summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/auditor/report-lib.c2
-rw-r--r--src/exchange-tools/taler-auditor-offline.c2
-rw-r--r--src/exchange-tools/taler-exchange-offline.c2
-rw-r--r--src/exchange/exchange.conf14
-rw-r--r--src/exchange/taler-exchange-httpd_keys.c24
-rw-r--r--src/exchange/taler-exchange-httpd_keys.h14
-rw-r--r--src/exchange/taler-exchange-httpd_refreshes_reveal.c2
-rw-r--r--src/exchange/taler-exchange-httpd_wire.h2
-rw-r--r--src/exchangedb/exchangedb.conf8
-rw-r--r--src/exchangedb/plugin_exchangedb_postgres.c13
-rw-r--r--src/include/taler_crypto_lib.h44
-rw-r--r--src/include/taler_exchange_service.h20
-rw-r--r--src/include/taler_testing_lib.h8
-rw-r--r--src/lib/exchange_api_handle.c58
-rw-r--r--src/lib/exchange_api_wire.c1
-rw-r--r--src/util/auditor_signatures.c2
-rw-r--r--src/util/crypto.c121
-rw-r--r--src/util/crypto_helper_denom.c3
-rw-r--r--src/util/crypto_helper_esign.c5
-rw-r--r--src/util/crypto_wire.c4
-rw-r--r--src/util/offline_signatures.c28
-rw-r--r--src/util/secmod_signatures.c4
-rw-r--r--src/util/taler-helper-crypto-eddsa.c7
-rw-r--r--src/util/taler-helper-crypto-rsa.c7
24 files changed, 92 insertions, 303 deletions
diff --git a/src/auditor/report-lib.c b/src/auditor/report-lib.c
index 481ee357..19a8ed7d 100644
--- a/src/auditor/report-lib.c
+++ b/src/auditor/report-lib.c
@@ -161,7 +161,7 @@ TALER_ARL_report (json_t *array,
*
* @param cls closure, NULL
* @param denom_pub public key, sometimes NULL (!)
- * @param issue issuing information with value, fees and other info about the denomination.
+ * @param validity issuing information with value, fees and other info about the denomination.
*/
static void
add_denomination (void *cls,
diff --git a/src/exchange-tools/taler-auditor-offline.c b/src/exchange-tools/taler-auditor-offline.c
index 507dd744..7a354edf 100644
--- a/src/exchange-tools/taler-auditor-offline.c
+++ b/src/exchange-tools/taler-auditor-offline.c
@@ -461,7 +461,7 @@ upload_denomination_add (const char *exchange_url,
/**
- * Perform uploads based on the JSON in #io.
+ * Perform uploads based on the JSON in #out.
*
* @param exchange_url base URL of the exchange to use
*/
diff --git a/src/exchange-tools/taler-exchange-offline.c b/src/exchange-tools/taler-exchange-offline.c
index 22153e66..abcd52f2 100644
--- a/src/exchange-tools/taler-exchange-offline.c
+++ b/src/exchange-tools/taler-exchange-offline.c
@@ -1624,7 +1624,7 @@ upload_keys (const char *exchange_url,
/**
- * Perform uploads based on the JSON in #io.
+ * Perform uploads based on the JSON in #out.
*
* @param exchange_url base URL of the exchange to use
*/
diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf
index 3abd8efd..f4bdc4ed 100644
--- a/src/exchange/exchange.conf
+++ b/src/exchange/exchange.conf
@@ -63,20 +63,8 @@ AGGREGATOR_IDLE_SLEEP_INTERVAL = 60 s
# super fast.)
WIREWATCH_IDLE_SLEEP_INTERVAL = 1 s
-# how long is one signkey valid?
-SIGNKEY_DURATION = 4 weeks
-
# how long are the signatures with the signkey valid?
-LEGAL_DURATION = 2 years
-
-# how long do we generate denomination and signing keys
-# ahead of time?
-LOOKAHEAD_SIGN = 32 weeks 1 day
-
-# how long do we provide to clients denomination and signing keys
-# ahead of time?
-LOOKAHEAD_PROVIDE = 4 weeks 1 day
-
+SIGNKEY_LEGAL_DURATION = 2 years
# Directory with our terms of service.
# TERMS_DIR =
diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c
index e955cd95..87dd5467 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -147,7 +147,7 @@ struct HelperSignkey
* State associated with the crypto helpers / security modules.
* Created per-thread, but NOT updated when the #key_generation
* is updated (instead constantly kept in sync whenever
- * #TEH_get_key_state() is called).
+ * #TEH_keys_get_state() is called).
*/
struct HelperState
{
@@ -335,8 +335,8 @@ static pthread_key_t key_state;
* Counter incremented whenever we have a reason to re-build the keys because
* something external changed (in another thread). The counter is manipulated
* using an atomic update, and thus to ensure that threads notice when it
- * changes, the variable MUST be volatile. See #TEH_get_key_state() and
- * #TEH_update_key_state() for uses of this variable.
+ * changes, the variable MUST be volatile. See #TEH_keys_get_state() and
+ * #TEH_keys_update_states() for uses of this variable.
