aboutsummaryrefslogtreecommitdiff
path: root/src/mint/taler-mint-httpd_db.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/mint/taler-mint-httpd_db.c')
-rw-r--r--src/mint/taler-mint-httpd_db.c191
1 files changed, 100 insertions, 91 deletions
diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c
index 369e88967..78946f50f 100644
--- a/src/mint/taler-mint-httpd_db.c
+++ b/src/mint/taler-mint-httpd_db.c
@@ -83,9 +83,9 @@ TALER_MINT_db_execute_deposit (struct MHD_Connection *connection,
83 83
84 if (GNUNET_SYSERR == res) 84 if (GNUNET_SYSERR == res)
85 { 85 {
86 GNUNET_break (0); 86 GNUNET_break (0);
87 /* FIXME: return error message to client via MHD! */ 87 /* FIXME: return error message to client via MHD! */
88 return MHD_NO; 88 return MHD_NO;
89 } 89 }
90 90
91 { 91 {
@@ -221,56 +221,65 @@ TALER_MINT_db_execute_withdraw_status (struct MHD_Connection *connection,
221 * Execute a /withdraw/sign. 221 * Execute a /withdraw/sign.
222 * 222 *
223 * @param connection the MHD connection to handle 223 * @param connection the MHD connection to handle
224 * @param wsrd_ro details about the withdraw request 224 * @param reserve public key of the reserve
225 * @param denomination_pub public key of the denomination requested
226 * @param blinded_msg blinded message to be signed
227 * @param blinded_msg_len number of bytes in @a blinded_msg
228 * @param signature signature over the withdraw request, to be stored in DB
225 * @return MHD result code 229 * @return MHD result code
226 */ 230 */
227int 231int
228TALER_MINT_db_execute_withdraw_sign (struct MHD_Connection *connection, 232TALER_MINT_db_execute_withdraw_sign (struct MHD_Connection *connection,
229 const struct TALER_WithdrawRequest *wsrd_ro) 233 const struct GNUNET_CRYPTO_EddsaPublicKey *reserve,
234 const struct GNUNET_CRYPTO_rsa_PublicKey *denomination_pub,
235 const char *blinded_msg,
236 size_t blinded_msg_len,
237 const struct GNUNET_CRYPTO_EddsaSignature *signature)
230{ 238{
231 PGconn *db_conn; 239 PGconn *db_conn;
232 struct Reserve reserve; 240 struct Reserve db_reserve;
233 struct MintKeyState *key_state; 241 struct MintKeyState *key_state;
234 struct CollectableBlindcoin collectable; 242 struct CollectableBlindcoin collectable;
235 struct TALER_MINT_DenomKeyIssuePriv *dki; 243 struct TALER_MINT_DenomKeyIssuePriv *dki;
236 struct TALER_RSA_Signature ev_sig; 244 struct GNUNET_CRYPTO_rsa_Signature *sig;
237 struct TALER_Amount amount_required; 245 struct TALER_Amount amount_required;
238 /* FIXME: the fact that we do this here is a sign that we 246 struct GNUNET_HashCode h_blind;
239 need to have different versions of this struct for
240 the different places it is used! */
241 struct TALER_WithdrawRequest wsrd = *wsrd_ro;
242 int res; 247 int res;
243 248
249 GNUNET_CRYPTO_hash (blinded_msg,
250 blinded_msg_len,
251 &h_blind);
252
244 if (NULL == (db_conn = TALER_MINT_DB_get_connection ())) 253 if (NULL == (db_conn = TALER_MINT_DB_get_connection ()))
245 { 254 {
246 GNUNET_break (0); 255 GNUNET_break (0);
247 return TALER_MINT_reply_internal_db_error (connection); 256 return TALER_MINT_reply_internal_db_error (connection);
248 } 257 }
249
250
251 res = TALER_MINT_DB_get_collectable_blindcoin (db_conn, 258 res = TALER_MINT_DB_get_collectable_blindcoin (db_conn,
252 &wsrd.coin_envelope, 259 &h_blind,
253 &collectable); 260 &collectable);
254 if (GNUNET_SYSERR == res) 261 if (GNUNET_SYSERR == res)
255 { 262 {
256 // FIXME: return 'internal error'
257 GNUNET_break (0); 263 GNUNET_break (0);
