diff options
| author | Christian Grothoff <christian@grothoff.org> | 2015-01-26 12:22:26 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2015-01-26 12:22:26 +0100 |
| commit | ae917eeee0a3100538cf71972a0cadcc80098d80 (patch) | |
| tree | b974e974b53cc258aa24adc448c1df4cbc0d9e49 /src/mint | |
| parent | d4506f8a041385f7695b04b1ddfacb894d05da5c (diff) | |
| download | exchange-ae917eeee0a3100538cf71972a0cadcc80098d80.tar.gz exchange-ae917eeee0a3100538cf71972a0cadcc80098d80.tar.bz2 exchange-ae917eeee0a3100538cf71972a0cadcc80098d80.zip | |
intermediary commit, breaking the build by starting to move towards variable-size GNUnet signatures instead of fixed-size signatures; much broken now
Diffstat (limited to 'src/mint')
| -rw-r--r-- | src/mint/mint.h | 58 | ||||
| -rw-r--r-- | src/mint/mint_common.c | 18 | ||||
| -rw-r--r-- | src/mint/mint_db.c | 114 | ||||
| -rw-r--r-- | src/mint/mint_db.h | 56 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd.c | 1 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_db.c | 191 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_db.h | 15 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_deposit.c | 1 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_keys.c | 31 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_keys.h | 10 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_parsing.c | 68 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_parsing.h | 27 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_refresh.c | 99 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_responses.c | 22 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_responses.h | 2 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_withdraw.c | 62 | ||||
| -rw-r--r-- | src/mint/taler-mint-keyup.c | 27 | ||||
| -rw-r--r-- | src/mint/test_mint_common.c | 26 |
18 files changed, 557 insertions, 271 deletions
diff --git a/src/mint/mint.h b/src/mint/mint.h index 39dda7d5f..1dc179340 100644 --- a/src/mint/mint.h +++ b/src/mint/mint.h @@ -29,7 +29,6 @@ #include <gnunet/gnunet_common.h> #include <libpq-fe.h> #include "taler_util.h" -#include "taler_rsa.h" #include "taler_signatures.h" #define DIR_SIGNKEYS "signkeys" @@ -55,7 +54,7 @@ struct TALER_MINT_DenomKeyIssuePriv * The private key of the denomination. Will be NULL if the private key is * not available. */ - struct TALER_RSA_PrivateKey *denom_priv; + struct GNUNET_CRYPTO_rsa_PrivateKey *denom_priv; struct TALER_MINT_DenomKeyIssue issue; }; @@ -75,26 +74,43 @@ struct TALER_CoinPublicInfo /* * The public key signifying the coin's denomination. */ - struct TALER_RSA_PublicKeyBinaryEncoded denom_pub; + struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub; /** * Signature over coin_pub by denom_pub. */ - struct TALER_RSA_Signature denom_sig; + struct GNUNET_CRYPTO_rsa_Signature *denom_sig; }; +/** + * Information we keep for a withdrawn coin to reproduce + * the /withdraw operation if needed, and to have proof + * that a reserve was drained by this amount. + */ +struct CollectableBlindcoin +{ + /** + * Our signature over the (blinded) coin. + */ + struct GNUNET_CRYPTO_rsa_Signature *sig; + /** + * Denomination key (which coin was generated). + */ + struct GNUNET_CRYPOT_rsa_PublicKey *denom_pub; - -struct CollectableBlindcoin -{ - struct TALER_RSA_BlindedSignaturePurpose ev; - struct TALER_RSA_Signature ev_sig; - struct TALER_RSA_PublicKeyBinaryEncoded denom_pub; + /** + * Public key of the reserve that was drained. + */ struct GNUNET_CRYPTO_EddsaPublicKey reserve_pub; + + /** + * Signature confirming the withdrawl, matching @e reserve_pub, + * @e denom_pub and @e h_blind. + */ struct GNUNET_CRYPTO_EddsaSignature reserve_sig; }; @@ -127,7 +143,7 @@ struct RefreshCommitLink struct LinkData { struct GNUNET_CRYPTO_EcdsaPrivateKey coin_priv; - struct TALER_RSA_BlindingKeyBinaryEncoded bkey_enc; + struct GNUNET_CRYPTO_rsa_BlindingKey *bkey_enc; }; @@ -149,7 +165,17 @@ GNUNET_NETWORK_STRUCT_END struct RefreshCommitCoin { struct GNUNET_CRYPTO_EddsaPublicKey session_pub; - struct TALER_RSA_BlindedSignaturePurpose coin_ev; + + /** + * Blinded message to be signed (in envelope). + */ + char *coin_ev; + + /** + * Number of bytes in @e coin_ev. + */ + size_t coin_ev_size; + uint16_t cnc_index; uint16_t newcoin_index; char link_enc[sizeof (struct LinkData)]; @@ -177,17 +203,17 @@ struct Deposit /* FIXME: should be TALER_CoinPublicInfo */ struct GNUNET_CRYPTO_EddsaPublicKey coin_pub; - struct TALER_RSA_PublicKeyBinaryEncoded denom_pub; + struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub; - struct TALER_RSA_Signature coin_sig; + struct GNUNET_CRYPTO_rsa_Signature *coin_sig; - struct TALER_RSA_Signature ubsig; + struct GNUNET_CRYPTO_rsa_Signature *ubsig; // ??? /** * Type of the deposit (also purpose of the signature). Either * #TALER_SIGNATURE_DEPOSIT or #TALER_SIGNATURE_INCREMENTAL_DEPOSIT. */ - struct TALER_RSA_SignaturePurpose purpose; + // struct TALER_RSA_SignaturePurpose purpose; // FIXME: bad type! uint64_t transaction_id; diff --git a/src/mint/mint_common.c b/src/mint/mint_common.c index 734085e7b..bb55f30c4 100644 --- a/src/mint/mint_common.c +++ b/src/mint/mint_common.c @@ -93,7 +93,7 @@ TALER_MINT_read_denom_key (const char *filename, uint64_t size; size_t offset; void *data; - struct TALER_RSA_PrivateKey *priv; + struct GNUNET_CRYPTO_rsa_PrivateKey *priv; int ret; ret = GNUNET_SYSERR; @@ -115,7 +115,8 @@ TALER_MINT_read_denom_key (const char *filename, data, size)) goto cleanup; - if (NULL == (priv = TALER_RSA_decode_key (data + offset, size - offset))) + if (NULL == (priv = GNUNET_CRYPTO_rsa_private_key_decode (data + offset, + size - offset))) goto cleanup; dki->denom_priv = priv; memcpy (&dki->issue.signature, data, offset); @@ -138,22 +139,22 @@ int TALER_MINT_write_denom_key (const char *filename, const struct TALER_MINT_DenomKeyIssuePriv *dki) { - struct TALER_RSA_PrivateKeyBinaryEncoded *priv_enc; + char *priv_enc; + size_t priv_enc_size; struct GNUNET_DISK_FileHandle *fh; ssize_t wrote; size_t wsize; int ret; fh = NULL; - priv_enc = NULL; + priv_enc_size = GNUNET_CRYPTO_rsa_private_key_encode (dki->denom_priv, + &priv_enc); ret = GNUNET_SYSERR; if (NULL == (fh = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE | GNUNET_DISK_OPEN_TRUNCATE, GNUNET_DISK_PERM_USER_READ | GNUNET_DISK_PERM_USER_WRITE))) goto cleanup; - if (NULL == (priv_enc = TALER_RSA_encode_key (dki->denom_priv))) - goto cleanup; wsize = sizeof (struct TALER_MINT_DenomKeyIssuePriv) - offsetof (struct TALER_MINT_DenomKeyIssuePriv, issue.signature); if (GNUNET_SYSERR == (wrote = GNUNET_DISK_file_write (fh, @@ -162,12 +163,11 @@ TALER_MINT_write_denom_key (const char *filename, goto cleanup; if (wrote != wsize) goto cleanup; - wsize = ntohs (priv_enc->len); if (GNUNET_SYSERR == (wrote = GNUNET_DISK_file_write (fh, priv_enc, - wsize))) + priv_enc_size))) goto cleanup; - if (wrote != wsize) + if (wrote != priv_enc_size) goto cleanup; ret = GNUNET_OK; cleanup: diff --git a/src/mint/mint_db.c b/src/mint/mint_db.c index 6ce60fc45..60ad14493 100644 --- a/src/mint/mint_db.c +++ b/src/mint/mint_db.c @@ -54,25 +54,44 @@ static char *TALER_MINT_db_connection_cfg_str; if (cond) { GNUNET_break (0); goto EXITIF_exit; } \ } while (0) + +/** + * Locate the response for a /withdraw request under the + * key of the hash of the blinded message. + * + * @param db_conn database connection to use + * @param h_blind hash of the blinded message + * @param collectable corresponding collectable coin (blind signature) + * if a coin is found + * @return #GNUNET_SYSERR on internal error + * #GNUNET_NO if the collectable was not found + * #GNUNET_YES on success + */ int TALER_MINT_DB_get_collectable_blindcoin (PGconn *db_conn, - struct TALER_RSA_BlindedSignaturePurpose *blind_ev, + const struct GNUNET_HashCode *h_blind, struct CollectableBlindcoin *collectable) { PGresult *result; struct TALER_DB_QueryParam params[] = { - TALER_DB_QUERY_PARAM_PTR (blind_ev), + TALER_DB_QUERY_PARAM_PTR (h_blind), TALER_DB_QUERY_PARAM_END }; - result = TALER_DB_exec_prepared (db_conn, "get_collectable_blindcoins", params); + char *sig_buf; + size_t sig_buf_size; + + result = TALER_DB_exec_prepared (db_conn, + "get_collectable_blindcoins", + params); if (PGRES_TUPLES_OK != PQresultStatus (result)) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Query failed: %s\n", PQresultErrorMessage (result)); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Query failed: %s\n", + PQresultErrorMessage (result)); PQclear (result); return GNUNET_SYSERR; } - if (0 == PQntuples (result)) { PQclear (result); @@ -80,7 +99,7 @@ TALER_MINT_DB_get_collectable_blindcoin (PGconn *db_conn, } struct TALER_DB_ResultSpec rs[] = { - TALER_DB_RESULT_SPEC("blind_ev_sig", &collectable->ev_sig), + TALER_DB_RESULT_SPEC_VAR("blind_sig", &sig_buf, &sig_buf_size), TALER_DB_RESULT_SPEC("denom_pub", &collectable->denom_pub), TALER_DB_RESULT_SPEC("reserve_sig", &collectable->reserve_sig), TALER_DB_RESULT_SPEC("reserve_pub", &collectable->reserve_pub), @@ -93,43 +112,66 @@ TALER_MINT_DB_get_collectable_blindcoin (PGconn *db_conn, PQclear (result); return GNUNET_SYSERR; } - (void) memcpy (&collectable->ev, blind_ev, sizeof (struct TALER_RSA_BlindedSignaturePurpose)); PQclear (result); return GNUNET_OK; } +/** + * Store collectable bit coin under the corresponding + * hash of the blinded message. + * + * @param db_conn database connection to use + * @param h_blind hash of the blinded message + * @param collectable corresponding collectable coin (blind signature) + * if a coin is found + * @return #GNUNET_SYSERR on internal error + * #GNUNET_NO if the collectable was not found + * #GNUNET_YES on success + */ int TALER_MINT_DB_insert_collectable_blindcoin (PGconn *db_conn, + const struct GNUNET_HashCode *h_blind, const struct CollectableBlindcoin *collectable) { PGresult *result; - struct TALER_DB_QueryParam params[] = { - TALER_DB_QUERY_PARAM_PTR (&collectable->ev), - TALER_DB_QUERY_PARAM_PTR (&collectable->ev_sig), - TALER_DB_QUERY_PARAM_PTR (&collectable->denom_pub), - TALER_DB_QUERY_PARAM_PTR (&collectable->reserve_pub), - TALER_DB_QUERY_PARAM_PTR (&collectable->reserve_sig), - TALER_DB_QUERY_PARAM_END - }; - result = TALER_DB_exec_prepared (db_conn, "insert_collectable_blindcoins", params); + char *sig_buf; + size_t sig_buf_size; + + sig_buf_size = GNUNET_CRYPTO_rsa_signature_encode (collectable->sig, + &sig_buf); + { + struct TALER_DB_QueryParam params[] = { + TALER_DB_QUERY_PARAM_PTR (&h_blind), + TALER_DB_QUERY_PARAM_PTR_SIZED (sig_buf, sig_buf_size), + TALER_DB_QUERY_PARAM_PTR (&collectable->denom_pub), + TALER_DB_QUERY_PARAM_PTR (&collectable->reserve_pub), + TALER_DB_QUERY_PARAM_PTR (&collectable->reserve_sig), + TALER_DB_QUERY_PARAM_END + }; - if (PGRES_COMMAND_OK != PQresultStatus (result)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Query failed: %s\n", PQresultErrorMessage (result)); - PQclear (result); - return GNUNET_SYSERR; - } + result = TALER_DB_exec_prepared (db_conn, + "insert_collectable_blindcoins", + params); + if (PGRES_COMMAND_OK != PQresultStatus (result)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Query failed: %s\n", + PQresultErrorMessage (result)); + PQclear (result); + return GNUNET_SYSERR; + } - if (0 != strcmp ("1", PQcmdTuples (result))) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Insert failed (updated '%s' tupes instead of '1')\n", - PQcmdTuples (result)); + if (0 != strcmp ("1", PQcmdTuples (result))) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Insert failed (updated '%s' tupes instead of '1')\n", + PQcmdTuples (result)); + PQclear (result); + return GNUNET_SYSERR; + } PQclear (result); - return GNUNET_SYSERR; } - - PQclear (result); return GNUNET_OK; } @@ -730,7 +772,7 @@ int TALER_MINT_DB_insert_refresh_order (PGconn *db_conn, uint16_t newcoin_index, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, - const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub) + const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub) { uint16_t newcoin_index_nbo = htons (newcoin_index); struct TALER_DB_QueryParam params[] = { @@ -1267,7 +1309,7 @@ int TALER_MINT_DB_get_refresh_order (PGconn *db_conn, uint16_t newcoin_index, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, - struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub) + struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub) { uint16_t newcoin_index_nbo = htons (newcoin_index); @@ -1315,7 +1357,7 @@ int TALER_MINT_DB_insert_refresh_collectable (PGconn *db_conn, uint16_t newcoin_index, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, - const struct TALER_RSA_Signature *ev_sig) + const struct GNUNET_CRYPTO_rsa_Signature *ev_sig) { uint16_t newcoin_index_nbo = htons (newcoin_index); struct TALER_DB_QueryParam params[] = { @@ -1343,7 +1385,7 @@ int TALER_MINT_DB_get_refresh_collectable (PGconn *db_conn, uint16_t newcoin_index, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, - struct TALER_RSA_Signature *ev_sig) + struct GNUNET_CRYPTO_rsa_Signature *ev_sig) { uint16_t newcoin_index_nbo = htons (newcoin_index); @@ -1394,7 +1436,7 @@ TALER_MINT_DB_insert_refresh_melt (PGconn *db_conn, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, uint16_t oldcoin_index, const struct GNUNET_CRYPTO_EcdsaPublicKey *coin_pub, - const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub) + const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub) { uint16_t oldcoin_index_nbo = htons (oldcoin_index); struct TALER_DB_QueryParam params[] = { @@ -1499,8 +1541,8 @@ TALER_db_get_link (PGconn *db_conn, for (i = 0; i < PQntuples (result); i++) { struct LinkDataEnc link_data_enc; - struct TALER_RSA_PublicKeyBinaryEncoded denom_pub; - struct TALER_RSA_Signature ev_sig; + struct GNUNET_CRYPTO_rsa__PublicKey *denom_pub; + struct GNUNET_CRYPTO_rsa_Signature *sig; struct TALER_DB_ResultSpec rs[] = { TALER_DB_RESULT_SPEC("link_vector_enc", &link_data_enc), TALER_DB_RESULT_SPEC("denom_pub", &denom_pub), diff --git a/src/mint/mint_db.h b/src/mint/mint_db.h index 7998a01cf..01ad1a6ed 100644 --- a/src/mint/mint_db.h +++ b/src/mint/mint_db.h @@ -27,7 +27,6 @@ #include <microhttpd.h> #include <gnunet/gnunet_util_lib.h> #include "taler_util.h" -#include "taler_rsa.h" #include "taler-mint-httpd_db.h" #include "mint.h" @@ -35,13 +34,40 @@ int TALER_MINT_DB_prepare (PGconn *db_conn); + +/** + * Locate the response for a /withdraw request under the + * key of the hash of the blinded message. + * + * @param db_conn database connection to use + * @param h_blind hash of the blinded message + * @param collectable corresponding collectable coin (blind signature) + * if a coin is found + * @return #GNUNET_SYSERR on internal error + * #GNUNET_NO if the collectable was not found + * #GNUNET_YES on success + */ int TALER_MINT_DB_get_collectable_blindcoin (PGconn *db_conn, - struct TALER_RSA_BlindedSignaturePurpose *blind_ev, + const struct GNUNET_HashCode *h_blind, struct CollectableBlindcoin *collectable); + +/** + * Store collectable bit coin under the corresponding + * hash of the blinded message. + * + * @param db_conn database connection to use + * @param h_blind hash of the blinded message + * @param collectable corresponding collectable coin (blind signature) + * if a coin is found + * @return #GNUNET_SYSERR on internal error + * #GNUNET_NO if the collectable was not found + * #GNUNET_YES on success + */ int TALER_MINT_DB_insert_collectable_blindcoin (PGconn *db_conn, + const struct GNUNET_HashCode *h_blind, const struct CollectableBlindcoin *collectable); @@ -62,6 +88,15 @@ TALER_MINT_DB_get_reserve (PGconn *db_conn, const struct GNUNET_CRYPTO_EddsaPublicKey *reserve_pub, struct Reserve *reserve_res); + +/** + * Update information about a reserve. + * + * @param db_conn + * @param reserve current reserve status + * @param fresh FIXME + * @return #GNUNET_OK on success + */ int TALER_MINT_DB_update_reserve (PGconn *db_conn, const struct Reserve *reserve, @@ -72,7 +107,7 @@ int TALER_MINT_DB_insert_refresh_order (PGconn *db_conn, uint16_t newcoin_index, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, - const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub); + const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub); int TALER_MINT_DB_get_refresh_session (PGconn *db_conn, @@ -123,19 +158,22 @@ int TALER_MINT_DB_get_refresh_order (PGconn *db_conn, uint16_t newcoin_index, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, - struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub); + struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub); int TALER_MINT_DB_insert_refresh_collectable (PGconn *db_conn, uint16_t newcoin_index, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, - const struct TALER_RSA_Signature *ev_sig); + const struct GNUNET_CRYPTO_rsa_Signature *ev_sig); + int TALER_MINT_DB_get_refresh_collectable (PGconn *db_conn, uint16_t newcoin_index, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, - struct TALER_RSA_Signature *ev_sig); + struct GNUNET_CRYPTO_rsa_Signature *ev_sig); + + int TALER_MINT_DB_set_reveal_ok (PGconn *db_conn, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub); @@ -145,7 +183,7 @@ TALER_MINT_DB_insert_refresh_melt (PGconn *db_conn, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, uint16_t oldcoin_index, const struct GNUNET_CRYPTO_EcdsaPublicKey *coin_pub, - const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub); + const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub); int @@ -158,8 +196,8 @@ TALER_MINT_DB_get_refresh_melt (PGconn *db_conn, typedef int (*LinkIterator) (void *cls, const struct LinkDataEnc *link_data_enc, - const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub, - const struct TALER_RSA_Signature *ev_sig); + const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub, + const struct GNUNET_CRYPTO_rsa_Signature *ev_sig); int TALER_db_get_link (PGconn *db_conn, diff --git a/src/mint/taler-mint-httpd.c b/src/mint/taler-mint-httpd.c index 9dc03cdea..ffd97a1ad 100644 --- a/src/mint/taler-mint-httpd.c +++ b/src/mint/taler-mint-httpd.c @@ -29,7 +29,6 @@ #include <pthread.h> #include "mint.h" #include "taler_signatures.h" -#include "taler_rsa.h" #include "taler_json_lib.h" #include "taler-mint-httpd_parsing.h" #include "taler-mint-httpd_mhd.h" diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c index 369e88967..78946f50f 100644 --- a/src/mint/taler-mint-httpd_db.c +++ b/src/mint/taler-mint-httpd_db.c @@ -83,9 +83,9 @@ TALER_MINT_db_execute_deposit (struct MHD_Connection *connection, if (GNUNET_SYSERR == res) { - GNUNET_break (0); + GNUNET_break (0); /* FIXME: return error message to client via MHD! */ - return MHD_NO; + return MHD_NO; } { @@ -221,56 +221,65 @@ TALER_MINT_db_execute_withdraw_status (struct MHD_Connection *connection, * Execute a /withdraw/sign. * * @param connection the MHD connection to handle - * @param wsrd_ro details about the withdraw request + * @param reserve public key of the reserve + * @param denomination_pub public key of the denomination requested + * @param blinded_msg blinded message to be signed + * @param blinded_msg_len number of bytes in @a blinded_msg + * @param signature signature over the withdraw request, to be stored in DB * @return MHD result code */ int TALER_MINT_db_execute_withdraw_sign (struct MHD_Connection *connection, - const struct TALER_WithdrawRequest *wsrd_ro) + const struct GNUNET_CRYPTO_EddsaPublicKey *reserve, + const struct GNUNET_CRYPTO_rsa_PublicKey *denomination_pub, + const char *blinded_msg, + size_t blinded_msg_len, + const struct GNUNET_CRYPTO_EddsaSignature *signature) { PGconn *db_conn; - struct Reserve reserve; + struct Reserve db_reserve; struct MintKeyState *key_state; struct CollectableBlindcoin collectable; struct TALER_MINT_DenomKeyIssuePriv *dki; - struct TALER_RSA_Signature ev_sig; + struct GNUNET_CRYPTO_rsa_Signature *sig; struct TALER_Amount amount_required; - /* FIXME: the fact that we do this here is a sign that we - need to have different versions of this struct for - the different places it is used! */ - struct TALER_WithdrawRequest wsrd = *wsrd_ro; + struct GNUNET_HashCode h_blind; int res; + GNUNET_CRYPTO_hash (blinded_msg, + blinded_msg_len, + &h_blind); + if (NULL == (db_conn = TALER_MINT_DB_get_connection ())) { GNUNET_break (0); return TALER_MINT_reply_internal_db_error (connection); } - - res = TALER_MINT_DB_get_collectable_blindcoin (db_conn, - &wsrd.coin_envelope, + &h_blind, &collectable); if (GNUNET_SYSERR == res) { - // FIXME: return 'internal error' GNUNET_break (0); - return MHD_NO; + return TALER_MINT_reply_internal_db_error (connection); } /* Don't sign again if we have already signed the coin */ if (GNUNET_YES == res) - return TALER_MINT_reply_withdraw_sign_success (connection, - &collectable); + { + res = TALER_MINT_reply_withdraw_sign_success (connection, + &collectable); + GNUNET_CRYPTO_rsa_signature_free (collectable.sig); + return res; + } GNUNET_assert (GNUNET_NO == res); res = TALER_MINT_DB_get_reserve (db_conn, - &wsrd.reserve_pub, - &reserve); + reserve, + &db_reserve); if (GNUNET_SYSERR == res) { - // FIXME: return 'internal error' GNUNET_break (0); - return MHD_NO; + return