LCOV - code coverage report
Current view: top level - lib - exchange_api_refresh_common.c (source / functions) Hit Total Coverage
Test: GNU Taler exchange coverage report Lines: 177 215 82.3 %
Date: 2021-08-30 06:43:37 Functions: 11 11 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*
       2             :   This file is part of TALER
       3             :   Copyright (C) 2015-2020 Taler Systems SA
       4             : 
       5             :   TALER is free software; you can redistribute it and/or modify it under the
       6             :   terms of the GNU General Public License as published by the Free Software
       7             :   Foundation; either version 3, or (at your option) any later version.
       8             : 
       9             :   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
      10             :   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
      11             :   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
      12             : 
      13             :   You should have received a copy of the GNU General Public License along with
      14             :   TALER; see the file COPYING.  If not, see
      15             :   <http://www.gnu.org/licenses/>
      16             : */
      17             : /**
      18             :  * @file lib/exchange_api_refresh_common.c
      19             :  * @brief Serialization logic shared between melt and reveal steps during refreshing
      20             :  * @author Christian Grothoff
      21             :  */
      22             : #include "platform.h"
      23             : #include "exchange_api_refresh_common.h"
      24             : 
      25             : 
      26             : /**
      27             :  * Free all information associated with a melted coin session.
      28             :  *
      29             :  * @param mc melted coin to release, the pointer itself is NOT
      30             :  *           freed (as it is typically not allocated by itself)
      31             :  */
      32             : static void
      33          48 : free_melted_coin (struct MeltedCoin *mc)
      34             : {
      35          48 :   if (NULL != mc->pub_key.rsa_public_key)
      36          48 :     GNUNET_CRYPTO_rsa_public_key_free (mc->pub_key.rsa_public_key);
      37          48 :   if (NULL != mc->sig.rsa_signature)
      38          48 :     GNUNET_CRYPTO_rsa_signature_free (mc->sig.rsa_signature);
      39          48 : }
      40             : 
      41             : 
      42             : /**
      43             :  * Free all information associated with a melting session.  Note
      44             :  * that we allow the melting session to be only partially initialized,
      45             :  * as we use this function also when freeing melt data that was not
      46             :  * fully initialized (i.e. due to failures in #TALER_EXCHANGE_deserialize_melt_data_()).
      47             :  *
      48             :  * @param md melting data to release, the pointer itself is NOT
      49             :  *           freed (as it is typically not allocated by itself)
      50             :  */
      51             : void
      52          48 : TALER_EXCHANGE_free_melt_data_ (struct MeltData *md)
      53             : {
      54          48 :   free_melted_coin (&md->melted_coin);
      55          48 :   if (NULL != md->fresh_pks)
      56             :   {
      57         159 :     for (unsigned int i = 0; i<md->num_fresh_coins; i++)
      58         111 :       if (NULL != md->fresh_pks[i].rsa_public_key)
      59         111 :         GNUNET_CRYPTO_rsa_public_key_free (md->fresh_pks[i].rsa_public_key);
      60          48 :     GNUNET_free (md->fresh_pks);
      61             :   }
      62             : 
      63         192 :   for (unsigned int i = 0; i<TALER_CNC_KAPPA; i++)
      64         144 :     GNUNET_free (md->fresh_coins[i]);
      65             :   /* Finally, clean up a bit... */
      66          48 :   GNUNET_CRYPTO_zero_keys (md,
      67             :                            sizeof (struct MeltData));
      68          48 : }
      69             : 
      70             : 
      71             : /**
      72             :  * Serialize information about a coin we are melting.
