various age restriction fixes, some of them half-baked

This commit is contained in:
Florian Dold 2022-04-26 23:10:05 +02:00
parent 336f2d8991
commit be536de23c
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
7 changed files with 71 additions and 59 deletions

View File

@ -144,8 +144,7 @@ char *TEH_base_url;
/**
* Age restriction flags and mask
*/
bool TEH_age_restriction_enabled = false;
struct TALER_AgeMask TEH_age_mask = {0};
bool TEH_age_restriction_enabled = true;
/**
* Default timeout in seconds for HTTP requests.

View File

@ -196,7 +196,6 @@ extern char *TEH_currency;
* Age restriction extension state
*/
extern bool TEH_age_restriction_enabled;
extern struct TALER_AgeMask TEH_age_mask;
/**
* Our (externally visible) base URL.
@ -310,8 +309,8 @@ struct TEH_RequestHandler
* @return MHD result code
*/
MHD_RESULT
(*get)(struct TEH_RequestContext *rc,
const char *const args[]);
(*get)(struct TEH_RequestContext *rc,
const char *const args[]);
/**

View File

@ -131,11 +131,8 @@ extension_update_event_cb (void *cls,
/* Special case age restriction: Update global flag and mask */
if (TALER_Extension_AgeRestriction == type)
{
TEH_age_mask.bits = 0;
TEH_age_restriction_enabled =
TALER_extensions_age_restriction_is_enabled ();
if (TEH_age_restriction_enabled)
TEH_age_mask = TALER_extensions_age_restriction_ageMask ();
}
}

View File

@ -2060,7 +2060,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
/* If age restriction is enabled, initialize the array of age restricted
denoms and prepare a hash for them, separate from the others. We will join
those hashes afterwards.*/
if (TEH_age_restriction_enabled)
if (0)
{
age_restricted_denoms = json_array ();
GNUNET_assert (NULL != age_restricted_denoms);
@ -2146,7 +2146,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
/* Put the denom into the correct array depending on the settings and
* the properties of the denomination. Also, we build up the right
* hash for the corresponding array. */
if (TEH_age_restriction_enabled &&
if (0 &&
(0 != dk->denom_pub.age_mask.bits))
{
have_age_restricted_denoms = true;
@ -2180,7 +2180,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
/* If age restriction is active and we had at least one denomination of
* that sort, we simply add the hash of all age restricted denominations at
* the end of the others. */
if (TEH_age_restriction_enabled && have_age_restricted_denoms)
if (0 && have_age_restricted_denoms)
{
struct GNUNET_HashCode hcr;
GNUNET_CRYPTO_hash_context_finish (hash_context_restricted, &hcr);
@ -2205,7 +2205,7 @@ finish_keys_response (struct TEH_KeyStateHandle *ksh)
"Failed to generate key response data for %s\n",
GNUNET_TIME_timestamp2s (last_cpd));
json_decref (denoms);
if (TEH_age_restriction_enabled && NULL != age_restricted_denoms)
if (0 && NULL != age_restricted_denoms)
json_decref (age_restricted_denoms);
json_decref (sctx.signkeys);
json_decref (recoup);

View File

@ -440,6 +440,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
unsigned int num_fresh_coins = json_array_size (new_denoms_h_json);
/* We know num_fresh_coins is bounded by #TALER_MAX_FRESH_COINS, so this is safe */
const struct TEH_DenominationKey *dks[num_fresh_coins];
const struct TEH_DenominationKey *old_dk;
struct TALER_RefreshCoinData rcds[num_fresh_coins];
struct TALER_EXCHANGEDB_RefreshRevealedCoin rrcs[num_fresh_coins];
MHD_RESULT ret;
@ -460,6 +461,53 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
NULL);
}
/* lookup old_coin_pub in database */
{
enum GNUNET_DB_QueryStatus qs;
if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT !=
(qs = TEH_plugin->get_melt (TEH_plugin->cls,
&rctx->rc,
&rctx->melt,
&melt_serial_id)))
{
switch (qs)
{
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_NOT_FOUND,
TALER_EC_EXCHANGE_REFRESHES_REVEAL_SESSION_UNKNOWN,
NULL);
break;
case GNUNET_DB_STATUS_HARD_ERROR:
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
"melt");
break;
case GNUNET_DB_STATUS_SOFT_ERROR:
default:
GNUNET_break (0); /* should be impossible */
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE,
NULL);
break;
}
goto cleanup;
}
if (rctx->melt.session.noreveal_index >= TALER_CNC_KAPPA)
{
GNUNET_break (0);
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
"melt");
goto cleanup;
}
}
/* Parse denomination key hashes */
for (unsigned int i = 0; i<num_fresh_coins; i++)
{
@ -483,6 +531,13 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
&ret);
if (NULL == dks[i])
return ret;
old_dk = TEH_keys_denomination_by_hash2 (ksh,
&rctx->melt.session.coin.
denom_pub_hash,
connection,
&ret);
if (NULL == old_dk)
return ret;
if ( (TALER_DENOMINATION_CS == dks[i]->denom_pub.cipher) &&
(rctx->no_rms) )
{
@ -548,52 +603,6 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
&rrc->coin_envelope_hash);
}
/* lookup old_coin_pub in database */
{
enum GNUNET_DB_QueryStatus qs;
if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT !=
(qs = TEH_plugin->get_melt (TEH_plugin->cls,
&rctx->rc,
&rctx->melt,
&melt_serial_id)))
{
switch (qs)
{
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_NOT_FOUND,
TALER_EC_EXCHANGE_REFRESHES_REVEAL_SESSION_UNKNOWN,
NULL);
break;
case GNUNET_DB_STATUS_HARD_ERROR:
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
"melt");
break;
case GNUNET_DB_STATUS_SOFT_ERROR:
default:
GNUNET_break (0); /* should be impossible */
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE,
NULL);
break;
}
goto cleanup;
}
if (rctx->melt.session.noreveal_index >= TALER_CNC_KAPPA)
{
GNUNET_break (0);
ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
"melt");
goto cleanup;
}
}
if (TEH_age_restriction_enabled &&
((NULL == old_age_commitment_json) !=
TALER_AgeCommitmentHash_isNullOrZero (
@ -619,7 +628,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
rctx->old_age_commitment = GNUNET_new (struct TALER_AgeCommitment);
oac = rctx->old_age_commitment;
oac->mask = TEH_age_mask;
oac->mask = old_dk->meta.age_mask;
oac->num = ng;
oac->keys = GNUNET_new_array (ng, struct TALER_AgeCommitmentPublicKeyP);

View File

@ -38,6 +38,13 @@ TALER_age_commitment_hash (
return;
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"popcount - 1: %d\n",
__builtin_popcount (commitment->mask.bits) - 1);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"commitment num: %d\n",
commitment->num);
GNUNET_assert (__builtin_popcount (commitment->mask.bits) - 1 ==
commitment->num);

View File

@ -190,6 +190,7 @@ TALER_wallet_deposit_verify (
amount);
TALER_amount_hton (&dr.deposit_fee,
deposit_fee);
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_DEPOSIT,
&dr,