From cc7d7707ab2bd43bc9e95c0eeec9ce95cdc0c523 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=96zg=C3=BCr=20Kesim?= <oec-taler@kesim.org>
Date: Sat, 8 Jan 2022 14:40:20 +0100
Subject: [age restriction] progress 10/n

More work towards support for extensions:
- Prepared statements and DB-plugin-functions for setting and retrieving
  configurations from the database added.
- primitive "registry" of extensions for age restrictions and peer2peer
  (stub)
- TALER_Extensions now with FP for parsing, setting and converting a
  configuration.
- /management/extensions handler now verifies signature of the (opaque)
  json object for all extensions.
- /management/extensions handler calls the FP in the corrensponding
  TALER_Extension for parsing and setting the configuration of a
  particular extension

More work towards age restriction:
- TALER_Extensions interfaces for config-parser, -setter and converter
  implemented for age restriction
- DB event handler now retrieves config from database, parses it and
  sets it (the age mask) in the global extension.
- load_age_mask now loads age mask from the global extension (and not
  from the config file)
- add age_restricted_denoms to /keys response
---
 src/include/taler_crypto_lib.h        | 30 ++++++++++++-----
 src/include/taler_exchangedb_plugin.h | 29 +++++++++++++++-
 src/include/taler_extensions.h        | 63 ++++++++++++++++++++++++++++++++---
 src/include/taler_json_lib.h          | 13 ++++++--
 src/include/taler_signatures.h        | 26 +++------------
 5 files changed, 123 insertions(+), 38 deletions(-)

(limited to 'src/include')

diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 4ffee54c9..e608effa6 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -542,6 +542,19 @@ struct TALER_PickupIdentifierP
 };
 
 
+/**
+ * @brief Salted hash over the JSON object representing the configuration of an
+ * extension.
+ */
+struct TALER_ExtensionConfigHash
+{
+  /**
+   * Actual hash value.
+   */
+  struct GNUNET_HashCode hash;
+};
+
+
 GNUNET_NETWORK_STRUCT_END
 
 
@@ -2521,30 +2534,31 @@ TALER_merchant_wire_signature_make (
 /* **************** /management/extensions offline signing **************** */
 
 /**
- * Create a signature for age restriction groups
+ * Create a signature for the hash of the configuration of an extension
  *
- * @param mask The bitmask representing age groups
+ * @param h_config hash of the JSON object representing the configuration
  * @param master_priv private key to sign with
  * @param[out] master_sig where to write the signature
  */
 void
-TALER_exchange_offline_extension_agemask_sign (
-  const struct TALER_AgeMask mask,
+TALER_exchange_offline_extension_config_hash_sign (
+  const struct TALER_ExtensionConfigHash h_config,
   const struct TALER_MasterPrivateKeyP *master_priv,
   struct TALER_MasterSignatureP *master_sig);
 
 
 /**
- * Verify the signature in @a master_sig.
+ * Verify the signature in @a master_sig of the given hash, taken over the JSON
+ * blob representing the configuration of an extension
  *
- * @param mask bit mask representing an age group for age restriction
+ * @param h_config hash of the JSON blob of a configuration of an extension
  * @param master_pub master public key of the exchange
  * @param master_sig signature of the exchange
  * @return #GNUNET_OK if signature is valid
  */
 enum GNUNET_GenericReturnValue
-TALER_exchange_offline_extension_agemask_verify (
-  const struct TALER_AgeMask mask,
+TALER_exchange_offline_extension_config_hash_verify (
+  const struct TALER_ExtensionConfigHash h_config,
   const struct TALER_MasterPublicKeyP *master_pub,
   const struct TALER_MasterSignatureP *master_sig
   );
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index ee691084e..4aa80b674 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -4025,8 +4025,35 @@ struct TALER_EXCHANGEDB_Plugin
   (*delete_shard_locks)(void *cls);
 
