[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: [age restriction] progress 5/n
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: [age restriction] progress 5/n |
|
Date: |
Sun, 28 Nov 2021 18:51:36 +0100 |
This is an automated email from the git hooks/post-receive script.
oec pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 97bae4dd [age restriction] progress 5/n
97bae4dd is described below
commit 97bae4dd65854316611c8f440176b063b545618b
Author: Özgür Kesim <oec-taler@kesim.org>
AuthorDate: Sun Nov 28 18:43:41 2021 +0100
[age restriction] progress 5/n
- taler-exchange-secmod-rsa
- extracts AGE_RESTRICTED per denomination from config
- propagates flag for each denomination to server
- if age restriction is set for a denomination,
age _mask_ is taken (for now!) from config
---
src/exchange/taler-exchange-httpd_keys.c | 21 +++++++++-----
src/include/taler_crypto_lib.h | 4 ++-
src/include/taler_exchangedb_plugin.h | 4 +++
src/util/crypto_helper_rsa.c | 6 ++--
src/util/taler-exchange-secmod-rsa.c | 50 +++++++++++++++++++++++---------
src/util/taler-exchange-secmod-rsa.h | 5 ++++
src/util/test_helper_rsa.c | 5 +++-
7 files changed, 71 insertions(+), 24 deletions(-)
diff --git a/src/exchange/taler-exchange-httpd_keys.c
b/src/exchange/taler-exchange-httpd_keys.c
index 5f747ccc..b7359392 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -26,6 +26,7 @@
#include "taler-exchange-httpd_keys.h"
#include "taler-exchange-httpd_responses.h"
#include "taler_exchangedb_plugin.h"
+#include "taler_extensions.h"
/**
@@ -687,6 +688,7 @@ destroy_key_helpers (struct HelperState *hs)
* @param sm_pub public key of the security module, NULL if the key was
revoked or purged
* @param sm_sig signature from the security module, NULL if the key was
revoked or purged
* The signature was already verified against @a sm_pub.
+ * @param age_restricted true, if denomination is age restricted
*/
static void
helper_rsa_cb (
@@ -697,7 +699,8 @@ helper_rsa_cb (
const struct TALER_RsaPubHashP *h_rsa,
const struct TALER_DenominationPublicKey *denom_pub,
const struct TALER_SecurityModulePublicKeyP *sm_pub,
- const struct TALER_SecurityModuleSignatureP *sm_sig)
+ const struct TALER_SecurityModuleSignatureP *sm_sig,
+ bool age_restricted)
{
struct HelperState *hs = cls;
struct HelperDenomination *hd;
@@ -729,13 +732,17 @@ helper_rsa_cb (
TALER_denom_pub_deep_copy (&hd->denom_pub,
denom_pub);
GNUNET_assert (TALER_DENOMINATION_RSA == hd->denom_pub.cipher);
- // FIXME-OEC: set AGE RESTRICTION (from 'global' variable,
- // that itself is set from /managmenet API!) HERE!
- // ISSUE: tricky to handle if configuration changes
- // between denominations (some with/without age
- // restrictions). For that, we probably need to look at
- // configuration [$section_name] (!?).
+
+ /* Set age restriction, if applicable */
hd->denom_pub.age_mask.mask = 0;
+ if (age_restricted)
+ {
+ /* FIXME-oec: get age mask from global */
+ GNUNET_assert (TALER_EXTENSION_OK == TALER_get_age_mask (TEH_cfg,
+ &hd->denom_pub.
+ age_mask));
+ }
+
TALER_denom_pub_hash (&hd->denom_pub,
&hd->h_denom_pub);
hd->section_name = GNUNET_strdup (section_name);
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index ea53efb6..9e744c8d 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -1362,6 +1362,7 @@ struct TALER_CRYPTO_RsaDenominationHelper;
* @param sm_pub public key of the security module, NULL if the key was
revoked or purged
* @param sm_sig signature from the security module, NULL if the key was
revoked or purged
* The signature was already verified against @a sm_pub.
+ * @param age_restricted true, if denomnation has age restriction set
*/
typedef void
(*TALER_CRYPTO_RsaDenominationKeyStatusCallback)(
@@ -1372,7 +1373,8 @@ typedef void
const struct TALER_RsaPubHashP *h_rsa,
const struct TALER_DenominationPublicKey *denom_pub,
const struct TALER_SecurityModulePublicKeyP *sm_pub,
- const struct TALER_SecurityModuleSignatureP *sm_sig);
+ const struct TALER_SecurityModuleSignatureP *sm_sig,
+ bool age_restricted);
/**
diff --git a/src/include/taler_exchangedb_plugin.h
b/src/include/taler_exchangedb_plugin.h
index 7b3c3baf..47504e51 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -629,6 +629,10 @@ struct TALER_EXCHANGEDB_DenominationKeyMetaData
*/
struct TALER_Amount fee_refund;
+ /**
+ * Indication if age restriction is set for this denomination
+ */
+ bool age_restricted;
};
diff --git a/src/util/crypto_helper_rsa.c b/src/util/crypto_helper_rsa.c
index 85741d5e..d30f8091 100644
--- a/src/util/crypto_helper_rsa.c
+++ b/src/util/crypto_helper_rsa.c
@@ -239,7 +239,8 @@ handle_mt_avail (struct TALER_CRYPTO_RsaDenominationHelper
*dh,
&h_rsa,
&denom_pub,
&kan->secm_pub,
- &kan->secm_sig);
+ &kan->secm_sig,
+ (&kan->age_restricted > 0));
TALER_denom_pub_free (&denom_pub);
}
return GNUNET_OK;
@@ -275,7 +276,8 @@ handle_mt_purge (struct TALER_CRYPTO_RsaDenominationHelper
*dh,
&pn->h_rsa,
NULL,
NULL,
- NULL);
+ NULL,
+ false);
return GNUNET_OK;
}
diff --git a/src/util/taler-exchange-secmod-rsa.c
b/src/util/taler-exchange-secmod-rsa.c
index 343ae3c4..0711fd7a 100644
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@@ -1,18 +1,18 @@
/*
- This file is part of TALER
- Copyright (C) 2014-2021 Taler Systems SA
+ This file is part of TALER
+ Copyright (C) 2014-2021 Taler Systems SA
- TALER is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
- You should have received a copy of the GNU General Public License along with
- TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
-*/
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
/**
* @file util/taler-exchange-secmod-rsa.c
* @brief Standalone process to perform private key RSA operations
@@ -156,6 +156,11 @@ struct Denomination
* Length of (new) RSA keys (in bits).
