combining /mint/melt and /mint/commit

This commit is contained in:
Christian Grothoff 2015-03-10 16:15:14 +01:00
parent 07f18f1660
commit c2c8646a83
10 changed files with 359 additions and 606 deletions

View File

@ -56,29 +56,24 @@
#define TALER_SIGNATURE_WITHDRAW 4
/**
* Signature where the refresh session confirms
* the list of melted coins and requested denominations.
* Signature using a coin key confirming the melting of
* a coin.
*/
#define TALER_SIGNATURE_REFRESH_MELT 5
#define TALER_SIGNATURE_REFRESH_MELT_COIN 5
/**
* Signature where the refresh session confirms
* the commits.
*/
#define TALER_SIGNATURE_REFRESH_COMMIT 6
#define TALER_SIGNATURE_REFRESH_MELT 6
/**
* Signature where the mint (current signing key)
* confirms the list of blind session keys.
* confirms the no-reveal index for cut-and-choose and
* the validity of the melted coins.
*/
#define TALER_SIGNATURE_REFRESH_MELT_RESPONSE 7
/**
* Signature where the mint (current signing key)
* confirms the no-reveal index for cut-and-choose.
*/
#define TALER_SIGNATURE_REFRESH_COMMIT_RESPONSE 8
/**
* Signature where coins confirm that they want
* to be melted into a certain session.
@ -234,17 +229,21 @@ struct TALER_DepositConfirmation
/**
* Format of the block signed by the Mint in response to
* a successful "/refresh/melt" request. Hereby the mint
* affirms that all of the coins were successfully melted.
* Message signed by a coin to indicate that the coin should
* be melted.
*/
struct RefreshMeltResponseSignatureBody
struct RefreshMeltSignatureBody
{
/**
* Purpose is #TALER_SIGNATURE_REFRESH_MELT_RESPONSE.
* Purpose is #TALER_SIGNATURE_REFRESH_MELT_COIN.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Which melting operation should the coin become a part of.
*/
struct GNUNET_HashCode melt_hash;
/**
* Signature of the client over the melt request (thereby
* indirectly including all of the information the client
@ -258,30 +257,6 @@ struct RefreshMeltResponseSignatureBody
*/
struct GNUNET_CRYPTO_EddsaPublicKey session_key;
/**
* Security parameter requested for the commitments.
*/
uint32_t kappa GNUNET_PACKED;
};
/**
* Message signed by a coin to indicate that the coin should
* be melted.
*/
struct RefreshMeltSignatureBody
{
/**
* Purpose is #TALER_SIGNATURE_REFRESH_MELT.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Which melting operation should the coin become a part of.
*/
struct GNUNET_HashCode melt_hash;
/**
* How much of the value of the coin should be melted?
* This amount includes the fees, so the final amount contributed
@ -298,7 +273,7 @@ struct RefreshMeltSignatureBody
struct RefreshCommitSignatureBody
{
/**
* Purpose is #TALER_SIGNATURE_REFRESH_COMMIT.
* Purpose is #TALER_SIGNATURE_REFRESH_MELT.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
@ -310,10 +285,12 @@ struct RefreshCommitSignatureBody
/**
* Message signed by the mint, committing it to a particular
* index to not be revealed during the refresh.
* Format of the block signed by the Mint in response to a successful
* "/refresh/melt" request. Hereby the mint affirms that all of the
* coins were successfully melted. This also commits the mint to a
* particular index to not be revealed during the refresh.
*/
struct RefreshCommitResponseSignatureBody
struct RefreshMeltResponseSignatureBody
{
/**
* Purpose is #TALER_SIGNATURE_REFRESH_MELT_RESPONSE.

View File

@ -1417,11 +1417,6 @@ TALER_MINT_DB_get_refresh_session (PGconn *db_conn,
return GNUNET_SYSERR;
}
if (TALER_DB_field_isnull (result, 0, "session_commit_sig"))
session->has_commit_sig = GNUNET_NO;
else
session->has_commit_sig = GNUNET_YES;
session->num_oldcoins = ntohs (session->num_oldcoins);
session->num_newcoins = ntohs (session->num_newcoins);
session->kappa = ntohs (session->kappa);
@ -1471,28 +1466,6 @@ TALER_MINT_DB_create_refresh_session (PGconn *db_conn,
}
/**
* Update new refresh session with the new state after the
* /refresh/commit operation.
*
* @param db_conn database handle to use
* @param refresh_session_pub public key to use to locate the session
* @param noreveal_index index chosen for the client to not reveal
* @param commit_client_sig signature of the client over its commitment
* @return #GNUNET_YES on success,
* #GNUNET_SYSERR on DB failure
*/
int
TALER_MINT_DB_update_refresh_session (PGconn *db_conn,
const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub,
uint16_t noreveal_index,
const struct GNUNET_CRYPTO_EddsaSignature *commit_client_sig)
{
// FIXME: implement!
return GNUNET_SYSERR;
}
/**
* Store the given /refresh/melt request in the database.
*

View File

@ -474,17 +474,10 @@ struct RefreshSession
/**
* Index (smaller @e kappa) which the mint has chosen to not
* have revealed during cut and choose. Only valid if
* @e has_commit_sig is set to #GNUNET_YES.
* have revealed during cut and choose.
*/
uint16_t noreveal_index;
/**
* #GNUNET_YES if we have accepted the /refresh/commit and
* thus the @e commit_sig is valid.
*/
int has_commit_sig;
};
@ -519,24 +512,6 @@ TALER_MINT_DB_create_refresh_session (PGconn *db_conn,
const struct RefreshSession *session);
/**
* Update new refresh session with the new state after the
* /refresh/commit operation.
*
* @param db_conn database handle to use
* @param refresh_session_pub public key to use to locate the session
* @param noreveal_index index chosen for the client to not reveal
* @param commit_client_sig signature of the client over its commitment
* @return #GNUNET_YES on success,
* #GNUNET_SYSERR on DB failure
*/
int
TALER_MINT_DB_update_refresh_session (PGconn *db_conn,
const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub,
uint16_t noreveal_index,
const struct GNUNET_CRYPTO_EddsaSignature *commit_client_sig);
/**
* Specification for coin in a /refresh/melt operation.
*/

