diff options
Diffstat (limited to 'src/exchange')
-rw-r--r-- | src/exchange/taler-exchange-httpd_csr.c | 44 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_deposit.c | 7 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_keys.c | 28 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_keys.h | 4 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_recoup.c | 16 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_refreshes_reveal.c | 5 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_responses.c | 47 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_responses.h | 13 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_withdraw.c | 96 |
9 files changed, 114 insertions, 146 deletions
diff --git a/src/exchange/taler-exchange-httpd_csr.c b/src/exchange/taler-exchange-httpd_csr.c index 415dc7acf..e1c9037df 100644 --- a/src/exchange/taler-exchange-httpd_csr.c +++ b/src/exchange/taler-exchange-httpd_csr.c @@ -54,16 +54,6 @@ TEH_handler_csr (struct TEH_RequestContext *rc, (void) args; - memset (&nonce, - 0, - sizeof (nonce)); - memset (&denom_pub_hash, - 0, - sizeof (denom_pub_hash)); - memset (&r_pub, - 0, - sizeof (r_pub)); - // parse input { enum GNUNET_GenericReturnValue res; @@ -78,7 +68,6 @@ TEH_handler_csr (struct TEH_RequestContext *rc, // check denomination referenced by denom_pub_hash { - MHD_RESULT mret; struct TEH_KeyStateHandle *ksh; ksh = TEH_keys_get_state (); @@ -88,7 +77,6 @@ TEH_handler_csr (struct TEH_RequestContext *rc, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING, NULL); - return mret; } dk = TEH_keys_denomination_by_hash2 (ksh, &denom_pub_hash, @@ -134,17 +122,16 @@ TEH_handler_csr (struct TEH_RequestContext *rc, if (TALER_DENOMINATION_CS != dk->denom_pub.cipher) { // denomination is valid but not CS - return TEH_RESPONSE_reply_unknown_denom_pub_hash ( + return TEH_RESPONSE_reply_invalid_denom_cipher_for_operation ( rc->connection, &denom_pub_hash); } } // derive r_pub - ec = TALER_EC_NONE; - r_pub = TEH_keys_denomination_cs_r_pub (&denom_pub_hash, - &nonce, - &ec); + ec = TEH_keys_denomination_cs_r_pub (&denom_pub_hash, + &nonce, + &r_pub); if (TALER_EC_NONE != ec) { GNUNET_break (0); @@ -154,20 +141,15 @@ TEH_handler_csr (struct TEH_RequestContext *rc, } // send response - { - MHD_RESULT ret; - - ret = TALER_MHD_REPLY_JSON_PACK ( - rc->connection, - MHD_HTTP_OK, - GNUNET_JSON_pack_data_varsize ("r_pub_0", - &r_pub.r_pub[0], - sizeof(struct GNUNET_CRYPTO_CsRPublic)), - GNUNET_JSON_pack_data_varsize ("r_pub_1", - &r_pub.r_pub[1], - sizeof(struct GNUNET_CRYPTO_CsRPublic))); - return ret; - } + return TALER_MHD_REPLY_JSON_PACK ( + rc->connection, + MHD_HTTP_OK, + GNUNET_JSON_pack_data_varsize ("r_pub_0", + &r_pub.r_pub[0], + sizeof(struct GNUNET_CRYPTO_CsRPublic)), + GNUNET_JSON_pack_data_varsize ("r_pub_1", + &r_pub.r_pub[1], + sizeof(struct GNUNET_CRYPTO_CsRPublic))); } diff --git a/src/exchange/taler-exchange-httpd_deposit.c b/src/exchange/taler-exchange-httpd_deposit.c index 11f94f2c5..50ddba604 100644 --- a/src/exchange/taler-exchange-httpd_deposit.c +++ b/src/exchange/taler-exchange-httpd_deposit.c @@ -360,9 +360,10 @@ TEH_handler_deposit (struct MHD_Connection *connection, { /* denomination cipher and denomination signature cipher not the same */ GNUNET_JSON_parse_free (spec); - return TEH_RESPONSE_reply_unknown_denom_pub_hash ( - connection, - &deposit.coin.denom_pub_hash); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_EXCHANGE_GENERIC_CIPHER_MISMATCH, + NULL); } deposit.deposit_fee = dk->meta.fee_deposit; diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c index 42f351b75..39c5b760f 100644 --- a/src/exchange/taler-exchange-httpd_keys.c +++ b/src/exchange/taler-exchange-httpd_keys.c @@ -974,7 +974,6 @@ helper_cs_cb ( GNUNET_assert (TALER_DENOMINATION_CS == denom_pub->cipher); TALER_denom_pub_deep_copy (&hd->denom_pub, denom_pub); - GNUNET_assert (TALER_DENOMINATION_CS == hd->denom_pub.cipher); /* load the age mask for the denomination, if applicable */ hd->denom_pub.age_mask = load_age_mask (section_name); TALER_denom_pub_hash (&hd->denom_pub, @@ -2458,42 +2457,37 @@ TEH_keys_denomination_sign (const struct TALER_DenominationHash *h_denom_pub, } -struct TALER_DenominationCsPublicR +enum TALER_ErrorCode TEH_keys_denomination_cs_r_pub (const struct TALER_DenominationHash *h_denom_pub, const struct TALER_WithdrawNonce *nonce, - enum TALER_ErrorCode *ec) + struct TALER_DenominationCsPublicR *r_pub) { struct TEH_KeyStateHandle *ksh; - struct TALER_DenominationCsPublicR none; struct HelperDenomination *hd; + enum TALER_ErrorCode r_derive_ec; - memset (&none, - 0, - sizeof (none)); ksh = TEH_keys_get_state (); if (NULL == ksh) { - *ec = TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING; - return none; + return TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING; } hd = GNUNET_CONTAINER_multihashmap_get (ksh->helpers->denom_keys, &h_denom_pub->hash); if (NULL == hd) { - *ec = TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN; - return none; + return TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN; } if (TALER_DENOMINATION_CS != hd->denom_pub.cipher) { - *ec = TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE; - return none; + return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE; } - return TALER_CRYPTO_helper_cs_r_derive (ksh->helpers->csdh, - &hd->h_details.h_cs, - nonce, - ec); + *r_pub = TALER_CRYPTO_helper_cs_r_derive (ksh->helpers->csdh, + &hd->h_details.h_cs, + nonce, + &r_derive_ec); + return r_derive_ec; } diff --git a/src/exchange/taler-exchange-httpd_keys.h b/src/exchange/taler-exchange-httpd_keys.h index 7e75c80a9..2cc7d7d7c 100644 --- a/src/exchange/taler-exchange-httpd_keys.h +++ b/src/exchange/taler-exchange-httpd_keys.h @@ -229,11 +229,11 @@ TEH_keys_denomination_sign (const struct TALER_DenominationHash *h_denom_pub, * @return r_pub, the value inside the structure will be NULL on failure, * see @a ec for details about the failure */ -struct TALER_DenominationCsPublicR +enum TALER_ErrorCode TEH_keys_denomination_cs_r_pub (const struct TALER_DenominationHash *h_denom_pub, const struct TALER_WithdrawNonce *nonce, - enum TALER_ErrorCode *ec); + struct TALER_DenominationCsPublicR *r_pub); /** diff --git a/src/exchange/taler-exchange-httpd_recoup.c b/src/exchange/taler-exchange-httpd_recoup.c index 1abb88531..cb77ba3f8 100644 --- a/src/exchange/taler-exchange-httpd_recoup.c +++ b/src/exchange/taler-exchange-httpd_recoup.c @@ -265,12 +265,16 @@ verify_and_execute_recoup ( TALER_EC_EXCHANGE_RECOUP_BLINDING_FAILED, NULL); } - TALER_coin_ev_hash ( - blinded_planchet.details.rsa_blinded_planchet.blinded_msg, - blinded_planchet.details.rsa_blinded_planchet. - blinded_msg_size, - &pc.h_blind); - GNUNET_free (blinded_planchet.details.rsa_blinded_planchet.blinded_msg); + if (GNUNET_OK != TALER_coin_ev_hash (&blinded_planchet, + &pc.h_blind)) + { + GNUNET_break (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE, + NULL); + } + TALER_blinded_planchet_free (&blinded_planchet); } pc.coin_sig = coin_sig; diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c b/src/exchange/taler-exchange-httpd_refreshes_reveal.c index 5a46aa22e..eba8efbda 100644 --- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c +++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c @@ -181,6 +181,7 @@ check_commitment (struct RevealContext *rctx, { struct TALER_RefreshCoinData *rcd = &rce->new_coins[j]; struct TALER_PlanchetSecretsP ps; + struct TALER_ExchangeWithdrawValues alg_values; struct TALER_PlanchetDetail pd; struct TALER_CoinPubHash c_hash; @@ -188,9 +189,11 @@ check_commitment (struct RevealContext *rctx, TALER_planchet_setup_refresh (&ts, j, &ps); + // TODO: implement cipher handling + alg_values.cipher = TALER_DENOMINATION_RSA; GNUNET_assert (GNUNET_OK == TALER_planchet_prepare (rcd->dk, - NULL, /* not needed in RSA*/ + &alg_values, &ps, &c_hash, &pd)); diff --git a/src/exchange/taler-exchange-httpd_responses.c b/src/exchange/taler-exchange-httpd_responses.c index 66a3b0af9..8aa54712c 100644 --- a/src/exchange/taler-exchange-httpd_responses.c +++ b/src/exchange/taler-exchange-httpd_responses.c @@ -491,6 +491,53 @@ TEH_RESPONSE_reply_expired_denom_pub_hash ( } +MHD_RESULT +TEH_RESPONSE_reply_invalid_denom_cipher_for_operation ( + struct MHD_Connection *connection, + const struct TALER_DenominationHash *dph) +{ + struct TALER_ExchangePublicKeyP epub; + struct TALER_ExchangeSignatureP esig; + struct GNUNET_TIME_Timestamp now; + enum TALER_ErrorCode ec; + + now = GNUNET_TIME_timestamp_get (); + { + struct TALER_DenominationUnknownAffirmationPS dua = { + .purpose.size = htonl (sizeof (dua)), + .purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_AFFIRM_DENOM_UNKNOWN), + .timestamp = GNUNET_TIME_timestamp_hton (now), + .h_denom_pub = *dph, + }; + + ec = TEH_keys_exchange_sign (&dua, + &epub, + &esig); + } + if (TALER_EC_NONE != ec) + { + GNUNET_break (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + ec, + NULL); + } + return TALER_MHD_REPLY_JSON_PACK ( + connection, + MHD_HTTP_NOT_FOUND, + TALER_JSON_pack_ec ( + TALER_EC_EXCHANGE_GENERIC_INVALID_DENOMINATION_CIPHER_FOR_OPERATION), + GNUNET_JSON_pack_timestamp ("timestamp", + now), + GNUNET_JSON_pack_data_auto ("exchange_pub", + &epub), + GNUNET_JSON_pack_data_auto ("exchange_sig", + &esig), + GNUNET_JSON_pack_data_auto ("h_denom_pub", + dph)); +} + + /** * Send proof that a request is invalid to client because of * insufficient funds. This function will create a message with all diff --git a/src/exchange/taler-exchange-httpd_responses.h b/src/exchange/taler-exchange-httpd_responses.h index db2286ffa..48309a41d 100644 --- a/src/exchange/taler-exchange-httpd_responses.h +++ b/src/exchange/taler-exchange-httpd_responses.h @@ -80,6 +80,19 @@ TEH_RESPONSE_reply_expired_denom_pub_hash ( /** + * Send assertion that the given denomination cannot be used for this operation. + * + * @param connection connection to the client + * @param dph denomination public key hash + * @return MHD result code + */ +MHD_RESULT +TEH_RESPONSE_reply_invalid_denom_cipher_for_operation ( + struct MHD_Connection *connection, + const struct TALER_DenominationHash *dph); + + +/** * Send proof that a request is invalid to client because of * insufficient funds. This function will create a message with all * of the operations affecting the coin that demonstrate that the coin diff --git a/src/exchange/taler-exchange-httpd_withdraw.c b/src/exchange/taler-exchange-httpd_withdraw.c index 9925fa8e6..a82a6daa0 100644 --- a/src/exchange/taler-exchange-httpd_withdraw.c +++ b/src/exchange/taler-exchange-httpd_withdraw.c @@ -332,36 +332,8 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, &wc.collectable.reserve_sig), GNUNET_JSON_spec_fixed_auto ("denom_pub_hash", &wc.collectable.denom_pub_hash), - GNUNET_JSON_spec_end () - }; - // holds pointer to coin_ev_rsa/cs_spec for freeing - struct GNUNET_JSON_Specification *coin_ev_spec = NULL; - struct GNUNET_JSON_Specification coin_ev_rsa_spec[] = { - GNUNET_JSON_spec_varsize ( - "coin_ev", - (void **) &wc.blinded_planchet.details.rsa_blinded_planchet.blinded_msg, - &wc.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size), - GNUNET_JSON_spec_end () - }; - json_t *coin_ev_cs_json; - struct GNUNET_JSON_Specification coin_ev_cs_json_spec[] = { - GNUNET_JSON_spec_json ("coin_ev", - &coin_ev_cs_json), - GNUNET_JSON_spec_end () - }; - struct GNUNET_JSON_Specification coin_ev_cs_spec[] = { - GNUNET_JSON_spec_fixed ( - "nonce", - &wc.blinded_planchet.details.cs_blinded_planchet.nonce, - sizeof (wc.blinded_planchet.details.cs_blinded_planchet.nonce)), - GNUNET_JSON_spec_fixed ( - "c0", - &wc.blinded_planchet.details.cs_blinded_planchet.c[0], - sizeof (wc.blinded_planchet.details.cs_blinded_planchet.c[0])), - GNUNET_JSON_spec_fixed ( - "c1", - &wc.blinded_planchet.details.cs_blinded_planchet.c[1], - sizeof (wc.blinded_planchet.details.cs_blinded_planchet.c[1])), + TALER_JSON_spec_blinded_planchet ("coin_ev", + &wc.blinded_planchet), GNUNET_JSON_spec_end () }; enum TALER_ErrorCode ec; @@ -492,36 +464,14 