TALER_MINT_reply_internal_db_error (connection); } if (GNUNET_NO == res) return TALER_MINT_reply_json_pack (connection, @@ -279,26 +288,9 @@ TALER_MINT_db_execute_withdraw_sign (struct MHD_Connection *connection, "error", "Reserve not found"); - // fill out all the missing info in the request before - // we can check the signature on the request - - wsrd.purpose.purpose = htonl (TALER_SIGNATURE_WITHDRAW); - wsrd.purpose.size = htonl (sizeof (struct TALER_WithdrawRequest) - - offsetof (struct TALER_WithdrawRequest, purpose)); - - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WITHDRAW, - &wsrd.purpose, - &wsrd.sig, - &wsrd.reserve_pub)) - return TALER_MINT_reply_json_pack (connection, - MHD_HTTP_UNAUTHORIZED, - "{s:s}", - "error", "Invalid Signature"); - key_state = TALER_MINT_key_state_acquire (); dki = TALER_MINT_get_denom_key (key_state, - &wsrd.denomination_pub); + denomination_pub); TALER_MINT_key_state_release (key_state); if (NULL == dki) return TALER_MINT_reply_json_pack (connection, @@ -307,52 +299,54 @@ TALER_MINT_db_execute_withdraw_sign (struct MHD_Connection *connection, "error", "Denomination not found"); - amount_required = TALER_amount_ntoh (dki->issue.value); - amount_required = TALER_amount_add (amount_required, + amount_required = TALER_amount_add (TALER_amount_ntoh (dki->issue.value), TALER_amount_ntoh (dki->issue.fee_withdraw)); - if (0 < TALER_amount_cmp (amount_required, - TALER_amount_ntoh (reserve.balance))) + TALER_amount_ntoh (db_reserve.balance))) return TALER_MINT_reply_json_pack (connection, MHD_HTTP_PAYMENT_REQUIRED, "{s:s}", "error", "Insufficient funds"); - if (GNUNET_OK != - TALER_RSA_sign (dki->denom_priv, - &wsrd.coin_envelope, - sizeof (struct TALER_RSA_BlindedSignaturePurpose), - &ev_sig)) + + db_reserve.balance = TALER_amount_hton + (TALER_amount_subtract (TALER_amount_ntoh (db_reserve.balance), + amount_required)); + + sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv, + blinded_msg, + blinded_msg_len); + if (NULL == sig) { - // FIXME: return 'internal error' GNUNET_break (0); - return MHD_NO; + return TALER_MINT_reply_internal_error (connection, + "Internal error"); } - reserve.balance = TALER_amount_hton (TALER_amount_subtract (TALER_amount_ntoh (reserve.balance), - amount_required)); + /* transaction start */ if (GNUNET_OK != TALER_MINT_DB_update_reserve (db_conn, - &reserve, + &db_reserve, GNUNET_YES)) { - // FIXME: return 'internal error' GNUNET_break (0); - return MHD_NO; + return TALER_MINT_reply_internal_db_error (connection); } - collectable.ev = wsrd.coin_envelope; - collectable.ev_sig = ev_sig; + collectable.sig = sig; collectable.reserve_pub = wsrd.reserve_pub; collectable.reserve_sig = wsrd.sig; if (GNUNET_OK != TALER_MINT_DB_insert_collectable_blindcoin (db_conn, + &h_blind, &collectable)) { - // FIXME: return 'internal error' GNUNET_break (0); - return GNUNET_NO;; + GNUNET_CRYPTO_rsa_signature_free (sig); + return TALER_MINT_reply_internal_db_error (connection); } + /* transaction end */ + GNUNET_CRYPTO_rsa_signature_free (sig); return TALER_MINT_reply_withdraw_sign_success (connection, &collectable); } @@ -378,7 +372,7 @@ refresh_accept_denoms (struct MHD_Connection *connection, const struct MintKeyState *key_state, const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, unsigned int denom_pubs_count, - const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pubs, + const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pubs, struct TALER_Amount *r_amount) { unsigned int i; @@ -554,7 +548,7 @@ int TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub, unsigned int num_new_denoms, - const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pubs, + const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pubs, unsigned int coin_count, const struct TALER_CoinPublicInfo *coin_public_infos) { @@ -821,10 +815,10 @@ helper_refresh_reveal_send_response (struct MHD_Connection *connection, { int res; unsigned int newcoin_index; - struct TALER_RSA_Signature *sigs; + struct GNUNET_CRYPTO_rsa_Signature **sigs; sigs = GNUNET_malloc (refresh_session->num_newcoins * - sizeof (struct TALER_RSA_Signature)); + sizeof (struct GNUNET_CRYPTO_rsa_Signature *)); for (newcoin_index = 0; newcoin_index < refresh_session->num_newcoins; newcoin_index++) { res = TALER_MINT_DB_get_refresh_collectable (db_conn, @@ -984,10 +978,12 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, { struct RefreshCommitCoin commit_coin; struct LinkData link_data; - struct TALER_RSA_BlindedSignaturePurpose *coin_ev_check; + // struct BlindedSignaturePurpose *coin_ev_check; struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub; - struct TALER_RSA_BlindingKey *bkey; - struct TALER_RSA_PublicKeyBinaryEncoded denom_pub; + struct GNUNET_CRYPTO_rsa_BlindingKey *bkey; + struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub; + char *buf; + size_t buf_len; bkey = NULL; res = TALER_MINT_DB_get_refresh_commit_coin (db_conn, @@ -1011,7 +1007,8 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, } GNUNET_CRYPTO_ecdsa_key_get_public (&link_data.coin_priv, &coin_pub); - if (NULL == (bkey = TALER_RSA_blinding_key_decode (&link_data.bkey_enc))) + if (NULL == (bkey = GNUNET_CRYPTO_rsa_blinding_key_decode (link_data.bkey_enc, + link_data.bkey_enc_size))) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Invalid blinding key\n"); // FIXME: return error code! @@ -1024,26 +1021,31 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, // FIXME: return error code! return MHD_NO; } - if (NULL == (coin_ev_check = - TALER_RSA_message_blind (&coin_pub, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), + if (NULL == (buf_len = + GNUNET_CRYPTO_rsa_blind (&h_msg, bkey, - &denom_pub))) + denom_pub, + &buf))) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "blind failed\n"); // FIXME: return error code! return MHD_NO; } - if (0 != memcmp (&coin_ev_check, - &commit_coin.coin_ev, - sizeof (struct TALER_RSA_BlindedSignaturePurpose))) + if ( (buf_len != commit_coin.coin_ev_size) || + (0 != memcmp (buf, + commit_coin.coin_ev, + buf_len)) ) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "blind envelope does not match for kappa=%d, old=%d\n", + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "blind envelope does not match for kappa=%d, old=%d\n", (int) (i+off), (int) j); // FIXME: return error code! + GNUNET_free (buf); return MHD_NO; } + GNUNET_free (buf); + } } @@ -1058,9 +1060,9 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, for (j = 0; j < refresh_session.num_newcoins; j++) { struct RefreshCommitCoin commit_coin; - struct TALER_RSA_PublicKeyBinaryEncoded denom_pub; + struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub; struct TALER_MINT_DenomKeyIssuePriv *dki; - struct TALER_RSA_Signature ev_sig; + struct GNUNET_CRYPTO_rsa_Signature *ev_sig; res = TALER_MINT_DB_get_refresh_commit_coin (db_conn, refresh_session_pub, @@ -1091,11 +1093,10 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, // FIXME: return error code! return MHD_NO; } - if (GNUNET_OK != - TALER_RSA_sign (dki->denom_priv, - &commit_coin.coin_ev, - sizeof (struct TALER_RSA_BlindedSignaturePurpose), - &ev_sig)) + ev_sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv, + commit_coin.coin_ev, + commit_coin.coin_ev_len); + if (NULL == ev_sig) { GNUNET_break (0); // FIXME: return error code! @@ -1144,25 +1145,33 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, static int link_iter (void *cls, const struct LinkDataEnc *link_data_enc, - const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub, - const struct TALER_RSA_Signature *ev_sig) + const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub, + const struct GNUNET_CRYPTO_rsa_Signature *ev_sig) { json_t *list = cls; json_t *obj = json_object (); + char *buf; + size_t buf_len; + json_array_append_new (list, obj); json_object_set_new (obj, "link_enc", - TALER_JSON_from_data (link_data_enc, - sizeof (struct LinkDataEnc))); + TALER_JSON_from_data (link_data_enc, + sizeof (struct LinkDataEnc))); + buf_len = GNUNET_CRYPTO_rsa_public_key_encode (denom_pub, + &buf); json_object_set_new (obj, "denom_pub", - TALER_JSON_from_data (denom_pub, - sizeof (struct TALER_RSA_PublicKeyBinaryEncoded))); - + TALER_JSON_from_data (buf, + buf_len)); + GNUNET_free (buf); + buf_len = GNUNET_CRYPTO_rsa_signature_encode (ev_sig, + &buf); json_object_set_new (obj, "ev_sig", - TALER_JSON_from_data (ev_sig, - sizeof (struct TALER_RSA_Signature))); + TALER_JSON_from_data (buf, + buf_len)); + GNUNET_free (buf_len); return GNUNET_OK; } diff --git a/src/mint/taler-mint-httpd_db.h b/src/mint/taler-mint-httpd_db.h index 2a03812aa..dd82cbcb1 100644 --- a/src/mint/taler-mint-httpd_db.h +++ b/src/mint/taler-mint-httpd_db.h @@ -25,7 +25,6 @@ #include <microhttpd.h> #include <gnunet/gnunet_util_lib.h> #include "taler_util.h" -#include "taler_rsa.h" #include "taler-mint-httpd_keys.h" #include "mint.h" @@ -62,12 +61,20 @@ TALER_MINT_db_execute_withdraw_status (struct MHD_Connection *connection, * Execute a /withdraw/sign. * * @param connection the MHD connection to handle - * @param wsrd details about the withdraw request + * @param reserve public key of the reserve + * @param denomination_pub public key of the denomination requested + * @param blinded_msg blinded message to be signed + * @param blinded_msg_len number of bytes in @a blinded_msg + * @param signature signature over the withdraw request, to be stored in DB * @return MHD result code */ int TALER_MINT_db_execute_withdraw_sign (struct MHD_Connection *connection, - const struct TALER_WithdrawRequest *wsrd); + const struct GNUNET_CRYPTO_EddsaPublicKey *reserve, + const struct GNUNET_CRYPTO_rsa_PublicKey *denomination_pub, + const char *blinded_msg, + size_t blinded_msg_len, + const struct GNUNET_CRYPTO_EddsaSignature *signature); @@ -86,7 +93,7 @@ int TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub, unsigned int num_new_denoms, - const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pubs, + const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pubs, unsigned int coin_count, const struct TALER_CoinPublicInfo *coin_public_infos); diff --git a/src/mint/taler-mint-httpd_deposit.c b/src/mint/taler-mint-httpd_deposit.c index c4f4718e3..6eeb3bff1 100644 --- a/src/mint/taler-mint-httpd_deposit.c +++ b/src/mint/taler-mint-httpd_deposit.c @@ -36,7 +36,6 @@ #include "mint.h" #include "mint_db.h" #include "taler_signatures.h" -#include "taler_rsa.h" #include "taler_json_lib.h" #include "taler-mint-httpd_parsing.h" #include "taler-mint-httpd_keys.h" diff --git a/src/mint/taler-mint-httpd_keys.c b/src/mint/taler-mint-httpd_keys.c index aa1e2c6e6..24851575a 100644 --- a/src/mint/taler-mint-httpd_keys.c +++ b/src/mint/taler-mint-httpd_keys.c @@ -32,7 +32,6 @@ #include <pthread.h> #include "mint.h" #include "taler_signatures.h" -#include "taler_rsa.h" #include "taler_json_lib.h" #include "taler-mint-httpd_parsing.h" #include "taler-mint-httpd_keys.h" @@ -66,14 +65,23 @@ static int reload_pipe[2]; static json_t * denom_key_issue_to_json (const struct TALER_MINT_DenomKeyIssue *dki) { + char *buf; + size_t buf_len; json_t *dk_json = json_object (); + json_object_set_new (dk_json, "master_sig", TALER_JSON_from_data (&dki->signature, sizeof (struct GNUNET_CRYPTO_EddsaSignature))); json_object_set_new (dk_json, "stamp_start", TALER_JSON_from_abs (GNUNET_TIME_absolute_ntoh (dki->start))); json_object_set_new (dk_json, "stamp_expire_withdraw", TALER_JSON_from_abs (GNUNET_TIME_absolute_ntoh (dki->expire_withdraw))); json_object_set_new (dk_json, "stamp_expire_deposit", TALER_JSON_from_abs (GNUNET_TIME_absolute_ntoh (dki->expire_spend))); + + + buf_len = GNUNET_CRYPTO_rsa_public_key_encode (dki->denom_pub, + &buf); json_object_set_new (dk_json, "denom_pub", - TALER_JSON_from_data (&dki->denom_pub, sizeof (struct TALER_RSA_PublicKeyBinaryEncoded))); + TALER_JSON_from_data (buf, + buf_len)); + GNUNET_free (buf); json_object_set_new (dk_json, "value", TALER_JSON_from_amount (TALER_amount_ntoh (dki->value))); json_object_set_new (dk_json, @@ -341,14 +349,19 @@ TALER_MINT_key_state_acquire (void) */ struct TALER_MINT_DenomKeyIssuePriv * TALER_MINT_get_denom_key (const struct MintKeyState *key_state, - const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub) + const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub) { struct TALER_MINT_DenomKeyIssuePriv *issue; struct GNUNET_HashCode hash; + char *buf; + size_t buf_len; - GNUNET_CRYPTO_hash (denom_pub, - sizeof (struct TALER_RSA_PublicKeyBinaryEncoded), + buf_len = GNUNET_CRYPTO_rsa_public_key_encode (denom_pub, + *buf); + GNUNET_CRYPTO_hash (buf, + buf_len, &hash); + GNUNET_free (buf); issue = GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map, &hash); return issue; } @@ -373,10 +386,10 @@ TALER_MINT_test_coin_valid (const struct MintKeyState *key_state, dki = TALER_MINT_get_denom_key (key_state, &coin_public_info->denom_pub); if (NULL == dki) return GNUNET_NO; - if (GNUNET_OK != TALER_RSA_verify (&coin_public_info->coin_pub, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), - &coin_public_info->denom_sig, - &dki->issue.denom_pub)) + if (GNUNET_OK != + GNUNET_CRYPTO_rsa_verify (&c_hash, + coin_public_info->denom_sig, + dki->issue.denom_pub)) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "coin signature is invalid\n"); diff --git a/src/mint/taler-mint-httpd_keys.h b/src/mint/taler-mint-httpd_keys.h index cef0ac950..596350345 100644 --- a/src/mint/taler-mint-httpd_keys.h +++ b/src/mint/taler-mint-httpd_keys.h @@ -107,7 +107,7 @@ TALER_MINT_key_state_acquire (void); */ struct TALER_MINT_DenomKeyIssuePriv * TALER_MINT_get_denom_key (const struct MintKeyState *key_state, - const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub); + const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub); /** @@ -116,9 +116,9 @@ TALER_MINT_get_denom_key (const struct MintKeyState *key_state, * * @param key_state the key state to use for checking the coin's validity * @param coin_public_info the coin public info to check for validity - * @return GNUNET_YES if the coin is valid, - * GNUNET_NO if it