View File

@ -152,12 +152,6 @@ handle_mhd_request (void *cls,
{ "/refresh/melt", NULL, "text/plain",
"Only POST is allowed", 0,
&TALER_MINT_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
{ "/refresh/commit", MHD_HTTP_METHOD_POST, "application/json",
NULL, 0,
&TALER_MINT_handler_refresh_commit, MHD_HTTP_OK },
{ "/refresh/commit", NULL, "text/plain",
"Only POST is allowed", 0,
&TALER_MINT_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
{ "/refresh/reveal", MHD_HTTP_METHOD_POST, "application/json",
NULL, 0,
&TALER_MINT_handler_refresh_melt, MHD_HTTP_OK },

View File

@ -151,7 +151,7 @@ TALER_MINT_db_execute_deposit (struct MHD_Connection *connection,
if (0 < TALER_amount_cmp (spent, value))
{
TALER_MINT_DB_rollback (db_conn);
ret = TALER_MINT_reply_insufficient_funds (connection,
ret = TALER_MINT_reply_deposit_insufficient_funds (connection,
tl);
TALER_MINT_DB_free_coin_transaction_list (tl);
return ret;
@ -435,8 +435,10 @@ refresh_accept_melts (struct MHD_Connection *connection,
{
struct TALER_MINT_DenomKeyIssue *dki;
struct TALER_MINT_DB_TransactionList *tl;
struct TALER_Amount coin_gain;
struct TALER_Amount coin_value;
struct TALER_Amount coin_residual;
struct RefreshMelt melt;
int res;
dki = &TALER_MINT_get_denom_key (key_state,
coin_public_info->denom_pub)->issue;
@ -450,25 +452,30 @@ refresh_accept_melts (struct MHD_Connection *connection,
"denom not found"))
? GNUNET_NO : GNUNET_SYSERR;
coin_gain = TALER_amount_ntoh (dki->value);
coin_value = TALER_amount_ntoh (dki->value);
tl = TALER_MINT_DB_get_coin_transactions (db_conn,
&coin_public_info->coin_pub);
/* FIXME: #3636: compute how much value is left with this coin and
compare to `expected_value`! (subtract from "coin_gain") */
TALER_MINT_DB_free_coin_transaction_list (tl);
compare to `expected_value`! (subtract from "coin_value") */
coin_residual = coin_value;
/* Refuse to refresh when the coin does not have enough money left to
* pay the refreshing fees of the coin. */
if (TALER_amount_cmp (coin_gain,
if (TALER_amount_cmp (coin_residual,
coin_details->melt_amount) < 0)
return (MHD_YES ==
TALER_MINT_reply_json_pack (connection,
MHD_HTTP_NOT_FOUND,
"{s:s}",
"error", "depleted")) ? GNUNET_NO : GNUNET_SYSERR;
{
res = (MHD_YES ==
TALER_MINT_reply_refresh_melt_insufficient_funds (connection,
&coin_public_info->coin_pub,
coin_value,
tl,
coin_details->melt_amount,
coin_residual))
? GNUNET_NO : GNUNET_SYSERR;
TALER_MINT_DB_free_coin_transaction_list (tl);
return res;
}
TALER_MINT_DB_free_coin_transaction_list (tl);
melt.coin = *coin_public_info;
melt.coin_sig = coin_details->melt_sig;
@ -494,6 +501,8 @@ refresh_accept_melts (struct MHD_Connection *connection,
* required value left and if so, store that they have been
* melted and confirm the melting operation to the client.
*
* FIXME: some arguments are redundant here...
*
* @param connection the MHD connection to handle
* @param melt_hash hash code of the session the coins are melted into
* @param refresh_session_pub public key of the refresh session
@ -504,6 +513,15 @@ refresh_accept_melts (struct MHD_Connection *connection,
* @param coin_count number of entries in @a coin_public_infos and @a coin_melt_details
* @param coin_public_infos information about the coins to melt
* @param coin_melt_details signatures and (residual) value of the respective coin should be melted
* @param commit_client_sig signature of the client over this commitment
* @param kappa size of x-dimension of @commit_coin and @commit_link arrays
* @param num_oldcoins size of y-dimension of @commit_link array
* @param num_newcoins size of y-dimension of @commit_coin array
* @param commit_coin 2d array of coin commitments (what the mint is to sign
* once the "/refres/reveal" of cut and choose is done)
* @param commit_link 2d array of coin link commitments (what the mint is
* to return via "/refresh/link" to enable linkage in the
* future)
* @return MHD result code
*/
int
@ -515,13 +533,20 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
struct GNUNET_CRYPTO_rsa_PublicKey *const*denom_pubs,
unsigned int coin_count,
const struct TALER_CoinPublicInfo *coin_public_infos,
const struct MeltDetails *coin_melt_details)
const struct MeltDetails *coin_melt_details,
const struct GNUNET_CRYPTO_EddsaSignature *commit_client_sig,
unsigned int kappa,
unsigned int num_oldcoins,
unsigned int num_newcoins,
struct RefreshCommitCoin *const* commit_coin,
struct RefreshCommitLink *const* commit_link)
{
struct MintKeyState *key_state;
struct RefreshSession session;
PGconn *db_conn;
int res;
unsigned int i;
unsigned int j;
if (NULL == (db_conn = TALER_MINT_DB_get_connection (GNUNET_NO)))
{
@ -540,10 +565,10 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
if (GNUNET_YES == res)
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_refresh_melt_success (connection,
&session.melt_sig,
refresh_session_pub,
session.kappa);
res = TALER_MINT_reply_refresh_melt_success (connection,
&session.session_hash,
session.noreveal_index);
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
}
if (GNUNET_SYSERR == res)
{
@ -586,116 +611,6 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
}
}
/* store 'global' session data */
session.melt_sig = *client_signature;