*/
static volatile uint64_t key_generation;
@@ -816,7 +816,7 @@ clear_denomination_cb (void *cls,
* Free denomination key data.
*
* @param cls a `struct TEH_KeyStateHandle`, unused
- * @param h_denom_pub hash of the denomination public key, unused
+ * @param pid the online signing key (type-disguised), unused
* @param value a `struct SigningKey` to free
* @return #GNUNET_OK (continue to iterate)
*/
@@ -1729,7 +1729,7 @@ TEH_keys_update_states ()
/**
* Obtain the key state for the current thread. Should ONLY be used
- * directly if @a management_only is true. Otherwise use #TEH_get_key_state().
+ * directly if @a management_only is true. Otherwise use #TEH_keys_get_state().
*
* @param management_only if we should NOT run 'finish_keys_response()'
* because we only need the state for the /management/keys API
@@ -1787,7 +1787,7 @@ get_key_state (bool management_only)
struct TEH_KeyStateHandle *
-TEH_get_key_state (void)
+TEH_keys_get_state (void)
{
struct TEH_KeyStateHandle *ksh;
@@ -1811,7 +1811,7 @@ TEH_keys_denomination_by_hash (const struct GNUNET_HashCode *h_denom_pub,
{
struct TEH_KeyStateHandle *ksh;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
*hc = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -1854,7 +1854,7 @@ TEH_keys_denomination_sign (const struct GNUNET_HashCode *h_denom_pub,
struct TEH_KeyStateHandle *ksh;
struct TALER_DenominationSignature none = { NULL };
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
*ec = TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING;
@@ -1873,7 +1873,7 @@ TEH_keys_denomination_revoke (const struct GNUNET_HashCode *h_denom_pub)
{
struct TEH_KeyStateHandle *ksh;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
GNUNET_break (0);
@@ -1893,7 +1893,7 @@ TEH_keys_exchange_sign_ (
{
struct TEH_KeyStateHandle *ksh;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
/* This *can* happen if the exchange's crypto helper is not running
@@ -1956,7 +1956,7 @@ TEH_keys_exchange_revoke (const struct TALER_ExchangePublicKeyP *exchange_pub)
{
struct TEH_KeyStateHandle *ksh;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
GNUNET_break (0);
@@ -2037,7 +2037,7 @@ TEH_keys_get_handler (const struct TEH_RequestHandler *rh,
struct TEH_KeyStateHandle *ksh;
const struct KeysResponseData *krd;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
return suspend_request (connection);
diff --git a/src/exchange/taler-exchange-httpd_keys.h b/src/exchange/taler-exchange-httpd_keys.h
index 54dc8c73..3a72c1c2 100644
--- a/src/exchange/taler-exchange-httpd_keys.h
+++ b/src/exchange/taler-exchange-httpd_keys.h
@@ -101,13 +101,13 @@ struct TEH_KeyStateHandle;
* state if we have reason to believe that something changed.
*
* The result is ONLY valid until the next call to
- * #TEH_keys_denomination_by_hash() or #TEH_get_key_state()
+ * #TEH_keys_denomination_by_hash() or #TEH_keys_get_state()
* or #TEH_keys_exchange_sign().
*
* @return NULL on error
*/
struct TEH_KeyStateHandle *
-TEH_get_key_state (void);
+TEH_keys_get_state (void);
/**
@@ -117,7 +117,7 @@ TEH_get_key_state (void);
*
* (We do not do so immediately, but merely signal to all threads that they
* need to rebuild their key state upon the next call to
- * #TEH_get_key_state()).
+ * #TEH_keys_get_state()).
*/
void
TEH_keys_update_states (void);
@@ -128,7 +128,6 @@ TEH_keys_update_states (void);
* must only be used in this thread and only until another key or
* key state is resolved.
*
- * @param key_state state to look in
* @param h_denom_pub hash of denomination public key
* @param[out] ec set to the error code, in case the operation failed
* @param[out] hc set to the HTTP status code to use
@@ -145,9 +144,9 @@ TEH_keys_denomination_by_hash (const struct GNUNET_HashCode *h_denom_pub,
* Look up the issue for a denom public key using a given @a ksh. This allows
* requesting multiple denominations with the same @a ksh which thus will
* remain valid until the next call to #TEH_keys_denomination_by_hash() or
- * #TEH_get_key_state() or #TEH_keys_exchange_sign().
+ * #TEH_keys_get_state() or #TEH_keys_exchange_sign().
*
- * @param key_state state to look in
+ * @param ksh key state state to look in
* @param h_denom_pub hash of denomination public key
* @param[out] ec set to the error code, in case the operation failed
* @param[out] hc set to the HTTP status code to use
@@ -231,6 +230,7 @@ TEH_keys_exchange_sign_ (
* number of bytes of the data structure, including its header. Use
* #TEH_keys_exchange_sign() instead of calling this function directly!
*
+ * @param ksh key state state to look in
* @param purpose the message to sign
* @param[out] pub set to the current public signing key of the exchange
* @param[out] sig signature over purpose using current signing key
@@ -281,7 +281,7 @@ TEH_keys_exchange_sign2_ (
*
* This allows requesting multiple denominations with the same @a ksh which
* thus will remain valid until the next call to
- * #TEH_keys_denomination_by_hash() or #TEH_get_key_state() or
+ * #TEH_keys_denomination_by_hash() or #TEH_keys_get_state() or
* #TEH_keys_exchange_sign().
