From 2e7b28765ea2871df03353681f0680c53ec3ebef Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 6 Jul 2015 10:16:49 +0200 Subject: [PATCH 1/2] simplifying use of struct TALER_DenominationKeyValidityPS by removing signature --- src/include/taler_mintdb_lib.h | 20 ++++++++++- src/include/taler_mintdb_plugin.h | 4 +-- src/include/taler_signatures.h | 48 ++++++++++++++++++++++--- src/mint-lib/mint_api_handle.c | 8 ++--- src/mint-tools/taler-mint-keycheck.c | 20 +++++------ src/mint-tools/taler-mint-keyup.c | 30 ++++++++-------- src/mint/taler-mint-httpd_db.c | 12 +++---- src/mint/taler-mint-httpd_deposit.c | 4 +-- src/mint/taler-mint-httpd_keystate.c | 28 +++++++-------- src/mint/taler-mint-httpd_refresh.c | 10 +++--- src/mint/taler-mint-httpd_withdraw.c | 4 +-- src/mintdb/perf_taler_mintdb_init.c | 30 ++++++++-------- src/mintdb/plugin_mintdb_postgres.c | 52 ++++++++++++++-------------- src/mintdb/test_mintdb.c | 24 ++++++------- src/mintdb/test_mintdb_keyio.c | 3 +- 15 files changed, 171 insertions(+), 126 deletions(-) diff --git a/src/include/taler_mintdb_lib.h b/src/include/taler_mintdb_lib.h index 739194a40..24f677617 100644 --- a/src/include/taler_mintdb_lib.h +++ b/src/include/taler_mintdb_lib.h @@ -60,6 +60,24 @@ struct TALER_MINTDB_PrivateSigningKeyInformationP }; +/** + * Information about a denomination key. + */ +struct TALER_MINTDB_DenominationKeyInformationP +{ + + /** + * Signature over this struct to affirm the validity of the key. + */ + struct TALER_MasterSignatureP signature; + + /** + * Signed properties of the denomination key. + */ + struct TALER_DenominationKeyValidityPS properties; +}; + + GNUNET_NETWORK_STRUCT_END @@ -85,7 +103,7 @@ struct TALER_MINTDB_DenominationKeyIssueInformation /** * Signed public information about a denomination key. */ - struct TALER_DenominationKeyValidityPS issue; + struct TALER_MINTDB_DenominationKeyInformationP issue; }; diff --git a/src/include/taler_mintdb_plugin.h b/src/include/taler_mintdb_plugin.h index af5f2c196..21d83d9d8 100644 --- a/src/include/taler_mintdb_plugin.h +++ b/src/include/taler_mintdb_plugin.h @@ -697,7 +697,7 @@ struct TALER_MINTDB_Plugin (*insert_denomination_info) (void *cls, struct TALER_MINTDB_Session *session, const struct TALER_DenominationPublicKey *denom_pub, - const struct TALER_DenominationKeyValidityPS *issue); + const struct TALER_MINTDB_DenominationKeyInformationP *issue); /** @@ -713,7 +713,7 @@ struct TALER_MINTDB_Plugin (*get_denomination_info) (void *cls, struct TALER_MINTDB_Session *session, const struct TALER_DenominationPublicKey *denom_pub, - struct TALER_DenominationKeyValidityPS *issue); + struct TALER_MINTDB_DenominationKeyInformationP *issue); /** diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index 70fc1c0ad..eebddd2dd 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -89,6 +89,17 @@ #define TALER_SIGNATURE_MINT_KEY_SET 1035 +/*********************/ +/* Wallet signatures */ +/*********************/ + +/** + * Signature where the auditor confirms that he is + * aware of certain denomination keys from the mint. + */ +#define TALER_SIGNATURE_AUDITOR_MINT_KEYS 1064 + + /***********************/ /* Merchant signatures */ /***********************/ @@ -123,11 +134,11 @@ */ #define TALER_SIGNATURE_WALLET_COIN_MELT 1202 + /*******************/ /* Test signatures */ /*******************/ - /** * EdDSA test signature. */ @@ -512,10 +523,6 @@ struct TALER_MintKeySetPS */ struct TALER_DenominationKeyValidityPS { - /** - * Signature over this struct to affirm the validity of the key. - */ - struct TALER_MasterSignatureP signature; /** * Purpose is #TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY. @@ -599,6 +606,37 @@ struct TALER_DenominationKeyValidityPS }; + +/** + * @brief Information about a denomination key. Denomination keys + * are used to sign coins of a certain value into existence. + */ +struct TALER_MintKeyValidityPS +{ + + /** + * Purpose is #TALER_SIGNATURE_AUDITOR_MINT_KEYS. