diff options
author | Christian Grothoff <christian@grothoff.org> | 2017-04-08 22:52:32 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2017-04-08 22:52:32 +0200 |
commit | 11b8710a5caac9c81cb0eb6094b363fa46a74809 (patch) | |
tree | a83464349867a655c157e4aab5a4ed9e0bdc3471 /src/auditor | |
parent | 8e9d6c6fd1dce2dc04258e91673baa083b291600 (diff) |
implement checking of denomination revocation status in auditor
Diffstat (limited to 'src/auditor')
-rw-r--r-- | src/auditor/taler-auditor.c | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/src/auditor/taler-auditor.c b/src/auditor/taler-auditor.c index 5576bd6a2..c4fb025d2 100644 --- a/src/auditor/taler-auditor.c +++ b/src/auditor/taler-auditor.c @@ -831,6 +831,8 @@ handle_payback_by_reserve (void *cls, struct ReserveSummary *rs; struct GNUNET_TIME_Absolute expiry; struct TALER_PaybackRequestPS pr; + struct TALER_MasterSignatureP msig; + int ret; /* should be monotonically increasing */ GNUNET_assert (rowid >= pp.last_reserve_payback_serial_id); @@ -859,7 +861,44 @@ handle_payback_by_reserve (void *cls, rowid, "coin payback signature invalid"); } - /* TODO: check that the coin was eligible for payback! #3887!*/ + + /* check that the coin was eligible for payback!*/ + ret = edb->get_denomination_revocation (edb->cls, + esession, + &pr.h_denom_pub, + &msig); + if (GNUNET_SYSERR == ret) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + if (GNUNET_NO == ret) + { + report_row_inconsistency ("payback", + rowid, + "denomination key not in revocation set"); + } + else + { + /* verify msig */ + struct TALER_MasterDenominationKeyRevocation kr; + + kr.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED); + kr.purpose.size = htonl (sizeof (kr)); + kr.h_denom_pub = pr.h_denom_pub; + if (GNUNET_OK != + GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED, + &kr.purpose, + &msig.eddsa_signature, + &master_pub.eddsa_pub)) + { + report_row_inconsistency ("denomination_revocations", + 0, /* FIXME: modify DB API to return rowid! (#4984) */ + "master signature invalid"); + } + /* TODO: cache result so we don't do this every time! (#4983) */ + } + GNUNET_CRYPTO_hash (reserve_pub, sizeof (*reserve_pub), |