diff options
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/taler_crypto_lib.h | 153 | ||||
| -rw-r--r-- | src/include/taler_exchangedb_plugin.h | 102 | ||||
| -rw-r--r-- | src/include/taler_signatures.h | 5 |
3 files changed, 104 insertions, 156 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 9276ab14..6b554dfb 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -1456,132 +1456,6 @@ struct TALER_ExchangeWithdrawValues /** - * @brief Information about a signing key of the exchange. Signing keys are used - * to sign exchange messages other than coins, i.e. to confirm that a - * deposit was successful or that a refresh was accepted. - * - * FIXME: remove this from the public API... - */ -struct TALER_ExchangeSigningKeyValidityPS -{ - - /** - * Purpose is #TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY. - */ - struct GNUNET_CRYPTO_EccSignaturePurpose purpose; - - /** - * When does this signing key begin to be valid? - */ - struct GNUNET_TIME_TimestampNBO start; - - /** - * When does this signing key expire? Note: This is currently when - * the Exchange will definitively stop using it. Signatures made with - * the key remain valid until @e end. When checking validity periods, - * clients should allow for some overlap between keys and tolerate - * the use of either key during the overlap time (due to the - * possibility of clock skew). - */ - struct GNUNET_TIME_TimestampNBO expire; - - /** - * When do signatures with this signing key become invalid? After - * this point, these signatures cannot be used in (legal) disputes - * anymore, as the Exchange is then allowed to destroy its side of the - * evidence. @e end is expected to be significantly larger than @e - * expire (by a year or more). - */ - struct GNUNET_TIME_TimestampNBO end; - - /** - * The public online signing key that the exchange will use - * between @e start and @e expire. - */ - struct TALER_ExchangePublicKeyP signkey_pub; -}; - - -/** - * @brief Information about a denomination key. Denomination keys - * are used to sign coins of a certain value into existence. - * - * FIXME: remove this from the public API... - */ -struct TALER_DenominationKeyValidityPS -{ - - /** - * Purpose is #TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY. - */ - struct GNUNET_CRYPTO_EccSignaturePurpose purpose; - - /** - * The long-term offline master key of the exchange that was - * used to create @e signature. - */ - struct TALER_MasterPublicKeyP master; - - /** - * Start time of the validity period for this key. - */ - struct GNUNET_TIME_TimestampNBO start; - - /** - * The exchange will sign fresh coins between @e start and this time. - * @e expire_withdraw will be somewhat larger than @e start to - * ensure a sufficiently large anonymity set, while also allowing - * the Exchange to limit the financial damage in case of a key being - * compromised. Thus, exchanges with low volume are expected to have a - * longer withdraw period (@e expire_withdraw - @e start) than exchanges - * with high transaction volume. The period may also differ between - * types of coins. A exchange may also have a few denomination keys - * with the same value with overlapping validity periods, to address - * issues such as clock skew. - */ - struct GNUNET_TIME_TimestampNBO expire_withdraw; - - /** - * Coins signed with the denomination key must be spent or refreshed - * between @e start and this expiration time. After this time, the - * exchange will refuse transactions involving this key as it will - * "drop" the table with double-spending information (shortly after) - * this time. Note that wallets should refresh coins significantly - * before this time to be on the safe side. @e expire_deposit must be - * significantly larger than @e expire_withdraw (by months or even - * years). - */ - struct GNUNET_TIME_TimestampNBO expire_deposit; - - /** - * When do signatures with this denomination key become invalid? - * After this point, these signatures cannot be used in (legal) - * disputes anymore, as the Exchange is then allowed to destroy its side - * of the evidence. @e expire_legal is expected to be significantly - * larger than @e expire_deposit (by a year or more). - */ - struct GNUNET_TIME_TimestampNBO expire_legal; - - /** - * The value of the coins signed with this denomination key. - */ - struct TALER_AmountNBO value; - - /** - * Fees for the coin. - */ - struct TALER_DenomFeeSetNBOP fees; - - /** - * Hash code of the denomination public key. (Used to