258 return MHD_NO; 264 return TALER_MINT_reply_internal_db_error (connection);
259 } 265 }
260 266
261 /* Don't sign again if we have already signed the coin */ 267 /* Don't sign again if we have already signed the coin */
262 if (GNUNET_YES == res) 268 if (GNUNET_YES == res)
263 return TALER_MINT_reply_withdraw_sign_success (connection, 269 {
264 &collectable); 270 res = TALER_MINT_reply_withdraw_sign_success (connection,
271 &collectable);
272 GNUNET_CRYPTO_rsa_signature_free (collectable.sig);
273 return res;
274 }
265 GNUNET_assert (GNUNET_NO == res); 275 GNUNET_assert (GNUNET_NO == res);
266 res = TALER_MINT_DB_get_reserve (db_conn, 276 res = TALER_MINT_DB_get_reserve (db_conn,
267 &wsrd.reserve_pub, 277 reserve,
268 &reserve); 278 &db_reserve);
269 if (GNUNET_SYSERR == res) 279 if (GNUNET_SYSERR == res)
270 { 280 {
271 // FIXME: return 'internal error'
272 GNUNET_break (0); 281 GNUNET_break (0);
273 return MHD_NO; 282 return TALER_MINT_reply_internal_db_error (connection);
274 } 283 }
275 if (GNUNET_NO == res) 284 if (GNUNET_NO == res)
276 return TALER_MINT_reply_json_pack (connection, 285 return TALER_MINT_reply_json_pack (connection,
@@ -279,26 +288,9 @@ TALER_MINT_db_execute_withdraw_sign (struct MHD_Connection *connection,
279 "error", 288 "error",
280 "Reserve not found"); 289 "Reserve not found");
281 290
282 // fill out all the missing info in the request before
283 // we can check the signature on the request
284
285 wsrd.purpose.purpose = htonl (TALER_SIGNATURE_WITHDRAW);
286 wsrd.purpose.size = htonl (sizeof (struct TALER_WithdrawRequest) -
287 offsetof (struct TALER_WithdrawRequest, purpose));
288
289 if (GNUNET_OK !=
290 GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WITHDRAW,
291 &wsrd.purpose,
292 &wsrd.sig,
293 &wsrd.reserve_pub))
294 return TALER_MINT_reply_json_pack (connection,
295 MHD_HTTP_UNAUTHORIZED,
296 "{s:s}",
297 "error", "Invalid Signature");
298
299 key_state = TALER_MINT_key_state_acquire (); 291 key_state = TALER_MINT_key_state_acquire ();
300 dki = TALER_MINT_get_denom_key (key_state, 292 dki = TALER_MINT_get_denom_key (key_state,
301 &wsrd.denomination_pub); 293 denomination_pub);
302 TALER_MINT_key_state_release (key_state); 294 TALER_MINT_key_state_release (key_state);
303 if (NULL == dki) 295 if (NULL == dki)
304 return TALER_MINT_reply_json_pack (connection, 296 return TALER_MINT_reply_json_pack (connection,
@@ -307,52 +299,54 @@ TALER_MINT_db_execute_withdraw_sign (struct MHD_Connection *connection,
307 "error", 299 "error",
308 "Denomination not found"); 300 "Denomination not found");
309 301
310 amount_required = TALER_amount_ntoh (dki->issue.value); 302 amount_required = TALER_amount_add (TALER_amount_ntoh (dki->issue.value),
311 amount_required = TALER_amount_add (amount_required,
312 TALER_amount_ntoh (dki->issue.fee_withdraw)); 303 TALER_amount_ntoh (dki->issue.fee_withdraw));
313
314 if (0 < TALER_amount_cmp (amount_required, 304 if (0 < TALER_amount_cmp (amount_required,
315 TALER_amount_ntoh (reserve.balance))) 305 TALER_amount_ntoh (db_reserve.balance)))
316 return TALER_MINT_reply_json_pack (connection, 306 return TALER_MINT_reply_json_pack (connection,
317 MHD_HTTP_PAYMENT_REQUIRED, 307 MHD_HTTP_PAYMENT_REQUIRED,
318 "{s:s}", 308 "{s:s}",
319 "error", 309 "error",
320 "Insufficient funds"); 310 "Insufficient funds");
321 if (GNUNET_OK != 311
322 TALER_RSA_sign (dki->denom_priv, 312 db_reserve.balance = TALER_amount_hton
323 &wsrd.coin_envelope, 313 (TALER_amount_subtract (TALER_amount_ntoh (db_reserve.balance),
