diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/auditor_api_deposit_confirmation.c | 91 | ||||
| -rw-r--r-- | src/lib/exchange_api_deposit.c | 115 |
2 files changed, 107 insertions, 99 deletions
diff --git a/src/lib/auditor_api_deposit_confirmation.c b/src/lib/auditor_api_deposit_confirmation.c index 89f67f92e..41f9d5e42 100644 --- a/src/lib/auditor_api_deposit_confirmation.c +++ b/src/lib/auditor_api_deposit_confirmation.c @@ -168,10 +168,11 @@ handle_deposit_confirmation_finished (void *cls, * @param master_sig master signature affirming validity of @a exchange_pub * @return #GNUNET_OK if signatures are OK, #GNUNET_SYSERR if not */ -static int +static enum GNUNET_GenericReturnValue verify_signatures (const struct TALER_MerchantWireHash *h_wire, const struct TALER_PrivateContractHash *h_contract_terms, struct GNUNET_TIME_Absolute exchange_timestamp, + struct GNUNET_TIME_Absolute wire_deadline, struct GNUNET_TIME_Absolute refund_deadline, const struct TALER_Amount *amount_without_fee, const struct TALER_CoinSpendPublicKeyP *coin_pub, @@ -184,36 +185,29 @@ verify_signatures (const struct TALER_MerchantWireHash *h_wire, struct GNUNET_TIME_Absolute ep_end, const struct TALER_MasterSignatureP *master_sig) { + if (GNUNET_OK != + TALER_exchange_deposit_confirm_verify (h_contract_terms, + h_wire, + NULL /* h_extensions! */, + exchange_timestamp, + wire_deadline, + refund_deadline, + amount_without_fee, + coin_pub, + merchant_pub, + exchange_pub, + exchange_sig)) { - struct TALER_DepositConfirmationPS dc = { - .purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT), - .purpose.size = htonl (sizeof (dc)), - .h_contract_terms = *h_contract_terms, - .h_wire = *h_wire, - .exchange_timestamp = GNUNET_TIME_absolute_hton (exchange_timestamp), - .refund_deadline = GNUNET_TIME_absolute_hton (refund_deadline), - .coin_pub = *coin_pub, - .merchant = *merchant_pub - }; - - TALER_amount_hton (&dc.amount_without_fee, - amount_without_fee); - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT, - &dc, - &exchange_sig->eddsa_signature, - &exchange_pub->eddsa_pub)) + GNUNET_break_op (0); + TALER_LOG_WARNING ( + "Invalid signature on /deposit-confirmation request!\n"); { - GNUNET_break_op (0); - TALER_LOG_WARNING ( - "Invalid signature on /deposit-confirmation request!\n"); - { - TALER_LOG_DEBUG ("... amount_without_fee was %s\n", - TALER_amount2s (amount_without_fee)); - } - return GNUNET_SYSERR; + TALER_LOG_DEBUG ("... amount_without_fee was %s\n", + TALER_amount2s (amount_without_fee)); } + return GNUNET_SYSERR; } + if (GNUNET_OK != TALER_exchange_offline_signkey_validity_verify ( exchange_pub, @@ -237,45 +231,13 @@ verify_signatures (const struct TALER_MerchantWireHash *h_wire, } -/** - * Submit a deposit-confirmation permission to the auditor and get the - * auditor's response. Note that while we return the response - * verbatim to the caller for further processing, we do already verify - * that the response is well-formed. If the auditor's reply is not - * well-formed, we return an HTTP status code of zero to @a cb. - * - * We also verify that the @a exchange_sig is valid for this deposit-confirmation - * request, and that the @a master_sig is a valid signature for @a - * exchange_pub. Also, the @a auditor must be ready to operate (i.e. have - * finished processing the /version reply). If either check fails, we do - * NOT initiate the transaction with the auditor and instead return NULL. - * - * @param auditor the auditor handle; the auditor must be ready to operate - * @param h_wire hash of merchant wire details - * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the auditor) - * @param exchange_timestamp timestamp when deposit was received by the exchange - * @param refund_deadline date until which the merchant can issue a refund to the customer via the auditor (can be zero if refunds are not allowed); must not be after the @a wire_deadline - * @param amount_without_fee the amount confirmed to be wired by the exchange to the