From 20d68685eee8a3e99b59ed913ad3389f487e3e4b Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 5 May 2021 17:45:09 +0200 Subject: update spec for W2W --- core/api-common.rst | 182 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 182 insertions(+) (limited to 'core/api-common.rst') diff --git a/core/api-common.rst b/core/api-common.rst index 19f6bf55..bb922cc2 100644 --- a/core/api-common.rst +++ b/core/api-common.rst @@ -584,6 +584,13 @@ uses 512-bit hash codes (64 bytes). uint32_t value[4]; }; +.. _WadId: +.. sourcecode:: c + + struct TALER_WadId wad_id { + uint32_t value[6]; + }; + .. _eddsa-coin-pub: .. sourcecode:: c @@ -1022,3 +1029,178 @@ within the struct TALER_TransferPublicKeyP transfer_pub; struct GNUNET_HashCode coin_envelope_hash; }; + + + + +.. _TALER_PurseStatusRequestSignaturePS: +.. sourcecode:: c + + struct TALER_PurseStatusRequestSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_PURSE_STATUS_REQUEST + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + }; + + +.. _TALER_PurseStatusSignaturePS: +.. sourcecode:: c + + struct TALER_PurseStatusResponseSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_PURSE_STATUS_RESPONSE + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_AmountNBO total_purse_amount; + struct TALER_AmountNBO total_deposit_amount; + struct TALER_AmountNBO max_deposit_fees; + struct GNUNET_TIME_AbsoluteNBO purse_expiration; + struct GNUNET_TIME_AbsoluteNBO status_timestamp; + struct GNUNET_HashCode h_contract_terms; + }; + + +.. _TALER_ReserveCloseRequestSignaturePS: +.. sourcecode:: c + + struct TALER_ReserveCloseRequestSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_RESERVE_CLOSE + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + }; + + + +.. _TALER_PurseDepositSignaturePS: +.. sourcecode:: c + + struct TALER_PurseDepositSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_PURSE_DEPOSIT + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_AmountNBO coin_contribution; + struct GNUNET_TIME_AbsoluteNBO purse_expiration; + struct TALER_PursePublicKey purse_pub; + struct GNUNET_HashCode h_contract_terms; + }; + + +.. _TALER_PursePaymentConfirmedSignaturePS: +.. sourcecode:: c + + struct TALER_PursePaymentConfirmedSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_PURSE_PAYMENT_CONFIRMED + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_AmountNBO total_purse_amount; + struct TALER_AmountNBO total_deposit_fees; + struct TALER_PursePublicKey purse_pub; + struct GNUNET_TIME_AbsoluteNBO purse_expiration; + struct GNUNET_HashCode h_contract_terms; + }; + + +.. _TALER_PurseMergeSignaturePS: +.. sourcecode:: c + + struct TALER_PurseMergeSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_PURSE_MERGE + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_ReservePublicKey reserve_pub; + struct GNUNET_TIME_AbsoluteNBO merge_timestamp; + struct GNUNET_TIME_AbsoluteNBO purse_expiration; + struct GNUNET_HashCode h_contract_terms; + struct GNUNET_HashCode h_wire; + }; + + +.. _TALER_AccountMergeSignaturePS: +.. sourcecode:: c + + struct TALER_AccountMergeSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_ACCOUNT_MERGE + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_PursePublicKey purse_pub; + struct GNUNET_TIME_AbsoluteNBO merge_timestamp; + struct GNUNET_TIME_AbsoluteNBO purse_expiration; + struct GNUNET_HashCode h_contract_terms; + struct GNUNET_HashCode h_wire; + }; + + +.. _TALER_PursePaymentSignaturePS: +.. sourcecode:: c + + struct TALER_PursePaymentSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_PURSE_PAYMENT + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_AmountNBO coin_contribution; + struct GNUNET_TIME_AbsoluteNBO purse_expiration; + struct TALER_PursePublicKey purse_pub; + }; + + +.. _TALER_PurseMergeSuccessSignaturePS: +.. sourcecode:: c + + struct TALER_PurseMergeSuccessSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_PURSE_MERGE_SUCCESS + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_ReservePublicKey reserve_pub; + struct TALER_PursePublicKey purse_pub; + struct TALER_AmountNBO merge_amount; + struct GNUNET_TIME_AbsoluteNBO contract_time; + struct GNUNET_HashCode h_contract_terms; + struct GNUNET_HashCode h_wire; + }; + + +.. _TALER_AccountSetupRequestSignaturePS: +.. sourcecode:: c + + struct TALER_AccountSetupRequestSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_ACCOUNT_SETUP_REQUEST + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_TIME_AbsoluteNBO kyc_timestamp; + struct GNUNET_HashCode h_wire; + }; + + +.. _TALER_AccountSetupSuccessSignaturePS: +.. sourcecode:: c + + struct TALER_AccountSetupRequestSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_ACCOUNT_SETUP_SUCCESS + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_ReservePublicKey reserve_pub; + struct GNUNET_TIME_AbsoluteNBO now; + }; + + +.. _TALER_WadDataSignaturePS: +.. sourcecode:: c + + struct TALER_WadDataSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_ACCOUNT_SETUP_SUCCESS + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_HashCode wad_data; + struct TALER_WadId wad_id; + }; -- cgit v1.2.3 From 7214412a05e38b8b957257c3ee99d8acb6571179 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 6 May 2021 15:33:52 +0200 Subject: work on w2w spec --- core/api-common.rst | 27 ++ core/api-exchange.rst | 403 ++++++++++++++++++++----- design-documents/013-peer-to-peer-payments.rst | 102 ++++++- 3 files changed, 455 insertions(+), 77 deletions(-) (limited to 'core/api-common.rst') diff --git a/core/api-common.rst b/core/api-common.rst index bb922cc2..5c05db0c 100644 --- a/core/api-common.rst +++ b/core/api-common.rst @@ -1033,6 +1033,30 @@ within the +.. _TALER_ReserveStatusRequestSignaturePS: +.. sourcecode:: c + + struct TALER_PurseStatusRequestSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_RESERVE_STATUS_REQUEST + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + }; + + +.. _TALER_ReserveHistoryRequestSignaturePS: +.. sourcecode:: c + + struct TALER_PurseStatusRequestSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_RESERVE_HISTORY_REQUEST + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_AmountNBO history_fee; + struct GNUNET_TIME_AbsoluteNBO request_timestamp; + }; + + .. _TALER_PurseStatusRequestSignaturePS: .. sourcecode:: c @@ -1115,6 +1139,7 @@ within the struct TALER_ReservePublicKey reserve_pub; struct GNUNET_TIME_AbsoluteNBO merge_timestamp; struct GNUNET_TIME_AbsoluteNBO purse_expiration; + struct TALER_AmountNBO purse_value_after_fees; struct GNUNET_HashCode h_contract_terms; struct GNUNET_HashCode h_wire; }; @@ -1131,6 +1156,7 @@ within the struct TALER_PursePublicKey purse_pub; struct GNUNET_TIME_AbsoluteNBO merge_timestamp; struct GNUNET_TIME_AbsoluteNBO purse_expiration; + struct TALER_AmountNBO purse_value_after_fees; struct GNUNET_HashCode h_contract_terms; struct GNUNET_HashCode h_wire; }; @@ -1176,6 +1202,7 @@ within the */ struct GNUNET_CRYPTO_EccSignaturePurpose purpose; struct GNUNET_TIME_AbsoluteNBO kyc_timestamp; + struct TALER_AmountNBO kyc_fee; struct GNUNET_HashCode h_wire; }; diff --git a/core/api-exchange.rst b/core/api-exchange.rst index 654ce31e..27886c24 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -978,14 +978,12 @@ exchange. advertise those terms of service. -.. http:get:: /reserves/$RESERVE_PUB +.. http:post:: /reserves/$RESERVE_PUB/status Request information about a reserve or an account. **Request:** - *Account-Request-Signature*: The client must provide Base-32 encoded EdDSA signature made with ``$ACCOUNT_PRIV``, affirming its authorization to access the account status. The purpose used MUST be ``TALER_SIGNATURE_ACCOUNT_STATUS`` (NUMBER: TBD). - :query history=BOOLEAN: *Optional.* If specified, the exchange will return the recent account history. This is still free of charge. @@ -993,6 +991,8 @@ exchange. the exchange will return the full account history. This may incur a fee that will be charged to the account. + The request body must be a `ReserveStatusRequest` object. + **Response:** :http:statuscode:`200 OK`: @@ -1005,6 +1005,14 @@ exchange. **Details:** + .. ts:def:: ReserveStatusRequest + + interface ReserveStatusRequest { + // Signature of type + // TALER_SIGNATURE_RESERVE_STATUS_REQUEST + reserve_sig: EddsaSignature; + } + .. ts:def:: ReserveStatus interface ReserveStatus { @@ -1020,6 +1028,7 @@ exchange. kyc_required: boolean; // Transaction history for this reserve. + // May be partial (!). history: TransactionHistoryItem[]; } @@ -1030,29 +1039,84 @@ exchange. // Union discriminated by the "type" field. type TransactionHistoryItem = | AccountMergeTransaction + | AccountSetupTransaction + | ReserveHistoryTransaction | ReserveWithdrawTransaction | ReserveCreditTransaction | ReserveClosingTransaction | ReserveRecoupTransaction; + .. ts:def:: AccountHistoryTransaction + + interface AccountHistoryTransaction { + type: "HISTORY"; + + // Fee agreed to by the reserve owner. + history_fee: Amount; + + // Time when the request was made. + request_timestamp: Timestamp; + + // Signature created with the reserve's private key. + // Must be of purpose