aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-06-21 20:43:54 +0200
committerChristian Grothoff <christian@grothoff.org>2015-06-21 20:43:54 +0200
commit8f6e911308c717ffbd9bc1a2f955ffc42c6ea784 (patch)
tree787a2c12d9ca1e4fb731846afe8b3a41b5c9d885
parent5caa52aa4cf7eb4e59cef34195f61d088a28a622 (diff)
-implement signature checking on /deposit
-rw-r--r--src/include/taler_mint_service.h24
-rw-r--r--src/mint-lib/mint_api_deposit.c95
-rw-r--r--src/mint-lib/mint_api_handle.c36
3 files changed, 151 insertions, 4 deletions
diff --git a/src/include/taler_mint_service.h b/src/include/taler_mint_service.h
index 75d2050ae..850f07630 100644
--- a/src/include/taler_mint_service.h
+++ b/src/include/taler_mint_service.h
@@ -306,13 +306,35 @@ TALER_MINT_disconnect (struct TALER_MINT_Handle *mint);
/**
+ * Obtain the keys from the mint.
+ *
+ * @param mint the mint handle
+ * @return the mint's key set
+ */
+const struct TALER_MINT_Keys *
+TALER_MINT_get_keys (const struct TALER_MINT_Handle *mint);
+
+
+/**
* Obtain the current signing key from the mint.
*
* @param keys the mint's key set
* @return sk current online signing key for the mint, NULL on error
*/
const struct TALER_MintPublicKeyP *
-TALER_MINT_get_signing_key (struct TALER_MINT_Keys *keys);
+TALER_MINT_get_signing_key (const struct TALER_MINT_Keys *keys);
+
+
+/**
+ * Obtain the denomination key details from the mint.
+ *
+ * @param keys the mint's key set
+ * @param pk public key of the denomination to lookup
+ * @return details about the given denomination key
+ */
+const struct TALER_MINT_DenomPublicKey *
+TALER_MINT_get_denomination_key (const struct TALER_MINT_Keys *keys,
+ const struct TALER_DenominationPublicKey *pk);
/* ********************* /deposit *********************** */
diff --git a/src/mint-lib/mint_api_deposit.c b/src/mint-lib/mint_api_deposit.c
index 806631e77..0b99759e2 100644
--- a/src/mint-lib/mint_api_deposit.c
+++ b/src/mint-lib/mint_api_deposit.c
@@ -151,6 +151,82 @@ handle_deposit_finished (void *cls,
/**
+ * Verify signature information about the deposit.
+ *
+ * @param deposit information about the deposit
+ * @return #GNUNET_OK if signatures are OK, #GNUNET_SYSERR if not
+ */
+static int
+verify_signatures (struct TALER_MINT_Handle *mint,
+ const struct TALER_Amount *amount,
+ const struct GNUNET_HashCode *h_wire,
+ const struct GNUNET_HashCode *h_contract,
+ const struct TALER_CoinSpendPublicKeyP *coin_pub,
+ const struct TALER_DenominationSignature *denom_sig,
+ const struct TALER_DenominationPublicKey *denom_pub,
+ struct GNUNET_TIME_Absolute timestamp,
+ uint64_t transaction_id,
+ const struct TALER_MerchantPublicKeyP *merchant_pub,
+ struct GNUNET_TIME_Absolute refund_deadline,
+ const struct TALER_CoinSpendSignatureP *coin_sig)
+{
+ const struct TALER_MINT_Keys *key_state;
+ struct TALER_DepositRequestPS dr;
+ const struct TALER_MINT_DenomPublicKey *dki;
+ struct TALER_CoinPublicInfo coin_info;
+
+ key_state = TALER_MINT_get_keys (mint);
+ dki = TALER_MINT_get_denomination_key (key_state,
+ denom_pub);
+ if (NULL == dki)
+ {
+ TALER_LOG_WARNING ("Denomination key unknown to mint\n");
+ return GNUNET_SYSERR;
+ }
+ dr.purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_DEPOSIT);
+ dr.purpose.size = htonl (sizeof (struct TALER_DepositRequestPS));
