diff options
| -rw-r--r-- | src/include/taler_crypto_lib.h | 36 | ||||
| -rw-r--r-- | src/include/taler_exchange_service.h | 8 | ||||
| -rw-r--r-- | src/lib/exchange_api_purse_create_with_merge.c | 420 | ||||
| -rw-r--r-- | src/util/crypto_contract.c | 209 | ||||
| -rw-r--r-- | src/util/merchant_signatures.c | 2 |
5 files changed, 659 insertions, 16 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 554cb1a26..71ad07712 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -2207,7 +2207,7 @@ TALER_CRYPTO_contract_encrypt_for_merge ( /** - * Encrypt contract for the party that will + * Decrypt contract for the party that will * merge it into a reserve. * * @param purse_pub public key of the purse @@ -2226,6 +2226,40 @@ TALER_CRYPTO_contract_decrypt_for_merge ( struct TALER_PurseMergePrivateKeyP *merge_priv); +/** + * Encrypt contract for transmission to a party that will + * pay for it. + * + * @param purse_pub public key of the purse + * @param contract_priv private key of the contract + * @param contract_terms contract terms to encrypt + * @param[out] econtract set to encrypted contract + * @param[out] econtract_size set to number of bytes in @a econtract + */ +void +TALER_CRYPTO_contract_encrypt_for_deposit ( + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_ContractDiffiePrivateP *contract_priv, + const json_t *contract_terms, + void **econtract, + size_t *econtract_size); + + +/** + * Decrypt contract for the party that will pay for it. + * + * @param contract_priv private key of the contract + * @param econtract encrypted contract + * @param econtract_size number of bytes in @a econtract + * @return decrypted contract terms, or NULL on failure + */ +json_t * +TALER_CRYPTO_contract_decrypt_for_deposit ( + const struct TALER_ContractDiffiePrivateP *contract_priv, + const void *econtract, + size_t econtract_size); + + /* **************** Helper-based RSA operations **************** */ /** diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h index 93f6816c7..3095ac2b8 100644 --- a/src/include/taler_exchange_service.h +++ b/src/include/taler_exchange_service.h @@ -4433,6 +4433,8 @@ struct TALER_EXCHANGE_PurseCreateMergeHandle; * @param exchange the exchange hosting the reserve * @param reserve_priv private key of the reserve * @param purse_priv private key of the purse + * @param merge_priv private key of the merge capability + * @param contract_priv private key to get the contract * @param contract_terms contract the purse is about * @param upload_contract true to upload the contract * @param purse_expiration when will the unmerged purse expire @@ -4447,6 +4449,8 @@ TALER_EXCHANGE_purse_create_with_merge ( struct TALER_EXCHANGE_Handle *exchange, const struct TALER_ReservePrivateKeyP *reserve_priv, const struct TALER_PurseContractPrivateKeyP *purse_priv, + const struct TALER_PurseMergePrivateKeyP *merge_priv, + const struct TALER_ContractDiffiePrivateP *contract_priv, const json_t *contract_terms, bool upload_contract, struct GNUNET_TIME_Timestamp purse_expiration, @@ -4459,11 +4463,11 @@ TALER_EXCHANGE_purse_create_with_merge ( /** * Cancel #TALER_EXCHANGE_purse_create_with_merge() operation. * - * @param pch handle of the operation to cancel + * @param pcm handle of the operation to cancel */ void TALER_EXCHANGE_purse_create_with_merge_cancel ( - struct TALER_EXCHANGE_PurseCreateMergeHandle *pch); + struct TALER_EXCHANGE_PurseCreateMergeHandle *pcm); /** diff --git a/src/lib/exchange_api_purse_create_with_merge.c b/src/lib/exchange_api_purse_create_with_merge.c