TALER_SIGNATURE_RESERVE_HISTORY_REQUEST. + reserve_sig: EddsaSignature; + + } + + .. ts:def:: AccountSetupTransaction + + interface AccountSetupTransaction { + type: "SETUP"; + + // KYC fee agreed to by the reserve owner. + kyc_fee: Amount; + + // Time when the KYC was triggered. + kyc_timestamp: Timestamp; + + // Hash of the wire details of the account. + // Note that this hash is unsalted and potentially + // private (as it could be inverted), hence access + // to this endpoint must be authorized using the + // private key of the reserve. + h_wire: HashCode; + + // Signature created with the reserve's private key. + // Must be of purpose TALER_SIGNATURE_ACCOUNT_SETUP_REQUEST. + reserve_sig: EddsaSignature; + + } + .. ts:def:: AccountMergeTransaction interface AccountMergeTransaction { type: "MERGE"; - // Amount merged (what was left after fees). + // Actual amount merged (what was left after fees). amount: Amount; + // Minimum amount merged (amount signed by the + // reserve and purse signatures). + minimum_amount: Amount; + // Purse that was merged. purse_pub: EddsaPublicKey; + // Time of the merge. + merge_timestamp: Timestamp; + + // Expiration time of the purse. + purse_expiration: Timestamp; + // Hash of the contract. h_contract: HashCode; - // Signature created with the account's private key. - account_sig: EddsaSignature; + // Signature created with the reserve's private key. + // Must be of purpose TALER_SIGNATURE_ACCOUNT_MERGE. + reserve_sig: EddsaSignature; // Signature created with the purse's private key. + // Must be of purpose TALER_SIGNATURE_PURSE_MERGE. purse_sig: EddsaSignature; // Deposit fees that were charged to the purse. @@ -1155,6 +1219,46 @@ exchange. coin_pub: CoinPublicKey; } + +.. http:post:: /reserves/$RESERVE_PUB/history + + Request information about the full history of + a reserve or an account. + + **Request:** + + The request body must be a `ReserveHistoryRequest` object. + + **Response:** + + :http:statuscode:`200 OK`: + The exchange responds with a `ReserveStatus` object; the reserve was known to the exchange. + :http:statuscode:`401 Unauthorized`: + The *Account-Request-Signature* is invalid. + This response comes with a standard `ErrorDetail` response. + :http:statuscode:`404 Not found`: + The reserve key does not belong to a reserve known to the exchange. + :http:statuscode:`412 Precondition failed`: + The balance in the reserve is insufficient to pay for the history request. + This response comes with a standard `ErrorDetail` response. + + **Details:** + + .. ts:def:: ReserveHistoryRequest + + interface ReserveHistoryRequest { + // Signature of type + // TALER_SIGNATURE_RESERVE_HISTORY_REQUEST + reserve_sig: EddsaSignature; + + // Time when the client made the request. + // Timestamp must be reasonably close to the time of + // the exchange, otherwise the exchange may reject + // the request. + request_timestamp: Timestamp; + } + + .. http:post:: /reserves/$RESERVE_PUB/withdraw Withdraw a coin of the specified denomination. Note that the client should @@ -1450,101 +1554,244 @@ denomination. .. ts:def:: CoinSpendHistoryItem - interface CoinSpendHistoryItem { - // Either "DEPOSIT", "MELT", "REFUND", "RECOUP", - // "OLD-COIN-RECOUP" or "RECOUP-REFRESH". - type: string; + // Union discriminated by the "type" field. + type CoinSpendHistoryItem = + | CoinDepositTransaction + | CoinMeltTransaction + | CoinRefundTransaction + | CoinRecoupTransaction + | CoinOldCoinRecoupTransaction + | CoinRecoupRefreshTransaction + | CoinPursePaymentTransaction; + + + .. ts:def:: CoinDepositTransaction + + interface CoinDepositTransaction { + type: "DEPOSIT"; // The total amount of the coin's value absorbed (or restored in the // case of a refund) by this transaction. - // Note that for deposit and melt this means the amount given includes - // the transaction fee, while for refunds the amount given excludes - // the transaction fee. The current coin value can thus be computed by - // subtracting deposit and melt amounts and adding refund amounts from - // the coin's denomination value. + // The amount given includes + // the deposit fee. The current coin value can thus be computed by + // subtracting this amount. amount: Amount; - // Deposit fee in case of type "DEPOSIT". + // Deposit fee. deposit_fee: Amount; - // Public key of the merchant, for "DEPOSIT" operations. - merchant_pub?: EddsaPublicKey; + // Public key of the merchant. + merchant_pub: EddsaPublicKey; // Date when the operation was made. - // Only for "DEPOSIT", "RECOUP", "OLD-COIN-RECOUP" and - // "RECOUP-REFRESH" operations. - timestamp?: Timestamp; + timestamp: Timestamp; // Date until which the merchant can issue a refund to the customer via the - // exchange, possibly zero if refunds are not allowed. Only for "DEPOSIT" operations. - refund_deadline?: Timestamp; + // exchange, possibly zero if refunds are not allowed. + refund_deadline: Timestamp; - // Signature by the coin, only present if ``type`` is "DEPOSIT", "MELT", "RECOUP", - // or "RECOUP-REFRESH". - coin_sig?: EddsaSignature; + // Signature by the coin. + coin_sig: EddsaSignature; - // Deposit fee in case of type "MELT". - melt_fee: Amount; + // Hash of the bank account from where we received the funds. + h_wire: HashCode; - // Commitment from the melt operation, only for "MELT". - rc?: TALER_RefreshCommitmentP; + // Hash of the public denomination key used to sign the coin. + // FIXME: why do we care to have this? + h_denom_pub: HashCode; + + // Hash over the proposal data of the contract that + // is being paid. + h_contract_terms: HashCode; + + } + + .. ts:def:: CoinMeltTransaction + + interface CoinMeltTransaction { + type: "MELT"; + + // The total amount of the coin's value absorbed by this transaction. + // Note that for melt this means the amount given includes + // the melt fee. The current coin value can thus be computed by + // subtracting the amounts. + amount: Amount; + + // Signature by the coin. + coin_sig: EddsaSignature; + + // Melt fee. + melt_fee: Amount; - // Hash of the bank account from where we received the funds, - // only present if ``type`` is "DEPOSIT". - h_wire?: HashCode; + // Commitment from the melt operation. + rc: TALER_RefreshCommitmentP; // Hash of the public denomination key used to sign the coin. - // only present if ``type`` is "DEPOSIT", "RECOUP", - // "RECOUP-REFRESH", or "MELT". - h_denom_pub?: HashCode; + // FIXME: why do we care to have this? + h_denom_pub: HashCode; - // Deposit fee in case of type "REFUND". - refund_fee?: Amount; + } - // Hash over the proposal data of the contract that - // is being paid (if type is "DEPOSIT") or refunded (if - // ``type`` is "REFUND"); otherwise absent. - h_contract_terms?: HashCode; + .. ts:def:: CoinRefundTransaction - // Refund transaction ID. Only present if ``type`` is - // "REFUND". - rtransaction_id?: Integer; + interface CoinRefundTransaction { + type: "REFUND"; - // Coin blinding key. Only present if ``type`` is - // "RECOUP" or "RECOUP-REFRESH". - coin_blind?: DenominationBlindingKeyP; + // The total amount of the coin's value restored + // by this transaction. + // The amount given excludes the transaction fee. + // The current coin value can thus be computed by + // adding the amounts to the coin's denomination value. + amount: Amount; - // Reserve receiving the recoup. Only present if ``type`` is - // "RECOUP". - reserve_pub?: EddsaPublicKey; + // Refund fee in case of type "REFUND". + refund_fee: Amount; + + // Hash over the proposal data of the contract that + // is being refunded. + h_contract_terms: HashCode; + + // Refund transaction ID. + rtransaction_id: Integer; // `EdDSA Signature ` authorizing the REFUND. Made with // the `public key of the merchant `. - // Only present if ``type`` is "REFUND". - merchant_sig?: EddsaSignature; + merchant_sig: EddsaSignature; + + } + + .. ts:def:: CoinRecoupTransaction + + interface CoinRecoupTransaction { + type: "RECOUP"; + + // The total amount of the coin's value absorbed + // by this transaction. + // The current coin value can thus be computed by + // subtracting the amount from + // the coin's denomination value. + amount: Amount; + + // Date when the operation was made. + timestamp: Timestamp; + + // Signature by the coin. + coin_sig: EddsaSignature; + + // Hash of the public denomination key used to sign the coin. + // FIXME: why do we care to have this? + h_denom_pub: HashCode; + + // Coin blinding key. + coin_blind: DenominationBlindingKeyP; + + // Reserve receiving the recoup. + reserve_pub: EddsaPublicKey; + + // Signature by the exchange, must be + // of type TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP. + exchange_sig: EddsaSignature; + + // Public key used to sign ``exchange_sig`` + exchange_pub: EddsaPublicKey; + + } + + .. ts:def:: CoinOldCoinRecoupTransaction + + interface CoinOldCoinRecoupTransaction { + type: "OLD-COIN-RECOUP"; + + // The total amount of the coin's value restored + // by this transaction. + // The current coin value can thus be computed by + // adding the amount to the coin's denomination value. + amount: Amount; + + // Date when the operation was made. + timestamp: Timestamp; + + // Signature by the exchange + // of type TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP_REFRESH. + exchange_sig: EddsaSignature; + + // Public key used to sign ``exchange_sig``, + exchange_pub: EddsaPublicKey; + + } + + .. ts:def:: CoinRecoupRefreshTransaction + + interface CoinRecoupRefreshTransaction { + type: "RECOUP-REFRESH"; + + // The total amount of the coin's value absorbed + // by this transaction. + // The current coin value can thus be computed by + // subtracting this amounts from + // the coin's denomination value. + amount: Amount; - // Public key of the reserve that will receive the funds, for "RECOUP" operations. - reserve_pub?: EddsaPublicKey; + // Date when the operation was made. + timestamp: Timestamp; + + // Signature by the coin. + coin_sig: EddsaSignature; - // Signature by the exchange, only present if ``type`` is "RECOUP", - // "OLD-COIN-RECOUP" or "RECOUP-REFRESH". Signature is - // of type TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP for "RECOUP", - // and of type TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP_REFRESH otherwise. - exchange_sig?: EddsaSignature; + // Hash of the public denomination key used to sign the coin. + // FIXME: why do we care to have this? + h_denom_pub: HashCode; + + // Coin blinding key. + coin_blind: DenominationBlindingKeyP; + + // Signature by the exchange + // of type TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP_REFRESH. + exchange_sig: EddsaSignature; // Public key used to sign ``exchange_sig``, - // only present if ``exchange_sig`` present. - exchange_pub?: EddsaPublicKey; + exchange_pub: EddsaPublicKey; - // Blinding factor of the revoked new coin, - // only present if ``type`` is "REFRESH_RECOUP". + // Blinding factor of the revoked new coin. new_coin_blinding_secret: RsaBlindingKeySecret; - // Blinded public key of the revoked new coin, - // only present if ``type`` is "REFRESH_RECOUP". + // Blinded public key of the revoked new coin. new_coin_ev: RsaBlindingKeySecret; } + .. ts:def:: CoinPursePaymentTransaction + + interface CoinPursePaymentTransaction { + type: "PURSE_PAYMENT"; + + // The total amount of the coin's value absorbed + // by this transaction. + // Note that this means the amount given includes + // the deposit fee. The current coin value can thus be computed by + // subtracting the amount from + // the coin's denomination value. + amount: Amount; + + // Deposit fee. + deposit_fee: Amount; + + // Public key of the purse. + purse_pub: EddsaPublicKey; + + // Date when the purse was set to expire. + purse_expiration: Timestamp; + + // Signature by the coin. + coin_sig: EddsaSignature; + + // Hash of the public denomination key used to sign the coin. + // FIXME: why do we care to have this? + h_denom_pub: HashCode; + + } + + + ---------- Refreshing ---------- @@ -2185,12 +2432,12 @@ Wallet-to-wallet transfers TODO for the spec: - * Update coin history replies to include purse actions: - - TALER_SIGNATURE_PURSE_PAYMENT! - * Update reserve history replies to include merge & kyc actions: - - TALER_SIGNATURE_ACCOUNT_MERGE - - TALER_SIGNATURE_ACCOUNT_SETUP_REQUEST + * add reserve history requests (with fee!) + to reserve history (changes balance!) * specify new database schema at exchange (add SQL to DD13!) + - something for in-progress kyc vs. completed kyc? + => add kyc_date to reserves? + => or have separate KYC table instead of NULLs in reserves! * update wire transfer API to enable WAD IDs (and while we are at it, should probably also write extended version to allow _merchants_ to query for their inbound transfers, so spec @@ -2544,6 +2791,12 @@ Discussion: // Must be of purpose TALER_SIGNATURE_PURSE_MERGE. purse_sig: EddsaSignature; + // Minimum amount that must be credited to the reserve, that is + // the total value of the purse minus the deposit fees. + // If the deposit fees are lower, the contribution to the + // reserve can be higher! + minimum_amount_contributed: Amount; + // SHA-512 hash of the contact of the purse. h_contract_terms: HashCode; @@ -2677,10 +2930,10 @@ Discussion: // this is a ``Bad Request`` (HTTP status 400). payto_uri: string; - // EdDSA signature of the account affirming the request + // EdDSA signature of the reserve affirming the request // to create the account, must be of purpose // TALER_SIGNATURE_ACCOUNT_SETUP_REQUEST - account_sig: EddsaPublicKey; + reserve_sig: EddsaPublicKey; } @@ -2787,9 +3040,9 @@ wallet-to-wallet payments. Only