diff options
author | Özgür Kesim <oec-taler@kesim.org> | 2021-11-28 18:43:41 +0100 |
---|---|---|
committer | Özgür Kesim <oec-taler@kesim.org> | 2021-11-28 18:51:25 +0100 |
commit | 97bae4dd65854316611c8f440176b063b545618b (patch) | |
tree | 620ce4447fddad7aac07bb500bbacb6984c8b274 /src/util | |
parent | 2d1a618d3dfb3dd0b85013b3e70debe308b88e72 (diff) | |
download | exchange-97bae4dd65854316611c8f440176b063b545618b.tar.xz |
[age restriction] progress 5/n
- taler-exchange-secmod-rsa
- extracts AGE_RESTRICTED per denomination from config
- propagates flag for each denomination to server
- if age restriction is set for a denomination,
age _mask_ is taken (for now!) from config
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/crypto_helper_rsa.c | 6 | ||||
-rw-r--r-- | src/util/taler-exchange-secmod-rsa.c | 50 | ||||
-rw-r--r-- | src/util/taler-exchange-secmod-rsa.h | 5 | ||||
-rw-r--r-- | src/util/test_helper_rsa.c | 5 |
4 files changed, 50 insertions, 16 deletions
diff --git a/src/util/crypto_helper_rsa.c b/src/util/crypto_helper_rsa.c index 85741d5e5..d30f8091b 100644 --- a/src/util/crypto_helper_rsa.c +++ b/src/util/crypto_helper_rsa.c @@ -239,7 +239,8 @@ handle_mt_avail (struct TALER_CRYPTO_RsaDenominationHelper *dh, &h_rsa, &denom_pub, &kan->secm_pub, - &kan->secm_sig); + &kan->secm_sig, + (&kan->age_restricted > 0)); TALER_denom_pub_free (&denom_pub); } return GNUNET_OK; @@ -275,7 +276,8 @@ handle_mt_purge (struct TALER_CRYPTO_RsaDenominationHelper *dh, &pn->h_rsa, NULL, NULL, - NULL); + NULL, + false); return GNUNET_OK; } diff --git a/src/util/taler-exchange-secmod-rsa.c b/src/util/taler-exchange-secmod-rsa.c index 343ae3c43..0711fd7a5 100644 --- a/src/util/taler-exchange-secmod-rsa.c +++ b/src/util/taler-exchange-secmod-rsa.c @@ -1,18 +1,18 @@ /* - This file is part of TALER - Copyright (C) 2014-2021 Taler Systems SA + This file is part of TALER + Copyright (C) 2014-2021 Taler Systems SA - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU General Public License for more details. + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License along with - TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> -*/ + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ /** * @file util/taler-exchange-secmod-rsa.c * @brief Standalone process to perform private key RSA operations @@ -156,6 +156,11 @@ struct Denomination * Length of (new) RSA keys (in bits). */ uint32_t rsa_keysize; + + /** + * Is the denomination age restricted? 0 == false + */ + uint8_t age_restricted; }; @@ -258,6 +263,7 @@ notify_client_dk_add (struct TES_Client *client, an->section_name_len = htons ((uint16_t) nlen); an->anchor_time = GNUNET_TIME_absolute_hton (dk->anchor); an->duration_withdraw = GNUNET_TIME_relative_hton (denom->duration_withdraw); + an->age_restricted = denom->age_restricted; TALER_exchange_secmod_rsa_sign (&dk->h_rsa, denom->section, dk->anchor, @@ -1256,6 +1262,24 @@ parse_denomination_cfg (const struct GNUNET_CONFIGURATION_Handle *cfg, } denom->rsa_keysize = (unsigned int) rsa_keysize; denom->section = GNUNET_strdup (ct); + if (GNUNET_OK == (GNUNET_CONFIGURATION_have_value (cfg, + ct, + "AGE_RESTRICTED"))) + { + enum GNUNET_GenericReturnValue ret; + if (GNUNET_SYSERR == (ret = GNUNET_CONFIGURATION_get_value_yesno (cfg, + ct, + "AGE_RESTRICTED"))) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + ct, + "AGE_RESTRICTED", + "Value must be YES or NO\n"); + return GNUNET_SYSERR; + } + denom->age_restricted = (ret == GNUNET_OK) ? 1 : 0; + } + return GNUNET_OK; } @@ -1522,8 +1546,8 @@ main (int argc, (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH); /* force linker to link against libtalerutil; if we do - not do this, the linker may "optimize" libtalerutil - away and skip #TALER_OS_init(), which we do need */ + not do this, the linker may "optimize" libtalerutil + away and skip #TALER_OS_init(), which we do need */ TALER_OS_init (); now = now_tmp = GNUNET_TIME_absolute_get (); ret = GNUNET_PROGRAM_run (argc, argv, diff --git a/src/util/taler-exchange-secmod-rsa.h b/src/util/taler-exchange-secmod-rsa.h index b0fdfbd96..9207e705a 100644 --- a/src/util/taler-exchange-secmod-rsa.h +++ b/src/util/taler-exchange-secmod-rsa.h @@ -77,6 +77,11 @@ struct TALER_CRYPTO_RsaKeyAvailableNotification */ struct TALER_SecurityModuleSignatureP secm_sig; + /** + * Indicator for age restriction + */ + uint8_t age_restricted; + /* followed by @e pub_size bytes of the RSA public key */ /* followed by @e section_name bytes of the configuration section name diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c index 14ff2bfab..80a36fd0d 100644 --- a/src/util/test_helper_rsa.c +++ b/src/util/test_helper_rsa.c @@ -133,6 +133,7 @@ free_keys (void) * @param sm_pub public key of the security module, NULL if the key was revoked or purged * @param sm_sig signature from the security module, NULL if the key was revoked or purged * The signature was already verified against @a sm_pub. + * @param age_restricted indication if denomination is age restricted */ static void key_cb (void *cls, @@ -142,7 +143,8 @@ key_cb (void *cls, const struct TALER_RsaPubHashP *h_rsa, const struct TALER_DenominationPublicKey *denom_pub, const struct TALER_SecurityModulePublicKeyP *sm_pub, - const struct TALER_SecurityModuleSignatureP *sm_sig) + const struct TALER_SecurityModuleSignatureP *sm_sig, + bool age_restricted) { (void) cls; (void) sm_pub; @@ -186,6 +188,7 @@ key_cb (void *cls, keys[i].validity_duration = validity_duration; TALER_denom_pub_deep_copy (&keys[i].denom_pub, denom_pub); + /* FIXME-oec: take age_restriction into account!? */ num_keys++; return; } |