diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c
index 2218d02ee..6ac39aa80 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -1,18 +1,18 @@
/*
- This file is part of TALER
- Copyright (C) 2020, 2021 Taler Systems SA
+ This file is part of TALER
+ Copyright (C) 2020, 2021 Taler Systems SA
- TALER is free software; you can redistribute it and/or modify it under the
- terms of the GNU Affero General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU Affero General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
- You should have received a copy of the GNU Affero General Public License along with
- TALER; see the file COPYING. If not, see
-*/
+ You should have received a copy of the GNU Affero General Public License along with
+ TALER; see the file COPYING. If not, see
+ */
/**
* @file taler-exchange-httpd_keys.c
* @brief management of our various keys
@@ -673,6 +673,60 @@ destroy_key_helpers (struct HelperState *hs)
}
+/**
+ * Looks up the AGE_RESTRICTED setting for a denomination in the config and
+ * returns the age restriction (mask) accordingly.
+ *
+ * FIXME: The mask is currently taken from the config. However, It MUST come
+ * from the database where it has been persisted after a signed call to the
+ * /management/extension API (TODO).
+ *
+ * @param section_name Section in the configuration for the particular
+ * denomination.
+ */
+static struct TALER_AgeMask
+load_age_mask (const char*section_name)
+{
+ static const struct TALER_AgeMask null_mask = {0};
+ struct TALER_AgeMask age_mask = {0};
+
+ /* FIXME-oec: get age_mask from database, not from config */
+ if (TALER_EXTENSION_OK != TALER_get_age_mask (TEH_cfg, &age_mask))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ TALER_EXTENSION_SECTION_AGE_RESTRICTION,
+ "AGE_GROUPS",
+ "must be of form a:b:...:n:m, where 0denom_pub,
denom_pub);
GNUNET_assert (TALER_DENOMINATION_RSA == hd->denom_pub.cipher);
-
- /* Set age restriction, if applicable */
- hd->denom_pub.age_mask.mask = 0;
- if (age_restricted)
- {
- /* FIXME-oec: get age mask from global */
- GNUNET_assert (TALER_EXTENSION_OK == TALER_get_age_mask (TEH_cfg,
- &hd->denom_pub.
- age_mask));
- }
-
+ /* load the age mask for the denomination, if applicable */
+ hd->denom_pub.age_mask = load_age_mask (section_name);
TALER_denom_pub_hash (&hd->denom_pub,
&hd->h_denom_pub);
hd->section_name = GNUNET_strdup (section_name);
@@ -2278,24 +2321,25 @@ TEH_keys_get_handler (struct TEH_RequestContext *rc,
MHD_HTTP_OK,
(MHD_YES ==
TALER_MHD_can_compress (rc->connection))
- ? krd->response_compressed
- : krd->response_uncompressed);
+ ? krd->response_compressed
+ : krd->response_uncompressed);
}
}
/**
- * Load fees and expiration times (!) for the denomination type configured in
- * section @a section_name. Before calling this function, the `start` and
- * `validity_duration` times must already be initialized in @a meta.
+ * Load extension data, like fees, expiration times (!) and age restriction
+ * flags for the denomination type configured in section @a section_name.
+ * Before calling this function, the `start` and `validity_duration` times must
+ * already be initialized in @a meta.
*
* @param section_name section in the configuration to use
* @param[in,out] meta denomination type data to complete
* @return #GNUNET_OK on success
*/
static enum GNUNET_GenericReturnValue
-load_fees (const char *section_name,
- struct TALER_EXCHANGEDB_DenominationKeyMetaData *meta)
+load_extension_data (const char *section_name,
+ struct TALER_EXCHANGEDB_DenominationKeyMetaData *meta)
{
struct GNUNET_TIME_Relative deposit_duration;
struct GNUNET_TIME_Relative legal_duration;
@@ -2408,6 +2452,7 @@ load_fees (const char *section_name,
TEH_currency);
return GNUNET_SYSERR;
}
+ meta->age_restrictions = load_age_mask (section_name);
return GNUNET_OK;
}
@@ -2440,8 +2485,8 @@ TEH_keys_load_fees (const struct TALER_DenominationHash *h_denom_pub,
meta->start = hd->start_time;
meta->expire_withdraw = GNUNET_TIME_absolute_add (meta->start,
hd->validity_duration);
- ok = load_fees (hd->section_name,
- meta);
+ ok = load_extension_data (hd->section_name,
+ meta);
if (GNUNET_OK == ok)
{
GNUNET_assert (TALER_DENOMINATION_INVALID != hd->denom_pub.cipher);
@@ -2542,8 +2587,8 @@ add_future_denomkey_cb (void *cls,
meta.expire_withdraw = GNUNET_TIME_absolute_add (meta.start,
hd->validity_duration);
if (GNUNET_OK !=
- load_fees (hd->section_name,
- &meta))
+ load_extension_data (hd->section_name,
+ &meta))
{
/* Woops, couldn't determine fee structure!? */
return GNUNET_OK;
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 9e744c8dc..ea53efb66 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -1362,7 +1362,6 @@ struct TALER_CRYPTO_RsaDenominationHelper;
* @param sm_pub public key of the security module, NULL if the key was revoked or purged
* @param sm_sig signature from the security module, NULL if the key was revoked or purged
* The signature was already verified against @a sm_pub.