session.session_hash = *melt_hash;
session.num_oldcoins = coin_count;
session.num_newcoins = num_new_denoms;
session.kappa = KAPPA;
session.noreveal_index = UINT16_MAX;
session.has_commit_sig = GNUNET_NO;
if (GNUNET_OK !=
(res = TALER_MINT_DB_create_refresh_session (db_conn,
refresh_session_pub,
&session)))
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_db_error (connection);
}
if (GNUNET_OK !=
TALER_MINT_DB_commit (db_conn))
{
LOG_WARNING ("/refresh/melt transaction commit failed\n");
return TALER_MINT_reply_commit_error (connection);
}
return TALER_MINT_reply_refresh_melt_success (connection,
client_signature,
refresh_session_pub,
session.kappa);
}
/**
* Execute a "/refresh/commit". The client is committing to @a kappa
* sets of transfer keys, and linkage information for a refresh
* operation. Confirm that the commit matches the melts of an
* existing @a refresh_session_pub, store the refresh session commit
* data and then return the client a challenge specifying which of the
* @a kappa sets of private transfer keys should not be revealed.
*
* @param connection the MHD connection to handle
* @param refresh_session public key of the session
* @param commit_client_sig signature of the client over this commitment
* @param kappa size of x-dimension of @commit_coin and @commit_link arrays
* @param num_oldcoins size of y-dimension of @commit_link array
* @param num_newcoins size of y-dimension of @commit_coin array
* @param commit_coin 2d array of coin commitments (what the mint is to sign
* once the "/refres/reveal" of cut and choose is done)
* @param commit_link 2d array of coin link commitments (what the mint is
* to return via "/refresh/link" to enable linkage in the
* future)
* @return MHD result code
*/
int
TALER_MINT_db_execute_refresh_commit (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub,
const struct GNUNET_CRYPTO_EddsaSignature *commit_client_sig,
unsigned int kappa,
unsigned int num_oldcoins,
unsigned int num_newcoins,
struct RefreshCommitCoin *const*commit_coin,
struct RefreshCommitLink *const*commit_link)
{
PGconn *db_conn;
struct RefreshSession refresh_session;
unsigned int i;
unsigned int j;
int res;
if (NULL == (db_conn = TALER_MINT_DB_get_connection (GNUNET_NO)))
{
GNUNET_break (0);
return TALER_MINT_reply_internal_db_error (connection);
}
if (GNUNET_OK !=
TALER_MINT_DB_transaction (db_conn))
{
GNUNET_break (0);
return TALER_MINT_reply_internal_db_error (connection);
}
res = TALER_MINT_DB_get_refresh_session (db_conn,
refresh_session_pub,
&refresh_session);
if (GNUNET_SYSERR == res)
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_db_error (connection);
}
if (GNUNET_NO == res)
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_arg_invalid (connection,
"session_pub");
}
if ( (refresh_session.kappa != kappa) ||
(refresh_session.num_newcoins != num_newcoins) ||
(refresh_session.num_oldcoins != num_oldcoins) )
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_arg_invalid (connection,
"dimensions");
}
if (GNUNET_YES == refresh_session.has_commit_sig)
{
TALER_MINT_DB_rollback (db_conn);
res = TALER_MINT_reply_refresh_commit_success (connection,
&refresh_session.session_hash,
refresh_session.noreveal_index);
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
}
for (i = 0; i < kappa; i++)
{
for (j = 0; j < num_newcoins; j++)
@ -729,31 +644,36 @@ TALER_MINT_db_execute_refresh_commit (struct MHD_Connection *connection,
}
}
refresh_session.noreveal_index
= GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_STRONG,
refresh_session.kappa);
/* store 'global' session data */
session.melt_sig = *client_signature;
session.session_hash = *melt_hash;
session.num_oldcoins = coin_count;
session.num_newcoins = num_new_denoms;
session.kappa = KAPPA; // FIXME...
session.noreveal_index
= GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_STRONG,
session.kappa);
if (GNUNET_OK !=
(res = TALER_MINT_DB_update_refresh_session (db_conn,
(res = TALER_MINT_DB_create_refresh_session (db_conn,
refresh_session_pub,
refresh_session.noreveal_index,
commit_client_sig)))
&session)))
{
TALER_MINT_DB_rollback (db_conn);
return TALER_MINT_reply_internal_db_error (connection);
}
if (GNUNET_OK !=
TALER_MINT_DB_commit (db_conn))
{
LOG_WARNING ("/refresh/commit transaction commit failed\n");
LOG_WARNING ("/refresh/melt transaction commit failed\n");
return TALER_MINT_reply_commit_error (connection);
}
return TALER_MINT_reply_refresh_commit_success (connection,
&refresh_session.session_hash,
refresh_session.noreveal_index);
return TALER_MINT_reply_refresh_melt_success (connection,
&session.session_hash,
session.noreveal_index);
}
@ -1061,15 +981,6 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
return TALER_MINT_reply_internal_db_error (connection);
}
if ( (refresh_session.noreveal_index >= refresh_session.kappa) ||
(GNUNET_NO == refresh_session.has_commit_sig) )
{
GNUNET_break (UINT16_MAX == refresh_session.noreveal_index);
GNUNET_break (GNUNET_NO == refresh_session.has_commit_sig);
return TALER_MINT_reply_external_error (connection,
"/refresh/commit must be executed first");
}
melts = GNUNET_malloc (refresh_session.num_oldcoins *
sizeof (struct RefreshMelt));
for (j=0;j<refresh_session.num_oldcoins;j++)

