various age restriction fixes, some of them half-baked

This commit is contained in:
Florian Dold 2022-04-26 23:10:05 +02:00
parent 336f2d8991
commit be536de23c
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
7 changed files with 71 additions and 59 deletions

View File

@ -144,8 +144,7 @@ char *TEH_base_url;
/** /**
* Age restriction flags and mask * Age restriction flags and mask
*/ */
bool TEH_age_restriction_enabled = false; bool TEH_age_restriction_enabled = true;
struct TALER_AgeMask TEH_age_mask = {0};
/** /**
* Default timeout in seconds for HTTP requests. * Default timeout in seconds for HTTP requests.

View File

@ -196,7 +196,6 @@ extern char *TEH_currency;
* Age restriction extension state * Age restriction extension state
*/ */
extern bool TEH_age_restriction_enabled; extern bool TEH_age_restriction_enabled;
extern struct TALER_AgeMask TEH_age_mask;
/** /**
* Our (externally visible) base URL. * Our (externally visible) base URL.

View File

@ -131,11 +131,8 @@ extension_update_event_cb (void *cls,
/* Special case age restriction: Update global flag and mask */ /* Special case age restriction: Update global flag and mask */
if (TALER_Extension_AgeRestriction == type) if (TALER_Extension_AgeRestriction == type)
{ {
TEH_age_mask.bits = 0;
TEH_age_restriction_enabled = TEH_age_restriction_enabled =
TALER_extensions_age_restriction_is_enabled (); TALER_extensions_age_restriction_is_enabled ();
if (TEH_age_restriction_enabled)
TEH_age_mask = TALER_extensions_age_restriction_ageMask ();
} }
} }

View File

@ -2060,7 +2060,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
/* If age restriction is enabled, initialize the array of age restricted /* If age restriction is enabled, initialize the array of age restricted
denoms and prepare a hash for them, separate from the others. We will join denoms and prepare a hash for them, separate from the others. We will join
those hashes afterwards.*/ those hashes afterwards.*/
if (TEH_age_restriction_enabled) if (0)
{ {
age_restricted_denoms = json_array (); age_restricted_denoms = json_array ();
GNUNET_assert (NULL != age_restricted_denoms); GNUNET_assert (NULL != age_restricted_denoms);
@ -2146,7 +2146,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
/* Put the denom into the correct array depending on the settings and /* Put the denom into the correct array depending on the settings and
* the properties of the denomination. Also, we build up the right * the properties of the denomination. Also, we build up the right
* hash for the corresponding array. */ * hash for the corresponding array. */
if (TEH_age_restriction_enabled && if (0 &&
(0 != dk->denom_pub.age_mask.bits)) (0 != dk->denom_pub.age_mask.bits))
{ {
have_age_restricted_denoms = true; have_age_restricted_denoms = true;
@ -2180,7 +2180,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
/* If age restriction is active and we had at least one denomination of /* If age restriction is active and we had at least one denomination of
* that sort, we simply add the hash of all age restricted denominations at * that sort, we simply add the hash of all age restricted denominations at
* the end of the others. */ * the end of the others. */
if (TEH_age_restriction_enabled && have_age_restricted_denoms) if (0 && have_age_restricted_denoms)
{ {
struct GNUNET_HashCode hcr; struct GNUNET_HashCode hcr;
GNUNET_CRYPTO_hash_context_finish (hash_context_restricted, &hcr); GNUNET_CRYPTO_hash_context_finish (hash_context_restricted, &hcr);
@ -2205,7 +2205,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
"Failed to generate key response data for %s\n", "Failed to generate key response data for %s\n",
GNUNET_TIME_timestamp2s (last_cpd)); GNUNET_TIME_timestamp2s (last_cpd));
json_decref (denoms); json_decref (denoms);
if (TEH_age_restriction_enabled && NULL != age_restricted_denoms) if (0 && NULL != age_restricted_denoms)
json_decref (age_restricted_denoms); json_decref (age_restricted_denoms);
json_decref (sctx.signkeys); json_decref (sctx.signkeys);
json_decref (recoup); json_decref (recoup);

