exchange/src/mint/taler-mint-httpd_db.c

1248 lines
45 KiB
C
Raw Normal View History

/*
This file is part of TALER
2015-01-29 00:46:08 +01:00
(C) 2014, 2015 Christian Grothoff (and other contributing authors)
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler-mint-httpd_db.c
2015-01-28 22:35:57 +01:00
* @brief High-level (transactional-layer) database operations for the mint.
* @author Christian Grothoff
2015-01-19 21:09:47 +01:00
*
* TODO:
* - actually abstract DB implementation (i.e. via plugin logic)
2015-01-28 22:35:57 +01:00
* (this file should remain largely unchanged with the exception
* of the PQ-specific DB handle types)
2015-01-29 20:27:57 +01:00
* - /refresh/link:
* + check low-level API
2015-01-29 20:41:11 +01:00
* + separate DB logic from response generation
* + check for leaks
*/
#include "platform.h"
#include <pthread.h>
#include <jansson.h>
#include "taler-mint-httpd_db.h"
#include "taler_signatures.h"
#include "taler-mint-httpd_keys.h"
#include "taler-mint-httpd_responses.h"
#include "mint_db.h"
2015-01-28 20:55:15 +01:00
#include "taler_util.h"
2015-01-28 21:08:19 +01:00
#include "taler-mint-httpd_keystate.h"
/**
* Get an amount in the mint's currency that is zero.
*
* @return zero amount in the mint's currency
*/
static struct TALER_Amount
mint_amount_native_zero ()
{
struct TALER_Amount amount;
memset (&amount,
0,
sizeof (amount));
memcpy (amount.currency,
MINT_CURRENCY,
strlen (MINT_CURRENCY) + 1);
return amount;
}
/**
* Execute a deposit. The validity of the coin and signature
* have already been checked. The database must now check that
* the coin is not (double or over) spent, and execute the
* transaction (record details, generate success or failure response).
*
* @param connection the MHD connection to handle
* @param deposit information about the deposit
* @return MHD result code
*/
int
TALER_MINT_db_execute_deposit (struct MHD_Connection *connection,
const struct Deposit *deposit)
{
PGconn *db_conn;
2015-01-28 22:18:53 +01:00
struct TALER_MINT_DB_TransactionList *tl;
struct TALER_MINT_DB_TransactionList *pos;
struct TALER_Amount spent;
struct TALER_Amount value;
struct TALER_Amount fee_deposit;
struct TALER_Amount fee_withdraw;
struct TALER_Amount fee_refresh;
struct MintKeyState *mks;
struct TALER_MINT_DenomKeyIssuePriv *dki;
int ret;
if (NULL == (db_conn = TALER_MINT_DB_get_connection ()))
{
GNUNET_break (0);
2015-01-21 14:21:58 +01:00
return TALER_MINT_reply_internal_db_error (connection);
}
2015-01-28 22:18:53 +01:00
if (GNUNET_YES ==
TALER_MINT_DB_have_deposit (db_conn,
deposit))
{
return TALER_MINT_reply_deposit_success (connection,
&deposit->coin.coin_pub,
&deposit->h_wire,
&deposit->h_contract,
deposit->transaction_id,
&deposit->merchant_pub,
&deposit->amount);
}
mks = TALER_MINT_key_state_acquire ();
dki = TALER_MINT_get_denom_key (mks,
deposit->coin.denom_pub);
value = TALER_amount_ntoh (dki->issue.value);
fee_deposit = TALER_amount_ntoh (dki->issue.fee_deposit);
fee_refresh = TALER_amount_ntoh (dki->issue.fee_refresh);
TALER_MINT_key_state_release (mks);
2015-01-28 22:18:53 +01:00
if (GNUNET_OK !=
TALER_MINT_DB_transaction (db_conn))
{
GNUNET_break (0);
return TALER_MINT_reply_internal_db_error (connection);
}
tl = TALER_MINT_DB_get_coin_transactions (db_conn,
&deposit->coin.coin_pub);
spent = fee_withdraw; /* fee for THIS transaction */
/* FIXME: need to deal better with integer overflows
2015-01-29 19:01:29 +01:00
in the logic that follows! (change amount.c API! -- #3637) */
spent = TALER_amount_add (spent,
deposit->amount);
for (pos = tl; NULL != pos; pos = pos->next)
{
switch (pos->type)
{
case TALER_MINT_DB_TT_DEPOSIT:
spent = TALER_amount_add (spent,
pos->details.deposit->amount);
spent = TALER_amount_add (spent,
fee_deposit);
break;
case TALER_MINT_DB_TT_REFRESH_MELT:
spent = TALER_amount_add (spent,
pos->details.melt->amount);
spent = TALER_amount_add (spent,
fee_refresh);
break;
case TALER_MINT_DB_TT_LOCK:
/* should check if lock is still active,
and if it is for THIS operation; if
lock is inactive, delete it; if lock
is for THIS operation, ignore it;
if lock is for another operation,
count it! */
2015-01-29 19:01:29 +01:00
GNUNET_assert (0); // FIXME: not implemented! (#3625)
break;
}
}
if (0 < TALER_amount_cmp (spent, value))
{
TALER_MINT_DB_rollback (db_conn);
ret = TALER_MINT_reply_insufficient_funds (connection,
tl);
TALER_MINT_DB_free_coin_transaction_list (tl);
return ret;
}
2015-01-28 22:47:03 +01:00
TALER_MINT_DB_free_coin_transaction_list (tl);
2015-01-28 22:47:03 +01:00
if (GNUNET_OK !=
TALER_MINT_DB_insert_deposit (db_conn,
deposit))
{
LOG_WARNING ("Failed to store /deposit information in database\n");
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_db_error (connection);
}
2015-01-28 22:47:03 +01:00
if (GNUNET_OK !=
TALER_MINT_DB_commit (db_conn))
{
2015-01-28 22:47:03 +01:00
LOG_WARNING ("/deposit transaction commit failed\n");
return TALER_MINT_reply_commit_error (connection);
}
2015-01-28 15:35:41 +01:00
return TALER_MINT_reply_deposit_success (connection,
&deposit->coin.coin_pub,
&deposit->h_wire,
&deposit->h_contract,
deposit->transaction_id,
&deposit->merchant_pub,
&deposit->amount);
}
/**
2015-01-29 18:46:34 +01:00
* Execute a /withdraw/status. Given the public key of a reserve,
* return the associated transaction history.
