taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: taler:af1001bc423c51bde5cb4e02a138ce84fd6b782c
Branches Tags
taler:master
taler:new-amount
taler:fail-amount
taler:age-withdraw
taler:master-broken
taler:auction_brandt
..
compare: taler:dd59f3eea6d17391ecabf4a59f41938613f280a5
Branches Tags
taler:new-amount
taler:fail-amount
taler:age-withdraw
taler:master
taler:master-broken
taler:auction_brandt

No commits in common. "af1001bc423c51bde5cb4e02a138ce84fd6b782c" and "dd59f3eea6d17391ecabf4a59f41938613f280a5" have entirely different histories.
af1001bc42 ... dd59f3eea6

11 changed files with 97 additions and 110 deletions
Show Stats Expand all files Collapse all files

12
debian/changelog vendored
View File

@ -1,15 +1,3 @@
taler-exchange (0.9.2-2) unstable; urgency=low
* Further improvements to Debian package.
-- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 23:50:12 +0200
taler-exchange (0.9.2-1) unstable; urgency=low
* Minor improvements to Debian package, also adds age-withdraw REST APIs.
-- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 13:50:12 +0200
taler-exchange (0.9.2) unstable; urgency=low
* Packaging latest release.

23
debian/etc-taler-auditor/nginx/sites-available/taler-auditor vendored
View File

@ -1,18 +1,7 @@
server {
listen 80;
listen [::]:80;
server_name localhost;
access_log /var/log/nginx/auditor.log;
error_log /var/log/nginx/auditor.err;
location /taler-auditor/ {
proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "localhost";
#proxy_set_header X-Forwarded-Proto "https";
}
location /taler-auditor/ {
proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "example.com";
proxy_set_header X-Forwarded-Proto "https";
}

3
debian/etc-taler-exchange/nginx/sites-available/taler-exchange vendored
View File

@ -4,9 +4,6 @@ server {
server_name localhost;
access_log /var/log/nginx/exchange.log;
error_log /var/log/nginx/exchange.err;
location /taler-exchange/ {
proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/;
proxy_redirect off;

6
debian/etc-taler-exchange/taler/conf.d/exchange-business.conf vendored
View File

@ -6,11 +6,11 @@
# which you can get using `taler-exchange-offline setup`.
# This is just an example, your key will be different!
# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
# MASTER_PUBLIC_KEY =
MASTER_PUBLIC_KEY =
# Publicly visible base URL of the exchange.
# BASE_URL = https://example.com/
# BASE_URL =
BASE_URL =
# For your terms of service and privacy policy, you should specify
# an Etag that must be updated whenever there are significant
@ -20,8 +20,6 @@
# TERMS_ETAG =
# PRIVACY_ETAG =
SERVE = unix
UNIXPATH_MODE = 666
# Bank accounts used by the exchange should be specified here:
[exchange-account-1]

2
debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf vendored
View File

@ -4,7 +4,7 @@
# Typically, there should only be a single line here, of the form:
# CONFIG=postgres:///DATABASE
CONFIG=postgres:///DATABASE
# The details of the URI depend on where the database lives and how
# access control was configured.

12
debian/taler-exchange-offline.postinst vendored
View File

@ -4,20 +4,20 @@ set -e
. /usr/share/debconf/confmodule
TALER_HOME="/var/lib/taler"
case "${1}" in
configure)
if ! getent group taler-exchange-offline >/dev/null; then
addgroup --quiet taler-exchange-offline
addgroup --quiet --system taler-exchange-offline
fi
if ! getent passwd taler-exchange-offline >/dev/null; then
adduser --quiet \
--disabled-password \
--system \
--shell /bin/bash \
adduser --quiet --system \
--ingroup taler-exchange-offline \
taler-exchange-offline
--no-create-home \
--home ${TALER_HOME} taler-exchange-offline
fi
;;

5
debian/taler-exchange.postinst vendored
View File

@ -30,7 +30,6 @@ configure)
if ! getent passwd ${_EUSERNAME} >/dev/null; then
adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_EUSERNAME}
adduser --quiet ${_EUSERNAME} ${_DBGROUPNAME}
adduser --quiet ${_EUSERNAME} ${_GROUPNAME}
fi
if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_RSECUSERNAME}
@ -54,10 +53,10 @@ configure)
adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
fi
if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials-1.secret.conf >/dev/null 2>&1; then
if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials.secret.conf >/dev/null 2>&1; then
dpkg-statoverride --add --update \
${_WIREUSERNAME} root 460 \
/etc/taler/secrets/exchange-accountcredentials-1.secret.conf
/etc/taler/secrets/exchange-accountcredentials.secret.conf
fi
if ! dpkg-statoverride --list /etc/taler/secrets/exchange-db.secret.conf >/dev/null 2>&1; then

