diff --git a/contrib/mint-template/config/mint-keyup.conf b/contrib/mint-template/config/mint-keyup.conf index 9091c6c97..54b659bf6 100644 --- a/contrib/mint-template/config/mint-keyup.conf +++ b/contrib/mint-template/config/mint-keyup.conf @@ -3,6 +3,9 @@ # how long is one signkey valid? signkey_duration = 4 weeks +# how long are the signatures with the signkey valid? +legal_duration = 2 years + # how long do we generate denomination and signing keys # ahead of time? lookahead_sign = 32 weeks 1 day diff --git a/src/mint-lib/mint_api.c b/src/mint-lib/mint_api.c index b3ee34d15..250d52ec1 100644 --- a/src/mint-lib/mint_api.c +++ b/src/mint-lib/mint_api.c @@ -250,10 +250,12 @@ parse_json_signkey (struct TALER_MINT_SigningPublicKey **_sign_key, { json_t *valid_from_obj; json_t *valid_until_obj; + json_t *valid_legal_obj; json_t *key_obj; json_t *sig_obj; const char *valid_from_enc; const char *valid_until_enc; + const char *valid_legal_enc; const char *key_enc; const char *sig_enc; struct TALER_MINT_SigningPublicKey *sign_key; @@ -261,27 +263,35 @@ parse_json_signkey (struct TALER_MINT_SigningPublicKey **_sign_key, struct GNUNET_CRYPTO_EddsaSignature sig; struct GNUNET_TIME_Absolute valid_from; struct GNUNET_TIME_Absolute valid_until; + struct GNUNET_TIME_Absolute valid_legal; EXITIF (JSON_OBJECT != json_typeof (sign_key_obj)); EXITIF (NULL == (valid_from_obj = json_object_get (sign_key_obj, "stamp_start"))); EXITIF (NULL == (valid_until_obj = json_object_get (sign_key_obj, "stamp_expire"))); + EXITIF (NULL == (valid_legal_obj = json_object_get (sign_key_obj, + "stamp_end"))); EXITIF (NULL == (key_obj = json_object_get (sign_key_obj, "key"))); EXITIF (NULL == (sig_obj = json_object_get (sign_key_obj, "master_sig"))); EXITIF (NULL == (valid_from_enc = json_string_value (valid_from_obj))); EXITIF (NULL == (valid_until_enc = json_string_value (valid_until_obj))); + EXITIF (NULL == (valid_legal_enc = json_string_value (valid_legal_obj))); EXITIF (NULL == (key_enc = json_string_value (key_obj))); EXITIF (NULL == (sig_enc = json_string_value (sig_obj))); EXITIF (GNUNET_SYSERR == parse_timestamp (&valid_from, valid_from_enc)); EXITIF (GNUNET_SYSERR == parse_timestamp (&valid_until, valid_until_enc)); + EXITIF (GNUNET_SYSERR == parse_timestamp (&valid_legal, + valid_legal_enc)); EXITIF (52 != strlen (key_enc)); /* strlen(base32(char[32])) = 52 */ EXITIF (103 != strlen (sig_enc)); /* strlen(base32(char[64])) = 103 */ EXITIF (GNUNET_OK != GNUNET_STRINGS_string_to_data (sig_enc, 103, &sig, sizeof (sig))); - (void) memset (&sign_key_issue, 0, sizeof (sign_key_issue)); + memset (&sign_key_issue, + 0, + sizeof (sign_key_issue)); EXITIF (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_public_key_from_string (key_enc, 52, @@ -293,6 +303,7 @@ parse_json_signkey (struct TALER_MINT_SigningPublicKey **_sign_key, sign_key_issue.master_public_key = *master_key; sign_key_issue.start = GNUNET_TIME_absolute_hton (valid_from); sign_key_issue.expire = GNUNET_TIME_absolute_hton (valid_until); + sign_key_issue.end = GNUNET_TIME_absolute_hton (valid_legal); EXITIF (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, &sign_key_issue.purpose, diff --git a/src/mint-tools/taler-mint-keycheck.c b/src/mint-tools/taler-mint-keycheck.c index 06b544afa..41c3cba8f 100644 --- a/src/mint-tools/taler-mint-keycheck.c +++ b/src/mint-tools/taler-mint-keycheck.c @@ -60,7 +60,8 @@ signkeys_iter (void *cls, if (ntohl (ski->issue.purpose.size) != (sizeof (struct TALER_MintSigningKeyValidityPS) - - offsetof (struct TALER_MintSigningKeyValidityPS, purpose))) + offsetof (struct TALER_MintSigningKeyValidityPS, + purpose))) { fprintf (stderr, "Signing key `%s' has