new file mode 100644 index 000000000..226542b62 --- /dev/null +++ b/src/lib/exchange_api_purse_create_with_merge.c @@ -0,0 +1,420 @@ +/* + This file is part of TALER + Copyright (C) 2022 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see + <http://www.gnu.org/licenses/> + */ +/** + * @file lib/exchange_api_purse_create_with_merge.c + * @brief Implementation of the client to create a + * purse for an account + * @author Christian Grothoff + */ +#include "platform.h" +#include <jansson.h> +#include <microhttpd.h> /* just for HTTP status codes */ +#include <gnunet/gnunet_util_lib.h> +#include <gnunet/gnunet_json_lib.h> +#include <gnunet/gnunet_curl_lib.h> +#include "taler_json_lib.h" +#include "taler_exchange_service.h" +#include "exchange_api_handle.h" +#include "taler_signatures.h" +#include "exchange_api_curl_defaults.h" + + +/** + * @brief A purse create with merge handle + */ +struct TALER_EXCHANGE_PurseCreateMergeHandle +{ + + /** + * The connection to exchange this request handle will use + */ + struct TALER_EXCHANGE_Handle *exchange; + + /** + * The url for this request. + */ + char *url; + + /** + * Context for #TEH_curl_easy_post(). Keeps the data that must + * persist for Curl to make the upload. + */ + struct TALER_CURL_PostContext ctx; + + /** + * Handle for the request. + */ + struct GNUNET_CURL_Job *job; + + /** + * Function to call with the result. + */ + TALER_EXCHANGE_PurseCreateMergeCallback cb; + + /** + * Closure for @a cb. + */ + void *cb_cls; + + /** + * Expected value in the purse after fees. + */ + struct TALER_Amount purse_value_after_fees; + + /** + * Public key of the reserve public key. + */ + struct TALER_ReservePublicKeyP reserve_pub; + + /** + * Public key of the purse. + */ + struct TALER_PurseContractPublicKeyP purse_pub; + + /** + * Hash over the purse's contrac terms. + */ + struct TALER_PrivateContractHashP h_contract_terms; + + /** + * When does the purse expire. + */ + struct GNUNET_TIME_Timestamp purse_expiration; + + /** + * When does the purse get merged/created. + */ + struct GNUNET_TIME_Timestamp merge_timestamp; +}; + + +/** + * Function called when we're done processing the + * HTTP /reserves/$RID/purse request. + * + * @param cls the `struct TALER_EXCHANGE_PurseCreateMergeHandle` + * @param response_code HTTP response code, 0 on error + * @param response parsed JSON result, NULL on error + */ +static void +handle_purse_create_with_merge_finished (void *cls, + long response_code, + const void *response) +{ + struct TALER_EXCHANGE_PurseCreateMergeHandle *pcm = cls; + const json_t *j = response; + struct TALER_EXCHANGE_PurseCreateMergeResponse dr = { + .hr.reply = j, + .hr.http_status = (unsigned int) response_code + }; + + pcm->job = NULL; + switch (response_code) + { + case 0: + dr.hr.ec = TALER_EC_GENERIC_INVALID_RESPONSE; + break; + case MHD_HTTP_OK: + { +#if FIXME + const struct TALER_EXCHANGE_Keys *key_state; + struct GNUNET_TIME_Timestamp etime; + struct TALER_Amount total_deposited; + struct TALER_ExchangeSignatureP exchange_sig; + struct TALER_ExchangePublicKeyP exchange_pub; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_fixed_auto ("exchange_sig", + &exchange_sig), + GNUNET_JSON_spec_fixed_auto ("exchange_pub", + &exchange_pub), + GNUNET_JSON_spec_timestamp ("exchange_timestamp", + &etime), + GNUNET_JSON_spec_end () + }; + + if (GNUNET_OK != + GNUNET_JSON_parse (j, + spec, + NULL, NULL)) + { + GNUNET_break_op (0); + dr.hr.http_status = 0; + dr.hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED; + break; + } + key_state = TALER_EXCHANGE_get_keys (pcm->exchange); + if (GNUNET_OK != + TALER_EXCHANGE_test_signing_key (key_state, + &exchange_pub)) + { + GNUNET_break_op (0); + dr.hr.http_status = 0; + dr.hr.ec = + TALER_EC_EXCHANGE_PURSE_CREATE_WITH_MERGE_EXCHANGE_SIGNATURE_INVALID; + break; + } + if (GNUNET_OK != + TALER_exchange_online_purse_create_with_merged_verify ( + etime, + pcm->purse_expiration, + &pcm->purse_value_after_fees, + &pcm->purse_pub, + &pcm->h_contract_terms, + &pcm->reserve_pub, + pcm->provider_url, + &exchange_pub, + &exchange_sig)) + { + GNUNET_break_op (0); + dr.hr.http_status = 0; + dr.hr.ec = + TALER_EC_EXCHANGE_PURSE_CREATE_WITH_MERGE_EXCHANGE_SIGNATURE_INVALID; + break; + } +#endif + } + break; + case MHD_HTTP_BAD_REQUEST: + /* This should never happen, either us or the exchange is buggy + (or API version conflict); just pass JSON reply to the application */ + dr.hr.ec = TALER_JSON_get_error_code (j); + dr.hr.hint = TALER_JSON_get_error_hint (j); + break; + case MHD_HTTP_FORBIDDEN: + dr.hr.ec = TALER_JSON_get_error_code (j); + dr.hr.hint = TALER_JSON_get_error_hint (j); + /* Nothing really to verify, exchange says one of the signatures is + invalid; as we checked them, this should never happen, we + should pass the JSON reply to the application */ + break; + case MHD_HTTP_NOT_FOUND: + dr.hr.ec = TALER_JSON_get_error_code (j); + dr.hr.hint = TALER_JSON_get_error_hint (j); + /* Nothing really to verify, this should never + happen, we should pass the JSON reply to the application */ + break; + case MHD_HTTP_CONFLICT: + // FIXME: check reply! + break; + case MHD_HTTP_GONE: + /* could happen if denomination was revoked */ + /* Note: one might want to check /keys for revocation + signature here, alas tricky in case our /keys + is outdated => left to clients */ + dr.hr.ec = TALER_JSON_get_error_code (j); + dr.hr.hint = TALER_JSON_get_error_hint (j); + break; + case MHD_HTTP_INTERNAL_SERVER_ERROR: + dr.hr.ec = TALER_JSON_get_error_code (j); + dr.hr.hint = TALER_JSON_get_error_hint (j); + /* Server had an internal issue; we should retry, but this API + leaves this to the application */ + break; + default: + /* unexpected response code */ + dr.hr.ec = TALER_JSON_get_error_code (j); + dr.hr.hint = TALER_JSON_get_error_hint (j); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unexpected response code %u/%d for exchange deposit\n", + (unsigned int) response_code, + dr.hr.ec); + GNUNET_break_op (0); + break; + } + pcm->cb (pcm->cb_cls, + &dr); + TALER_EXCHANGE_account_create_with_merge_cancel (pcm); +} + + +struct TALER_EXCHANGE_PurseCreateMergeHandle * +TALER_EXCHANGE_purse_create_with_merge ( + struct TALER_EXCHANGE_Handle *exchange, + const struct TALER_ReservePrivateKeyP *reserve_priv, + const struct TALER_PurseContractPrivateKeyP *purse_priv, + const struct TALER_PurseMergePrivateKeyP *merge_priv, + const struct TALER_ContractDiffiePrivateP *contract_priv, + const json_t *contract_terms, + bool upload_contract, + struct GNUNET_TIME_Timestamp purse_expiration, + struct GNUNET_TIME_Timestamp merge_timestamp, + const struct TALER_Amount *purse_value_after_fees, + TALER_EXCHANGE_PurseCreateMergeCallback cb, + void *cb_cls) +{ + struct TALER_EXCHANGE_PurseCreateMergeHandle *pcm; + struct GNUNET_CURL_Context *ctx; + json_t *create_with_merge_obj; + CURL *eh; + struct TALER_PurseMergeSignatureP merge_sig; + struct TALER_ReserveSignatureP reserve_sig; + char arg_str[sizeof (pcm->reserve_pub) * 2 + 32]; + uint32_t min_age = 0; + struct TALER_PurseMergePublicKeyP merge_pub; + struct TALER_PurseMergeSignatureP merge_sig; + void *econtract = NULL; + size_t econtract_size = 0; + + pcm = GNUNET_new (struct TALER_EXCHANGE_PurseCreateMergeHandle); + pcm->exchange = exchange; + pcm->cb = cb; + pcm->cb_cls = cb_cls; + if (GNUNET_OK != + TALER_JSON_contract_hash (contract_terms, + &pcm->h_contract_terms)) + { + GNUNET_break (0); + GNUNET_free (pcm); + return NULL; + } + pcm->h_contract_terms = *h_contract_terms; + pcm->purse_expiration = purse_expiration; + pcm->merge_timestamp = merge_timestamp; + pcm->purse_value_after_fees = *purse_value_after_fees; + GNUNET_CRYPTO_eddsa_key_get_public (&purse_priv->eddsa_priv, + &pcm->purse_pub.eddsa_pub); + GNUNET_CRYPTO_eddsa_key_get_public (&reserve_priv->eddsa_priv, + &pcm->reserve_pub.eddsa_pub); + GNUNET_CRYPTO_eddsa_key_get_public (&merge_priv->eddsa_priv, + &merge_pub.eddsa_pub); + + // FIXME: extract min_age from contract_terms! + + GNUNET_assert (GNUNET_YES == + TEAH_handle_is_ready (exchange)); + { + char pub_str[sizeof (pcm->reserve_pub) * 2]; + char *end; + + end = GNUNET_STRINGS_data_to_string ( + &pcm->reserve_pub, + sizeof (pcm->reserve_pub), + pub_str, + sizeof (pub_str)); + *end = '\0'; + GNUNET_snprintf (arg_str, + sizeof (arg_str), + "/reserves/%s/purse", + pub_str); + } + pcm->url = TEAH_path_to_url (exchange, + arg_str); + if (NULL == pcm->url) + { + GNUNET_break (0); + GNUNET_free (pcm); + return NULL; + } + TALER_wallet_purse_create_sign (purse_expiration, + &pcm->h_contract_terms, + &merge_pub, + min_age, + &pcm->purse_value, + purse_priv, + &purse_sig); + TALER_wallet_purse_merge_sign (exchange_url, + merge_timestamp, + &purse_pub, + &merge_priv, + &merge_sig); + TALER_wallet_account_merge_sign (merge_timestamp, + &pcm->purse_pub, + purse_expiration, + &pcm->h_contract_terms, + &pcm->purse_value, + min_age, + reserve_priv, + &reserve_sig); + if (upload_contract) + { + TALER_CRYPTO_contract_encrypt_for_deposit ( + &purse_pub, + &contract_priv, + contract_terms, + &econtract, + &econtract_size); + } + create_with_merge_obj = GNUNET_JSON_PACK ( + GNUNET_JSON_allow_null ( + GNUNET_JSON_pack_data_varsize ("econtract", + econtract, + econtract_size)), + GNUNET_JSON_pack_data_auto ("merge_sig", + &merge_sig), + GNUNET_JSON_pack_data_auto ("reserve_sig", + &reserve_sig), + GNUNET_JSON_pack_data_auto ("purse_sig", + &purse_sig), + GNUNET_JSON_pack_data_auto ("merge_pub", + &merge_pub), + GNUNET_JSON_pack_data_auto ("purse_pub", + &pcm->purse_pub), + GNUNET_JSON_pack_data_auto ("h_contract_terms", + &pcm->h_contract_terms), + TALER_JSON_pack_amount ("purse_value", + purse_value_after_fees), + GNUNET_JSON_pack_timestamp ("merge_timestamp", + merge_timestamp) + GNUNET_JSON_pack_timestamp ("purse_expiration", + purse_expiration)); + GNUNET_assert (NULL != create_with_merge_obj); + GNUNET_free (econtract); + eh = TALER_EXCHANGE_curl_easy_get_ (pcm->url); + if ( (NULL == eh) || + (GNUNET_OK != + TALER_curl_easy_post (&pcm->ctx, + eh, + create_with_merge_obj)) ) + { + GNUNET_break (0); + if (NULL != eh) + curl_easy_cleanup (eh); + json_decref (create_with_merge_obj); + GNUNET_free (pcm->url); + GNUNET_free (pcm); + return NULL; + } + json_decref (create_with_merge_obj); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "URL for purse create_with_merge: `%s'\n", + pcm->url); + ctx = TEAH_handle_to_context (exchange); + pcm->job = GNUNET_CURL_job_add2 (ctx, + eh, + pcm->ctx.headers, + &handle_purse_create_with_merge_finished, + pcm); + return