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * The long-term offline master key of the mint, affirmed by the + * auditor. + */ + struct TALER_MasterPublicKeyP master; + + /** + * Array of hash(es) of the mint's denomination keys. + * Specifically, this is the hash over the + * `struct TALER_DenominationKeyValidityPS`, not just + * the public key (as the auditor needs to check against + * the correct valuations and fee structure). + */ + /* struct GNUNET_HashCode h_dks; */ + +}; + + GNUNET_NETWORK_STRUCT_END #endif diff --git a/src/mint-lib/mint_api_handle.c b/src/mint-lib/mint_api_handle.c index 8b5b2e42c..769642ecf 100644 --- a/src/mint-lib/mint_api_handle.c +++ b/src/mint-lib/mint_api_handle.c @@ -280,9 +280,7 @@ parse_json_signkey (struct TALER_MINT_SigningPublicKey *sign_key, sign_key_issue.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY); sign_key_issue.purpose.size = - htonl (sizeof (sign_key_issue) - - offsetof (struct TALER_MintSigningKeyValidityPS, - purpose)); + htonl (sizeof (struct TALER_MintSigningKeyValidityPS)); sign_key_issue.master_public_key = *master_key; sign_key_issue.start = GNUNET_TIME_absolute_hton (valid_from); sign_key_issue.expire = GNUNET_TIME_absolute_hton (valid_until); @@ -369,9 +367,7 @@ parse_json_denomkey (struct TALER_MINT_DenomPublicKey *denom_key, denom_key_issue.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY); denom_key_issue.purpose.size - = htonl (sizeof (struct TALER_DenominationKeyValidityPS) - - offsetof (struct TALER_DenominationKeyValidityPS, - purpose)); + = htonl (sizeof (struct TALER_DenominationKeyValidityPS)); denom_key_issue.master = *master_key; denom_key_issue.start = GNUNET_TIME_absolute_hton (valid_from); denom_key_issue.expire_withdraw = GNUNET_TIME_absolute_hton (withdraw_valid_until); diff --git a/src/mint-tools/taler-mint-keycheck.c b/src/mint-tools/taler-mint-keycheck.c index e6fa1ea6e..c5ac86cb6 100644 --- a/src/mint-tools/taler-mint-keycheck.c +++ b/src/mint-tools/taler-mint-keycheck.c @@ -128,10 +128,8 @@ denomkeys_iter (void *cls, { struct GNUNET_HashCode hc; - if (ntohl (dki->issue.purpose.size) != - sizeof (struct TALER_DenominationKeyValidityPS) - - offsetof (struct TALER_DenominationKeyValidityPS, - purpose)) + if (ntohl (dki->issue.properties.purpose.size) != + sizeof (struct TALER_DenominationKeyValidityPS)) { fprintf (stderr, "Denomination key for `%s' has invalid purpose size\n", @@ -139,10 +137,10 @@ denomkeys_iter (void *cls, return GNUNET_SYSERR; } - if ( (0 != GNUNET_TIME_absolute_ntoh (dki->issue.start).abs_value_us % 1000000) || - (0 != GNUNET_TIME_absolute_ntoh (dki->issue.expire_withdraw).abs_value_us % 1000000) || - (0 != GNUNET_TIME_absolute_ntoh (dki->issue.expire_legal).abs_value_us % 1000000) || - (0 != GNUNET_TIME_absolute_ntoh (dki->issue.expire_spend).abs_value_us % 1000000) ) + if ( (0 != GNUNET_TIME_absolute_ntoh (dki->issue.properties.start).abs_value_us % 1000000) || + (0 != GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_withdraw).abs_value_us % 1000000) || + (0 != GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_legal).abs_value_us % 1000000) || + (0 != GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_spend).abs_value_us % 1000000) ) { fprintf (stderr, "Timestamps are not multiples of a round second\n"); @@ -151,9 +149,9 @@ denomkeys_iter (void *cls, if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY, - &dki->issue.purpose, + &dki->issue.properties.purpose, &dki->issue.signature.eddsa_signature, - &dki->issue.master.eddsa_pub)) + &dki->issue.properties.master.eddsa_pub)) { fprintf (stderr, "Denomination key for `%s' has invalid signature\n", @@ -163,7 +161,7 @@ denomkeys_iter (void *cls, GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub.rsa_public_key, &hc); if (0 != memcmp (&hc, - &dki->issue.denom_hash, + &dki->issue.properties.denom_hash, sizeof (struct GNUNET_HashCode))) { fprintf (stderr, diff --git a/src/mint-tools/taler-mint-keyup.c b/src/mint-tools/taler-mint-keyup.c index 7b9388573..15c2d2e7b 100644 --- a/src/mint-tools/taler-mint-keyup.c +++ b/src/mint-tools/taler-mint-keyup.c @@ -719,35 +719,33 @@ create_denomkey_issue (const struct CoinTypeParams *params, dki->denom_pub.rsa_public_key = GNUNET_CRYPTO_rsa_private_key_get_public (dki->denom_priv.rsa_private_key); GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub.rsa_public_key, - &dki->issue.denom_hash); - dki->issue.master = master_public_key; - dki->issue.start = GNUNET_TIME_absolute_hton (params->anchor); - dki->issue.expire_withdraw = + &dki->issue.properties.denom_hash); + dki->issue.properties.master = master_public_key; + dki->issue.properties.start = GNUNET_TIME_absolute_hton (params->anchor); + dki->issue.properties.expire_withdraw = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (params->anchor, params->duration_withdraw)); - dki->issue.expire_spend = + dki->issue.properties.expire_spend = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (params->anchor, params->duration_spend)); - dki->issue.expire_legal = + dki->issue.properties.expire_legal = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (params->anchor, params->duration_legal)); - TALER_amount_hton (&dki->issue.value, + TALER_amount_hton (&dki->issue.properties.value, ¶ms->value); - TALER_amount_hton (&dki->issue.fee_withdraw, + TALER_amount_hton (&dki->issue.properties.fee_withdraw, ¶ms->fee_withdraw); - TALER_amount_hton (&dki->issue.fee_deposit, + TALER_amount_hton (&dki->issue.properties.fee_deposit, ¶ms->fee_deposit); - TALER_amount_hton (&dki->issue.fee_refresh, + TALER_amount_hton (&dki->issue.properties.fee_refresh, ¶ms->fee_refresh); - dki->issue.purpose.purpose + dki->issue.properties.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY); - dki->issue.purpose.size - = htonl (sizeof (struct TALER_DenominationKeyValidityPS) - - offsetof (struct TALER_DenominationKeyValidityPS, - purpose)); + dki->issue.properties.purpose.size + = htonl (sizeof (struct TALER_DenominationKeyValidityPS)); GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (&master_priv.eddsa_priv, - &dki->issue.purpose, + &dki->issue.properties.purpose, &dki->issue.signature.eddsa_signature)); } diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c index 2ac3defde..4e91e7e76 100644 --- a/src/mint/taler-mint-httpd_db.c +++ b/src/mint/taler-mint-httpd_db.c @@ -136,7 +136,7 @@ TMH_DB_execute_deposit (struct MHD_Connection *connection, &deposit->coin.denom_pub, TMH_KS_DKU_DEPOSIT); TALER_amount_ntoh (&value, - &dki->issue.value); + &dki->issue.properties.value); TMH_KS_release (mks); if (GNUNET_OK != @@ -357,9 +357,9 @@ TMH_DB_execute_withdraw_sign (struct MHD_Connection *connection, /* calculate amount required including fees */ TALER_amount_ntoh (&value, - &dki->issue.value); + &dki->issue.properties.value); TALER_amount_ntoh (&fee_withdraw, - &dki->issue.fee_withdraw); + &dki->issue.properties.fee_withdraw); if (GNUNET_OK != TALER_amount_add (&amount_required, @@ -399,7 +399,7 @@ TMH_DB_execute_withdraw_sign (struct MHD_Connection *connection, &pos->details.withdraw->denom_pub, TMH_KS_DKU_WITHDRAW); TALER_amount_ntoh (&value, - &tdki->issue.value); + &tdki->issue.properties.value); if (0 == (res & 2)) withdraw_total = value; else @@ -516,7 +516,7 @@ refresh_accept_melts (struct MHD_Connection *connection, const struct TMH_DB_MeltDetails *coin_details, uint16_t oldcoin_index) { - struct TALER_DenominationKeyValidityPS *dki; + struct TALER_MINTDB_DenominationKeyInformationP *dki; struct TALER_MINTDB_TransactionList *tl; struct TALER_Amount coin_value; struct TALER_Amount coin_residual; @@ -535,7 +535,7 @@ refresh_accept_melts (struct MHD_Connection *connection, ? GNUNET_NO : GNUNET_SYSERR; TALER_amount_ntoh (&coin_value, - &dki->value); + &dki->properties.value); /* fee for THIS transaction; the melt amount includes the fee! */ spent = coin_details->melt_amount_with_fee; /* add historic transaction costs of this coin */ diff --git a/src/mint/taler-mint-httpd_deposit.c b/src/mint/taler-mint-httpd_deposit.c index 782d05a8b..c1495c817 100644 --- a/src/mint/taler-mint-httpd_deposit.c +++ b/src/mint/taler-mint-httpd_deposit.c @@ -100,7 +100,7 @@ verify_and_execute_deposit (struct MHD_Connection *connection, "ub_sig"); } TALER_amount_ntoh (&fee_deposit, - &dki->issue.fee_deposit); + &dki->issue.properties.fee_deposit); if (0 < TALER_amount_cmp (&fee_deposit, &deposit->amount_with_fee)) { @@ -188,7 +188,7 @@ parse_and_handle_deposit_request (struct MHD_Connection *connection, "denom_pub"); } TALER_amount_ntoh (&deposit.deposit_fee, - &dki->issue.fee_deposit); + &dki->issue.properties.fee_deposit); TMH_KS_release (ks); deposit.wire = wire; deposit.amount_with_fee = *amount; diff --git a/src/mint/taler-mint-httpd_keystate.c b/src/mint/taler-mint-httpd_keystate.c index d7b64b831..87f2e9b95 100644 --- a/src/mint/taler-mint-httpd_keystate.c +++ b/src/mint/taler-mint-httpd_keystate.c @@ -119,7 +119,7 @@ static int reload_pipe[2]; */ static json_t * denom_key_issue_to_json (const struct TALER_DenominationPublicKey *pk, - const struct TALER_DenominationKeyValidityPS *dki) + const struct TALER_MINTDB_DenominationKeyInformationP *dki) { struct TALER_Amount value; struct TALER_Amount fee_withdraw; @@ -127,26 +127,26 @@ denom_key_issue_to_json (const struct TALER_DenominationPublicKey *pk, struct TALER_Amount fee_refresh; TALER_amount_ntoh (&value, - &dki->value); + &dki->properties.value); TALER_amount_ntoh (&fee_withdraw, - &dki->fee_withdraw); + &dki->properties.fee_withdraw); TALER_amount_ntoh (&fee_deposit, - &dki->fee_deposit); + &dki->properties.fee_deposit); TALER_amount_ntoh (&fee_refresh, - &dki->fee_refresh); + &dki->properties.fee_refresh); return json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o, s:o, s:o, s:o, s:o}", "master_sig", TALER_json_from_data (&dki->signature, sizeof (struct GNUNET_CRYPTO_EddsaSignature)), "stamp_start", - TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->start)), + TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.start)), "stamp_expire_withdraw", - TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->expire_withdraw)), + TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.expire_withdraw)), "stamp_expire_deposit", - TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->expire_spend)), + TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.expire_spend)), "stamp_expire_legal", - TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->expire_legal)), + TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.expire_legal)), "denom_pub", TALER_json_from_rsa_public_key (pk->rsa_public_key), "value", @@ -214,7 +214,7 @@ reload_keys_denom_iter (void *cls, "Loading denomination key `%s'\n", alias); horizon = GNUNET_TIME_relative_to_absolute (TALER_MINT_conf_duration_provide ()); - if (GNUNET_TIME_absolute_ntoh (dki->issue.start).abs_value_us > + if (GNUNET_TIME_absolute_ntoh (dki->issue.properties.start).abs_value_us > horizon.abs_value_us) { GNUNET_log (GNUNET_ERROR_TYPE_INFO, @@ -223,7 +223,7 @@ reload_keys_denom_iter (void *cls, return GNUNET_OK; } now = GNUNET_TIME_absolute_get (); - if (GNUNET_TIME_absolute_ntoh (dki->issue.expire_spend).abs_value_us < + if (GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_spend).abs_value_us < now.abs_value_us) { GNUNET_log (GNUNET_ERROR_TYPE_INFO, @@ -569,7 +569,7 @@ TMH_KS_denomination_key_lookup (const struct TMH_KS_StateHandle *key_state, &hc); now = GNUNET_TIME_absolute_get (); if (now.abs_value_us < - GNUNET_TIME_absolute_ntoh (dki->issue.start).abs_value_us) + GNUNET_TIME_absolute_ntoh (dki->issue.properties.start).abs_value_us) { GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Not returning DKI for %s, as start time is in the future\n", @@ -581,7 +581,7 @@ TMH_KS_denomination_key_lookup (const struct TMH_KS_StateHandle *key_state, { case TMH_KS_DKU_WITHDRAW: if (now.abs_value_us > - GNUNET_TIME_absolute_ntoh (dki->issue.expire_withdraw).abs_value_us) + GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_withdraw).abs_value_us) { GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Not returning DKI for %s, as time to create coins has passed\n", @@ -591,7 +591,7 @@ TMH_KS_denomination_key_lookup (const struct TMH_KS_StateHandle *key_state, break; case TMH_KS_DKU_DEPOSIT: if (now.abs_value_us > - GNUNET_TIME_absolute_ntoh (dki->issue.expire_spend).abs_value_us) + GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_spend).abs_value_us) { GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Not returning DKI for %s, as time to spend coin has passed\n", diff --git a/src/mint/taler-mint-httpd_refresh.c b/src/mint/taler-mint-httpd_refresh.c index 4fc923759..b1482272c 100644 --- a/src/mint/taler-mint-httpd_refresh.c +++ b/src/mint/taler-mint-httpd_refresh.c @@ -61,7 +61,7 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, { unsigned int i; struct TMH_KS_StateHandle *key_state; - struct TALER_DenominationKeyValidityPS *dki; + struct TALER_MINTDB_DenominationKeyInformationP *dki; struct TALER_Amount cost; struct TALER_Amount total_cost; struct TALER_Amount melt; @@ -80,9 +80,9 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, &denom_pubs[i], TMH_KS_DKU_WITHDRAW)->issue; TALER_amount_ntoh (&value, - &dki->value); + &dki->properties.value); TALER_amount_ntoh (&fee_withdraw, - &dki->fee_withdraw); + &dki->properties.fee_withdraw); if ( (GNUNET_OK != TALER_amount_add (&cost, &value, @@ -109,7 +109,7 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, &coin_melt_details[i].coin_info.denom_pub, TMH_KS_DKU_DEPOSIT)->issue; TALER_amount_ntoh (&fee_melt, - &dki->fee_refresh); + &dki->properties.fee_refresh); if (GNUNET_OK != TALER_amount_subtract (&melt, &coin_melt_details->melt_amount_with_fee, @@ -245,7 +245,7 @@ verify_coin_public_info (struct MHD_Connection *connection, /* FIXME: need to check if denomination key is still valid for issuing! (#3634) */ TALER_amount_ntoh (&fee_refresh, - &dki->issue.fee_refresh); + &dki->issue.properties.fee_refresh); body.purpose.size = htonl (sizeof (struct TALER_RefreshMeltCoinAffirmationPS)); body.purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_MELT); body.session_hash = *session_hash; diff --git a/src/mint/taler-mint-httpd_withdraw.c b/src/mint/taler-mint-httpd_withdraw.c index 877ae8f3c..589cf0a8f 100644 --- a/src/mint/taler-mint-httpd_withdraw.c +++ b/src/mint/taler-mint-httpd_withdraw.c @@ -137,9 +137,9 @@ TMH_WITHDRAW_handler_withdraw_sign (struct TMH_RequestHandler *rh, "denom_pub"); } TALER_amount_ntoh (&amount, - &dki->issue.value); + &dki->issue.properties.value); TALER_amount_ntoh (&fee_withdraw, - &dki->issue.fee_withdraw); + &dki->issue.properties.fee_withdraw); GNUNET_assert (GNUNET_OK == TALER_amount_add (&amount_with_fee, &amount, diff --git a/src/mintdb/perf_taler_mintdb_init.c b/src/mintdb/perf_taler_mintdb_init.c index 90015e37a..be47f76d4 100644 --- a/src/mintdb/perf_taler_mintdb_init.c +++ b/src/mintdb/perf_taler_mintdb_init.c @@ -50,36 +50,34 @@ PERF_TALER_MINTDB_denomination_init () (dki->denom_pub.rsa_public_key = GNUNET_CRYPTO_rsa_private_key_get_public (dki->denom_priv.rsa_private_key))); GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub.rsa_public_key, - &dki->issue.denom_hash); + &dki->issue.properties.denom_hash); GNUNET_assert (NULL != (master_prvt = GNUNET_CRYPTO_eddsa_key_create ())); GNUNET_CRYPTO_eddsa_key_get_public (master_prvt, - &dki->issue.master.eddsa_pub); + &dki->issue.properties.master.eddsa_pub); anchor = GNUNET_TIME_absolute_get (); - dki->issue.start = GNUNET_TIME_absolute_hton (anchor); - dki->issue.expire_withdraw = + dki->issue.properties.start = GNUNET_TIME_absolute_hton (anchor); + dki->issue.properties.expire_withdraw = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (anchor, GNUNET_TIME_relative_get_hour_ ())); - dki->issue.expire_spend = + dki->issue.properties.expire_spend = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (anchor, GNUNET_TIME_relative_get_hour_ ())); - dki->issue.expire_legal = + dki->issue.properties.expire_legal = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (anchor, GNUNET_TIME_relative_get_hour_ ())); GNUNET_assert (GNUNET_OK == TALER_string_to_amount (CURRENCY ":1.1", &amount)); - TALER_amount_hton (&dki->issue.value, &amount); - TALER_amount_hton (&dki->issue.fee_withdraw, &amount); - TALER_amount_hton (&dki->issue.fee_deposit, &amount); - TALER_amount_hton (&dki->issue.fee_refresh, &amount); - dki->issue.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY); - dki->issue.purpose.size = - htonl (sizeof (struct TALER_MINTDB_DenominationKeyIssueInformation) - - offsetof (struct TALER_MINTDB_DenominationKeyIssueInformation, - issue.purpose)); + TALER_amount_hton (&dki->issue.properties.value, &amount); + TALER_amount_hton (&dki->issue.properties.fee_withdraw, &amount); + TALER_amount_hton (&dki->issue.properties.fee_deposit, &amount); + TALER_amount_hton (&dki->issue.properties.fee_refresh, &amount); + dki->issue.properties.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY); + dki->issue.properties.purpose.size = + htonl (sizeof (struct TALER_MINTDB_DenominationKeyIssueInformation)); GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (master_prvt, - &dki->issue.purpose, + &dki->issue.properties.purpose, &dki->issue.signature.eddsa_signature)); GNUNET_free (master_prvt); diff --git a/src/mintdb/plugin_mintdb_postgres.c b/src/mintdb/plugin_mintdb_postgres.c index 015e8bbe7..bef3f9301 100644 --- a/src/mintdb/plugin_mintdb_postgres.c +++ b/src/mintdb/plugin_mintdb_postgres.c @@ -1045,35 +1045,35 @@ static int postgres_insert_denomination_info (void *cls, struct TALER_MINTDB_Session *session, const struct TALER_DenominationPublicKey *denom_pub, - const struct TALER_DenominationKeyValidityPS *issue) + const struct TALER_MINTDB_DenominationKeyInformationP *issue) { PGresult *result; int ret; struct TALER_PQ_QueryParam params[] = { TALER_PQ_query_param_rsa_public_key (denom_pub->rsa_public_key), - TALER_PQ_query_param_auto_from_type (&issue->master), + TALER_PQ_query_param_auto_from_type (&issue->properties.master), TALER_PQ_query_param_auto_from_type (&issue->signature), - TALER_PQ_query_param_absolute_time_nbo (&issue->start), - TALER_PQ_query_param_absolute_time_nbo (&issue->expire_withdraw), - TALER_PQ_query_param_absolute_time_nbo (&issue->expire_spend), - TALER_PQ_query_param_absolute_time_nbo (&issue->expire_legal), - TALER_PQ_query_param_amount_nbo (&issue->value), - TALER_PQ_query_param_amount_nbo (&issue->fee_withdraw), - TALER_PQ_query_param_amount_nbo (&issue->fee_deposit), - TALER_PQ_query_param_amount_nbo (&issue->fee_refresh), + TALER_PQ_query_param_absolute_time_nbo (&issue->properties.start), + TALER_PQ_query_param_absolute_time_nbo (&issue->properties.expire_withdraw), + TALER_PQ_query_param_absolute_time_nbo (&issue->properties.expire_spend), + TALER_PQ_query_param_absolute_time_nbo (&issue->properties.expire_legal), + TALER_PQ_query_param_amount_nbo (&issue->properties.value), + TALER_PQ_query_param_amount_nbo (&issue->properties.fee_withdraw), + TALER_PQ_query_param_amount_nbo (&issue->properties.fee_deposit), + TALER_PQ_query_param_amount_nbo (&issue->properties.fee_refresh), TALER_PQ_query_param_end }; /* check fees match coin currency */ GNUNET_assert (GNUNET_YES == - TALER_amount_cmp_currency_nbo (&issue->value, - &issue->fee_withdraw)); + TALER_amount_cmp_currency_nbo (&issue->properties.value, + &issue->properties.fee_withdraw)); GNUNET_assert (GNUNET_YES == - TALER_amount_cmp_currency_nbo (&issue->value, - &issue->fee_deposit)); + TALER_amount_cmp_currency_nbo (&issue->properties.value, + &issue->properties.fee_deposit)); GNUNET_assert (GNUNET_YES == - TALER_amount_cmp_currency_nbo (&issue->value, - &issue->fee_refresh)); + TALER_amount_cmp_currency_nbo (&issue->properties.value, + &issue->properties.fee_refresh)); result = TALER_PQ_exec_prepared (session->conn, "denomination_insert", @@ -1105,7 +1105,7 @@ static int postgres_get_denomination_info (void *cls, struct TALER_MINTDB_Session *session, const struct TALER_DenominationPublicKey *denom_pub, - struct TALER_DenominationKeyValidityPS *issue) + struct TALER_MINTDB_DenominationKeyInformationP *issue) { PGresult *result; struct TALER_PQ_QueryParam params[] = { @@ -1141,25 +1141,25 @@ postgres_get_denomination_info (void *cls, { struct TALER_PQ_ResultSpec rs[] = { TALER_PQ_result_spec_auto_from_type ("master_pub", - &issue->master), + &issue->properties.master), TALER_PQ_result_spec_auto_from_type ("master_sig", &issue->signature), TALER_PQ_result_spec_absolute_time_nbo ("valid_from", - &issue->start), + &issue->properties.start), TALER_PQ_result_spec_absolute_time_nbo ("expire_withdraw", - &issue->expire_withdraw), + &issue->properties.expire_withdraw), TALER_PQ_result_spec_absolute_time_nbo ("expire_spend", - &issue->expire_spend), + &issue->properties.expire_spend), TALER_PQ_result_spec_absolute_time_nbo ("expire_legal", - &issue->expire_legal), + &issue->properties.expire_legal), TALER_PQ_result_spec_amount_nbo ("coin", - &issue->value), + &issue->properties.value), TALER_PQ_result_spec_amount_nbo ("fee_withdraw", - &issue->fee_withdraw), + &issue->properties.fee_withdraw), TALER_PQ_result_spec_amount_nbo ("fee_deposit", - &issue->fee_deposit), + &issue->properties.fee_deposit), TALER_PQ_result_spec_amount_nbo ("fee_refresh", - &issue->fee_refresh), + &issue->properties.fee_refresh), TALER_PQ_result_spec_end }; diff --git a/src/mintdb/test_mintdb.c b/src/mintdb/test_mintdb.c index 857d54413..a01518e14 100644 --- a/src/mintdb/test_mintdb.c +++ b/src/mintdb/test_mintdb.c @@ -105,26 +105,26 @@ register_denomination(struct TALER_DenominationPublicKey denom_pub, 0, sizeof (struct TALER_MINTDB_DenominationKeyIssueInformation)); dki.denom_pub = denom_pub; - dki.issue.start = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); - dki.issue.expire_withdraw = GNUNET_TIME_absolute_hton + dki.issue.properties.start = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); + dki.issue.properties.expire_withdraw = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (), GNUNET_TIME_UNIT_HOURS)); - dki.issue.expire_spend = GNUNET_TIME_absolute_hton + dki.issue.properties.expire_spend = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (), GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 2))); - dki.issue.expire_legal = GNUNET_TIME_absolute_hton + dki.issue.properties.expire_legal = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (GNUNET_TIME_absolute_get (), GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_HOURS, 3))); - dki.issue.value.value = GNUNET_htonll (1); - dki.issue.value.fraction = htonl (100); - (void) strcpy (dki.issue.value.currency, CURRENCY); - dki.issue.fee_withdraw.value = 0; - dki.issue.fee_withdraw.fraction = htonl (100); - (void) strcpy (dki.issue.fee_withdraw.currency, CURRENCY); - dki.issue.fee_deposit = dki.issue.fee_withdraw; - dki.issue.fee_refresh = dki.issue.fee_withdraw; + dki.issue.properties.value.value = GNUNET_htonll (1); + dki.issue.properties.value.fraction = htonl (100); + (void) strcpy (dki.issue.properties.value.currency, CURRENCY); + dki.issue.properties.fee_withdraw.value = 0; + dki.issue.properties.fee_withdraw.fraction = htonl (100); + (void) strcpy (dki.issue.properties.fee_withdraw.currency, CURRENCY); + dki.issue.properties.fee_deposit = dki.issue.properties.fee_withdraw; + dki.issue.properties.fee_refresh = dki.issue.properties.fee_withdraw; if (GNUNET_OK != plugin->insert_denomination_info (plugin->cls, session, diff --git a/src/mintdb/test_mintdb_keyio.c b/src/mintdb/test_mintdb_keyio.c index a32d64931..aa1ba2f20 100644 --- a/src/mintdb/test_mintdb_keyio.c +++ b/src/mintdb/test_mintdb_keyio.c @@ -53,8 +53,7 @@ main (int argc, dki_read.denom_priv.rsa_private_key = NULL; GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &dki.issue.signature, - sizeof (dki) - offsetof (struct TALER_DenominationKeyValidityPS, - signature)); + sizeof (struct TALER_MasterSignatureP)); dki.denom_priv.rsa_private_key = GNUNET_CRYPTO_rsa_private_key_create (RSA_KEY_SIZE); enc_size = GNUNET_CRYPTO_rsa_private_key_encode (dki.denom_priv.rsa_private_key, From 1164803c8bf17e653630ba4316e0ecb85f0a402a Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 6 Jul 2015 10:25:52 +0200 Subject: [PATCH 2/2] defining auditor sig --- src/include/taler_mint_service.h | 58 ++++++++++++++++++++------------ src/include/taler_signatures.h | 5 +-- 2 files changed, 39 insertions(+), 24 deletions(-) diff --git a/src/include/taler_mint_service.h b/src/include/taler_mint_service.h index 7822d6200..c9dbfb874 100644 --- a/src/include/taler_mint_service.h +++ b/src/include/taler_mint_service.h @@ -117,28 +117,6 @@ enum TALER_MINT_Option }; -/** - * Information we get from the mint about auditors. - */ -struct TALER_MINT_AuditorInformation -{ - /** - * Public key of the auditing institution. - */ - struct TALER_AuditorPublicKeyP auditor_pub; - - /** - * URL of the auditing institution. The application must check that - * this is an acceptable auditor for its purpose and also verify - * that the @a auditor_pub matches the auditor's public key given at - * that website. We expect that in practice software is going to - * often ship with an initial list of accepted auditors, just like - * browsers ship with a CA root store. - */ - const char *auditor_url; -}; - - /** * @brief Mint's signature key */ @@ -209,6 +187,42 @@ struct TALER_MINT_DenomPublicKey }; +/** + * Information we get from the mint about auditors. + */ +struct TALER_MINT_AuditorInformation +{ + /** + * Public key of the auditing institution. + */ + struct TALER_AuditorPublicKeyP auditor_pub; + + /** + * URL of the auditing institution. The application must check that + * this is an acceptable auditor for its purpose and also verify + * that the @a auditor_pub matches the auditor's public key given at + * that website. We expect that in practice software is going to + * often ship with an initial list of accepted auditors, just like + * browsers ship with a CA root store. + */ + const char *auditor_url; + + /** + * Number of denomination keys audited by this auditor. + */ + unsigned int num_denom_keys; + + /** + * Array of length @a denom_keys with the denomination + * keys audited by this auditor. Note that the array + * elements point to the same locations as the entries + * in the key's main `denom_keys` array. + */ + struct TALER_MINT_DenomPublicKey *const*denom_keys; +}; + + + /** * Information about keys from the mint. */ diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index eebddd2dd..4d7e83ec5 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -608,8 +608,9 @@ struct TALER_DenominationKeyValidityPS /** - * @brief Information about a denomination key. Denomination keys - * are used to sign coins of a certain value into existence. + * @brief Information signed by an auditor affirming + * the master public key and the denomination keys + * of a mint. */ struct TALER_MintKeyValidityPS {