*
* @param connection the MHD connection to handle
* @param reserve_pub public key of the reserve to check
* @return MHD result code
*/
int
TALER_MINT_db_execute_withdraw_status (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EddsaPublicKey *reserve_pub)
{
PGconn *db_conn;
struct ReserveHistory *rh;
int res;
if (NULL == (db_conn = TALER_MINT_DB_get_connection ()))
{
GNUNET_break (0);
2015-01-21 14:21:58 +01:00
return TALER_MINT_reply_internal_db_error (connection);
}
rh = TALER_MINT_DB_get_reserve_history (db_conn,
reserve_pub);
if (NULL == rh)
return TALER_MINT_reply_json_pack (connection,
MHD_HTTP_NOT_FOUND,
"{s:s}",
"error", "Reserve not found");
res = TALER_MINT_reply_withdraw_status_success (connection,
rh);
TALER_MINT_DB_free_reserve_history (rh);
return res;
}
/**
2015-01-29 18:46:34 +01:00
* Execute a "/withdraw/sign". Given a reserve and a properly signed
* request to withdraw a coin, check the balance of the reserve and
* if it is sufficient, store the request and return the signed
* blinded envelope.
*
* @param connection the MHD connection to handle
* @param reserve public key of the reserve
* @param denomination_pub public key of the denomination requested
* @param blinded_msg blinded message to be signed
* @param blinded_msg_len number of bytes in @a blinded_msg
* @param signature signature over the withdraw request, to be stored in DB
* @return MHD result code
*/
int
TALER_MINT_db_execute_withdraw_sign (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EddsaPublicKey *reserve,
const struct GNUNET_CRYPTO_rsa_PublicKey *denomination_pub,
const char *blinded_msg,
size_t blinded_msg_len,
const struct GNUNET_CRYPTO_EddsaSignature *signature)
{
PGconn *db_conn;
struct ReserveHistory *rh;
2015-01-29 00:45:07 +01:00
const struct ReserveHistory *pos;
struct MintKeyState *key_state;
struct CollectableBlindcoin collectable;
struct TALER_MINT_DenomKeyIssuePriv *dki;
2015-01-29 00:45:07 +01:00
struct TALER_MINT_DenomKeyIssuePriv *tdki;
struct GNUNET_CRYPTO_rsa_Signature *sig;
struct TALER_Amount amount_required;
2015-01-29 00:45:07 +01:00
struct TALER_Amount deposit_total;
struct TALER_Amount withdraw_total;
struct TALER_Amount balance;
struct TALER_Amount value;
struct GNUNET_HashCode h_blind;
int res;
GNUNET_CRYPTO_hash (blinded_msg,
blinded_msg_len,
&h_blind);
if (NULL == (db_conn = TALER_MINT_DB_get_connection ()))
{
GNUNET_break (0);
2015-01-21 14:21:58 +01:00
return TALER_MINT_reply_internal_db_error (connection);
}
res = TALER_MINT_DB_get_collectable_blindcoin (db_conn,
&h_blind,
&collectable);
if (GNUNET_SYSERR == res)
{
GNUNET_break (0);
return TALER_MINT_reply_internal_db_error (connection);
}
/* Don't sign again if we have already signed the coin */
if (GNUNET_YES == res)
{
res = TALER_MINT_reply_withdraw_sign_success (connection,
&collectable);
GNUNET_CRYPTO_rsa_signature_free (collectable.sig);
return res;
}
GNUNET_assert (GNUNET_NO == res);
2015-01-29 00:45:07 +01:00
/* Check if balance is sufficient */
key_state = TALER_MINT_key_state_acquire ();
dki = TALER_MINT_get_denom_key (key_state,
denomination_pub);
if (NULL == dki)
2015-01-29 00:45:07 +01:00
{
TALER_MINT_key_state_release (key_state);
return TALER_MINT_reply_json_pack (connection,
