod implementation, gnunet, 2022/02/04
- [taler-exchange] 15/37: setup_key for cs secmod helper, gnunet, 2022/02/04
- [taler-exchange] 34/37: include denom_pub into coin_ev_hash, gnunet, 2022/02/04
- [taler-exchange] 36/37: denomination CIPHER field per denom, gnunet, 2022/02/04
- [taler-exchange] 21/37: secmod CS sign implementation, gnunet, 2022/02/04
- [taler-exchange] 22/37: cleanup, gnunet, 2022/02/04