Line data Source code
1 : /*
2 : This file is part of TALER
3 : Copyright (C) 2015-2022 Taler Systems SA
4 :
5 : TALER is free software; you can redistribute it and/or modify it under the
6 : terms of the GNU General Public License as published by the Free Software
7 : Foundation; either version 3, or (at your option) any later version.
8 :
9 : TALER is distributed in the hope that it will be useful, but WITHOUT ANY
10 : WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
11 : A PARTICULAR PURPOSE. See the GNU General Public License for more details.
12 :
13 : You should have received a copy of the GNU General Public License along with
14 : TALER; see the file COPYING. If not, see
15 : <http://www.gnu.org/licenses/>
16 : */
17 : /**
18 : * @file lib/exchange_api_refresh_common.c
19 : * @brief Serialization logic shared between melt and reveal steps during refreshing
20 : * @author Christian Grothoff
21 : */
22 : #include "platform.h"
23 : #include "exchange_api_refresh_common.h"
24 :
25 :
26 : void
27 0 : TALER_EXCHANGE_free_melt_data_ (struct MeltData *md)
28 : {
29 0 : for (unsigned int i = 0; i < TALER_CNC_KAPPA; i++)
30 : {
31 0 : struct TALER_RefreshCoinData *rcds = md->rcd[i];
32 :
33 0 : if (NULL == rcds)
34 0 : continue;
35 0 : for (unsigned int j = 0; j < md->num_fresh_coins; j++)
36 0 : TALER_blinded_planchet_free (&rcds[j].blinded_planchet);
37 0 : GNUNET_free (rcds);
38 : }
39 0 : TALER_denom_pub_free (&md->melted_coin.pub_key);
40 0 : TALER_denom_sig_free (&md->melted_coin.sig);
41 0 : if (NULL != md->fcds)
42 : {
43 0 : for (unsigned int j = 0; j<md->num_fresh_coins; j++)
44 : {
45 0 : struct FreshCoinData *fcd = &md->fcds[j];
46 :
47 0 : TALER_denom_pub_free (&fcd->fresh_pk);
48 : }
49 0 : GNUNET_free (md->fcds);
50 : }
51 : /* Finally, clean up a bit... */
52 0 : GNUNET_CRYPTO_zero_keys (md,
53 : sizeof (struct MeltData));
54 0 : }
55 :
56 :
57 : enum GNUNET_GenericReturnValue
58 0 : TALER_EXCHANGE_get_melt_data_ (
59 : const struct TALER_RefreshMasterSecretP *rms,
60 : const struct TALER_EXCHANGE_RefreshData *rd,
61 : const struct TALER_ExchangeWithdrawValues *alg_values,
62 : struct MeltData *md)
63 0 : {
64 : struct TALER_Amount total;
65 : struct TALER_CoinSpendPublicKeyP coin_pub;
66 0 : struct TALER_CsNonce nonces[rd->fresh_pks_len];
67 0 : bool uses_cs = false;
68 :
69 0 : GNUNET_CRYPTO_eddsa_key_get_public (&rd->melt_priv.eddsa_priv,
70 : &coin_pub.eddsa_pub);
71 : /* build up melt data structure */
72 0 : memset (md,
73 : 0,
74 : sizeof (*md));
75 0 : md->num_fresh_coins = rd->fresh_pks_len;
76 0 : md->melted_coin.coin_priv = rd->melt_priv;
77 0 : md->melted_coin.melt_amount_with_fee = rd->melt_amount;
78 0 : md->melted_coin.fee_melt = rd->melt_pk.fees.refresh;
79 0 : md->melted_coin.original_value = rd->melt_pk.value;
80 0 : md->melted_coin.expire_deposit = rd->melt_pk.expire_deposit;
81 0 : md->melted_coin.age_commitment_proof = rd->melt_age_commitment_proof;
82 0 : md->melted_coin.h_age_commitment = rd->melt_h_age_commitment;
83 :
84 0 : GNUNET_assert (GNUNET_OK ==
85 : TALER_amount_set_zero (rd->melt_amount.currency,
86 : &total));
87 0 : TALER_denom_pub_deep_copy (&md->melted_coin.pub_key,
88 : &rd->melt_pk.key);
89 0 : TALER_denom_sig_deep_copy (&md->melted_coin.sig,
90 : &rd->melt_sig);
91 0 : md->fcds = GNUNET_new_array (md->num_fresh_coins,
92 : struct FreshCoinData);
93 0 : for (unsigned int j = 0; j<rd->fresh_pks_len; j++)
94 : {
95 0 : struct FreshCoinData *fcd = &md->fcds[j];
96 :
97 0 : if (alg_values[j].cipher != rd->fresh_pks[j].key.cipher)
98 : {
99 0 : GNUNET_break (0);
100 0 : TALER_EXCHANGE_free_melt_data_ (md);
101 0 : return GNUNET_SYSERR;
102 : }
103 0 : if (TALER_DENOMINATION_CS == alg_values[j].cipher)
104 : {
105 0 : uses_cs = true;
106 0 : TALER_cs_refresh_nonce_derive (
107 : rms,
108 : j,