      73             :  *
      74             :  * @param mc information to serialize
      75             :  * @param buf buffer to write data in, NULL to just compute
      76             :  *            required size
      77             :  * @param off offeset at @a buf to use
      78             :  * @return number of bytes written to @a buf at @a off, or if
      79             :  *        @a buf is NULL, number of bytes required; 0 on error
      80             :  */
      81             : static size_t
      82          38 : serialize_melted_coin (const struct MeltedCoin *mc,
      83             :                        char *buf,
      84             :                        size_t off)
      85             : {
      86             :   struct MeltedCoinP mcp;
      87             :   void *pbuf;
      88             :   size_t pbuf_size;
      89             :   void *sbuf;
      90             :   size_t sbuf_size;
      91             : 
      92          38 :   sbuf_size = GNUNET_CRYPTO_rsa_signature_encode (mc->sig.rsa_signature,
      93             :                                                   &sbuf);
      94          38 :   pbuf_size = GNUNET_CRYPTO_rsa_public_key_encode (mc->pub_key.rsa_public_key,
      95             :                                                    &pbuf);
      96          38 :   if (NULL == buf)
      97             :   {
      98          19 :     GNUNET_free (sbuf);
      99          19 :     GNUNET_free (pbuf);
     100          19 :     return sizeof (struct MeltedCoinP) + sbuf_size + pbuf_size;
     101             :   }
     102          19 :   if ( (sbuf_size > UINT16_MAX) ||
     103             :        (pbuf_size > UINT16_MAX) )
     104             :   {
     105           0 :     GNUNET_break (0);
     106           0 :     return 0;
     107             :   }
     108          19 :   mcp.coin_priv = mc->coin_priv;
     109          19 :   TALER_amount_hton (&mcp.melt_amount_with_fee,
     110             :                      &mc->melt_amount_with_fee);
     111          19 :   TALER_amount_hton (&mcp.fee_melt,
     112             :                      &mc->fee_melt);
     113          19 :   TALER_amount_hton (&mcp.original_value,
     114             :                      &mc->original_value);
     115          76 :   for (unsigned int i = 0; i<TALER_CNC_KAPPA; i++)
     116          57 :     mcp.transfer_priv[i] = mc->transfer_priv[i];
     117          19 :   mcp.expire_deposit = GNUNET_TIME_absolute_hton (mc->expire_deposit);
     118          19 :   mcp.pbuf_size = htons ((uint16_t) pbuf_size);
     119          19 :   mcp.sbuf_size = htons ((uint16_t) sbuf_size);
     120          19 :   memcpy (&buf[off],
     121             :           &mcp,
     122             :           sizeof (struct MeltedCoinP));
     123          19 :   memcpy (&buf[off + sizeof (struct MeltedCoinP)],
     124             :           pbuf,
     125             :           pbuf_size);
     126          19 :   memcpy (&buf[off + sizeof (struct MeltedCoinP) + pbuf_size],
     127             :           sbuf,
     128             :           sbuf_size);
     129          19 :   GNUNET_free (sbuf);
     130          19 :   GNUNET_free (pbuf);
     131          19 :   return sizeof (struct MeltedCoinP) + sbuf_size + pbuf_size;
     132             : }
     133             : 
     134             : 
     135             : /**
     136             :  * Deserialize information about a coin we are melting.
     137             :  *
     138             :  * @param[out] mc information to deserialize
     139             :  * @param buf buffer to read data from
     140             :  * @param size number of bytes available at @a buf to use
     141             :  * @param[out] ok set to #GNUNET_NO to report errors
     142             :  * @return number of bytes read from @a buf, 0 on error
     143             :  */
     144             : static size_t
     145          29 : deserialize_melted_coin (struct MeltedCoin *mc,
     146             :                          const char *buf,
     147             :                          size_t size,
     148             :                          int *ok)
     149             : {
     150             :   struct MeltedCoinP mcp;
     151             :   size_t pbuf_size;
     152             :   size_t sbuf_size;
     153             :   size_t off;
     154             : 
     155          29 :   if (size < sizeof (struct MeltedCoinP))
     156             :   {
     157           0 :     GNUNET_break (0);
     158           0 :     *ok = GNUNET_NO;
     159           0 :     return 0;
     160             :   }
     161          29 :   memcpy (&mcp,
     162             :           buf,
     163             :           sizeof (struct MeltedCoinP));
     164          29 :   pbuf_size = ntohs (mcp.pbuf_size);
     165          29 :   sbuf_size = ntohs (mcp.sbuf_size);
     166          29 :   if (size < sizeof (struct MeltedCoinP) + pbuf_size + sbuf_size)
     167             :   {
     168           0 :     GNUNET_break (0);
     169           0 :     *ok = GNUNET_NO;
     170           0 :     return 0;
     171             :   }
     172          29 :   off = sizeof (struct MeltedCoinP);
     173             :   mc->pub_key.rsa_public_key
     174          29 :     = GNUNET_CRYPTO_rsa_public_key_decode (&buf[off],
     175             :                                            pbuf_size);
     176          29 :   off += pbuf_size;
     177             :   mc->sig.rsa_signature
     178          29 :     = GNUNET_CRYPTO_rsa_signature_decode (&buf[off],
