From ded7f9ca189d8abbfcb6eb874d68bdc1a644da8f Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Tue, 28 Jun 2022 20:25:45 +0200
Subject: -fix issue with missing signature over denomination and age
 restriction hash in purse deposit

---
 src/auditor/taler-helper-auditor-reserves.c | 50 +++++++++++++++--------------
 1 file changed, 26 insertions(+), 24 deletions(-)

(limited to 'src/auditor/taler-helper-auditor-reserves.c')

diff --git a/src/auditor/taler-helper-auditor-reserves.c b/src/auditor/taler-helper-auditor-reserves.c
index f0c92c260..54d3db7c3 100644
--- a/src/auditor/taler-helper-auditor-reserves.c
+++ b/src/auditor/taler-helper-auditor-reserves.c
@@ -1289,38 +1289,15 @@ handle_purse_deposits (
   struct TALER_Amount amount_minus_fee;
   struct TALER_Amount new_balance;
   struct ReserveSummary *rs;
+  struct TALER_DenominationHashP h_denom_pub;
 
   /* should be monotonically increasing */
   GNUNET_assert (rowid >= ppr.last_purse_deposits_serial_id);
   ppr.last_purse_deposits_serial_id = rowid + 1;
 
-  if (GNUNET_OK !=
-      TALER_wallet_purse_deposit_verify (base_url,
-                                         &deposit->purse_pub,
-                                         &deposit->amount,
-                                         &deposit->coin_pub,
-                                         &deposit->coin_sig))
-  {
-    TALER_ARL_report (report_bad_sig_losses,
-                      GNUNET_JSON_PACK (
-                        GNUNET_JSON_pack_string ("operation",
-                                                 "purse-deposit"),
-                        GNUNET_JSON_pack_uint64 ("row",
-                                                 rowid),
-                        TALER_JSON_pack_amount ("loss",
-                                                &deposit->amount),
-                        GNUNET_JSON_pack_data_auto ("key_pub",
-                                                    &deposit->coin_pub)));
-    TALER_ARL_amount_add (&total_bad_sig_loss,
-                          &total_bad_sig_loss,
-                          &deposit->amount);
-    return GNUNET_OK;
-  }
-
   {
     const struct TALER_EXCHANGEDB_DenominationKeyInformation *issue;
     enum GNUNET_DB_QueryStatus qs;
-    struct TALER_DenominationHashP h_denom_pub;
 
     qs = TALER_ARL_get_denomination_info (denom_pub,
                                           &issue,
@@ -1349,6 +1326,31 @@ handle_purse_deposits (
                                &issue->fees.deposit);
   }
 
+  if (GNUNET_OK !=
+      TALER_wallet_purse_deposit_verify (base_url,
+                                         &deposit->purse_pub,
+                                         &deposit->amount,
+                                         &h_denom_pub,
+                                         &deposit->h_age_commitment,
+                                         &deposit->coin_pub,
+                                         &deposit->coin_sig))
+  {
+    TALER_ARL_report (report_bad_sig_losses,
+                      GNUNET_JSON_PACK (
+                        GNUNET_JSON_pack_string ("operation",
+                                                 "purse-deposit"),
+                        GNUNET_JSON_pack_uint64 ("row",
+                                                 rowid),
+                        TALER_JSON_pack_amount ("loss",
+                                                &deposit->amount),
+                        GNUNET_JSON_pack_data_auto ("key_pub",
+                                                    &deposit->coin_pub)));
+    TALER_ARL_amount_add (&total_bad_sig_loss,
+                          &total_bad_sig_loss,
+                          &deposit->amount);
+    return GNUNET_OK;
+  }
+
   TALER_ARL_amount_add (&new_balance,
                         auditor_balance,
                         &amount_minus_fee);
-- 
cgit v1.2.3