taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

-implement signature checking on /deposit

Browse Source
This commit is contained in:
Christian Grothoff 2015-06-21 20:43:54 +02:00
parent 5caa52aa4c
commit 8f6e911308
3 changed files with 151 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/include/taler_mint_service.h
View File

@ -305,6 +305,16 @@ void
TALER_MINT_disconnect (struct TALER_MINT_Handle *mint);
/**
* Obtain the keys from the mint.
*
* @param mint the mint handle
* @return the mint's key set
*/
const struct TALER_MINT_Keys *
TALER_MINT_get_keys (const struct TALER_MINT_Handle *mint);
/**
* Obtain the current signing key from the mint.
*
@ -312,7 +322,19 @@ TALER_MINT_disconnect (struct TALER_MINT_Handle *mint);
* @return sk current online signing key for the mint, NULL on error
*/
const struct TALER_MintPublicKeyP *
TALER_MINT_get_signing_key (struct TALER_MINT_Keys *keys);
TALER_MINT_get_signing_key (const struct TALER_MINT_Keys *keys);
/**
* Obtain the denomination key details from the mint.
*
* @param keys the mint's key set
* @param pk public key of the denomination to lookup
* @return details about the given denomination key
*/
const struct TALER_MINT_DenomPublicKey *
TALER_MINT_get_denomination_key (const struct TALER_MINT_Keys *keys,
const struct TALER_DenominationPublicKey *pk);
/* ********************* /deposit *********************** */

95
src/mint-lib/mint_api_deposit.c
View File

@ -150,6 +150,82 @@ handle_deposit_finished (void *cls,
}
/**
* Verify signature information about the deposit.
*
* @param deposit information about the deposit
* @return #GNUNET_OK if signatures are OK, #GNUNET_SYSERR if not
*/
static int
verify_signatures (struct TALER_MINT_Handle *mint,
const struct TALER_Amount *amount,
const struct GNUNET_HashCode *h_wire,
const struct GNUNET_HashCode *h_contract,
const struct TALER_CoinSpendPublicKeyP *coin_pub,
const struct TALER_DenominationSignature *denom_sig,
const struct TALER_DenominationPublicKey *denom_pub,
struct GNUNET_TIME_Absolute timestamp,
uint64_t transaction_id,
const struct TALER_MerchantPublicKeyP *merchant_pub,
struct GNUNET_TIME_Absolute refund_deadline,
const struct TALER_CoinSpendSignatureP *coin_sig)
{
const struct TALER_MINT_Keys *key_state;
struct TALER_DepositRequestPS dr;
const struct TALER_MINT_DenomPublicKey *dki;
struct TALER_CoinPublicInfo coin_info;
key_state = TALER_MINT_get_keys (mint);
dki = TALER_MINT_get_denomination_key (key_state,
denom_pub);
if (NULL == dki)
{
TALER_LOG_WARNING ("Denomination key unknown to mint\n");
return GNUNET_SYSERR;
}
dr.purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_DEPOSIT);
dr.purpose.size = htonl (sizeof (struct TALER_DepositRequestPS));
dr.h_contract = *h_contract;
dr.h_wire = *h_wire;
dr.timestamp = GNUNET_TIME_absolute_hton (timestamp);
dr.refund_deadline = GNUNET_TIME_absolute_hton (refund_deadline);
dr.transaction_id = GNUNET_htonll (transaction_id);
TALER_amount_hton (&dr.amount_with_fee,
amount);
TALER_amount_hton (&dr.deposit_fee,
&dki->fee_deposit);
dr.merchant = *merchant_pub;
dr.coin_pub = *coin_pub;
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_DEPOSIT,
&dr.purpose,
&coin_sig->eddsa_signature,
&coin_pub->eddsa_pub))
{
TALER_LOG_WARNING ("Invalid coin signature on /deposit request\n");
return GNUNET_SYSERR;
}
/* check coin signature */
coin_info.coin_pub = *coin_pub;
coin_info.denom_pub = *denom_pub;
coin_info.denom_sig = *denom_sig;
if (GNUNET_YES !=
TALER_test_coin_valid (&coin_info))
{
TALER_LOG_WARNING ("Invalid coin passed for /deposit\n");
return GNUNET_SYSERR;
}
if (TALER_amount_cmp (&dki->fee_deposit,
amount) < 0)
{
TALER_LOG_WARNING ("Deposit amount smaller than fee\n");
return GNUNET_SYSERR;
}
return GNUNET_OK;
}
/**
* Callback used when downloading the reply to a /deposit request.
* Just appends all of the data to the `buf` in the
@ -261,8 +337,23 @@ TALER_MINT_deposit (struct TALER_MINT_Handle *mint,
return NULL;
}
GNUNET_break (0); /* FIXME: verify all sigs! */
if (GNUNET_OK !=
verify_signatures (mint,
amount,
&h_wire,
h_contract,
coin_pub,
denom_sig,
denom_pub,
timestamp,
transaction_id,
merchant_pub,
refund_deadline,
coin_sig))
{
GNUNET_break_op (0);
return NULL;
}
deposit_obj = json_pack ("{s:o, s:o," /* f/wire */
" s:s, s:s," /* H_wire, H_contract */

36
src/mint-lib/mint_api_handle.c
View File

@ -752,7 +752,7 @@ TALER_MINT_disconnect (struct TALER_MINT_Handle *mint)
* @return sk current online signing key for the mint, NULL on error
*/
const struct TALER_MintPublicKeyP *
TALER_MINT_get_signing_key (struct TALER_MINT_Keys *keys)
TALER_MINT_get_signing_key (const struct TALER_MINT_Keys *keys)
{
struct GNUNET_TIME_Absolute now;
unsigned int i;
@ -766,4 +766,38 @@ TALER_MINT_get_signing_key (struct TALER_MINT_Keys *keys)
}
/**
* Obtain the denomination key details from the mint.
*
* @param keys the mint's key set
* @param pk public key of the denomination to lookup
* @return details about the given denomination key
*/
const struct TALER_MINT_DenomPublicKey *
TALER_MINT_get_denomination_key (const struct TALER_MINT_Keys *keys,
const struct TALER_DenominationPublicKey *pk)
{
unsigned int i;
for (i=0;i<keys->num_denom_keys;i++)
if (0 == GNUNET_CRYPTO_rsa_public_key_cmp (pk->rsa_public_key,
keys->denom_keys[i].key.rsa_public_key))
return &keys->denom_keys[i];
return NULL;
}
/**
* Obtain the keys from the mint.
*
* @param mint the mint handle
* @return the mint's key set
*/
const struct TALER_MINT_Keys *
TALER_MINT_get_keys (const struct TALER_MINT_Handle *mint)
{
return &mint->key_data;
}
/* end of mint_api_handle.c */