invalid purpose size\n", diff --git a/src/mint-tools/taler-mint-keyup.c b/src/mint-tools/taler-mint-keyup.c index cbeae646b..5cea08c55 100644 --- a/src/mint-tools/taler-mint-keyup.c +++ b/src/mint-tools/taler-mint-keyup.c @@ -429,11 +429,13 @@ get_anchor (const char *dir, * * @param start start time of the validity period for the key * @param duration how long should the key be valid + * @param end when do all signatures by this key expire * @param[out] pi set to the signing key information */ static void create_signkey_issue_priv (struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration, + struct GNUNET_TIME_Absolute end, struct TALER_MINTDB_PrivateSigningKeyInformationP *pi) { struct GNUNET_CRYPTO_EddsaPrivateKey *priv; @@ -446,6 +448,7 @@ create_signkey_issue_priv (struct GNUNET_TIME_Absolute start, issue->start = GNUNET_TIME_absolute_hton (start); issue->expire = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (start, duration)); + issue->end = GNUNET_TIME_absolute_hton (end); GNUNET_CRYPTO_eddsa_key_get_public (&pi->signkey_priv.eddsa_priv, &issue->signkey_pub.eddsa_pub); issue->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY); @@ -470,6 +473,7 @@ static int mint_keys_update_signkeys () { struct GNUNET_TIME_Relative signkey_duration; + struct GNUNET_TIME_Relative legal_duration; struct GNUNET_TIME_Absolute anchor; char *signkey_dir; @@ -484,6 +488,25 @@ mint_keys_update_signkeys () "signkey_duration"); return GNUNET_SYSERR; } + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_time (kcfg, + "mint_keys", + "legal_duration", + &legal_duration)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "mint_keys", + "legal_duration"); + return GNUNET_SYSERR; + } + if (signkey_duration.rel_value_us < legal_duration.rel_value_us) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "mint_keys", + "legal_duration", + "must be longer than signkey_duration"); + return GNUNET_SYSERR; + } ROUND_TO_SECS (signkey_duration, rel_value_us); GNUNET_asprintf (&signkey_dir, @@ -508,8 +531,11 @@ mint_keys_update_signkeys () const char *skf; struct TALER_MINTDB_PrivateSigningKeyInformationP signkey_issue; ssize_t nwrite; + struct GNUNET_TIME_Absolute end; skf = get_signkey_file (anchor); + end = GNUNET_TIME_absolute_add (anchor, + legal_duration); GNUNET_break (GNUNET_YES != GNUNET_DISK_file_test (skf)); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -517,6 +543,7 @@ mint_keys_update_signkeys () GNUNET_STRINGS_absolute_time_to_string (anchor)); create_signkey_issue_priv (anchor, signkey_duration, + end, &signkey_issue); nwrite = GNUNET_DISK_fn_write (skf, &signkey_issue, diff --git a/src/mint/taler-mint-httpd_keystate.c b/src/mint/taler-mint-httpd_keystate.c index 1745775bb..33407e020 100644 --- a/src/mint/taler-mint-httpd_keystate.c +++ b/src/mint/taler-mint-httpd_keystate.c @@ -250,17 +250,22 @@ static json_t * sign_key_issue_to_json (const struct TALER_MintSigningKeyValidityPS *ski) { return - json_pack ("{s:o, s:o, s:o, s:o}", + json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o}", "stamp_start", TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->start)), "stamp_expire", TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->expire)), + "stamp_end", + TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->end)), + "master_pub", + TALER_json_from_data (&ski->master_public_key, + sizeof (struct TALER_MasterPublicKeyP)), "master_sig", TALER_json_from_data (&ski->signature, - sizeof (struct GNUNET_CRYPTO_EddsaSignature)), + sizeof (struct TALER_MasterSignatureP)), "key", TALER_json_from_data (&ski->signkey_pub, - sizeof (struct GNUNET_CRYPTO_EddsaPublicKey))); + sizeof (struct TALER_MintPublicKeyP))); }