324 sizeof (struct TALER_RSA_BlindedSignaturePurpose), 314 amount_required));
325 &ev_sig)) 315
316 sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv,
317 blinded_msg,
318 blinded_msg_len);
319 if (NULL == sig)
326 { 320 {
327 // FIXME: return 'internal error'
328 GNUNET_break (0); 321 GNUNET_break (0);
329 return MHD_NO; 322 return TALER_MINT_reply_internal_error (connection,
323 "Internal error");
330 } 324 }
331 325
332 reserve.balance = TALER_amount_hton (TALER_amount_subtract (TALER_amount_ntoh (reserve.balance), 326 /* transaction start */
333 amount_required));
334 if (GNUNET_OK != 327 if (GNUNET_OK !=
335 TALER_MINT_DB_update_reserve (db_conn, 328 TALER_MINT_DB_update_reserve (db_conn,
336 &reserve, 329 &db_reserve,
337 GNUNET_YES)) 330 GNUNET_YES))
338 { 331 {
339 // FIXME: return 'internal error'
340 GNUNET_break (0); 332 GNUNET_break (0);
341 return MHD_NO; 333 return TALER_MINT_reply_internal_db_error (connection);
342 } 334 }
343
344 collectable.ev = wsrd.coin_envelope; 335 collectable.ev = wsrd.coin_envelope;
345 collectable.ev_sig = ev_sig; 336 collectable.sig = sig;
346 collectable.reserve_pub = wsrd.reserve_pub; 337 collectable.reserve_pub = wsrd.reserve_pub;
347 collectable.reserve_sig = wsrd.sig; 338 collectable.reserve_sig = wsrd.sig;
348 if (GNUNET_OK != 339 if (GNUNET_OK !=
349 TALER_MINT_DB_insert_collectable_blindcoin (db_conn, 340 TALER_MINT_DB_insert_collectable_blindcoin (db_conn,
341 &h_blind,
350 &collectable)) 342 &collectable))
351 { 343 {
352 // FIXME: return 'internal error'
353 GNUNET_break (0); 344 GNUNET_break (0);
354 return GNUNET_NO;; 345 GNUNET_CRYPTO_rsa_signature_free (sig);
346 return TALER_MINT_reply_internal_db_error (connection);
355 } 347 }
348 /* transaction end */
349 GNUNET_CRYPTO_rsa_signature_free (sig);
356 return TALER_MINT_reply_withdraw_sign_success (connection, 350 return TALER_MINT_reply_withdraw_sign_success (connection,
357 &collectable); 351 &collectable);
358} 352}
@@ -378,7 +372,7 @@ refresh_accept_denoms (struct MHD_Connection *connection,
378 const struct MintKeyState *key_state, 372 const struct MintKeyState *key_state,
379 const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub, 373 const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub,
380 unsigned int denom_pubs_count, 374 unsigned int denom_pubs_count,
381 const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pubs, 375 const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pubs,
382 struct TALER_Amount *r_amount) 376 struct TALER_Amount *r_amount)
383{ 377{
384 unsigned int i; 378 unsigned int i;
@@ -554,7 +548,7 @@ int
554TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, 548TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
555 const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub, 549 const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub,
556 unsigned int num_new_denoms, 550 unsigned int num_new_denoms,
557 const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pubs, 551 const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pubs,
558 unsigned int coin_count, 552 unsigned int coin_count,
559 const struct TALER_CoinPublicInfo *coin_public_infos) 553 const struct TALER_CoinPublicInfo *coin_public_infos)
560{ 554{
@@ -821,10 +815,10 @@ helper_refresh_reveal_send_response (struct MHD_Connection *connection,
821{ 815{
822 int res; 816 int res;
823 unsigned int newcoin_index; 817 unsigned int newcoin_index;
824 struct TALER_RSA_Signature *sigs; 818 struct GNUNET_CRYPTO_rsa_Signature **sigs;
