From 21959eebd2256a3fb72173488cf366868179ee13 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 6 Dec 2022 13:02:54 +0100 Subject: [PATCH] fix FIXME: sign also over balance during account-setup --- .../taler-exchange-httpd_kyc-wallet.c | 5 +- src/include/taler_crypto_lib.h | 4 ++ src/lib/exchange_api_kyc_wallet.c | 1 + src/util/wallet_signatures.c | 57 +++++++++++++++---- 4 files changed, 51 insertions(+), 16 deletions(-) diff --git a/src/exchange/taler-exchange-httpd_kyc-wallet.c b/src/exchange/taler-exchange-httpd_kyc-wallet.c index 81acde4c3..1111b6788 100644 --- a/src/exchange/taler-exchange-httpd_kyc-wallet.c +++ b/src/exchange/taler-exchange-httpd_kyc-wallet.c @@ -164,8 +164,6 @@ TEH_handler_kyc_wallet ( &reserve_sig), GNUNET_JSON_spec_fixed_auto ("reserve_pub", &reserve_pub), - // FIXME: add balance threshold crossed to the request - // to spec and client API! TALER_JSON_spec_amount ("balance", TEH_currency, &krc.balance), @@ -184,10 +182,9 @@ TEH_handler_kyc_wallet ( return MHD_YES; /* failure */ TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; - // FIXME: add balance threshold crossed to - // what the wallet signs over! if (GNUNET_OK != TALER_wallet_account_setup_verify (&reserve_pub, + &krc.balance, &reserve_sig)) { GNUNET_break_op (0); diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 4fdda39e0..97e82b4c3 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -3192,11 +3192,13 @@ TALER_wallet_reserve_close_verify ( * Sign a request by a wallet to perform a KYC check. * * @param reserve_priv key identifying the wallet/account + * @param balance_threshold the balance threshold the wallet is about to cross * @param[out] reserve_sig resulting signature */ void TALER_wallet_account_setup_sign ( const struct TALER_ReservePrivateKeyP *reserve_priv, + const struct TALER_Amount *balance_threshold, struct TALER_ReserveSignatureP *reserve_sig); @@ -3204,12 +3206,14 @@ TALER_wallet_account_setup_sign ( * Verify account setup request. * * @param reserve_pub reserve the setup request was for + * @param balance_threshold the balance threshold the wallet is about to cross * @param reserve_sig resulting signature * @return #GNUNET_OK if the signature is valid */ enum GNUNET_GenericReturnValue TALER_wallet_account_setup_verify ( const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_Amount *balance_threshold, const struct TALER_ReserveSignatureP *reserve_sig); diff --git a/src/lib/exchange_api_kyc_wallet.c b/src/lib/exchange_api_kyc_wallet.c index 63e4e500e..56794b94e 100644 --- a/src/lib/exchange_api_kyc_wallet.c +++ b/src/lib/exchange_api_kyc_wallet.c @@ -170,6 +170,7 @@ TALER_EXCHANGE_kyc_wallet (struct TALER_EXCHANGE_Handle *exchange, GNUNET_CRYPTO_eddsa_key_get_public (&reserve_priv->eddsa_priv, &reserve_pub.eddsa_pub); TALER_wallet_account_setup_sign (reserve_priv, + balance, &reserve_sig); req = GNUNET_JSON_PACK ( TALER_JSON_pack_amount ("balance", diff --git a/src/util/wallet_signatures.c b/src/util/wallet_signatures.c index 5efcc5d64..6866ca19b 100644 --- a/src/util/wallet_signatures.c +++ b/src/util/wallet_signatures.c @@ -604,36 +604,68 @@ TALER_wallet_withdraw_verify ( } +GNUNET_NETWORK_STRUCT_BEGIN + + +/** + * @brief Format used for to generate the signature on a request to withdraw + * coins from a reserve. + */ +struct TALER_AccountSetupRequestSignaturePS +{ + + /** + * Purpose must be #TALER_SIGNATURE_WALLET_ACCOUNT_SETUP. + * Used with an EdDSA signature of a `struct TALER_ReservePublicKeyP`. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Balance threshold the wallet is about to cross. + */ + struct TALER_AmountNBO threshold; + +}; + + +GNUNET_NETWORK_STRUCT_END + + void TALER_wallet_account_setup_sign ( const struct TALER_ReservePrivateKeyP *reserve_priv, + const struct TALER_Amount *balance_threshold, struct TALER_ReserveSignatureP *reserve_sig) { - struct GNUNET_CRYPTO_EccSignaturePurpose purpose = { - .size = htonl (sizeof (purpose)), - .purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP) + struct TALER_AccountSetupRequestSignaturePS asap = { + .purpose.size = htonl (sizeof (asap)), + .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP) }; - GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign_ (&reserve_priv->eddsa_priv, - &purpose, - &reserve_sig->eddsa_signature)); + TALER_amount_hton (&asap.threshold, + balance_threshold); + GNUNET_CRYPTO_eddsa_sign (&reserve_priv->eddsa_priv, + &asap, + &reserve_sig->eddsa_signature); } enum GNUNET_GenericReturnValue TALER_wallet_account_setup_verify ( const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_Amount *balance_threshold, const struct TALER_ReserveSignatureP *reserve_sig) { - struct GNUNET_CRYPTO_EccSignaturePurpose purpose = { - .size = htonl (sizeof (purpose)), - .purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP) + struct TALER_AccountSetupRequestSignaturePS asap = { + .purpose.size = htonl (sizeof (asap)), + .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_ACCOUNT_SETUP) }; - return GNUNET_CRYPTO_eddsa_verify_ ( + TALER_amount_hton (&asap.threshold, + balance_threshold); + return GNUNET_CRYPTO_eddsa_verify ( TALER_SIGNATURE_WALLET_ACCOUNT_SETUP, - &purpose, + &asap, &reserve_sig->eddsa_signature, &reserve_pub->eddsa_pub); } @@ -641,6 +673,7 @@ TALER_wallet_account_setup_verify ( GNUNET_NETWORK_STRUCT_BEGIN + /** * Response by which a wallet requests a full * reserve history and indicates it is willing