*
* @param ksh key state to use
diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c b/src/exchange/taler-exchange-httpd_refreshes_reveal.c
index 9533ad53..930de082 100644
--- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c
+++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c
@@ -548,7 +548,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
struct TEH_KeyStateHandle *ksh;
struct GNUNET_TIME_Absolute now;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
return TALER_MHD_reply_with_error (connection,
diff --git a/src/exchange/taler-exchange-httpd_wire.h b/src/exchange/taler-exchange-httpd_wire.h
index b07bfcfb..75094f5a 100644
--- a/src/exchange/taler-exchange-httpd_wire.h
+++ b/src/exchange/taler-exchange-httpd_wire.h
@@ -49,7 +49,7 @@ TEH_WIRE_done (void);
*
* (We do not do so immediately, but merely signal to all threads that they
* need to rebuild their wire state upon the next call to
- * #wire_get_state()).
+ * #TEH_handler_wire()).
*/
void
TEH_wire_update_state (void);
diff --git a/src/exchangedb/exchangedb.conf b/src/exchangedb/exchangedb.conf
index 6853b8d1..77748bf5 100644
--- a/src/exchangedb/exchangedb.conf
+++ b/src/exchangedb/exchangedb.conf
@@ -26,11 +26,3 @@ IDLE_RESERVE_EXPIRATION_TIME = 4 weeks
# After how long do we forget about reserves? Should be above
# the legal expiration timeframe of withdrawn coins.
LEGAL_RESERVE_EXPIRATION_TIME = 7 years
-
-
-# How long should generated coins overlap in their validity
-# periods. Should be long enough to avoid problems with
-# wallets picking one key and then due to network latency
-# another key being valid. The DURATION_WITHDRAW period
-# must be longer than this value.
-DURATION_OVERLAP = 5 minutes \ No newline at end of file
diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c
index f71a6773..0e5ded47 100644
--- a/src/exchangedb/plugin_exchangedb_postgres.c
+++ b/src/exchangedb/plugin_exchangedb_postgres.c
@@ -2186,7 +2186,7 @@ struct SignkeysIteratorContext
/**
- * Helper function for #postgres_active_signkeys().
+ * Helper function for #postgres_iterate_active_signkeys().
* Calls the callback with each signkey.
*
* @param cls a `struct SignkeysIteratorContext`
@@ -2294,7 +2294,7 @@ struct AuditorsIteratorContext
/**
- * Helper function for #postgres_active_auditors().
+ * Helper function for #postgres_iterate_active_auditors().
* Calls the callback with each auditor.
*
* @param cls a `struct SignkeysIteratorContext`
@@ -5226,7 +5226,6 @@ postgres_get_coin_transactions (
*tlp = chc.head;
if (NULL == chc.head)
return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
- GNUNET_break (chc.have_deposit_or_melt);
return GNUNET_DB_STATUS_SUCCESS_ONE_RESULT;
}
@@ -8519,15 +8518,13 @@ postgres_lookup_denomination_key (
/**
- * Activate future denomination key, turning it into a "current" or "valid"
- * denomination key by adding the master signature. Deletes the
- * denomination key from the 'future' table an inserts the data into the
- * main denominations table. Because this function will trigger multiple SQL
- * statements, it must be run within a transaction.
+ * Activate denomination key, turning it into a "current" or "valid"
+ * denomination key by adding the master signature.
*
* @param cls closure
* @param session a session
* @param h_denom_pub hash of the denomination public key
+ * @param denom_pub the actual denomination key
* @param meta meta data about the denomination
* @param master_pub master public key
* @param master_sig master signature to add
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 2154479a..70e49697 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -463,7 +463,7 @@ struct TALER_TrackTransferDetails
* #GNUNET_NO if it is invalid
* #GNUNET_SYSERR if an internal error occurred
*/
-int
+enum GNUNET_GenericReturnValue
TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info,
const struct TALER_DenominationPublicKey *denom_pub);
@@ -650,7 +650,7 @@ TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps);
* other withdraw operations
* @return #GNUNET_OK on success
*/
-int
+enum GNUNET_GenericReturnValue
TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
const struct TALER_PlanchetSecretsP *ps,
struct GNUNET_HashCode *c_hash,
@@ -668,7 +668,7 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
* @param[out] coin set to the details of the fresh coin
* @return #GNUNET_OK on success
*/
-int
+enum GNUNET_GenericReturnValue
TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk,
const struct GNUNET_CRYPTO_RsaSignature *blind_sig,
const struct TALER_PlanchetSecretsP *ps,
@@ -1081,7 +1081,7 @@ TALER_exchange_offline_auditor_add_sign (
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_auditor_add_verify (
const struct TALER_AuditorPublicKeyP *auditor_pub,
const char *auditor_url,
@@ -1115,7 +1115,7 @@ TALER_exchange_offline_auditor_del_sign (
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_auditor_del_verify (
const struct TALER_AuditorPublicKeyP *auditor_pub,
struct GNUNET_TIME_Absolute end_date,
@@ -1145,7 +1145,7 @@ TALER_exchange_offline_denomination_revoke_sign (
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_denomination_revoke_verify (
const struct GNUNET_HashCode *h_denom_pub,
const struct TALER_MasterPublicKeyP *master_pub,
@@ -1174,7 +1174,7 @@ TALER_exchange_offline_signkey_revoke_sign (
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_signkey_revoke_verify (
const struct TALER_ExchangePublicKeyP *exchange_pub,
const struct TALER_MasterPublicKeyP *master_pub,
@@ -1212,7 +1212,7 @@ TALER_exchange_offline_signkey_validity_sign (
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_signkey_validity_verify (
const struct TALER_ExchangePublicKeyP *exchange_pub,
struct GNUNET_TIME_Absolute start_sign,
@@ -1271,7 +1271,7 @@ TALER_exchange_offline_denom_validity_sign (
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_denom_validity_verify (
const struct GNUNET_HashCode *h_denom_pub,
struct GNUNET_TIME_Absolute stamp_start,
@@ -1315,7 +1315,7 @@ TALER_exchange_secmod_eddsa_sign (
* @param secm_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_secmod_eddsa_verify (
const struct TALER_ExchangePublicKeyP *exchange_pub,
struct GNUNET_TIME_Absolute start_sign,
@@ -1347,7 +1347,7 @@ TALER_exchange_secmod_rsa_sign (
/**
* Verify security module RSA signature.