MHD_HTTP_NOT_FOUND,
"{s:s}",
"error",
"Denomination not found");
2015-01-29 00:45:07 +01:00
}
if (GNUNET_OK !=
TALER_MINT_DB_transaction (db_conn))
{
GNUNET_break (0);
TALER_MINT_key_state_release (key_state);
return TALER_MINT_reply_internal_db_error (connection);
}
2015-01-29 00:45:07 +01:00
rh = TALER_MINT_DB_get_reserve_history (db_conn,
reserve);
if (NULL == rh)
{
TALER_MINT_DB_rollback (db_conn);
TALER_MINT_key_state_release (key_state);
return TALER_MINT_reply_json_pack (connection,
2015-01-29 00:45:07 +01:00
MHD_HTTP_NOT_FOUND,
"{s:s}",
"error",
2015-01-29 00:45:07 +01:00
"Reserve not found");
}
/* calculate amount required including fees */
amount_required = TALER_amount_add (TALER_amount_ntoh (dki->issue.value),
TALER_amount_ntoh (dki->issue.fee_withdraw));
2015-01-29 00:45:07 +01:00
/* calculate balance of the reserve */
res = 0;
for (pos = rh; NULL != pos; pos = pos->next)
{
switch (pos->type)
{
case TALER_MINT_DB_RO_BANK_TO_MINT:
if (0 == (res & 1))
deposit_total = pos->details.bank->amount;
else
deposit_total = TALER_amount_add (deposit_total,
pos->details.bank->amount);
res |= 1;
break;
case TALER_MINT_DB_RO_WITHDRAW_COIN:
tdki = TALER_MINT_get_denom_key (key_state,
pos->details.withdraw->denom_pub);
value = TALER_amount_ntoh (tdki->issue.value);
if (0 == (res & 2))
withdraw_total = value;
else
withdraw_total = TALER_amount_add (withdraw_total,
value);
res |= 2;
break;
}
}
2015-01-29 00:45:07 +01:00
/* FIXME: good place to assert deposit_total > withdraw_total... */
balance = TALER_amount_subtract (deposit_total,
withdraw_total);
if (0 < TALER_amount_cmp (amount_required,
balance))
{
TALER_MINT_key_state_release (key_state);
TALER_MINT_DB_rollback (db_conn);
res = TALER_MINT_reply_withdraw_sign_insufficient_funds (connection,
rh);
TALER_MINT_DB_free_reserve_history (rh);
return res;
}
TALER_MINT_DB_free_reserve_history (rh);
/* Balance is good, sign the coin! */
sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv,
blinded_msg,
blinded_msg_len);
2015-01-29 00:45:07 +01:00
TALER_MINT_key_state_release (key_state);
if (NULL == sig)
{
GNUNET_break (0);
2015-01-29 00:45:07 +01:00
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_error (connection,
"Internal error");
}
2015-01-29 00:45:07 +01:00
// FIXME: can we avoid the cast?
2015-01-27 15:22:34 +01:00
collectable.denom_pub = (struct GNUNET_CRYPTO_rsa_PublicKey *) denomination_pub;
collectable.sig = sig;
2015-01-27 15:22:34 +01:00
collectable.reserve_pub = *reserve;
collectable.reserve_sig = *signature;
if (GNUNET_OK !=
TALER_MINT_DB_insert_collectable_blindcoin (db_conn,
&h_blind,
&collectable))
{
GNUNET_break (0);
GNUNET_CRYPTO_rsa_signature_free (sig);
2015-01-29 00:45:07 +01:00
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_db_error (connection);
}
2015-01-29 00:45:07 +01:00
if (GNUNET_OK !=
TALER_MINT_DB_commit (db_conn))
{
LOG_WARNING ("/withdraw/sign transaction commit failed\n");
return TALER_MINT_reply_commit_error (connection);
}
res = TALER_MINT_reply_withdraw_sign_success (connection,
&collectable);
GNUNET_CRYPTO_rsa_signature_free (sig);
2015-01-29 00:45:07 +01:00
return res;
}
/**
* Parse coin melt requests from a JSON object and write them to
* the database.