another exchange should access this endpoint. // Client-side timestamp of when the merge request was made. merge_timestamp: Timestamp; - // Signature created with the account's private key. + // Signature created with the reserve's private key. // Must be of purpose TALER_SIGNATURE_ACCOUNT_MERGE - account_sig: EddsaSignature; + reserve_sig: EddsaSignature; // Signature created with the purse's private key. // Must be of purpose TALER_SIGNATURE_PURSE_MERGE diff --git a/design-documents/013-peer-to-peer-payments.rst b/design-documents/013-peer-to-peer-payments.rst index 0d3a767c..3a998c78 100644 --- a/design-documents/013-peer-to-peer-payments.rst +++ b/design-documents/013-peer-to-peer-payments.rst @@ -19,7 +19,7 @@ This will be used for payments via e-mail and other messaging apps, as well as possibly for transfers via NFC/QR code between mobile phones. Invoice Flow User Experience ----------------------------------- +---------------------------- .. graphviz:: @@ -69,7 +69,7 @@ Invoice Flow User Experience } Donation Flow User Experience -------------------------------------- +----------------------------- .. graphviz:: @@ -618,6 +618,104 @@ Additional considerations Taler's "one-hop withdrawal loohole". +Exchange database schema changes +-------------------------------- + +We need to exchange the existing reserves table to include bits for KYC-needed +and KYC-passed. Also, we need to store the payto://-URI of the bank account. + +Finally, we may need to keep some link to the KYC data, even though the +exchange technically does not need it, but likely there might be regulatory +reasons to have that association for legal inquiries. (However, it would +also be possible to keep that link only in the external KYC service's +database.) + + + +.. sourcecode:: sql + + -- Everything in one big transaction + BEGIN; + -- Check patch versioning is in place. + SELECT _v.register_patch('exchange-TBD', NULL, NULL); + -- + ALTER TABLE reserves + ADD COLUMN kyc_needed BOOLEAN NOT NULL DEFAULT (false) + ADD COLUMN kyc_passed BOOLEAN NOT NULL DEFAULT (false) + ADD COLUMN payto_uri TEXT DEFAULT (NULL) + ADD COLUMN kyc_link TEXT DEFAULT (NULL); + COMMENT ON COLUMN reserves.kyc_needed + IS 'set to true once a reserve was merged with a purse'; + COMMENT ON COLUMN reserves.kyc_passed + IS 'set to true once the user performed the KYC check'; + COMMENT ON COLUMN reserves.payto_uri + IS 'bank account details to use in case reserve is closed'; + COMMENT ON COLUMN reserves.kyc_link + IS 'optional link to KYC data'; + -- + CREATE TABLE IF NOT EXISTS kyc_requests + (kyc_request_serial_id BIGSERIAL UNIQUE + ,reserve_pub BYTEA NOT NULL REFERENCES reserves (reserve_pub) ON DELETE CASCADE + ,kyc_date INT8 NOT NULL + ,kyc_fee_val INT8 NOT NULL + ,kyc_fee_frac INT4 NOT NULL + ,payto_uri TEXT NOT NULL + ,reserve_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64)) + ,PRIMARY KEY (reserve_pub, kyc_date) + ); + CREATE TABLE IF NOT EXISTS mergers + (merge_request_serial_id BIGSERIAL UNIQUE + ,reserve_pub BYTEA NOT NULL REFERENCES reserves (reserve_pub) ON DELETE CASCADE + ,purse_url TEXT NOT NULL, + ,purse_pub BYTEA NOT NULL CHECK (LENGTH(purse_pub)=32), + ,reserve_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64)) + ,purse_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64)) + ,merge_timestamp INT8 NOT NULL + ,purse_expiration INT8 NOT NULL + ,h_contract_terms BYTEA NOT NULL CHECK (LENGTH(h_contract_terms)=64)) + ,h_wire BYTEA NOT NULL CHECK (LENGTH(h_contract_terms)=64)) + ,purse_val INT8 NOT NULL + ,purse_frac INT4 NOT NULL + ,PRIMARY KEY (purse_pub) + ); + CREATE TABLE IF NOT EXISTS contracts + (contract_serial_id BIGSERIAL UNIQUE + ,purse_pub BYTEA NOT NULL CHECK (LENGTH(purse_pub)=32), + ,pub_ckey BYTEA NOT NULL CHECK (LENGTH(pub_ckey)=32)), + ,e_contract BYTEA NOT NULL, + ,PRIMARY KEY (purse_pub) + ); + CREATE TABLE IF NOT EXISTS history_requests + (reserve_pub BYTEA NOT NULL CHECK (LENGTH(purse_pub)=32), + ,request_timestamp INT8 NOT NULL + ,reserve_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64)) + ,PRIMARY KEY (reserve_pub,request_timestamp) + ); + CREATE TABLE IF NOT EXISTS purse_deposits + (purse_deposit_serial_id BIGSERIAL UNIQUE + ,purse_pub BYTEA NOT NULL CHECK (LENGTH(purse_pub)=32), + ,purse_expiration INT8 NOT NULL + ,coin_pub BYTEA NOT NULL REFERENCES known_coins (coin_pub) ON DELETE CASCADE + ,amount_with_fee_val INT8 NOT NULL + ,amount_with_fee_frac INT4 NOT NULL + ,coin_sig BYTEA NOT NULL CHECK(LENGTH(coin_sig)=64) + ,PRIMARY KEY (purse_pub,coin_pub) + ); + CREATE