   /**
-   * TODO-oec: add function for adding extension config
+   * Function called to save the configuration of an extension
+   * (age-restriction, peer2peer, ...)
+   *
+   * @param cls the @e cls of this struct with the plugin-specific state
+   * @param extension_name the name of the extension
+   * @param config JSON object of the configuration as string
+   * @param config_sig signature of the configuration by the offline master key
+   * @return transaction status code
    */
+  enum GNUNET_DB_QueryStatus
+  (*set_extension_config)(void *cls,
+                          const char *extension_name,
+                          const char *config,
+                          const struct TALER_MasterSignatureP *config_sig);
+
+  /**
+   * Function called to retrieve the configuration of an extension
+   * (age-restriction, peer2peer, ...)
+   *
+   * @param cls the @e cls of this struct with the plugin-specific state
+   * @param extension_name the name of the extension
+   * @param[out] config JSON object of the configuration as string
+   * @param[out] config_sig signature of the configuration by the master key
+   * @return transaction status code
+   */
+  enum GNUNET_DB_QueryStatus
+  (*get_extension_config)(void *cls,
+                          const char *extension_name,
+                          char **config);
 
 };
 
diff --git a/src/include/taler_extensions.h b/src/include/taler_extensions.h
index b6d5c826c..199776eb7 100644
--- a/src/include/taler_extensions.h
+++ b/src/include/taler_extensions.h
@@ -23,6 +23,7 @@
 
 #include <gnunet/gnunet_util_lib.h>
 #include "taler_crypto_lib.h"
+#include "taler_json_lib.h"
 
 
 #define TALER_EXTENSION_SECTION_PREFIX "exchange-extension-"
@@ -39,22 +40,42 @@ enum TALER_Extension_Type
 {
   TALER_Extension_AgeRestriction = 0,
   TALER_Extension_Peer2Peer = 1,
-  TALER_Extension_Max = 2
+  TALER_Extension_Max = 2 // Must be last
 };
 
+/*
+ * TODO oec: documentation
+ */
 struct TALER_Extension
 {
   enum TALER_Extension_Type type;
   char *name;
   bool critical;
   void *config;
+
+  enum GNUNET_GenericReturnValue (*test_config)(const json_t *config);
+  enum GNUNET_GenericReturnValue (*parse_and_set_config)(struct
+                                                         TALER_Extension *this,
+                                                         const json_t *config);
+  json_t *(*config_to_json)(const struct TALER_Extension *this);
 };
 
-/*
- * TALER Peer2Peer Extension
- * FIXME oec
+/**
+ * Generic functions for extensions
  */
 
+/**
+ * Finds and returns a supported extension by a given name.
+ *
+ * @param name name of the extension to lookup
+ * @param extensions list of TALER_Extensions as haystack, terminated by an entry of type TALER_Extension_Max
+ * @param[out] ext set to the extension, if found, NULL otherwise
+ * @return GNUNET_OK if extension was found, GNUNET_NO otherwise
+ */
+enum GNUNET_GenericReturnValue
+TALER_extension_get_by_name (const char *name,
+                             const struct TALER_Extension **extensions,
+                             const struct TALER_Extension **ext);
 
 /*
  * TALER Age Restriction Extension
@@ -72,7 +93,19 @@ struct TALER_Extension
                                                 << 21)
 
 /**
- * @param groups String representation of age groups, like: "8:10:12:14:16:18:21"
+ * @brief Parses a string as a list of age groups.
+ *
+ * The string must consist of a colon-separated list of increasing integers
+ * between 0 and 31.  Each entry represents the beginning of a new age group.
+ * F.e. the string "8:10:12:14:16:18:21" parses into the following list of age
+ * groups
+ *   0-7, 8-9, 10-11, 12-13, 14-15, 16-17, 18-20, 21-...
+ * which then is represented as bit mask with the corresponding bits set:
+ *   31     24        16        8         0
+ *   |      |         |         |         |
+ *   oooooooo  oo1oo1o1  o1o1o1o1  ooooooo1
+ *
+ * @param groups String representation of age groups
  * @param[out] mask Mask representation for age restriction.
  * @return Error, if age groups were invalid, OK otherwise.
  */
@@ -81,6 +114,19 @@ TALER_parse_age_group_string (char *groups,
                               struct TALER_AgeMask *mask);
 
