[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] 113/130: age restriction (load per denomination). 3/n
|
From: |
gnunet |
|
Subject: |
[taler-exchange] 113/130: age restriction (load per denomination). 3/n |
|
Date: |
Wed, 17 Nov 2021 12:26:01 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
commit c97979d00ab68915b0d354a1424e420ef84b7723
Author: Özgür Kesim <oec-taler@kesim.org>
AuthorDate: Sun Nov 14 16:39:42 2021 +0100
age restriction (load per denomination). 3/n
---
src/include/taler_crypto_lib.h | 4 +++-
src/include/taler_extensions.h | 4 ++--
src/lib/exchange_api_refreshes_reveal.c | 3 ++-
src/util/crypto.c | 31 +++++++++++++++++++++++++++----
src/util/crypto_helper_denom.c | 4 +++-
src/util/extension_age_restriction.c | 4 ++--
src/util/taler-exchange-secmod-rsa.c | 27 +++++++++++++++++++++++++--
7 files changed, 64 insertions(+), 13 deletions(-)
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 7261d4de..d354add1 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -324,7 +324,9 @@ struct TALER_CoinSpendPublicKeyP
struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub;
/*
- * If age restriction applies to the coin, it must come with a hash of the
age commitment
+ * If age restriction applies to the coin, it must come with a hash of the
+ * age commitment. A zero value indicates that the coin has no age
+ * commitment set.
*/
struct TALER_AgeHash age_commitment_hash;
};
diff --git a/src/include/taler_extensions.h b/src/include/taler_extensions.h
index c22a23b8..0ef69a78 100644
--- a/src/include/taler_extensions.h
+++ b/src/include/taler_extensions.h
@@ -29,7 +29,7 @@
* invalid, OK otherwise.
*/
enum GNUNET_GenericReturnValue
-TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg, struct
- TALER_AgeMask *mask);
+TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg,
+ struct TALER_AgeMask *mask);
#endif
diff --git a/src/lib/exchange_api_refreshes_reveal.c
b/src/lib/exchange_api_refreshes_reveal.c
index 6e679d23..fdd7e7ee 100644
--- a/src/lib/exchange_api_refreshes_reveal.c
+++ b/src/lib/exchange_api_refreshes_reveal.c
@@ -166,8 +166,9 @@ refresh_reveal_ok (struct
TALER_EXCHANGE_RefreshesRevealHandle *rrh,
hence recomputing it here... */
GNUNET_CRYPTO_eddsa_key_get_public (&fc->coin_priv.eddsa_priv,
&coin_pub.eddsa_pub);
+ /* FIXME-Oec: Age commitment hash.
+ * must be put into coin_pub.age_mask */
TALER_coin_pub_hash (&coin_pub,
- /* FIXME-Oec: Age commitment hash */
&coin_hash);
if (GNUNET_OK !=
TALER_planchet_to_coin (pk,
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 67cf14b4..2d3a569a 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -320,10 +320,33 @@ void
TALER_coin_pub_hash (const struct TALER_CoinSpendPublicKeyP *coin_pub,
struct TALER_CoinPubHash *coin_h)
{
- // FIXME-Oec: hash over age-restriction, too
- GNUNET_CRYPTO_hash (&coin_pub->eddsa_pub,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
- &coin_h->hash);
+ if (GNUNET_is_zero (&coin_pub->age_commitment_hash))
+ {
+ /* No age commitment was set */
+ GNUNET_CRYPTO_hash (&coin_pub->eddsa_pub,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
+ &coin_h->hash);
+ }
+ else
+ {
+ /* Coin comes with age commitment. Take the hash of the age commitment
+ * into account */
+ const size_t key_s = sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey);
+ const size_t age_s = sizeof(struct TALER_AgeHash);
+ char data[key_s + age_s];
+
+ GNUNET_memcpy (&data[0],
+ &coin_pub->eddsa_pub,
+ key_s);
+
+ GNUNET_memcpy (&data[key_s],
+ &coin_pub->age_commitment_hash,
+ age_s);
+
+ GNUNET_CRYPTO_hash (&data,
+ key_s + age_s,
+ &coin_h->hash);
+ }
}
diff --git a/src/util/crypto_helper_denom.c b/src/util/crypto_helper_denom.c
index e1cd2b6b..02ac2cb2 100644
--- a/src/util/crypto_helper_denom.c
+++ b/src/util/crypto_helper_denom.c
@@ -281,10 +281,12 @@ TALER_CRYPTO_helper_denom_connect (
}
/* Extract the age groups from the config, if the extension has been set,
- * and serialize them into the age mask */
+ * and serialize them into the age mask
+ */
if (GNUNET_OK !=
TALER_get_age_mask (cfg, &dh->age_mask))
{
+ /* FIXME: maybe more specific error? */
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"extensions", /* FIXME: right section etc? */
"age-restriction",
diff --git a/src/util/extension_age_restriction.c
b/src/util/extension_age_restriction.c
index 64ecaa31..dbb4f3e2 100644
--- a/src/util/extension_age_restriction.c
+++ b/src/util/extension_age_restriction.c
@@ -30,8 +30,8 @@
* invalid, OK otherwise.