*
* @param connection the connection to send errors to
* @param db_conn the database connection
* @param key_state the mint's key state
* @param session_pub the refresh session's public key
2015-01-30 15:34:01 +01:00
* @param coin_public_info the coin to melt
* @param coin_details details about the coin being melted
* @param oldcoin_index what is the number assigned to this coin
* @return #GNUNET_OK on success,
* #GNUNET_NO if an error message was generated,
* #GNUNET_SYSERR on internal errors (no response generated)
*/
static int
refresh_accept_melts (struct MHD_Connection *connection,
PGconn *db_conn,
const struct MintKeyState *key_state,
const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub,
2015-01-30 15:34:01 +01:00
const struct TALER_CoinPublicInfo *coin_public_info,
const struct MeltDetails *coin_details,
uint16_t oldcoin_index)
{
2015-01-30 15:34:01 +01:00
struct TALER_MINT_DenomKeyIssue *dki;
struct TALER_MINT_DB_TransactionList *tl;
struct TALER_Amount coin_gain;
struct RefreshMelt melt;
2015-01-30 15:34:01 +01:00
dki = &TALER_MINT_get_denom_key (key_state,
coin_public_info->denom_pub)->issue;
2015-01-30 15:34:01 +01:00
if (NULL == dki)
return (MHD_YES ==
TALER_MINT_reply_json_pack (connection,
MHD_HTTP_NOT_FOUND,
"{s:s}",
"error",
"denom not found"))
? GNUNET_NO : GNUNET_SYSERR;
coin_gain = TALER_amount_ntoh (dki->value);
tl = TALER_MINT_DB_get_coin_transactions (db_conn,
&coin_public_info->coin_pub);
/* FIXME: #3636: compute how much value is left with this coin and
compare to `expected_value`! (subtract from "coin_gain") */
TALER_MINT_DB_free_coin_transaction_list (tl);
2015-01-30 15:34:01 +01:00
/* Refuse to refresh when the coin does not have enough money left to
* pay the refreshing fees of the coin. */
2015-01-30 15:34:01 +01:00
if (TALER_amount_cmp (coin_gain,
coin_details->melt_amount) < 0)
return (MHD_YES ==
TALER_MINT_reply_json_pack (connection,
MHD_HTTP_NOT_FOUND,
"{s:s}",
"error", "depleted")) ? GNUNET_NO : GNUNET_SYSERR;
2015-01-28 22:18:53 +01:00
2015-01-30 15:34:01 +01:00
melt.coin = *coin_public_info;
melt.coin_sig = coin_details->melt_sig;
melt.amount = coin_details->melt_amount;
if (GNUNET_OK !=
TALER_MINT_DB_insert_refresh_melt (db_conn,
session_pub,
oldcoin_index,
&melt))
{
GNUNET_break (0);
return GNUNET_SYSERR;
}
return GNUNET_OK;
}
/**
2015-01-29 18:46:34 +01:00
* Execute a "/refresh/melt". We have been given a list of valid
* coins and a request to melt them into the given
* @a refresh_session_pub. Check that the coins all have the
* required value left and if so, store that they have been
* melted and confirm the melting operation to the client.
*
* @param connection the MHD connection to handle
* @param refresh_session_pub public key of the refresh session
* @param client_signature signature of the client (matching @a refresh_session_pub)
* over the melting request
* @param num_new_denoms number of entries in @a denom_pubs
2015-01-29 18:46:34 +01:00
* @param denum_pubs public keys of the coins we want to withdraw in the end
2015-01-30 15:34:01 +01:00
* @param coin_count number of entries in @a coin_public_infos and @a coin_melt_details
* @param coin_public_infos information about the coins to melt
2015-01-30 15:34:01 +01:00
* @param coin_melt_details signatures and (residual) value of the respective coin should be melted
* @return MHD result code
*/
int
TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub,
const struct GNUNET_CRYPTO_EddsaSignature *client_signature,
unsigned int num_new_denoms,
2015-01-27 18:57:29 +01:00
struct GNUNET_CRYPTO_rsa_PublicKey *const*denom_pubs,
unsigned int coin_count,
2015-01-30 15:34:01 +01:00
const struct TALER_CoinPublicInfo *coin_public_infos,
const struct MeltDetails *coin_melt_details)
{
struct MintKeyState *key_state;
struct RefreshSession session;
PGconn *db_conn;
int res;
2015-01-30 15:34:01 +01:00
unsigned int i;
if (NULL == (db_conn = TALER_MINT_DB_get_connection ()))
{
2015-01-21 14:21:58 +01:00
GNUNET_break (0);
return TALER_MINT_reply_internal_db_error (connection);
}
if (GNUNET_OK !=
TALER_MINT_DB_transaction (db_conn))
{
GNUNET_break (0);
return TALER_MINT_reply_internal_db_error (connection);
}
res = TALER_MINT_DB_get_refresh_session (db_conn,
refresh_session_pub,
&session);
if (GNUNET_YES == res)
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_refresh_melt_success (connection,
&session.melt_sig,
2015-01-29 20:27:57 +01:00
refresh_session_pub,
session.kappa);
}
if (GNUNET_SYSERR == res)
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_db_error (connection);
}
2015-01-30 15:34:01 +01:00
/* Melt old coins and check that they had enough residual value */
key_state = TALER_MINT_key_state_acquire ();
for (i=0;i<coin_count;i++)
{
if (GNUNET_OK !=
(res = refresh_accept_melts (connection,
db_conn,
key_state,
refresh_session_pub,
&coin_public_infos[i],
&coin_melt_details[i],
i)))
{
TALER_MINT_key_state_release (key_state);
TALER_MINT_DB_rollback (db_conn);
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
}
}
TALER_MINT_key_state_release (key_state);
/* store requested new denominations */
for (i=0;i<num_new_denoms;i++)
{
if (GNUNET_OK !=
TALER_MINT_DB_insert_refresh_order (db_conn,
refresh_session_pub,
i,
denom_pubs[i]))
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_db_error (connection);
}
}
/* store 'global' session data */
session.melt_sig = *client_signature;
session.num_oldcoins = coin_count;
session.num_newcoins = num_new_denoms;
2015-01-29 20:27:57 +01:00
session.kappa = KAPPA;
session.noreveal_index = UINT16_MAX;
session.has_commit_sig = GNUNET_NO;
if (GNUNET_OK !=
(res = TALER_MINT_DB_create_refresh_session (db_conn,
refresh_session_pub,
&session)))
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_db_error (connection);
}
2015-01-29 00:45:07 +01:00
if (GNUNET_OK !=
TALER_MINT_DB_commit (db_conn))
{
2015-01-29 00:45:07 +01:00
LOG_WARNING ("/refresh/melt transaction commit failed\n");
return TALER_MINT_reply_commit_error (connection);
}
return TALER_MINT_reply_refresh_melt_success (connection,
client_signature,
2015-01-29 20:27:57 +01:00
refresh_session_pub,
session.kappa);
}
/**
2015-01-29 18:46:34 +01:00
* Execute a "/refresh/commit". The client is committing to @a kappa
* sets of transfer keys, and linkage information for a refresh
* operation. Confirm that the commit matches the melts of an
* existing @a refresh_session_pub, store the refresh session commit
* data and then return the client a challenge specifying which of the
* @a kappa sets of private transfer keys should not be revealed.
