[age restriction] progress 9/n

More worke towards support for extensions and age restriction:

- taler-exchange-httpd_management_extensions.c almost completed
  - handling of request implemented
  - stub "set_extensions" for database transaction added

- utility functions added
  - TALER_exchange_offline_extension_agemask_{sign,verify}
  - TALER_agemask_parse_json

5 files changed, 89 insertions, 33 deletions

diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index e6c5e2a4d..4ffee54c9 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -2518,4 +2518,36 @@ TALER_merchant_wire_signature_make (
   struct TALER_MerchantSignatureP *merch_sig);
 
 
+/* **************** /management/extensions offline signing **************** */
+
+/**
+ * Create a signature for age restriction groups
+ *
+ * @param mask The bitmask representing age groups
+ * @param master_priv private key to sign with
+ * @param[out] master_sig where to write the signature
+ */
+void
+TALER_exchange_offline_extension_agemask_sign (
+  const struct TALER_AgeMask mask,
+  const struct TALER_MasterPrivateKeyP *master_priv,
+  struct TALER_MasterSignatureP *master_sig);
+
+
+/**
+ * Verify the signature in @a master_sig.
+ *
+ * @param mask bit mask representing an age group for age restriction
+ * @param master_pub master public key of the exchange
+ * @param master_sig signature of the exchange
+ * @return #GNUNET_OK if signature is valid
+ */
+enum GNUNET_GenericReturnValue
+TALER_exchange_offline_extension_agemask_verify (
+  const struct TALER_AgeMask mask,
+  const struct TALER_MasterPublicKeyP *master_pub,
+  const struct TALER_MasterSignatureP *master_sig
+  );
+
+
 #endif
diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h
index af07588e1..04b731b32 100644
--- a/src/include/taler_exchange_service.h
+++ b/src/include/taler_exchange_service.h
@@ -2680,7 +2680,7 @@ TALER_EXCHANGE_post_management_keys_cancel (
 struct TALER_EXCHANGE_ManagementPostExtensionsData
 {
   struct TALER_Extension *extensions;
-  struct TALER_MasterSignatureP *extension_sigs;
+  struct TALER_MasterSignatureP *extensions_sigs;
   uint32_t num_extensions;
 };
 
diff --git a/src/include/taler_extensions.h b/src/include/taler_extensions.h
index 8f3dd69e7..b6d5c826c 100644
--- a/src/include/taler_extensions.h
+++ b/src/include/taler_extensions.h
@@ -22,6 +22,7 @@
 #define TALER_EXTENSIONS_H
 
 #include <gnunet/gnunet_util_lib.h>
+#include "taler_crypto_lib.h"
 
 
 #define TALER_EXTENSION_SECTION_PREFIX "exchange-extension-"
@@ -36,8 +37,8 @@ enum TALER_Extension_ReturnValue
 
 enum TALER_Extension_Type
 {
-  TALER_Extension_Peer2Peer = 0,
-  TALER_Extension_AgeRestriction = 1,
+  TALER_Extension_AgeRestriction = 0,
+  TALER_Extension_Peer2Peer = 1,
   TALER_Extension_Max = 2
 };
 
@@ -47,40 +48,11 @@ struct TALER_Extension
   char *name;
   bool critical;
   void *config;
-  size_t config_size;
 };
 
-struct TALER_Peer2Peer_Config
-{
-  // FIXME
-};
-
-/**
- * TEH_extensions is the global manifest with the list supported extensions,
- * sorted by TALER_Extension_Type.
- *
- * TODO: Mutex?
- *
- **/
-struct TALER_Extension TEH_extensions[TALER_Extension_Max] = {
-  [TALER_Extension_Peer2Peer] = {
-    .type = TALER_Extension_Peer2Peer,
-    .name = "peer2peer",
-    .critical = false,
-    .config_size = sizeof(struct TALER_Peer2Peer_Config),
-  },
-  [TALER_Extension_AgeRestriction] = {
-    .type = TALER_Extension_AgeRestriction,
-    .name = "age_restriction",
-    .critical = false,
-    .config_size = sizeof(struct TALER_AgeMask),
-  },
-};
-
-
 /*
  * TALER Peer2Peer Extension
- * FIXME
+ * FIXME oec
  */
 
 
diff --git a/src/include/taler_json_lib.h b/src/include/taler_json_lib.h
index b20bd4ea4..888256385 100644
--- a/src/include/taler_json_lib.h
+++ b/src/include/taler_json_lib.h
@@ -542,6 +542,18 @@ TALER_deposit_extension_hash (const json_t *extensions,
                               struct TALER_ExtensionContractHash *ech);
 
 
+/**
+ * Parses a JSON object { "extension": "age_restriction", "mask": <uint32> }.
+ *
+ * @param root is the json object
+ * @param[out] mask on succes, will contain the age mask
+ * @return GNUNET_OK on success and GNUNET_SYSERR on failure.
+ */
+enum GNUNET_GenericReturnValue
+TALER_agemask_parse_json (const json_t *root,
+                          struct TALER_AgeMask *mask);
+
+
 #endif /* TALER_JSON_LIB_H_ */
 
 /* End of taler_json_lib.h */
diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h
index bcfa863c1..d9fa7065b 100644
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@@ -97,6 +97,10 @@
  */
 #define TALER_SIGNATURE_MASTER_WIRE_DETAILS 1030
 
+/**
+ * Set the configuration of an extension (age-restriction or peer2peer)
+ */
+#define TALER_SIGNATURE_MASTER_EXTENSION 1031
 
 /*********************************************/
 /* Exchange online signatures (with signing key) */
@@ -961,6 +965,42 @@ struct TALER_MasterDelWirePS
 };
 
 
+/*
+ * @brief Signature made by the exchange offline key over the
+ * configuration of the age restriction extension.
+ */
+struct TALER_MasterExtensionAgeRestrictionPS
+{
+  /**
+   * Purpose is #TALER_SIGNATURE_MASTER_EXTENSION.   Signed
+   * by a `struct TALER_MasterPublicKeyP` using EdDSA.
+   */
+  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+  /**
+   * Bit mask representing the lits of age groups, see TALER_AgeMask for a
+   * description.
+   */
+  struct TALER_AgeMask mask;
+};
+
+#if 0
+/*
+ * @brief Signature made by the exchange offline key over the
+ * configuration of the peer2peer extension.
+ */
+struct TALER_MasterExtensionPeer2PeerPS
+{
+  /**
+   * Purpose is #TALER_SIGNATURE_MASTER_EXTENSION.   Signed
+   * by a `struct TALER_MasterPublicKeyP` using EdDSA.
+   */
+  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+  // TODO oec
+};
+#endif
+
 /**
  * @brief Information about a denomination key. Denomination keys
  * are used to sign coins of a certain value into existence.