aboutsummaryrefslogtreecommitdiff
path: root/src/util
diff options
context:
space:
mode:
authorÖzgür Kesim <oec-taler@kesim.org>2021-11-14 16:39:42 +0100
committerÖzgür Kesim <oec-taler@kesim.org>2021-11-14 16:39:42 +0100
commitc97979d00ab68915b0d354a1424e420ef84b7723 (patch)
tree7990098ab493ea5e164120f630e06c8fc6e5cc02 /src/util
parent7c510388b9d789c35fc05bead7677b3de52a318e (diff)
age restriction (load per denomination). 3/n
Diffstat (limited to 'src/util')
-rw-r--r--src/util/crypto.c31
-rw-r--r--src/util/crypto_helper_denom.c4
-rw-r--r--src/util/extension_age_restriction.c4
-rw-r--r--src/util/taler-exchange-secmod-rsa.c27
4 files changed, 57 insertions, 9 deletions
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 67cf14b4..2d3a569a 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -320,10 +320,33 @@ void
TALER_coin_pub_hash (const struct TALER_CoinSpendPublicKeyP *coin_pub,
struct TALER_CoinPubHash *coin_h)
{
- // FIXME-Oec: hash over age-restriction, too
- GNUNET_CRYPTO_hash (&coin_pub->eddsa_pub,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
- &coin_h->hash);
+ if (GNUNET_is_zero (&coin_pub->age_commitment_hash))
+ {
+ /* No age commitment was set */
+ GNUNET_CRYPTO_hash (&coin_pub->eddsa_pub,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
+ &coin_h->hash);
+ }
+ else
+ {
+ /* Coin comes with age commitment. Take the hash of the age commitment
+ * into account */
+ const size_t key_s = sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey);
+ const size_t age_s = sizeof(struct TALER_AgeHash);
+ char data[key_s + age_s];
+
+ GNUNET_memcpy (&data[0],
+ &coin_pub->eddsa_pub,
+ key_s);
+
+ GNUNET_memcpy (&data[key_s],
+ &coin_pub->age_commitment_hash,
+ age_s);
+
+ GNUNET_CRYPTO_hash (&data,
+ key_s + age_s,
+ &coin_h->hash);
+ }
}
diff --git a/src/util/crypto_helper_denom.c b/src/util/crypto_helper_denom.c
index e1cd2b6b..02ac2cb2 100644
--- a/src/util/crypto_helper_denom.c
+++ b/src/util/crypto_helper_denom.c
@@ -281,10 +281,12 @@ TALER_CRYPTO_helper_denom_connect (
}
/* Extract the age groups from the config, if the extension has been set,
- * and serialize them into the age mask */
+ * and serialize them into the age mask
+ */
if (GNUNET_OK !=
TALER_get_age_mask (cfg, &dh->age_mask))
{
+ /* FIXME: maybe more specific error? */
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"extensions", /* FIXME: right section etc? */
"age-restriction",
diff --git a/src/util/extension_age_restriction.c b/src/util/extension_age_restriction.c
index 64ecaa31..dbb4f3e2 100644
--- a/src/util/extension_age_restriction.c
+++ b/src/util/extension_age_restriction.c
@@ -30,8 +30,8 @@
* invalid, OK otherwise.
*/
enum GNUNET_GenericReturnValue
-TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg, struct
- TALER_AgeMask *mask)
+TALER_get_age_mask (const struct GNUNET_CONFIGURATION_Handle *cfg,
+ struct TALER_AgeMask *mask)
{
/* FIXME-Oec:
*
diff --git a/src/util/taler-exchange-secmod-rsa.c b/src/util/taler-exchange-secmod-rsa.c
index e996f14e..49b241b2 100644
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@@ -39,6 +39,7 @@
#include <pthread.h>
#include <sys/eventfd.h>
#include "taler_error_codes.h"
+#include "taler_extensions.h"
#include "taler_signatures.h"
#include "secmod_common.h"
@@ -151,6 +152,14 @@ struct Denomination
* Length of (new) RSA keys (in bits).
*/
uint32_t rsa_keysize;
+
+ /**
+ * Age Restriction Mask.
+ * If non-zero, it defines the age restriction groups that apply to this
+ * denomination.
+ */
+ struct TALER_AgeMask age_mask;
+
};
@@ -1422,10 +1431,9 @@ parse_key (struct Denomination *denom,
struct TALER_DenominationPublicKey pub;
struct DenominationKey *dk;
struct DenominationKey *before;
- struct TALER_AgeMask age_mask = { .mask = 0 }; /* FIXME-Oec */
TALER_denom_priv_to_pub (&priv,
- age_mask,
+ denom->age_mask,
&pub);
dk = GNUNET_new (struct DenominationKey);
dk->denom_priv = priv;
@@ -1645,6 +1653,21 @@ parse_denomination_cfg (const char *ct,
}
denom->rsa_keysize = (unsigned int) rsa_keysize;
denom->section = GNUNET_strdup (ct);
+
+ /* Load the (optional) age groups/mask for this denomination */
+ denom->age_mask.mask = 0;
+ if (GNUNET_YES != GNUNET_CONFIGURATION_get_value_yesno (kcfg, ct,
+ "age-restricted"))
+ {
+ if (GNUNET_OK != TALER_get_age_mask (kcfg, &denom->age_mask))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "extenstions",
+ "age-restriction",
+ "invalid age groups");
+ return GNUNET_SYSERR;
+ }
+ }
return GNUNET_OK;
}