*
- * @param h_ednom_pub hash of the public key to validate
+ * @param h_denom_pub hash of the public key to validate
* @param section_name name of the section in the configuration
* @param start_sign starting point of validity for signing
* @param duration how long will the key be in use
@@ -1355,7 +1355,7 @@ TALER_exchange_secmod_rsa_sign (
* @param secm_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_secmod_rsa_verify (
const struct GNUNET_HashCode *h_denom_pub,
const char *section_name,
@@ -1420,7 +1420,7 @@ TALER_auditor_denom_validity_sign (
* @param auditor_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_auditor_denom_validity_verify (
const char *auditor_url,
const struct GNUNET_HashCode *h_denom_pub,
@@ -1475,7 +1475,7 @@ TALER_exchange_offline_wire_fee_sign (
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_wire_fee_verify (
const char *payment_method,
struct GNUNET_TIME_Absolute start_time,
@@ -1511,7 +1511,7 @@ TALER_exchange_offline_wire_add_sign (
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_wire_add_verify (
const char *payto_uri,
struct GNUNET_TIME_Absolute sign_time,
@@ -1544,7 +1544,7 @@ TALER_exchange_offline_wire_del_sign (
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_wire_del_verify (
const char *payto_uri,
struct GNUNET_TIME_Absolute sign_time,
@@ -1572,7 +1572,7 @@ TALER_exchange_wire_signature_hash (const char *payto_uri,
* @param master_sig signature of the exchange
* @return #GNUNET_OK if signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_wire_signature_check (
const char *payto_uri,
const struct TALER_MasterPublicKeyP *master_pub,
@@ -1617,7 +1617,7 @@ TALER_merchant_wire_signature_hash (const char *payto_uri,
* @param merch_sig signature of the merchant
* @return #GNUNET_OK if signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_merchant_wire_signature_check (
const char *payto_uri,
const char *salt,
@@ -1645,13 +1645,13 @@ TALER_merchant_wire_signature_make (
* Blinds the given message with the given blinding key
*
* @param hash hash of the message to sign
- * @param bkey the blinding key
+ * @param bks the blinding key
* @param pkey the public key of the signer
* @param[out] buf set to a buffer with the blinded message to be signed
* @param[out] buf_size number of bytes stored in @a buf
* @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
*/
-int
+enum GNUNET_GenericReturnValue
TALER_rsa_blind (const struct GNUNET_HashCode *hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey,
@@ -1661,8 +1661,8 @@ TALER_rsa_blind (const struct GNUNET_HashCode *hash,
/**
* Unblind a blind-signed signature. The signature should have been generated
- * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
- * #GNUNET_CRYPTO_rsa_blind().
+ * with GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
+ * GNUNET_CRYPTO_rsa_blind().
*
* @param sig the signature made on the blinded signature purpose
* @param bks the blinding key secret used to blind the signature purpose
diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h
index 5691e58d..557348dd 100644
--- a/src/include/taler_exchange_service.h
+++ b/src/include/taler_exchange_service.h
@@ -473,26 +473,6 @@ TALER_EXCHANGE_get_keys (struct TALER_EXCHANGE_Handle *exchange);
/**
- * Set the fake now to be used when requesting "/keys".
- *
- * @param exchange exchange handle.
- * @param now fake now to use. Note: this value will be
- * used _until_ its use will be unset via @a TALER_EXCHANGE_unset_now()
- */
-void
-TALER_EXCHANGE_set_now (struct TALER_EXCHANGE_Handle *exchange,
- struct GNUNET_TIME_Absolute now);
-
-/**
- * Unset the fake now to be used when requesting "/keys".
- *
- * @param exchange exchange handle.
