Merge branch 'master' of ssh://git.taler.net/exchange

This commit is contained in:
Gian Demarmels 2022-02-05 23:12:31 +01:00
commit 9fc3b7a278
No known key found for this signature in database
GPG Key ID: 030CEDDCCC92D778
3 changed files with 144 additions and 91 deletions

View File

@ -37,16 +37,13 @@ TEH_handler_csr (struct TEH_RequestContext *rc,
const json_t *root, const json_t *root,
const char *const args[]) const char *const args[])
{ {
struct TALER_CsNonce nonce; unsigned int csr_requests_num;
struct TALER_DenominationHash denom_pub_hash; json_t *csr_requests;
struct TALER_DenominationCsPublicR r_pub; json_t *csr_response;
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed ("nonce", GNUNET_JSON_spec_json ("nks",
&nonce, &csr_requests),
sizeof (struct TALER_CsNonce)),
GNUNET_JSON_spec_fixed ("denom_pub_hash",
&denom_pub_hash,
sizeof (struct TALER_DenominationHash)),
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
enum TALER_ErrorCode ec; enum TALER_ErrorCode ec;
@ -65,6 +62,48 @@ TEH_handler_csr (struct TEH_RequestContext *rc,
if (GNUNET_OK != res) if (GNUNET_OK != res)
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
} }
csr_requests_num = json_array_size (csr_requests);
if (TALER_MAX_FRESH_COINS <= csr_requests_num)
{
return TALER_MHD_reply_with_error (
rc->connection,
MHD_HTTP_BAD_REQUEST,
// FIXME: generalize error message
TALER_EC_EXCHANGE_REFRESHES_REVEAL_NEW_DENOMS_ARRAY_SIZE_EXCESSIVE,
NULL);
}
struct TALER_CsNonce nonces[GNUNET_NZL (csr_requests_num)];
struct TALER_DenominationHash denom_pub_hashes[GNUNET_NZL (csr_requests_num)];
for (unsigned int i = 0; i < csr_requests_num; i++)
{
struct TALER_CsNonce *nonce = &nonces[i];
struct TALER_DenominationHash *denom_pub_hash = &denom_pub_hashes[i];
struct GNUNET_JSON_Specification csr_spec[] = {
GNUNET_JSON_spec_fixed ("nonce",
nonce,
sizeof (struct TALER_CsNonce)),
GNUNET_JSON_spec_fixed ("denom_pub_hash",
denom_pub_hash,
sizeof (struct TALER_DenominationHash)),
GNUNET_JSON_spec_end ()
};
enum GNUNET_GenericReturnValue res;
res = TALER_MHD_parse_json_array (rc->connection,
root,
csr_spec,
i,
-1);
if (GNUNET_OK != res)
return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
}
struct TALER_DenominationCsPublicR r_pubs[GNUNET_NZL (csr_requests_num)];
for (unsigned int i = 0; i < csr_requests_num; i++)
{
const struct TALER_CsNonce *nonce = &nonces[i];
const struct TALER_DenominationHash *denom_pub_hash = &denom_pub_hashes[i];
struct TALER_DenominationCsPublicR *r_pub = &r_pubs[i];
// check denomination referenced by denom_pub_hash // check denomination referenced by denom_pub_hash
{ {
@ -79,21 +118,21 @@ TEH_handler_csr (struct TEH_RequestContext *rc,
NULL); NULL);
} }
dk = TEH_keys_denomination_by_hash2 (ksh, dk = TEH_keys_denomination_by_hash2 (ksh,
&denom_pub_hash, denom_pub_hash,
NULL, NULL,
NULL); NULL);
if (NULL == dk) if (NULL == dk)
{ {
return TEH_RESPONSE_reply_unknown_denom_pub_hash ( return TEH_RESPONSE_reply_unknown_denom_pub_hash (
rc->connection, rc->connection,
&denom_pub_hash); &denom_pub_hash[i]);
} }
if (GNUNET_TIME_absolute_is_past (dk->meta.expire_withdraw.abs_time)) if (GNUNET_TIME_absolute_is_past (dk->meta.expire_withdraw.abs_time))
{ {
/* This denomination is past the expiration time for withdraws/refreshes*/ /* This denomination is past the expiration time for withdraws/refreshes*/
return TEH_RESPONSE_reply_expired_denom_pub_hash ( return TEH_RESPONSE_reply_expired_denom_pub_hash (
rc->connection, rc->connection,
&denom_pub_hash, denom_pub_hash,
TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED, TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED,
"CSR"); "CSR");
} }
@ -103,7 +142,7 @@ TEH_handler_csr (struct TEH_RequestContext *rc,
for idempotency! */ for idempotency! */
return TEH_RESPONSE_reply_expired_denom_pub_hash ( return TEH_RESPONSE_reply_expired_denom_pub_hash (
rc->connection, rc->connection,
&denom_pub_hash, denom_pub_hash,
TALER_EC_EXCHANGE_GENERIC_DENOMINATION_VALIDITY_IN_FUTURE, TALER_EC_EXCHANGE_GENERIC_DENOMINATION_VALIDITY_IN_FUTURE,
"CSR"); "CSR");
} }
@ -112,7 +151,7 @@ TEH_handler_csr (struct TEH_RequestContext *rc,
/* This denomination has been revoked */ /* This denomination has been revoked */
return TEH_RESPONSE_reply_expired_denom_pub_hash ( return TEH_RESPONSE_reply_expired_denom_pub_hash (
rc->connection, rc->connection,
&denom_pub_hash, denom_pub_hash,
TALER_EC_EXCHANGE_GENERIC_DENOMINATION_REVOKED, TALER_EC_EXCHANGE_GENERIC_DENOMINATION_REVOKED,
"CSR"); "CSR");
} }
@ -121,14 +160,15 @@ TEH_handler_csr (struct TEH_RequestContext *rc,
// denomination is valid but not CS // denomination is valid but not CS
return TEH_RESPONSE_reply_invalid_denom_cipher_for_operation ( return TEH_RESPONSE_reply_invalid_denom_cipher_for_operation (
rc->connection, rc->connection,
&denom_pub_hash); denom_pub_hash);
} }
} }
// derive r_pub // derive r_pub
ec = TEH_keys_denomination_cs_r_pub (&denom_pub_hash, // FIXME: bundle all requests into one derivation request (TEH_keys_..., crypto helper, security module)
&nonce, ec = TEH_keys_denomination_cs_r_pub (denom_pub_hash,
&r_pub); nonce,
r_pub);
if (TALER_EC_NONE != ec) if (TALER_EC_NONE != ec)
{ {
GNUNET_break (0); GNUNET_break (0);
@ -136,17 +176,30 @@ TEH_handler_csr (struct TEH_RequestContext *rc,
ec, ec,
NULL); NULL);
} }
}
// send response // send response
return TALER_MHD_REPLY_JSON_PACK ( csr_response = json_array ();
rc->connection, for (unsigned int i = 0; i < csr_requests_num; i++)
MHD_HTTP_OK, {
const struct TALER_DenominationCsPublicR *r_pub = &r_pubs[i];
json_t *csr_obj;
csr_obj = GNUNET_JSON_PACK (
GNUNET_JSON_pack_data_varsize ("r_pub_0", GNUNET_JSON_pack_data_varsize ("r_pub_0",
&r_pub.r_pub[0], &r_pub->r_pub[0],
sizeof(struct GNUNET_CRYPTO_CsRPublic)), sizeof(struct GNUNET_CRYPTO_CsRPublic)),
GNUNET_JSON_pack_data_varsize ("r_pub_1", GNUNET_JSON_pack_data_varsize ("r_pub_1",
&r_pub.r_pub[1], &r_pub->r_pub[1],
sizeof(struct GNUNET_CRYPTO_CsRPublic))); sizeof(struct GNUNET_CRYPTO_CsRPublic)));
GNUNET_assert (NULL != csr_obj);
GNUNET_assert (0 ==
json_array_append_new (csr_response,
csr_obj));
}
return TALER_MHD_reply_json (rc->connection,
csr_response,
MHD_HTTP_OK);
} }