825 819
826 sigs = GNUNET_malloc (refresh_session->num_newcoins * 820 sigs = GNUNET_malloc (refresh_session->num_newcoins *
827 sizeof (struct TALER_RSA_Signature)); 821 sizeof (struct GNUNET_CRYPTO_rsa_Signature *));
828 for (newcoin_index = 0; newcoin_index < refresh_session->num_newcoins; newcoin_index++) 822 for (newcoin_index = 0; newcoin_index < refresh_session->num_newcoins; newcoin_index++)
829 { 823 {
830 res = TALER_MINT_DB_get_refresh_collectable (db_conn, 824 res = TALER_MINT_DB_get_refresh_collectable (db_conn,
@@ -984,10 +978,12 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
984 { 978 {
985 struct RefreshCommitCoin commit_coin; 979 struct RefreshCommitCoin commit_coin;
986 struct LinkData link_data; 980 struct LinkData link_data;
987 struct TALER_RSA_BlindedSignaturePurpose *coin_ev_check; 981 // struct BlindedSignaturePurpose *coin_ev_check;
988 struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub; 982 struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub;
989 struct TALER_RSA_BlindingKey *bkey; 983 struct GNUNET_CRYPTO_rsa_BlindingKey *bkey;
990 struct TALER_RSA_PublicKeyBinaryEncoded denom_pub; 984 struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub;
985 char *buf;
986 size_t buf_len;
991 987
992 bkey = NULL; 988 bkey = NULL;
993 res = TALER_MINT_DB_get_refresh_commit_coin (db_conn, 989 res = TALER_MINT_DB_get_refresh_commit_coin (db_conn,
@@ -1011,7 +1007,8 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
1011 } 1007 }
1012 1008
1013 GNUNET_CRYPTO_ecdsa_key_get_public (&link_data.coin_priv, &coin_pub); 1009 GNUNET_CRYPTO_ecdsa_key_get_public (&link_data.coin_priv, &coin_pub);
1014 if (NULL == (bkey = TALER_RSA_blinding_key_decode (&link_data.bkey_enc))) 1010 if (NULL == (bkey = GNUNET_CRYPTO_rsa_blinding_key_decode (link_data.bkey_enc,
1011 link_data.bkey_enc_size)))
1015 { 1012 {
1016 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Invalid blinding key\n"); 1013 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Invalid blinding key\n");
1017 // FIXME: return error code! 1014 // FIXME: return error code!
@@ -1024,26 +1021,31 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
1024 // FIXME: return error code! 1021 // FIXME: return error code!
1025 return MHD_NO; 1022 return MHD_NO;
1026 } 1023 }
1027 if (NULL == (coin_ev_check = 1024 if (NULL == (buf_len =
1028 TALER_RSA_message_blind (&coin_pub, 1025 GNUNET_CRYPTO_rsa_blind (&h_msg,
1029 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
1030 bkey, 1026 bkey,
1031 &denom_pub))) 1027 denom_pub,
1028 &buf)))
1032 { 1029 {
1033 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "blind failed\n"); 1030 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "blind failed\n");
1034 // FIXME: return error code! 1031 // FIXME: return error code!
1035 return MHD_NO; 1032 return MHD_NO;
1036 } 1033 }
1037 1034
1038 if (0 != memcmp (&coin_ev_check, 1035 if ( (buf_len != commit_coin.coin_ev_size) ||
1039 &commit_coin.coin_ev, 1036 (0 != memcmp (buf,
1040 sizeof (struct TALER_RSA_BlindedSignaturePurpose))) 1037 commit_coin.coin_ev,
1038 buf_len)) )
1041 { 1039 {
1042 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "blind envelope does not match for kappa=%d, old=%d\n", 1040 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1041 "blind envelope does not match for kappa=%d, old=%d\n",
1043 (int) (i+off), (int) j); 1042 (int) (i+off), (int) j);
1044 // FIXME: return error code! 1043 // FIXME: return error code!
