From c97979d00ab68915b0d354a1424e420ef84b7723 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96zg=C3=BCr=20Kesim?= Date: Sun, 14 Nov 2021 16:39:42 +0100 Subject: age restriction (load per denomination). 3/n --- src/include/taler_crypto_lib.h | 4 +++- src/include/taler_extensions.h | 4 ++-- src/lib/exchange_api_refreshes_reveal.c | 3 ++- src/util/crypto.c | 31 +++++++++++++++++++++++++++---- src/util/crypto_helper_denom.c | 4 +++- src/util/extension_age_restriction.c | 4 ++-- src/util/taler-exchange-secmod-rsa.c | 27 +++++++++++++++++++++++++-- 7 files changed, 64 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 7261d4de5..d354add1a 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -324,7 +324,9 @@ struct TALER_CoinSpendPublicKeyP struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; /* - * If age restriction applies to the coin, it must come with a hash of the age commitment + * If age restriction applies to the coin, it must come with a hash of the + * age commitment. A zero value indicates that the coin has no age + * commitment set. */ struct TALER_AgeHash age_commitment_hash; }; diff --git a/src/include/taler_extensions.h b/src/include/taler_extensions.h index c22a23b86..0ef69a78d 100644 --- a/src/include/taler_extensions.h +++ b/src/include/taler_extensions.h @@ -29,7 +29,7 @@ * invalid, OK otherwise. */ enum GNUNET_GenericReturnValue -TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg, struct - TALER_AgeMask *mask); +TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg, + struct TALER_AgeMask *mask); #endif diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c index 6e679d23d..fdd7e7eec 100644 --- a/src/lib/exchange_api_refreshes_reveal.c +++ b/src/lib/exchange_api_refreshes_reveal.c @@ -166,8 +166,9 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshesRevealHandle *rrh, hence recomputing it here... */ GNUNET_CRYPTO_eddsa_key_get_public (&fc->coin_priv.eddsa_priv, &coin_pub.eddsa_pub); + /* FIXME-Oec: Age commitment hash. + * must be put into coin_pub.age_mask */ TALER_coin_pub_hash (&coin_pub, - /* FIXME-Oec: Age commitment hash */ &coin_hash); if (GNUNET_OK != TALER_planchet_to_coin (pk, diff --git a/src/util/crypto.c b/src/util/crypto.c index 67cf14b42..2d3a569a4 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -320,10 +320,33 @@ void TALER_coin_pub_hash (const struct TALER_CoinSpendPublicKeyP *coin_pub, struct TALER_CoinPubHash *coin_h) { - // FIXME-Oec: hash over age-restriction, too - GNUNET_CRYPTO_hash (&coin_pub->eddsa_pub, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), - &coin_h->hash); + if (GNUNET_is_zero (&coin_pub->age_commitment_hash)) + { + /* No age commitment was set */ + GNUNET_CRYPTO_hash (&coin_pub->eddsa_pub, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), + &coin_h->hash); + } + else + { + /* Coin comes with age commitment. Take the hash of the age commitment + * into account */ + const size_t key_s = sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey); + const size_t age_s = sizeof(struct TALER_AgeHash); + char data[key_s + age_s]; + + GNUNET_memcpy (&data[0], + &coin_pub->eddsa_pub, + key_s); + + GNUNET_memcpy (&data[key_s], + &coin_pub->age_commitment_hash, + age_s); + + GNUNET_CRYPTO_hash (&data, + key_s + age_s, + &coin_h->hash); + } } diff --git a/src/util/crypto_helper_denom.c b/src/util/crypto_helper_denom.c index e1cd2b6ba..02ac2cb2d 100644 --- a/src/util/crypto_helper_denom.c +++ b/src/util/crypto_helper_denom.c @@ -281,10 +281,12 @@ TALER_CRYPTO_helper_denom_connect ( } /* Extract the age groups from the config, if the extension has been set, - * and serialize them into the age mask */ + * and serialize them into the age mask + */ if (GNUNET_OK != TALER_get_age_mask (cfg, &dh->age_mask)) { + /* FIXME: maybe more specific error? */ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, "extensions", /* FIXME: right section etc? */ "age-restriction", diff --git a/src/util/extension_age_restriction.c b/src/util/extension_age_restriction.c index 64ecaa31e..dbb4f3e23 100644 --- a/src/util/extension_age_restriction.c +++ b/src/util/extension_age_restriction.c @@ -30,8 +30,8 @@ * invalid, OK otherwise. */ enum GNUNET_GenericReturnValue -TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg, struct - TALER_AgeMask *mask) +TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg, + struct TALER_AgeMask *mask) { /* FIXME-Oec: * diff --git a/src/util/taler-exchange-secmod-rsa.c b/src/util/taler-exchange-secmod-rsa.c index e996f14ee..49b241b21 100644 --- a/src/util/taler-exchange-secmod-rsa.c +++ b/src/util/taler-exchange-secmod-rsa.c @@ -39,6 +39,7 @@ #include #include #include "taler_error_codes.h" +#include "taler_extensions.h" #include "taler_signatures.h" #include "secmod_common.h" @@ -151,6 +152,14 @@ struct Denomination * Length of (new) RSA keys (in bits). */ uint32_t rsa_keysize; + + /** + * Age Restriction Mask. + * If non-zero, it defines the age restriction groups that apply to this + * denomination. + */ + struct TALER_AgeMask age_mask; + }; @@ -1422,10 +1431,9 @@ parse_key (struct Denomination *denom, struct TALER_DenominationPublicKey pub; struct DenominationKey *dk; struct DenominationKey *before; - struct TALER_AgeMask age_mask = { .mask = 0 }; /* FIXME-Oec */ TALER_denom_priv_to_pub (&priv, - age_mask, + denom->age_mask, &pub); dk = GNUNET_new (struct DenominationKey); dk->denom_priv = priv; @@ -1645,6 +1653,21 @@ parse_denomination_cfg (const char *ct, } denom->rsa_keysize = (unsigned int) rsa_keysize; denom->section = GNUNET_strdup (ct); + + /* Load the (optional) age groups/mask for this denomination */ + denom->age_mask.mask = 0; + if (GNUNET_YES != GNUNET_CONFIGURATION_get_value_yesno (kcfg, ct, + "age-restricted")) + { + if (GNUNET_OK != TALER_get_age_mask (kcfg, &denom->age_mask)) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "extenstions", + "age-restriction", + "invalid age groups"); + return GNUNET_SYSERR; + } + } return GNUNET_OK; } -- cgit v1.2.3