[age restriction] progress 6/n

lift logic for detection of age restriction of a denomination out from taler-exchange-secmod-rsa.c to taler-exchange_httpd_keys.c
2021-12-01 15:25:33 +01:00 · 2021-12-01 15:25:33 +01:00 · 54c62f3ab9
commit 54c62f3ab9
parent 41aba39f0f
9 changed files with 129 additions and 110 deletions
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@ -1,18 +1,18 @@
 /*
-  This file is part of TALER
+   This file is part of TALER
-  Copyright (C) 2020, 2021 Taler Systems SA
+   Copyright (C) 2020, 2021 Taler Systems SA
-  TALER is free software; you can redistribute it and/or modify it under the
+   TALER is free software; you can redistribute it and/or modify it under the
-  terms of the GNU Affero General Public License as published by the Free Software
+   terms of the GNU Affero General Public License as published by the Free Software
-  Foundation; either version 3, or (at your option) any later version.
+   Foundation; either version 3, or (at your option) any later version.
-  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
-  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
+   A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
-  You should have received a copy of the GNU Affero General Public License along with
+   You should have received a copy of the GNU Affero General Public License along with
-  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
-*/
+ */
 /**
 * @file taler-exchange-httpd_keys.c
 * @brief management of our various keys
@ -673,6 +673,60 @@ destroy_key_helpers (struct HelperState *hs)
 }
 /**
 * Looks up the AGE_RESTRICTED setting for a denomination in the config and
 * returns the age restriction (mask) accordingly.
 *
 * FIXME: The mask is currently taken from the config.  However, It MUST come
 * from the database where it has been persisted after a signed call to the
 * /management/extension API (TODO).
 *
 * @param section_name Section in the configuration for the particular
 *    denomination.
 */
 static struct TALER_AgeMask
 load_age_mask (const char*section_name)
 {
  static const struct TALER_AgeMask null_mask = {0};
  struct TALER_AgeMask age_mask = {0};
  /* FIXME-oec: get age_mask from database, not from config */
  if (TALER_EXTENSION_OK != TALER_get_age_mask (TEH_cfg, &age_mask))
  {
    GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
                               TALER_EXTENSION_SECTION_AGE_RESTRICTION,
                               "AGE_GROUPS",
                               "must be of form a:b:...:n:m, where 0<a<b<...<n<m<32\n");
    return null_mask;
  }
  if (age_mask.mask == 0)
  {
    return null_mask;
  }
  if (GNUNET_OK == (GNUNET_CONFIGURATION_have_value (
                      TEH_cfg,
                      section_name,
                      "AGE_RESTRICTED")))
  {
    enum GNUNET_GenericReturnValue ret;
    if (GNUNET_SYSERR == (ret = GNUNET_CONFIGURATION_get_value_yesno (TEH_cfg,
                                                                      section_name,
                                                                      "AGE_RESTRICTED")))
    {
      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
                                 section_name,
                                 "AGE_RESTRICTED",
                                 "Value must be YES or NO\n");
      return null_mask;
    }
  }
  return age_mask;
 }
 /**
 * Function called with information about available keys for signing.  Usually
 * only called once per key upon connect. Also called again in case a key is
@ -690,7 +744,6 @@ destroy_key_helpers (struct HelperState *hs)
 * @param sm_pub public key of the security module, NULL if the key was revoked or purged
 * @param sm_sig signature from the security module, NULL if the key was revoked or purged
 *               The signature was already verified against @a sm_pub.
 * @param age_restricted true, if denomination is age restricted
 */
 static void
 helper_rsa_cb (
@ -701,8 +754,7 @@ helper_rsa_cb (
  const struct TALER_RsaPubHashP *h_rsa,
  const struct TALER_DenominationPublicKey *denom_pub,
  const struct TALER_SecurityModulePublicKeyP *sm_pub,
-  const struct TALER_SecurityModuleSignatureP *sm_sig,
+  const struct TALER_SecurityModuleSignatureP *sm_sig)
  bool age_restricted)
 {
  struct HelperState *hs = cls;
  struct HelperDenomination *hd;
@ -734,17 +786,8 @@ helper_rsa_cb (
  TALER_denom_pub_deep_copy (&hd->denom_pub,
                             denom_pub);
  GNUNET_assert (TALER_DENOMINATION_RSA == hd->denom_pub.cipher);
-
+  /* load the age mask for the denomination, if applicable */
-  /* Set age restriction, if applicable */
+  hd->denom_pub.age_mask = load_age_mask (section_name);
  hd->denom_pub.age_mask.mask = 0;
  if (age_restricted)
  {
    /* FIXME-oec: get age mask from global */
    GNUNET_assert (TALER_EXTENSION_OK == TALER_get_age_mask (TEH_cfg,
                                                             &hd->denom_pub.