View File

@ -107,6 +107,8 @@ struct MeltDetails
* required value left and if so, store that they have been
* melted and confirm the melting operation to the client.
*
* FIXME: some arguments are redundant here...
*
* @param connection the MHD connection to handle
* @param melt_hash hash code of the session the coins are melted into
* @param refresh_session_pub public key of the refresh session
@ -117,30 +119,6 @@ struct MeltDetails
* @param coin_count number of entries in @a coin_public_infos and @ a coin_melt_details
* @param coin_public_infos information about the coins to melt
* @param coin_melt_details signatures and (residual) value of the respective coin should be melted
* @return MHD result code
*/
int
TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
const struct GNUNET_HashCode *melt_hash,
const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub,
const struct GNUNET_CRYPTO_EddsaSignature *client_signature,
unsigned int num_new_denoms,
struct GNUNET_CRYPTO_rsa_PublicKey *const*denom_pubs,
unsigned int coin_count,
const struct TALER_CoinPublicInfo *coin_public_infos,
const struct MeltDetails *coin_melt_details);
/**
* Execute a "/refresh/commit". The client is committing to @a kappa
* sets of transfer keys, and linkage information for a refresh
* operation. Confirm that the commit matches the melts of an
* existing @a refresh_session_pub, store the refresh session commit
* data and then return the client a challenge specifying which of the
* @a kappa sets of private transfer keys should not be revealed.
*
* @param connection the MHD connection to handle
* @param refresh_session public key of the session
* @param commit_client_sig signature of the client over this commitment
* @param kappa size of x-dimension of @commit_coin and @commit_link arrays
* @param num_oldcoins size of y-dimension of @commit_coin array
@ -154,8 +132,15 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
*/
// FIXME: see #3635.
int
TALER_MINT_db_execute_refresh_commit (struct MHD_Connection *connection,
TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
const struct GNUNET_HashCode *melt_hash,
const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub,
const struct GNUNET_CRYPTO_EddsaSignature *client_signature,
unsigned int num_new_denoms,
struct GNUNET_CRYPTO_rsa_PublicKey *const*denom_pubs,
unsigned int coin_count,
const struct TALER_CoinPublicInfo *coin_public_infos,
const struct MeltDetails *coin_melt_details,
const struct GNUNET_CRYPTO_EddsaSignature *commit_client_sig,
unsigned int kappa,
unsigned int num_oldcoins,