TABLE IF NOT EXISTS wads + (wad_serial_id BIGSERIAL UNIQUE + ,reserve_pub BYTEA NOT NULL REFERENCES reserves (reserve_pub) ON DELETE CASCADE + ,kyc_date INT8 NOT NULL + ,kyc_fee_val INT8 NOT NULL + ,kyc_fee_frac INT4 NOT NULL + ,payto_uri TEXT NOT NULL + ,reserve_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64)) + ,PRIMARY KEY (reserve_pub, kyc_date) + ); + -- Complete transaction + COMMIT; + + + Alternatives ============ -- cgit v1.2.3 From 4713a43afead8008efb81afeb0639dc98015c5a1 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 8 May 2021 01:07:39 +0200 Subject: more dd13 spec updates --- core/api-common.rst | 32 +++------- core/api-exchange.rst | 87 +++++++------------------- design-documents/013-peer-to-peer-payments.rst | 73 ++++++++++++++++----- 3 files changed, 93 insertions(+), 99 deletions(-) (limited to 'core/api-common.rst') diff --git a/core/api-common.rst b/core/api-common.rst index 5c05db0c..bcb0570f 100644 --- a/core/api-common.rst +++ b/core/api-common.rst @@ -1036,7 +1036,7 @@ within the .. _TALER_ReserveStatusRequestSignaturePS: .. sourcecode:: c - struct TALER_PurseStatusRequestSignaturePS { + struct TALER_ReserveStatusRequestSignaturePS { /** * purpose.purpose = TALER_SIGNATURE_RESERVE_STATUS_REQUEST */ @@ -1047,7 +1047,7 @@ within the .. _TALER_ReserveHistoryRequestSignaturePS: .. sourcecode:: c - struct TALER_PurseStatusRequestSignaturePS { + struct TALER_ReserveHistoryRequestSignaturePS { /** * purpose.purpose = TALER_SIGNATURE_RESERVE_HISTORY_REQUEST */ @@ -1068,7 +1068,7 @@ within the }; -.. _TALER_PurseStatusSignaturePS: +.. _TALER_PurseStatusResponseSignaturePS: .. sourcecode:: c struct TALER_PurseStatusResponseSignaturePS { @@ -1112,12 +1112,12 @@ within the }; -.. _TALER_PursePaymentConfirmedSignaturePS: +.. _TALER_PurseDepositConfirmedSignaturePS: .. sourcecode:: c - struct TALER_PursePaymentConfirmedSignaturePS { + struct TALER_PurseDepositConfirmedSignaturePS { /** - * purpose.purpose = TALER_SIGNATURE_PURSE_PAYMENT_CONFIRMED + * purpose.purpose = TALER_SIGNATURE_PURSE_DEPOSIT_CONFIRMED */ struct GNUNET_CRYPTO_EccSignaturePurpose purpose; struct TALER_AmountNBO total_purse_amount; @@ -1162,20 +1162,6 @@ within the }; -.. _TALER_PursePaymentSignaturePS: -.. sourcecode:: c - - struct TALER_PursePaymentSignaturePS { - /** - * purpose.purpose = TALER_SIGNATURE_PURSE_PAYMENT - */ - struct GNUNET_CRYPTO_EccSignaturePurpose purpose; - struct TALER_AmountNBO coin_contribution; - struct GNUNET_TIME_AbsoluteNBO purse_expiration; - struct TALER_PursePublicKey purse_pub; - }; - - .. _TALER_PurseMergeSuccessSignaturePS: .. sourcecode:: c @@ -1225,9 +1211,11 @@ within the struct TALER_WadDataSignaturePS { /** - * purpose.purpose = TALER_SIGNATURE_ACCOUNT_SETUP_SUCCESS + * purpose.purpose = TALER_SIGNATURE_WAD_DATA */ struct GNUNET_CRYPTO_EccSignaturePurpose purpose; - struct GNUNET_HashCode wad_data; + struct GNUNET_TIME_AbsoluteNBO wad_execution_time; + struct TALER_AmountNBO total_amount; + struct GNUNET_HashCode h_items; struct TALER_WadId wad_id; }; diff --git a/core/api-exchange.rst b/core/api-exchange.rst index 27886c24..a2e32579 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -1046,9 +1046,9 @@ exchange. | ReserveClosingTransaction | ReserveRecoupTransaction; - .. ts:def:: AccountHistoryTransaction + .. ts:def:: ReserveHistoryTransaction - interface AccountHistoryTransaction { + interface ReserveHistoryTransaction { type: "HISTORY"; // Fee agreed to by the reserve owner. @@ -1562,7 +1562,7 @@ denomination. | CoinRecoupTransaction | CoinOldCoinRecoupTransaction | CoinRecoupRefreshTransaction - | CoinPursePaymentTransaction; + | CoinPurseDepositTransaction; .. ts:def:: CoinDepositTransaction @@ -1759,10 +1759,10 @@ denomination. new_coin_ev: RsaBlindingKeySecret; } - .. ts:def:: CoinPursePaymentTransaction + .. ts:def:: CoinPurseDepositTransaction - interface CoinPursePaymentTransaction { - type: "PURSE_PAYMENT"; + interface CoinPurseDepositTransaction { + type: "PURSE_DEPOSIT"; // The total amount of the coin's value absorbed // by this transaction. @@ -2432,12 +2432,11 @@ Wallet-to-wallet transfers TODO for the spec: - * add reserve history requests (with fee!) - to reserve history (changes balance!) - * specify new database schema at exchange (add SQL to DD13!) - - something for in-progress kyc vs. completed kyc? - => add kyc_date to reserves? - => or have separate KYC table instead of NULLs in reserves! + * update DD13 eDB SQL: tables for incoming wads! + * do we need some special entry in account/reserve + histories