                                                             age_mask));
  }
  TALER_denom_pub_hash (&hd->denom_pub,
                        &hd->h_denom_pub);
  hd->section_name = GNUNET_strdup (section_name);
@ -2278,24 +2321,25 @@ TEH_keys_get_handler (struct TEH_RequestContext *rc,
                               MHD_HTTP_OK,
                               (MHD_YES ==
                                TALER_MHD_can_compress (rc->connection))
-                               ? krd->response_compressed
+       ? krd->response_compressed
-                               : krd->response_uncompressed);
+       : krd->response_uncompressed);
  }
 }
 /**
- * Load fees and expiration times (!) for the denomination type configured in
+ * Load extension data, like fees, expiration times (!) and age restriction
- * section @a section_name.  Before calling this function, the `start` and
+ * flags for the denomination type configured in section @a section_name.
- * `validity_duration` times must already be initialized in @a meta.
+ * Before calling this function, the `start` and `validity_duration` times must
 * already be initialized in @a meta.
 *
 * @param section_name section in the configuration to use
 * @param[in,out] meta denomination type data to complete
 * @return #GNUNET_OK on success
 */
 static enum GNUNET_GenericReturnValue
-load_fees (const char *section_name,
+load_extension_data (const char *section_name,
-           struct TALER_EXCHANGEDB_DenominationKeyMetaData *meta)
+                     struct TALER_EXCHANGEDB_DenominationKeyMetaData *meta)
 {
  struct GNUNET_TIME_Relative deposit_duration;
  struct GNUNET_TIME_Relative legal_duration;
@ -2408,6 +2452,7 @@ load_fees (const char *section_name,
                TEH_currency);
    return GNUNET_SYSERR;
  }
  meta->age_restrictions = load_age_mask (section_name);
  return GNUNET_OK;
 }
@ -2440,8 +2485,8 @@ TEH_keys_load_fees (const struct TALER_DenominationHash *h_denom_pub,
  meta->start = hd->start_time;
  meta->expire_withdraw = GNUNET_TIME_absolute_add (meta->start,
                                                    hd->validity_duration);
-  ok = load_fees (hd->section_name,
+  ok = load_extension_data (hd->section_name,
-                  meta);
+                            meta);
  if (GNUNET_OK == ok)
  {
    GNUNET_assert (TALER_DENOMINATION_INVALID != hd->denom_pub.cipher);
@ -2542,8 +2587,8 @@ add_future_denomkey_cb (void *cls,
  meta.expire_withdraw = GNUNET_TIME_absolute_add (meta.start,
                                                   hd->validity_duration);
  if (GNUNET_OK !=
-      load_fees (hd->section_name,
+      load_extension_data (hd->section_name,
-                 &meta))
+                           &meta))
  {
    /* Woops, couldn't determine fee structure!? */
    return GNUNET_OK;
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@ -1362,7 +1362,6 @@ struct TALER_CRYPTO_RsaDenominationHelper;
 * @param sm_pub public key of the security module, NULL if the key was revoked or purged
 * @param sm_sig signature from the security module, NULL if the key was revoked or purged
 *               The signature was already verified against @a sm_pub.
 * @param age_restricted true, if denomnation has age restriction set
 */
 typedef void
 (*TALER_CRYPTO_RsaDenominationKeyStatusCallback)(
@ -1373,8 +1372,7 @@ typedef void
  const struct TALER_RsaPubHashP *h_rsa,
  const struct TALER_DenominationPublicKey *denom_pub,
  const struct TALER_SecurityModulePublicKeyP *sm_pub,
-  const struct TALER_SecurityModuleSignatureP *sm_sig,
+  const struct TALER_SecurityModuleSignatureP *sm_sig);
  bool age_restricted);
 /**
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@ -630,9 +630,20 @@ struct TALER_EXCHANGEDB_DenominationKeyMetaData
  struct TALER_Amount fee_refund;
  /**
-   * Indication if age restriction is set for this denomination
+   * Age restriction for the denomination. (can be zero). If not zero, the bits
   * set in the mask mark the edges at the beginning of a next age group.  F.e.