- * @param age_restricted true, if denomnation has age restriction set
*/
typedef void
(*TALER_CRYPTO_RsaDenominationKeyStatusCallback)(
@@ -1373,8 +1372,7 @@ typedef void
const struct TALER_RsaPubHashP *h_rsa,
const struct TALER_DenominationPublicKey *denom_pub,
const struct TALER_SecurityModulePublicKeyP *sm_pub,
- const struct TALER_SecurityModuleSignatureP *sm_sig,
- bool age_restricted);
+ const struct TALER_SecurityModuleSignatureP *sm_sig);
/**
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index 47504e510..9a1dc78b6 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -630,9 +630,20 @@ struct TALER_EXCHANGEDB_DenominationKeyMetaData
struct TALER_Amount fee_refund;
/**
- * Indication if age restriction is set for this denomination
+ * Age restriction for the denomination. (can be zero). If not zero, the bits
+ * set in the mask mark the edges at the beginning of a next age group. F.e.
+ * for the age groups
+ * 0-7, 8-9, 10-11, 12-14, 14-15, 16-17, 18-21, 21-*
+ * the following bits are set:
+ *
+ * 31 24 16 8 0
+ * | | | | |
+ * oooooooo oo1oo1o1 o1o1o1o1 ooooooo1
+ *
+ * A value of 0 means that the denomination does not support the extension for
+ * age-restriction.
*/
- bool age_restricted;
+ struct TALER_AgeMask age_restrictions;
};
diff --git a/src/include/taler_extensions.h b/src/include/taler_extensions.h
index 1ef97b2e9..c4e9d1f5a 100644
--- a/src/include/taler_extensions.h
+++ b/src/include/taler_extensions.h
@@ -39,8 +39,8 @@ enum TALER_EXTENSION_ReturnValue
* TALER Age Restriction Extensions
*/
-#define TALER_EXTENSION_SECTION_AGE_RESTRICTION TALER_EXTENSION_SECTION_PREFIX \
- "agerestriction"
+#define TALER_EXTENSION_SECTION_AGE_RESTRICTION (TALER_EXTENSION_SECTION_PREFIX \
+ "agerestriction")
/**
* The default age mask represents the age groups
diff --git a/src/lib/exchange_api_deposit.c b/src/lib/exchange_api_deposit.c
index 7fc8bb6b7..bb935514b 100644
--- a/src/lib/exchange_api_deposit.c
+++ b/src/lib/exchange_api_deposit.c
@@ -1,19 +1,19 @@
/*
- This file is part of TALER
- Copyright (C) 2014-2021 Taler Systems SA
+ This file is part of TALER
+ Copyright (C) 2014-2021 Taler Systems SA
- TALER is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
- You should have received a copy of the GNU General Public License along with
- TALER; see the file COPYING. If not, see
-
-*/
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, see
+
+ */
/**
* @file lib/exchange_api_deposit.c
* @brief Implementation of the /deposit request of the exchange's HTTP API
@@ -405,7 +405,7 @@ handle_deposit_finished (void *cls,
dr.hr.ec = TALER_JSON_get_error_code (j);
dr.hr.hint = TALER_JSON_get_error_hint (j);
/* Nothing really to verify, this should never
- happen, we should pass the JSON reply to the application */
+ happen, we should pass the JSON reply to the application */
break;
case MHD_HTTP_CONFLICT:
/* Double spending; check signatures on transaction history */
@@ -514,7 +514,7 @@ verify_signatures (const struct TALER_EXCHANGE_DenomPublicKey *dki,
.coin_pub = *coin_pub,
.denom_pub_hash = *denom_pub_hash,
.denom_sig = *denom_sig,
- .age_commitment_hash = { 0 } /* FIXME-Oec */
+ .age_commitment_hash = {{{0}}} /* FIXME-Oec */
};
if (GNUNET_YES !=
@@ -629,8 +629,8 @@ TALER_EXCHANGE_deposit (
&h_wire,
h_contract_terms,
(NULL != extension_details)
- ? &ech
- : NULL,
+ ? &ech
+ : NULL,
coin_pub,
denom_sig,
denom_pub,
diff --git a/src/util/crypto_helper_rsa.c b/src/util/crypto_helper_rsa.c
index d4deec0d1..85741d5e5 100644
--- a/src/util/crypto_helper_rsa.c
+++ b/src/util/crypto_helper_rsa.c
@@ -239,8 +239,7 @@ handle_mt_avail (struct TALER_CRYPTO_RsaDenominationHelper *dh,
&h_rsa,
&denom_pub,
&kan->secm_pub,
- &kan->secm_sig,
- (kan->age_restricted > 0));
+ &kan->secm_sig);
TALER_denom_pub_free (&denom_pub);
}
return GNUNET_OK;
@@ -276,8 +275,7 @@ handle_mt_purge (struct TALER_CRYPTO_RsaDenominationHelper *dh,
&pn->h_rsa,
NULL,
NULL,
- NULL,
- false);
+ NULL);
return GNUNET_OK;
}
diff --git a/src/util/taler-exchange-secmod-rsa.c b/src/util/taler-exchange-secmod-rsa.c
index 4dfb2e3aa..5fd6049a7 100644
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@@ -1,18 +1,18 @@
/*
- This file is part of TALER
- Copyright (C) 2014-2021 Taler Systems SA
+ This file is part of TALER
+ Copyright (C) 2014-2021 Taler Systems SA
- TALER is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
- You should have received a copy of the GNU General Public License along with
- TALER; see the file COPYING. If not, see
- */
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, see
+*/
/**
* @file util/taler-exchange-secmod-rsa.c
* @brief Standalone process to perform private key RSA operations
@@ -156,11 +156,6 @@ struct Denomination
* Length of (new) RSA keys (in bits).