- */
-void
-TALER_EXCHANGE_unset_now (struct TALER_EXCHANGE_Handle *exchange);
-
-
-/**
* Let the user set the last valid denomination time manually.
*
* @param exchange the exchange handle.
diff --git a/src/include/taler_testing_lib.h b/src/include/taler_testing_lib.h
index 0900fac9..fdc1e9bc 100644
--- a/src/include/taler_testing_lib.h
+++ b/src/include/taler_testing_lib.h
@@ -1808,15 +1808,17 @@ TALER_TESTING_cmd_check_keys_pull_all_keys (const char *label,
* of downloads is less than @a generation, the logic will
* first make sure that @a generation downloads are done,
* and _then_ execute the rest of the command.
- * @param last_denom_date date to be set in the "last_denom_issue"
- * URL parameter of /keys.
+ * @param last_denom_date_ref previous /keys command to use to
+ * obtain the "last_denom_date" value from; "zero" can be used
+ * as a special value to force an absolute time of zero to be
+ * given to as an argument
* @return the command.
*/
struct TALER_TESTING_Command
TALER_TESTING_cmd_check_keys_with_last_denom (
const char *label,
unsigned int generation,
- struct GNUNET_TIME_Absolute last_denom_date);
+ const char *last_denom_date_ref);
/**
diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c
index 3d386e09..49af08b1 100644
--- a/src/lib/exchange_api_handle.c
+++ b/src/lib/exchange_api_handle.c
@@ -215,17 +215,6 @@ struct TALER_EXCHANGE_Handle
*/
enum ExchangeHandleState state;
- /**
- * If #GNUNET_YES, use fake now given by the user, in
- * request of "/keys".
- */
- int with_now;
-
- /**
- * Fake now given by the user.
- */
- struct GNUNET_TIME_Absolute now;
-
};
@@ -1044,12 +1033,12 @@ decode_keys_json (const json_t *resp_obj,
if (check_sig)
{
- struct TALER_ExchangeKeySetPS ks;
+ struct TALER_ExchangeKeySetPS ks = {
+ .purpose.size = htonl (sizeof (ks)),
+ .purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_KEY_SET),
+ .list_issue_date = GNUNET_TIME_absolute_hton (key_data->list_issue_date)
+ };
- /* Validate signature... */
- ks.purpose.size = htonl (sizeof (ks));
- ks.purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_KEY_SET);
- ks.list_issue_date = GNUNET_TIME_absolute_hton (key_data->list_issue_date);
GNUNET_CRYPTO_hash_context_finish (hash_context,
&ks.hc);
hash_context = NULL;
@@ -1115,34 +1104,6 @@ request_keys (void *cls);
/**
- * Set the fake now to be used when requesting "/keys".
- *
- * @param exchange exchange handle.
- * @param now fake now to use. Note: this value will be
- * used _until_ its use will be unset via @a TALER_EXCHANGE_unset_now()
- */
-void
-TALER_EXCHANGE_set_now (struct TALER_EXCHANGE_Handle *exchange,
- struct GNUNET_TIME_Absolute now)
-{
- exchange->with_now = GNUNET_YES;
- exchange->now = now;
-}
-
-
-/**
- * Unset the fake now to be used when requesting "/keys".
- *
- * @param exchange exchange handle.
- */
-void
-TALER_EXCHANGE_unset_now (struct TALER_EXCHANGE_Handle *exchange)
-{
- exchange->with_now = GNUNET_NO;
-}
-
-
-/**
* Let the user set the last valid denomination time manually.
*
* @param exchange the exchange handle.
@@ -1940,15 +1901,6 @@ request_keys (void *cls)
/ 1000000LLU);
}
- if (GNUNET_YES == exchange->with_now)
- {
- TALER_LOG_DEBUG ("Faking now to GET /keys: %s\n",
- GNUNET_STRINGS_absolute_time_to_string (exchange->now));
- sprintf (&url[strlen (url)],
- "now=%llu&",
- (unsigned long long) exchange->now.abs_value_us / 1000000LLU);
- }
-
/* Clean the last '&'/'?' sign that we optimistically put. */
url[strlen (url) - 1] = '\0';
kr->url = TEAH_path_to_url (exchange,
diff --git a/src/lib/exchange_api_wire.c b/src/lib/exchange_api_wire.c
index f70c0086..8534d54c 100644
--- a/src/lib/exchange_api_wire.c
+++ b/src/lib/exchange_api_wire.c
@@ -129,7 +129,6 @@ parse_fees (json_t *fees)
if (0 == (len = json_array_size (fee_array)))
{
- GNUNET_break_op (0);
GNUNET_free (fe);
continue; /* skip */
}
diff --git a/src/util/auditor_signatures.c b/src/util/auditor_signatures.c
index 837b31c6..b41ce66a 100644
--- a/src/util/auditor_signatures.c
+++ b/src/util/auditor_signatures.c
@@ -70,7 +70,7 @@ TALER_auditor_denom_validity_sign (
}
-int
+enum GNUNET_GenericReturnValue
TALER_auditor_denom_validity_verify (
const char *auditor_url,
const struct GNUNET_HashCode *h_denom_pub,
diff --git a/src/util/crypto.c b/src/util/crypto.c
index dcff5fd2..4f084b19 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -26,9 +26,8 @@
#include <gcrypt.h>
/**
- * Should we use the RSA blind signing implementation
- * from libgnunetutil? The blinding only works
- * correctly with a current version of libgnunetutil.
