new blind signature logic bug fixes

7 files changed, 104 insertions, 21 deletions

diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 82d737004..7ea44189c 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -1352,6 +1352,19 @@ TALER_denom_ewv_rsa_singleton (void);
 
 
 /**
+ * Make a (deep) copy of the given @a bi_src to
+ * @a bi_dst.
+ *
+ * @param[out] bi_dst target to copy to
+ * @param bi_src blinding input values to copy
+ */
+void
+TALER_denom_ewv_deep_copy (
+  struct TALER_ExchangeWithdrawValues *bi_dst,
+  const struct TALER_ExchangeWithdrawValues *bi_src);
+
+
+/**
  * Create private key for a Taler coin.
  * @param ps planchet secret to derive coin priv key
  * @param alg_values includes algorithm specific values
@@ -1421,6 +1434,15 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
 
 
 /**
+ * Free internals of @a ewv, but not @a ewv itself.
+ *
+ * @param[in] ewv input values to free
+ */
+void
+TALER_denom_ewv_free (struct TALER_ExchangeWithdrawValues *ewv);
+
+
+/**
  * Free internals of @a denom_priv, but not @a denom_priv itself.
  *
  * @param[in] denom_priv key to free
diff --git a/src/lib/exchange_api_melt.c b/src/lib/exchange_api_melt.c
index 906772767..24b064476 100644
--- a/src/lib/exchange_api_melt.c
+++ b/src/lib/exchange_api_melt.c
@@ -308,7 +308,13 @@ start_melt (struct TALER_EXCHANGE_MeltHandle *mh)
   struct TALER_ExchangeWithdrawValues alg_values[mh->rd->fresh_pks_len];
 
