various age restriction fixes, some of them half-baked

2022-04-26 23:10:05 +02:00 · 2022-04-26 23:10:05 +02:00 · be536de23c
commit be536de23c
parent 336f2d8991
7 changed files with 71 additions and 59 deletions
--- a/src/exchange/taler-exchange-httpd.c
+++ b/src/exchange/taler-exchange-httpd.c
@ -144,8 +144,7 @@ char *TEH_base_url;
 /**
 * Age restriction flags and mask
 */
-bool TEH_age_restriction_enabled = false;
-struct TALER_AgeMask TEH_age_mask = {0};
+bool TEH_age_restriction_enabled = true;

 /**
 * Default timeout in seconds for HTTP requests.
--- a/src/exchange/taler-exchange-httpd.h
+++ b/src/exchange/taler-exchange-httpd.h
@ -196,7 +196,6 @@ extern char *TEH_currency;
 * Age restriction extension state
 */
 extern bool TEH_age_restriction_enabled;
-extern struct TALER_AgeMask TEH_age_mask;

 /**
 * Our (externally visible) base URL.
--- a/src/exchange/taler-exchange-httpd_extensions.c
+++ b/src/exchange/taler-exchange-httpd_extensions.c
@ -131,11 +131,8 @@ extension_update_event_cb (void *cls,
  /* Special case age restriction: Update global flag and mask  */
  if (TALER_Extension_AgeRestriction == type)
  {
-    TEH_age_mask.bits = 0;
    TEH_age_restriction_enabled =
      TALER_extensions_age_restriction_is_enabled ();
-    if (TEH_age_restriction_enabled)
-      TEH_age_mask = TALER_extensions_age_restriction_ageMask ();
  }
 }

--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@ -2060,7 +2060,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
  /* If age restriction is enabled, initialize the array of age restricted
   denoms  and prepare a hash for them, separate from the others.  We will join
   those hashes afterwards.*/
-  if (TEH_age_restriction_enabled)
+  if (0)
  {
    age_restricted_denoms = json_array ();
    GNUNET_assert (NULL != age_restricted_denoms);
@ -2146,7 +2146,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
        /* Put the denom into the correct array depending on the settings and
         * the properties of the denomination.  Also, we build up the right
         * hash for the corresponding array. */
-        if (TEH_age_restriction_enabled &&
+        if (0 &&
            (0 != dk->denom_pub.age_mask.bits))
        {
          have_age_restricted_denoms = true;
@ -2180,7 +2180,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
    /* If age restriction is active and we had at least one denomination of
     * that sort, we simply add the hash of all age restricted denominations at
     * the end of the others. */
-    if (TEH_age_restriction_enabled && have_age_restricted_denoms)
+    if (0 && have_age_restricted_denoms)
    {
      struct GNUNET_HashCode hcr;
      GNUNET_CRYPTO_hash_context_finish (hash_context_restricted, &hcr);
@ -2205,7 +2205,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
                  "Failed to generate key response data for %s\n",
                  GNUNET_TIME_timestamp2s (last_cpd));
      json_decref (denoms);
-      if (TEH_age_restriction_enabled && NULL != age_restricted_denoms)
+      if (0 && NULL != age_restricted_denoms)
        json_decref (age_restricted_denoms);
      json_decref (sctx.signkeys);
      json_decref (recoup);
--- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c
+++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c
@ -440,6 +440,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
  unsigned int num_fresh_coins = json_array_size (new_denoms_h_json);
  /* We know num_fresh_coins is bounded by #TALER_MAX_FRESH_COINS, so this is safe */
  const struct TEH_DenominationKey *dks[num_fresh_coins];
+  const struct TEH_DenominationKey *old_dk;
  struct TALER_RefreshCoinData rcds[num_fresh_coins];
  struct TALER_EXCHANGEDB_RefreshRevealedCoin rrcs[num_fresh_coins];
  MHD_RESULT ret;
@ -460,6 +461,53 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
                                       NULL);
  }