+ * Should we use the RSA blind signing implementation from libgnunetutil? The
+ * blinding only works correctly with a current version of libgnunetutil.
*
* Only applies to blinding and unblinding, but
* not to blind signing.
@@ -82,17 +81,7 @@ TALER_gcrypt_init ()
}
-/**
- * Check if a coin is valid; that is, whether the denomination key exists,
- * is not expired, and the signature is correct.
- *
- * @param coin_public_info the coin public info to check for validity
- * @param denom_pub denomination key, must match @a coin_public_info's `denom_pub_hash`
- * @return #GNUNET_YES if the coin is valid,
- * #GNUNET_NO if it is invalid
- * #GNUNET_SYSERR if an internal error occurred
- */
-int
+enum GNUNET_GenericReturnValue
TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info,
const struct TALER_DenominationPublicKey *denom_pub)
{
@@ -122,17 +111,6 @@ TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info,
}
-/**
- * Given the coin and the transfer private keys, compute the
- * transfer secret. (Technically, we only need one of the two
- * private keys, but the caller currently trivially only has
- * the two private keys, so we derive one of the public keys
- * internally to this function.)
- *
- * @param coin_priv coin key
- * @param trans_priv transfer private key
- * @param[out] ts computed transfer secret
- */
void
TALER_link_derive_transfer_secret (
const struct TALER_CoinSpendPrivateKeyP *coin_priv,
@@ -151,14 +129,6 @@ TALER_link_derive_transfer_secret (
}
-/**
- * Decrypt the shared @a secret from the information in the
- * @a trans_priv and @a coin_pub.
- *
- * @param trans_priv transfer private key
- * @param coin_pub coin public key
- * @param[out] transfer_secret set to the shared secret
- */
void
TALER_link_reveal_transfer_secret (
const struct TALER_TransferPrivateKeyP *trans_priv,
@@ -172,14 +142,6 @@ TALER_link_reveal_transfer_secret (
}
-/**
- * Decrypt the shared @a secret from the information in the
- * @a trans_priv and @a coin_pub.
- *
- * @param trans_pub transfer private key
- * @param coin_priv coin public key
- * @param[out] transfer_secret set to the shared secret
- */
void
TALER_link_recover_transfer_secret (
const struct TALER_TransferPublicKeyP *trans_pub,
@@ -193,13 +155,6 @@ TALER_link_recover_transfer_secret (
}
-/**
- * Setup information for a fresh coin.
- *
- * @param secret_seed seed to use for KDF to derive coin keys
- * @param coin_num_salt number of the coin to include in KDF
- * @param[out] ps value to initialize
- */
void
TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
uint32_t coin_num_salt,
@@ -220,11 +175,6 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
}
-/**
- * Setup information for a fresh coin.
- *
- * @param[out] ps value to initialize
- */
void
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps)
{
@@ -234,17 +184,7 @@ TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps)
}
-/**
- * Prepare a planchet for tipping. Creates and blinds a coin.
- *
- * @param dk denomination key for the coin to be created
- * @param ps secret planchet internals (for #TALER_planchet_to_coin)
- * @param[out] c_hash set to the hash of the public key of the coin (needed later)
- * @param[out] pd set to the planchet detail for TALER_MERCHANT_tip_pickup() and
- * other withdraw operations
- * @return #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
const struct TALER_PlanchetSecretsP *ps,
struct GNUNET_HashCode *c_hash,
@@ -273,18 +213,7 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
}
-/**
- * Obtain a coin from the planchet's secrets and the blind signature
- * of the exchange.
- *
- * @param dk denomination key, must match what was given to #TALER_planchet_prepare()
- * @param blind_sig blind signature from the exchange
- * @param ps secrets from #TALER_planchet_prepare()
- * @param c_hash hash of the coin's public key for verification of the signature
- * @param[out] coin set to the details of the fresh coin
- * @return #GNUNET_OK on success
- */
-int
+enum GNUNET_GenericReturnValue
TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk,
const struct GNUNET_CRYPTO_RsaSignature *blind_sig,
const struct TALER_PlanchetSecretsP *ps,
@@ -311,17 +240,6 @@ TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk,
}
-/**
- * Compute the commitment for a /refresh/melt operation from
- * the respective public inputs.
- *
- * @param[out] rc set to the value the wallet must commit to
- * @param kappa number of transfer public keys involved (must be #TALER_CNC_KAPPA)
- * @param num_new_coins number of new coins to be created
- * @param rcs commitments array of @a kappa commitments
- * @param coin_pub public key of the coin to be melted
- * @param amount_with_fee amount to be melted, including fee
- */
void
TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
uint32_t kappa,
@@ -556,7 +474,6 @@ rsa_gcd_validate (gcry_mpi_t r, gcry_mpi_t n)
*
* @param hash initial hash of the message to sign
* @param pkey the public key of the signer
- * @param rsize If not NULL, the number of bytes actually stored in buffer
* @return MPI value set to the FDH, NULL if RSA key is malicious
*/
static gcry_mpi_t
@@ -598,7 +515,7 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
/**
* Create a blinding key
*
- * @param len length of the key in bits (i.e. 2048)
+ * @param pkey the public key to blind for
* @param bks pre-secret to use to derive the blinding key
* @return the newly created blinding key, NULL if RSA key is malicious
*/
@@ -638,7 +555,7 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
* Print an MPI to a newly created buffer
*
* @param v MPI to print.