pcm; +} + + +void +TALER_EXCHANGE_account_create_with_merge_cancel ( + struct TALER_EXCHANGE_PurseCreateMergeHandle *pcm) +{ + if (NULL != pcm->job) + { + GNUNET_CURL_job_cancel (pcm->job); + pcm->job = NULL; + } + GNUNET_free (pcm->url); + TALER_curl_easy_post_finished (&pcm->ctx); + GNUNET_free (pcm); +} + + +/* end of exchange_api_purse_create_with_merge.c */ diff --git a/src/util/crypto_contract.c b/src/util/crypto_contract.c index 30fdec789..fe6b1e6af 100644 --- a/src/util/crypto_contract.c +++ b/src/util/crypto_contract.c @@ -34,7 +34,12 @@ enum ContractFormats * can merge it into a reserve/account to accept the contract and * obtain the payment. */ - TALER_EXCHANGE_CONTRACT_PAYMENT_OFFER = 0 + TALER_EXCHANGE_CONTRACT_PAYMENT_OFFER = 0, + + /** + * The encrypted contract represents a payment request. + */ + TALER_EXCHANGE_CONTRACT_PAYMENT_REQUEST = 1 }; @@ -192,7 +197,7 @@ contract_decrypt (const void *key, /** * Header for encrypted contracts. */ -struct ContractHeader +struct ContractHeaderP { /** * Type of the contract, in NBO. @@ -203,15 +208,23 @@ struct ContractHeader * Length of the encrypted contract, in NBO. */ uint32_t clen; +}; + +/** + * Header for encrypted contracts. + */ +struct ContractHeaderMergeP +{ /** - * Included key material, depending on @e ctype. + * Generic header. */ - union - { - struct TALER_PurseMergePrivateKeyP merge_priv; - } keys; + struct ContractHeaderP header; + /** + * Private key with the merge capability. + */ + struct TALER_PurseMergePrivateKeyP merge_priv; }; @@ -234,7 +247,7 @@ TALER_CRYPTO_contract_encrypt_for_merge ( char *cstr; size_t clen; void *xbuf; - struct ContractHeader *hdr; + struct ContractHeaderMergeP *hdr; struct NonceP nonce; uLongf cbuf_size; int ret; @@ -255,9 +268,9 @@ TALER_CRYPTO_contract_encrypt_for_merge ( GNUNET_assert (Z_OK == ret); free (cstr); hdr = GNUNET_malloc (sizeof (*hdr) + cbuf_size); - hdr->ctype = htonl (TALER_EXCHANGE_CONTRACT_PAYMENT_OFFER); - hdr->clen = htonl ((uint32_t) clen); - hdr->keys.merge_priv = *merge_priv; + hdr->header.ctype = htonl (TALER_EXCHANGE_CONTRACT_PAYMENT_OFFER); + hdr->header.clen = htonl ((uint32_t) clen); + hdr->merge_priv = *merge_priv; memcpy (&hdr[1], xbuf, cbuf_size); @@ -288,7 +301,7 @@ TALER_CRYPTO_contract_decrypt_for_merge ( struct GNUNET_HashCode key; void *xhdr; size_t hdr_size; - const struct ContractHeader *hdr; + const struct ContractHeaderMergeP *hdr; char *cstr; uLongf clen; json_error_t json_error; @@ -321,6 +334,177 @@ TALER_CRYPTO_contract_decrypt_for_merge ( return NULL; } hdr = xhdr; + if (TALER_EXCHANGE_CONTRACT_PAYMENT_OFFER != ntohl (hdr->header.ctype)) + { + GNUNET_break_op (0); + GNUNET_free (xhdr); + return NULL; + } + clen = ntohl (hdr->header.clen); + if (clen >= GNUNET_MAX_MALLOC_CHECKED) + { + GNUNET_break_op (0); + GNUNET_free (xhdr); + return NULL; + } + cstr = GNUNET_malloc (clen + 1); + if (Z_OK != + uncompress ((Bytef *) cstr, + &clen, + (const Bytef *) &hdr[1], + hdr_size - sizeof (*hdr))) + { + GNUNET_break_op (0); + GNUNET_free (cstr); + GNUNET_free (xhdr); + return NULL; + } + *merge_priv = hdr->merge_priv; + GNUNET_free (xhdr); + ret = json_loadb ((char *) cstr, + clen, + JSON_DECODE_ANY, + &json_error); + if (NULL == ret) + { + GNUNET_break_op (0); + GNUNET_free (cstr); + return NULL; + } + GNUNET_free (cstr); + return ret; +} + + +/** + * Salt we use when encrypting contracts for merge. + */ +#define DEPOSIT_SALT "p2p-deposit-contract" + + +void +TALER_CRYPTO_contract_encrypt_for_deposit ( + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_ContractDiffiePrivateP *contract_priv, + const json_t *contract_terms, + void **econtract, + size_t *econtract_size) +{ + struct GNUNET_HashCode key; + char *cstr; + size_t clen; + void *xbuf; + struct ContractHeaderP *hdr; + struct NonceP nonce; + uLongf cbuf_size; + int ret; + void *xecontract; + size_t xecontract_size; + + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecdh_eddsa (&contract_priv->ecdhe_priv, + &purse_pub->eddsa_pub, + &key)); + cstr = json_dumps (contract_terms, + JSON_COMPACT | JSON_SORT_KEYS); + clen = strlen (cstr); + cbuf_size = compressBound (clen); + xbuf = GNUNET_malloc (cbuf_size); + ret = compress (xbuf, + &cbuf_size, + (const Bytef *) cstr, + clen); + GNUNET_assert (Z_OK == ret); + free (cstr); + hdr = GNUNET_malloc (sizeof (*hdr) + cbuf_size); + hdr->ctype = htonl (TALER_EXCHANGE_CONTRACT_PAYMENT_REQUEST); + hdr->clen = htonl ((uint32_t) clen); + memcpy (&hdr[1], + xbuf, + cbuf_size); + GNUNET_free (xbuf); + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, + &nonce, + sizeof (nonce)); + contract_encrypt (&nonce, + &key, + sizeof (key), + hdr, + sizeof (*hdr) + cbuf_size, + DEPOSIT_SALT, + &xecontract, + &xecontract_size); + GNUNET_free (hdr); + /* prepend purse_pub */ + *econtract = GNUNET_malloc (xecontract_size + sizeof (*purse_pub)); + memcpy (*econtract, + purse_pub, + sizeof (*purse_pub)); + memcpy (sizeof (*purse_pub) + *econtract, + xecontract, + xecontract_size); + *econtract_size = xecontract_size + sizeof (*purse_pub); + GNUNET_free (xecontract); +} + + +json_t * +TALER_CRYPTO_contract_decrypt_for_deposit ( + const struct TALER_ContractDiffiePrivateP *contract_priv, + const void *econtract, + size_t econtract_size) +{ + const struct TALER_PurseContractPublicKeyP *purse_pub = econtract; + + if (econtract_size < sizeof (*purse_pub)) + { + GNUNET_break_op (0); + return NULL; + } + struct GNUNET_HashCode key; + void *xhdr; + size_t hdr_size; + const struct ContractHeaderP *hdr; + char *cstr; + uLongf clen; + json_error_t json_error; + json_t *ret; + + if (GNUNET_OK != + GNUNET_CRYPTO_ecdh_eddsa (&contract_priv->ecdhe_priv, + &purse_pub->eddsa_pub, + &key)) + { + GNUNET_break (0); + return NULL; + } + econtract += sizeof (*purse_pub); + econtract_size -= sizeof (*purse_pub); + if (GNUNET_OK != + contract_decrypt (&key, + sizeof (key), + econtract, + econtract_size, + DEPOSIT_SALT, + &xhdr, + &hdr_size)) + { + GNUNET_break_op (0); + return NULL; + } + if (hdr_size < sizeof (*hdr)) + { + GNUNET_break_op (0); + GNUNET_free (xhdr); + return NULL; + } + hdr = xhdr; + if (TALER_EXCHANGE_CONTRACT_PAYMENT_REQUEST != ntohl (hdr->ctype)) + { + GNUNET_break_op (0); + GNUNET_free (xhdr); + return NULL; + } clen = ntohl (hdr->clen); if (clen >= GNUNET_MAX_MALLOC_CHECKED) { @@ -340,7 +524,6 @@ TALER_CRYPTO_contract_decrypt_for_merge ( GNUNET_free (xhdr); return NULL; } - *merge_priv = hdr->keys.merge_priv; GNUNET_free (xhdr); ret = json_loadb ((char *) cstr, clen, diff --git a/src/util/merchant_signatures.c b/src/util/merchant_signatures.c index 84daca2c4..1ad94e005 100644 --- a/src/util/merchant_signatures.c +++ b/src/util/merchant_signatures.c @@ -210,6 +210,7 @@ TALER_merchant_pay_sign ( merch_sig); } + enum GNUNET_GenericReturnValue TALER_merchant_pay_verify ( const struct TALER_PrivateContractHashP *h_contract_terms, @@ -265,6 +266,7 @@ TALER_merchant_contract_sign ( merch_sig); } + // NB: "TALER_merchant_contract_verify" not (yet?) needed / not defined. /* end of merchant_signatures.c */ |