deduplicate melt signing logic, remove coin_pub from data being signed over

src/auditor/taler-helper-auditor-coins.c

@@ -1287,23 +1287,17 @@ refresh_session_cb (void *cls,
 
   /* verify melt signature */
   {
-    struct TALER_RefreshMeltCoinAffirmationPS rmc = {
+    const struct TALER_DenominationHash h_denom_pub;
-      .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_MELT),
-      .purpose.size = htonl (sizeof (rmc)),
-      .rc = *rc,
-      .melt_fee = issue->fee_refresh,
-      .coin_pub = *coin_pub
-    };
 
     TALER_denom_pub_hash (denom_pub,
                           &rmc.h_denom_pub);
-    TALER_amount_hton (&rmc.amount_with_fee,
-                       amount_with_fee);
     if (GNUNET_OK !=
-        GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_MELT,
+        TALER_wallet_melt_verify (&rmc.amount_with_fee,
-                                    &rmc,
+                                  &issue->fee_refresh,
-                                    &coin_sig->eddsa_signature,
+                                  rc,
-                                    &coin_pub->eddsa_pub))
+                                  &h_denom_pub,
+                                  coin_pub,
+                                  coin_sig))
     {
       TALER_ARL_report (report_bad_sig_losses,
                         GNUNET_JSON_PACK (

src/include/taler_crypto_lib.h

@@ -1723,6 +1723,47 @@ TALER_wallet_deposit_verify (
   const struct TALER_CoinSpendSignatureP *coin_sig);
 
 
+/**
+ * Sign a melt request.
+ *
+ * @param amount the amount to be melted (with fee)
+ * @param melt_fee the melt fee we expect to pay
+ * @param rc refresh session we are committed to
+ * @param h_denom_pub hash of the coin denomination's public key
+ * @param coin_priv coin’s private key
+ * @param[out] coin_sig set to the signature made with purpose #TALER_SIGNATURE_WALLET_COIN_MELT
+ */
+void
+TALER_wallet_melt_sign (
+  const struct TALER_Amount *amount_with_fee,
+  const struct TALER_Amount *melt_fee,
+  const struct TALER_RefreshCommitmentP *rc,
+  const struct TALER_DenominationHash *h_denom_pub,
+  const struct TALER_CoinSpendPrivateKeyP *coin_priv,
+  struct TALER_CoinSpendSignatureP *coin_sig);
+
+
+/**
+ * Verify a melt request.
+ *
+ * @param amount the amount to be melted (with fee)
+ * @param melt_fee the melt fee we expect to pay
+ * @param rc refresh session we are committed to
+ * @param h_denom_pub hash of the coin denomination's public key
+ * @param coin_pub coin’s public key
+ * @param coin_sig the signature made with purpose #TALER_SIGNATURE_WALLET_COIN_MELT
+ * @return #GNUNET_OK if the signature is valid
+ */
+enum GNUNET_GenericReturnValue
+TALER_wallet_melt_verify (
+  const struct TALER_Amount *amount_with_fee,
+  const struct TALER_Amount *melt_fee,
+  const struct TALER_RefreshCommitmentP *rc,
+  const struct TALER_DenominationHash *h_denom_pub,
+  const struct TALER_CoinSpendPublicKeyP *coin_pub,
+  const struct TALER_CoinSpendSignatureP *coin_sig);
+
+
 /**
  * Sign link data.
  *

src/include/taler_signatures.h

@@ -728,13 +728,6 @@ struct TALER_RefreshMeltCoinAffirmationPS
    * session.
    */
   struct TALER_AmountNBO melt_fee;
-
-  /**
-   * The coin's public key.  This is the value that must have been
-   * signed (blindly) by the Exchange.  The deposit request is to be
-   * signed by the corresponding private key (using EdDSA).
-   */
-  struct TALER_CoinSpendPublicKeyP coin_pub;
 };
 
 

src/lib/exchange_api_melt.c

@@ -464,10 +464,8 @@ TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange,
   struct MeltData *md;
   struct TALER_CoinSpendSignatureP confirm_sig;
   char arg_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2 + 32];
-  struct TALER_RefreshMeltCoinAffirmationPS melt = {
+  struct TALER_DenominationHash h_denom_pub;
-    .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_MELT),
+  struct TALER_CoinSpendPublicKeyP coin_pub;
-    .purpose.size = htonl (sizeof (melt)),
-  };
 
