diff options
Diffstat (limited to 'src/include/taler_exchangedb_plugin.h')
-rw-r--r-- | src/include/taler_exchangedb_plugin.h | 79 |
1 files changed, 52 insertions, 27 deletions
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 260fab3ca..6b86dc3ce 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -27,49 +27,72 @@ #include "taler_signatures.h" -GNUNET_NETWORK_STRUCT_BEGIN - /** - * @brief On disk format used for a exchange signing key. Signing keys are used - * by the exchange to affirm its messages, but not to create coins. - * Includes the private key followed by the public information about - * the signing key. + * Information about a denomination key. */ -struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP +struct TALER_EXCHANGEDB_DenominationKeyInformation { + /** - * Private key part of the exchange's signing key. + * Signature over this struct to affirm the validity of the key. */ - struct TALER_ExchangePrivateKeyP signkey_priv; + struct TALER_MasterSignatureP signature; /** - * Signature over @e issue + * Start time of the validity period for this key. */ - struct TALER_MasterSignatureP master_sig; + struct GNUNET_TIME_Timestamp start; /** - * Public information about a exchange signing key. + * The exchange will sign fresh coins between @e start and this time. + * @e expire_withdraw will be somewhat larger than @e start to + * ensure a sufficiently large anonymity set, while also allowing + * the Exchange to limit the financial damage in case of a key being + * compromised. Thus, exchanges with low volume are expected to have a + * longer withdraw period (@e expire_withdraw - @e start) than exchanges + * with high transaction volume. The period may also differ between + * types of coins. A exchange may also have a few denomination keys + * with the same value with overlapping validity periods, to address + * issues such as clock skew. */ - struct TALER_ExchangeSigningKeyValidityPS issue; + struct GNUNET_TIME_Timestamp expire_withdraw; -}; + /** + * Coins signed with the denomination key must be spent or refreshed + * between @e start and this expiration time. After this time, the + * exchange will refuse transactions involving this key as it will + * "drop" the table with double-spending information (shortly after) + * this time. Note that wallets should refresh coins significantly + * before this time to be on the safe side. @e expire_deposit must be + * significantly larger than @e expire_withdraw (by months or even + * years). + */ + struct GNUNET_TIME_Timestamp expire_deposit; + /** + * When do signatures with this denomination key become invalid? + * After this point, these signatures cannot be used in (legal) + * disputes anymore, as the Exchange is then allowed to destroy its side + * of the evidence. @e expire_legal is expected to be significantly + * larger than @e expire_deposit (by a year or more). + */ + struct GNUNET_TIME_Timestamp expire_legal; -/** - * Information about a denomination key. - */ -struct TALER_EXCHANGEDB_DenominationKeyInformationP -{ + /** + * The value of the coins signed with this denomination key. + */ + struct TALER_Amount value; /** - * Signature over this struct to affirm the validity of the key. + * Fees for the coin. */ - struct TALER_MasterSignatureP signature; + struct TALER_DenomFeeSet fees; /** - * Signed properties of the denomination key. + * Hash code of the denomination public key. (Used to avoid having + * the variable-size RSA key in this struct.) */ - struct TALER_DenominationKeyValidityPS properties; + struct TALER_DenominationHashP denom_hash; /** * If denomination was setup for age restriction, non-zero age mask. @@ -79,6 +102,8 @@ struct TALER_EXCHANGEDB_DenominationKeyInformationP }; +GNUNET_NETWORK_STRUCT_BEGIN + /** * Signature of events signalling a reserve got funding. */ @@ -474,7 +499,7 @@ struct TALER_EXCHANGEDB_DenominationKey /** * Signed public information about a denomination key. */ - struct TALER_EXCHANGEDB_DenominationKeyInformationP issue; + struct TALER_EXCHANGEDB_DenominationKeyInformation issue; }; @@ -2188,7 +2213,7 @@ typedef void (*TALER_EXCHANGEDB_DenominationCallback)( void *cls, const struct TALER_DenominationPublicKey *denom_pub, - const struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue); + const struct TALER_EXCHANGEDB_DenominationKeyInformation *issue); /** @@ -2358,7 +2383,7 @@ struct TALER_EXCHANGEDB_Plugin (*insert_denomination_info)( void *cls, const struct TALER_DenominationPublicKey *denom_pub, - const struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue); + const struct TALER_EXCHANGEDB_DenominationKeyInformation *issue); /** @@ -2373,7 +2398,7 @@ struct TALER_EXCHANGEDB_Plugin (*get_denomination_info)( void *cls, const struct TALER_DenominationHashP *denom_pub_hash, - struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue); + struct TALER_EXCHANGEDB_DenominationKeyInformation *issue); /** |