     179             :                                           sbuf_size);
     180          29 :   off += sbuf_size;
     181          29 :   if ( (NULL == mc->pub_key.rsa_public_key) ||
     182          29 :        (NULL == mc->sig.rsa_signature) )
     183             :   {
     184           0 :     GNUNET_break (0);
     185           0 :     *ok = GNUNET_NO;
     186           0 :     return 0;
     187             :   }
     188             : 
     189          29 :   mc->coin_priv = mcp.coin_priv;
     190          29 :   TALER_amount_ntoh (&mc->melt_amount_with_fee,
     191             :                      &mcp.melt_amount_with_fee);
     192          29 :   TALER_amount_ntoh (&mc->fee_melt,
     193             :                      &mcp.fee_melt);
     194          29 :   TALER_amount_ntoh (&mc->original_value,
     195             :                      &mcp.original_value);
     196         116 :   for (unsigned int i = 0; i<TALER_CNC_KAPPA; i++)
     197          87 :     mc->transfer_priv[i] = mcp.transfer_priv[i];
     198          29 :   mc->expire_deposit = GNUNET_TIME_absolute_ntoh (mcp.expire_deposit);
     199          29 :   return off;
     200             : }
     201             : 
     202             : 
     203             : /**
     204             :  * Serialize information about a denomination key.
     205             :  *
     206             :  * @param dk information to serialize
     207             :  * @param buf buffer to write data in, NULL to just compute
     208             :  *            required size
     209             :  * @param off offset at @a buf to use
     210             :  * @return number of bytes written to @a buf at @a off (in addition to @a off itself), or if
     211             :  *        @a buf is NULL, number of bytes required, excluding @a off
     212             :  */
     213             : static size_t
     214          80 : serialize_denomination_key (const struct TALER_DenominationPublicKey *dk,
     215             :                             char *buf,
     216             :                             size_t off)
     217             : {
     218             :   void *pbuf;
     219             :   size_t pbuf_size;
     220             :   uint32_t be;
     221             : 
     222          80 :   pbuf_size = GNUNET_CRYPTO_rsa_public_key_encode (dk->rsa_public_key,
     223             :                                                    &pbuf);
     224          80 :   if (NULL == buf)
     225             :   {
     226          40 :     GNUNET_free (pbuf);
     227          40 :     return pbuf_size + sizeof (uint32_t);
     228             :   }
     229          40 :   be = htonl ((uint32_t) pbuf_size);
     230          40 :   memcpy (&buf[off],
     231             :           &be,
     232             :           sizeof (uint32_t));
     233          40 :   memcpy (&buf[off + sizeof (uint32_t)],
     234             :           pbuf,
     235             :           pbuf_size);
     236          40 :   GNUNET_free (pbuf);
     237          40 :   return pbuf_size + sizeof (uint32_t);
     238             : }
     239             : 
     240             : 
     241             : /**
     242             :  * Deserialize information about a denomination key.
     243             :  *
     244             :  * @param[out] dk information to deserialize
     245             :  * @param buf buffer to read data from
     246             :  * @param size number of bytes available at @a buf to use
     247             :  * @param[out] ok set to #GNUNET_NO to report errors
     248             :  * @return number of bytes read from @a buf, 0 on error
     249             :  */
     250             : static size_t
     251          71 : deserialize_denomination_key (struct TALER_DenominationPublicKey *dk,
     252             :                               const char *buf,
     253             :                               size_t size,
     254             :                               int *ok)
     255             : {
     256             :   size_t pbuf_size;
     257             :   uint32_t be;
     258             : 
     259          71 :   if (size < sizeof (uint32_t))
     260             :   {
     261           0 :     GNUNET_break (0);
     262           0 :     *ok = GNUNET_NO;
     263           0 :     return 0;
     264             :   }
     265          71 :   memcpy (&be,
     266             :           buf,
     267             :           sizeof (uint32_t));
     268          71 :   pbuf_size = ntohl (be);
     269          71 :   if ( (size < sizeof (uint32_t) + pbuf_size) ||
     270             :        (sizeof (uint32_t) + pbuf_size < pbuf_size) )
     271             :   {
     272           0 :     GNUNET_break (0);
     273           0 :     *ok = GNUNET_NO;
     274           0 :     return 0;
     275             :   }
     276             :   dk->rsa_public_key
     277          71 :     = GNUNET_CRYPTO_rsa_public_key_decode (&buf[sizeof (uint32_t)],
     278             :                                            pbuf_size);
     279          71 :   if (NULL == dk->rsa_public_key)
     280             :   {
     281           0 :     GNUNET_break (0);
     282           0 :     *ok = GNUNET_NO;
     283           0 :     return 0;
     284             :   }
     285          71 :   return sizeof (uint32_t) + pbuf_size;
     286             : }
     287             : 
     288             : 
     289             : /**
     290             :  * Serialize information about a fresh coin we are generating.
