diff options
Diffstat (limited to 'src/lib/exchange_api_recoup.c')
| -rw-r--r-- | src/lib/exchange_api_recoup.c | 282 |
1 files changed, 134 insertions, 148 deletions
diff --git a/src/lib/exchange_api_recoup.c b/src/lib/exchange_api_recoup.c index a3416b5bc..56499f381 100644 --- a/src/lib/exchange_api_recoup.c +++ b/src/lib/exchange_api_recoup.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2017 Taler Systems SA + Copyright (C) 2017-2023 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -27,6 +27,7 @@ #include <gnunet/gnunet_curl_lib.h> #include "taler_json_lib.h" #include "taler_exchange_service.h" +#include "exchange_api_common.h" #include "exchange_api_handle.h" #include "taler_signatures.h" #include "exchange_api_curl_defaults.h" @@ -39,9 +40,9 @@ struct TALER_EXCHANGE_RecoupHandle { /** - * The connection to exchange this request handle will use + * The keys of the exchange this request handle will use */ - struct TALER_EXCHANGE_Handle *exchange; + struct TALER_EXCHANGE_Keys *keys; /** * The url for this request. @@ -60,6 +61,11 @@ struct TALER_EXCHANGE_RecoupHandle struct TALER_EXCHANGE_DenomPublicKey pk; /** + * Our signature requesting the recoup. + */ + struct TALER_CoinSpendSignatureP coin_sig; + + /** * Handle for the request. */ struct GNUNET_CURL_Job *job; @@ -79,11 +85,6 @@ struct TALER_EXCHANGE_RecoupHandle */ struct TALER_CoinSpendPublicKeyP coin_pub; - /** - * #GNUNET_YES if the coin was refreshed - */ - int was_refreshed; - }; @@ -95,43 +96,30 @@ struct TALER_EXCHANGE_RecoupHandle * @return #GNUNET_OK if the signature is valid and we called the callback; * #GNUNET_SYSERR if not (callback must still be called) */ -static int +static enum GNUNET_GenericReturnValue process_recoup_response (const struct TALER_EXCHANGE_RecoupHandle *ph, const json_t *json) { - int refreshed; - struct TALER_ReservePublicKeyP reserve_pub; - struct TALER_CoinSpendPublicKeyP old_coin_pub; - struct GNUNET_JSON_Specification spec_withdraw[] = { - GNUNET_JSON_spec_boolean ("refreshed", &refreshed), - GNUNET_JSON_spec_fixed_auto ("reserve_pub", &reserve_pub), - GNUNET_JSON_spec_end () + struct TALER_EXCHANGE_RecoupResponse rr = { + .hr.reply = json, + .hr.http_status = MHD_HTTP_OK }; - struct GNUNET_JSON_Specification spec_refresh[] = { - GNUNET_JSON_spec_boolean ("refreshed", &refreshed), - GNUNET_JSON_spec_fixed_auto ("old_coin_pub", &old_coin_pub), + struct GNUNET_JSON_Specification spec_withdraw[] = { + GNUNET_JSON_spec_fixed_auto ("reserve_pub", + &rr.details.ok.reserve_pub), GNUNET_JSON_spec_end () }; if (GNUNET_OK != GNUNET_JSON_parse (json, - ph->was_refreshed ? spec_refresh : spec_withdraw, + spec_withdraw, NULL, NULL)) { GNUNET_break_op (0); return GNUNET_SYSERR; } - if (ph->was_refreshed != refreshed) - { - GNUNET_break_op (0); - return GNUNET_SYSERR; - } ph->cb (ph->cb_cls, - MHD_HTTP_OK, - TALER_EC_NONE, - ph->was_refreshed ? NULL : &reserve_pub, - ph->was_refreshed ? &old_coin_pub : NULL, - json); + &rr); return GNUNET_OK; } @@ -151,23 +139,25 @@ handle_recoup_finished (void *cls, { struct TALER_EXCHANGE_RecoupHandle *ph = cls; const json_t *j = response; - enum TALER_ErrorCode ec; + struct TALER_EXCHANGE_RecoupResponse rr = { + .hr.reply = j, + .hr.http_status = (unsigned int) response_code + }; ph->job = NULL; switch (response_code) { case 0: - ec = TALER_EC_INVALID_RESPONSE; + rr.hr.ec = TALER_EC_GENERIC_INVALID_RESPONSE; break; case MHD_HTTP_OK: - ec = TALER_EC_NONE; if (GNUNET_OK != process_recoup_response (ph, j)) { GNUNET_break_op (0); - ec = TALER_EC_RECOUP_REPLY_MALFORMED; - response_code = 0; + rr.hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED; + rr.hr.http_status = 0; break; } TALER_EXCHANGE_recoup_cancel (ph); @@ -175,172 +165,173 @@ handle_recoup_finished (void *cls, case MHD_HTTP_BAD_REQUEST: /* This should never happen, either us or the exchange is buggy (or API version conflict); just pass JSON reply to the application */ - ec = TALER_JSON_get_error_code (j); + rr.hr.ec = TALER_JSON_get_error_code (j); + rr.hr.hint = TALER_JSON_get_error_hint (j); break; case MHD_HTTP_CONFLICT: { - /* Insufficient funds, proof attached */ - json_t *history; - struct TALER_Amount total; - const struct TALER_EXCHANGE_DenomPublicKey *dki; - - dki = &ph->pk; - history = json_object_get (j, - "history"); + struct TALER_Amount min_key; + + rr.hr.ec = TALER_JSON_get_error_code (j); + rr.hr.hint = TALER_JSON_get_error_hint (j); if (GNUNET_OK != - TALER_EXCHANGE_verify_coin_history (dki, - dki->fee_deposit.currency, - &ph->coin_pub, - history, - &total)) + TALER_EXCHANGE_get_min_denomination_ (ph->keys, + &min_key)) { - GNUNET_break_op (0); - response_code = 0; + GNUNET_break (0); + rr.hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED; + rr.hr.http_status = 0; + break; } - ec = TALER_JSON_get_error_code (j); - ph->cb (ph->cb_cls, - response_code, - ec, - NULL, - NULL, - j); - TALER_EXCHANGE_recoup_cancel (ph); - return; + break; } case MHD_HTTP_FORBIDDEN: /* Nothing really to verify, exchange says one of the signatures is invalid; as we checked them, this should never happen, we should pass the JSON reply to the application */ - ec = TALER_JSON_get_error_code (j); + rr.hr.ec = TALER_JSON_get_error_code (j); + rr.hr.hint = TALER_JSON_get_error_hint (j); break; case MHD_HTTP_NOT_FOUND: /* Nothing really to verify, this should never happen, we should pass the JSON reply to the application */ - ec = TALER_JSON_get_error_code (j); + rr.hr.ec = TALER_JSON_get_error_code (j); + rr.hr.hint = TALER_JSON_get_error_hint (j); break; case MHD_HTTP_GONE: /* Kind of normal: the money was already sent to the merchant (it was too late for the refund). */ - ec = TALER_JSON_get_error_code (j); + rr.hr.ec = TALER_JSON_get_error_code (j); + rr.hr.hint = TALER_JSON_get_error_hint (j); break; case MHD_HTTP_INTERNAL_SERVER_ERROR: /* Server had an internal issue; we should retry, but this API leaves this to the application */ - ec = TALER_JSON_get_error_code (j); + rr.hr.ec = TALER_JSON_get_error_code (j); + rr.hr.hint = TALER_JSON_get_error_hint (j); break; default: /* unexpected response code */ - ec = TALER_JSON_get_error_code (j); + rr.hr.ec = TALER_JSON_get_error_code (j); + rr.hr.hint = TALER_JSON_get_error_hint (j); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unexpected response code %u\n", - (unsigned int) response_code); + "Unexpected response code %u/%d for exchange recoup\n", + (unsigned int) response_code, + (int) rr.hr.ec); GNUNET_break (0); - response_code = 0; break; } ph->cb (ph->cb_cls, - response_code, - ec, - NULL, - NULL, - j); + &rr); TALER_EXCHANGE_recoup_cancel (ph); } -/** - * Ask the exchange to pay back a coin due to the exchange triggering - * the emergency recoup protocol for a given denomination. The value - * of the coin will be refunded to the original customer (without fees). - * - * @param exchange the exchange handle; the exchange must be ready to operate - * @param pk kind of coin to pay back - * @param denom_sig signature over the coin by the exchange using @a pk - * @param ps secret internals of the original planchet - * @param was_refreshed #GNUNET_YES if the coin in @a ps was refreshed - * @param recoup_cb the callback to call when the final result for this request is available - * @param recoup_cb_cls closure for @a recoup_cb - * @return NULL - * if the inputs are invalid (i.e. denomination key not with this exchange). - * In this case, the callback is not called. - */ struct TALER_EXCHANGE_RecoupHandle * -TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange, - const struct TALER_EXCHANGE_DenomPublicKey *pk, - const struct TALER_DenominationSignature *denom_sig, - const struct TALER_PlanchetSecretsP *ps, - int was_refreshed, - TALER_EXCHANGE_RecoupResultCallback recoup_cb, - void *recoup_cb_cls) +TALER_EXCHANGE_recoup ( + struct GNUNET_CURL_Context *ctx, + const char *url, + struct TALER_EXCHANGE_Keys *keys, + const struct TALER_EXCHANGE_DenomPublicKey *pk, + const struct TALER_DenominationSignature *denom_sig, + const struct TALER_ExchangeWithdrawValues *exchange_vals, + const struct TALER_PlanchetMasterSecretP *ps, + TALER_EXCHANGE_RecoupResultCallback recoup_cb, + void *recoup_cb_cls) { struct TALER_EXCHANGE_RecoupHandle *ph; - struct GNUNET_CURL_Context *ctx; - struct TALER_RecoupRequestPS pr; - struct TALER_CoinSpendSignatureP coin_sig; - struct GNUNET_HashCode h_denom_pub; + struct TALER_DenominationHashP h_denom_pub; json_t *recoup_obj; CURL *eh; char arg_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2 + 32]; + struct TALER_CoinSpendPrivateKeyP coin_priv; + union GNUNET_CRYPTO_BlindingSecretP bks; - GNUNET_assert (GNUNET_YES == - TEAH_handle_is_ready (exchange)); - pr.purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_RECOUP); - pr.purpose.size = htonl (sizeof (struct TALER_RecoupRequestPS)); - GNUNET_CRYPTO_eddsa_key_get_public (&ps->coin_priv.eddsa_priv, - &pr.coin_pub.eddsa_pub); - GNUNET_CRYPTO_rsa_public_key_hash (pk->key.rsa_public_key, - &h_denom_pub); - pr.h_denom_pub = pk->h_key; - pr.coin_blind = ps->blinding_key; - GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (&ps->coin_priv.eddsa_priv, - &pr.purpose, - &coin_sig.eddsa_signature)); - - recoup_obj = json_pack ("{s:o, s:o," /* denom pub/sig */ - " s:o," /* sig */ - " s:o, s:o}", /* coin_bks */ - "denom_pub_hash", GNUNET_JSON_from_data_auto ( - &h_denom_pub), - "denom_sig", GNUNET_JSON_from_rsa_signature ( - denom_sig->rsa_signature), - "coin_sig", GNUNET_JSON_from_data_auto (&coin_sig), - "coin_blind_key_secret", GNUNET_JSON_from_data_auto ( - &ps->blinding_key), - "refreshed", json_boolean (was_refreshed) - ); - if (NULL == recoup_obj) + ph = GNUNET_new (struct TALER_EXCHANGE_RecoupHandle); + TALER_planchet_setup_coin_priv (ps, + exchange_vals, + &coin_priv); + TALER_planchet_blinding_secret_create (ps, + exchange_vals, + &bks); + GNUNET_CRYPTO_eddsa_key_get_public (&coin_priv.eddsa_priv, + &ph->coin_pub.eddsa_pub); + TALER_denom_pub_hash (&pk->key, + &h_denom_pub); + TALER_wallet_recoup_sign (&h_denom_pub, + &bks, + &coin_priv, + &ph->coin_sig); + recoup_obj = GNUNET_JSON_PACK ( + GNUNET_JSON_pack_data_auto ("denom_pub_hash", + &h_denom_pub), + TALER_JSON_pack_denom_sig ("denom_sig", + denom_sig), + TALER_JSON_pack_exchange_withdraw_values ("ewv", + exchange_vals), + GNUNET_JSON_pack_data_auto ("coin_sig", + &ph->coin_sig), + GNUNET_JSON_pack_data_auto ("coin_blind_key_secret", + &bks)); + switch (denom_sig->unblinded_sig->cipher) { + case GNUNET_CRYPTO_BSA_INVALID: + json_decref (recoup_obj); GNUNET_break (0); + GNUNET_free (ph); return NULL; + case GNUNET_CRYPTO_BSA_RSA: + break; + case GNUNET_CRYPTO_BSA_CS: + { + union GNUNET_CRYPTO_BlindSessionNonce nonce; + + /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash() + it is not strictly clear that the nonce is needed. Best case would be + to find a way to include it more 'naturally' somehow, for example with + the variant union version of bks! */ + TALER_cs_withdraw_nonce_derive (ps, + &nonce.cs_nonce); + GNUNET_assert ( + 0 == + json_object_set_new (recoup_obj, + "cs_nonce", + GNUNET_JSON_from_data_auto ( + &nonce))); + } } { char pub_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2]; char *end; - end = GNUNET_STRINGS_data_to_string (&pr.coin_pub, - sizeof (struct - TALER_CoinSpendPublicKeyP), - pub_str, - sizeof (pub_str)); + end = GNUNET_STRINGS_data_to_string ( + &ph->coin_pub, + sizeof (struct TALER_CoinSpendPublicKeyP), + pub_str, + sizeof (pub_str)); *end = '\0'; GNUNET_snprintf (arg_str, sizeof (arg_str), - "/coins/%s/recoup", + "coins/%s/recoup", pub_str); } - ph = GNUNET_new (struct TALER_EXCHANGE_RecoupHandle); - ph->coin_pub = pr.coin_pub; - ph->exchange = exchange; ph->pk = *pk; - ph->pk.key.rsa_public_key = NULL; /* zero out, as lifetime cannot be warranted */ + memset (&ph->pk.key, + 0, + sizeof (ph->pk.key)); /* zero out, as lifetime cannot be warranted */ ph->cb = recoup_cb; ph->cb_cls = recoup_cb_cls; - ph->url = TEAH_path_to_url (exchange, - arg_str); - ph->was_refreshed = was_refreshed; + ph->url = TALER_url_join (url, + arg_str, + NULL); + if (NULL == ph->url) + { + json_decref (recoup_obj); + GNUNET_free (ph); + return NULL; + } eh = TALER_EXCHANGE_curl_easy_get_ (ph->url); if ( (NULL == eh) || (GNUNET_OK != @@ -360,7 +351,7 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "URL for recoup: `%s'\n", ph->url); - ctx = TEAH_handle_to_context (exchange); + ph->keys = TALER_EXCHANGE_keys_incref (keys); ph->job = GNUNET_CURL_job_add2 (ctx, eh, ph->ctx.headers, @@ -370,12 +361,6 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange, } -/** - * Cancel a recoup request. This function cannot be used on a - * request handle if the callback was already invoked. - * - * @param ph the recoup handle - */ void TALER_EXCHANGE_recoup_cancel (struct TALER_EXCHANGE_RecoupHandle *ph) { @@ -386,6 +371,7 @@ TALER_EXCHANGE_recoup_cancel (struct TALER_EXCHANGE_RecoupHandle *ph) } GNUNET_free (ph->url); TALER_curl_easy_post_finished (&ph->ctx); + TALER_EXCHANGE_keys_decref (ph->keys); GNUNET_free (ph); } |