diff options
| author | Christian Grothoff <christian@grothoff.org> | 2022-12-06 13:02:54 +0100 | 
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2022-12-06 13:02:54 +0100 | 
| commit | 21959eebd2256a3fb72173488cf366868179ee13 (patch) | |
| tree | 3804cebf03db618cce5c8bb25d631fb05527e5c3 | |
| parent | 9e4ac84b6eed7cc622d041c396bc460ce7e1bf07 (diff) | |
fix FIXME: sign also over balance during account-setup
| -rw-r--r-- | src/exchange/taler-exchange-httpd_kyc-wallet.c | 5 | ||||
| -rw-r--r-- | src/include/taler_crypto_lib.h | 4 | ||||
| -rw-r--r-- | src/lib/exchange_api_kyc_wallet.c | 1 | ||||
| -rw-r--r-- | src/util/wallet_signatures.c | 57 | 
4 files changed, 51 insertions, 16 deletions
| diff --git a/src/exchange/taler-exchange-httpd_kyc-wallet.c b/src/exchange/taler-exchange-httpd_kyc-wallet.c index 81acde4c..1111b678 100644 --- a/src/exchange/taler-exchange-httpd_kyc-wallet.c +++ b/src/exchange/taler-exchange-httpd_kyc-wallet.c @@ -164,8 +164,6 @@ TEH_handler_kyc_wallet (                                   &reserve_sig),      GNUNET_JSON_spec_fixed_auto ("reserve_pub",                                   &reserve_pub), -    // FIXME: add balance threshold crossed to the request -    // to spec and client API!      TALER_JSON_spec_amount ("balance",                              TEH_currency,                              &krc.balance), @@ -184,10 +182,9 @@ TEH_handler_kyc_wallet (      return MHD_YES;   /* failure */    TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; -  // FIXME: add balance threshold crossed to -  // what the wallet signs over!    if (GNUNET_OK !=        TALER_wallet_account_setup_verify (&reserve_pub, +                                         &krc.balance,                                           &reserve_sig))    {      GNUNET_break_op (0); diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 4fdda39e..97e82b4c 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -3192,11 +3192,13 @@ TALER_wallet_reserve_close_verify (   * Sign a request by a wallet to perform a KYC check.   *   * @param reserve_priv key identifying the wallet/account + * @param balance_threshold the balance threshold the wallet is about to cross   * @param[out] reserve_sig resulting signature   */  void  TALER_wallet_account_setup_sign (    const struct TALER_ReservePrivateKeyP *reserve_priv, +  const struct TALER_Amount *balance_threshold,    struct TALER_ReserveSignatureP *reserve_sig); @@ -3204,12 +3206,14 @@ TALER_wallet_account_setup_sign (   * Verify account setup request.   *   * @param reserve_pub reserve the setup request was for + * @param balance_threshold the balance threshold the wallet is about to cross   * @param reserve_sig resulting signature   * @return #GNUNET_OK if the signature is valid   */  enum GNUNET_GenericReturnValue  TALER_wallet_account_setup_verify (    const struct TALER_ReservePublicKeyP *reserve_pub, +  const struct TALER_Amount *balance_threshold,    const struct TALER_ReserveSignatureP *reserve_sig); diff --git a/src/lib/exchange_api_kyc_wallet.c b/src/lib/exchange_api_kyc_wallet.c index 63e4e500..56794b94 100644 --- a/src/lib/exchange_api_kyc_wallet.c +++ b/src/lib/exchange_api_kyc_wallet.c @@ -170,6 +170,7 @@ TALER_EXCHANGE_kyc_wallet (struct TALER_EXCHANGE_Handle *exchange,    GNUNET_CRYPTO_eddsa_key_get_public (&reserve_priv->eddsa_priv,                                        &reserve_pub.eddsa_pub);    TALER_wallet_account_setup_sign (reserve_priv, +                                   balance,                                     &reserve_sig);    req = GNUNET_JSON_PACK (      TALER_JSON_pack_amount ("balance", diff --git a/src/util/wallet_signatures.c b/src/util/wallet_signatures.c index 5efcc5d6..6866ca19 100644 --- a/src/util/wallet_signatures.c +++ b/src/util/wallet_signatures.c @@ -604,36 +604,68 @@ TALER_wallet_withdraw_verify (  } +GNUNET_NETWORK_STRUCT_BEGIN + + +/** + * @brief Format used for to generate the signature on a request to withdraw + * coins from a reserve. + */ +struct TALER_AccountSetupRequestSignaturePS +{ + +  /** +   * Purpose must be #TALER_SIGNATURE_WALLET_ACCOUNT_SETUP. +   * Used with an EdDSA signature of a `struct TALER_ReservePublicKeyP`. +   */ +  struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + +  /** +   * Balance threshold the wallet is about to cross. +   */ +  struct TALER_AmountNBO threshold; + +}; + + +GNUNET_NETWORK_STRUCT_END + +  void  TALER_wallet_account_setup_sign (    const struct TALER_ReservePrivateKeyP *reserve_priv, +  const struct TALER_Amount *balance_threshold,    struct TALER_ReserveSignatureP *reserve_sig)  { -  struct GNUNET_CRYPTO_EccSignaturePurpose purpose = { -    .size = htonl (sizeof (purpose)), -    .purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP) +  struct TALER_AccountSetupRequestSignaturePS asap = { +    .purpose.size = htonl (sizeof (asap)), +    .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP)    }; -  GNUNET_assert (GNUNET_OK == -                 GNUNET_CRYPTO_eddsa_sign_ (&reserve_priv->eddsa_priv, -                                            &purpose, -                                            &reserve_sig->eddsa_signature)); +  TALER_amount_hton (&asap.threshold, +                     balance_threshold); +  GNUNET_CRYPTO_eddsa_sign (&reserve_priv->eddsa_priv, +                            &asap, +                            &reserve_sig->eddsa_signature);  }  enum GNUNET_GenericReturnValue  TALER_wallet_account_setup_verify (    const struct TALER_ReservePublicKeyP *reserve_pub, +  const struct TALER_Amount *balance_threshold,    const struct TALER_ReserveSignatureP *reserve_sig)  { -  struct GNUNET_CRYPTO_EccSignaturePurpose purpose = { -    .size = htonl (sizeof (purpose)), -    .purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP) +  struct TALER_AccountSetupRequestSignaturePS asap = { +    .purpose.size = htonl (sizeof (asap)), +    .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP)    }; -  return GNUNET_CRYPTO_eddsa_verify_ ( +  TALER_amount_hton (&asap.threshold, +                     balance_threshold); +  return GNUNET_CRYPTO_eddsa_verify (      TALER_SIGNATURE_WALLET_ACCOUNT_SETUP, -    &purpose, +    &asap,      &reserve_sig->eddsa_signature,      &reserve_pub->eddsa_pub);  } @@ -641,6 +673,7 @@ TALER_wallet_account_setup_verify (  GNUNET_NETWORK_STRUCT_BEGIN +  /**   * Response by which a wallet requests a full   * reserve history and indicates it is willing | 