3
debian/taler-exchange.tmpfiles vendored
View File

@ -1,8 +1,7 @@
#Type Path Mode UID GID Age Argument
d /run/taler/exchange-secmod-rsa 0755 taler-exchange-secmod-rsa taler-exchange-secmod - -
d /run/taler/exchange-secmod-cs 0755 taler-exchange-secmod-cs taler-exchange-secmod - -
d /run/taler/exchange-secmod-eddsa 0755 taler-exchange-secmod-eddsa taler-exchange-secmod - -
d /run/taler/exchange-httpd 0750 taler-exchange-httpd www-data - -
d /var/lib/taler/exchange-secmod-cs 0700 taler-exchange-secmod-cs taler-exchange-secmod - -
d /var/lib/taler/exchange-offline 0700 taler-exchange-offline taler-exchange-offline - -
d /var/lib/taler/exchange-secmod-rsa 0700 taler-exchange-secmod-rsa taler-exchange-secmod - -
d /var/lib/taler/exchange-secmod-eddsa 0700 taler-exchange-secmod-eddsa taler-exchange-secmod - -

6
src/exchange/taler-exchange-httpd.c
View File

@ -1939,9 +1939,6 @@ exchange_serve_process_config (void)
GNUNET_free (master_public_key_str);
return GNUNET_SYSERR;
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Launching exchange with public key `%s'...\n",
master_public_key_str);
GNUNET_free (master_public_key_str);
}
@ -1964,6 +1961,9 @@ exchange_serve_process_config (void)
&TEH_attribute_key.hash);
GNUNET_free (attr_enc_key_str);
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Launching exchange with public key `%s'...\n",
GNUNET_p2s (&TEH_master_public_key.eddsa_pub));
if (NULL ==
(TEH_plugin = TALER_EXCHANGEDB_plugin_load (TEH_cfg)))

64
src/exchange/taler-exchange-httpd_age-withdraw_reveal.c
View File

@ -116,17 +116,17 @@ handle_age_withdraw_reveal_json (
error = "denoms_h must not be empty";
else if (actx->num_coins != json_array_size (j_coin_evs))
error = "denoms_h and coins_evs must be arrays of the same size";
else if (actx->num_coins > TALER_MAX_FRESH_COINS)
/**
* The wallet had committed to more than the maximum coins allowed, the
* reserve has been charged, but now the user can not withdraw any money
* from it. Note that the user can't get their money back in this case!
**/
error = "maximum number of coins that can be withdrawn has been exceeded";
else if (actx->num_coins * (TALER_CNC_KAPPA - 1)
!= json_array_size (j_disclosed_coins))
error = "the size of array disclosed_coins must be "
TALER_CNC_KAPPA_MINUS_ONE_STR " times the size of denoms_h";
TALER_CNC_KAPPA_MINUS_ONE_STR " times of the size of denoms_h";
else if (actx->num_coins > TALER_MAX_FRESH_COINS)
/**
* FIXME?: If the user had commited to more than the maximum coins allowed,
* the reserve has been charged, but now the user can not withdraw any money
* from it. How can the user get their money back?
**/
error = "maximum number of coins that can be withdrawn has been exceeded";
if (NULL != error)
return TALER_MHD_reply_with_error (connection,
@ -135,23 +135,22 @@ handle_age_withdraw_reveal_json (
error);
}
/* Continue parsing the parts */
/* Parse denomination keys */
{
unsigned int idx = 0;
json_t *value = NULL;
unsigned int idx;
json_t *jh;
/* Parse denomination keys */
actx->denoms_h = GNUNET_new_array (actx->num_coins,
struct TALER_DenominationHashP);
json_array_foreach (j_denoms_h, idx, value) {
json_array_foreach (j_denoms_h, idx, jh) {
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto (NULL, &actx->denoms_h[idx]),
GNUNET_JSON_spec_end ()
};
if (GNUNET_OK !=
GNUNET_JSON_parse (value, spec, NULL, NULL))
GNUNET_JSON_parse (jh, spec, NULL, NULL))
{
char msg[256] = {0};
GNUNET_snprintf (msg,
@ -162,22 +161,28 @@ handle_age_withdraw_reveal_json (
MHD_HTTP_BAD_REQUEST,
TALER_EC_GENERIC_PARAMETER_MALFORMED,
msg);
goto CLEANUP;
goto EXIT;
}
};
/* Parse blinded envelopes */
};
}
/* Parse blinded envelopes */
{
unsigned int idx;
json_t *ce;
actx->coin_evs = GNUNET_new_array (actx->num_coins,
struct TALER_BlindedCoinHashP);
json_array_foreach (j_coin_evs, idx, value) {
json_array_foreach (j_coin_evs, idx, ce) {
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto (NULL, &actx->coin_evs[idx]),
GNUNET_JSON_spec_end ()
};
if (GNUNET_OK !=
GNUNET_JSON_parse (value, spec, NULL, NULL))
GNUNET_JSON_parse (ce, spec, NULL, NULL))
{
char msg[256] = {0};
GNUNET_snprintf (msg,
@ -188,23 +193,28 @@ handle_age_withdraw_reveal_json (
MHD_HTTP_BAD_REQUEST,
TALER_EC_GENERIC_PARAMETER_MALFORMED,
msg);
goto CLEANUP;
goto EXIT;
}
};
}
/* Parse diclosed keys */
{
unsigned int idx;
json_t *dc;
/* Parse diclosed keys */
actx->disclosed_coins = GNUNET_new_array (
actx->num_coins * (TALER_CNC_KAPPA - 1),
actx->num_coins * (TALER_CNC_KAPPA),
struct GNUNET_CRYPTO_EddsaPrivateKey);
json_array_foreach (j_disclosed_coins, idx, value) {
json_array_foreach (j_coin_evs, idx, dc) {
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto (NULL, &actx->disclosed_coins[idx]),
GNUNET_JSON_spec_end ()
};
if (GNUNET_OK !=
GNUNET_JSON_parse (value, spec, NULL, NULL))
GNUNET_JSON_parse (dc, spec, NULL, NULL))
{
char msg[256] = {0};
GNUNET_snprintf (msg,
@ -215,9 +225,10 @@ handle_age_withdraw_reveal_json (
MHD_HTTP_BAD_REQUEST,
TALER_EC_GENERIC_PARAMETER_MALFORMED,
msg);
goto CLEANUP;
goto EXIT;
}
};
}
/* TODO:oec: find commitment */
@ -230,7 +241,8 @@ handle_age_withdraw_reveal_json (
/* TODO:oec: send response */
CLEANUP:
/* TODO */
EXIT:
age_reveal_context_free (actx);
return mhd_ret;
}