- * @param[out] newly allocated buffer containing the result
+ * @param[out] buffer newly allocated buffer containing the result
* @return number of bytes stored in @a buffer
*/
static size_t
@@ -669,17 +586,7 @@ numeric_mpi_alloc_n_print (gcry_mpi_t v,
#endif /* ! USE_GNUNET_RSA_BLINDING */
-/**
- * Blinds the given message with the given blinding key
- *
- * @param hash hash of the message to sign
- * @param bkey the blinding key
- * @param pkey the public key of the signer
- * @param[out] buf set to a buffer with the blinded message to be signed
- * @param[out] buf_size number of bytes stored in @a buf
- * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
- */
-int
+enum GNUNET_GenericReturnValue
TALER_rsa_blind (const struct GNUNET_HashCode *hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey,
@@ -710,7 +617,7 @@ TALER_rsa_blind (const struct GNUNET_HashCode *hash,
GNUNET_break (0);
*buf = NULL;
*buf_size = 0;
- return 0;
+ return GNUNET_NO;
}
data = rsa_full_domain_hash (pkey, hash);
@@ -758,16 +665,6 @@ rsa_gcd_validate_failure:
}
-/**
- * Unblind a blind-signed signature. The signature should have been generated
- * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
- * #GNUNET_CRYPTO_rsa_blind().
- *
- * @param sig the signature made on the blinded signature purpose
- * @param bks the blinding key secret used to blind the signature purpose
- * @param pkey the public key of the signer
- * @return unblinded signature on success, NULL if RSA key is bad or malicious.
- */
struct GNUNET_CRYPTO_RsaSignature *
TALER_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
diff --git a/src/util/crypto_helper_denom.c b/src/util/crypto_helper_denom.c
index c61a46f1..4618383a 100644
--- a/src/util/crypto_helper_denom.c
+++ b/src/util/crypto_helper_denom.c
@@ -663,7 +663,8 @@ void
TALER_CRYPTO_helper_denom_disconnect (
struct TALER_CRYPTO_DenominationHelper *dh)
{
- do_disconnect (dh);
+ if (-1 != dh->sock)
+ do_disconnect (dh);
GNUNET_free (dh->template);
GNUNET_free (dh);
}
diff --git a/src/util/crypto_helper_esign.c b/src/util/crypto_helper_esign.c
index 1cf20e91..688afc7d 100644
--- a/src/util/crypto_helper_esign.c
+++ b/src/util/crypto_helper_esign.c
@@ -317,7 +317,7 @@ handle_mt_purge (struct TALER_CRYPTO_ExchangeSignHelper *esh,
/**
* Wait until the socket is ready to read.
*
- * @param dh helper to wait for
+ * @param esh helper to wait for
* @return false on timeout (after 5s)
*/
static bool
@@ -591,7 +591,8 @@ void
TALER_CRYPTO_helper_esign_disconnect (
struct TALER_CRYPTO_ExchangeSignHelper *esh)
{
- do_disconnect (esh);
+ if (-1 != esh->sock)
+ do_disconnect (esh);
GNUNET_free (esh->template);
GNUNET_free (esh);
}
diff --git a/src/util/crypto_wire.c b/src/util/crypto_wire.c
index 7aaf7d15..0d31720a 100644
--- a/src/util/crypto_wire.c
+++ b/src/util/crypto_wire.c
@@ -53,7 +53,7 @@ TALER_exchange_wire_signature_hash (const char *payto_uri,
* @param master_sig signature of the exchange
* @return #GNUNET_OK if signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_wire_signature_check (
const char *payto_uri,
const struct TALER_MasterPublicKeyP *master_pub,
@@ -143,7 +143,7 @@ TALER_merchant_wire_signature_hash (const char *payto_uri,
* @param merch_sig signature of the merchant
* @return #GNUNET_OK if signature is valid
*/
-int
+enum GNUNET_GenericReturnValue
TALER_merchant_wire_signature_check (
const char *payto_uri,
const char *salt,
diff --git a/src/util/offline_signatures.c b/src/util/offline_signatures.c
index 5899c134..aab46fc7 100644
--- a/src/util/offline_signatures.c
+++ b/src/util/offline_signatures.c
@@ -47,17 +47,7 @@ TALER_exchange_offline_auditor_add_sign (
}
-/**
- * Verify auditor add signature.
