From 983111e5e40ae1d8dc1b1e326ddd6f9be0628147 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=96zg=C3=BCr=20Kesim?= <oec-taler@kesim.org>
Date: Mon, 20 Mar 2023 12:48:41 +0100
Subject: [PATCH] age-withdraw: Need BlindedPlanchet

---
 ...taler-exchange-httpd_age-withdraw_reveal.c | 177 +++++++++++++++---
 1 file changed, 146 insertions(+), 31 deletions(-)

diff --git a/src/exchange/taler-exchange-httpd_age-withdraw_reveal.c b/src/exchange/taler-exchange-httpd_age-withdraw_reveal.c
index 50d524a2f..be1fe7c03 100644
--- a/src/exchange/taler-exchange-httpd_age-withdraw_reveal.c
+++ b/src/exchange/taler-exchange-httpd_age-withdraw_reveal.c
@@ -74,9 +74,9 @@ struct AgeRevealContext
   struct TALER_Amount total_fee;
 
   /**
-   * #num_coins hashes of blinded coins.
+   * #num_coins hashes of blinded coin planchets.
    */
-  struct TALER_BlindedCoinHashP *coin_evs;
+  struct TALER_BlindedPlanchet *coin_evs;
 
   /**
    * secrets for #num_coins*(kappa - 1) disclosed coins.
@@ -90,6 +90,39 @@ struct AgeRevealContext
   struct TALER_EXCHANGEDB_AgeWithdrawCommitment commitment;
 };
 
+
+/**
+ * Information per planchet in the batch.
+ */
+struct PlanchetContext
+{
+
+  /**
+   * Hash of the (blinded) message to be signed by the Exchange.
+   */
+  struct TALER_BlindedCoinHashP h_coin_envelope;
+
+  /**
+   * Value of the coin being exchanged (matching the denomination key)
+   * plus the transaction fee.  We include this in what is being
+   * signed so that we can verify a reserve's remaining total balance
+   * without needing to access the respective denomination key
+   * information each time.
+   */
+  struct TALER_Amount amount_with_fee;
+
+  /**
+   * Blinded planchet.
+   */
+  struct TALER_BlindedPlanchet blinded_planchet;
+
+  /**
+   * Set to the resulting signed coin data to be returned to the client.
+   */
+  struct TALER_EXCHANGEDB_CollectableBlindcoin collectable;
+
+};
+
 /**
  * Helper function to free resources in the context
  */
@@ -198,11 +231,11 @@ parse_age_withdraw_reveal_json (
 
     /* Parse blinded envelopes */
     actx->coin_evs = GNUNET_new_array (actx->num_coins,
-                                       struct TALER_BlindedCoinHashP);
+                                       struct TALER_BlindedPlanchet);
 
     json_array_foreach (j_coin_evs, idx, value) {
       struct GNUNET_JSON_Specification spec[] = {
-        GNUNET_JSON_spec_fixed_auto (NULL, &actx->coin_evs[idx]),
+        TALER_JSON_spec_blinded_planchet (NULL, &actx->coin_evs[idx]),
         GNUNET_JSON_spec_end ()
       };
 
@@ -414,6 +447,7 @@ denomination_is_valid (
  * @param connection The HTTP connection to the client
  * @param len The lengths of the array @a denoms_h
  * @param denoms_h array of hashes of denomination public keys
+ * @param coin_evs array of blinded coin planchets
  * @param[out] dks On success, will be filled with the denomination keys.  Caller must deallocate.
  * @param amount_with_fee The committed amount including fees
  * @param[out] total_amount On success, will contain the total sum of all denominations
@@ -427,6 +461,7 @@ are_denominations_valid (
   struct MHD_Connection *connection,
   uint32_t len,
   const struct TALER_DenominationHashP *denoms_h,
+  const struct TALER_BlindedPlanchet *coin_evs,
   struct TEH_DenominationKey **dks,
   const struct TALER_Amount *amount_with_fee,
   struct TALER_Amount *total_amount,
@@ -458,7 +493,16 @@ are_denominations_valid (
                                  &denoms_h[i],
                                  dks[i],
                                  result))
+      return GNUNET_SYSERR;
+
+    /* Ensure the ciphers from the planchets match the denominations' */
+    if (dks[i]->denom_pub.cipher != coin_evs[i].cipher)
     {
+      GNUNET_break_op (0);
+      *result = TALER_MHD_reply_with_error (connection,
+                                            MHD_HTTP_BAD_REQUEST,
+                                            TALER_EC_EXCHANGE_GENERIC_CIPHER_MISMATCH,
+                                            NULL);
       return GNUNET_SYSERR;
     }
 