*/
enum GNUNET_GenericReturnValue
-TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg, struct
- TALER_AgeMask *mask)
+TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg,
+ struct TALER_AgeMask *mask)
{
/* FIXME-Oec:
*
diff --git a/src/util/taler-exchange-secmod-rsa.c
b/src/util/taler-exchange-secmod-rsa.c
index e996f14e..49b241b2 100644
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@@ -39,6 +39,7 @@
#include <pthread.h>
#include <sys/eventfd.h>
#include "taler_error_codes.h"
+#include "taler_extensions.h"
#include "taler_signatures.h"
#include "secmod_common.h"
@@ -151,6 +152,14 @@ struct Denomination
* Length of (new) RSA keys (in bits).
*/
uint32_t rsa_keysize;
+
+ /**
+ * Age Restriction Mask.
+ * If non-zero, it defines the age restriction groups that apply to this
+ * denomination.
+ */
+ struct TALER_AgeMask age_mask;
+
};
@@ -1422,10 +1431,9 @@ parse_key (struct Denomination *denom,
struct TALER_DenominationPublicKey pub;
struct DenominationKey *dk;
struct DenominationKey *before;
- struct TALER_AgeMask age_mask = { .mask = 0 }; /* FIXME-Oec */
TALER_denom_priv_to_pub (&priv,
- age_mask,
+ denom->age_mask,
&pub);
dk = GNUNET_new (struct DenominationKey);
dk->denom_priv = priv;
@@ -1645,6 +1653,21 @@ parse_denomination_cfg (const char *ct,
}
denom->rsa_keysize = (unsigned int) rsa_keysize;
denom->section = GNUNET_strdup (ct);
+
+ /* Load the (optional) age groups/mask for this denomination */
+ denom->age_mask.mask = 0;
+ if (GNUNET_YES != GNUNET_CONFIGURATION_get_value_yesno (kcfg, ct,
+ "age-restricted"))
+ {
+ if (GNUNET_OK != TALER_get_age_mask (kcfg, &denom->age_mask))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "extenstions",
+ "age-restriction",
+ "invalid age groups");
+ return GNUNET_SYSERR;
+ }
+ }
return GNUNET_OK;
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-exchange] 67/130: fix sharding, (continued)
- [taler-exchange] 67/130: fix sharding, gnunet, 2021/11/17
- [taler-exchange] 99/130: add required payto URI traits, gnunet, 2021/11/17
- [taler-exchange] 78/130: more crypto refactoring, gnunet, 2021/11/17
- [taler-exchange] 65/130: style fixes, gnunet, 2021/11/17
- [taler-exchange] 97/130: add wallet for KYC status check, gnunet, 2021/11/17
- [taler-exchange] 73/130: more denom key refactoring, gnunet, 2021/11/17
- [taler-exchange] 100/130: fix comments, gnunet, 2021/11/17
- [taler-exchange] 79/130: more crypto refactoring, gnunet, 2021/11/17
- [taler-exchange] 116/130: avoid duplication, gnunet, 2021/11/17
- [taler-exchange] 121/130: fix warning, gnunet, 2021/11/17
- [taler-exchange] 113/130: age restriction (load per denomination). 3/n,
gnunet <=
- [taler-exchange] 130/130: towards merging with master, gnunet, 2021/11/17
- [taler-exchange] 118/130: -new option, gnunet, 2021/11/17
- [taler-exchange] 77/130: -fixes, gnunet, 2021/11/17
- [taler-exchange] 103/130: comment, gnunet, 2021/11/17
- [taler-exchange] 124/130: fix oauth_username issue, gnunet, 2021/11/17
- [taler-exchange] 115/130: -preparations for long polling support, gnunet, 2021/11/17
- [taler-exchange] 110/130: misc TODOs for KYC left, gnunet, 2021/11/17
- [taler-exchange] 84/130: move extension options to external table, gnunet, 2021/11/17
- [taler-exchange] 109/130: get first KYC test to pass, gnunet, 2021/11/17
- [taler-exchange] 85/130: include h_extensions in deposit confirmation, gnunet, 2021/11/17