*
* @param connection the MHD connection to handle
* @param refresh_session public key of the session
* @param commit_client_sig signature of the client over this commitment
* @param kappa size of x-dimension of @commit_coin and @commit_link arrays
2015-01-27 18:35:17 +01:00
* @param num_oldcoins size of y-dimension of @commit_link array
* @param num_newcoins size of y-dimension of @commit_coin array
2015-01-29 18:46:34 +01:00
* @param commit_coin 2d array of coin commitments (what the mint is to sign
* once the "/refres/reveal" of cut and choose is done)
* @param commit_link 2d array of coin link commitments (what the mint is
* to return via "/refresh/link" to enable linkage in the
* future)
* @return MHD result code
*/
int
TALER_MINT_db_execute_refresh_commit (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub,
const struct GNUNET_CRYPTO_EddsaSignature *commit_client_sig,
unsigned int kappa,
unsigned int num_oldcoins,
unsigned int num_newcoins,
struct RefreshCommitCoin *const*commit_coin,
struct RefreshCommitLink *const*commit_link)
{
PGconn *db_conn;
struct RefreshSession refresh_session;
unsigned int i;
unsigned int j;
int res;
if (NULL == (db_conn = TALER_MINT_DB_get_connection ()))
{
GNUNET_break (0);
2015-01-21 14:21:58 +01:00
return TALER_MINT_reply_internal_db_error (connection);
}
if (GNUNET_OK !=
TALER_MINT_DB_transaction (db_conn))
{
GNUNET_break (0);
return TALER_MINT_reply_internal_db_error (connection);
}
res = TALER_MINT_DB_get_refresh_session (db_conn,
refresh_session_pub,
&refresh_session);
if (GNUNET_SYSERR == res)
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_db_error (connection);
}
if (GNUNET_NO == res)
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_arg_invalid (connection,
"session_pub");
}
if ( (refresh_session.kappa != kappa) ||
(refresh_session.num_newcoins != num_newcoins) ||
(refresh_session.num_oldcoins != num_oldcoins) )
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_arg_invalid (connection,
"dimensions");
}
if (GNUNET_YES == refresh_session.has_commit_sig)
{
TALER_MINT_DB_rollback (db_conn);
res = TALER_MINT_reply_refresh_commit_success (connection,
&refresh_session);
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
}
for (i = 0; i < kappa; i++)
{
for (j = 0; j < num_newcoins; j++)
{
if (GNUNET_OK !=
TALER_MINT_DB_insert_refresh_commit_coin (db_conn,
2015-01-27 18:35:17 +01:00
refresh_session_pub,
i,
j,
&commit_coin[i][j]))
{
2015-01-28 22:47:03 +01:00
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_db_error (connection);
}
}
}
for (i = 0; i < kappa; i++)
{
for (j = 0; j < num_oldcoins; j++)
{
if (GNUNET_OK !=
2015-01-27 18:35:17 +01:00
TALER_MINT_DB_insert_refresh_commit_link (db_conn,
refresh_session_pub,
i,
j,
&commit_link[i][j]))
{
2015-01-28 22:47:03 +01:00
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_db_error (connection);
}
}
}
refresh_session.noreveal_index
= GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_STRONG,
refresh_session.kappa);
2015-01-29 00:45:07 +01:00
if (GNUNET_OK !=
(res = TALER_MINT_DB_update_refresh_session (db_conn,
refresh_session_pub,
refresh_session.noreveal_index,
commit_client_sig)))
{
TALER_MINT_DB_rollback (db_conn);
2015-01-29 00:45:07 +01:00
return TALER_MINT_reply_internal_db_error (connection);
}
2015-01-29 00:45:07 +01:00
if (GNUNET_OK !=
TALER_MINT_DB_commit (db_conn))
{
2015-01-29 00:45:07 +01:00
LOG_WARNING ("/refresh/commit transaction commit failed\n");
return TALER_MINT_reply_commit_error (connection);
}
return TALER_MINT_reply_refresh_commit_success (connection, &refresh_session);
}
/**
* Check if the given @a transfer_privs correspond to an honest
* commitment for the given session.
* Checks that the transfer private keys match their commitments.
* Then derives the shared secret for each kappa, and check that they match.
