diff options
Diffstat (limited to 'src/mint-lib/mint_api_refresh.c')
| -rw-r--r-- | src/mint-lib/mint_api_refresh.c | 2061 |
1 files changed, 0 insertions, 2061 deletions
diff --git a/src/mint-lib/mint_api_refresh.c b/src/mint-lib/mint_api_refresh.c deleted file mode 100644 index cea16b153..000000000 --- a/src/mint-lib/mint_api_refresh.c +++ /dev/null @@ -1,2061 +0,0 @@ -/* - This file is part of TALER - Copyright (C) 2015 GNUnet e.V. - - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. - - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along with - TALER; see the file COPYING. If not, If not, see - <http://www.gnu.org/licenses/> -*/ -/** - * @file mint-lib/mint_api_refresh.c - * @brief Implementation of the /refresh/melt+reveal requests of the mint's HTTP API - * @author Christian Grothoff - */ -#include "platform.h" -#include <curl/curl.h> -#include <jansson.h> -#include <microhttpd.h> /* just for HTTP status codes */ -#include <gnunet/gnunet_util_lib.h> -#include "taler_mint_service.h" -#include "mint_api_common.h" -#include "mint_api_json.h" -#include "mint_api_context.h" -#include "mint_api_handle.h" -#include "taler_signatures.h" - - -/* ********************* /refresh/ common ***************************** */ - -/* structures for committing refresh data to disk before doing the - network interaction(s) */ - -GNUNET_NETWORK_STRUCT_BEGIN - -/** - * Header of serialized information about a coin we are melting. - */ -struct MeltedCoinP -{ - /** - * Private key of the coin. - */ - struct TALER_CoinSpendPrivateKeyP coin_priv; - - /** - * Amount this coin contributes to the melt, including fee. - */ - struct TALER_AmountNBO melt_amount_with_fee; - - /** - * The applicable fee for withdrawing a coin of this denomination - */ - struct TALER_AmountNBO fee_melt; - - /** - * The original value of the coin. - */ - struct TALER_AmountNBO original_value; - - /** - * Transfer private keys for each cut-and-choose dimension. - */ - struct TALER_TransferPrivateKeyP transfer_priv[TALER_CNC_KAPPA]; - - /** - * Timestamp indicating when coins of this denomination become invalid. - */ - struct GNUNET_TIME_AbsoluteNBO deposit_valid_until; - - /** - * Size of the encoded public key that follows. - */ - uint16_t pbuf_size; - - /** - * Size of the encoded signature that follows. - */ - uint16_t sbuf_size; - - /* Followed by serializations of: - 1) struct TALER_DenominationPublicKey pub_key; - 2) struct TALER_DenominationSignature sig; - */ -}; - - -/** - * Header for serializations of coin-specific information about the - * fresh coins we generate during a melt. - */ -struct FreshCoinP -{ - - /** - * Private key of the coin. - */ - struct TALER_CoinSpendPrivateKeyP coin_priv; - - /** - * Size of the encoded blinding key that follows. - */ - uint32_t bbuf_size; - - /* Followed by serialization of: - - struct TALER_DenominationBlindingKey blinding_key; - */ - -}; - - -/** - * Header of serialized data about a melt operation, suitable for - * persisting it on disk. - */ -struct MeltDataP -{ - - /** - * Hash over the melting session. - */ - struct GNUNET_HashCode melt_session_hash; - - /** - * Link secret used to encrypt the @a coin_priv and the blinding - * key in the linkage data for the respective cut-and-choose dimension. - */ - struct TALER_LinkSecretP link_secrets[TALER_CNC_KAPPA]; - - /** - * Number of coins we are melting, in NBO - */ - uint16_t num_melted_coins GNUNET_PACKED; - - /** - * Number of coins we are creating, in NBO - */ - uint16_t num_fresh_coins GNUNET_PACKED; - - /* Followed by serializations of: - 1) struct MeltedCoinP melted_coins[num_melted_coins]; - 2) struct TALER_MINT_DenomPublicKey fresh_pks[num_fresh_coins]; - 3) TALER_CNC_KAPPA times: - 3a) struct FreshCoinP fresh_coins[num_fresh_coins]; - */ -}; - - -GNUNET_NETWORK_STRUCT_END - - -/** - * Information about a coin we are melting. - */ -struct MeltedCoin -{ - /** - * Private key of the coin. - */ - struct TALER_CoinSpendPrivateKeyP coin_priv; - - /** - * Amount this coin contributes to the melt, including fee. - */ - struct TALER_Amount melt_amount_with_fee; - - /** - * The applicable fee for melting a coin of this denomination - */ - struct TALER_Amount fee_melt; - - /** - * The original value of the coin. - */ - struct TALER_Amount original_value; - - /** - * Transfer private keys for each cut-and-choose dimension. - */ - struct TALER_TransferPrivateKeyP transfer_priv[TALER_CNC_KAPPA]; - - /** - * Timestamp indicating when coins of this denomination become invalid. - */ - struct GNUNET_TIME_Absolute deposit_valid_until; - - /** - * Denomination key of the original coin. - */ - struct TALER_DenominationPublicKey pub_key; - - /** - * Mint's signature over the coin. - */ - struct TALER_DenominationSignature sig; - -}; - - -/** - * Coin-specific information about the fresh coins we generate during - * a melt. - */ -struct FreshCoin -{ - - /** - * Private key of the coin. - */ - struct TALER_CoinSpendPrivateKeyP coin_priv; - - /** - * Blinding key used for blinding during blind signing. - */ - struct TALER_DenominationBlindingKey blinding_key; - -}; - - -/** - * Melt data in non-serialized format for convenient processing. - */ -struct MeltData -{ - - /** - * Hash over the melting session. - */ - struct GNUNET_HashCode melt_session_hash; - - /** - * Link secrets for each cut-and-choose dimension. - */ - struct TALER_LinkSecretP link_secrets[TALER_CNC_KAPPA]; - - /** - * Number of coins we are melting - */ - uint16_t num_melted_coins; - - /** - * Number of coins we are creating - */ - uint16_t num_fresh_coins; - - /** - * Information about the melted coins in an array of length @e - * num_melted_coins. - */ - struct MeltedCoin *melted_coins; - - /** - * Array of @e num_fresh_coins denomination keys for the coins to be - * freshly minted. - */ - struct TALER_DenominationPublicKey *fresh_pks; - - /** - * Arrays of @e num_fresh_coins with information about the fresh - * coins to be created, for each cut-and-choose dimension. - */ - struct FreshCoin *fresh_coins[TALER_CNC_KAPPA]; -}; - - -/** - * Free all information associated with a melted coin session. - * - * @param mc melted coin to release, the pointer itself is NOT - * freed (as it is typically not allocated by itself) - */ -static void -free_melted_coin (struct MeltedCoin *mc) -{ - if (NULL == mc) - return; - if (NULL != mc->pub_key.rsa_public_key) - GNUNET_CRYPTO_rsa_public_key_free (mc->pub_key.rsa_public_key); - if (NULL != mc->sig.rsa_signature) - GNUNET_CRYPTO_rsa_signature_free (mc->sig.rsa_signature); -} - - -/** - * Free all information associated with a fresh coin. - * - * @param