From a351bfc4b4ca15ce7fd998cf9691e85cf84dc426 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Thu, 17 Feb 2022 15:10:14 +0100
Subject: -fix CS nonce reuse check logic

---
 .../taler-exchange-httpd_refreshes_reveal.c        | 29 ++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

(limited to 'src/exchange/taler-exchange-httpd_refreshes_reveal.c')

diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c b/src/exchange/taler-exchange-httpd_refreshes_reveal.c
index 1f0782aaa..9c0a665b7 100644
--- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c
+++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c
@@ -115,11 +115,20 @@ struct RevealContext
    */
   struct TALER_RefreshCoinData *rcds;
 
+  /**
+   * Refresh master secret.
+   */
+  struct TALER_RefreshMasterSecretP rms;
+
   /**
    * Size of the @e dks, @e rcds and @e ev_sigs arrays (if non-NULL).
    */
   unsigned int num_fresh_coins;
 
+  /**
+   * True if @e rms was provided.
+   */
+  bool have_rms;
 };
 
 
@@ -296,6 +305,9 @@ check_commitment (struct RevealContext *rctx,
     }
     TALER_refresh_get_commitment (&rc_expected,
                                   TALER_CNC_KAPPA,
+                                  rctx->have_rms
+                                  ? &rctx->rms
+                                  : NULL,
                                   rctx->num_fresh_coins,
                                   rcs,
                                   &rctx->melt.session.coin.coin_pub,
@@ -344,7 +356,7 @@ check_commitment (struct RevealContext *rctx,
 
       if ( (0 >
             TALER_amount_add (&total,
-                              &rctx->dks[i]->meta.fee_withdraw,
+                              &rctx->dks[i]->meta.fees.withdraw,
                               &rctx->dks[i]->meta.value)) ||
            (0 >
             TALER_amount_add (&refresh_cost,
@@ -439,7 +451,15 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
                                              &ret);
     if (NULL == dks[i])
       return ret;
-
+    if ( (TALER_DENOMINATION_CS == dks[i]->denom_pub.cipher) &&
+         (! rctx->have_rms) )
+    {
+      return TALER_MHD_reply_with_error (
+        connection,
+        MHD_HTTP_BAD_REQUEST,
+        TALER_EC_GENERIC_PARAMETER_MISSING,
+        "rms");
+    }
     if (GNUNET_TIME_absolute_is_past (dks[i]->meta.expire_withdraw.abs_time))
     {
       /* This denomination is past the expiration time for withdraws */
@@ -812,6 +832,9 @@ TEH_handler_reveal (struct TEH_RequestContext *rc,
     GNUNET_JSON_spec_mark_optional (
       GNUNET_JSON_spec_json ("old_age_commitment",
                              &old_age_commitment)),
+    GNUNET_JSON_spec_mark_optional (
+      GNUNET_JSON_spec_fixed_auto ("rms",
+                                   &rctx.rms)),
     GNUNET_JSON_spec_end ()
   };
 
@@ -852,6 +875,8 @@ TEH_handler_reveal (struct TEH_RequestContext *rc,
       return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
     }
   }
+  rctx.have_rms = (NULL != json_object_get (root,
+                                            "rms"));
 
   /* Check we got enough transfer private keys */
   /* Note we do +1 as 1 row (cut-and-choose!) is missing! */
-- 
cgit v1.2.3