71
src/util/crypto_confirmation.c
View File

@ -21,7 +21,7 @@
*/
#include "platform.h"
#include "taler_util.h"
#include "taler_mhd_lib.h"
#include <taler/taler_mhd_lib.h>
#include <gnunet/gnunet_db_lib.h>
#include <gcrypt.h>
@ -29,7 +29,7 @@
* How long is a TOTP code valid?
*/
#define TOTP_VALIDITY_PERIOD GNUNET_TIME_relative_multiply ( \
GNUNET_TIME_UNIT_SECONDS, 30)
GNUNET_TIME_UNIT_SECONDS, 30)
/**
* Range of time we allow (plus-minus).
@ -37,6 +37,7 @@
#define TIME_INTERVAL_RANGE 2
/**
* Compute TOTP code at current time with offset
* @a time_off for the @a key.
@ -130,22 +131,26 @@ base32decode (const char *val,
* 32 characters for decoding, using RFC 3548.
*/
static const char *decTable__ = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
unsigned char *udata = key;
unsigned int wpos = 0;
unsigned int rpos = 0;
unsigned int bits = 0;
unsigned int vbit = 0;
unsigned int wpos;
unsigned int rpos;
unsigned int bits;
unsigned int vbit;
unsigned char *udata;
udata = val;
vbit = 0;
wpos = 0;
rpos = 0;
bits = 0;
while ((rpos < val_size) || (vbit >= 8))
{
if ((rpos < val_size) && (vbit < 8))
{
char c = val[rpos++];
if (c == '=') // padding character
{
if (c == '=') { // padding character
break;
}
const char *p = strchr (decTable__, toupper (c));
const char *p = strchr(decTable__, toupper(c));
if (! p)
{ // invalid character
return -1;
@ -173,29 +178,29 @@ executive_totp (void *h_key,
ret = NULL;
for (int i = -TIME_INTERVAL_RANGE; i<= TIME_INTERVAL_RANGE; i++)
{
code = compute_totp (ts,
i,
h_key,
h_key_len);
if (NULL == ret)
{
GNUNET_asprintf (&ret,
"%llu",
(unsigned long long) code);
}
else
{
char *tmp;
code = compute_totp (ts,
i,
h_key,
h_key_len);
if (NULL == ret)
{
GNUNET_asprintf (&ret,
"%llu",
(unsigned long long) code);
}
else
{
char *tmp;
GNUNET_asprintf (&tmp,
"%s\n%llu",
ret,
(unsigned long long) code);
GNUNET_free (ret);
ret = tmp;
GNUNET_asprintf (&tmp,
"%s\n%llu",
ret,
(unsigned long long) code);
GNUNET_free (ret);
ret = tmp;
}
}
}
return ret;
}
@ -258,13 +263,13 @@ TALER_build_pos_confirmation (const char *pos_key,
return ret;
case TALER_MCA_WITH_PRICE:
{
struct GNUNET_HashCode hkey;
struct GNUNET_HashCode *hkey;
struct TALER_AmountNBO ntotal;
TALER_amount_hton (&ntotal,
total);
GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_kdf (&hkey,
GNUNET_CRYPTO_kdf (hkey,
sizeof (hkey),
&ntotal,
sizeof (ntotal),
@ -273,7 +278,7 @@ TALER_build_pos_confirmation (const char *pos_key,
NULL,
0));
GNUNET_free (key);
ret = executive_totp (&hkey,
ret = executive_totp (hkey,
sizeof(hkey),
ts);
GNUNET_free (key);