fc fresh coin to release, the pointer itself is NOT - * freed (as it is typically not allocated by itself) - */ -static void -free_fresh_coin (struct FreshCoin *fc) -{ - if (NULL == fc) - return; - if (NULL != fc->blinding_key.rsa_blinding_key) - GNUNET_CRYPTO_rsa_blinding_key_free (fc->blinding_key.rsa_blinding_key); -} - - -/** - * Free all information associated with a melting session. Note - * that we allow the melting session to be only partially initialized, - * as we use this function also when freeing melt data that was not - * fully initialized (i.e. due to failures in #deserialize_melt_data()). - * - * @param md melting data to release, the pointer itself is NOT - * freed (as it is typically not allocated by itself) - */ -static void -free_melt_data (struct MeltData *md) -{ - unsigned int i; - unsigned int j; - - if (NULL != md->melted_coins) - { - for (i=0;i<md->num_melted_coins;i++) - free_melted_coin (&md->melted_coins[i]); - GNUNET_free (md->melted_coins); - } - if (NULL != md->fresh_pks) - { - for (i=0;i<md->num_fresh_coins;i++) - if (NULL != md->fresh_pks[i].rsa_public_key) - GNUNET_CRYPTO_rsa_public_key_free (md->fresh_pks[i].rsa_public_key); - GNUNET_free (md->fresh_pks); - } - - for (i=0;i<TALER_CNC_KAPPA;i++) - { - for (j=0;j<md->num_fresh_coins;j++) - free_fresh_coin (&md->fresh_coins[i][j]); - GNUNET_free (md->fresh_coins[i]); - } - /* Finally, clean up a bit... - (NOTE: compilers might optimize this away, so this is - not providing any strong assurances that the key material - is purged.) */ - memset (md, - 0, - sizeof (struct MeltData)); -} - - -/** - * Serialize information about a coin we are melting. - * - * @param mc information to serialize - * @param buf buffer to write data in, NULL to just compute - * required size - * @param off offeset at @a buf to use - * @return number of bytes written to @a buf at @a off, or if - * @a buf is NULL, number of bytes required; 0 on error - */ -static size_t -serialize_melted_coin (const struct MeltedCoin *mc, - char *buf, - size_t off) -{ - struct MeltedCoinP mcp; - unsigned int i; - char *pbuf; - size_t pbuf_size; - char *sbuf; - size_t sbuf_size; - - sbuf_size = GNUNET_CRYPTO_rsa_signature_encode (mc->sig.rsa_signature, - &sbuf); - pbuf_size = GNUNET_CRYPTO_rsa_public_key_encode (mc->pub_key.rsa_public_key, - &pbuf); - if (NULL == buf) - { - GNUNET_free (sbuf); - GNUNET_free (pbuf); - return sizeof (struct MeltedCoinP) + sbuf_size + pbuf_size; - } - if ( (sbuf_size > UINT16_MAX) || - (pbuf_size > UINT16_MAX) ) - { - GNUNET_break (0); - return 0; - } - mcp.coin_priv = mc->coin_priv; - TALER_amount_hton (&mcp.melt_amount_with_fee, - &mc->melt_amount_with_fee); - TALER_amount_hton (&mcp.fee_melt, - &mc->fee_melt); - TALER_amount_hton (&mcp.original_value, - &mc->original_value); - for (i=0;i<TALER_CNC_KAPPA;i++) - mcp.transfer_priv[i] = mc->transfer_priv[i]; - mcp.deposit_valid_until = GNUNET_TIME_absolute_hton (mc->deposit_valid_until); - mcp.pbuf_size = htons ((uint16_t) pbuf_size); - mcp.sbuf_size = htons ((uint16_t) sbuf_size); - memcpy (&buf[off], - &mcp, - sizeof (struct MeltedCoinP)); - memcpy (&buf[off + sizeof (struct MeltedCoinP)], - pbuf, - pbuf_size); - memcpy (&buf[off + sizeof (struct MeltedCoinP) + pbuf_size], - sbuf, - sbuf_size); - GNUNET_free (sbuf); - GNUNET_free (pbuf); - return sizeof (struct MeltedCoinP) + sbuf_size + pbuf_size; -} - - -/** - * Deserialize information about a coin we are melting. - * - * @param[out] mc information to deserialize - * @param buf buffer to read data from - * @param size number of bytes available at @a buf to use - * @param[out] ok set to #GNUNET_NO to report errors - * @return number of bytes read from @a buf, 0 on error - */ -static size_t -deserialize_melted_coin (struct MeltedCoin *mc, - const char *buf, - size_t size, - int *ok) -{ - struct MeltedCoinP mcp; - unsigned int i; - size_t pbuf_size; - size_t sbuf_size; - size_t off; - - if (size < sizeof (struct MeltedCoinP)) - { - GNUNET_break (0); - *ok = GNUNET_NO; - return 0; - } - memcpy (&mcp, - buf, - sizeof (struct MeltedCoinP)); - pbuf_size = ntohs (mcp.pbuf_size); - sbuf_size = ntohs (mcp.sbuf_size); - if (size < sizeof (struct MeltedCoinP) + pbuf_size + sbuf_size) - { - GNUNET_break (0); - *ok = GNUNET_NO; - return 0; - } - off = sizeof (struct MeltedCoinP); - mc->pub_key.rsa_public_key - = GNUNET_CRYPTO_rsa_public_key_decode (&buf[off], - pbuf_size); - off += pbuf_size; - mc->sig.rsa_signature - = GNUNET_CRYPTO_rsa_signature_decode (&buf[off], - sbuf_size); - off += sbuf_size; - if ( (NULL == mc->pub_key.rsa_public_key) || - (NULL == mc->sig.rsa_signature) ) - { - GNUNET_break (0); - *ok = GNUNET_NO; - return 0; - } - - mc->coin_priv = mcp.coin_priv; - TALER_amount_ntoh (&mc->melt_amount_with_fee, - &mcp.melt_amount_with_fee); - TALER_amount_ntoh (&mc->fee_melt, - &mcp.fee_melt); - TALER_amount_ntoh (&mc->original_value, - &mcp.original_value); - for (i=0;i<TALER_CNC_KAPPA;i++) - mc->transfer_priv[i] = mcp.transfer_priv[i]; - mc->deposit_valid_until = GNUNET_TIME_absolute_ntoh (mcp.deposit_valid_until); - return off; -} - - -/** - * Serialize information about a denomination key. - * - * @param dk information to serialize - * @param buf buffer to write data in, NULL to just compute - * required size - * @param off offeset at @a buf to use - * @return number of bytes written to @a buf at @a off, or if - * @a buf is NULL, number of bytes required - */ -static size_t -serialize_denomination_key (const struct TALER_DenominationPublicKey *dk, - char *buf, - size_t off) -{ - char *pbuf; - size_t pbuf_size; - uint32_t be; - - pbuf_size = GNUNET_CRYPTO_rsa_public_key_encode (dk->rsa_public_key, - &pbuf); - if (NULL == buf) - { - GNUNET_free (pbuf); - return pbuf_size + sizeof (uint32_t); - } - be = htonl ((uint32_t) pbuf_size); - memcpy (&buf[off], - &be, - sizeof (uint32_t)); - memcpy (&buf[off + sizeof (uint32_t)], - pbuf, - pbuf_size); - GNUNET_free (pbuf); - return pbuf_size + sizeof (uint32_t); -} - - -/** - * Deserialize information about a denomination key. - * - * @param[out] dk information to deserialize - * @param buf buffer to read data from - * @param size number of bytes available at @a buf to use - * @param[out] ok set to #GNUNET_NO to report errors - * @return number of bytes read from @a buf, 0 on error - */ -static size_t -deserialize_denomination_key (struct TALER_DenominationPublicKey *dk, - const char *buf, - size_t size, - int *ok) -{ - size_t pbuf_size; - uint32_t be; - - if (size < sizeof (uint32_t)) - { - GNUNET_break (0); - *ok = GNUNET_NO; - return 0; - } - memcpy (&be, - buf, - sizeof (uint32_t)); - pbuf_size = ntohl (be); - if (size < sizeof (uint32_t) + pbuf_size) - { - GNUNET_break (0); - *ok = GNUNET_NO; - return 0; - } - dk->rsa_public_key - = GNUNET_CRYPTO_rsa_public_key_decode (&buf[sizeof (uint32_t)], - pbuf_size); - - if (NULL == dk->rsa_public_key) - { - GNUNET_break (0); - *ok = GNUNET_NO; - return 0; - } - return sizeof (uint32_t) + pbuf_size; -} - - -/** - * Serialize information about a fresh coin we are generating. - * - * @param fc information to serialize - * @param buf buffer to write data in, NULL to just compute - * required size - * @param off offeset at @a buf to use - * @return number of bytes written to @a buf at @a off, or if - * @a buf is NULL, number of bytes required - */ -static size_t -serialize_fresh_coin (const struct FreshCoin *fc, - char *buf, - size_t off) -{ - struct FreshCoinP fcp; - char *bbuf; - size_t bbuf_size; - - bbuf_size = GNUNET_CRYPTO_rsa_blinding_key_encode (fc->blinding_key.rsa_blinding_key, - &bbuf); - if (NULL == buf) - { - GNUNET_free (bbuf); - return sizeof (struct FreshCoinP) + bbuf_size; - } - fcp.coin_priv = fc->coin_priv; - fcp.bbuf_size = htonl ((uint32_t) bbuf_size); - memcpy (&buf[off], - &fcp, - sizeof (struct FreshCoinP)); - memcpy (&buf[off + sizeof (struct FreshCoinP)], - bbuf, - bbuf_size); - GNUNET_free (bbuf); - return sizeof (struct FreshCoinP) + bbuf_size; -} - - -/** - * Deserialize information about a fresh coin we are generating. - * - * @param[out] fc information to deserialize - * @param buf buffer to read data from - * @param size number of bytes available at @a buf to use - * @param[out] ok set to #GNUNET_NO to report errors - * @return number of bytes read from @a buf, 0 on error - */ -static size_t -deserialize_fresh_coin (struct FreshCoin *fc, - const char *buf, - size_t size, - int *ok) -{ - struct FreshCoinP fcp; - size_t bbuf_size; - - if (size < sizeof (struct FreshCoinP)) - { - GNUNET_break (0); - *ok = GNUNET_NO; - return 0; - } - memcpy (&fcp, - buf, - sizeof (struct FreshCoinP)); - bbuf_size = ntohl (fcp.bbuf_size); - if (size < sizeof (struct FreshCoinP) + bbuf_size) - { - GNUNET_break (0); - *ok = GNUNET_NO; - return 0; - } - fc->blinding_key.rsa_blinding_key - = GNUNET_CRYPTO_rsa_blinding_key_decode (&buf[sizeof (struct FreshCoinP)], - bbuf_size); - if (NULL == fc->blinding_key.rsa_blinding_key) - { - GNUNET_break (0); - *ok = GNUNET_NO; - return 0; - } - fc->coin_priv = fcp.coin_priv; - return sizeof (struct FreshCoinP) + bbuf_size; -} - - -/** - * Serialize melt data. - * - * @param md data to serialize - * @param[out] res_size size of buffer returned - * @return serialized melt data - */ -static char * -serialize_melt_data (const struct MeltData *md, - size_t *res_size) -{ - size_t size; - size_t asize; - char *buf; - unsigned int i; - unsigned int j; - - size = 0; - asize = (size_t) -1; /* make the compiler happy */ - buf = NULL; - /* we do 2 iterations, #1 to determine total size, #2 to - actually construct the buffer */ - do { - if (0 == size) - { - size = sizeof (struct MeltDataP); - } - else - { - struct MeltDataP *mdp; - - buf = GNUNET_malloc (size); - asize = size; /* just for invariant check later */ - size = sizeof (struct MeltDataP); - mdp = (struct MeltDataP *) buf; - mdp->melt_session_hash = md->melt_session_hash; - for (i=0;i<TALER_CNC_KAPPA;i++) - mdp->link_secrets[i] = md->link_secrets[i]; - mdp->num_melted_coins = htons (md->num_melted_coins); - mdp->num_fresh_coins = htons (md->num_fresh_coins); - } - for (i=0;i<md->num_melted_coins;i++) - size += serialize_melted_coin (&md->melted_coins[i], - buf, - size); - for (i=0;i<md->num_fresh_coins;i++) - size += serialize_denomination_key (&md->fresh_pks[i], - buf, - size); - for (i=0;i<TALER_CNC_KAPPA;i++) - for(j=0;j<md->num_fresh_coins;j++) - size += serialize_fresh_coin (&md->fresh_coins[i][j], - buf, - size); - } while (NULL == buf); - GNUNET_assert (size == asize); - *res_size = size; - return buf; -} - - -/** - * Deserialize melt data. - * - * @param buf serialized data - * @param buf_size size of @a buf - * @return deserialized melt data, NULL on error - */ -static struct MeltData * -deserialize_melt_data (const char *buf, - size_t buf_size) -{ - struct MeltData *md; - struct MeltDataP mdp; - unsigned int i; - unsigned int j; - size_t off; - int ok; - - if (buf_size < sizeof (struct MeltDataP)) - return NULL; - memcpy (&mdp, - buf, - sizeof (struct MeltDataP)); - md = GNUNET_new (struct MeltData); - md->melt_session_hash = mdp.melt_session_hash; - for (i=0;i<TALER_CNC_KAPPA;i++) - md->link_secrets[i] = mdp.link_secrets[i]; - md->num_melted_coins = ntohs (mdp.num_melted_coins); - md->num_fresh_coins = ntohs (mdp.num_fresh_coins); - md->melted_coins = GNUNET_new_array (md->num_melted_coins, - struct MeltedCoin); - md->fresh_pks = GNUNET_new_array (md->num_fresh_coins, - struct TALER_DenominationPublicKey); - for (i=0;i<TALER_CNC_KAPPA;i++) - md->fresh_coins[i] = GNUNET_new_array (md->num_fresh_coins, - struct FreshCoin); - off = sizeof (struct MeltDataP); - ok = GNUNET_YES; - for (i=0;(i<md->num_melted_coins)&&(GNUNET_YES == ok);i++) - off += deserialize_melted_coin (&md->melted_coins[i], - &buf[off], - buf_size - off, - &ok); - for (i=0;(i<md->num_fresh_coins)&&(GNUNET_YES == ok);i++) - off += deserialize_denomination_key (&md->fresh_pks[i], - &buf[off], - buf_size - off, - &ok); - - for (i=0;i<TALER_CNC_KAPPA;i++) - for(j=0;(j<md->num_fresh_coins)&&(GNUNET_YES == ok);j++) - off += deserialize_fresh_coin (&md->fresh_coins[i][j], - &buf[off], - buf_size - off, - &ok); - if (off != buf_size) - { - GNUNET_break (0); - ok = GNUNET_NO; - } - if (GNUNET_YES != ok) - { - free_melt_data (md); - GNUNET_free (md); - return NULL; - } - return md; -} - - -/** - * Setup information for a fresh coin. - * - * @param[out] fc value to initialize - * @param pk denomination information for the fresh coin - */ -static void -setup_fresh_coin (struct FreshCoin *fc, - const struct TALER_MINT_DenomPublicKey *pk) -{ - struct GNUNET_CRYPTO_EddsaPrivateKey *epk; - unsigned int len; - - epk = GNUNET_CRYPTO_eddsa_key_create (); - fc->coin_priv.eddsa_priv = *epk; - GNUNET_free (epk); - len = GNUNET_CRYPTO_rsa_public_key_len (pk->key.rsa_public_key); - fc->blinding_key.rsa_blinding_key - = GNUNET_CRYPTO_rsa_blinding_key_create (len); -} - - -/** - * Melt (partially spent) coins to obtain fresh coins that are - * unlinkable to the original coin(s). Note that melting more - * than one coin in a single request will make those coins linkable, - * so the safest operation only melts one coin at a time. - * - * This API is typically used by a wallet. Note that to ensure that - * no money is