     291             :  *
     292             :  * @param fc information to serialize
     293             :  * @param buf buffer to write data in, NULL to just compute
     294             :  *            required size
     295             :  * @param off offeset at @a buf to use
     296             :  * @return number of bytes written to @a buf at @a off, or if
     297             :  *        @a buf is NULL, number of bytes required
     298             :  */
     299             : static size_t
     300         240 : serialize_fresh_coin (const struct TALER_PlanchetSecretsP *fc,
     301             :                       char *buf,
     302             :                       size_t off)
     303             : {
     304         240 :   if (NULL != buf)
     305         120 :     memcpy (&buf[off],
     306             :             fc,
     307             :             sizeof (struct TALER_PlanchetSecretsP));
     308         240 :   return sizeof (struct TALER_PlanchetSecretsP);
     309             : }
     310             : 
     311             : 
     312             : /**
     313             :  * Deserialize information about a fresh coin we are generating.
     314             :  *
     315             :  * @param[out] fc information to deserialize
     316             :  * @param buf buffer to read data from
     317             :  * @param size number of bytes available at @a buf to use
     318             :  * @param[out] ok set to #GNUNET_NO to report errors
     319             :  * @return number of bytes read from @a buf, 0 on error
     320             :  */
     321             : static size_t
     322         213 : deserialize_fresh_coin (struct TALER_PlanchetSecretsP *fc,
     323             :                         const char *buf,
     324             :                         size_t size,
     325             :                         int *ok)
     326             : {
     327         213 :   if (size < sizeof (struct TALER_PlanchetSecretsP))
     328             :   {
     329           0 :     GNUNET_break (0);
     330           0 :     *ok = GNUNET_NO;
     331           0 :     return 0;
     332             :   }
     333         213 :   memcpy (fc,
     334             :           buf,
     335             :           sizeof (struct TALER_PlanchetSecretsP));
     336         213 :   return sizeof (struct TALER_PlanchetSecretsP);
     337             : }
     338             : 
     339             : 
     340             : /**
     341             :  * Serialize melt data.
     342             :  *
     343             :  * @param md data to serialize
     344             :  * @param[out] res_size size of buffer returned
     345             :  * @return serialized melt data
     346             :  */
     347             : static char *
     348          19 : serialize_melt_data (const struct MeltData *md,
     349             :                      size_t *res_size)
     350             : {
     351             :   size_t size;
     352             :   size_t asize;
     353             :   char *buf;
     354             : 
     355          19 :   size = 0;
     356          19 :   asize = (size_t) -1; /* make the compiler happy */
     357          19 :   buf = NULL;
     358             :   /* we do 2 iterations, #1 to determine total size, #2 to
     359             :      actually construct the buffer */
     360             :   do {
     361          38 :     if (0 == size)
     362             :     {
     363          19 :       size = sizeof (struct MeltDataP);
     364             :     }
     365             :     else
     366             :     {
     367             :       struct MeltDataP *mdp;
     368             : 
     369          19 :       buf = GNUNET_malloc (size);
     370          19 :       asize = size; /* just for invariant check later */
     371          19 :       size = sizeof (struct MeltDataP);
     372          19 :       mdp = (struct MeltDataP *) buf;
     373          19 :       mdp->rc = md->rc;
     374          19 :       mdp->num_fresh_coins = htons (md->num_fresh_coins);
     375             :     }
     376          38 :     size += serialize_melted_coin (&md->melted_coin,
     377             :                                    buf,
     378             :                                    size);
     379         118 :     for (unsigned int i = 0; i<md->num_fresh_coins; i++)
     380          80 :       size += serialize_denomination_key (&md->fresh_pks[i],
     381             :                                           buf,
     382             :                                           size);
     383         152 :     for (unsigned int i = 0; i<TALER_CNC_KAPPA; i++)
     384         354 :       for (unsigned int j = 0; j<md->num_fresh_coins; j++)
     385         240 :         size += serialize_fresh_coin (&md->fresh_coins[i][j],
     386             :                                       buf,
     387             :                                       size);
     388          38 :   } while (NULL == buf);
     389          19 :   GNUNET_assert (size == asize);
     390          19 :   *res_size = size;
     391          19 :   return buf;
     392             : }
     393             : 
     394             : 
     395             : /**
     396             :  * Deserialize melt data.