*/
uint32_t rsa_keysize;
-
- /**
- * Is the denomination age restricted? 0 == false
- */
- uint8_t age_restricted;
};
@@ -263,7 +258,6 @@ notify_client_dk_add (struct TES_Client *client,
an->section_name_len = htons ((uint16_t) nlen);
an->anchor_time = GNUNET_TIME_absolute_hton (dk->anchor);
an->duration_withdraw = GNUNET_TIME_relative_hton (denom->duration_withdraw);
- an->age_restricted = denom->age_restricted;
TALER_exchange_secmod_rsa_sign (&dk->h_rsa,
denom->section,
dk->anchor,
@@ -1262,24 +1256,6 @@ parse_denomination_cfg (const struct GNUNET_CONFIGURATION_Handle *cfg,
}
denom->rsa_keysize = (unsigned int) rsa_keysize;
denom->section = GNUNET_strdup (ct);
- if (GNUNET_OK == (GNUNET_CONFIGURATION_have_value (cfg,
- ct,
- "AGE_RESTRICTED")))
- {
- enum GNUNET_GenericReturnValue ret;
- if (GNUNET_SYSERR == (ret = GNUNET_CONFIGURATION_get_value_yesno (cfg,
- ct,
- "AGE_RESTRICTED")))
- {
- GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
- ct,
- "AGE_RESTRICTED",
- "Value must be YES or NO\n");
- return GNUNET_SYSERR;
- }
- denom->age_restricted = (ret == GNUNET_OK) ? 1 : 0;
- }
-
return GNUNET_OK;
}
@@ -1546,8 +1522,8 @@ main (int argc,
(void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
/* force linker to link against libtalerutil; if we do
- not do this, the linker may "optimize" libtalerutil
- away and skip #TALER_OS_init(), which we do need */
+ not do this, the linker may "optimize" libtalerutil
+ away and skip #TALER_OS_init(), which we do need */
TALER_OS_init ();
now = now_tmp = GNUNET_TIME_absolute_get ();
ret = GNUNET_PROGRAM_run (argc, argv,
diff --git a/src/util/taler-exchange-secmod-rsa.h b/src/util/taler-exchange-secmod-rsa.h
index 9207e705a..b0fdfbd96 100644
--- a/src/util/taler-exchange-secmod-rsa.h
+++ b/src/util/taler-exchange-secmod-rsa.h
@@ -77,11 +77,6 @@ struct TALER_CRYPTO_RsaKeyAvailableNotification
*/
struct TALER_SecurityModuleSignatureP secm_sig;
- /**
- * Indicator for age restriction
- */
- uint8_t age_restricted;
-
/* followed by @e pub_size bytes of the RSA public key */
/* followed by @e section_name bytes of the configuration section name
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c
index 6377a39d8..14ff2bfab 100644
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@@ -133,7 +133,6 @@ free_keys (void)
* @param sm_pub public key of the security module, NULL if the key was revoked or purged
* @param sm_sig signature from the security module, NULL if the key was revoked or purged
* The signature was already verified against @a sm_pub.
- * @param age_restricted indication if denomination is age restricted
*/
static void
key_cb (void *cls,
@@ -143,13 +142,11 @@ key_cb (void *cls,
const struct TALER_RsaPubHashP *h_rsa,
const struct TALER_DenominationPublicKey *denom_pub,
const struct TALER_SecurityModulePublicKeyP *sm_pub,
- const struct TALER_SecurityModuleSignatureP *sm_sig,
- bool age_restricted)
+ const struct TALER_SecurityModuleSignatureP *sm_sig)
{
(void) cls;
(void) sm_pub;
(void) sm_sig;
- (void) age_restricted;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Key notification about key %s in `%s'\n",
GNUNET_h2s (&h_rsa->hash),
@@ -189,7 +186,6 @@ key_cb (void *cls,
keys[i].validity_duration = validity_duration;
TALER_denom_pub_deep_copy (&keys[i].denom_pub,
denom_pub);
- /* FIXME-oec: take age_restriction into account!? */
num_keys++;
return;
}