Merge branch 'master' of git.taler.net:exchange

1 files changed, 14 insertions, 3 deletions

diff --git a/src/util/crypto.c b/src/util/crypto.c
index b44c31ff..95eb11eb 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -77,22 +77,33 @@ TALER_gcrypt_init ()
  * is not expired, and the signature is correct.
  *
  * @param coin_public_info the coin public info to check for validity
+ * @param denom_pub denomination key, must match @a coin_public_info's `denom_pub_hash`
  * @return #GNUNET_YES if the coin is valid,
  *         #GNUNET_NO if it is invalid
  *         #GNUNET_SYSERR if an internal error occured
  */
 int
-TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info)
+TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info,
+                       const struct TALER_DenominationPublicKey *denom_pub)
 {
   struct GNUNET_HashCode c_hash;
-
+#if 1 /* sanity check of invariant, could probably be disabled in production
+         for slightly more performance */
+  struct GNUNET_HashCode d_hash;
+
+  GNUNET_CRYPTO_rsa_public_key_hash (denom_pub->rsa_public_key,
+                                     &d_hash);
+  GNUNET_assert (0 ==
+                 GNUNET_memcmp (&d_hash,
+                                &coin_public_info->denom_pub_hash));
+#endif
   GNUNET_CRYPTO_hash (&coin_public_info->coin_pub,
                       sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
                       &c_hash);
   if (GNUNET_OK !=
       GNUNET_CRYPTO_rsa_verify (&c_hash,
                                 coin_public_info->denom_sig.rsa_signature,
-                                coin_public_info->denom_pub.rsa_public_key))
+                                denom_pub->rsa_public_key))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                 "coin signature is invalid\n");