     397             :  *
     398             :  * @param buf serialized data
     399             :  * @param buf_size size of @a buf
     400             :  * @return deserialized melt data, NULL on error
     401             :  */
     402             : struct MeltData *
     403          29 : TALER_EXCHANGE_deserialize_melt_data_ (const char *buf,
     404             :                                        size_t buf_size)
     405             : {
     406             :   struct MeltData *md;
     407             :   struct MeltDataP mdp;
     408             :   size_t off;
     409             :   int ok;
     410             : 
     411          29 :   if (buf_size < sizeof (struct MeltDataP))
     412           0 :     return NULL;
     413          29 :   memcpy (&mdp,
     414             :           buf,
     415             :           sizeof (struct MeltDataP));
     416          29 :   md = GNUNET_new (struct MeltData);
     417          29 :   md->rc = mdp.rc;
     418          29 :   md->num_fresh_coins = ntohs (mdp.num_fresh_coins);
     419          29 :   md->fresh_pks = GNUNET_new_array (md->num_fresh_coins,
     420             :                                     struct TALER_DenominationPublicKey);
     421         116 :   for (unsigned int i = 0; i<TALER_CNC_KAPPA; i++)
     422          87 :     md->fresh_coins[i] = GNUNET_new_array (md->num_fresh_coins,
     423             :                                            struct TALER_PlanchetSecretsP);
     424          29 :   off = sizeof (struct MeltDataP);
     425          29 :   ok = GNUNET_YES;
     426          29 :   off += deserialize_melted_coin (&md->melted_coin,
     427             :                                   &buf[off],
     428             :                                   buf_size - off,
     429             :                                   &ok);
     430         100 :   for (unsigned int i = 0; (i<md->num_fresh_coins) && (GNUNET_YES == ok); i++)
     431          71 :     off += deserialize_denomination_key (&md->fresh_pks[i],
     432             :                                          &buf[off],
     433             :                                          buf_size - off,
     434             :                                          &ok);
     435             : 
     436         116 :   for (unsigned int i = 0; i<TALER_CNC_KAPPA; i++)
     437         300 :     for (unsigned int j = 0; (j<md->num_fresh_coins) && (GNUNET_YES == ok); j++)
     438         213 :       off += deserialize_fresh_coin (&md->fresh_coins[i][j],
     439             :                                      &buf[off],
     440             :                                      buf_size - off,
     441             :                                      &ok);
     442          29 :   if (off != buf_size)
     443             :   {
     444           0 :     GNUNET_break (0);
     445           0 :     ok = GNUNET_NO;
     446             :   }
     447          29 :   if (GNUNET_YES != ok)
     448             :   {
     449           0 :     TALER_EXCHANGE_free_melt_data_ (md);
     450           0 :     GNUNET_free (md);
     451           0 :     return NULL;
     452             :   }
     453          29 :   return md;
     454             : }
     455             : 
     456             : 
     457             : /**
     458             :  * Melt (partially spent) coins to obtain fresh coins that are
     459             :  * unlinkable to the original coin(s).  Note that melting more
     460             :  * than one coin in a single request will make those coins linkable,
     461             :  * so the safest operation only melts one coin at a time.
     462             :  *
     463             :  * This API is typically used by a wallet.  Note that to ensure that
     464             :  * no money is lost in case of hardware failures, this operation does
     465             :  * not actually initiate the request. Instead, it generates a buffer
     466             :  * which the caller must store before proceeding with the actual call
     467             :  * to #TALER_EXCHANGE_melt() that will generate the request.
