aboutsummaryrefslogtreecommitdiff
path: root/src/include/taler_exchangedb_plugin.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/taler_exchangedb_plugin.h')
-rw-r--r--src/include/taler_exchangedb_plugin.h79
1 files changed, 52 insertions, 27 deletions
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index 260fab3ca..6b86dc3ce 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -27,49 +27,72 @@
#include "taler_signatures.h"
-GNUNET_NETWORK_STRUCT_BEGIN
-
/**
- * @brief On disk format used for a exchange signing key. Signing keys are used
- * by the exchange to affirm its messages, but not to create coins.
- * Includes the private key followed by the public information about
- * the signing key.
+ * Information about a denomination key.
*/
-struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP
+struct TALER_EXCHANGEDB_DenominationKeyInformation
{
+
/**
- * Private key part of the exchange's signing key.
+ * Signature over this struct to affirm the validity of the key.
*/
- struct TALER_ExchangePrivateKeyP signkey_priv;
+ struct TALER_MasterSignatureP signature;
/**
- * Signature over @e issue
+ * Start time of the validity period for this key.
*/
- struct TALER_MasterSignatureP master_sig;
+ struct GNUNET_TIME_Timestamp start;
/**
- * Public information about a exchange signing key.
+ * The exchange will sign fresh coins between @e start and this time.
+ * @e expire_withdraw will be somewhat larger than @e start to
+ * ensure a sufficiently large anonymity set, while also allowing
+ * the Exchange to limit the financial damage in case of a key being
+ * compromised. Thus, exchanges with low volume are expected to have a
+ * longer withdraw period (@e expire_withdraw - @e start) than exchanges
+ * with high transaction volume. The period may also differ between
+ * types of coins. A exchange may also have a few denomination keys
+ * with the same value with overlapping validity periods, to address
+ * issues such as clock skew.
*/
- struct TALER_ExchangeSigningKeyValidityPS issue;
+ struct GNUNET_TIME_Timestamp expire_withdraw;
-};
+ /**
+ * Coins signed with the denomination key must be spent or refreshed
+ * between @e start and this expiration time. After this time, the
+ * exchange will refuse transactions involving this key as it will
+ * "drop" the table with double-spending information (shortly after)
+ * this time. Note that wallets should refresh coins significantly
+ * before this time to be on the safe side. @e expire_deposit must be
+ * significantly larger than @e expire_withdraw (by months or even
+ * years).
+ */
+ struct GNUNET_TIME_Timestamp expire_deposit;
+ /**
+ * When do signatures with this denomination key become invalid?
+ * After this point, these signatures cannot be used in (legal)
+ * disputes anymore, as the Exchange is then allowed to destroy its side
+ * of the evidence. @e expire_legal is expected to be significantly
+ * larger than @e expire_deposit (by a year or more).
+ */
+ struct GNUNET_TIME_Timestamp expire_legal;
-/**
- * Information about a denomination key.
- */
-struct TALER_EXCHANGEDB_DenominationKeyInformationP
-{
+ /**
+ * The value of the coins signed with this denomination key.
+ */
+ struct TALER_Amount value;
/**
- * Signature over this struct to affirm the validity of the key.
+ * Fees for the coin.
*/
- struct TALER_MasterSignatureP signature;
+ struct TALER_DenomFeeSet fees;
/**
- * Signed properties of the denomination key.
+ * Hash code of the denomination public key. (Used to avoid having
+ * the variable-size RSA key in this struct.)
*/
- struct TALER_DenominationKeyValidityPS properties;
+ struct TALER_DenominationHashP denom_hash;
/**
* If denomination was setup for age restriction, non-zero age mask.
@@ -79,6 +102,8 @@ struct TALER_EXCHANGEDB_DenominationKeyInformationP
};
+GNUNET_NETWORK_STRUCT_BEGIN
+
/**
* Signature of events signalling a reserve got funding.
*/
@@ -474,7 +499,7 @@ struct TALER_EXCHANGEDB_DenominationKey
/**
* Signed public information about a denomination key.
*/
- struct TALER_EXCHANGEDB_DenominationKeyInformationP issue;
+ struct TALER_EXCHANGEDB_DenominationKeyInformation issue;
};
@@ -2188,7 +2213,7 @@ typedef void
(*TALER_EXCHANGEDB_DenominationCallback)(
void *cls,
const struct TALER_DenominationPublicKey *denom_pub,
- const struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue);
+ const struct TALER_EXCHANGEDB_DenominationKeyInformation *issue);
/**
@@ -2358,7 +2383,7 @@ struct TALER_EXCHANGEDB_Plugin
(*insert_denomination_info)(
void *cls,
const struct TALER_DenominationPublicKey *denom_pub,
- const struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue);
+ const struct TALER_EXCHANGEDB_DenominationKeyInformation *issue);
/**
@@ -2373,7 +2398,7 @@ struct TALER_EXCHANGEDB_Plugin
(*get_denomination_info)(
void *cls,
const struct TALER_DenominationHashP *denom_pub_hash,
- struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue);
+ struct TALER_EXCHANGEDB_DenominationKeyInformation *issue);
/**