From be536de23c4a6a7f33e05d1f9f658579a470821a Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 26 Apr 2022 23:10:05 +0200 Subject: various age restriction fixes, some of them half-baked --- src/exchange/taler-exchange-httpd.c | 3 +- src/exchange/taler-exchange-httpd.h | 5 +- src/exchange/taler-exchange-httpd_extensions.c | 3 - src/exchange/taler-exchange-httpd_keys.c | 8 +- .../taler-exchange-httpd_refreshes_reveal.c | 103 +++++++++++---------- src/util/age_restriction.c | 7 ++ src/util/wallet_signatures.c | 1 + 7 files changed, 71 insertions(+), 59 deletions(-) (limited to 'src') diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index 48c0e5345..d84289c24 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -144,8 +144,7 @@ char *TEH_base_url; /** * Age restriction flags and mask */ -bool TEH_age_restriction_enabled = false; -struct TALER_AgeMask TEH_age_mask = {0}; +bool TEH_age_restriction_enabled = true; /** * Default timeout in seconds for HTTP requests. diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h index deb5b3e02..bb387696d 100644 --- a/src/exchange/taler-exchange-httpd.h +++ b/src/exchange/taler-exchange-httpd.h @@ -196,7 +196,6 @@ extern char *TEH_currency; * Age restriction extension state */ extern bool TEH_age_restriction_enabled; -extern struct TALER_AgeMask TEH_age_mask; /** * Our (externally visible) base URL. @@ -310,8 +309,8 @@ struct TEH_RequestHandler * @return MHD result code */ MHD_RESULT - (*get)(struct TEH_RequestContext *rc, - const char *const args[]); + (*get)(struct TEH_RequestContext *rc, + const char *const args[]); /** diff --git a/src/exchange/taler-exchange-httpd_extensions.c b/src/exchange/taler-exchange-httpd_extensions.c index 71abfecec..c9d470521 100644 --- a/src/exchange/taler-exchange-httpd_extensions.c +++ b/src/exchange/taler-exchange-httpd_extensions.c @@ -131,11 +131,8 @@ extension_update_event_cb (void *cls, /* Special case age restriction: Update global flag and mask */ if (TALER_Extension_AgeRestriction == type) { - TEH_age_mask.bits = 0; TEH_age_restriction_enabled = TALER_extensions_age_restriction_is_enabled (); - if (TEH_age_restriction_enabled) - TEH_age_mask = TALER_extensions_age_restriction_ageMask (); } } diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c index 7aff0903b..56fe6412b 100644 --- a/src/exchange/taler-exchange-httpd_keys.c +++ b/src/exchange/taler-exchange-httpd_keys.c @@ -2060,7 +2060,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh) /* If age restriction is enabled, initialize the array of age restricted denoms and prepare a hash for them, separate from the others. We will join those hashes afterwards.*/ - if (TEH_age_restriction_enabled) + if (0) { age_restricted_denoms = json_array (); GNUNET_assert (NULL != age_restricted_denoms); @@ -2146,7 +2146,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh) /* Put the denom into the correct array depending on the settings and * the properties of the denomination. Also, we build up the right * hash for the corresponding array. */ - if (TEH_age_restriction_enabled && + if (0 && (0 != dk->denom_pub.age_mask.bits)) { have_age_restricted_denoms = true; @@ -2180,7 +2180,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh) /* If age restriction is active and we had at least one denomination of * that sort, we simply add the hash of all age restricted denominations at * the end of the others. */ - if (TEH_age_restriction_enabled && have_age_restricted_denoms) + if (0 && have_age_restricted_denoms) { struct GNUNET_HashCode hcr; GNUNET_CRYPTO_hash_context_finish (hash_context_restricted, &hcr); @@ -2205,7 +2205,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh) "Failed to generate key response data for %s\n", GNUNET_TIME_timestamp2s (last_cpd)); json_decref (denoms); - if (TEH_age_restriction_enabled && NULL != age_restricted_denoms) + if (0 && NULL != age_restricted_denoms) json_decref (age_restricted_denoms); json_decref (sctx.signkeys); json_decref (recoup); diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c b/src/exchange/taler-exchange-httpd_refreshes_reveal.c index 8a5d8a802..fbfbf8acb 100644 --- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c +++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c @@ -440,6 +440,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, unsigned int num_fresh_coins = json_array_size (new_denoms_h_json); /* We know num_fresh_coins is bounded by #TALER_MAX_FRESH_COINS, so this is safe */ const struct TEH_DenominationKey *dks[num_fresh_coins]; + const struct TEH_DenominationKey *old_dk; struct TALER_RefreshCoinData rcds[num_fresh_coins]; struct TALER_EXCHANGEDB_RefreshRevealedCoin rrcs[num_fresh_coins]; MHD_RESULT ret; @@ -460,6 +461,53 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, NULL); } + /* lookup old_coin_pub in database */ + { + enum GNUNET_DB_QueryStatus qs; + + if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + (qs = TEH_plugin->get_melt (TEH_plugin->cls, + &rctx->rc, + &rctx->melt, + &melt_serial_id))) + { + switch (qs) + { + case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: + ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_NOT_FOUND, + TALER_EC_EXCHANGE_REFRESHES_REVEAL_SESSION_UNKNOWN, + NULL); + break; + case GNUNET_DB_STATUS_HARD_ERROR: + ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "melt"); + break; + case GNUNET_DB_STATUS_SOFT_ERROR: + default: + GNUNET_break (0); /* should be impossible */ + ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE, + NULL); + break; + } + goto cleanup; + } + if (rctx->melt.session.noreveal_index >= TALER_CNC_KAPPA) + { + GNUNET_break (0); + ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "melt"); + goto cleanup; + } + } + + /* Parse denomination key hashes */ for (unsigned int i = 0; imelt.session.coin. + denom_pub_hash, + connection, + &ret); + if (NULL == old_dk) + return ret; if ( (TALER_DENOMINATION_CS == dks[i]->denom_pub.cipher) && (rctx->no_rms) ) { @@ -548,52 +603,6 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, &rrc->coin_envelope_hash); } - /* lookup old_coin_pub in database */ - { - enum GNUNET_DB_QueryStatus qs; - - if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - (qs = TEH_plugin->get_melt (TEH_plugin->cls, - &rctx->rc, - &rctx->melt, - &melt_serial_id))) - { - switch (qs) - { - case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_NOT_FOUND, - TALER_EC_EXCHANGE_REFRESHES_REVEAL_SESSION_UNKNOWN, - NULL); - break; - case GNUNET_DB_STATUS_HARD_ERROR: - ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "melt"); - break; - case GNUNET_DB_STATUS_SOFT_ERROR: - default: - GNUNET_break (0); /* should be impossible */ - ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE, - NULL); - break; - } - goto cleanup; - } - if (rctx->melt.session.noreveal_index >= TALER_CNC_KAPPA) - { - GNUNET_break (0); - ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "melt"); - goto cleanup; - } - } - if (TEH_age_restriction_enabled && ((NULL == old_age_commitment_json) != TALER_AgeCommitmentHash_isNullOrZero ( @@ -619,7 +628,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, rctx->old_age_commitment = GNUNET_new (struct TALER_AgeCommitment); oac = rctx->old_age_commitment; - oac->mask = TEH_age_mask; + oac->mask = old_dk->meta.age_mask; oac->num = ng; oac->keys = GNUNET_new_array (ng, struct TALER_AgeCommitmentPublicKeyP); diff --git a/src/util/age_restriction.c b/src/util/age_restriction.c index 45ebc03c4..e69e74126 100644 --- a/src/util/age_restriction.c +++ b/src/util/age_restriction.c @@ -38,6 +38,13 @@ TALER_age_commitment_hash ( return; } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "popcount - 1: %d\n", + __builtin_popcount (commitment->mask.bits) - 1); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "commitment num: %d\n", + commitment->num); + GNUNET_assert (__builtin_popcount (commitment->mask.bits) - 1 == commitment->num); diff --git a/src/util/wallet_signatures.c b/src/util/wallet_signatures.c index ce757b753..85caaca6e 100644 --- a/src/util/wallet_signatures.c +++ b/src/util/wallet_signatures.c @@ -190,6 +190,7 @@ TALER_wallet_deposit_verify ( amount); TALER_amount_hton (&dr.deposit_fee, deposit_fee); + if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_DEPOSIT, &dr, -- cgit v1.2.3