 /**
+ * Encodes the age mask into a string, like "8:10:12:14:16:18:21"
+ *
+ * @param mask Age mask
+ * @return String representation of the age mask, allocated by GNUNET_malloc.
+ *         Can be used as value in the TALER config.
+ */
+char *
+TALER_age_mask_to_string (const struct TALER_AgeMask *mask);
+
+
+/**
+ * @brief Reads the age groups from the configuration and sets the
+ * corresponding age mask.
  *
  * @param cfg
  * @param[out] mask for age restriction, will be set to 0 if age restriction is disabled.
@@ -90,4 +136,11 @@ TALER_parse_age_group_string (char *groups,
 enum TALER_Extension_ReturnValue
 TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg,
                     struct TALER_AgeMask *mask);
+
+
+/*
+ * TALER Peer2Peer Extension
+ * TODO oec
+ */
+
 #endif
diff --git a/src/include/taler_json_lib.h b/src/include/taler_json_lib.h
index ac8793ebc..102b3a6ff 100644
--- a/src/include/taler_json_lib.h
+++ b/src/include/taler_json_lib.h
@@ -532,7 +532,7 @@ TALER_JSON_wire_to_payto (const json_t *wire_s);
 
 
 /**
- * Hash @a extensions.
+ * Hash @a extensions in deposits.
  *
  * @param extensions contract extensions to hash
  * @param[out] ech where to write the extension hash
@@ -541,6 +541,16 @@ void
 TALER_deposit_extension_hash (const json_t *extensions,
                               struct TALER_ExtensionContractHash *ech);
 
+/**
+ * Hash the @a config of an extension, given as JSON
+ *
+ * @param config configuration of the extension
+ * @param[out] eh where to write the extension hash
+ * @return GNUNET_OK on success, GNUNET_SYSERR on failure
+ */
+enum GNUNET_GenericReturnValue
+TALER_extension_config_hash (const json_t *config,
+                             struct TALER_ExtensionConfigHash *eh);
 
 /**
  * Parses a JSON object { "extension": "age_restriction", "mask": <uint32> }.
@@ -553,7 +563,6 @@ enum GNUNET_GenericReturnValue
 TALER_agemask_parse_json (const json_t *root,
                           struct TALER_AgeMask *mask);
 
-
 #endif /* TALER_JSON_LIB_H_ */
 
 /* End of taler_json_lib.h */
diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h
index d9fa7065b..947c7e831 100644
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@@ -967,9 +967,9 @@ struct TALER_MasterDelWirePS
 
 /*
  * @brief Signature made by the exchange offline key over the
- * configuration of the age restriction extension.
+ * configuration of an extension.
  */
-struct TALER_MasterExtensionAgeRestrictionPS
+struct TALER_MasterExtensionConfigurationPS
 {
   /**
    * Purpose is #TALER_SIGNATURE_MASTER_EXTENSION.   Signed
@@ -978,29 +978,11 @@ struct TALER_MasterExtensionAgeRestrictionPS
   struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
 
   /**
-   * Bit mask representing the lits of age groups, see TALER_AgeMask for a
-   * description.
+   * Hash of the JSON object that represents the configuration of an extension.
    */
-  struct TALER_AgeMask mask;
+  struct TALER_ExtensionConfigHash h_config GNUNET_PACKED;
 };
 
-#if 0
-/*
- * @brief Signature made by the exchange offline key over the
- * configuration of the peer2peer extension.
- */
-struct TALER_MasterExtensionPeer2PeerPS
-{
-  /**
-   * Purpose is #TALER_SIGNATURE_MASTER_EXTENSION.   Signed
-   * by a `struct TALER_MasterPublicKeyP` using EdDSA.
-   */
-  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
-
-  // TODO oec
-};
-#endif
-
 /**
  * @brief Information about a denomination key. Denomination keys
  * are used to sign coins of a certain value into existence.
-- 
cgit v1.2.3