View File

@ -440,6 +440,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
unsigned int num_fresh_coins = json_array_size (new_denoms_h_json); unsigned int num_fresh_coins = json_array_size (new_denoms_h_json);
/* We know num_fresh_coins is bounded by #TALER_MAX_FRESH_COINS, so this is safe */ /* We know num_fresh_coins is bounded by #TALER_MAX_FRESH_COINS, so this is safe */
const struct TEH_DenominationKey *dks[num_fresh_coins]; const struct TEH_DenominationKey *dks[num_fresh_coins];
const struct TEH_DenominationKey *old_dk;
struct TALER_RefreshCoinData rcds[num_fresh_coins]; struct TALER_RefreshCoinData rcds[num_fresh_coins];
struct TALER_EXCHANGEDB_RefreshRevealedCoin rrcs[num_fresh_coins]; struct TALER_EXCHANGEDB_RefreshRevealedCoin rrcs[num_fresh_coins];
MHD_RESULT ret; MHD_RESULT ret;
@ -460,6 +461,53 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
NULL); NULL);
} }
/* lookup old_coin_pub in database */
{
enum GNUNET_DB_QueryStatus qs;
if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT !=
(qs = TEH_plugin->get_melt (TEH_plugin->cls,
&rctx->rc,
&rctx->melt,
&melt_serial_id)))
{
switch (qs)
{
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_NOT_FOUND,
TALER_EC_EXCHANGE_REFRESHES_REVEAL_SESSION_UNKNOWN,
NULL);
break;
case GNUNET_DB_STATUS_HARD_ERROR:
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
"melt");
break;
case GNUNET_DB_STATUS_SOFT_ERROR:
default:
GNUNET_break (0); /* should be impossible */
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE,
NULL);
break;
}
goto cleanup;
}
if (rctx->melt.session.noreveal_index >= TALER_CNC_KAPPA)
{
GNUNET_break (0);
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
"melt");
goto cleanup;
}
}
/* Parse denomination key hashes */ /* Parse denomination key hashes */
for (unsigned int i = 0; i<num_fresh_coins; i++) for (unsigned int i = 0; i<num_fresh_coins; i++)
{ {
@ -483,6 +531,13 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
&ret); &ret);
if (NULL == dks[i]) if (NULL == dks[i])
return ret; return ret;
old_dk = TEH_keys_denomination_by_hash2 (ksh,
&rctx->melt.session.coin.
denom_pub_hash,
connection,
&ret);
if (NULL == old_dk)
return ret;
if ( (TALER_DENOMINATION_CS == dks[i]->denom_pub.cipher) && if ( (TALER_DENOMINATION_CS == dks[i]->denom_pub.cipher) &&
(rctx->no_rms) ) (rctx->no_rms) )
{ {
@ -548,52 +603,6 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
&rrc->coin_envelope_hash); &rrc->coin_envelope_hash);
} }
/* lookup old_coin_pub in database */
{
enum GNUNET_DB_QueryStatus qs;
if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT !=
(qs = TEH_plugin->get_melt (TEH_plugin->cls,
&rctx->rc,
&rctx->melt,
&melt_serial_id)))
{
switch (qs)
{
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_NOT_FOUND,
TALER_EC_EXCHANGE_REFRESHES_REVEAL_SESSION_UNKNOWN,
NULL);
break;
case GNUNET_DB_STATUS_HARD_ERROR:
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
"melt");
break;
case GNUNET_DB_STATUS_SOFT_ERROR:
default:
GNUNET_break (0); /* should be impossible */
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE,
NULL);
break;
}
goto cleanup;
}
if (rctx->melt.session.noreveal_index >= TALER_CNC_KAPPA)
{
GNUNET_break (0);
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
"melt");
goto cleanup;
}
}
if (TEH_age_restriction_enabled && if (TEH_age_restriction_enabled &&
((NULL == old_age_commitment_json) != ((NULL == old_age_commitment_json) !=
TALER_AgeCommitmentHash_isNullOrZero ( TALER_AgeCommitmentHash_isNullOrZero (
@ -619,7 +628,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
rctx->old_age_commitment = GNUNET_new (struct TALER_AgeCommitment); rctx->old_age_commitment = GNUNET_new (struct TALER_AgeCommitment);
oac = rctx->old_age_commitment; oac = rctx->old_age_commitment;
oac->mask = TEH_age_mask; oac->mask = old_dk->meta.age_mask;
oac->num = ng; oac->num = ng;
oac->keys = GNUNET_new_array (ng, struct TALER_AgeCommitmentPublicKeyP); oac->keys = GNUNET_new_array (ng, struct TALER_AgeCommitmentPublicKeyP);

View File

@ -38,6 +38,13 @@ TALER_age_commitment_hash (
return; return;
} }
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"popcount - 1: %d\n",
__builtin_popcount (commitment->mask.bits) - 1);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"commitment num: %d\n",
commitment->num);
GNUNET_assert (__builtin_popcount (commitment->mask.bits) - 1 == GNUNET_assert (__builtin_popcount (commitment->mask.bits) - 1 ==
commitment->num); commitment->num);

View File

@ -190,6 +190,7 @@ TALER_wallet_deposit_verify (
amount); amount);
TALER_amount_hton (&dr.deposit_fee, TALER_amount_hton (&dr.deposit_fee,
deposit_fee); deposit_fee);
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_DEPOSIT, GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_DEPOSIT,
&dr, &dr,