View File

@ -151,6 +151,15 @@ request_json_check_signature (struct MHD_Connection *connection,
* @param coin_public_infos array with @a coin_count entries about the coins
* @param coin_melt_details array with @a coin_count entries with melting details
* @param melt_sig_json signature affirming the overall melt operation
* @param commit_client_sig signature of the client over this commitment
* @param kappa size of x-dimension of @commit_coin and @commit_link arrays
* @param num_oldcoins size of y-dimension of @commit_coin array
* @param num_newcoins size of y-dimension of @commit_link array
* @param commit_coin 2d array of coin commitments (what the mint is to sign
* once the "/refres/reveal" of cut and choose is done)
* @param commit_link 2d array of coin link commitments (what the mint is
* to return via "/refresh/link" to enable linkage in the
* future)
* @return MHD result code
*/
static int
@ -161,7 +170,14 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,
unsigned int coin_count,
struct TALER_CoinPublicInfo *coin_public_infos,
const struct MeltDetails *coin_melt_details,
const json_t *melt_sig_json)
const json_t *melt_sig_json,
const struct GNUNET_CRYPTO_EddsaSignature *commit_client_sig,
unsigned int kappa,
unsigned int num_oldcoins,
unsigned int num_newcoins,
struct RefreshCommitCoin *const* commit_coin,
struct RefreshCommitLink *const* commit_link)
{
int res;
unsigned int i;
@ -256,7 +272,13 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,
denom_pubs,
coin_count,
coin_public_infos,
coin_melt_details);
coin_melt_details,
NULL /* FIXME: 3635! */,
kappa,
num_oldcoins,
num_newcoins,
commit_coin,
commit_link);
}
@ -363,168 +385,6 @@ get_and_verify_coin_public_info (struct MHD_Connection *connection,
}
/**
* Handle a "/refresh/melt" request after the first parsing has happened.
* We now need to validate the coins being melted and the session signature
* and then hand things of to execute the melt operation. This function
* parses the JSON arrays and then passes processing on to
* #handle_refresh_melt_binary().
*
* @param connection the MHD connection to handle
* @param refresh_session_pub public key of the melt operation
* @param new_denoms array of denomination keys
* @param melt_coins array of coins to melt
* @param melt_sig_json signature affirming the melt operation
* @return MHD result code
*/
static int
handle_refresh_melt_json (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub,
const json_t *new_denoms,
const json_t *melt_coins,
const json_t *melt_sig_json)
{
int res;
unsigned int i;
unsigned int j;
struct GNUNET_CRYPTO_rsa_PublicKey **denom_pubs;
unsigned int num_new_denoms;
struct TALER_CoinPublicInfo *coin_public_infos;
struct MeltDetails *coin_melt_details;
unsigned int coin_count;
num_new_denoms = json_array_size (new_denoms);
denom_pubs = GNUNET_malloc (num_new_denoms *
sizeof (struct GNUNET_CRYPTO_rsa_PublicKey *));
for (i=0;i<num_new_denoms;i++)
{
res = GNUNET_MINT_parse_navigate_json (connection, new_denoms,
JNAV_INDEX, (int) i,
JNAV_RET_RSA_PUBLIC_KEY, &denom_pubs[i]);
if (GNUNET_OK != res)
{
for (j=0;j<i;j++)
GNUNET_CRYPTO_rsa_public_key_free (denom_pubs[j]);
GNUNET_free (denom_pubs);
return res;
}
}
coin_count = json_array_size (melt_coins);
/* FIXME: make 'struct TALER_CoinPublicInfo' part of `struct MeltDetails`
and combine these two arrays/arguments! */
coin_public_infos = GNUNET_malloc (coin_count *
sizeof (struct TALER_CoinPublicInfo));
coin_melt_details = GNUNET_malloc (coin_count *
sizeof (struct MeltDetails));
for (i=0;i<coin_count;i++)
{
/* decode JSON data on coin to melt */
res = get_and_verify_coin_public_info (connection,
refresh_session_pub,
json_array_get (melt_coins, i),
&coin_public_infos[i],
&coin_melt_details[i]);
if (GNUNET_OK != res)
{
for (j=0;j<i;j++)
{
GNUNET_CRYPTO_rsa_public_key_free (coin_public_infos[j].denom_pub);
GNUNET_CRYPTO_rsa_signature_free (coin_public_infos[j].denom_sig);
}
GNUNET_free (coin_public_infos);
for (j=0;j<num_new_denoms;j++)
GNUNET_CRYPTO_rsa_public_key_free (denom_pubs[j]);
GNUNET_free (coin_melt_details);
GNUNET_free (denom_pubs);
return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
}
}
res = handle_refresh_melt_binary (connection,
refresh_session_pub,
num_new_denoms,
denom_pubs,
coin_count,
coin_public_infos,
coin_melt_details,
melt_sig_json);
for (j=0;j<coin_count;j++)
{
GNUNET_CRYPTO_rsa_public_key_free (coin_public_infos[j].denom_pub);
GNUNET_CRYPTO_rsa_signature_free (coin_public_infos[j].denom_sig);
}
GNUNET_free (coin_public_infos);
for (j=0;j<num_new_denoms;j++)
{
GNUNET_CRYPTO_rsa_public_key_free (denom_pubs[j]);
}
GNUNET_free (coin_melt_details);
GNUNET_free (denom_pubs);
return res;
}
/**
* Handle a "/refresh/melt" request. Parses the request into the JSON
* components and then hands things of to #handle_referesh_melt_json()
* to validate the melted coins, the signature and execute the melt
* using TALER_MINT_db_execute_refresh_melt().
*
* @param rh context of the handler
* @param connection the MHD connection to handle
* @param[IN|OUT] connection_cls the connection's closure (can be updated)
* @param upload_data upload data
* @param[IN|OUT] upload_data_size number of bytes (left) in @a upload_data
* @return MHD result code
*/
int
TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,
struct MHD_Connection *connection,
void **connection_cls,
const char *upload_data,
size_t *upload_data_size)
{
json_t *root;
json_t *new_denoms;
json_t *melt_coins;
json_t *melt_sig_json;
struct GNUNET_CRYPTO_EddsaPublicKey refresh_session_pub;
int res;
struct GNUNET_MINT_ParseFieldSpec spec[] = {
TALER_MINT_PARSE_FIXED ("session_pub", &refresh_session_pub),
TALER_MINT_PARSE_ARRAY ("new_denoms", &new_denoms),
TALER_MINT_PARSE_ARRAY ("melt_coins", &melt_coins),
TALER_MINT_PARSE_ARRAY ("melt_signature", &melt_sig_json),
TALER_MINT_PARSE_END
};
res = TALER_MINT_parse_post_json (connection,
connection_cls,
upload_data,
upload_data_size,
&root);
if (GNUNET_SYSERR == res)
return MHD_NO;
if ( (GNUNET_NO == res) || (NULL == root) )
return MHD_YES;
res = TALER_MINT_parse_json_data (connection,
root,
spec);
json_decref (root);
if (GNUNET_OK != res)
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
res = handle_refresh_melt_json (connection,
&refresh_session_pub,
new_denoms,
melt_coins,
melt_sig_json);
TALER_MINT_release_parsed_data (spec);
return res;
}
/**
* Release memory from the @a commit_coin array.
*
@ -577,14 +437,18 @@ free_commit_links (struct RefreshCommitLink **commit_link,
}
/**
* Handle a "/refresh/commit" request. We have the individual JSON
* arrays, now we need to parse their contents and verify the
* commit signature. Then we can commit the data to the database.
* Handle a "/refresh/melt" request after the first parsing has happened.
* We now need to validate the coins being melted and the session signature
* and then hand things of to execute the melt operation. This function
* parses the JSON arrays and then passes processing on to
* #handle_refresh_melt_binary().
*
* @param connection the MHD connection to handle
* @param refresh_session_pub public key of the refresh session
* @param refresh_session_pub public key of the melt operation
* @param new_denoms array of denomination keys
* @param melt_coins array of coins to melt
* @param melt_sig_json signature affirming the melt operation