     468             :  *
     469             :  * This function does verify that the given request data is internally
     470             :  * consistent.  However, the @a melts_sigs are NOT verified.
     471             :  *
     472             :  * Aside from some non-trivial cryptographic operations that might
     473             :  * take a bit of CPU time to complete, this function returns
     474             :  * its result immediately and does not start any asynchronous
     475             :  * processing.  This function is also thread-safe.
     476             :  *
     477             :  * @param melt_priv private key of the coin to melt
     478             :  * @param melt_amount amount specifying how much
     479             :  *                     the coin will contribute to the melt (including fee)
     480             :  * @param melt_sig signature affirming the
     481             :  *                   validity of the public keys corresponding to the
     482             :  *                   @a melt_priv private key
     483             :  * @param melt_pk denomination key information
     484             :  *                   record corresponding to the @a melt_sig
     485             :  *                   validity of the keys
     486             :  * @param fresh_pks_len length of the @a pks array
     487             :  * @param fresh_pks array of @a pks_len denominations of fresh coins to create
     488             :  * @param[out] res_size set to the size of the return value, or 0 on error
     489             :  * @return NULL
     490             :  *         if the inputs are invalid (i.e. denomination key not with this exchange).
     491             :  *         Otherwise, pointer to a buffer of @a res_size to store persistently
     492             :  *         before proceeding to #TALER_EXCHANGE_melt().
     493             :  *         Non-null results should be freed using GNUNET_free().
     494             :  */
     495             : char *
     496          19 : TALER_EXCHANGE_refresh_prepare (
     497             :   const struct TALER_CoinSpendPrivateKeyP *melt_priv,
     498             :   const struct TALER_Amount *melt_amount,
     499             :   const struct TALER_DenominationSignature *melt_sig,
     500             :   const struct TALER_EXCHANGE_DenomPublicKey *melt_pk,
     501             :   unsigned int fresh_pks_len,
     502             :   const struct TALER_EXCHANGE_DenomPublicKey *fresh_pks,
     503             :   size_t *res_size)
     504             : {
     505             :   struct MeltData md;
     506             :   char *buf;
     507             :   struct TALER_Amount total;
     508             :   struct TALER_CoinSpendPublicKeyP coin_pub;
     509             :   struct TALER_TransferSecretP trans_sec[TALER_CNC_KAPPA];
     510             :   struct TALER_RefreshCommitmentEntry rce[TALER_CNC_KAPPA];
     511             : 
     512          19 :   GNUNET_CRYPTO_eddsa_key_get_public (&melt_priv->eddsa_priv,
     513             :                                       &coin_pub.eddsa_pub);
     514             :   /* build up melt data structure */
     515          19 :   memset (&md, 0, sizeof (md));
     516          19 :   md.num_fresh_coins = fresh_pks_len;
     517          19 :   md.melted_coin.coin_priv = *melt_priv;
     518          19 :   md.melted_coin.melt_amount_with_fee = *melt_amount;
     519          19 :   md.melted_coin.fee_melt = melt_pk->fee_refresh;
     520          19 :   md.melted_coin.original_value = melt_pk->value;
     521             :   md.melted_coin.expire_deposit
     522          19 :     = melt_pk->expire_deposit;
     523          19 :   GNUNET_assert (GNUNET_OK ==
     524             :                  TALER_amount_set_zero (melt_amount->currency,
     525             :                                         &total));
     526             :   md.melted_coin.pub_key.rsa_public_key
     527          19 :     = GNUNET_CRYPTO_rsa_public_key_dup (melt_pk->key.rsa_public_key);
     528             :   md.melted_coin.sig.rsa_signature
     529          19 :     = GNUNET_CRYPTO_rsa_signature_dup (melt_sig->rsa_signature);
     530          19 :   md.fresh_pks = GNUNET_new_array (fresh_pks_len,
     531             :                                    struct TALER_DenominationPublicKey);
     532          59 :   for (unsigned int i = 0; i<fresh_pks_len; i++)
     533             :   {
     534          40 :     md.fresh_pks[i].rsa_public_key
     535          40 :       = GNUNET_CRYPTO_rsa_public_key_dup (fresh_pks[i].key.rsa_public_key);
     536          40 :     if ( (0 >
     537          40 :           TALER_amount_add (&total,
     538             :                             &total,
