diff options
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/taler_crypto_lib.h | 126 | ||||
| -rw-r--r-- | src/include/taler_exchangedb_plugin.h | 79 | 
2 files changed, 52 insertions, 153 deletions
| diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 9276ab14..bafcca08 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -1456,132 +1456,6 @@ struct TALER_ExchangeWithdrawValues  /** - * @brief Information about a signing key of the exchange.  Signing keys are used - * to sign exchange messages other than coins, i.e. to confirm that a - * deposit was successful or that a refresh was accepted. - * - * FIXME: remove this from the public API... - */ -struct TALER_ExchangeSigningKeyValidityPS -{ - -  /** -   * Purpose is #TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY. -   */ -  struct GNUNET_CRYPTO_EccSignaturePurpose purpose; - -  /** -   * When does this signing key begin to be valid? -   */ -  struct GNUNET_TIME_TimestampNBO start; - -  /** -   * When does this signing key expire? Note: This is currently when -   * the Exchange will definitively stop using it.  Signatures made with -   * the key remain valid until @e end.  When checking validity periods, -   * clients should allow for some overlap between keys and tolerate -   * the use of either key during the overlap time (due to the -   * possibility of clock skew). -   */ -  struct GNUNET_TIME_TimestampNBO expire; - -  /** -   * When do signatures with this signing key become invalid?  After -   * this point, these signatures cannot be used in (legal) disputes -   * anymore, as the Exchange is then allowed to destroy its side of the -   * evidence.  @e end is expected to be significantly larger than @e -   * expire (by a year or more). -   */ -  struct GNUNET_TIME_TimestampNBO end; - -  /** -   * The public online signing key that the exchange will use -   * between @e start and @e expire. -   */ -  struct TALER_ExchangePublicKeyP signkey_pub; -}; - - -/** - * @brief Information about a denomination key. Denomination keys - * are used to sign coins of a certain value into existence. - * - * FIXME: remove this from the public API... - */ -struct TALER_DenominationKeyValidityPS -{ - -  /** -   * Purpose is #TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY. -   */ -  struct GNUNET_CRYPTO_EccSignaturePurpose purpose; - -  /** -   * The long-term offline master key of the exchange that was -   * used to create @e signature. -   */ -  struct TALER_MasterPublicKeyP master; - -  /** -   * Start time of the validity period for this key. -   */ -  struct GNUNET_TIME_TimestampNBO start; - -  /** -   * The exchange will sign fresh coins between @e start and this time. -   * @e expire_withdraw will be somewhat larger than @e start to -   * ensure a sufficiently large anonymity set, while also allowing -   * the Exchange to limit the financial damage in case of a key being -   * compromised.  Thus, exchanges with low volume are expected to have a -   * longer withdraw period (@e expire_withdraw - @e start) than exchanges -   * with high transaction volume.  The period may also differ between -   * types of coins.  A exchange may also have a few denomination keys -   * with the same value with overlapping validity periods, to address -   * issues such as clock skew. -   */ -  struct GNUNET_TIME_TimestampNBO expire_withdraw; - -  /** -   * Coins signed with the denomination key must be spent or refreshed -   * between @e start and this expiration time.  After this time, the -   * exchange will refuse transactions involving this key as it will -   * "drop" the table with double-spending information (shortly after) -   * this time.  Note that wallets should refresh coins significantly -   * before this time to be on the safe side.  @e expire_deposit must be -   * significantly larger than @e expire_withdraw (by months or even -   * years). -   */ -  struct GNUNET_TIME_TimestampNBO expire_deposit; - -  /** -   * When do signatures with this denomination key become invalid? -   * After this point, these signatures cannot be used in (legal) -   * disputes anymore, as the Exchange is then allowed to destroy its side -   * of the evidence.  @e expire_legal is expected to be significantly -   * larger than @e expire_deposit (by a year or more). -   */ -  struct GNUNET_TIME_TimestampNBO expire_legal; - -  /** -   * The value of the coins signed with this denomination key. -   */ -  struct TALER_AmountNBO value; - -  /** -   * Fees for the coin. -   */ -  struct TALER_DenomFeeSetNBOP fees; - -  /** -   * Hash code of the denomination public key. (Used to avoid having -   * the variable-size RSA key in this struct.) -   */ -  struct TALER_DenominationHashP denom_hash GNUNET_PACKED; - -}; - - -/**   * Free internals of @a denom_pub, but not @a denom_pub itself.   *   * @param[in] denom_pub key to free diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 260fab3c..6b86dc3c 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -27,49 +27,72 @@  #include "taler_signatures.h" -GNUNET_NETWORK_STRUCT_BEGIN -  /** - * @brief On disk format used for a exchange signing key.  Signing keys are used - * by the exchange to affirm its messages, but not to create coins. - * Includes the private key followed by the public information about - * the signing key. + * Information about a denomination key.   */ -struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP +struct TALER_EXCHANGEDB_DenominationKeyInformation  { +    /** -   * Private key part of the exchange's signing key. +   * Signature over this struct to affirm the validity of the key.     */ -  struct TALER_ExchangePrivateKeyP signkey_priv; +  struct TALER_MasterSignatureP signature;    /** -   * Signature over @e issue +   * Start time of the validity period for this key.     */ -  struct TALER_MasterSignatureP master_sig; +  struct GNUNET_TIME_Timestamp start;    /** -   * Public information about a exchange signing key. +   * The exchange will sign fresh coins between @e start and this time. +   * @e expire_withdraw will be somewhat larger than @e start to +   * ensure a sufficiently large anonymity set, while also allowing +   * the Exchange to limit the financial damage in case of a key being +   * compromised.  Thus, exchanges with low volume are expected to have a +   * longer withdraw period (@e expire_withdraw - @e start) than exchanges +   * with high transaction volume.  The period may also differ between +   * types of coins.  A exchange may also have a few denomination keys +   * with the same value with overlapping validity periods, to address +   * issues such as clock skew.     */ -  struct TALER_ExchangeSigningKeyValidityPS issue; +  struct GNUNET_TIME_Timestamp expire_withdraw; -}; +  /** +   * Coins signed with the denomination key must be spent or refreshed +   * between @e start and this expiration time.  After this time, the +   * exchange will refuse transactions involving this key as it will +   * "drop" the table with double-spending information (shortly after) +   * this time.  Note that wallets should refresh coins significantly +   * before this time to be on the safe side.  @e expire_deposit must be +   * significantly larger than @e expire_withdraw (by months or even +   * years). +   */ +  struct GNUNET_TIME_Timestamp expire_deposit; +  /** +   * When do signatures with this denomination key become invalid? +   * After this point, these signatures cannot be used in (legal) +   * disputes anymore, as the Exchange is then allowed to destroy its side +   * of the evidence.  @e expire_legal is expected to be significantly +   * larger than @e expire_deposit (by a year or more). +   */ +  struct GNUNET_TIME_Timestamp expire_legal; -/** - * Information about a denomination key. - */ -struct TALER_EXCHANGEDB_DenominationKeyInformationP -{ +  /** +   * The value of the coins signed with this denomination key. +   */ +  struct TALER_Amount value;    /** -   * Signature over this struct to affirm the validity of the key. +   * Fees for the coin.     */ -  struct TALER_MasterSignatureP signature; +  struct TALER_DenomFeeSet fees;    /** -   * Signed properties of the denomination key. +   * Hash code of the denomination public key. (Used to avoid having +   * the variable-size RSA key in this struct.)     */ -  struct TALER_DenominationKeyValidityPS properties; +  struct TALER_DenominationHashP denom_hash;    /**     * If denomination was setup for age restriction, non-zero age mask. @@ -79,6 +102,8 @@ struct TALER_EXCHANGEDB_DenominationKeyInformationP  }; +GNUNET_NETWORK_STRUCT_BEGIN +  /**   * Signature of events signalling a reserve got funding.   */ @@ -474,7 +499,7 @@ struct TALER_EXCHANGEDB_DenominationKey    /**     * Signed public information about a denomination key.     */ -  struct TALER_EXCHANGEDB_DenominationKeyInformationP issue; +  struct TALER_EXCHANGEDB_DenominationKeyInformation issue;  }; @@ -2188,7 +2213,7 @@ typedef void  (*TALER_EXCHANGEDB_DenominationCallback)(    void *cls,    const struct TALER_DenominationPublicKey *denom_pub, -  const struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue); +  const struct TALER_EXCHANGEDB_DenominationKeyInformation *issue);  /** @@ -2358,7 +2383,7 @@ struct TALER_EXCHANGEDB_Plugin    (*insert_denomination_info)(      void *cls,      const struct TALER_DenominationPublicKey *denom_pub, -    const struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue); +    const struct TALER_EXCHANGEDB_DenominationKeyInformation *issue);    /** @@ -2373,7 +2398,7 @@ struct TALER_EXCHANGEDB_Plugin    (*get_denomination_info)(      void *cls,      const struct TALER_DenominationHashP *denom_pub_hash, -    struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue); +    struct TALER_EXCHANGEDB_DenominationKeyInformation *issue);    /** | 