@@ -468,9 +512,9 @@ are_denominations_valid (
           total_amount,
           &dks[i]->meta.value))
     {
-      GNUNET_break (0);
+      GNUNET_break_op (0);
       *result = TALER_MHD_reply_with_error (connection,
-                                            MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                            MHD_HTTP_BAD_REQUEST,
                                             TALER_EC_EXCHANGE_AGE_WITHDRAW_AMOUNT_OVERFLOW,
                                             "amount");
       return GNUNET_SYSERR;
@@ -482,9 +526,9 @@ are_denominations_valid (
           total_fee,
           &dks[i]->meta.fees.withdraw))
     {
-      GNUNET_break (0);
+      GNUNET_break_op (0);
       *result = TALER_MHD_reply_with_error (connection,
-                                            MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                            MHD_HTTP_BAD_REQUEST,
                                             TALER_EC_EXCHANGE_AGE_WITHDRAW_AMOUNT_OVERFLOW,
                                             "fee");
       return GNUNET_SYSERR;
@@ -504,9 +548,10 @@ are_denominations_valid (
     if (0 != TALER_amount_cmp (&sum, amount_with_fee))
     {
       GNUNET_break_op (0);
-      *result = TALER_MHD_reply_with_ec (connection,
-                                         TALER_EC_EXCHANGE_AGE_WITHDRAW_AMOUNT_INCORRECT,
-                                         NULL);
+      *result = TALER_MHD_reply_with_error (connection,
+                                            MHD_HTTP_BAD_REQUEST,
+                                            TALER_EC_EXCHANGE_AGE_WITHDRAW_AMOUNT_INCORRECT,
+                                            NULL);
       return GNUNET_SYSERR;
     }
   }
@@ -537,7 +582,7 @@ are_denominations_valid (
  * @param max_age Maximum age allowed for the age restriction
  * @param noreveal_idx Index that was given to the client in response to the age-withdraw request
  * @param num_coins Number of coins
- * @param coin_evs The Hashes of the undisclosed, blinded coins, @a num_coins many
+ * @param coin_evs The blindet planchets of the undisclosed coins, @a num_coins many
  * @param denom_keys The array of denomination keys, @a num_coins. Needed to detect Clause-Schnorr-based denominations
  * @param disclosed_coin_secrets The secrets of the disclosed coins, (TALER_CNC_KAPPA - 1)*num_coins many
  * @param[out] result On error, a HTTP-response will be queued and result set accordingly
@@ -550,7 +595,7 @@ verify_commitment_and_max_age (
   const uint32_t max_age,
   const uint32_t noreveal_idx,
   const uint32_t num_coins,
-  const struct TALER_BlindedCoinHashP *coin_evs,
+  const struct TALER_BlindedPlanchet *coin_evs,
   const struct TEH_DenominationKey *denom_keys,
   const struct TALER_PlanchetMasterSecretP *disclosed_coin_secrets,
   MHD_RESULT *result)
@@ -636,14 +681,19 @@ verify_commitment_and_max_age (
                 .nonce = &nonce,
               };
 
-              ec = TEH_keys_denomination_cs_r_pub (&cdd,
-                                                   false,
-                                                   &alg_values.details.
-                                                   cs_values);
+              ec = TEH_keys_denomination_cs_r_pub (
+                &cdd,
+                false,
+                &alg_values.details.cs_values);
 
-#pragma message ("FIXME:oec: return value of needs handling!")
-              /* FIXME:oec: Handle error */
-              GNUNET_assert (TALER_EC_NONE == ec);
+              if (TALER_EC_NONE != ec)
+              {
+                GNUNET_break_op (0);
+                *result = TALER_MHD_reply_with_ec (connection,
+                                                   ec,
+                                                   NULL);
+                return GNUNET_SYSERR;
+              }
             }
           }
 