     539          80 :                             &fresh_pks[i].value)) ||
     540             :          (0 >
     541          40 :           TALER_amount_add (&total,
     542             :                             &total,
     543          40 :                             &fresh_pks[i].fee_withdraw)) )
     544             :     {
     545           0 :       GNUNET_break (0);
     546           0 :       TALER_EXCHANGE_free_melt_data_ (&md);
     547           0 :       return NULL;
     548             :     }
     549             :   }
     550             :   /* verify that melt_amount is above total cost */
     551          19 :   if (1 ==
     552          19 :       TALER_amount_cmp (&total,
     553             :                         melt_amount) )
     554             :   {
     555             :     /* Eh, this operation is more expensive than the
     556             :        @a melt_amount. This is not OK. */
     557           0 :     GNUNET_break (0);
     558           0 :     TALER_EXCHANGE_free_melt_data_ (&md);
     559           0 :     return NULL;
     560             :   }
     561             : 
     562             :   /* build up coins */
     563          76 :   for (unsigned int i = 0; i<TALER_CNC_KAPPA; i++)
     564             :   {
     565          57 :     GNUNET_CRYPTO_ecdhe_key_create (
     566             :       &md.melted_coin.transfer_priv[i].ecdhe_priv);
     567          57 :     GNUNET_CRYPTO_ecdhe_key_get_public (
     568          57 :       &md.melted_coin.transfer_priv[i].ecdhe_priv,
     569             :       &rce[i].transfer_pub.ecdhe_pub);
     570          57 :     TALER_link_derive_transfer_secret  (melt_priv,
     571          57 :                                         &md.melted_coin.transfer_priv[i],
     572             :                                         &trans_sec[i]);
     573          57 :     md.fresh_coins[i] = GNUNET_new_array (fresh_pks_len,
     574             :                                           struct TALER_PlanchetSecretsP);
     575          57 :     rce[i].new_coins = GNUNET_new_array (fresh_pks_len,
     576             :                                          struct TALER_RefreshCoinData);
     577         177 :     for (unsigned int j = 0; j<fresh_pks_len; j++)
     578             :     {
     579         120 :       struct TALER_PlanchetSecretsP *fc = &md.fresh_coins[i][j];
     580         120 :       struct TALER_RefreshCoinData *rcd = &rce[i].new_coins[j];
     581             :       struct TALER_PlanchetDetail pd;
     582             :       struct GNUNET_HashCode c_hash;
     583             : 
     584         120 :       TALER_planchet_setup_refresh (&trans_sec[i],
     585             :                                     j,
     586             :                                     fc);
     587         120 :       if (GNUNET_OK !=
     588         120 :           TALER_planchet_prepare (&md.fresh_pks[j],
     589             :                                   fc,
     590             :                                   &c_hash,
     591             :                                   &pd))
     592             :       {
     593           0 :         GNUNET_break_op (0);
     594           0 :         TALER_EXCHANGE_free_melt_data_ (&md);
     595           0 :         return NULL;
     596             :       }
     597         120 :       rcd->dk = &md.fresh_pks[j];
     598         120 :       rcd->coin_ev = pd.coin_ev;
     599         120 :       rcd->coin_ev_size = pd.coin_ev_size;
     600             :     }
     601             :   }
     602             : 
     603             :   /* Compute refresh commitment */
     604          19 :   TALER_refresh_get_commitment (&md.rc,
     605             :                                 TALER_CNC_KAPPA,
     606             :                                 fresh_pks_len,
     607             :                                 rce,
     608             :                                 &coin_pub,
     609             :                                 melt_amount);
     610             :   /* finally, serialize everything */
     611          19 :   buf = serialize_melt_data (&md,
     612             :                              res_size);
     613          76 :   for (unsigned int i = 0; i < TALER_CNC_KAPPA; i++)
     614             :   {
     615         177 :     for (unsigned int j = 0; j < fresh_pks_len; j++)
     616         120 :       GNUNET_free (rce[i].new_coins[j].coin_ev);
     617          57 :     GNUNET_free (rce[i].new_coins);
     618             :   }
     619          19 :   TALER_EXCHANGE_free_melt_data_ (&md);
     620          19 :   return buf;
     621             : }

Generated by: LCOV version 1.14