*/
uint32_t rsa_keysize;
+
+ /**
+ * Is the denomination age restricted? 0 == false
+ */
+ uint8_t age_restricted;
};
@@ -258,6 +263,7 @@ notify_client_dk_add (struct TES_Client *client,
an->section_name_len = htons ((uint16_t) nlen);
an->anchor_time = GNUNET_TIME_absolute_hton (dk->anchor);
an->duration_withdraw = GNUNET_TIME_relative_hton (denom->duration_withdraw);
+ an->age_restricted = denom->age_restricted;
TALER_exchange_secmod_rsa_sign (&dk->h_rsa,
denom->section,
dk->anchor,
@@ -1256,6 +1262,24 @@ parse_denomination_cfg (const struct
GNUNET_CONFIGURATION_Handle *cfg,
}
denom->rsa_keysize = (unsigned int) rsa_keysize;
denom->section = GNUNET_strdup (ct);
+ if (GNUNET_OK == (GNUNET_CONFIGURATION_have_value (cfg,
+ ct,
+ "AGE_RESTRICTED")))
+ {
+ enum GNUNET_GenericReturnValue ret;
+ if (GNUNET_SYSERR == (ret = GNUNET_CONFIGURATION_get_value_yesno (cfg,
+ ct,
+
"AGE_RESTRICTED")))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ ct,
+ "AGE_RESTRICTED",
+ "Value must be YES or NO\n");
+ return GNUNET_SYSERR;
+ }
+ denom->age_restricted = (ret == GNUNET_OK) ? 1 : 0;
+ }
+
return GNUNET_OK;
}
@@ -1522,8 +1546,8 @@ main (int argc,
(void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
/* force linker to link against libtalerutil; if we do
- not do this, the linker may "optimize" libtalerutil
- away and skip #TALER_OS_init(), which we do need */
+ not do this, the linker may "optimize" libtalerutil
+ away and skip #TALER_OS_init(), which we do need */
TALER_OS_init ();
now = now_tmp = GNUNET_TIME_absolute_get ();
ret = GNUNET_PROGRAM_run (argc, argv,
diff --git a/src/util/taler-exchange-secmod-rsa.h
b/src/util/taler-exchange-secmod-rsa.h
index b0fdfbd9..9207e705 100644
--- a/src/util/taler-exchange-secmod-rsa.h
+++ b/src/util/taler-exchange-secmod-rsa.h
@@ -77,6 +77,11 @@ struct TALER_CRYPTO_RsaKeyAvailableNotification
*/
struct TALER_SecurityModuleSignatureP secm_sig;
+ /**
+ * Indicator for age restriction
+ */
+ uint8_t age_restricted;
+
/* followed by @e pub_size bytes of the RSA public key */
/* followed by @e section_name bytes of the configuration section name
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c
index 14ff2bfa..80a36fd0 100644
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@@ -133,6 +133,7 @@ free_keys (void)
* @param sm_pub public key of the security module, NULL if the key was
revoked or purged
* @param sm_sig signature from the security module, NULL if the key was
revoked or purged
* The signature was already verified against @a sm_pub.
+ * @param age_restricted indication if denomination is age restricted
*/
static void
key_cb (void *cls,
@@ -142,7 +143,8 @@ key_cb (void *cls,
const struct TALER_RsaPubHashP *h_rsa,
const struct TALER_DenominationPublicKey *denom_pub,
const struct TALER_SecurityModulePublicKeyP *sm_pub,
- const struct TALER_SecurityModuleSignatureP *sm_sig)
+ const struct TALER_SecurityModuleSignatureP *sm_sig,
+ bool age_restricted)
{
(void) cls;
(void) sm_pub;
@@ -186,6 +188,7 @@ key_cb (void *cls,
keys[i].validity_duration = validity_duration;
TALER_denom_pub_deep_copy (&keys[i].denom_pub,
denom_pub);
+ /* FIXME-oec: take age_restriction into account!? */
num_keys++;
return;
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: [age restriction] progress 5/n,
gnunet <=