avoid having - * the variable-size RSA key in this struct.) - */ - struct TALER_DenominationHashP denom_hash GNUNET_PACKED; - -}; - - -/** * Free internals of @a denom_pub, but not @a denom_pub itself. * * @param[in] denom_pub key to free @@ -3937,6 +3811,33 @@ TALER_exchange_online_reserve_closed_verify ( const struct TALER_ExchangeSignatureP *sig); +enum TALER_ErrorCode +TALER_exchange_online_purse_created_sign ( + TALER_ExchangeSignCallback scb, + struct GNUNET_TIME_Timestamp exchange_time, + struct GNUNET_TIME_Timestamp purse_expiration, + const struct TALER_Amount *amount_without_fee, + const struct TALER_Amount *total_deposited, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PurseMergePublicKeyP *merge_pub, + const struct TALER_PrivateContractHashP *h_contract_terms, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +enum GNUNET_GenericReturnValue +TALER_exchange_online_purse_created_verify ( + struct GNUNET_TIME_Timestamp exchange_time, + struct GNUNET_TIME_Timestamp purse_expiration, + const struct TALER_Amount *amount_without_fee, + const struct TALER_Amount *total_deposited, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PurseMergePublicKeyP *merge_pub, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + /* ********************* offline signing ************************** */ diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 48fce4d9..7383913a 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -27,49 +27,72 @@ #include "taler_signatures.h" -GNUNET_NETWORK_STRUCT_BEGIN - /** - * @brief On disk format used for a exchange signing key. Signing keys are used - * by the exchange to affirm its messages, but not to create coins. - * Includes the private key followed by the public information about - * the signing key. + * Information about a denomination key. */ -struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP +struct TALER_EXCHANGEDB_DenominationKeyInformation { + /** - * Private key part of the exchange's signing key. + * Signature over this struct to affirm the validity of the key. */ - struct TALER_ExchangePrivateKeyP signkey_priv; + struct TALER_MasterSignatureP signature; /** - * Signature over @e issue + * Start time of the validity period for this key. */ - struct TALER_MasterSignatureP master_sig; + struct GNUNET_TIME_Timestamp start; /** - * Public information about a exchange signing key. + * The exchange will sign fresh coins between @e start and this time. + * @e expire_withdraw will be somewhat larger than @e start to + * ensure a sufficiently large anonymity set, while also allowing + * the Exchange to limit the financial damage in case of a key being + * compromised. Thus, exchanges with low volume are expected to have a + * longer withdraw period (@e expire_withdraw - @e start) than exchanges + * with high transaction volume. The period may also differ between + * types of coins. A exchange may also have a few denomination keys + * with the same value with overlapping validity periods, to address + * issues such as clock skew. */ - struct TALER_ExchangeSigningKeyValidityPS issue; + struct GNUNET_TIME_Timestamp expire_withdraw; -}; + /** + * Coins signed with the denomination key must be spent or refreshed + * between @e start and this expiration time. After this time, the + * exchange will refuse transactions involving this key as it will + * "drop" the table with double-spending information (shortly after) + * this time. Note that wallets should refresh coins significantly + * before this time to be on the safe side. @e expire_deposit must be + * significantly larger than @e expire_withdraw (by months or even + * years). + */ + struct GNUNET_TIME_Timestamp expire_deposit; + /** + * When do signatures with this denomination key become invalid? + * After this point, these signatures cannot be used in (legal) + * disputes anymore, as the Exchange is then allowed to destroy its side + * of the evidence. @e expire_legal is expected to be significantly + * larger than @e expire_deposit (by a year or more). + */ + struct GNUNET_TIME_Timestamp expire_legal; -/** - * Information about a denomination key. - */ -struct TALER_EXCHANGEDB_DenominationKeyInformationP -{ + /** + * The value of the coins signed with this denomination key. + */ + struct TALER_Amount value; /** - * Signature over this struct to affirm the validity of the key. + * Fees for the coin. */ - struct TALER_MasterSignatureP signature; + struct TALER_DenomFeeSet fees; /** - * Signed properties