   * for the age groups
   *     0-7, 8-9, 10-11, 12-14, 14-15, 16-17, 18-21, 21-*
   * the following bits are set:
   *
   *   31     24        16        8         0
   *   |      |         |         |         |
   *   oooooooo  oo1oo1o1  o1o1o1o1  ooooooo1
   *
   * A value of 0 means that the denomination does not support the extension for
   * age-restriction.
   */
-  bool age_restricted;
+  struct TALER_AgeMask age_restrictions;
 };
--- a/src/include/taler_extensions.h
+++ b/src/include/taler_extensions.h
@ -39,8 +39,8 @@ enum TALER_EXTENSION_ReturnValue
 * TALER Age Restriction Extensions
 */
-#define TALER_EXTENSION_SECTION_AGE_RESTRICTION TALER_EXTENSION_SECTION_PREFIX \
+#define TALER_EXTENSION_SECTION_AGE_RESTRICTION (TALER_EXTENSION_SECTION_PREFIX  \
-  "agerestriction"
+                                                 "agerestriction")
 /**
 * The default age mask represents the age groups
--- a/src/lib/exchange_api_deposit.c
+++ b/src/lib/exchange_api_deposit.c
@ -1,19 +1,19 @@
 /*
-  This file is part of TALER
+   This file is part of TALER
-  Copyright (C) 2014-2021 Taler Systems SA
+   Copyright (C) 2014-2021 Taler Systems SA
-  TALER is free software; you can redistribute it and/or modify it under the
+   TALER is free software; you can redistribute it and/or modify it under the
-  terms of the GNU General Public License as published by the Free Software
+   terms of the GNU General Public License as published by the Free Software
-  Foundation; either version 3, or (at your option) any later version.
+   Foundation; either version 3, or (at your option) any later version.
-  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
-  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-  You should have received a copy of the GNU General Public License along with
+   You should have received a copy of the GNU General Public License along with
-  TALER; see the file COPYING.  If not, see
+   TALER; see the file COPYING.  If not, see
-  <http://www.gnu.org/licenses/>
+   <http://www.gnu.org/licenses/>
-*/
+ */
 /**
 * @file lib/exchange_api_deposit.c
 * @brief Implementation of the /deposit request of the exchange's HTTP API
@ -405,7 +405,7 @@ handle_deposit_finished (void *cls,
    dr.hr.ec = TALER_JSON_get_error_code (j);
    dr.hr.hint = TALER_JSON_get_error_hint (j);
    /* Nothing really to verify, this should never
-     happen, we should pass the JSON reply to the application */
+       happen, we should pass the JSON reply to the application */
    break;
  case MHD_HTTP_CONFLICT:
    /* Double spending; check signatures on transaction history */
@ -514,7 +514,7 @@ verify_signatures (const struct TALER_EXCHANGE_DenomPublicKey *dki,
      .coin_pub = *coin_pub,
      .denom_pub_hash = *denom_pub_hash,
      .denom_sig = *denom_sig,
-      .age_commitment_hash = { 0 } /* FIXME-Oec */
+      .age_commitment_hash = {{{0}}} /* FIXME-Oec */
    };
    if (GNUNET_YES !=
@ -629,8 +629,8 @@ TALER_EXCHANGE_deposit (
                         &h_wire,
                         h_contract_terms,
                         (NULL != extension_details)
-                         ? &ech
+                   ? &ech
-                         : NULL,
+                   : NULL,
                         coin_pub,
                         denom_sig,
                         denom_pub,
--- a/src/util/crypto_helper_rsa.c
+++ b/src/util/crypto_helper_rsa.c
@ -239,8 +239,7 @@ handle_mt_avail (struct TALER_CRYPTO_RsaDenominationHelper *dh,
             &h_rsa,
             &denom_pub,
             &kan->secm_pub,
-             &kan->secm_sig,
+             &kan->secm_sig);
             (kan->age_restricted > 0));
    TALER_denom_pub_free (&denom_pub);
  }
  return GNUNET_OK;
@ -276,8 +275,7 @@ handle_mt_purge (struct TALER_CRYPTO_RsaDenominationHelper *dh,
           &pn->h_rsa,
           NULL,
           NULL,
-           NULL,
+           NULL);
           false);
  return GNUNET_OK;
 }
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@ -1,18 +1,18 @@
 /*
-   This file is part of TALER
+  This file is part of TALER
-   Copyright (C) 2014-2021 Taler Systems SA
+  Copyright (C) 2014-2021 Taler Systems SA
-   TALER is free software; you can redistribute it and/or modify it under the
+  TALER is free software; you can redistribute it and/or modify it under the
-   terms of the GNU General Public License as published by the Free Software
+  terms of the GNU General Public License as published by the Free Software
-   Foundation; either version 3, or (at your option) any later version.