   for (unsigned int i = 0; i<mh->rd->fresh_pks_len; i++)
-    alg_values[i] = mh->mbds[i].alg_value;
+  {
+    if (GNUNET_CRYPTO_BSA_RSA ==
+        mh->rd->fresh_pks[i].key.bsign_pub_key->cipher)
+      alg_values[i] = *TALER_denom_ewv_rsa_singleton ();
+    else
+      alg_values[i] = mh->mbds[i].alg_value;
+  }
   if (GNUNET_OK !=
       TALER_EXCHANGE_get_melt_data_ (&mh->rms,
                                      mh->rd,
@@ -470,7 +476,8 @@ csr_cb (void *cls,
     case GNUNET_CRYPTO_BSA_RSA:
       break;
     case GNUNET_CRYPTO_BSA_CS:
-      *wv = csrr->details.ok.alg_values[nks_off];
+      TALER_denom_ewv_deep_copy (wv,
+                                 &csrr->details.ok.alg_values[nks_off]);
       nks_off++;
       break;
     }
@@ -528,6 +535,8 @@ TALER_EXCHANGE_melt (
       GNUNET_free (mh);
       return NULL;
     case GNUNET_CRYPTO_BSA_RSA:
+      TALER_denom_ewv_deep_copy (&mh->mbds[i].alg_value,
+                                 TALER_denom_ewv_rsa_singleton ());
       break;
     case GNUNET_CRYPTO_BSA_CS:
       nks[nks_off].pk = fresh_pk;
@@ -568,6 +577,8 @@ TALER_EXCHANGE_melt (
 void
 TALER_EXCHANGE_melt_cancel (struct TALER_EXCHANGE_MeltHandle *mh)
 {
+  for (unsigned int i = 0; i<mh->rd->fresh_pks_len; i++)
+    TALER_denom_ewv_free (&mh->mbds[i].alg_value);
   if (NULL != mh->job)
   {
     GNUNET_CURL_job_cancel (mh->job);
diff --git a/src/lib/exchange_api_refresh_common.c b/src/lib/exchange_api_refresh_common.c
index 2e92807b3..652581d8e 100644
--- a/src/lib/exchange_api_refresh_common.c
+++ b/src/lib/exchange_api_refresh_common.c
@@ -102,6 +102,13 @@ TALER_EXCHANGE_get_melt_data_ (
     TALER_denom_pub_deep_copy (&fcd->fresh_pk,
                                &rd->fresh_pks[j].key);
     GNUNET_assert (NULL != fcd->fresh_pk.bsign_pub_key);
+    if (alg_values[j].blinding_inputs->cipher !=
+        fcd->fresh_pk.bsign_pub_key->cipher)
+    {
+      GNUNET_break (0);
+      TALER_EXCHANGE_free_melt_data_ (md);
+      return GNUNET_SYSERR;
+    }
     switch (fcd->fresh_pk.bsign_pub_key->cipher)
     {
     case GNUNET_CRYPTO_BSA_INVALID:
@@ -111,13 +118,6 @@ TALER_EXCHANGE_get_melt_data_ (
     case GNUNET_CRYPTO_BSA_RSA:
       break;
     case GNUNET_CRYPTO_BSA_CS:
-      if (alg_values[j].blinding_inputs->cipher !=
-          fcd->fresh_pk.bsign_pub_key->cipher)
-      {
-        GNUNET_break (0);
-        TALER_EXCHANGE_free_melt_data_ (md);
-        return GNUNET_SYSERR;
-      }
       uses_cs = true;
       TALER_cs_refresh_nonce_derive (rms,
                                      j,
diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c
index a4ea47763..9161ac3df 100644
--- a/src/lib/exchange_api_refreshes_reveal.c
+++ b/src/lib/exchange_api_refreshes_reveal.c
@@ -420,6 +420,7 @@ TALER_EXCHANGE_refreshes_reveal (
     for (size_t i = 0; i < rd->melt_age_commitment_proof->commitment.num; i++)
     {
       enum GNUNET_GenericReturnValue ret;
+
       ret = json_array_append_new (
         old_age_commitment,
         GNUNET_JSON_from_data_auto (
@@ -470,9 +471,13 @@ TALER_EXCHANGE_refreshes_reveal (
   rrh->reveal_cb_cls = reveal_cb_cls;
   rrh->md = md;
   rrh->alg_values
-    = GNUNET_memdup (alg_values,
-                     md.num_fresh_coins
-                     * sizeof (struct TALER_ExchangeWithdrawValues));
+    = GNUNET_new_array (md.num_fresh_coins,
+                        struct TALER_ExchangeWithdrawValues);
+  for (unsigned int i = 0; i<md.num_fresh_coins; i++)
+  {
+    TALER_denom_ewv_deep_copy (&rrh->alg_values[i],
+                               &alg_values[i]);
+  }
   rrh->url = TALER_url_join (url,
                              arg_str,
                              NULL);
@@ -521,6 +526,8 @@ TALER_EXCHANGE_refreshes_reveal_cancel (
     GNUNET_CURL_job_cancel (rrh->job);
     rrh->job = NULL;
   }
+  for (unsigned int i = 0; i<rrh->md.num_fresh_coins; i++)
+    TALER_denom_ewv_free (&rrh->alg_values[i]);
   GNUNET_free (rrh->alg_values);
   GNUNET_free (rrh->url);
   TALER_curl_easy_post_finished (&rrh->ctx);
diff --git a/src/testing/testing_api_cmd_refresh.c b/src/testing/testing_api_cmd_refresh.c
index ac1a8559e..c5e20f2ad 100644
--- a/src/testing/testing_api_cmd_refresh.c
+++ b/src/testing/testing_api_cmd_refresh.c
@@ -964,10 +964,12 @@ melt_cb (void *cls,
       return;
     }
     GNUNET_free (rms->mbds);
-    rms->mbds = GNUNET_memdup (mr->details.ok.mbds,
-                               mr->details.ok.num_mbds
-                               * sizeof (struct
-                                         TALER_EXCHANGE_MeltBlindingDetail));
+    rms->mbds = GNUNET_new_array (
+      mr->details.ok.num_mbds,
+      struct TALER_EXCHANGE_MeltBlindingDetail);
+    for (unsigned int i = 0; i<mr->details.ok.num_mbds; i++)
+      TALER_denom_ewv_deep_copy (&rms->mbds[i].alg_value,
+                                 &mr->details.ok.mbds[i].alg_value);
   }
   if (0 != rms->total_backoff.rel_value_us)
   {
@@ -1059,7 +1061,6 @@ melt_run (void *cls,
       TALER_TESTING_interpreter_fail (rms->is);
       return;
     }
-
     if (GNUNET_OK !=
         TALER_TESTING_get_trait_age_commitment_proof (coin_command,
                                                       0,
@@ -1079,7 +1080,6 @@ melt_run (void *cls,
       TALER_TESTING_interpreter_fail (rms->is);
       return;
     }
-
     if (GNUNET_OK !=
         TALER_TESTING_get_trait_denom_sig (coin_command,
                                            0,
@@ -1089,7 +1089,6 @@ melt_run (void *cls,
       TALER_TESTING_interpreter_fail (rms->is);
       return;
     }
-
     if (GNUNET_OK !=
         TALER_TESTING_get_trait_denom_pub (coin_command,
                                            0,
@@ -1217,8 +1216,12 @@ melt_cleanup (void *cls,
       TALER_denom_pub_free (&rms->fresh_pks[i].key);
     GNUNET_free (rms->fresh_pks);
   }
-
-  GNUNET_free (rms->mbds);
+  if (NULL != rms->mbds)
+  {
+    for (unsigned int i = 0; i < rms->num_fresh_coins; i++)
+      TALER_denom_ewv_free (&rms->mbds[i].alg_value);
+    GNUNET_free (rms->mbds);
+  }
   GNUNET_free (rms->melt_fresh_amounts);
   GNUNET_free (rms);
 }
diff --git a/src/util/crypto_helper_rsa.c b/src/util/crypto_helper_rsa.c
index 7dd584aaf..58ed5a375 100644
--- a/src/util/crypto_helper_rsa.c
+++ b/src/util/crypto_helper_rsa.c
@@ -776,6 +776,7 @@ more:
                         wpos);
             blind_sig = GNUNET_new (struct GNUNET_CRYPTO_BlindedSignature);
             blind_sig->cipher = GNUNET_CRYPTO_BSA_RSA;
+            blind_sig->rc = 1;
             blind_sig->details.blinded_rsa_signature = rsa_signature;
             bss[wpos].blinded_sig = blind_sig;
             wpos++;
diff --git a/src/util/denom.c b/src/util/denom.c
index 50f191b2a..7d24104b7 100644
--- a/src/util/denom.c
+++ b/src/util/denom.c
@@ -31,6 +31,12 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv,
   enum GNUNET_GenericReturnValue ret;
   va_list ap;
 
