From 7fbae8f69f35b2bb2ace2c9131cd3ce67e9bc943 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 19 Sep 2015 16:11:31 +0200 Subject: implementing retrieval of auditor information from /keys in mint API (with updated specification) - #3847 --- src/include/taler_mint_service.h | 32 ++++++++++++++++-- src/include/taler_signatures.h | 72 ++++++++++++++++++++++++++++++++++++---- 2 files changed, 96 insertions(+), 8 deletions(-) (limited to 'src/include') diff --git a/src/include/taler_mint_service.h b/src/include/taler_mint_service.h index 3f89b0745..8d569d4bc 100644 --- a/src/include/taler_mint_service.h +++ b/src/include/taler_mint_service.h @@ -149,6 +149,11 @@ struct TALER_MINT_DenomPublicKey */ struct TALER_DenominationPublicKey key; + /** + * The hash of the public key. + */ + struct GNUNET_HashCode h_key; + /** * Timestamp indicating when the denomination key becomes valid */ @@ -165,6 +170,15 @@ struct TALER_MINT_DenomPublicKey */ struct GNUNET_TIME_Absolute deposit_valid_until; + /** + * When do signatures with this denomination key become invalid? + * After this point, these signatures cannot be used in (legal) + * disputes anymore, as the Mint is then allowed to destroy its side + * of the evidence. @e expire_legal is expected to be significantly + * larger than @e expire_spend (by a year or more). + */ + struct GNUNET_TIME_Absolute expire_legal; + /** * The value of this denomination */ @@ -204,6 +218,8 @@ struct TALER_MINT_AuditorInformation * that website. We expect that in practice software is going to * often ship with an initial list of accepted auditors, just like * browsers ship with a CA root store. + * + * This field may be NULL. (#3987). */ const char *auditor_url; @@ -218,7 +234,7 @@ struct TALER_MINT_AuditorInformation * elements point to the same locations as the entries * in the key's main `denom_keys` array. */ - struct TALER_MINT_DenomPublicKey *const*denom_keys; + const struct TALER_MINT_DenomPublicKey **denom_keys; }; @@ -246,7 +262,7 @@ struct TALER_MINT_Keys /** * Array of the keys of the auditors of the mint. */ - struct TALER_AuditorPublicKeyP *auditors; + struct TALER_MINT_AuditorInformation *auditors; /** * Length of the @e sign_keys array. @@ -353,6 +369,18 @@ TALER_MINT_get_denomination_key (const struct TALER_MINT_Keys *keys, const struct TALER_DenominationPublicKey *pk); +/** + * Obtain the denomination key details from the mint. + * + * @param keys the mint's key set + * @param hc hash of the public key of the denomination to lookup + * @return details about the given denomination key + */ +const struct TALER_MINT_DenomPublicKey * +TALER_MINT_get_denomination_key_by_hash (const struct TALER_MINT_Keys *keys, + const struct GNUNET_HashCode *hc); + + /* ********************* /wire *********************** */ diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index ffbc9fd45..3bdc4eee1 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -653,13 +653,73 @@ struct TALER_MintKeyValidityPS struct TALER_MasterPublicKeyP master; /** - * Array of hash(es) of the mint's denomination keys. - * Specifically, this is the hash over the - * `struct TALER_DenominationKeyValidityPS`, not just - * the public key (as the auditor needs to check against - * the correct valuations and fee structure). + * Start time of the validity period for this key. + */ + struct GNUNET_TIME_AbsoluteNBO start; + + /** + * The mint will sign fresh coins between @e start and this time. + * @e expire_withdraw will be somewhat larger than @e start to + * ensure a sufficiently large anonymity set, while also allowing + * the Mint to limit the financial damage in case of a key being + * compromised. Thus, mints with low volume are expected to have a + * longer withdraw period (@e expire_withdraw - @e start) than mints + * with high transaction volume. The period may also differ between + * types of coins. A mint may also have a few denomination keys + * with the same value with overlapping validity periods, to address + * issues such as clock skew. + */ + struct GNUNET_TIME_AbsoluteNBO expire_withdraw; + + /** + * Coins signed with the denomination key must be spent or refreshed + * between @e start and this expiration time. After this time, the + * mint will refuse transactions involving this key as it will + * "drop" the table with double-spending information (shortly after) + * this time. Note that wallets should refresh coins significantly + * before this time to be on the safe side. @e expire_spend must be + * significantly larger than @e expire_withdraw (by months or even + * years). + */ + struct GNUNET_TIME_AbsoluteNBO expire_spend; + + /** + * When do signatures with this denomination key become invalid? + * After this point, these signatures cannot be used in (legal) + * disputes anymore, as the Mint is then allowed to destroy its side + * of the evidence. @e expire_legal is expected to be significantly + * larger than @e expire_spend (by a year or more). */ - /* struct GNUNET_HashCode h_dks; */ + struct GNUNET_TIME_AbsoluteNBO expire_legal; + + /** + * The value of the coins signed with this denomination key. + */ + struct TALER_AmountNBO value; + + /** + * The fee the mint charges when a coin of this type is withdrawn. + * (can be zero). + */ + struct TALER_AmountNBO fee_withdraw; + + /** + * The fee the mint charges when a coin of this type is deposited. + * (can be zero). + */ + struct TALER_AmountNBO fee_deposit; + + /** + * The fee the mint charges when a coin of this type is refreshed. + * (can be zero). + */ + struct TALER_AmountNBO fee_refresh; + + /** + * Hash code of the denomination public key. (Used to avoid having + * the variable-size RSA key in this struct.) + */ + struct GNUNET_HashCode denom_hash GNUNET_PACKED; }; -- cgit v1.2.3