* @param commit_signature signature over the commit
* @param kappa security parameter for cut and choose
* @param num_oldcoins number of coins that are being melted
@ -596,8 +460,11 @@ free_commit_links (struct RefreshCommitLink **commit_link,
* @return MHD result code
*/
static int
handle_refresh_commit_json (struct MHD_Connection *connection,
handle_refresh_melt_json (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EddsaPublicKey *refresh_session_pub,
const json_t *new_denoms,
const json_t *melt_coins,
const json_t *melt_sig_json,
const json_t *commit_signature,
unsigned int kappa,
unsigned int num_oldcoins,
@ -606,15 +473,70 @@ handle_refresh_commit_json (struct MHD_Connection *connection,
unsigned int num_newcoins,
const json_t *coin_evs,
const json_t *link_encs)
{
int res;
unsigned int i;
unsigned int j;
struct GNUNET_CRYPTO_rsa_PublicKey **denom_pubs;
unsigned int num_new_denoms;
struct TALER_CoinPublicInfo *coin_public_infos;
struct MeltDetails *coin_melt_details;
unsigned int coin_count;
struct GNUNET_HashCode commit_hash;
struct GNUNET_HashContext *hash_context;
struct RefreshCommitSignatureBody body;
struct RefreshCommitCoin *commit_coin[kappa];
struct RefreshCommitLink *commit_link[kappa];
unsigned int i;
unsigned int j;
int res;
num_new_denoms = json_array_size (new_denoms);
denom_pubs = GNUNET_malloc (num_new_denoms *
sizeof (struct GNUNET_CRYPTO_rsa_PublicKey *));
for (i=0;i<num_new_denoms;i++)
{
res = GNUNET_MINT_parse_navigate_json (connection, new_denoms,
JNAV_INDEX, (int) i,
JNAV_RET_RSA_PUBLIC_KEY, &denom_pubs[i]);
if (GNUNET_OK != res)
{
for (j=0;j<i;j++)
GNUNET_CRYPTO_rsa_public_key_free (denom_pubs[j]);
GNUNET_free (denom_pubs);
return res;
}
}
coin_count = json_array_size (melt_coins);
/* FIXME: make 'struct TALER_CoinPublicInfo' part of `struct MeltDetails`
and combine these two arrays/arguments! */
coin_public_infos = GNUNET_malloc (coin_count *
sizeof (struct TALER_CoinPublicInfo));
coin_melt_details = GNUNET_malloc (coin_count *
sizeof (struct MeltDetails));
for (i=0;i<coin_count;i++)
{
/* decode JSON data on coin to melt */
res = get_and_verify_coin_public_info (connection,
refresh_session_pub,
json_array_get (melt_coins, i),
&coin_public_infos[i],
&coin_melt_details[i]);
if (GNUNET_OK != res)
{
for (j=0;j<i;j++)
{
GNUNET_CRYPTO_rsa_public_key_free (coin_public_infos[j].denom_pub);
GNUNET_CRYPTO_rsa_signature_free (coin_public_infos[j].denom_sig);
}
GNUNET_free (coin_public_infos);
for (j=0;j<num_new_denoms;j++)
GNUNET_CRYPTO_rsa_public_key_free (denom_pubs[j]);
GNUNET_free (coin_melt_details);
GNUNET_free (denom_pubs);
return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
}
}
/* parse JSON arrays into 2d binary arrays and hash everything
together for the signature check */
@ -721,7 +643,7 @@ handle_refresh_commit_json (struct MHD_Connection *connection,
GNUNET_CRYPTO_hash_context_finish (hash_context, &commit_hash);
/* verify commit signature */
body.purpose.purpose = htonl (TALER_SIGNATURE_REFRESH_COMMIT);
body.purpose.purpose = htonl (TALER_SIGNATURE_REFRESH_MELT);
body.purpose.size = htonl (sizeof (struct RefreshCommitSignatureBody));
body.commit_hash = commit_hash;
@ -738,8 +660,14 @@ handle_refresh_commit_json (struct MHD_Connection *connection,
/* execute commit */
/* FIXME: we must also store the signature! (#3635) */
res = TALER_MINT_db_execute_refresh_commit (connection,
res = handle_refresh_melt_binary (connection,
refresh_session_pub,
num_new_denoms,
denom_pubs,
coin_count,
coin_public_infos,
coin_melt_details,
melt_sig_json,
NULL /* FIXME: 3635! */,
kappa,
num_oldcoins,
@ -748,19 +676,27 @@ handle_refresh_commit_json (struct MHD_Connection *connection,
commit_link);
free_commit_coins (commit_coin, kappa, num_newcoins);
free_commit_links (commit_link, kappa, num_oldcoins);
for (j=0;j<coin_count;j++)
{
GNUNET_CRYPTO_rsa_public_key_free (coin_public_infos[j].denom_pub);
GNUNET_CRYPTO_rsa_signature_free (coin_public_infos[j].denom_sig);
}
GNUNET_free (coin_public_infos);
for (j=0;j<num_new_denoms;j++)
{
GNUNET_CRYPTO_rsa_public_key_free (denom_pubs[j]);
}
GNUNET_free (coin_melt_details);
GNUNET_free (denom_pubs);
return res;
}
/**
* Handle a "/refresh/commit" request. Parses the top-level JSON to
* determine the dimensions of the problem and then handles handing
* off to #handle_refresh_commit_json() to parse the details of the
* JSON arguments. Once the signature has been verified, the
* commit data is written to the database via
* #TALER_MINT_db_execute_refresh_commit() and the reveal parameter
* is then returned to the client.
* Handle a "/refresh/melt" request. Parses the request into the JSON
* components and then hands things of to #handle_referesh_melt_json()
* to validate the melted coins, the signature and execute the melt
* using TALER_MINT_db_execute_refresh_melt().
*
* @param rh context of the handler
* @param connection the MHD connection to handle
@ -770,26 +706,32 @@ handle_refresh_commit_json (struct MHD_Connection *connection,
* @return MHD result code
*/
int
TALER_MINT_handler_refresh_commit (struct RequestHandler *rh,
TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,
struct MHD_Connection *connection,
void **connection_cls,
const char *upload_data,
size_t *upload_data_size)
{
struct GNUNET_CRYPTO_EddsaPublicKey refresh_session_pub;
int res;
unsigned int kappa;
unsigned int num_oldcoins;
unsigned int num_newcoins;
json_t *root;
json_t *new_denoms;
json_t *melt_coins;
json_t *melt_sig_json;
json_t *coin_evs;
json_t *link_encs;
json_t *transfer_pubs;
json_t *secret_encs;
json_t *coin_detail;
json_t *commit_sig_json;
unsigned int kappa;
unsigned int num_oldcoins;
unsigned int num_newcoins;
json_t *coin_detail;
struct GNUNET_CRYPTO_EddsaPublicKey refresh_session_pub;
int res;
struct GNUNET_MINT_ParseFieldSpec spec[] = {
TALER_MINT_PARSE_FIXED ("session_pub", &refresh_session_pub),
TALER_MINT_PARSE_ARRAY ("new_denoms", &new_denoms),
TALER_MINT_PARSE_ARRAY ("melt_coins", &melt_coins),
TALER_MINT_PARSE_ARRAY ("melt_signature", &melt_sig_json),
TALER_MINT_PARSE_ARRAY ("coin_evs", &coin_evs),
TALER_MINT_PARSE_ARRAY ("link_encs", &link_encs),
TALER_MINT_PARSE_ARRAY ("transfer_pubs", &transfer_pubs),
@ -852,8 +794,12 @@ TALER_MINT_handler_refresh_commit (struct RequestHandler *rh,
return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
}
num_oldcoins = json_array_size (coin_detail);
res = handle_refresh_commit_json (connection,
res = handle_refresh_melt_json (connection,
&refresh_session_pub,
new_denoms,
melt_coins,
melt_sig_json,
commit_sig_json,
kappa,
num_oldcoins,
@ -862,6 +808,7 @@ TALER_MINT_handler_refresh_commit (struct RequestHandler *rh,
num_newcoins,
coin_evs,
link_encs);
TALER_MINT_release_parsed_data (spec);
return res;
}
@ -931,7 +878,7 @@ handle_refresh_reveal_json (struct MHD_Connection *connection,
/**
* Handle a "/refresh/reveal" request. This time, the client reveals
* the private transfer keys except for the cut-and-choose value
* returned from "/refresh/commit". This function parses the revealed
* returned from "/refresh/melt". This function parses the revealed
* keys and secrets and ultimately passes everything to
* #TALER_MINT_db_execute_refresh_reveal() which will verify that the
* revealed information is valid then returns the signed refreshed

