fix use of signature for noreveal index, needs to be tied to session hash

src/include/taler_signatures.h

@@ -320,6 +320,11 @@ struct RefreshCommitResponseSignatureBody
    */
   struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
 
+  /**
+   * Hash of the refresh session.
+   */
+  struct GNUNET_HashCode session_hash;
+
   /**
    * Index that the client will not have to reveal.
    */

src/mint/mint_db.h

@@ -444,6 +444,12 @@ struct RefreshSession
    */
   struct GNUNET_CRYPTO_EddsaSignature commit_sig;
 
+  /**
+   * Hash over coins to melt and coins to create of the
+   * refresh session.
+   */
+  struct GNUNET_HashCode session_hash;
+
   /**
    * Signature over the melt by the client.
    */

src/mint/taler-mint-httpd_db.c

@@ -588,6 +588,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
 
   /* store 'global' session data */
   session.melt_sig = *client_signature;
+  session.session_hash = *melt_hash;
   session.num_oldcoins = coin_count;
   session.num_newcoins = num_new_denoms;
   session.kappa = KAPPA;
@@ -691,7 +692,8 @@ TALER_MINT_db_execute_refresh_commit (struct MHD_Connection *connection,
   {
     TALER_MINT_DB_rollback (db_conn);
     res = TALER_MINT_reply_refresh_commit_success (connection,
-                                                   &refresh_session);
+                                                   &refresh_session.session_hash,
+                                                   refresh_session.noreveal_index);
     return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
   }
   for (i = 0; i < kappa; i++)
@@ -749,7 +751,9 @@ TALER_MINT_db_execute_refresh_commit (struct MHD_Connection *connection,
     return TALER_MINT_reply_commit_error (connection);
   }
 
-  return TALER_MINT_reply_refresh_commit_success (connection, &refresh_session);
+  return TALER_MINT_reply_refresh_commit_success (connection,
+                                                  &refresh_session.session_hash,
+                                                  refresh_session.noreveal_index);
 }
 
 

src/mint/taler-mint-httpd_refresh.c

@@ -179,6 +179,7 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,
 
   /* check that signature from the session public key is ok */
   hash_context = GNUNET_CRYPTO_hash_context_start ();
+  /* FIXME: also hash session public key here!? */
   for (i = 0; i < num_new_denoms; i++)
   {
     buf_size = GNUNET_CRYPTO_rsa_public_key_encode (denom_pubs[i],

src/mint/taler-mint-httpd_responses.c

@@ -631,15 +631,15 @@ TALER_MINT_reply_refresh_melt_success (struct MHD_Connection *connection,
 /**
  * Send a response to a "/refresh/commit" request.
  *
- * FIXME: maybe not the ideal argument type for @a refresh_session here.
- *
  * @param connection the connection to send the response to
- * @param refresh_session the refresh session
+ * @param session_hash hash of the refresh session
+ * @param noreveal_index which index will the client not have to reveal
  * @return a MHD status code
  */
 int
 TALER_MINT_reply_refresh_commit_success (struct MHD_Connection *connection,
-                                         const struct RefreshSession *refresh_session)
+                                         const struct GNUNET_HashCode *session_hash,
+                                         uint16_t noreveal_index)
 {
   struct RefreshCommitResponseSignatureBody body;
   struct GNUNET_CRYPTO_EddsaSignature sig;
@@ -648,15 +648,17 @@ TALER_MINT_reply_refresh_commit_success (struct MHD_Connection *connection,
 
   body.purpose.size = htonl (sizeof (struct RefreshCommitResponseSignatureBody));
   body.purpose.purpose = htonl (TALER_SIGNATURE_REFRESH_COMMIT_RESPONSE);
-  body.noreveal_index = htons (refresh_session->noreveal_index);
+  body.session_hash = *session_hash;
+  body.noreveal_index = htons (noreveal_index);
   TALER_MINT_keys_sign (&body.purpose,
                         &sig);
-  sig_json = TALER_JSON_from_eddsa_sig (&body.purpose, &sig);
+  sig_json = TALER_JSON_from_eddsa_sig (&body.purpose,
+                                        &sig);
   GNUNET_assert (NULL != sig_json);
   ret = TALER_MINT_reply_json_pack (connection,
                                      MHD_HTTP_OK,
                                      "{s:i, s:o}",
-                                     "noreveal_index", (int) refresh_session->noreveal_index,
+                                     "noreveal_index", (int) noreveal_index,
                                      "signature", sig_json);
   json_decref (sig_json);
   return ret;

src/mint/taler-mint-httpd_responses.h

@@ -249,15 +249,15 @@ TALER_MINT_reply_withdraw_sign_success (struct MHD_Connection *connection,
 /**
  * Send a response to a "/refresh/commit" request.
  *
- * FIXME: maybe not the ideal argument type for @a refresh_session here.
- *
  * @param connection the connection to send the response to
- * @param refresh_session the refresh session
+ * @param session_hash hash of the refresh session
+ * @param noreveal_index which index will the client not have to reveal
  * @return a MHD status code
  */
 int
 TALER_MINT_reply_refresh_commit_success (struct MHD_Connection *connection,
-                                         const struct RefreshSession *refresh_session);
+                                         const struct GNUNET_HashCode *session_hash,
+                                         uint16_t noreveal_index);
 
 
 /**