From ded7f9ca189d8abbfcb6eb874d68bdc1a644da8f Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 28 Jun 2022 20:25:45 +0200 Subject: -fix issue with missing signature over denomination and age restriction hash in purse deposit --- src/exchange/taler-exchange-httpd_purses_deposit.c | 46 ++++++++++++++++------ 1 file changed, 33 insertions(+), 13 deletions(-) (limited to 'src/exchange/taler-exchange-httpd_purses_deposit.c') diff --git a/src/exchange/taler-exchange-httpd_purses_deposit.c b/src/exchange/taler-exchange-httpd_purses_deposit.c index af7200f12..4158b2936 100644 --- a/src/exchange/taler-exchange-httpd_purses_deposit.c +++ b/src/exchange/taler-exchange-httpd_purses_deposit.c @@ -239,6 +239,8 @@ deposit_transaction (void *cls, struct TALER_Amount amount; struct TALER_CoinSpendPublicKeyP coin_pub; struct TALER_CoinSpendSignatureP coin_sig; + struct TALER_DenominationHashP h_denom_pub; + struct TALER_AgeCommitmentHash phac; char *partner_url = NULL; TEH_plugin->rollback (TEH_plugin->cls); @@ -246,6 +248,8 @@ deposit_transaction (void *cls, pcc->purse_pub, &coin->cpi.coin_pub, &amount, + &h_denom_pub, + &phac, &coin_sig, &partner_url); if (qs < 0) @@ -268,6 +272,10 @@ deposit_transaction (void *cls, TALER_EC_EXCHANGE_PURSE_DEPOSIT_CONFLICTING_META_DATA), GNUNET_JSON_pack_data_auto ("coin_pub", &coin_pub), + GNUNET_JSON_pack_data_auto ("h_denom_pub", + &h_denom_pub), + GNUNET_JSON_pack_data_auto ("h_age_commitment", + &phac), GNUNET_JSON_pack_data_auto ("coin_sig", &coin_sig), GNUNET_JSON_pack_allow_null ( @@ -336,21 +344,33 @@ parse_coin (struct MHD_Connection *connection, if (GNUNET_OK != res) return res; } - if (GNUNET_OK != - TALER_wallet_purse_deposit_verify (TEH_base_url, - pcc->purse_pub, - &coin->amount, - &coin->cpi.coin_pub, - &coin->coin_sig)) { - TALER_LOG_WARNING ("Invalid signature on /purses/$PID/deposit request\n"); - GNUNET_JSON_parse_free (spec); - return (MHD_YES == - TALER_MHD_reply_with_error (connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_PURSE_DEPOSIT_COIN_SIGNATURE_INVALID, - TEH_base_url)) + struct TALER_AgeCommitmentHash h_age; + + if (no_age_commitment) + memset (&h_age, 0, sizeof (h_age)); + else + TALER_age_commitment_hash (&age_commitment, + &h_age); + + if (GNUNET_OK != + TALER_wallet_purse_deposit_verify (TEH_base_url, + pcc->purse_pub, + &coin->amount, + &coin->cpi.denom_pub_hash, + &h_age, + &coin->cpi.coin_pub, + &coin->coin_sig)) + { + TALER_LOG_WARNING ("Invalid signature on /purses/$PID/deposit request\n"); + GNUNET_JSON_parse_free (spec); + return (MHD_YES == + TALER_MHD_reply_with_error (connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_PURSE_DEPOSIT_COIN_SIGNATURE_INVALID, + TEH_base_url)) ? GNUNET_NO : GNUNET_SYSERR; + } } /* check denomination exists and is valid */ { -- cgit v1.2.3