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, enum GNUNET_GenericReturnValue res; wc.blinded_planchet.cipher = dk->denom_pub.cipher; switch (wc.blinded_planchet.cipher) + + if (dk->denom_pub.cipher != wc.blinded_planchet.cipher) { - case TALER_DENOMINATION_RSA: - res = TALER_MHD_parse_json_data (rc->connection, - root, - coin_ev_rsa_spec); - if (GNUNET_OK != res) - return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; - coin_ev_spec = coin_ev_rsa_spec; - break; - case TALER_DENOMINATION_CS: - // coin_ev for CS is nested - res = TALER_MHD_parse_json_data (rc->connection, - root, - coin_ev_cs_json_spec); - if (GNUNET_OK != res) - return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; - res = TALER_MHD_parse_json_data (rc->connection, - coin_ev_cs_json, - coin_ev_cs_spec); - GNUNET_JSON_parse_free (coin_ev_cs_json_spec); - if (GNUNET_OK != res) - return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; - coin_ev_spec = coin_ev_cs_spec; - break; - default: - GNUNET_break (0); + /* denomination cipher and blinded planchet cipher not the same */ GNUNET_JSON_parse_free (spec); return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE, + MHD_HTTP_BAD_REQUEST, + TALER_EC_EXCHANGE_GENERIC_CIPHER_MISMATCH, NULL); } } @@ -533,8 +483,6 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, &dk->meta.fee_withdraw)) { GNUNET_JSON_parse_free (spec); - if (NULL != coin_ev_spec) - GNUNET_JSON_parse_free (coin_ev_spec); return TALER_MHD_reply_with_error (rc->connection, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_EXCHANGE_WITHDRAW_AMOUNT_FEE_OVERFLOW, @@ -554,27 +502,13 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, = htonl (TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW); wc.wsrd.h_denomination_pub = wc.collectable.denom_pub_hash; - switch (wc.blinded_planchet.cipher) + if (GNUNET_OK != TALER_coin_ev_hash (&wc.blinded_planchet, + &wc.wsrd.h_coin_envelope)) { - case TALER_DENOMINATION_RSA: - TALER_coin_ev_hash ( - wc.blinded_planchet.details.rsa_blinded_planchet.blinded_msg, - wc.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size, - &wc.wsrd.h_coin_envelope); - break; - case TALER_DENOMINATION_CS: - TALER_coin_ev_hash ( - &wc.blinded_planchet.details.cs_blinded_planchet, - sizeof (wc.blinded_planchet.details.cs_blinded_planchet), - &wc.wsrd.h_coin_envelope); - break; - default: GNUNET_break (0); GNUNET_JSON_parse_free (spec); - if (NULL != coin_ev_spec) - GNUNET_JSON_parse_free (coin_ev_spec); return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_FORBIDDEN, + MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE, NULL); } @@ -588,8 +522,6 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, TALER_LOG_WARNING ( "Client supplied invalid signature for withdraw request\n"); GNUNET_JSON_parse_free (spec); - if (NULL != coin_ev_spec) - GNUNET_JSON_parse_free (coin_ev_spec); return TALER_MHD_reply_with_error (rc->connection, MHD_HTTP_FORBIDDEN, TALER_EC_EXCHANGE_WITHDRAW_RESERVE_SIGNATURE_INVALID, @@ -618,8 +550,6 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, default: GNUNET_break (0); GNUNET_JSON_parse_free (spec); - if (NULL != coin_ev_spec) - GNUNET_JSON_parse_free (coin_ev_spec); return TALER_MHD_reply_with_error (rc->connection, MHD_HTTP_FORBIDDEN, TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE, @@ -634,8 +564,6 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, { GNUNET_break (0); GNUNET_JSON_parse_free (spec); - if (NULL != coin_ev_spec) - GNUNET_JSON_parse_free (coin_ev_spec); return TALER_MHD_reply_with_ec (rc->connection, ec, NULL); @@ -657,16 +585,12 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, (or we might have done it optimistically above). */ TALER_blinded_denom_sig_free (&wc.collectable.sig); GNUNET_JSON_parse_free (spec); - if (NULL != coin_ev_spec) - GNUNET_JSON_parse_free (coin_ev_spec); return mhd_ret; } } /* Clean up and send back final response */ GNUNET_JSON_parse_free (spec); - if (NULL != coin_ev_spec) - GNUNET_JSON_parse_free (coin_ev_spec); { MHD_RESULT ret; |