109 : &nonces[j]);
110 : }
111 0 : TALER_denom_pub_deep_copy (&fcd->fresh_pk,
112 0 : &rd->fresh_pks[j].key);
113 0 : if ( (0 >
114 0 : TALER_amount_add (&total,
115 : &total,
116 0 : &rd->fresh_pks[j].value)) ||
117 : (0 >
118 0 : TALER_amount_add (&total,
119 : &total,
120 0 : &rd->fresh_pks[j].fees.withdraw)) )
121 : {
122 0 : GNUNET_break (0);
123 0 : TALER_EXCHANGE_free_melt_data_ (md);
124 0 : return GNUNET_SYSERR;
125 : }
126 : }
127 :
128 : /* verify that melt_amount is above total cost */
129 0 : if (1 ==
130 0 : TALER_amount_cmp (&total,
131 : &rd->melt_amount) )
132 : {
133 : /* Eh, this operation is more expensive than the
134 : @a melt_amount. This is not OK. */
135 0 : GNUNET_break (0);
136 0 : TALER_EXCHANGE_free_melt_data_ (md);
137 0 : return GNUNET_SYSERR;
138 : }
139 :
140 : /* build up coins */
141 0 : for (unsigned int i = 0; i<TALER_CNC_KAPPA; i++)
142 : {
143 : struct TALER_TransferSecretP trans_sec;
144 :
145 0 : TALER_planchet_secret_to_transfer_priv (
146 : rms,
147 : &rd->melt_priv,
148 : i,
149 : &md->transfer_priv[i]);
150 :
151 0 : GNUNET_CRYPTO_ecdhe_key_get_public (
152 0 : &md->transfer_priv[i].ecdhe_priv,
153 : &md->transfer_pub[i].ecdhe_pub);
154 :
155 0 : TALER_link_derive_transfer_secret (&rd->melt_priv,
156 0 : &md->transfer_priv[i],
157 : &trans_sec);
158 :
159 0 : md->rcd[i] = GNUNET_new_array (rd->fresh_pks_len,
160 : struct TALER_RefreshCoinData);
161 :
162 0 : for (unsigned int j = 0; j<rd->fresh_pks_len; j++)
163 : {
164 0 : struct FreshCoinData *fcd = &md->fcds[j];
165 0 : struct TALER_CoinSpendPrivateKeyP *coin_priv = &fcd->coin_priv;
166 0 : struct TALER_PlanchetMasterSecretP *ps = &fcd->ps[i];
167 0 : struct TALER_RefreshCoinData *rcd = &md->rcd[i][j];
168 0 : union TALER_DenominationBlindingKeyP *bks = &fcd->bks[i];
169 : struct TALER_PlanchetDetail pd;
170 : struct TALER_CoinPubHashP c_hash;
171 0 : struct TALER_AgeCommitmentHash *ach = NULL;
172 :
173 0 : TALER_transfer_secret_to_planchet_secret (&trans_sec,
174 : j,
175 : ps);
176 :
177 0 : TALER_planchet_setup_coin_priv (ps,
178 0 : &alg_values[j],
179 : coin_priv);
180 :
181 0 : TALER_planchet_blinding_secret_create (ps,
182 0 : &alg_values[j],
183 : bks);
184 :
185 : /* Handle age commitment, if present */
186 0 : if (NULL != md->melted_coin.age_commitment_proof)
187 : {
188 0 : fcd->age_commitment_proof[i] = GNUNET_new (struct
189 : TALER_AgeCommitmentProof);
190 0 : ach = GNUNET_new (struct TALER_AgeCommitmentHash);
191 :
192 0 : GNUNET_assert (GNUNET_OK ==
193 : TALER_age_commitment_derive (
194 : md->melted_coin.age_commitment_proof,
195 : &trans_sec.key,
196 : fcd->age_commitment_proof[i]));
197 :
198 0 : TALER_age_commitment_hash (
199 0 : &fcd->age_commitment_proof[i]->commitment,
200 : ach);
201 : }
202 :
203 0 : if (TALER_DENOMINATION_CS == alg_values[j].cipher)
204 0 : pd.blinded_planchet.details.cs_blinded_planchet.nonce = nonces[j];
205 :
206 0 : if (GNUNET_OK !=
207 0 : TALER_planchet_prepare (&fcd->fresh_pk,
208 0 : &alg_values[j],
209 : bks,
210 : coin_priv,
211 : ach,
212 : &c_hash,
213 : &pd))
214 : {
215 0 : GNUNET_break_op (0);
216 0 : TALER_EXCHANGE_free_melt_data_ (md);
217 0 : return GNUNET_SYSERR;
218 : }
219 0 : rcd->blinded_planchet = pd.blinded_planchet;
220 0 : rcd->dk = &fcd->fresh_pk;
221 : }
222 : }
223 :
224 : /* Finally, compute refresh commitment */
225 : {
226 : struct TALER_RefreshCommitmentEntry rce[TALER_CNC_KAPPA];
227 :
228 0 : for (unsigned int i = 0; i<TALER_CNC_KAPPA; i++)
229 : {
230 0 : rce[i].transfer_pub = md->transfer_pub[i];
231 0 : rce[i].new_coins = md->rcd[i];
232 : }
233 0 : TALER_refresh_get_commitment (&md->rc,
234 : TALER_CNC_KAPPA,
235 : uses_cs
236 : ? rms
237 : : NULL,
238 : rd->fresh_pks_len,
239 : rce,
240 : &coin_pub,
241 : &rd->melt_amount);
242 : }
243 0 : return GNUNET_OK;
244 : }
|