+  Foundation; either version 3, or (at your option) any later version.
-   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
-   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-   You should have received a copy of the GNU General Public License along with
+  You should have received a copy of the GNU General Public License along with
-   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
- */
+*/
 /**
 * @file util/taler-exchange-secmod-rsa.c
 * @brief Standalone process to perform private key RSA operations
@ -156,11 +156,6 @@ struct Denomination
   * Length of (new) RSA keys (in bits).
   */
  uint32_t rsa_keysize;
  /**
   * Is the denomination age restricted?  0 == false
   */
  uint8_t age_restricted;
 };
@ -263,7 +258,6 @@ notify_client_dk_add (struct TES_Client *client,
  an->section_name_len = htons ((uint16_t) nlen);
  an->anchor_time = GNUNET_TIME_absolute_hton (dk->anchor);
  an->duration_withdraw = GNUNET_TIME_relative_hton (denom->duration_withdraw);
  an->age_restricted = denom->age_restricted;
  TALER_exchange_secmod_rsa_sign (&dk->h_rsa,
                                  denom->section,
                                  dk->anchor,
@ -1262,24 +1256,6 @@ parse_denomination_cfg (const struct GNUNET_CONFIGURATION_Handle *cfg,
  }
  denom->rsa_keysize = (unsigned int) rsa_keysize;
  denom->section = GNUNET_strdup (ct);
  if (GNUNET_OK == (GNUNET_CONFIGURATION_have_value (cfg,
                                                     ct,
                                                     "AGE_RESTRICTED")))
  {
    enum GNUNET_GenericReturnValue ret;
    if (GNUNET_SYSERR == (ret = GNUNET_CONFIGURATION_get_value_yesno (cfg,
                                                                      ct,
                                                                      "AGE_RESTRICTED")))
    {
      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
                                 ct,
                                 "AGE_RESTRICTED",
                                 "Value must be YES or NO\n");
      return GNUNET_SYSERR;
    }
    denom->age_restricted = (ret == GNUNET_OK) ? 1 : 0;
  }
  return GNUNET_OK;
 }
@ -1546,8 +1522,8 @@ main (int argc,
  (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
  /* force linker to link against libtalerutil; if we do
-     not do this, the linker may "optimize" libtalerutil
+   not do this, the linker may "optimize" libtalerutil
-     away and skip #TALER_OS_init(), which we do need */
+   away and skip #TALER_OS_init(), which we do need */
  TALER_OS_init ();
  now = now_tmp = GNUNET_TIME_absolute_get ();
  ret = GNUNET_PROGRAM_run (argc, argv,
--- a/src/util/taler-exchange-secmod-rsa.h
+++ b/src/util/taler-exchange-secmod-rsa.h
@ -77,11 +77,6 @@ struct TALER_CRYPTO_RsaKeyAvailableNotification
   */
  struct TALER_SecurityModuleSignatureP secm_sig;
  /**
   * Indicator for age restriction
   */
  uint8_t age_restricted;
  /* followed by @e pub_size bytes of the RSA public key */
  /* followed by @e section_name bytes of the configuration section name
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@ -133,7 +133,6 @@ free_keys (void)
 * @param sm_pub public key of the security module, NULL if the key was revoked or purged
 * @param sm_sig signature from the security module, NULL if the key was revoked or purged
 *               The signature was already verified against @a sm_pub.
 * @param age_restricted indication if denomination is age restricted
 */
 static void
 key_cb (void *cls,
@ -143,13 +142,11 @@ key_cb (void *cls,
        const struct TALER_RsaPubHashP *h_rsa,
        const struct TALER_DenominationPublicKey *denom_pub,
        const struct TALER_SecurityModulePublicKeyP *sm_pub,
-        const struct TALER_SecurityModuleSignatureP *sm_sig,
+        const struct TALER_SecurityModuleSignatureP *sm_sig)
        bool age_restricted)
 {
  (void) cls;
  (void) sm_pub;
  (void) sm_sig;
  (void) age_restricted;
  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
              "Key notification about key %s in `%s'\n",
              GNUNET_h2s (&h_rsa->hash),
@ -189,7 +186,6 @@ key_cb (void *cls,
      keys[i].validity_duration = validity_duration;
      TALER_denom_pub_deep_copy (&keys[i].denom_pub,
                                 denom_pub);
      /* FIXME-oec: take age_restriction into account!? */
      num_keys++;
      return;
    }