merchant - * @param coin_pub coin’s public key - * @param merchant_pub the public key of the merchant (used to identify the merchant for refund requests) - * @param exchange_sig the signature made with purpose #TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT - * @param exchange_pub the public key of the exchange that matches @a exchange_sig - * @param master_pub master public key of the exchange - * @param ep_start when does @a exchange_pub validity start - * @param ep_expire when does @a exchange_pub usage end - * @param ep_end when does @a exchange_pub legal validity end - * @param master_sig master signature affirming validity of @a exchange_pub - * @param cb the callback to call when a reply for this request is available - * @param cb_cls closure for the above callback - * @return a handle for this request; NULL if the inputs are invalid (i.e. - * signatures fail to verify). In this case, the callback is not called. - */ struct TALER_AUDITOR_DepositConfirmationHandle * TALER_AUDITOR_deposit_confirmation ( struct TALER_AUDITOR_Handle *auditor, const struct TALER_MerchantWireHash *h_wire, const struct TALER_PrivateContractHash *h_contract_terms, struct GNUNET_TIME_Absolute exchange_timestamp, + struct GNUNET_TIME_Absolute wire_deadline, struct GNUNET_TIME_Absolute refund_deadline, const struct TALER_Amount *amount_without_fee, const struct TALER_CoinSpendPublicKeyP *coin_pub, @@ -306,6 +268,7 @@ TALER_AUDITOR_deposit_confirmation ( verify_signatures (h_wire, h_contract_terms, exchange_timestamp, + wire_deadline, refund_deadline, amount_without_fee, coin_pub, @@ -332,6 +295,8 @@ TALER_AUDITOR_deposit_confirmation ( exchange_timestamp), GNUNET_JSON_pack_time_abs ("refund_deadline", refund_deadline), + GNUNET_JSON_pack_time_abs ("wire_deadline", + wire_deadline), TALER_JSON_pack_amount ("amount_without_fee", amount_without_fee), GNUNET_JSON_pack_data_auto ("coin_pub", @@ -397,12 +362,6 @@ TALER_AUDITOR_deposit_confirmation ( } -/** - * Cancel a deposit-confirmation permission request. This function cannot be used - * on a request handle if a response is already served for it. - * - * @param deposit_confirmation the deposit-confirmation permission request handle - */ void TALER_AUDITOR_deposit_confirmation_cancel ( struct TALER_AUDITOR_DepositConfirmationHandle *deposit_confirmation) diff --git a/src/lib/exchange_api_deposit.c b/src/lib/exchange_api_deposit.c index 188c17f18..60dcb066c 100644 --- a/src/lib/exchange_api_deposit.c +++ b/src/lib/exchange_api_deposit.c @@ -81,9 +81,58 @@ struct TALER_EXCHANGE_DepositHandle void *cb_cls; /** - * Information the exchange should sign in response. + * Hash over the contract for which this deposit is made. */ - struct TALER_DepositConfirmationPS depconf; + struct TALER_PrivateContractHash h_contract_terms GNUNET_PACKED; + + /** + * Hash over the wiring information of the merchant. + */ + struct TALER_MerchantWireHash h_wire GNUNET_PACKED; + + /** + * Hash over the extension options of the deposit, 0 if there + * were not extension options. + */ + struct TALER_ExtensionContractHash h_extensions GNUNET_PACKED; + + /** + * Time when this confirmation was generated / when the exchange received + * the deposit request. + */ + struct GNUNET_TIME_Absolute exchange_timestamp; + + /** + * By when does the exchange expect to pay the merchant + * (as per the merchant's request). + */ + struct GNUNET_TIME_Absolute wire_deadline; + + /** + * How much time does the @e merchant have to issue a refund + * request? Zero if refunds are not allowed. After this time, the + * coin cannot be refunded. Note that the wire transfer will not be + * performed by the exchange until the refund deadline. This value + * is taken from the original deposit request. + */ + struct GNUNET_TIME_Absolute refund_deadline; + + /** + * Amount to be deposited, excluding fee. Calculated from the + * amount with fee and the fee from the deposit request. + */ + struct TALER_Amount amount_without_fee; + + /** + * The public key