+ dr.h_contract = *h_contract;
+ dr.h_wire = *h_wire;
+ dr.timestamp = GNUNET_TIME_absolute_hton (timestamp);
+ dr.refund_deadline = GNUNET_TIME_absolute_hton (refund_deadline);
+ dr.transaction_id = GNUNET_htonll (transaction_id);
+ TALER_amount_hton (&dr.amount_with_fee,
+ amount);
+ TALER_amount_hton (&dr.deposit_fee,
+ &dki->fee_deposit);
+ dr.merchant = *merchant_pub;
+ dr.coin_pub = *coin_pub;
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_DEPOSIT,
+ &dr.purpose,
+ &coin_sig->eddsa_signature,
+ &coin_pub->eddsa_pub))
+ {
+ TALER_LOG_WARNING ("Invalid coin signature on /deposit request\n");
+ return GNUNET_SYSERR;
+ }
+
+ /* check coin signature */
+ coin_info.coin_pub = *coin_pub;
+ coin_info.denom_pub = *denom_pub;
+ coin_info.denom_sig = *denom_sig;
+ if (GNUNET_YES !=
+ TALER_test_coin_valid (&coin_info))
+ {
+ TALER_LOG_WARNING ("Invalid coin passed for /deposit\n");
+ return GNUNET_SYSERR;
+ }
+ if (TALER_amount_cmp (&dki->fee_deposit,
+ amount) < 0)
+ {
+ TALER_LOG_WARNING ("Deposit amount smaller than fee\n");
+ return GNUNET_SYSERR;
+ }
+ return GNUNET_OK;
+}
+
+
+/**
* Callback used when downloading the reply to a /deposit request.
* Just appends all of the data to the `buf` in the
* `struct TALER_MINT_DepositHandle` for further processing. The size of
@@ -261,8 +337,23 @@ TALER_MINT_deposit (struct TALER_MINT_Handle *mint,
return NULL;
}
- GNUNET_break (0); /* FIXME: verify all sigs! */
-
+ if (GNUNET_OK !=
+ verify_signatures (mint,
+ amount,
+ &h_wire,
+ h_contract,
+ coin_pub,
+ denom_sig,
+ denom_pub,
+ timestamp,
+ transaction_id,
+ merchant_pub,
+ refund_deadline,
+ coin_sig))
+ {
+ GNUNET_break_op (0);
+ return NULL;
+ }
deposit_obj = json_pack ("{s:o, s:o," /* f/wire */
" s:s, s:s," /* H_wire, H_contract */
diff --git a/src/mint-lib/mint_api_handle.c b/src/mint-lib/mint_api_handle.c
index abd4d0db7..530cd6062 100644
--- a/src/mint-lib/mint_api_handle.c
+++ b/src/mint-lib/mint_api_handle.c
@@ -752,7 +752,7 @@ TALER_MINT_disconnect (struct TALER_MINT_Handle *mint)
* @return sk current online signing key for the mint, NULL on error
*/
const struct TALER_MintPublicKeyP *
-TALER_MINT_get_signing_key (struct TALER_MINT_Keys *keys)
+TALER_MINT_get_signing_key (const struct TALER_MINT_Keys *keys)
{
struct GNUNET_TIME_Absolute now;
unsigned int i;
@@ -766,4 +766,38 @@ TALER_MINT_get_signing_key (struct TALER_MINT_Keys *keys)
}
+/**
+ * Obtain the denomination key details from the mint.
+ *
+ * @param keys the mint's key set
+ * @param pk public key of the denomination to lookup
+ * @return details about the given denomination key
+ */
+const struct TALER_MINT_DenomPublicKey *
+TALER_MINT_get_denomination_key (const struct TALER_MINT_Keys *keys,
+ const struct TALER_DenominationPublicKey *pk)
+{
+ unsigned int i;
+
+ for (i=0;i<keys->num_denom_keys;i++)
+ if (0 == GNUNET_CRYPTO_rsa_public_key_cmp (pk->rsa_public_key,
+ keys->denom_keys[i].key.rsa_public_key))
+ return &keys->denom_keys[i];
+ return NULL;
+}
+
+
+/**
+ * Obtain the keys from the mint.
+ *
+ * @param mint the mint handle
+ * @return the mint's key set
+ */
+const struct TALER_MINT_Keys *
+TALER_MINT_get_keys (const struct TALER_MINT_Handle *mint)
+{
+ return &mint->key_data;
+}
+
+
/* end of mint_api_handle.c */