*
* @param connection the MHD connection to handle
* @param db_conn database connection to use
* @param refresh_session session to query
* @param off commitment offset to check
* @param num_oldcoins size of the @a transfer_privs and @a melts arrays
* @param transfer_privs private transfer keys
* @param melts array of melted coins
* @param num_newcoins number of newcoins being generated
* @param denom_pub array of @a num_newcoins keys for the new coins
* @return #GNUNET_OK if the committment was honest,
* #GNUNET_NO if there was a problem and we generated an error message
* #GNUNET_SYSERR if we could not even generate an error message
*/
static int
check_commitment (struct MHD_Connection *connection,
PGconn *db_conn,
const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session,
unsigned int off,
unsigned int num_oldcoins,
const struct GNUNET_CRYPTO_EcdsaPrivateKey *transfer_privs,
const struct RefreshMelt *melts,
unsigned int num_newcoins,
struct GNUNET_CRYPTO_rsa_PublicKey *const*denom_pubs)
{
unsigned int j;
int res;
struct TALER_LinkSecret last_shared_secret;
int secret_initialized = GNUNET_NO;
for (j = 0; j < num_oldcoins; j++)
{
struct RefreshCommitLink commit_link;
struct TALER_TransferSecret transfer_secret;
struct TALER_LinkSecret shared_secret;
struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub_check;
res = TALER_MINT_DB_get_refresh_commit_link (db_conn,
refresh_session,
off,
j,
&commit_link);
if (GNUNET_OK != res)
{
GNUNET_break (0);
return (MHD_YES == TALER_MINT_reply_internal_db_error (connection))
? GNUNET_NO : GNUNET_SYSERR;
}
GNUNET_CRYPTO_ecdsa_key_get_public (&transfer_privs[j],
&transfer_pub_check);
if (0 !=
memcmp (&transfer_pub_check,
&commit_link.transfer_pub,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"transfer keys do not match\n");
return (MHD_YES == TALER_MINT_reply_external_error (connection,
"Transfer private key missmatch"))
? GNUNET_NO : GNUNET_SYSERR;
}
/* We're converting key types here, which is not very nice
* but necessary and harmless (keys will be thrown away later). */
/* FIXME: ECDHE/ECDSA-key type confusion! Can we reduce/avoid this? */
if (GNUNET_OK !=
GNUNET_CRYPTO_ecc_ecdh ((const struct GNUNET_CRYPTO_EcdhePrivateKey *) &transfer_privs[j],
(const struct GNUNET_CRYPTO_EcdhePublicKey *) &melts[j].coin.coin_pub,
&transfer_secret.key))
{
GNUNET_break (0);
return (MHD_YES == TALER_MINT_reply_internal_error (connection,
"ECDH error"))
? GNUNET_NO : GNUNET_SYSERR;
}
if (GNUNET_OK !=
TALER_transfer_decrypt (&commit_link.shared_secret_enc,
&transfer_secret,
&shared_secret))
{
GNUNET_break (0);
return (MHD_YES == TALER_MINT_reply_internal_error (connection,
"Decryption error"))
? GNUNET_NO : GNUNET_SYSERR;
}
if (GNUNET_NO == secret_initialized)
{
secret_initialized = GNUNET_YES;
last_shared_secret = shared_secret;
}
else if (0 != memcmp (&shared_secret,
&last_shared_secret,
sizeof (struct GNUNET_HashCode)))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"shared secrets do not match\n");
return (MHD_YES == TALER_MINT_reply_external_error (connection,
"Shared secret missmatch"))
? GNUNET_NO : GNUNET_SYSERR;
}
}
GNUNET_break (GNUNET_YES == secret_initialized);
/* Check that the commitments for all new coins were correct */
for (j = 0; j < num_newcoins; j++)
{
struct RefreshCommitCoin commit_coin;
struct TALER_RefreshLinkDecrypted *link_data;
struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub;
struct GNUNET_HashCode h_msg;
char *buf;
size_t buf_len;
res = TALER_MINT_DB_get_refresh_commit_coin (db_conn,
refresh_session,
off,
j,
&commit_coin);
if (GNUNET_OK != res)
{
GNUNET_break (0);
return (MHD_YES == TALER_MINT_reply_internal_db_error (connection))
? GNUNET_NO : GNUNET_SYSERR;
}
link_data = TALER_refresh_decrypt (commit_coin.refresh_link,
&last_shared_secret);
if (NULL == link_data)
{
GNUNET_break (0);
return (MHD_YES == TALER_MINT_reply_internal_error (connection,
"Decryption error"))
? GNUNET_NO : GNUNET_SYSERR;
}
GNUNET_CRYPTO_ecdsa_key_get_public (&link_data->coin_priv,
&coin_pub);
/* FIXME: we had envisioned a more complex scheme to derive
the message to sign for a blinded coin...
FIXME: we should have a function in util/ to do this! */
GNUNET_CRYPTO_hash (&coin_pub,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
&h_msg);
if (0 == (buf_len =
GNUNET_CRYPTO_rsa_blind (&h_msg,
link_data->blinding_key,
denom_pubs[j],
&buf)))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"blind failed\n");
return (MHD_YES == TALER_MINT_reply_internal_error (connection,
"Blinding error"))
? GNUNET_NO : GNUNET_SYSERR;
}
if ( (buf_len != commit_coin.coin_ev_size) ||
(0 != memcmp (buf,
commit_coin.coin_ev,
buf_len)) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"blind envelope does not match for kappa=%u, old=%d\n",
off,
(int) j);
/* FIXME: return more specific error with exact offset */
return (MHD_YES == TALER_MINT_reply_external_error (connection,
"Envelope missmatch"))
? GNUNET_NO : GNUNET_SYSERR;
}
GNUNET_free (buf);
}
return GNUNET_OK;
}
/**
* Mint a coin as part of a refresh operation. Obtains the
* envelope from the database and performs the signing operation.