View File

@ -49,30 +49,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,
size_t *upload_data_size);
/**
* Handle a "/refresh/commit" request. Parses the top-level JSON to
* determine the dimensions of the problem and then handles handing
* off to #handle_refresh_commit_json() to parse the details of the
* JSON arguments. Once the signature has been verified, the
* commit data is written to the database via
* #TALER_MINT_db_execute_refresh_commit() and the cut-and-choose value
* is then returned to the client.
*
* @param rh context of the handler
* @param connection the MHD connection to handle
* @param[IN|OUT] connection_cls the connection's closure (can be updated)
* @param upload_data upload data
* @param[IN|OUT] upload_data_size number of bytes (left) in @a upload_data
* @return MHD result code
*/
int
TALER_MINT_handler_refresh_commit (struct RequestHandler *rh,
struct MHD_Connection *connection,
void **connection_cls,
const char *upload_data,
size_t *upload_data_size);
/**
* Handle a "/refresh/reveal" request. This time, the client reveals
* the private transfer keys except for the cut-and-choose value

View File

@ -315,27 +315,20 @@ TALER_MINT_reply_deposit_success (struct MHD_Connection *connection,
return ret;
}
/**
* Send proof that a /deposit, /refresh/melt or /lock request is
* invalid to client. This function will create a message with all of
* the operations affecting the coin that demonstrate that the coin
* has insufficient value.
* Compile the transaction history of a coin into a JSON object.
*
* @param connection connection to the client
* @param tl transaction list to use to build reply
* @return MHD result code
* @param tl transaction history to JSON-ify
* @return json representation of the @a rh
*/
int
TALER_MINT_reply_insufficient_funds (struct MHD_Connection *connection,
const struct TALER_MINT_DB_TransactionList *tl)
static json_t *
compile_transaction_history (const struct TALER_MINT_DB_TransactionList *tl)
{
const struct TALER_MINT_DB_TransactionList *pos;
int ret;
json_t *history;
json_t *transaction;
const char *type;
struct TALER_Amount value;
json_t *history;
const struct TALER_MINT_DB_TransactionList *pos;
history = json_array ();
for (pos = tl; NULL != pos; pos = pos->next)
@ -392,13 +385,31 @@ TALER_MINT_reply_insufficient_funds (struct MHD_Connection *connection,
"amount", TALER_JSON_from_amount (value),
"signature", transaction));
}
return history;
}
ret = TALER_MINT_reply_json_pack (connection,
/**
* Send proof that a /withdraw request is invalid to client. This
* function will create a message with all of the operations affecting
* the coin that demonstrate that the coin has insufficient value.
*
* @param connection connection to the client
* @param tl transaction list to use to build reply
* @return MHD result code
*/
int
TALER_MINT_reply_deposit_insufficient_funds (struct MHD_Connection *connection,
const struct TALER_MINT_DB_TransactionList *tl)
{
json_t *history;
history = compile_transaction_history (tl);
return TALER_MINT_reply_json_pack (connection,
MHD_HTTP_FORBIDDEN,
"{s:s, s:o}",
"error", "insufficient funds",
"history", history);
return ret;
}
@ -589,47 +600,46 @@ TALER_MINT_reply_withdraw_sign_success (struct MHD_Connection *connection,
/**
* Send a response for "/refresh/melt". Essentially we sign
* over the client's signature and public key, thereby
* demonstrating that we accepted all of the client's coins.
* Send a response for a failed "/refresh/melt" request. The
* transaction history of the given coin demonstrates that the
* @a residual value of the coin is below the @a requested
* contribution of the coin for the melt. Thus, the mint
* refuses the melt operation.
*
* @param connection the connection to send the response to
* @param signature the client's signature over the melt request
* @param session_pub the refresh session public key.
* @param kappa security parameter to use for cut and choose
* @param coin_pub public key of the coin
* @param coin_value original value of the coin
* @param tl transaction history for the coin
* @param requested how much this coin was supposed to contribute
* @param residual remaining value of the coin (after subtracting @a tl)
* @return a MHD result code
*/
int
TALER_MINT_reply_refresh_melt_success (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EddsaSignature *signature,
const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub,
unsigned int kappa)
TALER_MINT_reply_refresh_melt_insufficient_funds (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EcdsaPublicKey *coin_pub,
struct TALER_Amount coin_value,
struct TALER_MINT_DB_TransactionList *tl,
struct TALER_Amount requested,
struct TALER_Amount residual)
{
int ret;
struct RefreshMeltResponseSignatureBody body;
struct GNUNET_CRYPTO_EddsaSignature sig;
json_t *sig_json;
json_t *history;
body.purpose.size = htonl (sizeof (struct RefreshMeltResponseSignatureBody));
body.purpose.purpose = htonl (TALER_SIGNATURE_REFRESH_MELT_RESPONSE);
body.melt_client_signature = *signature;
body.session_key = *session_pub;
body.kappa = htonl (kappa);
TALER_MINT_keys_sign (&body.purpose,
&sig);
sig_json = TALER_JSON_from_eddsa_sig (&body.purpose, &sig);
ret = TALER_MINT_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:o, s:i}",
"signature", sig_json,
"kappa", (int) kappa);
json_decref (sig_json);
return ret;
history = compile_transaction_history (tl);
return TALER_MINT_reply_json_pack (connection,
MHD_HTTP_NOT_FOUND,
"{s:s, s:o, s:o, s:o, s:o, s:o}",
"error", "insufficient funds",
"coin-pub", TALER_JSON_from_data (coin_pub,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)),
"original-value", TALER_JSON_from_amount (coin_value),
"residual-value", TALER_JSON_from_amount (residual),
"requested-value", TALER_JSON_from_amount (requested),
"history", history);
}
/**
* Send a response to a "/refresh/commit" request.
* Send a response to a "/refresh/melt" request.
*
* @param connection the connection to send the response to
* @param session_hash hash of the refresh session
@ -637,17 +647,17 @@ TALER_MINT_reply_refresh_melt_success (struct MHD_Connection *connection,
* @return a MHD status code
*/
int
TALER_MINT_reply_refresh_commit_success (struct MHD_Connection *connection,
TALER_MINT_reply_refresh_melt_success (struct MHD_Connection *connection,
const struct GNUNET_HashCode *session_hash,
uint16_t noreveal_index)
{
struct RefreshCommitResponseSignatureBody body;
struct RefreshMeltResponseSignatureBody body;
struct GNUNET_CRYPTO_EddsaSignature sig;
json_t *sig_json;
int ret;
body.purpose.size = htonl (sizeof (struct RefreshCommitResponseSignatureBody));
body.purpose.purpose = htonl (TALER_SIGNATURE_REFRESH_COMMIT_RESPONSE);
body.purpose.size = htonl (sizeof (struct RefreshMeltResponseSignatureBody));
body.purpose.purpose = htonl (TALER_SIGNATURE_REFRESH_MELT_RESPONSE);
body.session_hash = *session_hash;
body.noreveal_index = htons (noreveal_index);
TALER_MINT_keys_sign (&body.purpose,