of the denomination key. + * Hash code of the denomination public key. (Used to avoid having + * the variable-size RSA key in this struct.) */ - struct TALER_DenominationKeyValidityPS properties; + struct TALER_DenominationHashP denom_hash; /** * If denomination was setup for age restriction, non-zero age mask. @@ -79,6 +102,8 @@ struct TALER_EXCHANGEDB_DenominationKeyInformationP }; +GNUNET_NETWORK_STRUCT_BEGIN + /** * Signature of events signalling a reserve got funding. */ @@ -474,7 +499,7 @@ struct TALER_EXCHANGEDB_DenominationKey /** * Signed public information about a denomination key. */ - struct TALER_EXCHANGEDB_DenominationKeyInformationP issue; + struct TALER_EXCHANGEDB_DenominationKeyInformation issue; }; @@ -2188,7 +2213,7 @@ typedef void (*TALER_EXCHANGEDB_DenominationCallback)( void *cls, const struct TALER_DenominationPublicKey *denom_pub, - const struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue); + const struct TALER_EXCHANGEDB_DenominationKeyInformation *issue); /** @@ -2385,7 +2410,7 @@ struct TALER_EXCHANGEDB_Plugin (*insert_denomination_info)( void *cls, const struct TALER_DenominationPublicKey *denom_pub, - const struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue); + const struct TALER_EXCHANGEDB_DenominationKeyInformation *issue); /** @@ -2400,7 +2425,7 @@ struct TALER_EXCHANGEDB_Plugin (*get_denomination_info)( void *cls, const struct TALER_DenominationHashP *denom_pub_hash, - struct TALER_EXCHANGEDB_DenominationKeyInformationP *issue); + struct TALER_EXCHANGEDB_DenominationKeyInformation *issue); /** @@ -4391,6 +4416,10 @@ struct TALER_EXCHANGEDB_Plugin * @param pub_ckey ephemeral key for DH used to encrypt the contract * @param econtract_size number of bytes in @a econtract * @param econtract the encrypted contract + * @param[out] in_conflict set to true if @a econtract + * conflicts with an existing contract; + * in this case, the return value will be + * #GNUNET_DB_STATUS_SUCCESS_ONE despite the failure * @return transaction status code */ enum GNUNET_DB_QueryStatus @@ -4398,7 +4427,8 @@ struct TALER_EXCHANGEDB_Plugin const struct TALER_PurseContractPublicKeyP *purse_pub, const struct TALER_ContractDiffiePublicP *pub_ckey, size_t econtract_size, - const void *econtract); + const void *econtract, + bool *in_conflict); /** @@ -4430,6 +4460,10 @@ struct TALER_EXCHANGEDB_Plugin * @param age_limit age limit to enforce for payments into the purse * @param amount target amount (with fees) to be put into the purse * @param purse_sig signature with @a purse_pub's private key affirming the above + * @param[out] in_conflict set to true if the meta data + * conflicts with an existing purse; + * in this case, the return value will be + * #GNUNET_DB_STATUS_SUCCESS_ONE despite the failure * @return transaction status code */ enum GNUNET_DB_QueryStatus @@ -4441,7 +4475,8 @@ struct TALER_EXCHANGEDB_Plugin const struct TALER_PrivateContractHashP *h_contract_terms, uint32_t age_limit, const struct TALER_Amount *amount, - const struct TALER_PurseContractSignatureP *purse_sig); + const struct TALER_PurseContractSignatureP *purse_sig, + bool *in_conflict); /** @@ -4509,6 +4544,11 @@ struct TALER_EXCHANGEDB_Plugin * @param coin_pub coin to deposit (debit) * @param amount fraction of the coin's value to deposit * @param coin_sig signature affirming the operation + * @param amount_minus_fee amount to add to the purse + * @param[out] balance_ok set to false if the coin's + * remaining balance is below @a amount; + * in this case, the return value will be + * #GNUNET_DB_STATUS_SUCCESS_ONE despite the failure * @return transaction status code */ enum GNUNET_DB_QueryStatus @@ -4517,7 +4557,9 @@ struct TALER_EXCHANGEDB_Plugin const struct TALER_PurseContractPublicKeyP *purse_pub, const struct TALER_CoinSpendPublicKeyP *coin_pub, const struct TALER_Amount *amount, - const struct TALER_CoinSpendSignatureP *coin_sig); + const struct TALER_CoinSpendSignatureP *coin_sig, + const struct TALER_Amount *amount_minus_fee, + bool *balance_ok); /** diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index 52c294ce..70c917b6 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -176,6 +176,11 @@ */ #define TALER_SIGNATURE_EXCHANGE_ACCOUNT_SETUP_SUCCESS 1044 +/** + * Signature by which the exchange affirms that a purse + * was created with a certain amount deposited into it. + */ +#define TALER_SIGNATURE_EXCHANGE_CONFIRM_PURSE_CREATION 1045 /**********************/ /* Auditor signatures */ |