*
* @param connection the MHD connection to handle
* @param db_conn database connection to use
* @param refresh_session session to query
* @param key_state key state to lookup denomination pubs
* @param denom_pub denomination key for the coin to create
* @param noreveal_index which index should we use to obtain the
* envelope for the coin, based on cut-and-choose
* @param coin_off number of the coin
* @return NULL on error, otherwise signature over the coin
*/
static struct GNUNET_CRYPTO_rsa_Signature *
refresh_mint_coin (struct MHD_Connection *connection,
PGconn *db_conn,
const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session,
struct MintKeyState *key_state,
const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub,
unsigned int noreveal_index,
unsigned int coin_off)
{
struct RefreshCommitCoin commit_coin;
struct TALER_MINT_DenomKeyIssuePriv *dki;
struct GNUNET_CRYPTO_rsa_Signature *ev_sig;
int res;
res = TALER_MINT_DB_get_refresh_commit_coin (db_conn,
refresh_session,
noreveal_index,
coin_off,
&commit_coin);
if (GNUNET_OK != res)
{
GNUNET_break (0);
return NULL;
}
dki = TALER_MINT_get_denom_key (key_state, denom_pub);
if (NULL == dki)
{
GNUNET_break (0);
return NULL;
}
ev_sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv,
commit_coin.coin_ev,
commit_coin.coin_ev_size);
if (NULL == ev_sig)
{
GNUNET_break (0);
return NULL;
}
if (GNUNET_OK !=
TALER_MINT_DB_insert_refresh_collectable (db_conn,
refresh_session,
coin_off,
ev_sig))
{
GNUNET_break (0);
GNUNET_CRYPTO_rsa_signature_free (ev_sig);
return NULL;
}
return ev_sig;
}
/**
2015-01-29 18:46:34 +01:00
* Execute a "/refresh/reveal". The client is revealing to us the
* transfer keys for @a kappa-1 sets of coins. Verify that the
* revealed transfer keys would allow linkage to the blinded coins,
* and if so, return the signed coins for corresponding to the set of
* coins that was not chosen.
*
* @param connection the MHD connection to handle
* @param refresh_session_pub public key of the refresh session
* @param kappa size of x-dimension of @transfer_privs array plus one (!)
* @param num_oldcoins size of y-dimension of @transfer_privs array
* @param transfer_pubs array with the revealed transfer keys
* @return MHD result code
*/
int
TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub,
unsigned int kappa,
unsigned int num_oldcoins,
struct GNUNET_CRYPTO_EcdsaPrivateKey *const*transfer_privs)
{
int res;
PGconn *db_conn;
struct RefreshSession refresh_session;
struct MintKeyState *key_state;
struct RefreshMelt *melts;
struct GNUNET_CRYPTO_rsa_PublicKey **denom_pubs;
struct GNUNET_CRYPTO_rsa_Signature **ev_sigs;
unsigned int i;
unsigned int j;
unsigned int off;
if (NULL == (db_conn = TALER_MINT_DB_get_connection ()))
{
GNUNET_break (0);
return TALER_MINT_reply_internal_db_error (connection);
}
res = TALER_MINT_DB_get_refresh_session (db_conn,
refresh_session_pub,
&refresh_session);
if (GNUNET_NO == res)
return TALER_MINT_reply_arg_invalid (connection,
"session_pub");
if (GNUNET_SYSERR == res)
return TALER_MINT_reply_internal_db_error (connection);
if (0 == refresh_session.num_oldcoins)
{
GNUNET_break (0);
return TALER_MINT_reply_internal_db_error (connection);
}
if ( (refresh_session.noreveal_index >= refresh_session.kappa) ||
(GNUNET_NO == refresh_session.has_commit_sig) )
{
GNUNET_break (UINT16_MAX == refresh_session.noreveal_index);
GNUNET_break (GNUNET_NO == refresh_session.has_commit_sig);
return TALER_MINT_reply_external_error (connection,
"/refresh/commit must be executed first");
}
melts = GNUNET_malloc (refresh_session.num_oldcoins *
sizeof (struct RefreshMelt));
for (j=0;j<refresh_session.num_oldcoins;j++)
{
if (GNUNET_OK !=
TALER_MINT_DB_get_refresh_melt (db_conn,
refresh_session_pub,
j,
&melts[j]))
{
GNUNET_break (0);
GNUNET_free (melts);
return TALER_MINT_reply_internal_db_error (connection);
}
}
denom_pubs = GNUNET_malloc (refresh_session.num_newcoins *
sizeof (struct GNUNET_CRYPTO_rsa_PublicKey *));
for (j=0;j<refresh_session.num_newcoins;j++)
{
denom_pubs[j] = TALER_MINT_DB_get_refresh_order (db_conn,
refresh_session_pub,
j);