+  memset (denom_pub,
+          0,
+          sizeof (*denom_pub));
+  memset (denom_priv,
+          0,
+          sizeof (*denom_priv));
   va_start (ap,
             cipher);
   ret = GNUNET_CRYPTO_blind_sign_keys_create_va (
@@ -227,6 +233,39 @@ TALER_blinded_denom_sig_free (
 
 
 void
+TALER_denom_ewv_free (struct TALER_ExchangeWithdrawValues *ewv)
+{
+  if (ewv == TALER_denom_ewv_rsa_singleton ())
+    return;
+  if (ewv->blinding_inputs ==
+      TALER_denom_ewv_rsa_singleton ()->blinding_inputs)
+  {
+    ewv->blinding_inputs = NULL;
+    return;
+  }
+  if (NULL != ewv->blinding_inputs)
+  {
+    GNUNET_CRYPTO_blinding_input_values_decref (ewv->blinding_inputs);
+    ewv->blinding_inputs = NULL;
+  }
+}
+
+
+void
+TALER_denom_ewv_deep_copy (struct TALER_ExchangeWithdrawValues *bi_dst,
+                           const struct TALER_ExchangeWithdrawValues *bi_src)
+{
+  if (bi_src == TALER_denom_ewv_rsa_singleton ())
+  {
+    *bi_dst = *bi_src;
+    return;
+  }
+  bi_dst->blinding_inputs
+    = GNUNET_CRYPTO_blinding_input_values_incref (bi_src->blinding_inputs);
+}
+
+
+void
 TALER_denom_pub_deep_copy (struct TALER_DenominationPublicKey *denom_dst,
                            const struct TALER_DenominationPublicKey *denom_src)
 {