   GNUNET_assert (GNUNET_YES ==
                  TEAH_handle_is_ready (exchange));
@@ -478,21 +476,17 @@ TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange,
     GNUNET_break (0);
     return NULL;
   }
-  melt.rc = md->rc;
-  TALER_amount_hton (&melt.amount_with_fee,
-                     &md->melted_coin.melt_amount_with_fee);
-  TALER_amount_hton (&melt.melt_fee,
-                     &md->melted_coin.fee_melt);
-  GNUNET_CRYPTO_eddsa_key_get_public (&md->melted_coin.coin_priv.eddsa_priv,
-                                      &melt.coin_pub.eddsa_pub);
   TALER_denom_pub_hash (&md->melted_coin.pub_key,
-                        &melt.h_denom_pub);
+                        &h_denom_pub);
-  GNUNET_CRYPTO_eddsa_sign (&md->melted_coin.coin_priv.eddsa_priv,
+  TALER_wallet_melt_sign (&md->melted_coin.melt_amount_with_fee,
-                            &melt,
+                          &md->melted_coin.fee_melt,
-                            &confirm_sig.eddsa_signature);
+                          &md->rc,
+                          &h_denom_pub,
+                          &md->melted_coin.coin_priv,
+                          &confirm_sig);
+  GNUNET_CRYPTO_eddsa_key_get_public (&md->melted_coin.coin_priv.eddsa_priv,
+                                      &coin_pub.eddsa_pub);
   melt_obj = GNUNET_JSON_PACK (
-    GNUNET_JSON_pack_data_auto ("coin_pub",
-                                &melt.coin_pub),
     GNUNET_JSON_pack_data_auto ("denom_pub_hash",
                                 &melt.h_denom_pub),
     TALER_JSON_pack_denom_sig ("denom_sig",

src/util/wallet_signatures.c

@@ -202,4 +202,58 @@ TALER_wallet_recoup_sign (
 }
 
 
+void
+TALER_wallet_melt_sign (
+  const struct TALER_Amount *amount_with_fee,
+  const struct TALER_Amount *melt_fee,
+  const struct TALER_RefreshCommitmentP *rc,
+  const struct TALER_DenominationHash *h_denom_pub,
+  const struct TALER_CoinSpendPrivateKeyP *coin_priv,
+  struct TALER_CoinSpendSignatureP *coin_sig)
+{
+  struct TALER_RefreshMeltCoinAffirmationPS melt = {
+    .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_MELT),
+    .purpose.size = htonl (sizeof (melt)),
+    .rc = *rc,
+    .h_denom_pub = *h_denom_pub
+  };
+
+  TALER_amount_hton (&melt.amount_with_fee,
+                     amount_with_fee);
+  TALER_amount_hton (&melt.melt_fee,
+                     melt_fee);
+  GNUNET_CRYPTO_eddsa_sign (&coin_priv->eddsa_priv,
+                            &melt,
+                            &coin_sig->eddsa_signature);
+}
+
+
+enum GNUNET_GenericReturnValue
+TALER_wallet_melt_verify (
+  const struct TALER_Amount *amount_with_fee,
+  const struct TALER_Amount *melt_fee,
+  const struct TALER_RefreshCommitmentP *rc,
+  const struct TALER_DenominationHash *h_denom_pub,
+  const struct TALER_CoinSpendPublicKeyP *coin_pub,
+  const struct TALER_CoinSpendSignatureP *coin_sig)
+{
+  struct TALER_RefreshMeltCoinAffirmationPS melt = {
+    .purpose.size = htonl (sizeof (melt)),
+    .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_MELT),
+    .rc = *rc,
+    .h_denom_pub = *h_denom_pub
+  };
+
+  TALER_amount_hton (&melt.amount_with_fee,
+                     amount_with_fee);
+  TALER_amount_hton (&melt.melt_fee,
+                     melt_fee);
+  return GNUNET_CRYPTO_eddsa_verify (
+    TALER_SIGNATURE_WALLET_COIN_MELT,
+    &melt,
+    &coin_sig->eddsa_signature,
+    &coin_pub->eddsa_pub);
+}
+
+
 /* end of wallet_signatures.c */