@@ -722,6 +772,64 @@ verify_commitment_and_max_age (
 }
 
 
+/**
+ * @brief Executes the database transaction for the withdraw of coins and signs
+ * the blinded coins
+ *
+ * @param connection The HTTP-connection to the client
+ * @param h_commitment_orig The commitment from the age-withdraw request
+ * @param num_coins The number of coins (and also denominations)
+ * @param coin_evs The blinded planchets of the coins
+ * @param denom_keys The corresponding denominations
+ * @param[out] result On error, a HTTP-response will be queued and result set accordingly
+ * @return GNUNET_OK on success, GNUNET_SYSERR otherwise
+ */
+enum GNUNET_GenericReturnValue
+finalize_withdraw_and_sign (
+  struct MHD_Connection *connection,
+  const struct TALER_AgeWithdrawCommitmentHashP *h_commitment,
+  const uint32_t num_coins,
+  const struct TALER_BlindedPlanchet *coin_evs,
+  const struct TEH_DenominationKey *denom_keys,
+  MHD_RESULT *result)
+{
+  enum GNUNET_GenericReturnValue ret = GNUNET_SYSERR;
+  struct TEH_CoinSignData csds[num_coins];
+  struct TALER_BlindedDenominationSignature bss[num_coins];
+
+  for (uint32_t i = 0; i<num_coins; i++)
+  {
+    csds[i].h_denom_pub = &denom_keys[i].h_denom_pub;
+    csds[i].bp = &coin_evs[i];
+  }
+
+  /* First, sign the keys */
+  {
+    enum TALER_ErrorCode ec;
+    ec = TEH_keys_denomination_batch_sign (
+      csds,
+      num_coins,
+      false,
+      bss);
+
+    if (TALER_EC_NONE != ec)
+    {
+      GNUNET_break (0);
+      *result = TALER_MHD_reply_with_ec (connection,
+                                         ec,
+                                         NULL);
+      return GNUNET_SYSERR;
+    }
+  }
+
+  /* Then, execute the transaction */
+
+#pragma message ("FIXME:oec implement finalize_withdraw_and_sign()")
+
+  return ret;
+}
+
+
 MHD_RESULT
 TEH_handler_age_withdraw_reveal (
   struct TEH_RequestContext *rc,
@@ -745,15 +853,13 @@ TEH_handler_age_withdraw_reveal (
   actx.ach = *ach;
 
   /* Parse JSON body*/
+  ret = TALER_MHD_parse_json_data (rc->connection,
+                                   root,
+                                   spec);
+  if (GNUNET_OK != ret)
   {
-    ret = TALER_MHD_parse_json_data (rc->connection,
-                                     root,
-                                     spec);
-    if (GNUNET_OK != ret)
-    {
-      GNUNET_break_op (0);
-      return (GNUNET_SYSERR == ret) ? MHD_NO : MHD_YES;
-    }
+    GNUNET_break_op (0);
+    return (GNUNET_SYSERR == ret) ? MHD_NO : MHD_YES;
   }
 
 
@@ -782,6 +888,7 @@ TEH_handler_age_withdraw_reveal (
           rc->connection,
           actx.num_coins,
           actx.denoms_h,
+          actx.coin_evs,
           &actx.denom_keys,
           &actx.commitment.amount_with_fee,
           &actx.total_amount,
@@ -789,8 +896,8 @@ TEH_handler_age_withdraw_reveal (
           &result))
       break;
 
-    /* Verify the computed h_commitment equals the committed one and that
-     * coins have a maximum age group corresponding max_age (age-mask dependent) */
+    /* Verify the computed h_commitment equals the committed one and that coins
+     * have a maximum age group corresponding max_age (age-mask dependent) */
     if (GNUNET_OK != verify_commitment_and_max_age (
           rc->connection,
           &actx.commitment.h_commitment,
@@ -803,7 +910,15 @@ TEH_handler_age_withdraw_reveal (
           &result))
       break;
 
-    /* TODO:oec: sign the coins */
+    /* Do the withdraw in the DB and sign the coins */
+    if (GNUNET_OK != finalize_withdraw_and_sign (
+          rc->connection,
+          &actx.commitment.h_commitment,
+          actx.num_coins,
+          actx.coin_evs,
+          actx.denom_keys,
+          &result))
+      break;
 
   } while(0);