is invalid - * GNUNET_SYSERROR if an internal error occured + * @return #GNUNET_YES if the coin is valid, + * #GNUNET_NO if it is invalid + * #GNUNET_SYSERROR if an internal error occured */ int TALER_MINT_test_coin_valid (const struct MintKeyState *key_state, @@ -129,7 +129,7 @@ TALER_MINT_test_coin_valid (const struct MintKeyState *key_state, * Read signals from a pipe in a loop, and reload keys from disk if * SIGUSR1 is read from the pipe. * - * @return GNUNET_OK if we terminated normally, GNUNET_SYSERR on error + * @return #GNUNET_OK if we terminated normally, #GNUNET_SYSERR on error */ int TALER_MINT_key_reload_loop (void); diff --git a/src/mint/taler-mint-httpd_parsing.c b/src/mint/taler-mint-httpd_parsing.c index 56744c6b0..c4e28bba7 100644 --- a/src/mint/taler-mint-httpd_parsing.c +++ b/src/mint/taler-mint-httpd_parsing.c @@ -553,22 +553,29 @@ TALER_MINT_parse_json_data (struct MHD_Connection *connection, { unsigned int i; int ret; + void *ptr; ret = GNUNET_YES; for (i=0; NULL != spec[i].field_name; i++) { if (0 == spec[i].destination_size_in) + { + ptr = NULL; parse_variable_json_data (connection, root, spec[i].field_name, - (void **) spec[i].destination, + &ptr, &spec[i].destination_size_out, &ret); + spec[i].destination = ptr; + } else + { parse_fixed_json_data (connection, root, spec[i].field_name, spec[i].destination, spec[i].destination_size_in, &ret); + } } if (GNUNET_YES != ret) TALER_MINT_release_parsed_data (spec); @@ -641,4 +648,63 @@ TALER_MINT_mhd_request_arg_data (struct MHD_Connection *connection, return GNUNET_OK; } + +/** + * Extraxt variable-size base32crockford encoded data from request. + * + * Queues an error response to the connection if the parameter is missing + * or the encoding is invalid. + * + * @param connection the MHD connection + * @param param_name the name of the parameter with the key + * @param[out] out_data pointer to allocate buffer and store the result + * @param[out] out_size set to the size of the buffer allocated in @a out_data + * @return + * #GNUNET_YES if the the argument is present + * #GNUNET_NO if the argument is absent or malformed + * #GNUNET_SYSERR on internal error (error response could not be sent) + */ +int +TALER_MINT_mhd_request_var_arg_data (struct MHD_Connection *connection, + const char *param_name, + void **out_data, + size_t *out_size) +{ + const char *str; + size_t slen; + size_t olen; + void *out; + + str = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + param_name); + if (NULL == str) + { + return (MHD_NO == + TALER_MINT_reply_arg_missing (connection, param_name)) + ? GNUNET_SYSERR : GNUNET_NO; + } + slen = strlen (str); + olen = (slen * 5) / 8; + out = GNUNET_malloc (olen); + if (GNUNET_OK != + GNUNET_STRINGS_string_to_data (str, + strlen (str), + out, + olen)) + { + GNUNET_free (out); + *out_size = 0; + return (MHD_NO == + TALER_MINT_reply_arg_invalid (connection, param_name)) + ? GNUNET_SYSERR : GNUNET_NO; + } + *out_data = out; + *out_size = olen; + return GNUNET_OK; + +} + + + /* end of taler-mint-httpd_parsing.c */ diff --git a/src/mint/taler-mint-httpd_parsing.h b/src/mint/taler-mint-httpd_parsing.h index 59c31f595..5f5f35dfc 100644 --- a/src/mint/taler-mint-httpd_parsing.h +++ b/src/mint/taler-mint-httpd_parsing.h @@ -209,9 +209,8 @@ TALER_MINT_release_parsed_data (struct GNUNET_MINT_ParseFieldSpec *spec); * Generate line in parser specification for variable-size value. * * @param field name of the field - * @param value where to store the value */ -#define TALER_MINT_PARSE_VARIABLE(field,value) { field, &value, 0, 0 } +#define TALER_MINT_PARSE_VARIABLE(field) { field, NULL, 0, 0 } /** * Generate line in parser specification indicating the end of the spec. @@ -220,7 +219,7 @@ TALER_MINT_release_parsed_data (struct GNUNET_MINT_ParseFieldSpec *spec); /** - * Extraxt base32crockford encoded data from request. + * Extraxt fixed-size base32crockford encoded data from request. * * Queues an error response to the connection if the parameter is missing or * invalid. @@ -241,6 +240,28 @@ TALER_MINT_mhd_request_arg_data (struct MHD_Connection *connection, size_t out_size); +/** + * Extraxt variable-size base32crockford encoded data from request. + * + * Queues an error response to the connection if the parameter is missing + * or the encoding is invalid. + * + * @param connection the MHD connection + * @param param_name the name of the parameter with the key + * @param[out] out_data pointer to allocate buffer and store the result + * @param[out] out_size set to the size of the buffer allocated in @a out_data + * @return + * #GNUNET_YES if the the argument is present + * #GNUNET_NO if the argument is absent or malformed + * #GNUNET_SYSERR on internal error (error response could not be sent) + */ +int +TALER_MINT_mhd_request_var_arg_data (struct MHD_Connection *connection, + const char *param_name, + void **out_data, + size_t *out_size); + + #endif /* TALER_MICROHTTPD_LIB_H_ */ diff --git a/src/mint/taler-mint-httpd_refresh.c b/src/mint/taler-mint-httpd_refresh.c index 69ba87c29..40737ae31 100644 --- a/src/mint/taler-mint-httpd_refresh.c +++ b/src/mint/taler-mint-httpd_refresh.c @@ -34,7 +34,6 @@ #include "mint.h" #include "mint_db.h" #include "taler_signatures.h" -#include "taler_rsa.h" #include "taler_json_lib.h" #include "taler-mint-httpd_parsing.h" #include "taler-mint-httpd_keys.h" @@ -94,7 +93,7 @@ check_confirm_signature (struct MHD_Connection *connection, * @param connection the connection to send error responses to * @param root the JSON object to extract the coin info from * @return #GNUNET_YES if coin public info in JSON was valid - * #GNUNET_NO otherwise + * #GNUNET_NO JSON was invalid, response was generated * #GNUNET_SYSERR on internal error */ static int @@ -103,33 +102,38 @@ request_json_require_coin_public_info (struct MHD_Connection *connection, struct TALER_CoinPublicInfo *r_public_info) { int ret; - - GNUNET_assert (NULL != root); - - ret = GNUNET_MINT_parse_navigate_json (connection, root, - JNAV_FIELD, "coin_pub", - JNAV_RET_DATA, - &r_public_info->coin_pub, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - if (GNUNET_OK != ret) - return ret; - - ret = GNUNET_MINT_parse_navigate_json (connection, root, - JNAV_FIELD, "denom_sig", - JNAV_RET_DATA, - &r_public_info->denom_sig, - sizeof (struct TALER_RSA_Signature)); - if (GNUNET_OK != ret) - return ret; - - ret = GNUNET_MINT_parse_navigate_json (connection, root, - JNAV_FIELD, "denom_pub", - JNAV_RET_DATA, - &r_public_info->denom_pub, - sizeof (struct TALER_RSA_PublicKeyBinaryEncoded)); + struct GNUNET_CRYPTO_rsa_Signature *sig; + struct GNUNET_CRYPTO_rsa_PublicKey *pk; + struct GNUNET_MINT_ParseFieldSpec spec[] = + { + TALER_MINT_PARSE_FIXED("coin_pub", &r_public_info->coin_pub), + TALER_MINT_PARSE_VARIABLE("denom_sig"), + TALER_MINT_PARSE_VARIABLE("denom_pub"), + TALER_MINT_PARSE_END + }; + + ret = TALER_MINT_parse_json_data (connection, + root, + spec); if (GNUNET_OK != ret) return ret; - + sig = GNUNET_CRYPTO_rsa_signature_decode (spec[1].destination, + spec[1].destination_size_out); + pk = GNUNET_CRYPTO_rsa_public_key_decode (spec[2].destination, + spec[2].destination_size_out); + TALER_MINT_release_parsed_data (spec); + if ( (NULL == pk) || + (NULL == sig) ) + { + if (NULL != sig) + GNUNET_CRYPTO_rsa_signature_free (sig); + if (NULL != pk) + GNUNET_CRYPTO_rsa_public_key_free (pk); + // FIXME: send error reply... + return GNUNET_NO; + } + r_public_info->denom_sig = sig; + r_public_info->denom_pub = pk; return GNUNET_OK; } @@ -247,7 +251,7 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, json_t *new_denoms; unsigned int num_new_denoms; unsigned int i; - struct TALER_RSA_PublicKeyBinaryEncoded *denom_pubs; + struct GNUNET_CRYPTO_rsa_PublicKey *denom_pubs; json_t *melt_coins; struct TALER_CoinPublicInfo *coin_public_infos; unsigned int coin_count; @@ -256,6 +260,8 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, struct MintKeyState *key_state; struct RefreshMeltSignatureBody body; json_t *melt_sig_json; + char *buf; + size_t buf_size; res = TALER_MINT_parse_post_json (connection, connection_cls, @@ -291,23 +297,31 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, return res; num_new_denoms = json_array_size (new_denoms); denom_pubs = GNUNET_malloc (num_new_denoms * - sizeof (struct TALER_RSA_PublicKeyBinaryEncoded)); + sizeof (struct GNUNET_CRYPTO_rsa_PublicKey *)); for (i=0;i<num_new_denoms;i++) { res = GNUNET_MINT_parse_navigate_json (connection, root, JNAV_FIELD, "new_denoms", JNAV_INDEX, (int) i, - JNAV_RET_DATA, - &denom_pubs[i], - sizeof (struct TALER_RSA_PublicKeyBinaryEncoded)); - + JNAV_RET_DATA_VAR, + &buf, + &buf_size); if (GNUNET_OK != res) { GNUNET_free (denom_pubs); /* FIXME: proper cleanup! */ return res; } + denom_pubs[i] = GNUNET_CRYPTO_rsa_public_key_decode (buf, buf_size); + GNUNET_free (buf); + if (NULL == denom_pubs[i]) + { + GNUNET_free (denom_pubs); + /* FIXME: proper cleanup! */ + /* FIXME: generate error reply */ + return GNUNET_SYSERR; + } } res = GNUNET_MINT_parse_navigate_json (connection, root, @@ -377,9 +391,14 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, /* check that signature from the session public key is ok */ hash_context = GNUNET_CRYPTO_hash_context_start (); for (i = 0; i < num_new_denoms; i++) + { + buf_size = GNUNET_CRYPTO_rsa_public_key_encode (denom_pubs[i], + &buf); GNUNET_CRYPTO_hash_context_read (hash_context, - &denom_pubs[i], - sizeof (struct TALER_RSA_PublicKeyBinaryEncoded)); + buf, + buf_size); + GNUNET_free (buf); + } for (i = 0; i < coin_count; i++) GNUNET_CRYPTO_hash_context_read (hash_context, &coin_public_infos[i].coin_pub, @@ -526,9 +545,9 @@ TALER_MINT_handler_refresh_commit (struct RequestHandler *rh, JNAV_FIELD, "coin_evs", JNAV_INDEX, (int) i, JNAV_INDEX, (int) j, - JNAV_RET_DATA, - commit_coin[i][j].coin_ev, - sizeof (struct TALER_RSA_BlindedSignaturePurpose)); + JNAV_RET_DATA_VAR, + &commit_coin[i][j].coin_ev, + &commit_coin[i][j].coin_ev_size); if (GNUNET_OK != res) { @@ -539,8 +558,8 @@ TALER_MINT_handler_refresh_commit (struct RequestHandler *rh, } GNUNET_CRYPTO_hash_context_read (hash_context, - &commit_coin[i][j].coin_ev, - sizeof (struct TALER_RSA_BlindedSignaturePurpose)); + commit_coin[i][j].coin_ev, + commit_coin[i][j].coin_ev_size); res = GNUNET_MINT_parse_navigate_json (connection, root, JNAV_FIELD, "link_encs", diff --git a/src/mint/taler-mint-httpd_responses.c b/src/mint/taler-mint-httpd_responses.c index 75342cd2d..92bde3c70 100644 --- a/src/mint/taler-mint-httpd_responses.c +++ b/src/mint/taler-mint-httpd_responses.c @@ -295,10 +295,15 @@ TALER_MINT_reply_withdraw_sign_success (struct MHD_Connection *connection, const struct CollectableBlindcoin *collectable) { json_t *root = json_object (); + size_t sig_buf_size; + char *sig_buf; + sig_buf_size = GNUNET_CRYPTO_rsa_signature_encode (collectable->sig, + &sig_buf); json_object_set_new (root, "ev_sig", - TALER_JSON_from_data (&collectable->ev_sig, - sizeof (struct TALER_RSA_Signature))); + TALER_JSON_from_data (sig_buf, + sig_buf_size)); + GNUNET_free (sig_buf); return TALER_MINT_reply_json (connection, root, MHD_HTTP_OK); @@ -388,19 +393,26 @@ TALER_MINT_reply_refresh_commit_success (struct MHD_Connection *connection, int TALER_MINT_reply_refresh_reveal_success (struct MHD_Connection *connection, unsigned int num_newcoins, - const struct TALER_RSA_Signature *sigs) + const struct GNUNET_CRYPTO_rsa_Signature *sigs) { int newcoin_index; json_t *root; json_t *list; + char *buf; + size_t buf_size; root = json_object (); list = json_array (); json_object_set_new (root, "ev_sigs", list); for (newcoin_index = 0; newcoin_index < num_newcoins; newcoin_index++) + { + buf_size = GNUNET_CRYPTO_rsa_signature_encode (&sigs[newcoin_index], + &buf); json_array_append_new (list, - TALER_JSON_from_data (&sigs[newcoin_index], - sizeof (struct TALER_RSA_Signature))); + TALER_JSON_from_data (buf, + buf_size)); + GNUNET_free (buf); + } return TALER_MINT_reply_json (connection, root, MHD_HTTP_OK); diff --git a/src/mint/taler-mint-httpd_responses.h b/src/mint/taler-mint-httpd_responses.h index 11e916f16..f92101ff7 100644 --- a/src/mint/taler-mint-httpd_responses.h +++ b/src/mint/taler-mint-httpd_responses.h @@ -209,7 +209,7 @@ TALER_MINT_reply_refresh_melt_success (struct MHD_Connection *connection, int TALER_MINT_reply_refresh_reveal_success (struct MHD_Connection *connection, unsigned int num_newcoins, - const struct TALER_RSA_Signature *sigs); + const struct GNUNET_CRYPTO_rsa_Signature *sigs); diff --git a/src/mint/taler-mint-httpd_withdraw.c b/src/mint/taler-mint-httpd_withdraw.c index 5259c7fbf..1cf410910 100644 --- a/src/mint/taler-mint-httpd_withdraw.c +++ b/src/mint/taler-mint-httpd_withdraw.c @@ -32,7 +32,6 @@ #include "mint.h" #include "mint_db.h" #include "taler_signatures.h" -#include "taler_rsa.h" #include "taler_json_lib.h" #include "taler-mint-httpd_parsing.h" #include "taler-mint-httpd_keys.h" @@ -94,6 +93,12 @@ TALER_MINT_handler_withdraw_sign (struct RequestHandler *rh, { struct TALER_WithdrawRequest wsrd; int res; + const struct GNUNET_CRYPTO_rsa_PublicKey *denomination_pub; + char *denomination_pub_data; + size_t denomination_pub_data_size; + char *blinded_msg; + size_t blinded_msg_len; + const struct GNUNET_CRYPTO_EddsaSignature signature; res = TALER_MINT_mhd_request_arg_data (connection, "reserve_pub", @@ -105,33 +110,66 @@ TALER_MINT_handler_withdraw_sign (struct RequestHandler *rh, return MHD_YES; /* invalid request */ /* FIXME: handle variable-size signing keys! */ - res = TALER_MINT_mhd_request_arg_data (connection, - "denom_pub", - &wsrd.denomination_pub, - sizeof (struct TALER_RSA_PublicKeyBinaryEncoded)); + res = TALER_MINT_mhd_request_var_arg_data (connection, + "denom_pub", + &denomination_pub_data, + &denomination_pub_data_size); if (GNUNET_SYSERR == res) return MHD_NO; /* internal error */ if (GNUNET_NO == res) return MHD_YES; /* invalid request */ - res = TALER_MINT_mhd_request_arg_data (connection, - "coin_ev", - &wsrd.coin_envelope, - sizeof (struct TALER_RSA_Signature)); + res = TALER_MINT_mhd_request_var_arg_data (connection, + "coin_ev", + &blinded_msg, + &blinded_msg_len); if (GNUNET_SYSERR == res) return MHD_NO; /* internal error */ if (GNUNET_NO == res) return MHD_YES; /* invalid request */ res = TALER_MINT_mhd_request_arg_data (connection, "reserve_sig", - &wsrd.sig, + &signature, sizeof (struct GNUNET_CRYPTO_EddsaSignature)); if (GNUNET_SYSERR == res) return MHD_NO; /* internal error */ if (GNUNET_NO == res) return MHD_YES; /* invalid request */ - return TALER_MINT_db_execute_withdraw_sign (connection, - &wsrd); + /* verify signature! */ + wsrd.purpose.size = htonl (sizeof (struct TALER_WithdrawRequest)); + wsrd.purpose.type = htonl (TALER_SIGNATURE_WITHDRAW); + GNUNET_CRYPTO_hash (denomination_pub_data, + denomination_pub_data_size, + &wsrd.h_denomination_pub); + GNUNET_CRYPTO_hash (blinded_msg, + blinded_msg_len, + &wsrd.h_coin_envelope); + if (GNUNET_OK != + GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WITHDRAW, + &wsrd.purpose, + &signature, + &wsrd.reserve_pub)) + { + return 42; // FIXME: generate error reply + } + denomination_pub = GNUNET_CRYPTO_rsa_private_key_decode (denomination_pub_data, + denomination_pub_data_size); + if (NULL == denomination_pub) + { + GNUNET_free (denomination_pub_data); + GNUNET_free (blinded_msg); + return 42; // FIXME: generate error reply + } + res = TALER_MINT_db_execute_withdraw_sign (connection, + &wsrd.reserve_pub, + denomination_pub, + blinded_msg, + blinded_msg_len, + &signature); + GNUNET_free (denomination_pub_data); + GNUNET_free (blinded_msg); + GNUNET_CRYPTO_rsa_public_key_free (denomination_pub); + return res; } /* end of taler-mint-httpd_withdraw.c */ diff --git a/src/mint/taler-mint-keyup.c b/src/mint/taler-mint-keyup.c index 263618ade..c2a326566 100644 --- a/src/mint/taler-mint-keyup.c +++ b/src/mint/taler-mint-keyup.c @@ -105,7 +105,7 @@ static struct GNUNET_CRYPTO_EddsaPublicKey *master_pub; static struct GNUNET_TIME_Absolute lookahead_sign_stamp; -int +static int config_get_denom (const char *section, const char *option, struct TALER_Amount *denom) { char *str; @@ -117,7 +117,7 @@ config_get_denom (const char *section, const char *option, struct TALER_Amount * } -char * +static char * get_signkey_dir () { char *dir; @@ -128,7 +128,7 @@ get_signkey_dir () } -char * +static char * get_signkey_file (struct GNUNET_TIME_Absolute start) { char *dir; @@ -140,13 +140,12 @@ get_signkey_file (struct GNUNET_TIME_Absolute start) } - /** * Hash the data defining the coin type. * Exclude information that may not be the same for all * instances of the coin type (i.e. the anchor, overlap). */ -void +static void hash_coin_type (const struct CoinTypeParams *p, struct GNUNET_HashCode *hash) { struct CoinTypeNBO p_nbo; @@ -254,7 +253,7 @@ get_anchor_iter (void *cls, * @param overlap what's the overlap between the keys validity period? * @param[out] anchor the timestamp where the first new key should be generated */ -void +static void get_anchor (const char *dir, struct GNUNET_TIME_Relative duration, struct GNUNET_TIME_Relative overlap, @@ -291,6 +290,7 @@ get_anchor (const char *dir, // anchor is now the stamp where we need to create a new key } + static void create_signkey_issue_priv (struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration, @@ -327,7 +327,7 @@ check_signkey_valid (const char *signkey_filename) } -int +static int mint_keys_update_signkeys () { struct GNUNET_TIME_Relative signkey_duration; @@ -377,7 +377,7 @@ mint_keys_update_signkeys () } -int +static int get_cointype_params (const char *ct, struct CoinTypeParams *params) { const char *dir; @@ -434,8 +434,8 @@ static void create_denomkey_issue (struct CoinTypeParams *params, struct TALER_MINT_DenomKeyIssuePriv *dki) { - GNUNET_assert (NULL != (dki->denom_priv = TALER_RSA_key_create ())); - TALER_RSA_key_get_public (dki->denom_priv, &dki->issue.denom_pub); + GNUNET_assert (NULL != (dki->denom_priv = GNUNET_CRYPTO_rsa_private_key_create ())); + dki->issue.denom_pub = GNUNET_CRYPTO_rsa_private_key_get_get_public (dki->denom_priv); dki->issue.master = *master_pub; dki->issue.start = GNUNET_TIME_absolute_hton (params->anchor); dki->issue.expire_withdraw = @@ -470,7 +470,7 @@ check_cointype_valid (const char *filename, struct CoinTypeParams *params) } -int +static int mint_keys_update_cointype (const char *coin_alias) { struct CoinTypeParams p; @@ -496,7 +496,7 @@ mint_keys_update_cointype (const char *coin_alias) printf ("Target path: %s\n", dkf); create_denomkey_issue (&p, &denomkey_issue); ret = TALER_MINT_write_denom_key (dkf, &denomkey_issue); - TALER_RSA_key_free (denomkey_issue.denom_priv); + GNUNET_CRYPTO_rsa_private_key_free (denomkey_issue.denom_priv); if (GNUNET_OK != ret) { fprintf (stderr, "Can't write to file '%s'\n", dkf); @@ -514,7 +514,7 @@ mint_keys_update_cointype (const char *coin_alias) } -int +static int mint_keys_update_denomkeys () { char *coin_types; @@ -659,4 +659,3 @@ main (int argc, char *const *argv) return 1; return 0; } - diff --git a/src/mint/test_mint_common.c b/src/mint/test_mint_common.c index d4bbb6c46..7946f4f1a 100644 --- a/src/mint/test_mint_common.c +++ b/src/mint/test_mint_common.c @@ -22,7 +22,6 @@ #include "platform.h" #include "gnunet/gnunet_util_lib.h" -#include "taler_rsa.h" #include "mint.h" #define EXITIF(cond) \ @@ -34,9 +33,11 @@ int main (int argc, const char *const argv[]) { struct TALER_MINT_DenomKeyIssuePriv dki; - struct TALER_RSA_PrivateKeyBinaryEncoded *enc; + char *enc; + size_t enc_size; struct TALER_MINT_DenomKeyIssuePriv dki_read; - struct TALER_RSA_PrivateKeyBinaryEncoded *enc_read; + char *enc_read; + size_t enc_read_size; char *tmpfile; int ret; @@ -51,20 +52,17 @@ main (int argc, const char *const argv[]) &dki.issue.signature, sizeof (dki) - offsetof (struct TALER_MINT_DenomKeyIssue, signature)); - dki.denom_priv = TALER_RSA_key_create (); - EXITIF (NULL == (enc = TALER_RSA_encode_key (dki.denom_priv))); + dki.denom_priv = GNUNET_CRYPTO_rsa_private_key_create (); + enc_size = GNUNET_CRYPTO_rsa_private_key_encode (dki.denom_priv, &enc); EXITIF (NULL == (tmpfile = GNUNET_DISK_mktemp ("test_mint_common"))); EXITIF (GNUNET_OK != TALER_MINT_write_denom_key (tmpfile, &dki)); EXITIF (GNUNET_OK != TALER_MINT_read_denom_key (tmpfile, &dki_read)); - EXITIF (NULL == (enc_read = TALER_RSA_encode_key (dki_read.denom_priv))); - EXITIF (enc->len != enc_read->len); + enc_read_size = GNUNET_CRYPTO_rsa_privae_key_encode (dki_read.denom_priv, + &enc_read); + EXITIF (enc_size != enc_read_size); EXITIF (0 != memcmp (enc, enc_read, - ntohs(enc->len))); - EXITIF (0 != memcmp (&dki.issue.signature, - &dki_read.issue.signature, - sizeof (dki) - offsetof (struct TALER_MINT_DenomKeyIssue, - signature))); + enc_size)); ret = 0; EXITIF_exit: @@ -76,8 +74,8 @@ main (int argc, const char *const argv[]) } GNUNET_free_non_null (enc_read); if (NULL != dki.denom_priv) - TALER_RSA_key_free (dki.denom_priv); + GNUNET_CRYPTO_rsa_private_key_free (dki.denom_priv); if (NULL != dki_read.denom_priv) - TALER_RSA_key_free (dki_read.denom_priv); + GNUNET_CRYPOT_rsa_private_key_free (dki_read.denom_priv); return ret; } |