1044 GNUNET_free (buf);
1045 return MHD_NO; 1045 return MHD_NO;
1046 } 1046 }
1047 GNUNET_free (buf);
1048
1047 } 1049 }
1048 } 1050 }
1049 1051
@@ -1058,9 +1060,9 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
1058 for (j = 0; j < refresh_session.num_newcoins; j++) 1060 for (j = 0; j < refresh_session.num_newcoins; j++)
1059 { 1061 {
1060 struct RefreshCommitCoin commit_coin; 1062 struct RefreshCommitCoin commit_coin;
1061 struct TALER_RSA_PublicKeyBinaryEncoded denom_pub; 1063 struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub;
1062 struct TALER_MINT_DenomKeyIssuePriv *dki; 1064 struct TALER_MINT_DenomKeyIssuePriv *dki;
1063 struct TALER_RSA_Signature ev_sig; 1065 struct GNUNET_CRYPTO_rsa_Signature *ev_sig;
1064 1066
1065 res = TALER_MINT_DB_get_refresh_commit_coin (db_conn, 1067 res = TALER_MINT_DB_get_refresh_commit_coin (db_conn,
1066 refresh_session_pub, 1068 refresh_session_pub,
@@ -1091,11 +1093,10 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
1091 // FIXME: return error code! 1093 // FIXME: return error code!
1092 return MHD_NO; 1094 return MHD_NO;
1093 } 1095 }
1094 if (GNUNET_OK != 1096 ev_sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv,
1095 TALER_RSA_sign (dki->denom_priv, 1097 commit_coin.coin_ev,
1096 &commit_coin.coin_ev, 1098 commit_coin.coin_ev_len);
1097 sizeof (struct TALER_RSA_BlindedSignaturePurpose), 1099 if (NULL == ev_sig)
1098 &ev_sig))
1099 { 1100 {
1100 GNUNET_break (0); 1101 GNUNET_break (0);
1101 // FIXME: return error code! 1102 // FIXME: return error code!
@@ -1144,25 +1145,33 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
1144static int 1145static int
1145link_iter (void *cls, 1146link_iter (void *cls,
1146 const struct LinkDataEnc *link_data_enc, 1147 const struct LinkDataEnc *link_data_enc,
1147 const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub, 1148 const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub,
1148 const struct TALER_RSA_Signature *ev_sig) 1149 const struct GNUNET_CRYPTO_rsa_Signature *ev_sig)
1149{ 1150{
1150 json_t *list = cls; 1151 json_t *list = cls;
1151 json_t *obj = json_object (); 1152 json_t *obj = json_object ();
1153 char *buf;
1154 size_t buf_len;
1155
1152 1156
1153 json_array_append_new (list, obj); 1157 json_array_append_new (list, obj);
1154 1158
1155 json_object_set_new (obj, "link_enc", 1159 json_object_set_new (obj, "link_enc",
1156 TALER_JSON_from_data (link_data_enc, 1160 TALER_JSON_from_data (link_data_enc,
1157 sizeof (struct LinkDataEnc))); 1161 sizeof (struct LinkDataEnc)));
1158 1162
1163 buf_len = GNUNET_CRYPTO_rsa_public_key_encode (denom_pub,
1164 &buf);
1159 json_object_set_new (obj, "denom_pub", 1165 json_object_set_new (obj, "denom_pub",
1160 TALER_JSON_from_data (denom_pub, 1166 TALER_JSON_from_data (buf,
1161 sizeof (struct TALER_RSA_PublicKeyBinaryEncoded))); 1167 buf_len));
1162 1168 GNUNET_free (buf);
1169 buf_len = GNUNET_CRYPTO_rsa_signature_encode (ev_sig,
1170 &buf);
1163 json_object_set_new (obj, "ev_sig", 1171 json_object_set_new (obj, "ev_sig",
1164 TALER_JSON_from_data (ev_sig, 1172 TALER_JSON_from_data (buf,
1165 sizeof (struct TALER_RSA_Signature))); 1173 buf_len));
1174 GNUNET_free (buf_len);
1166 1175
1167 return GNUNET_OK; 1176 return GNUNET_OK;
1168} 1177}