lost in case of hardware failures, is operation does - * not actually initiate the request. Instead, it generates a buffer - * which the caller must store before proceeding with the actual call - * to #TALER_MINT_refresh_melt() that will generate the request. - * - * This function does verify that the given request data is internally - * consistent. However, the @a melts_sigs are only verified if - * @a check_sigs is set to #GNUNET_YES, as this may be relatively - * expensive and should be redundant. - * - * Aside from some non-trivial cryptographic operations that might - * take a bit of CPU time to complete, this function returns - * its result immediately and does not start any asynchronous - * processing. This function is also thread-safe. - * - * @param num_melts number of coins that are being melted (typically 1) - * @param melt_privs array of @a num_melts private keys of the coins to melt - * @param melt_amounts array of @a num_melts amounts specifying how much - * each coin will contribute to the melt (including fee) - * @param melt_sigs array of @a num_melts signatures affirming the - * validity of the public keys corresponding to the - * @a melt_privs private keys - * @param melt_pks array of @a num_melts denomination key information - * records corresponding to the @a melt_sigs - * validity of the keys - * @param check_sigs verify the validity of the signatures of @a melt_sigs - * @param fresh_pks_len length of the @a pks array - * @param fresh_pks array of @a pks_len denominations of fresh coins to create - * @param[out] res_size set to the size of the return value, or 0 on error - * @return NULL - * if the inputs are invalid (i.e. denomination key not with this mint). - * Otherwise, pointer to a buffer of @a res_size to store persistently - * before proceeding to #TALER_MINT_refresh_melt(). - * Non-null results should be freed using #GNUNET_free(). - */ -char * -TALER_MINT_refresh_prepare (unsigned int num_melts, - const struct TALER_CoinSpendPrivateKeyP *melt_privs, - const struct TALER_Amount *melt_amounts, - const struct TALER_DenominationSignature *melt_sigs, - const struct TALER_MINT_DenomPublicKey *melt_pks, - int check_sigs, - unsigned int fresh_pks_len, - const struct TALER_MINT_DenomPublicKey *fresh_pks, - size_t *res_size) -{ - struct MeltData md; - char *buf; - unsigned int i; - unsigned int j; - struct GNUNET_HashContext *hash_context; - - /* build up melt data structure */ - for (i=0;i<TALER_CNC_KAPPA;i++) - GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, - &md.link_secrets[i], - sizeof (struct TALER_LinkSecretP)); - md.num_melted_coins = num_melts; - md.num_fresh_coins = fresh_pks_len; - md.melted_coins = GNUNET_new_array (num_melts, - struct MeltedCoin); - for (i=0;i<num_melts;i++) - { - md.melted_coins[i].coin_priv = melt_privs[i]; - md.melted_coins[i].melt_amount_with_fee = melt_amounts[i]; - md.melted_coins[i].fee_melt = melt_pks[i].fee_refresh; - md.melted_coins[i].original_value = melt_pks[i].value; - for (j=0;j<TALER_CNC_KAPPA;j++) - { - struct GNUNET_CRYPTO_EcdhePrivateKey *tpk; - - tpk = GNUNET_CRYPTO_ecdhe_key_create (); - md.melted_coins[i].transfer_priv[j].ecdhe_priv = *tpk; - GNUNET_free (tpk); - } - md.melted_coins[i].deposit_valid_until - = melt_pks[i].deposit_valid_until; - md.melted_coins[i].pub_key.rsa_public_key - = GNUNET_CRYPTO_rsa_public_key_dup (melt_pks[i].key.rsa_public_key); - md.melted_coins[i].sig.rsa_signature - = GNUNET_CRYPTO_rsa_signature_dup (melt_sigs[i].rsa_signature); - } - md.fresh_pks = GNUNET_new_array (fresh_pks_len, - struct TALER_DenominationPublicKey); - for (i=0;i<fresh_pks_len;i++) - md.fresh_pks[i].rsa_public_key - = GNUNET_CRYPTO_rsa_public_key_dup (fresh_pks[i].key.rsa_public_key); - for (i=0;i<TALER_CNC_KAPPA;i++) - { - md.fresh_coins[i] = GNUNET_new_array (fresh_pks_len, - struct FreshCoin); - for (j=0;j<fresh_pks_len;j++) - setup_fresh_coin (&md.fresh_coins[i][j], - &fresh_pks[j]); - } - - /* now compute melt session hash */ - hash_context = GNUNET_CRYPTO_hash_context_start (); - for (i=0;i<fresh_pks_len;i++) - { - char *buf; - size_t buf_size; - - buf_size = GNUNET_CRYPTO_rsa_public_key_encode (fresh_pks[i].key.rsa_public_key, - &buf); - GNUNET_CRYPTO_hash_context_read (hash_context, - buf, - buf_size); - GNUNET_free (buf); - } - for (i=0;i<num_melts;i++) - { - struct TALER_CoinSpendPublicKeyP coin_pub; - struct TALER_AmountNBO melt_amount; - - GNUNET_CRYPTO_eddsa_key_get_public (&melt_privs[i].eddsa_priv, - &coin_pub.eddsa_pub); - GNUNET_CRYPTO_hash_context_read (hash_context, - &coin_pub, - sizeof (struct TALER_CoinSpendPublicKeyP)); - TALER_amount_hton (&melt_amount, - &melt_amounts[i]); - GNUNET_CRYPTO_hash_context_read (hash_context, - &melt_amount, - sizeof (struct TALER_AmountNBO)); - - } - for (i = 0; i < TALER_CNC_KAPPA; i++) - { - for (j = 0; j < fresh_pks_len; j++) - { - const struct FreshCoin *fc; /* coin this is about */ - struct TALER_CoinSpendPublicKeyP coin_pub; - struct GNUNET_HashCode coin_hash; - char *coin_ev; /* blinded message to be signed (in envelope) for each coin */ - size_t coin_ev_size; - struct TALER_RefreshLinkDecrypted rld; - struct TALER_RefreshLinkEncrypted *rle; - char *link_enc; /* encrypted link data */ - size_t link_enc_size; - - fc = &md.fresh_coins[i][j]; - GNUNET_CRYPTO_eddsa_key_get_public (&fc->coin_priv.eddsa_priv, - &coin_pub.eddsa_pub); - GNUNET_CRYPTO_hash (&coin_pub.eddsa_pub, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), - &coin_hash); - coin_ev_size = GNUNET_CRYPTO_rsa_blind (&coin_hash, - fc->blinding_key.rsa_blinding_key, - md.fresh_pks[j].rsa_public_key, - &coin_ev); - GNUNET_CRYPTO_hash_context_read (hash_context, - coin_ev, - coin_ev_size); - GNUNET_free (coin_ev); - - rld.coin_priv = fc->coin_priv; - rld.blinding_key = fc->blinding_key; - rle = TALER_refresh_encrypt (&rld, - &md.link_secrets[i]); - link_enc = TALER_refresh_link_encrypted_encode (rle, - &link_enc_size); - - GNUNET_CRYPTO_hash_context_read (hash_context, - link_enc, - link_enc_size); - GNUNET_free (link_enc); - } - } - for (i = 0; i < TALER_CNC_KAPPA; i++) - { - for (j = 0; j < num_melts; j++) - { - struct TALER_RefreshCommitLinkP rcl; - struct TALER_TransferSecretP trans_sec; - - GNUNET_CRYPTO_ecdhe_key_get_public (&md.melted_coins[j].transfer_priv[i].ecdhe_priv, - &rcl.transfer_pub.ecdhe_pub); - TALER_link_derive_transfer_secret (&melt_privs[j], - &md.melted_coins[j].transfer_priv[i], - &trans_sec); - TALER_transfer_encrypt (&md.link_secrets[i], - &trans_sec, - &rcl.shared_secret_enc); - GNUNET_CRYPTO_hash_context_read (hash_context, - &rcl, - sizeof (struct