of the coin that was deposited. + */ + struct TALER_CoinSpendPublicKeyP coin_pub; + + /** + * The Merchant's public key. Allows the merchant to later refund + * the transaction or to inquire about the wire transfer identifier. + */ + struct TALER_MerchantPublicKeyP merchant_pub; /** * Exchange signature, set for #auditor_cb. @@ -132,7 +181,6 @@ auditor_cb (void *cls, struct TALER_EXCHANGE_DepositHandle *dh = cls; const struct TALER_EXCHANGE_Keys *key_state; const struct TALER_EXCHANGE_SigningPublicKey *spk; - struct TALER_Amount amount_without_fee; struct TEAH_AuditorInteractionEntry *aie; if (0 != GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, @@ -153,18 +201,17 @@ auditor_cb (void *cls, GNUNET_break_op (0); return NULL; } - TALER_amount_ntoh (&amount_without_fee, - &dh->depconf.amount_without_fee); aie = GNUNET_new (struct TEAH_AuditorInteractionEntry); aie->dch = TALER_AUDITOR_deposit_confirmation ( ah, - &dh->depconf.h_wire, - &dh->depconf.h_contract_terms, - GNUNET_TIME_absolute_ntoh (dh->depconf.exchange_timestamp), - GNUNET_TIME_absolute_ntoh (dh->depconf.refund_deadline), - &amount_without_fee, - &dh->depconf.coin_pub, - &dh->depconf.merchant, + &dh->h_wire, + &dh->h_contract_terms, + dh->exchange_timestamp, + dh->wire_deadline, + dh->refund_deadline, + &dh->amount_without_fee, + &dh->coin_pub, + &dh->merchant_pub, &dh->exchange_pub, &dh->exchange_sig, &key_state->master_pub, @@ -204,7 +251,7 @@ verify_deposit_signature_conflict ( if (GNUNET_OK != TALER_EXCHANGE_verify_coin_history (&dh->dki, dh->dki.value.currency, - &dh->depconf.coin_pub, + &dh->coin_pub, history, &h_denom_pub, &total)) @@ -286,8 +333,8 @@ handle_deposit_finished (void *cls, GNUNET_JSON_spec_mark_optional ( GNUNET_JSON_spec_string ("transaction_base_url", &dr.details.success.transaction_base_url)), - TALER_JSON_spec_absolute_time_nbo ("exchange_timestamp", - &dh->depconf.exchange_timestamp), + TALER_JSON_spec_absolute_time ("exchange_timestamp", + &dh->exchange_timestamp), GNUNET_JSON_spec_end () }; @@ -313,10 +360,17 @@ handle_deposit_finished (void *cls, } if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT, - &dh->depconf, - &dh->exchange_sig.eddsa_signature, - &dh->exchange_pub.eddsa_pub)) + TALER_exchange_deposit_confirm_verify (&dh->h_contract_terms, + &dh->h_wire, + &dh->h_extensions, + dh->exchange_timestamp, + dh->wire_deadline, + dh->refund_deadline, + &dh->amount_without_fee, + &dh->coin_pub, + &dh->merchant_pub, + &dh->exchange_pub, + &dh->exchange_sig)) { GNUNET_break_op (0); dr.hr.http_status = 0; @@ -331,8 +385,7 @@ handle_deposit_finished (void *cls, } dr.details.success.exchange_sig = &dh->exchange_sig; dr.details.success.exchange_pub = &dh->exchange_pub; - dr.details.success.deposit_timestamp - = GNUNET_TIME_absolute_ntoh (dh->depconf.exchange_timestamp); + dr.details.success.deposit_timestamp = dh->exchange_timestamp; break; case MHD_HTTP_BAD_REQUEST: /* This should never happen, either us or the exchange is buggy @@ -621,18 +674,14 @@ TALER_EXCHANGE_deposit ( json_decref (deposit_obj); return NULL; } - dh->depconf.purpose.size - = htonl (sizeof (struct TALER_DepositConfirmationPS)); - dh->depconf.purpose.purpose - = htonl (TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT); - dh->depconf.h_contract_terms = *h_contract_terms; - dh->depconf.h_wire = h_wire; - /* dh->depconf.exchange_timestamp; -- initialized later from exchange reply! */ - dh->depconf.refund_deadline = GNUNET_TIME_absolute_hton (refund_deadline); - TALER_amount_hton (&dh->depconf.amount_without_fee, - &amount_without_fee); - dh->depconf.coin_pub = *coin_pub; - dh->depconf.merchant = *merchant_pub; + dh->h_contract_terms = *h_contract_terms; + dh->h_wire = h_wire; + /* dh->h_extensions = ... */ + dh->refund_deadline = refund_deadline; + dh->wire_deadline = wire_deadline; + dh->amount_without_fee = amount_without_fee; + dh->coin_pub = *coin_pub; + dh->merchant_pub = *merchant_pub; dh->amount_with_fee = *amount; dh->dki = *dki; memset (&dh->dki.key, |