- *
- * @param auditor_pub public key of the auditor
- * @param auditor_url URL of the auditor
- * @param start_date when to enable the auditor (for replay detection)
- * @param master_pub public key to verify against
- * @param master_sig the signature the signature
- * @return #GNUNET_OK if the signature is valid
- */
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_auditor_add_verify (
const struct TALER_AuditorPublicKeyP *auditor_pub,
const char *auditor_url,
@@ -103,7 +93,7 @@ TALER_exchange_offline_auditor_del_sign (
}
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_auditor_del_verify (
const struct TALER_AuditorPublicKeyP *auditor_pub,
struct GNUNET_TIME_Absolute end_date,
@@ -143,7 +133,7 @@ TALER_exchange_offline_denomination_revoke_sign (
}
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_denomination_revoke_verify (
const struct GNUNET_HashCode *h_denom_pub,
const struct TALER_MasterPublicKeyP *master_pub,
@@ -183,7 +173,7 @@ TALER_exchange_offline_signkey_revoke_sign (
}
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_signkey_revoke_verify (
const struct TALER_ExchangePublicKeyP *exchange_pub,
const struct TALER_MasterPublicKeyP *master_pub,
@@ -231,7 +221,7 @@ TALER_exchange_offline_signkey_validity_sign (
}
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_signkey_validity_verify (
const struct TALER_ExchangePublicKeyP *exchange_pub,
struct GNUNET_TIME_Absolute start_sign,
@@ -305,7 +295,7 @@ TALER_exchange_offline_denom_validity_sign (
}
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_denom_validity_verify (
const struct GNUNET_HashCode *h_denom_pub,
struct GNUNET_TIME_Absolute stamp_start,
@@ -374,7 +364,7 @@ TALER_exchange_offline_wire_add_sign (
}
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_wire_add_verify (
const char *payto_uri,
struct GNUNET_TIME_Absolute sign_time,
@@ -421,7 +411,7 @@ TALER_exchange_offline_wire_del_sign (
}
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_wire_del_verify (
const char *payto_uri,
struct GNUNET_TIME_Absolute sign_time,
@@ -475,7 +465,7 @@ TALER_exchange_offline_wire_fee_sign (
}
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_offline_wire_fee_verify (
const char *payment_method,
struct GNUNET_TIME_Absolute start_time,
diff --git a/src/util/secmod_signatures.c b/src/util/secmod_signatures.c
index e7542c1e..3df68861 100644
--- a/src/util/secmod_signatures.c
+++ b/src/util/secmod_signatures.c
@@ -45,7 +45,7 @@ TALER_exchange_secmod_eddsa_sign (
}
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_secmod_eddsa_verify (
const struct TALER_ExchangePublicKeyP *exchange_pub,
struct GNUNET_TIME_Absolute start_sign,
@@ -96,7 +96,7 @@ TALER_exchange_secmod_rsa_sign (
}
-int
+enum GNUNET_GenericReturnValue
TALER_exchange_secmod_rsa_verify (
const struct GNUNET_HashCode *h_denom_pub,
const char *section_name,
diff --git a/src/util/taler-helper-crypto-eddsa.c b/src/util/taler-helper-crypto-eddsa.c
index ad1a783e..c229a8c1 100644
--- a/src/util/taler-helper-crypto-eddsa.c
+++ b/src/util/taler-helper-crypto-eddsa.c
@@ -18,11 +18,6 @@
* @brief Standalone process to perform private key EDDSA operations
* @author Christian Grothoff
*
- * INTEGRATION NOTES:
- * - Option 'DURATION_OVERLAP' renamed to 'OVERLAP_DURATION' for consistency;
- * => need to update in deployment scripts and default configuration!
- * - option 'KEY_DIR' moved from section 'exchange' to 'taler-helper-crypto-eddsa'!
- *
* Key design points:
* - EVERY thread of the exchange will have its own pair of connections to the
* crypto helpers. This way, every threat will also have its own /keys state
@@ -236,7 +231,7 @@ static char *keydir;
/**
* How much should coin creation duration overlap
* with the next key? Basically, the starting time of two
- * keys is always #duration - #duration_overlap apart.
+ * keys is always #duration - #overlap_duration apart.
*/
static struct GNUNET_TIME_Relative overlap_duration;
diff --git a/src/util/taler-helper-crypto-rsa.c b/src/util/taler-helper-crypto-rsa.c
index 53d5c2c7..345a826a 100644
--- a/src/util/taler-helper-crypto-rsa.c
+++ b/src/util/taler-helper-crypto-rsa.c
@@ -18,11 +18,6 @@
* @brief Standalone process to perform private key RSA operations
* @author Christian Grothoff
*
- * INTEGRATION NOTES:
- * - Option 'DURATION_OVERLAP' renamed to 'OVERLAP_DURATION' for consistency;
- * => need to update in deployment scripts and default configuration!
- * - option 'KEY_DIR' moved from section 'exchange' to 'taler-helper-crypto-rsa'!
- *
* Key design points:
* - EVERY thread of the exchange will have its own pair of connections to the
* crypto helpers. This way, every threat will also have its own /keys state
@@ -288,7 +283,7 @@ static char *keydir;
/**
* How much should coin creation (@e duration_withdraw) duration overlap
* with the next denomination? Basically, the starting time of two
- * denominations is always @e duration_withdraw - #duration_overlap apart.
+ * denominations is always @e duration_withdraw - #overlap_duration apart.
*/
static struct GNUNET_TIME_Relative overlap_duration;