TALER_RefreshCommitLinkP)); - } - } - - GNUNET_CRYPTO_hash_context_finish (hash_context, - &md.melt_session_hash); - - /* finally, serialize everything */ - buf = serialize_melt_data (&md, - res_size); - free_melt_data (&md); - return buf; -} - - -/* ********************* /refresh/melt ***************************** */ - - -/** - * @brief A /refresh/melt Handle - */ -struct TALER_MINT_RefreshMeltHandle -{ - - /** - * The connection to mint this request handle will use - */ - struct TALER_MINT_Handle *mint; - - /** - * The url for this request. - */ - char *url; - - /** - * JSON encoding of the request to POST. - */ - char *json_enc; - - /** - * Handle for the request. - */ - struct MAC_Job *job; - - /** - * Function to call with refresh melt failure results. - */ - TALER_MINT_RefreshMeltCallback melt_cb; - - /** - * Closure for @e result_cb and @e melt_failure_cb. - */ - void *melt_cb_cls; - - /** - * Download buffer - */ - struct MAC_DownloadBuffer db; - - /** - * Actual information about the melt operation. - */ - struct MeltData *md; -}; - - -/** - * Verify that the signature on the "200 OK" response - * from the mint is valid. - * - * @param rmh melt handle - * @param json json reply with the signature - * @param[out] noreveal_index set to the noreveal index selected by the mint - * @return #GNUNET_OK if the signature is valid, #GNUNET_SYSERR if not - */ -static int -verify_refresh_melt_signature_ok (struct TALER_MINT_RefreshMeltHandle *rmh, - json_t *json, - uint16_t *noreveal_index) -{ - struct TALER_MintSignatureP mint_sig; - struct TALER_MintPublicKeyP mint_pub; - const struct TALER_MINT_Keys *key_state; - struct MAJ_Specification spec[] = { - MAJ_spec_fixed_auto ("mint_sig", &mint_sig), - MAJ_spec_fixed_auto ("mint_pub", &mint_pub), - MAJ_spec_uint16 ("noreveal_index", noreveal_index), - MAJ_spec_end - }; - struct TALER_RefreshMeltConfirmationPS confirm; - - if (GNUNET_OK != - MAJ_parse_json (json, - spec)) - { - GNUNET_break_op (0); - return GNUNET_SYSERR; - } - - /* check that mint signing key is permitted */ - key_state = TALER_MINT_get_keys (rmh->mint); - if (GNUNET_OK != - TALER_MINT_test_signing_key (key_state, - &mint_pub)) - { - GNUNET_break_op (0); - return GNUNET_SYSERR; - } - - /* check that noreveal index is in permitted range */ - if (TALER_CNC_KAPPA <= *noreveal_index) - { - GNUNET_break_op (0); - return GNUNET_SYSERR; - } - - /* verify signature by mint */ - confirm.purpose.purpose = htonl (TALER_SIGNATURE_MINT_CONFIRM_MELT); - confirm.purpose.size = htonl (sizeof (struct TALER_RefreshMeltConfirmationPS)); - confirm.session_hash = rmh->md->melt_session_hash; - confirm.noreveal_index = htons (*noreveal_index); - confirm.reserved = htons (0); - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MINT_CONFIRM_MELT, - &confirm.purpose, - &mint_sig.eddsa_signature, - &mint_pub.eddsa_pub)) - { - GNUNET_break_op (0); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - - -/** - * Verify that the signatures on the "403 FORBIDDEN" response from the - * mint demonstrating customer double-spending are valid. - * - * @param rmh melt handle - * @param json json reply with the signature(s) and transaction history - * @return #GNUNET_OK if the signature(s) is valid, #GNUNET_SYSERR if not - */ -static int -verify_refresh_melt_signature_forbidden (struct TALER_MINT_RefreshMeltHandle *rmh, - json_t *json) -{ - json_t *history; - struct TALER_Amount original_value; - struct TALER_Amount melt_value_with_fee; - struct TALER_Amount total; - struct TALER_CoinSpendPublicKeyP coin_pub; - unsigned int i; - struct MAJ_Specification spec[] = { - MAJ_spec_json ("history", &history), - MAJ_spec_fixed_auto ("coin_pub", &coin_pub), - MAJ_spec_amount ("original_value", &original_value), - MAJ_spec_amount ("requested_value", &melt_value_with_fee), - MAJ_spec_end - }; - const struct MeltedCoin *mc; - - /* parse JSON reply */ - if (GNUNET_OK != - MAJ_parse_json (json, - spec)) - { - GNUNET_break_op (0); - return GNUNET_SYSERR; - } - - /* Find out which coin was deemed problematic by the mint */ - mc = NULL; - for (i=0;i<rmh->md->num_melted_coins;i++) - { - if (0 == TALER_amount_cmp (&melt_value_with_fee, - &rmh->md->melted_coins[i].melt_amount_with_fee)) - { - struct TALER_CoinSpendPublicKeyP mc_pub; - - GNUNET_CRYPTO_eddsa_key_get_public (&rmh->md->melted_coins[i].coin_priv.eddsa_priv, - &mc_pub.eddsa_pub); - if (0 == memcmp (&mc_pub, - &coin_pub, - sizeof (struct TALER_CoinSpendPublicKeyP))) - { - mc = &rmh->md->melted_coins[i]; - break; - } - } - } - if (NULL == mc) - { - /* coin not found in our original request */ - GNUNET_break_op (0); - json_decref (history); - return GNUNET_SYSERR; - } - - /* check basic coin properties */ - if (0 != TALER_amount_cmp (&original_value, - &mc->original_value)) - { - /* We disagree on the value of the coin */ - GNUNET_break_op (0); - json_decref (history); - return GNUNET_SYSERR; - } - if (0 != TALER_amount_cmp (&melt_value_with_fee, - &mc->melt_amount_with_fee)) - { - /* We disagree on the value of the coin */ - GNUNET_break_op (0); - json_decref (history); - return GNUNET_SYSERR; - } - - /* verify coin history */ - history = json_object_get (json, - "history"); - if (GNUNET_OK != - TALER_MINT_verify_coin_history_ (original_value.currency, - &coin_pub, - history, - &total)) - { - GNUNET_break_op (0); - json_decref (history); - return GNUNET_SYSERR; - } - json_decref (history); - - /* check if melt operation was really too expensive given history */ - if (GNUNET_OK != - TALER_amount_add (&total, - &total, - &melt_value_with_fee)) - { - /* clearly not OK if our transaction would have caused - the overflow... */ - return GNUNET_OK; - } - - if (0 >= TALER_amount_cmp (&total, - &original_value)) - { - /* transaction should have still fit */ - GNUNET_break (0); - return GNUNET_SYSERR; - } - - /* everything OK, valid proof of double-spending was provided */ - return GNUNET_OK; -} - - -/** - * Function called when we're done processing the - * HTTP /refresh/melt request. - * - * @param cls the `struct TALER_MINT_RefreshMeltHandle` - * @param eh the curl request handle - */ -static void -handle_refresh_melt_finished (void *cls, - CURL *eh) -{ - struct TALER_MINT_RefreshMeltHandle *rmh = cls; - long response_code; - json_t *json; - uint16_t noreveal_index = TALER_CNC_KAPPA; /* invalid value */ - - rmh->job = NULL; - json = MAC_download_get_result (&rmh->db, - eh, - &response_code); - switch (response_code) - { - case 0: - break; - case MHD_HTTP_OK: - if (GNUNET_OK != - verify_refresh_melt_signature_ok (rmh, - json, - &noreveal_index)) - { - GNUNET_break_op (0); - response_code = 0; - } - if (NULL != rmh->melt_cb) - { - rmh->melt_cb (rmh->melt_cb_cls, - response_code, - noreveal_index, - json); - rmh->melt_cb = NULL; - } - break; - case MHD_HTTP_BAD_REQUEST: - /* This should never happen, either us or the mint is buggy - (or API version conflict); just pass JSON reply to the application */ - break; - case MHD_HTTP_FORBIDDEN: - /* Double spending; check signatures on transaction history */ - if (GNUNET_OK != - verify_refresh_melt_signature_forbidden (rmh, - json)) - { - GNUNET_break_op (0); - response_code = 0; - } - break; - case MHD_HTTP_UNAUTHORIZED: - /* Nothing really to verify, mint says one of the signatures is - invalid; assuming we checked them, this should never happen, we - should pass the JSON reply to the application */ - break; - case MHD_HTTP_NOT_FOUND: - /* Nothing really to verify, this should never - happen, we should pass the JSON reply to the application */ - break; - case MHD_HTTP_INTERNAL_SERVER_ERROR: - /* Server had an internal issue; we should retry, but this API - leaves this to the application */ - break; - default: - /* unexpected response code */ - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unexpected response code %u\n", - response_code); - GNUNET_break (0); - response_code = 0; - break; - } - if (NULL != rmh->melt_cb) - rmh->melt_cb (rmh->melt_cb_cls, - response_code, - UINT16_MAX, - json); - json_decref (json); - TALER_MINT_refresh_melt_cancel (rmh); -} - - -/** - * Convert a coin to be melted to the respective JSON encoding. - * - * @param melt_session_hash session hash to use - * @param mc coin to be melted - * @return JSON encoding of the melting request - */ -static json_t * -melted_coin_to_json (const struct GNUNET_HashCode *melt_session_hash, - const struct MeltedCoin *mc) -{ - struct TALER_CoinSpendSignatureP confirm_sig; - struct TALER_RefreshMeltCoinAffirmationPS melt; - - melt.purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_MELT); - melt.purpose.size = htonl (sizeof (struct TALER_RefreshMeltCoinAffirmationPS)); - melt.session_hash = *melt_session_hash; - TALER_amount_hton (&melt.amount_with_fee, - &mc->melt_amount_with_fee); - TALER_amount_hton (&melt.melt_fee, - &mc->fee_melt); - GNUNET_CRYPTO_eddsa_key_get_public (&mc->coin_priv.eddsa_priv, - &melt.coin_pub.eddsa_pub); - GNUNET_CRYPTO_eddsa_sign (&mc->coin_priv.eddsa_priv, - &melt.purpose, - &confirm_sig.eddsa_signature); - return json_pack ("{s:o, s:o, s:o, s:o, s:o}", - "coin_pub", - TALER_json_from_data (&melt.coin_pub, - sizeof (melt.coin_pub)), - "denom_pub", - TALER_json_from_rsa_public_key (mc->pub_key.rsa_public_key), - "denom_sig", - TALER_json_from_rsa_signature (mc->sig.rsa_signature), - "confirm_sig", - TALER_json_from_data (&confirm_sig, - sizeof (confirm_sig)), - "value_with_fee", - TALER_json_from_amount (&mc->melt_amount_with_fee)); -} - - -/** - * Submit a melt request to the mint and get the mint's - * response. - * - * This API is typically used by a wallet. Note that to ensure that - * no money is lost in case of hardware failures, the provided - * argument should have been constructed using - * #TALER_MINT_refresh_prepare and committed to persistent storage - * prior to calling this function. - * - * @param mint the mint handle; the mint must be ready to operate - * @param refresh_data_length size of the @a refresh_data (returned - * in the `res_size` argument from #TALER_MINT_refresh_prepare()) - * @param refresh_data the refresh data as returned from - #TALER_MINT_refresh_prepare()) - * @param melt_cb the callback to call with the result - * @param melt_cb_cls closure for @a melt_cb - * @return a handle for this request; NULL if the argument was invalid. - * In this case, neither callback will be called. - */ -struct TALER_MINT_RefreshMeltHandle * -TALER_MINT_refresh_melt (struct TALER_MINT_Handle *mint, - size_t refresh_data_length, - const char *refresh_data, - TALER_MINT_RefreshMeltCallback melt_cb, - void *melt_cb_cls) -{ - json_t *melt_obj; - json_t *new_denoms; - json_t *melt_coins; - json_t *coin_evs; - json_t *transfer_pubs; - json_t *secret_encs; - json_t *link_encs; - json_t *tmp; - struct TALER_MINT_RefreshMeltHandle *rmh; - CURL *eh; - struct TALER_MINT_Context *ctx; - struct MeltData *md; - unsigned int i; - unsigned int j; - - if (GNUNET_YES != - MAH_handle_is_ready (mint)) - { - GNUNET_break (0); - return NULL; - } - md = deserialize_melt_data (refresh_data, - refresh_data_length); - if (NULL == md) - { - GNUNET_break (0); - return NULL; - } - - /* build JSON request, each of the 6 arrays first */ - new_denoms = json_array (); - melt_coins = json_array (); - coin_evs = json_array (); - transfer_pubs = json_array (); - secret_encs = json_array (); - link_encs = json_array (); - for (i=0;i<md->num_melted_coins;i++) - { - const struct MeltedCoin *mc = &md->melted_coins[i]; - - /* now melt_coins */ - json_array_append (melt_coins, - melted_coin_to_json (&md->melt_session_hash, - mc)); - } - - /* now transfer_pubs */ - for (j=0;j<TALER_CNC_KAPPA;j++) - { - tmp = json_array (); - for (i=0;i<md->num_melted_coins;i++) - { - const struct MeltedCoin *mc = &md->melted_coins[i]; - struct TALER_TransferPublicKeyP transfer_pub; - - GNUNET_CRYPTO_ecdhe_key_get_public (&mc->transfer_priv[j].ecdhe_priv, - &transfer_pub.ecdhe_pub); - json_array_append (tmp, - TALER_json_from_data (&transfer_pub, - sizeof (transfer_pub))); - } - json_array_append (transfer_pubs, - tmp); - } - - /* now secret_encs */ - for (j=0;j<TALER_CNC_KAPPA;j++) - { - tmp = json_array (); - for (i=0;i<md->num_melted_coins;i++) - { - const struct MeltedCoin *mc = &md->melted_coins[i]; - struct TALER_EncryptedLinkSecretP els; - struct TALER_TransferSecretP trans_sec; - - TALER_link_derive_transfer_secret (&mc->coin_priv, - &mc->transfer_priv[j], - &trans_sec); - GNUNET_assert (GNUNET_OK == - TALER_transfer_encrypt (&md->link_secrets[j], - &trans_sec, - &els)); - json_array_append (tmp, - TALER_json_from_data (&els, - sizeof (els))); - } - json_array_append (secret_encs, - tmp); - } - - /* now new_denoms */ - for (i=0;i<md->num_fresh_coins;i++) - { - json_array_append (new_denoms, - TALER_json_from_rsa_public_key - (md->fresh_pks[i].rsa_public_key)); - } - - /* now link_encs */ - for (j=0;j<TALER_CNC_KAPPA;j++) - { - tmp = json_array (); - for (i=0;i<md->num_fresh_coins;i++) - { - const struct FreshCoin *fc = &md->fresh_coins[j][i]; - struct TALER_RefreshLinkDecrypted rld; - struct TALER_RefreshLinkEncrypted *rle; - char *buf; - size_t buf_len; - - rld.coin_priv = fc->coin_priv; - rld.blinding_key = fc->blinding_key; - rle = TALER_refresh_encrypt (&rld, - &md->link_secrets[j]); - GNUNET_assert (NULL != rle); - buf = TALER_refresh_link_encrypted_encode (rle, - &buf_len); - GNUNET_assert (NULL != buf); - json_array_append (tmp, - TALER_json_from_data (buf, - buf_len)); - GNUNET_free (buf); - GNUNET_free (rle); - } - json_array_append (link_encs, - tmp); - } - - /* now coin_evs */ - for (j=0;j<TALER_CNC_KAPPA;j++) - { - tmp = json_array (); - for (i=0;i<md->num_fresh_coins;i++) - { - const struct FreshCoin *fc = &md->fresh_coins[j][i]; - struct TALER_CoinSpendPublicKeyP coin_pub; - struct GNUNET_HashCode coin_hash; - char *coin_ev; /* blinded message to be signed (in envelope) for each coin */ - size_t coin_ev_size; - - GNUNET_CRYPTO_eddsa_key_get_public (&fc->coin_priv.eddsa_priv, - &coin_pub.eddsa_pub); - GNUNET_CRYPTO_hash (&coin_pub.eddsa_pub, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), - &coin_hash); - coin_ev_size = GNUNET_CRYPTO_rsa_blind (&coin_hash, - fc->blinding_key.rsa_blinding_key, - md->fresh_pks[i].rsa_public_key, - &coin_ev); - json_array_append (tmp, - TALER_json_from_data (coin_ev, - coin_ev_size)); - GNUNET_free (coin_ev); - } - json_array_append (coin_evs, - tmp); - } - - /* finally, assemble main JSON request from constitutent arrays */ - melt_obj = json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o}", - "new_denoms", new_denoms, - "melt_coins", melt_coins, - "coin_evs", coin_evs, - "transfer_pubs", transfer_pubs, - "secret_encs", secret_encs, - "link_encs", link_encs); - - /* and now we can at last begin the actual request handling */ - rmh = GNUNET_new (struct TALER_MINT_RefreshMeltHandle); - rmh->mint = mint; - rmh->melt_cb = melt_cb; - rmh->melt_cb_cls = melt_cb_cls; - rmh->md = md; - rmh->url = MAH_path_to_url (mint, - "/refresh/melt"); - - eh = curl_easy_init (); - GNUNET_assert (NULL != (rmh->json_enc = - json_dumps (melt_obj, - JSON_COMPACT))); - json_decref (melt_obj); - GNUNET_assert (CURLE_OK == - curl_easy_setopt (eh, - CURLOPT_URL, - rmh->url)); - GNUNET_assert (CURLE_OK == - curl_easy_setopt (eh, - CURLOPT_POSTFIELDS, - rmh->json_enc)); - GNUNET_assert (CURLE_OK == - curl_easy_setopt (eh, - CURLOPT_POSTFIELDSIZE, - strlen (rmh->json_enc))); - GNUNET_assert (CURLE_OK == - curl_easy_setopt (eh, - CURLOPT_WRITEFUNCTION, - &MAC_download_cb)); - GNUNET_assert (CURLE_OK == - curl_easy_setopt (eh, - CURLOPT_WRITEDATA, - &rmh->db)); - ctx = MAH_handle_to_context (mint); - rmh->job = MAC_job_add (ctx, - eh, - GNUNET_YES, - &handle_refresh_melt_finished, - rmh); - return rmh; -} - - -/** - * Cancel a refresh execute request. This function cannot be used - * on a request handle if either callback was already invoked. - * - * @param rmh the refresh melt handle - */ -void -TALER_MINT_refresh_melt_cancel (struct TALER_MINT_RefreshMeltHandle *rmh) -{ - if (NULL != rmh->job) - { - MAC_job_cancel (rmh->job); - rmh->job = NULL; - } - GNUNET_free_non_null (rmh->db.buf); - free_melt_data (rmh->md); /* does not free 'md' itself */ - GNUNET_free (rmh->md); - GNUNET_free (rmh->url); - GNUNET_free (rmh->json_enc); - GNUNET_free (rmh); -} - - -/* ********************* /refresh/reveal ***************************** */ - - -/** - * @brief A /refresh/reveal Handle - */ -struct TALER_MINT_RefreshRevealHandle -{ - - /** - * The connection to mint this request handle will use - */ - struct TALER_MINT_Handle *mint; - - /** - * The url for this request. - */ - char *url; - - /** - * JSON encoding of the request to POST. - */ - char *json_enc; - - /** - * Handle for the request. - */ - struct MAC_Job *job; - - /** - * Function to call with the result. - */ - TALER_MINT_RefreshRevealCallback reveal_cb; - - /** - * Closure for @e reveal_cb. - */ - void *reveal_cb_cls; - - /** - * Download buffer - */ - struct MAC_DownloadBuffer db; - - /** - * Actual information about the melt operation. - */ - struct MeltData *md; - - /** - * The index selected by the mint in cut-and-choose to not be revealed. - */ - uint16_t noreveal_index; - -}; - - -/** - * We got a 200 OK response for the /refresh/reveal operation. - * Extract the coin signatures and return them to the caller. - * The signatures we get from the mint is for the blinded value. - * Thus, we first must unblind them and then should verify their - * validity. - * - * If everything checks out, we return the unblinded signatures - * to the application via the callback. - * - * @param rrh operation handle - * @param json reply from the mint - * @param[out] coin_privs array of length `num_fresh_coins`, initialized to contain private keys - * @param[out] sigs array of length `num_fresh_coins`, initialized to cointain RSA signatures - * @return #GNUNET_OK on success, #GNUNET_SYSERR on errors - */ -static int -refresh_reveal_ok (struct TALER_MINT_RefreshRevealHandle *rrh, - json_t *json, - struct TALER_CoinSpendPrivateKeyP *coin_privs, - struct TALER_DenominationSignature *sigs) -{ - unsigned int i; - json_t *jsona; - struct MAJ_Specification spec[] = { - MAJ_spec_json ("ev_sigs", &jsona), - MAJ_spec_end - }; - - if (GNUNET_OK != - MAJ_parse_json (json, - spec)) - { - GNUNET_break_op (0); - return GNUNET_SYSERR; - } - if (! json_is_array (jsona)) - { - /* We expected an array of coins */ - GNUNET_break_op (0); - return GNUNET_SYSERR; - } - if (rrh->md->num_fresh_coins != json_array_size (jsona)) - { - /* Number of coins generated does not match our expectation */ - GNUNET_break_op (0); - return GNUNET_SYSERR; - } - for (i=0;i<rrh->md->num_fresh_coins;i++) - { - const struct FreshCoin *fc; - struct TALER_DenominationPublicKey *pk; - json_t *jsonai; - struct GNUNET_CRYPTO_rsa_Signature *blind_sig; - struct GNUNET_CRYPTO_rsa_Signature *sig; - struct TALER_CoinSpendPublicKeyP coin_pub; - struct GNUNET_HashCode coin_hash; - - struct MAJ_Specification spec[] = { - MAJ_spec_rsa_signature ("ev_sig", &blind_sig), - MAJ_spec_end - }; - - fc = &rrh->md->fresh_coins[rrh->noreveal_index][i]; - pk = &rrh->md->fresh_pks[i]; - jsonai = json_array_get (jsona, i); - GNUNET_assert (NULL != jsonai); - - if (GNUNET_OK != - MAJ_parse_json (jsonai, - spec)) - { - GNUNET_break_op (0); - return GNUNET_SYSERR; - } - - /* unblind the signature */ - sig = GNUNET_CRYPTO_rsa_unblind (blind_sig, - fc->blinding_key.rsa_blinding_key, - pk->rsa_public_key); - GNUNET_CRYPTO_rsa_signature_free (blind_sig); - - /* verify the signature */ - GNUNET_CRYPTO_eddsa_key_get_public (&fc->coin_priv.eddsa_priv, - &coin_pub.eddsa_pub); - GNUNET_CRYPTO_hash (&coin_pub.eddsa_pub, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), - &coin_hash); - - if (GNUNET_OK != - GNUNET_CRYPTO_rsa_verify (&coin_hash, - sig, - pk->rsa_public_key)) - { - GNUNET_break_op (0); - GNUNET_CRYPTO_rsa_signature_free (sig); - return