+  /* lookup old_coin_pub in database */
+  {
+    enum GNUNET_DB_QueryStatus qs;
+
+    if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT !=
+        (qs = TEH_plugin->get_melt (TEH_plugin->cls,
+                                    &rctx->rc,
+                                    &rctx->melt,
+                                    &melt_serial_id)))
+    {
+      switch (qs)
+      {
+      case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
+        ret = TALER_MHD_reply_with_error (connection,
+                                          MHD_HTTP_NOT_FOUND,
+                                          TALER_EC_EXCHANGE_REFRESHES_REVEAL_SESSION_UNKNOWN,
+                                          NULL);
+        break;
+      case GNUNET_DB_STATUS_HARD_ERROR:
+        ret = TALER_MHD_reply_with_error (connection,
+                                          MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                          TALER_EC_GENERIC_DB_FETCH_FAILED,
+                                          "melt");
+        break;
+      case GNUNET_DB_STATUS_SOFT_ERROR:
+      default:
+        GNUNET_break (0);   /* should be impossible */
+        ret = TALER_MHD_reply_with_error (connection,
+                                          MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                          TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE,
+                                          NULL);
+        break;
+      }
+      goto cleanup;
+    }
+    if (rctx->melt.session.noreveal_index >= TALER_CNC_KAPPA)
+    {
+      GNUNET_break (0);
+      ret = TALER_MHD_reply_with_error (connection,
+                                        MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                        TALER_EC_GENERIC_DB_FETCH_FAILED,
+                                        "melt");
+      goto cleanup;
+    }
+  }
+
+
  /* Parse denomination key hashes */
  for (unsigned int i = 0; i<num_fresh_coins; i++)
  {
@ -483,6 +531,13 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
                                             &ret);
    if (NULL == dks[i])
      return ret;
+    old_dk = TEH_keys_denomination_by_hash2 (ksh,
+                                             &rctx->melt.session.coin.
+                                             denom_pub_hash,
+                                             connection,
+                                             &ret);
+    if (NULL == old_dk)
+      return ret;
    if ( (TALER_DENOMINATION_CS == dks[i]->denom_pub.cipher) &&
         (rctx->no_rms) )
    {
@ -548,52 +603,6 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
                        &rrc->coin_envelope_hash);
  }

-  /* lookup old_coin_pub in database */
-  {
-    enum GNUNET_DB_QueryStatus qs;
-
-    if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT !=
-        (qs = TEH_plugin->get_melt (TEH_plugin->cls,
-                                    &rctx->rc,
-                                    &rctx->melt,
-                                    &melt_serial_id)))
-    {
-      switch (qs)
-      {
-      case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
-        ret = TALER_MHD_reply_with_error (connection,
-                                          MHD_HTTP_NOT_FOUND,
-                                          TALER_EC_EXCHANGE_REFRESHES_REVEAL_SESSION_UNKNOWN,
-                                          NULL);
-        break;
-      case GNUNET_DB_STATUS_HARD_ERROR:
-        ret = TALER_MHD_reply_with_error (connection,
-                                          MHD_HTTP_INTERNAL_SERVER_ERROR,
-                                          TALER_EC_GENERIC_DB_FETCH_FAILED,
-                                          "melt");
-        break;
-      case GNUNET_DB_STATUS_SOFT_ERROR:
-      default:
-        GNUNET_break (0);   /* should be impossible */
-        ret = TALER_MHD_reply_with_error (connection,
-                                          MHD_HTTP_INTERNAL_SERVER_ERROR,
-                                          TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE,
-                                          NULL);
-        break;
-      }
-      goto cleanup;
-    }
-    if (rctx->melt.session.noreveal_index >= TALER_CNC_KAPPA)
-    {
-      GNUNET_break (0);
-      ret = TALER_MHD_reply_with_error (connection,
-                                        MHD_HTTP_INTERNAL_SERVER_ERROR,
-                                        TALER_EC_GENERIC_DB_FETCH_FAILED,
-                                        "melt");
-      goto cleanup;
-    }
-  }
-
  if (TEH_age_restriction_enabled &&
      ((NULL == old_age_commitment_json) !=
       TALER_AgeCommitmentHash_isNullOrZero (
@ -619,7 +628,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,

    rctx->old_age_commitment = GNUNET_new (struct TALER_AgeCommitment);
    oac = rctx->old_age_commitment;
-    oac->mask  =  TEH_age_mask;
+    oac->mask = old_dk->meta.age_mask;
    oac->num = ng;
    oac->keys = GNUNET_new_array (ng, struct TALER_AgeCommitmentPublicKeyP);

--- a/src/util/age_restriction.c
+++ b/src/util/age_restriction.c
@ -38,6 +38,13 @@ TALER_age_commitment_hash (
    return;
  }

+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "popcount - 1: %d\n",
+              __builtin_popcount (commitment->mask.bits) - 1);
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "commitment num: %d\n",
+              commitment->num);
+
  GNUNET_assert (__builtin_popcount (commitment->mask.bits) - 1 ==
                 commitment->num);

--- a/src/util/wallet_signatures.c
+++ b/src/util/wallet_signatures.c
@ -190,6 +190,7 @@ TALER_wallet_deposit_verify (
                     amount);
  TALER_amount_hton (&dr.deposit_fee,
                     deposit_fee);
+
  if (GNUNET_OK !=
      GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_DEPOSIT,
                                  &dr,