From ef4238874f6628a9ee4464ad3b70a7fde96d518b Mon Sep 17 00:00:00 2001 From: Özgür Kesim Date: Mon, 27 Dec 2021 23:24:48 +0100 Subject: [age restriction] progress 9/n More worke towards support for extensions and age restriction: - taler-exchange-httpd_management_extensions.c almost completed - handling of request implemented - stub "set_extensions" for database transaction added - utility functions added - TALER_exchange_offline_extension_agemask_{sign,verify} - TALER_agemask_parse_json --- src/exchange/taler-exchange-httpd.c | 21 +- src/exchange/taler-exchange-httpd.h | 6 + .../taler-exchange-httpd_management_extensions.c | 578 ++++++++++----------- src/include/taler_crypto_lib.h | 32 ++ src/include/taler_exchange_service.h | 2 +- src/include/taler_extensions.h | 36 +- src/include/taler_json_lib.h | 12 + src/include/taler_signatures.h | 40 ++ src/json/json_helper.c | 32 ++ src/lib/exchange_api_management_post_extensions.c | 31 +- src/util/extension_age_restriction.c | 12 +- src/util/offline_signatures.c | 63 +++ 12 files changed, 493 insertions(+), 372 deletions(-) (limited to 'src') diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index de4ffc7ca..b435ee4ae 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -53,6 +53,7 @@ #include "taler-exchange-httpd_withdraw.h" #include "taler_exchangedb_lib.h" #include "taler_exchangedb_plugin.h" +#include "taler_extensions.h" #include /** @@ -146,6 +147,25 @@ int TEH_check_invariants_flag; */ bool TEH_suicide; +/** + * The global manifest with the list supported extensions, sorted by + * TALER_Extension_Type. + **/ +const struct TALER_Extension TEH_extensions[TALER_Extension_Max] = { + [TALER_Extension_Peer2Peer] = { + .type = TALER_Extension_Peer2Peer, + .name = "peer2peer", + .critical = false, + .config = NULL, // disabled per default + }, + [TALER_Extension_AgeRestriction] = { + .type = TALER_Extension_AgeRestriction, + .name = "age_restriction", + .critical = false, + .config = NULL, // disabled per default + }, +}; + /** * Value to return from main() */ @@ -184,7 +204,6 @@ struct GNUNET_CURL_Context *TEH_curl_ctx; */ static struct GNUNET_CURL_RescheduleContext *exchange_curl_rc; - /** * Signature of functions that handle operations on coins. * diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h index cad74d2ed..fa47af6f4 100644 --- a/src/exchange/taler-exchange-httpd.h +++ b/src/exchange/taler-exchange-httpd.h @@ -26,6 +26,7 @@ #include #include "taler_json_lib.h" #include "taler_crypto_lib.h" +#include "taler_extensions.h" #include @@ -200,6 +201,11 @@ extern volatile bool MHD_terminating; */ extern struct GNUNET_CURL_Context *TEH_curl_ctx; +/** + * The manifest of the available extensions + */ +extern const struct TALER_Extension TEH_extensions[TALER_Extension_Max]; + /** * @brief Struct describing an URL and the handler for it. */ diff --git a/src/exchange/taler-exchange-httpd_management_extensions.c b/src/exchange/taler-exchange-httpd_management_extensions.c index 96b42abb2..6a771bf43 100644 --- a/src/exchange/taler-exchange-httpd_management_extensions.c +++ b/src/exchange/taler-exchange-httpd_management_extensions.c @@ -1,18 +1,18 @@ /* - This file is part of TALER - Copyright (C) 2021 Taler Systems SA + This file is part of TALER + Copyright (C) 2021 Taler Systems SA - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU Affero General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - You should have received a copy of the GNU Affero General Public License along with - TALER; see the file COPYING. If not, see -*/ + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see + */ /** * @file taler-exchange-httpd_management_extensions.c * @brief Handle request to POST /management/extensions @@ -23,260 +23,80 @@ #include #include #include -#include #include "taler_json_lib.h" #include "taler_mhd_lib.h" #include "taler_signatures.h" #include "taler-exchange-httpd_management.h" #include "taler-exchange-httpd_responses.h" +#include "taler_extensions.h" + + +struct Extension +{ + enum TALER_Extension_Type type; + json_t *config_json; + // This union contains the parsed configuration for each extension. + union + { + // configuration for the age restriction + struct TALER_AgeMask mask; + + /* TODO oec - peer2peer config */ + }; +}; -#if 0 /** - * Function implementing database transaction to add offline signing keys. - * Runs the transaction logic; IF it returns a non-error code, the transaction - * logic MUST NOT queue a MHD response. IF it returns an hard error, the - * transaction logic MUST queue a MHD response and set @a mhd_ret. IF it - * returns the soft error code, the function MAY be called again to retry and - * MUST not queue a MHD response. + * Closure for the #set_extensions transaction + */ +struct SetExtensionsContext +{ + uint32_t num_extensions; + struct Extension *extensions; + struct TALER_MasterSignatureP *extensions_sigs; +}; + +/** + * Function implementing database transaction to set the configuration of + * extensions. It runs the transaction logic. + * - IF it returns a non-error code, the transaction logic MUST NOT queue a + * MHD response. + * - IF it returns an hard error, the transaction logic MUST queue a MHD + * response and set @a mhd_ret. + * - IF it returns the soft error code, the function MAY be called again to + * retry and MUST not queue a MHD response. * - * @param cls closure with a `struct AddKeysContext` + * @param cls closure with a `struct SetExtensionsContext` * @param connection MHD request which triggered the transaction * @param[out] mhd_ret set to MHD response status for @a connection, * if transaction failed (!) * @return transaction status */ static enum GNUNET_DB_QueryStatus -add_keys (void *cls, - struct MHD_Connection *connection, - MHD_RESULT *mhd_ret) +set_extensions (void *cls, + struct MHD_Connection *connection, + MHD_RESULT *mhd_ret) { - struct AddKeysContext *akc = cls; - - /* activate all denomination keys */ - for (unsigned int i = 0; ind_sigs; i++) - { - struct DenomSig *d = &akc->d_sigs[i]; - enum GNUNET_DB_QueryStatus qs; - bool is_active = false; - struct TALER_EXCHANGEDB_DenominationKeyMetaData meta; - struct TALER_DenominationPublicKey denom_pub; - - /* For idempotency, check if the key is already active */ - memset (&denom_pub, - 0, - sizeof (denom_pub)); - qs = TEH_plugin->lookup_denomination_key ( - TEH_plugin->cls, - &d->h_denom_pub, - &meta); - if (qs < 0) - { - if (GNUNET_DB_STATUS_SOFT_ERROR == qs) - return qs; - GNUNET_break (0); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "lookup denomination key"); - return qs; - } - if (0 == qs) - { - enum GNUNET_GenericReturnValue rv; - - rv = TEH_keys_load_fees (&d->h_denom_pub, - &denom_pub, - &meta); - switch (rv) - { - case GNUNET_SYSERR: - *mhd_ret = TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_EXCHANGE_GENERIC_BAD_CONFIGURATION, - GNUNET_h2s (&d->h_denom_pub.hash)); - return GNUNET_DB_STATUS_HARD_ERROR; - case GNUNET_NO: - *mhd_ret = TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_NOT_FOUND, - TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN, - GNUNET_h2s (&d->h_denom_pub.hash)); - return GNUNET_DB_STATUS_HARD_ERROR; - case GNUNET_OK: - break; - } - } - else - { - is_active = true; - } - - /* check signature is valid */ - if (GNUNET_OK != - TALER_exchange_offline_denom_validity_verify ( - &d->h_denom_pub, - meta.start, - meta.expire_withdraw, - meta.expire_deposit, - meta.expire_legal, - &meta.value, - &meta.fee_withdraw, - &meta.fee_deposit, - &meta.fee_refresh, - &meta.fee_refund, - &TEH_master_public_key, - &d->master_sig)) - { - GNUNET_break_op (0); - *mhd_ret = TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_MANAGEMENT_KEYS_DENOMKEY_ADD_SIGNATURE_INVALID, - GNUNET_h2s (&d->h_denom_pub.hash)); - if (! is_active) - TALER_denom_pub_free (&denom_pub); - return GNUNET_DB_STATUS_HARD_ERROR; - } - if (is_active) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Denomination key %s already active, skipping\n", - GNUNET_h2s (&d->h_denom_pub.hash)); - continue; /* skip, already known */ - } - qs = TEH_plugin->add_denomination_key ( - TEH_plugin->cls, - &d->h_denom_pub, - &denom_pub, - &meta, - &d->master_sig); - TALER_denom_pub_free (&denom_pub); - if (qs < 0) - { - if (GNUNET_DB_STATUS_SOFT_ERROR == qs) - return qs; - GNUNET_break (0); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_STORE_FAILED, - "activate denomination key"); - return qs; - } - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Added offline signature for denomination `%s'\n", - GNUNET_h2s (&d->h_denom_pub.hash)); - GNUNET_assert (0 != qs); - } + // struct SetExtensionContext *sec = cls; - for (unsigned int i = 0; ins_sigs; i++) - { - struct SigningSig *s = &akc->s_sigs[i]; - enum GNUNET_DB_QueryStatus qs; - bool is_active = false; - struct TALER_EXCHANGEDB_SignkeyMetaData meta; - - qs = TEH_plugin->lookup_signing_key ( - TEH_plugin->cls, - &s->exchange_pub, - &meta); - if (qs < 0) - { - if (GNUNET_DB_STATUS_SOFT_ERROR == qs) - return qs; - GNUNET_break (0); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "lookup signing key"); - return qs; - } - if (0 == qs) - { - if (GNUNET_OK != - TEH_keys_get_timing (&s->exchange_pub, - &meta)) - { - /* For idempotency, check if the key is already active */ - *mhd_ret = TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_NOT_FOUND, - TALER_EC_EXCHANGE_MANAGEMENT_KEYS_SIGNKEY_UNKNOWN, - TALER_B2S (&s->exchange_pub)); - return GNUNET_DB_STATUS_HARD_ERROR; - } - } - else - { - is_active = true; /* if we pass, it's active! */ - } - - /* check signature is valid */ - if (GNUNET_OK != - TALER_exchange_offline_signkey_validity_verify ( - &s->exchange_pub, - meta.start, - meta.expire_sign, - meta.expire_legal, - &TEH_master_public_key, - &s->master_sig)) - { - GNUNET_break_op (0); - *mhd_ret = TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_MANAGEMENT_KEYS_SIGNKEY_ADD_SIGNATURE_INVALID, - TALER_B2S (&s->exchange_pub)); - return GNUNET_DB_STATUS_HARD_ERROR; - } - if (is_active) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Signing key %s already active, skipping\n", - TALER_B2S (&s->exchange_pub)); - continue; /* skip, already known */ - } - qs = TEH_plugin->activate_signing_key ( - TEH_plugin->cls, - &s->exchange_pub, - &meta, - &s->master_sig); - if (qs < 0) - { - if (GNUNET_DB_STATUS_SOFT_ERROR == qs) - return qs; - GNUNET_break (0); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_STORE_FAILED, - "activate signing key"); - return qs; - } - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Added offline signature for signing key `%s'\n", - TALER_B2S (&s->exchange_pub)); - GNUNET_assert (0 != qs); - } + // TODO oec return GNUNET_DB_STATUS_SUCCESS_ONE_RESULT; /* only 'success', so >=0, matters here */ } -#endif - MHD_RESULT TEH_handler_management_post_extensions ( struct MHD_Connection *connection, const json_t *root) { -#if 0 - json_t *denom_sigs; - json_t *signkey_sigs; + struct SetExtensionsContext sec = {0}; + json_t *extensions; + json_t *extensions_sigs; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_json ("denom_sigs", - &denom_sigs), - GNUNET_JSON_spec_json ("signkey_sigs", - &signkey_sigs), + GNUNET_JSON_spec_json ("extensions", + &extensions), + GNUNET_JSON_spec_json ("extensions_sigs", + &extensions_sigs), GNUNET_JSON_spec_end () }; bool ok; @@ -293,8 +113,9 @@ TEH_handler_management_post_extensions ( if (GNUNET_NO == res) return MHD_YES; /* failure */ } - if (! (json_is_array (denom_sigs) && - json_is_array (signkey_sigs)) ) + + if (! (json_is_array (extensions) && + json_is_array (extensions_sigs)) ) { GNUNET_break_op (0); GNUNET_JSON_parse_free (spec); @@ -302,113 +123,236 @@ TEH_handler_management_post_extensions ( connection, MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, - "array expected for denom_sigs and signkey_sigs"); + "array expected for extensions and extensions_sig"); } + + sec.num_extensions = json_array_size (extensions_sigs); + if (json_array_size (extensions) != sec.num_extensions) + { + GNUNET_break_op (0); + GNUNET_JSON_parse_free (spec); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "arrays extensions and extensions_sig are not of equal size"); + } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Received /management/keys\n"); - akc.nd_sigs = json_array_size (denom_sigs); - akc.d_sigs = GNUNET_new_array (akc.nd_sigs, - struct DenomSig); + "Received /management/extensions\n"); + + sec.extensions = GNUNET_new_array (sec.num_extensions, + struct Extension); + sec.extensions_sigs = GNUNET_new_array (sec.num_extensions, + struct TALER_MasterSignatureP); ok = true; - for (unsigned int i = 0; imaster_sig), - GNUNET_JSON_spec_fixed_auto ("h_denom_pub", - &d->h_denom_pub), - GNUNET_JSON_spec_end () - }; - enum GNUNET_GenericReturnValue res; - res = TALER_MHD_parse_json_data (connection, - json_array_get (denom_sigs, - i), - ispec); - if (GNUNET_SYSERR == res) + // 1. parse the extension { - ret = MHD_NO; /* hard failure */ - ok = false; - break; - } - if (GNUNET_NO == res) - { - ret = MHD_YES; - ok = false; - break; + enum GNUNET_GenericReturnValue res; + const char *name; + struct GNUNET_JSON_Specification ispec[] = { + GNUNET_JSON_spec_string ("extension", + &name), + GNUNET_JSON_spec_json ("config", + &sec.extensions[i].config_json), + GNUNET_JSON_spec_end () + }; + + res = TALER_MHD_parse_json_array (connection, + extensions, + ispec, + i, + -1); + if (GNUNET_SYSERR == res) + { + ret = MHD_NO; /* hard failure */ + ok = false; + break; + } + if (GNUNET_NO == res) + { + ret = MHD_YES; + ok = false; + break; + } + + // Make sure name refers to a supported extension + { + bool found = false; + for (unsigned int k = 0; k < TALER_Extension_Max; k++) + { + if (0 == strncmp (name, + TEH_extensions[k].name, + strlen (TEH_extensions[k].name))) + { + sec.extensions[i].type = TEH_extensions[k].type; + found = true; + break; + } + } + + if (! found) + { + GNUNET_free (sec.extensions); + GNUNET_free (sec.extensions_sigs); + GNUNET_JSON_parse_free (spec); + GNUNET_JSON_parse_free (ispec); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "invalid extension type"); + } + } + + // We have a JSON object for the extension. Increment its refcount and + // free the parser. + // TODO: is this correct? + json_incref (sec.extensions[i].config_json); + GNUNET_JSON_parse_free (ispec); + + // Make sure the config is sound + { + switch (sec.extensions[i].type) + { + case TALER_Extension_AgeRestriction: + if (GNUNET_OK != TALER_agemask_parse_json ( + sec.extensions[i].config_json, + &sec.extensions[i].mask)) + { + GNUNET_free (sec.extensions); + GNUNET_free (sec.extensions_sigs); + GNUNET_JSON_parse_free (spec); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "invalid mask for age restriction"); + } + break; + + case TALER_Extension_Peer2Peer: /* TODO */ + ok = false; + ret = MHD_NO; + goto BREAK; + + default: + /* not reachable */ + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "shouldn't be reached in handler for /management/extensions\n"); + ok = false; + ret = MHD_NO; + goto BREAK; + } + } } - } - if (! ok) - { - GNUNET_free (akc.d_sigs); - GNUNET_JSON_parse_free (spec); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failure to handle /management/keys\n"); - return ret; - } - akc.ns_sigs = json_array_size (signkey_sigs); - akc.s_sigs = GNUNET_new_array (akc.ns_sigs, - struct SigningSig); - for (unsigned int i = 0; imaster_sig), - GNUNET_JSON_spec_fixed_auto ("exchange_pub", - &s->exchange_pub), - GNUNET_JSON_spec_end () - }; - enum GNUNET_GenericReturnValue res; - res = TALER_MHD_parse_json_data (connection, - json_array_get (signkey_sigs, - i), - ispec); - if (GNUNET_SYSERR == res) + // 2. parse the signature { - ret = MHD_NO; /* hard failure */ - ok = false; - break; + enum GNUNET_GenericReturnValue res; + struct GNUNET_JSON_Specification ispec[] = { + GNUNET_JSON_spec_fixed_auto (NULL, + &sec.extensions_sigs[i]), + GNUNET_JSON_spec_end () + }; + + res = TALER_MHD_parse_json_array (connection, + extensions_sigs, + ispec, + i, + -1); + if (GNUNET_SYSERR == res) + { + ret = MHD_NO; /* hard failure */ + ok = false; + break; + } + if (GNUNET_NO == res) + { + ret = MHD_YES; + ok = false; + break; + } } - if (GNUNET_NO == res) + + // 3. verify the signature { - ret = MHD_YES; - ok = false; - break; + enum GNUNET_GenericReturnValue res; + + switch (sec.extensions[i].type) + { + case TALER_Extension_AgeRestriction: + res = TALER_exchange_offline_extension_agemask_verify ( + sec.extensions[i].mask, + &TEH_master_public_key, + &sec.extensions_sigs[i]); + if (GNUNET_OK != res) + { + GNUNET_free (sec.extensions); + GNUNET_free (sec.extensions_sigs); + GNUNET_JSON_parse_free (spec); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "invalid signature for age mask"); + } + break; + + case TALER_Extension_Peer2Peer: /* TODO */ + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Peer2peer not yet supported in handler for /management/extensions\n"); + ok = false; + ret = MHD_NO; + goto BREAK; + + default: + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "shouldn't be reached in handler for /management/extensions\n"); + ok = false; + ret = MHD_NO; + /* not reachable */ + goto BREAK; + } } } + +BREAK: if (! ok) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Failure to handle /management/keys\n"); - GNUNET_free (akc.d_sigs); - GNUNET_free (akc.s_sigs); + "Failure to handle /management/extensions\n"); + GNUNET_free (sec.extensions); + GNUNET_free (sec.extensions_sigs); GNUNET_JSON_parse_free (spec); return ret; } + + GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Received %u denomination and %u signing key signatures\n", - akc.nd_sigs, - akc.ns_sigs); + "Received %u extensions\n", + sec.num_extensions); + { enum GNUNET_GenericReturnValue res; res = TEH_DB_run_transaction (connection, - "add keys", + "set extensions", TEH_MT_OTHER, &ret, - &add_keys, - &akc); - GNUNET_free (akc.d_sigs); - GNUNET_free (akc.s_sigs); + &set_extensions, + &sec); + + GNUNET_free (sec.extensions); + GNUNET_free (sec.extensions_sigs); GNUNET_JSON_parse_free (spec); if (GNUNET_SYSERR == res) return ret; } - TEH_keys_update_states (); -#endif return TALER_MHD_reply_static ( connection, diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index e6c5e2a4d..4ffee54c9 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -2518,4 +2518,36 @@ TALER_merchant_wire_signature_make ( struct TALER_MerchantSignatureP *merch_sig); +/* **************** /management/extensions offline signing **************** */ + +/** + * Create a signature for age restriction groups + * + * @param mask The bitmask representing age groups + * @param master_priv private key to sign with + * @param[out] master_sig where to write the signature + */ +void +TALER_exchange_offline_extension_agemask_sign ( + const struct TALER_AgeMask mask, + const struct TALER_MasterPrivateKeyP *master_priv, + struct TALER_MasterSignatureP *master_sig); + + +/** + * Verify the signature in @a master_sig. + * + * @param mask bit mask representing an age group for age restriction + * @param master_pub master public key of the exchange + * @param master_sig signature of the exchange + * @return #GNUNET_OK if signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_offline_extension_agemask_verify ( + const struct TALER_AgeMask mask, + const struct TALER_MasterPublicKeyP *master_pub, + const struct TALER_MasterSignatureP *master_sig + ); + + #endif diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h index af07588e1..04b731b32 100644 --- a/src/include/taler_exchange_service.h +++ b/src/include/taler_exchange_service.h @@ -2680,7 +2680,7 @@ TALER_EXCHANGE_post_management_keys_cancel ( struct TALER_EXCHANGE_ManagementPostExtensionsData { struct TALER_Extension *extensions; - struct TALER_MasterSignatureP *extension_sigs; + struct TALER_MasterSignatureP *extensions_sigs; uint32_t num_extensions; }; diff --git a/src/include/taler_extensions.h b/src/include/taler_extensions.h index 8f3dd69e7..b6d5c826c 100644 --- a/src/include/taler_extensions.h +++ b/src/include/taler_extensions.h @@ -22,6 +22,7 @@ #define TALER_EXTENSIONS_H #include +#include "taler_crypto_lib.h" #define TALER_EXTENSION_SECTION_PREFIX "exchange-extension-" @@ -36,8 +37,8 @@ enum TALER_Extension_ReturnValue enum TALER_Extension_Type { - TALER_Extension_Peer2Peer = 0, - TALER_Extension_AgeRestriction = 1, + TALER_Extension_AgeRestriction = 0, + TALER_Extension_Peer2Peer = 1, TALER_Extension_Max = 2 }; @@ -47,40 +48,11 @@ struct TALER_Extension char *name; bool critical; void *config; - size_t config_size; }; -struct TALER_Peer2Peer_Config -{ - // FIXME -}; - -/** - * TEH_extensions is the global manifest with the list supported extensions, - * sorted by TALER_Extension_Type. - * - * TODO: Mutex? - * - **/ -struct TALER_Extension TEH_extensions[TALER_Extension_Max] = { - [TALER_Extension_Peer2Peer] = { - .type = TALER_Extension_Peer2Peer, - .name = "peer2peer", - .critical = false, - .config_size = sizeof(struct TALER_Peer2Peer_Config), - }, - [TALER_Extension_AgeRestriction] = { - .type = TALER_Extension_AgeRestriction, - .name = "age_restriction", - .critical = false, - .config_size = sizeof(struct TALER_AgeMask), - }, -}; - - /* * TALER Peer2Peer Extension - * FIXME + * FIXME oec */ diff --git a/src/include/taler_json_lib.h b/src/include/taler_json_lib.h index b20bd4ea4..888256385 100644 --- a/src/include/taler_json_lib.h +++ b/src/include/taler_json_lib.h @@ -542,6 +542,18 @@ TALER_deposit_extension_hash (const json_t *extensions, struct TALER_ExtensionContractHash *ech); +/** + * Parses a JSON object { "extension": "age_restriction", "mask": }. + * + * @param root is the json object + * @param[out] mask on succes, will contain the age mask + * @return GNUNET_OK on success and GNUNET_SYSERR on failure. + */ +enum GNUNET_GenericReturnValue +TALER_agemask_parse_json (const json_t *root, + struct TALER_AgeMask *mask); + + #endif /* TALER_JSON_LIB_H_ */ /* End of taler_json_lib.h */ diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index