GNUNET_SYSERR; - } - coin_privs[i] = fc->coin_priv; - sigs[i].rsa_signature = sig; - } - return GNUNET_OK; -} - - -/** - * Function called when we're done processing the - * HTTP /refresh/reveal request. - * - * @param cls the `struct TALER_MINT_RefreshHandle` - * @param eh the curl request handle - */ -static void -handle_refresh_reveal_finished (void *cls, - CURL *eh) -{ - struct TALER_MINT_RefreshRevealHandle *rrh = cls; - long response_code; - json_t *json; - - rrh->job = NULL; - json = MAC_download_get_result (&rrh->db, - eh, - &response_code); - switch (response_code) - { - case 0: - break; - case MHD_HTTP_OK: - { - struct TALER_CoinSpendPrivateKeyP coin_privs[rrh->md->num_fresh_coins]; - struct TALER_DenominationSignature sigs[rrh->md->num_fresh_coins]; - unsigned int i; - int ret; - - memset (sigs, 0, sizeof (sigs)); - ret = refresh_reveal_ok (rrh, - json, - coin_privs, - sigs); - if (GNUNET_OK != ret) - { - response_code = 0; - } - else - { - rrh->reveal_cb (rrh->reveal_cb_cls, - MHD_HTTP_OK, - rrh->md->num_fresh_coins, - coin_privs, - sigs, - json); - rrh->reveal_cb = NULL; - } - for (i=0;i<rrh->md->num_fresh_coins;i++) - if (NULL != sigs[i].rsa_signature) - GNUNET_CRYPTO_rsa_signature_free (sigs[i].rsa_signature); - } - break; - case MHD_HTTP_BAD_REQUEST: - /* This should never happen, either us or the mint is buggy - (or API version conflict); just pass JSON reply to the application */ - break; - case MHD_HTTP_CONFLICT: - /* Nothing really to verify, mint says our reveal is inconsitent - with our commitment, so either side is buggy; we - should pass the JSON reply to the application */ - break; - case MHD_HTTP_INTERNAL_SERVER_ERROR: - /* Server had an internal issue; we should retry, but this API - leaves this to the application */ - break; - default: - /* unexpected response code */ - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unexpected response code %u\n", - response_code); - GNUNET_break (0); - response_code = 0; - break; - } - if (NULL != rrh->reveal_cb) - rrh->reveal_cb (rrh->reveal_cb_cls, - response_code, - 0, NULL, NULL, - json); - json_decref (json); - TALER_MINT_refresh_reveal_cancel (rrh); -} - - -/** - * Submit a /refresh/reval request to the mint and get the mint's - * response. - * - * This API is typically used by a wallet. Note that to ensure that - * no money is lost in case of hardware failures, the provided - * arguments should have been committed to persistent storage - * prior to calling this function. - * - * @param mint the mint handle; the mint must be ready to operate - * @param refresh_data_length size of the @a refresh_data (returned - * in the `res_size` argument from #TALER_MINT_refresh_prepare()) - * @param refresh_data the refresh data as returned from - #TALER_MINT_refresh_prepare()) - * @param noreveal_index response from the mint to the - * #TALER_MINT_refresh_melt() invocation - * @param reveal_cb the callback to call with the final result of the - * refresh operation - * @param reveal_cb_cls closure for the above callback - * @return a handle for this request; NULL if the argument was invalid. - * In this case, neither callback will be called. - */ -struct TALER_MINT_RefreshRevealHandle * -TALER_MINT_refresh_reveal (struct TALER_MINT_Handle *mint, - size_t refresh_data_length, - const char *refresh_data, - uint16_t noreveal_index, - TALER_MINT_RefreshRevealCallback reveal_cb, - void *reveal_cb_cls) -{ - struct TALER_MINT_RefreshRevealHandle *rrh; - json_t *transfer_privs; - json_t *reveal_obj; - json_t *tmp; - CURL *eh; - struct TALER_MINT_Context *ctx; - struct MeltData *md; - unsigned int i; - unsigned int j; - - if (GNUNET_YES != - MAH_handle_is_ready (mint)) - { - GNUNET_break (0); - return NULL; - } - md = deserialize_melt_data (refresh_data, - refresh_data_length); - if (NULL == md) - { - GNUNET_break (0); - return NULL; - } - if (noreveal_index >= TALER_CNC_KAPPA) - { - /* We check this here, as it would be really bad to below just - disclose all the transfer keys. Note that this error should - have been caught way earlier when the mint replied, but maybe - we had some internal corruption that changed the value... */ - GNUNET_break (0); - return NULL; - } - - /* build array of transfer private keys */ - transfer_privs = json_array (); - for (j=0;j<TALER_CNC_KAPPA;j++) - { - if (j == noreveal_index) - { - /* This is crucial: exclude the transfer key for the - noreval index! */ - continue; - } - tmp = json_array (); - for (i=0;i<md->num_melted_coins;i++) - { - const struct MeltedCoin *mc = &md->melted_coins[i]; - - json_array_append (tmp, - TALER_json_from_data (&mc->transfer_priv[j], - sizeof (struct TALER_TransferPrivateKeyP))); - } - json_array_append (transfer_privs, - tmp); - } - - /* build main JSON request */ - reveal_obj = json_pack ("{s:o, s:o}", - "session_hash", - TALER_json_from_data (&md->melt_session_hash, - sizeof (struct GNUNET_HashCode)), - "transfer_privs", - transfer_privs); - - /* finally, we can actually issue the request */ - rrh = GNUNET_new (struct TALER_MINT_RefreshRevealHandle); - rrh->mint = mint; - rrh->noreveal_index = noreveal_index; - rrh->reveal_cb = reveal_cb; - rrh->reveal_cb_cls = reveal_cb_cls; - rrh->md = md; - rrh->url = MAH_path_to_url (rrh->mint, - "/refresh/reveal"); - - eh = curl_easy_init (); - GNUNET_assert (NULL != (rrh->json_enc = - json_dumps (reveal_obj, - JSON_COMPACT))); - json_decref (reveal_obj); - GNUNET_assert (CURLE_OK == - curl_easy_setopt (eh, - CURLOPT_URL, - rrh->url)); - GNUNET_assert (CURLE_OK == - curl_easy_setopt (eh, - CURLOPT_POSTFIELDS, - rrh->json_enc)); - GNUNET_assert (CURLE_OK == - curl_easy_setopt (eh, - CURLOPT_POSTFIELDSIZE, - strlen (rrh->json_enc))); - GNUNET_assert (CURLE_OK == - curl_easy_setopt (eh, - CURLOPT_WRITEFUNCTION, - &MAC_download_cb)); - GNUNET_assert (CURLE_OK == - curl_easy_setopt (eh, - CURLOPT_WRITEDATA, - &rrh->db)); - ctx = MAH_handle_to_context (rrh->mint); - rrh->job = MAC_job_add (ctx, - eh, - GNUNET_YES, - &handle_refresh_reveal_finished, - rrh); - return rrh; -} - - -/** - * Cancel a refresh reveal request. This function cannot be used - * on a request handle if the callback was already invoked. - * - * @param rrh the refresh reval handle - */ -void -TALER_MINT_refresh_reveal_cancel (struct TALER_MINT_RefreshRevealHandle *rrh) -{ - if (NULL != rrh->job) - { - MAC_job_cancel (rrh->job); - rrh->job = NULL; - } - GNUNET_free_non_null (rrh->db.buf); - GNUNET_free (rrh->url); - GNUNET_free (rrh->json_enc); - free_melt_data (rrh->md); /* does not free 'md' itself */ - GNUNET_free (rrh->md); - GNUNET_free (rrh); -} - - -/* end of mint_api_refresh.c */ |