if (NULL == denom_pubs[j])
{
GNUNET_break (0);
for (i=0;i<j;i++)
GNUNET_CRYPTO_rsa_public_key_free (denom_pubs[i]);
GNUNET_free (denom_pubs);
GNUNET_free (melts);
return (MHD_YES == TALER_MINT_reply_internal_db_error (connection))
? GNUNET_NO : GNUNET_SYSERR;
}
}
off = 0;
for (i=0;i<refresh_session.kappa - 1;i++)
{
if (i == refresh_session.noreveal_index)
off = 1;
if (GNUNET_OK !=
(res = check_commitment (connection,
db_conn,
refresh_session_pub,
i + off,
refresh_session.num_oldcoins,
transfer_privs[i + off],
melts,
refresh_session.num_newcoins,
denom_pubs)))
{
for (j=0;j<refresh_session.num_newcoins;j++)
GNUNET_CRYPTO_rsa_public_key_free (denom_pubs[j]);
GNUNET_free (denom_pubs);
GNUNET_free (melts);
return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
}
}
GNUNET_free (melts);
/* Client request OK, start transaction */
2015-01-29 00:45:07 +01:00
if (GNUNET_OK !=
TALER_MINT_DB_transaction (db_conn))
{
GNUNET_break (0);
for (j=0;j<refresh_session.num_newcoins;j++)
GNUNET_CRYPTO_rsa_public_key_free (denom_pubs[j]);
GNUNET_free (denom_pubs);
2015-01-29 00:45:07 +01:00
return TALER_MINT_reply_internal_db_error (connection);
}
ev_sigs = GNUNET_malloc (refresh_session.num_newcoins *
sizeof (struct GNUNET_CRYPTO_rsa_Signature *));
key_state = TALER_MINT_key_state_acquire ();
for (j=0;j<refresh_session.num_newcoins;j++)
{
ev_sigs[j] = refresh_mint_coin (connection,
db_conn,
refresh_session_pub,
key_state,
denom_pubs[j],
refresh_session.noreveal_index,
j);
if (NULL == ev_sigs[j])
{
TALER_MINT_key_state_release (key_state);
for (i=0;i<j;i++)
GNUNET_CRYPTO_rsa_signature_free (ev_sigs[i]);
GNUNET_free (ev_sigs);
for (j=0;j<refresh_session.num_newcoins;j++)
GNUNET_CRYPTO_rsa_public_key_free (denom_pubs[j]);
GNUNET_free (denom_pubs);
return TALER_MINT_reply_internal_db_error (connection);
}
}
TALER_MINT_key_state_release (key_state);
for (j=0;j<refresh_session.num_newcoins;j++)
GNUNET_CRYPTO_rsa_public_key_free (denom_pubs[j]);
GNUNET_free (denom_pubs);
2015-01-29 00:45:07 +01:00
if (GNUNET_OK !=
TALER_MINT_DB_commit (db_conn))
{
2015-01-29 00:45:07 +01:00
LOG_WARNING ("/refresh/reveal transaction commit failed\n");
for (i=0;i<refresh_session.num_newcoins;i++)
GNUNET_CRYPTO_rsa_signature_free (ev_sigs[i]);
GNUNET_free (ev_sigs);
2015-01-29 00:45:07 +01:00
return TALER_MINT_reply_commit_error (connection);
}
res = TALER_MINT_reply_refresh_reveal_success (connection,
refresh_session.num_newcoins,
ev_sigs);
for (i=0;i<refresh_session.num_newcoins;i++)
GNUNET_CRYPTO_rsa_signature_free (ev_sigs[i]);
GNUNET_free (ev_sigs);
return res;
}
/**
2015-01-29 18:46:34 +01:00
* Execute a "/refresh/link". Returns the linkage information that
* will allow the owner of a coin to follow the refresh trail to
* the refreshed coin.
*
* @param connection the MHD connection to handle
* @param coin_pub public key of the coin to link
* @return MHD result code
*/
int
TALER_MINT_db_execute_refresh_link (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EcdsaPublicKey *coin_pub)
{
int res;
PGconn *db_conn;
struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub;
struct TALER_EncryptedLinkSecret shared_secret_enc;
struct LinkDataList *ldl;
if (NULL == (db_conn = TALER_MINT_DB_get_connection ()))
{
GNUNET_break (0);
2015-01-21 14:21:58 +01:00
return TALER_MINT_reply_internal_db_error (connection);
}
res = TALER_db_get_transfer (db_conn,
coin_pub,
&transfer_pub,
&shared_secret_enc);
if (GNUNET_SYSERR == res)
{
GNUNET_break (0);
2015-01-29 20:41:11 +01:00
return TALER_MINT_reply_internal_db_error (connection);
}
if (GNUNET_NO == res)
{
return TALER_MINT_reply_json_pack (connection,
MHD_HTTP_NOT_FOUND,
"{s:s}",
"error",
"link data not found (transfer)");
}
GNUNET_assert (GNUNET_OK == res);
ldl = TALER_db_get_link (db_conn, coin_pub);
if (NULL == ldl)
{
return TALER_MINT_reply_json_pack (connection,
MHD_HTTP_NOT_FOUND,
"{s:s}",
"error",
"link data not found (link)");
}
res = TALER_MINT_reply_refresh_link_success (connection,
&transfer_pub,
&shared_secret_enc,
ldl);
TALER_db_link_data_list_free (ldl);
return res;
}
/* end of taler-mint-httpd_db.c */