View File

@ -31,12 +31,6 @@
#include "taler-exchange-httpd_keys.h" #include "taler-exchange-httpd_keys.h"
/**
* Maximum number of fresh coins we allow per refresh operation.
*/
#define MAX_FRESH_COINS 256
/** /**
* Send a response for "/refreshes/$RCH/reveal". * Send a response for "/refreshes/$RCH/reveal".
* *
@ -305,7 +299,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
const json_t *coin_evs) const json_t *coin_evs)
{ {
unsigned int num_fresh_coins = json_array_size (new_denoms_h_json); unsigned int num_fresh_coins = json_array_size (new_denoms_h_json);
/* We know num_fresh_coins is bounded by #MAX_FRESH_COINS, so this is safe */ /* We know num_fresh_coins is bounded by #TALER_MAX_FRESH_COINS, so this is safe */
const struct TEH_DenominationKey *dks[num_fresh_coins]; const struct TEH_DenominationKey *dks[num_fresh_coins];
struct TALER_RefreshCoinData rcds[num_fresh_coins]; struct TALER_RefreshCoinData rcds[num_fresh_coins];
struct TALER_EXCHANGEDB_RefreshRevealedCoin rrcs[num_fresh_coins]; struct TALER_EXCHANGEDB_RefreshRevealedCoin rrcs[num_fresh_coins];
@ -610,7 +604,7 @@ handle_refreshes_reveal_json (struct MHD_Connection *connection,
unsigned int num_tprivs = json_array_size (tp_json); unsigned int num_tprivs = json_array_size (tp_json);
GNUNET_assert (num_tprivs == TALER_CNC_KAPPA - 1); /* checked just earlier */ GNUNET_assert (num_tprivs == TALER_CNC_KAPPA - 1); /* checked just earlier */
if ( (num_fresh_coins >= MAX_FRESH_COINS) || if ( (num_fresh_coins >= TALER_MAX_FRESH_COINS) ||
(0 == num_fresh_coins) ) (0 == num_fresh_coins) )
{ {
GNUNET_break_op (0); GNUNET_break_op (0);

View File

@ -1557,6 +1557,12 @@ TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk,
/* ****************** Refresh crypto primitives ************* */ /* ****************** Refresh crypto primitives ************* */
/**
* Maximum number of fresh coins we allow per refresh operation.
*/
#define TALER_MAX_FRESH_COINS 256
/** /**
* Given the coin and the transfer private keys, compute the * Given the coin and the transfer private keys, compute the
* transfer secret. (Technically, we only need one of the two * transfer secret. (Technically, we only need one of the two