bcfa863c1..d9fa7065b 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -97,6 +97,10 @@ */ #define TALER_SIGNATURE_MASTER_WIRE_DETAILS 1030 +/** + * Set the configuration of an extension (age-restriction or peer2peer) + */ +#define TALER_SIGNATURE_MASTER_EXTENSION 1031 /*********************************************/ /* Exchange online signatures (with signing key) */ @@ -961,6 +965,42 @@ struct TALER_MasterDelWirePS }; +/* + * @brief Signature made by the exchange offline key over the + * configuration of the age restriction extension. + */ +struct TALER_MasterExtensionAgeRestrictionPS +{ + /** + * Purpose is #TALER_SIGNATURE_MASTER_EXTENSION. Signed + * by a `struct TALER_MasterPublicKeyP` using EdDSA. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Bit mask representing the lits of age groups, see TALER_AgeMask for a + * description. + */ + struct TALER_AgeMask mask; +}; + +#if 0 +/* + * @brief Signature made by the exchange offline key over the + * configuration of the peer2peer extension. + */ +struct TALER_MasterExtensionPeer2PeerPS +{ + /** + * Purpose is #TALER_SIGNATURE_MASTER_EXTENSION. Signed + * by a `struct TALER_MasterPublicKeyP` using EdDSA. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + // TODO oec +}; +#endif + /** * @brief Information about a denomination key. Denomination keys * are used to sign coins of a certain value into existence. diff --git a/src/json/json_helper.c b/src/json/json_helper.c index 949354e24..3b4da5595 100644 --- a/src/json/json_helper.c +++ b/src/json/json_helper.c @@ -659,4 +659,36 @@ TALER_JSON_spec_i18n_str (const char *name, } +enum GNUNET_GenericReturnValue +TALER_agemask_parse_json (const json_t *root, + struct TALER_AgeMask *mask) +{ + const char *name; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_string ("extension", + &name), + GNUNET_JSON_spec_uint32 ("mask", + &mask->mask), + GNUNET_JSON_spec_end () + }; + + if (GNUNET_OK != GNUNET_JSON_parse (root, + spec, + NULL, + NULL)) + { + return GNUNET_SYSERR; + } + + if (! strncmp (name, + "age_restriction", + sizeof("age_restriction"))) + { + return GNUNET_SYSERR; + } + + return GNUNET_OK; +} + + /* end of json/json_helper.c */ diff --git a/src/lib/exchange_api_management_post_extensions.c b/src/lib/exchange_api_management_post_extensions.c index 7f6349113..a2de2454c 100644 --- a/src/lib/exchange_api_management_post_extensions.c +++ b/src/lib/exchange_api_management_post_extensions.c @@ -130,11 +130,10 @@ TALER_EXCHANGE_management_post_extensions ( void *cb_cls) { struct TALER_EXCHANGE_ManagementPostExtensionsHandle *ph; - // FIXME-oec: TODO! CURL *eh = NULL; - json_t *body; + json_t *body = NULL; json_t *extensions = NULL; - json_t *extension_sigs = NULL; + json_t *extensions_sigs = NULL; ph = GNUNET_new (struct TALER_EXCHANGE_ManagementPostExtensionsHandle); ph->cb = cb; @@ -156,16 +155,18 @@ TALER_EXCHANGE_management_post_extensions ( { json_t *config; const struct TALER_AgeMask *mask; - const struct TALER_Extension *ext - = &pkd->extensions[i]; + const struct TALER_Extension *ext = &pkd->extensions[i]; switch (ext->type) { // TODO: case TALER_Extension_Peer2Peer case TALER_Extension_AgeRestriction: - mask = (struct TALER_AgeMask *) (&ext->config); - config = GNUNET_JSON_PACK (GNUNET_JSON_pack_data_auto ("mask", - &mask->mask)); + mask = (const struct TALER_AgeMask *) (&ext->config); + config = GNUNET_JSON_PACK ( + GNUNET_JSON_pack_string ("extension", + ext->name), + GNUNET_JSON_pack_data_auto ("mask", + &mask->mask)); GNUNET_assert (NULL != config); break; default: @@ -177,22 +178,22 @@ TALER_EXCHANGE_management_post_extensions ( json_array_append_new ( extensions, GNUNET_JSON_PACK ( - GNUNET_JSON_pack_data_auto ("extension", + GNUNET_JSON_pack_data_auto ("name", &ext->name), GNUNET_JSON_pack_data_auto ("config", config) ))); } - extension_sigs = json_array (); - GNUNET_assert (NULL != extension_sigs); + extensions_sigs = json_array (); + GNUNET_assert (NULL != extensions_sigs); for (unsigned int i = 0; inum_extensions; i++) { const struct TALER_MasterSignatureP *sks - = &pkd->extension_sigs[i]; + = &pkd->extensions_sigs[i]; GNUNET_assert (0 == json_array_append_new ( - extension_sigs, + extensions_sigs, GNUNET_JSON_PACK ( GNUNET_JSON_pack_data_auto ("extension_sig", &sks->eddsa_signature)))); @@ -200,8 +201,8 @@ TALER_EXCHANGE_management_post_extensions ( body = GNUNET_JSON_PACK ( GNUNET_JSON_pack_array_steal ("extensions", extensions), - GNUNET_JSON_pack_array_steal ("extension_sigs", - extension_sigs)); + GNUNET_JSON_pack_array_steal ("extensions_sigs", + extensions_sigs)); eh = curl_easy_init (); GNUNET_assert (NULL != eh); if (GNUNET_OK != diff --git a/src/util/extension_age_restriction.c b/src/util/extension_age_restriction.c index fbdb796f2..c0efd7cd1 100644 --- a/src/util/extension_age_restriction.c +++ b/src/util/extension_age_restriction.c @@ -38,12 +38,12 @@ TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg, char *groups; enum TALER_Extension_ReturnValue ret = TALER_Extension_ERROR_SYS; - if ((GNUNET_NO == GNUNET_CONFIGURATION_have_value (cfg, - TALER_EXTENSION_SECTION_AGE_RESTRICTION, - "ENABLED")) || - (GNUNET_NO == GNUNET_CONFIGURATION_get_value_yesno (cfg, - TALER_EXTENSION_SECTION_AGE_RESTRICTION, - "ENABLED"))) + if ((GNUNET_YES != GNUNET_CONFIGURATION_have_value (cfg, + TALER_EXTENSION_SECTION_AGE_RESTRICTION, + "ENABLED")) || + (GNUNET_YES != GNUNET_CONFIGURATION_get_value_yesno (cfg, + TALER_EXTENSION_SECTION_AGE_RESTRICTION, + "ENABLED"))) { /* Age restriction is not enabled */ mask->mask = 0; diff --git a/src/util/offline_signatures.c b/src/util/offline_signatures.c index cd9dceca5..7fbec826b 100644 --- a/src/util/offline_signatures.c +++ b/src/util/offline_signatures.c @@ -490,4 +490,67 @@ TALER_exchange_offline_wire_fee_verify ( } +void +TALER_exchange_offline_extension_agemask_sign ( + const struct TALER_AgeMask mask, + const struct TALER_MasterPrivateKeyP *master_priv, + struct TALER_MasterSignatureP *master_sig) +{ + struct TALER_MasterExtensionAgeRestrictionPS ar = { + .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_EXTENSION), + .purpose.size = htonl (sizeof(ar)), + .mask = mask + }; + GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv, + &ar, + &master_sig->eddsa_signature); +} + + +enum GNUNET_GenericReturnValue +TALER_exchange_offline_extension_agemask_verify ( + const struct TALER_AgeMask mask, + const struct TALER_MasterPublicKeyP *master_pub, + const struct TALER_MasterSignatureP *master_sig + ) +{ + struct TALER_MasterExtensionAgeRestrictionPS ar = { + .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_EXTENSION), + .purpose.size = htonl (sizeof(ar)), + .mask = mask + }; + return + GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_EXTENSION, + &ar, + &master_sig->eddsa_signature, + &master_pub->eddsa_pub); +} + + +#if 0 +/* TODO peer2peer */ +void +TALER_exchange_offline_extension_p2p_sign ( + // TODO + const struct TALER_MasterPrivateKeyP *master_priv, + struct TALER_MasterSignatureP *master_sig) +{ + // TODO +} + + +enum GNUNET_GenericReturnValue +TALER_exchange_offline_extension_p2p_verify ( + // TODO + const struct TALER_MasterPublicKeyP *master_pub, + const struct TALER_MasterSignatureP *master_sig, + ) +{ + // TODO + return GNUNET_FALSE; +} + + +#endif + /* end of offline_signatures.c */ -- cgit v1.2.3