View File

@ -194,17 +194,16 @@ TALER_MINT_reply_deposit_success (struct MHD_Connection *connection,
/**
* Send proof that a /deposit, /refresh/melt or /lock request is
* invalid to client. This function will create a message with all of
* the operations affecting the coin that demonstrate that the coin
* has insufficient value.
* Send proof that a /deposit request is invalid to client. This
* function will create a message with all of the operations affecting
* the coin that demonstrate that the coin has insufficient value.
*
* @param connection connection to the client
* @param tl transaction list to use to build reply
* @return MHD result code
*/
int
TALER_MINT_reply_insufficient_funds (struct MHD_Connection *connection,
TALER_MINT_reply_deposit_insufficient_funds (struct MHD_Connection *connection,
const struct TALER_MINT_DB_TransactionList *tl);
@ -247,7 +246,7 @@ TALER_MINT_reply_withdraw_sign_success (struct MHD_Connection *connection,
/**
* Send a response to a "/refresh/commit" request.
* Send a confirmation response to a "/refresh/melt" request.
*
* @param connection the connection to send the response to
* @param session_hash hash of the refresh session
@ -255,27 +254,33 @@ TALER_MINT_reply_withdraw_sign_success (struct MHD_Connection *connection,
* @return a MHD status code
*/
int
TALER_MINT_reply_refresh_commit_success (struct MHD_Connection *connection,
TALER_MINT_reply_refresh_melt_success (struct MHD_Connection *connection,
const struct GNUNET_HashCode *session_hash,
uint16_t noreveal_index);
/**
* Send a response for "/refresh/melt". Essentially we sign
* over the client's signature and public key, thereby
* demonstrating that we accepted all of the client's coins.
* Send a response for a failed "/refresh/melt" request. The
* transaction history of the given coin demonstrates that the
* @a residual value of the coin is below the @a requested
* contribution of the coin for the melt. Thus, the mint
* refuses the melt operation.
*
* @param connection the connection to send the response to
* @param signature the client's signature over the melt request
* @param session_pub the refresh session public key.
* @param kappa security parameter to use for cut and choose
* @param coin_pub public key of the coin
* @param coin_value original value of the coin
* @param tl transaction history for the coin
* @param requested how much this coin was supposed to contribute
* @param residual remaining value of the coin (after subtracting @a tl)
* @return a MHD result code
*/
int
TALER_MINT_reply_refresh_melt_success (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EddsaSignature *signature,
const struct GNUNET_CRYPTO_EddsaPublicKey *session_pub,
unsigned int kappa);
TALER_MINT_reply_refresh_melt_insufficient_funds (struct MHD_Connection *connection,
const struct GNUNET_CRYPTO_EcdsaPublicKey *coin_pub,
struct TALER_Amount coin_value,
struct TALER_MINT_DB_TransactionList *tl,
struct TALER_Amount requested,
struct TALER_Amount residual);
/**