for incoming WAD-transfers vs. other merges, + or do we re-use the existing 'merge' entry and just + generate it from the incoming-wad table? * update wire transfer API to enable WAD IDs (and while we are at it, should probably also write extended version to allow _merchants_ to query for their inbound transfers, so spec @@ -2445,19 +2444,6 @@ TODO for the spec: tell exchange for inbound wire transfers that they are from a partner bank where KYC fees would be waived! -Discussion: - - * when the user POSTs to /kyc for a reserve with a payto URI - that differs from the URI that was used to establish the - reserve, do we 409 conflict or accept? - That seems like an attack vector: - Say I learn your account pub and wire you money from my - bank account, thus blocking you from /kyc'ing your account!) - * when the user POSTs to /kyc for an account with a payto URI - that differs from the URI that was previously used for a - /kyc for the same account, do we allow the KYC to proceed - and update the bank account? Is there an attack vector? - .. http:GET:: /purses/$PURSE_PUB @@ -2551,12 +2537,12 @@ Discussion: :http:statuscode:`200 OK`: The operation succeeded, the exchange confirms that all coins were deposited into the purse. - The response will include a `PursePaymentSuccess` object. + The response will include a `PurseDepositSuccess` object. :http:statuscode:`202 Accepted`: The payment was accepted, but insufficient to reach the specified purse balance. The client should make further purse deposits before the expiration deadline. - The response will include a `PursePaymentAccepted` object. + The response will include a `PurseDepositAccepted` object. :http:statuscode:`401 Unauthorized`: A coin signature is invalid. This response comes with a standard `ErrorDetail` response. @@ -2656,9 +2642,9 @@ Discussion: } - .. ts:def:: PursePaymentSuccess + .. ts:def:: PurseDepositSuccess - interface PursePaymentSuccess { + interface PurseDepositSuccess { // Total amount paid into the purse. total_purse_amount: Amount; @@ -2667,7 +2653,7 @@ Discussion: total_deposit_fees: Amount; // EdDSA signature of the exchange affirming the payment, - // of purpose TALER_SIGNATURE_PURSE_PAYMENT_CONFIRMED + // of purpose TALER_SIGNATURE_PURSE_DEPOSIT_CONFIRMED // Signs over the above and the purse public key and // the hash of the contract terms. exchange_sig: EddsaSignature; @@ -2677,9 +2663,9 @@ Discussion: } - .. ts:def:: PursePaymentAccepted + .. ts:def:: PurseDepositAccepted - interface PursePaymentAccepted { + interface PurseDepositAccepted { // Total amount paid so far into the purse, in this // and previous requests. @@ -2812,32 +2798,6 @@ Discussion: // purse with the payment. contract?: EncryptedContract; - // Array of payments made to pay for the creation of the - // purse. Can be empty, say if no payment is needed. - payments: CreatePurseDeposit[]; - - } - - .. ts:def:: CreatePurseDeposit { - - // Public key of the coin being used to pay for creating a purse. - coin_pub: EddsaPublicKey; - - // Amount to be deposited, can be a fraction of the - // coin's total value. - contribution: Amount; - - // Hash of denomination RSA key with which the coin is signed. - denom_pub_hash: HashCode; - - // Exchange's unblinded RSA signature of the coin. - ub_sig: RsaSignature; - - // Signature of purpose TALER_SIGNATURE_PURSE_PAYMENT. - // made by the customer with the - // `coin's private key `. - coin_sig: EddsaSignature; - } .. ts:def:: MergeSuccess @@ -2882,6 +2842,8 @@ Discussion: (from wire transfers or merges of purses) already have a sufficient balance to cover the KYC fee. The signature affirms that the KYC fee can and should be charged to the reserve. + The request always updates the payto URI associated with + the reserve, even if the KYC process fails or is not completed. **Request:** The request body must be a `AccountSetupRequest` object. @@ -2900,11 +2862,6 @@ Discussion: the required KYC checks to open the account. Afterwards, the request should be repeated. The response will be an `AccountKycRedirect` object. - :http:statuscode:`409 Conflict`: - The reserve or account was previously associated with a different - payto URI, and changing the associated bank account is not - permitted. FIXME: should we allow it? Should we use PATCH for this? - Or only conflict if this was an account and not a reserve!?? :http:statuscode:`504 Gateway Timeout`: The exchange did not receive a confirmation from the KYC service within the specified time period. Used when long-polling for the @@ -3002,6 +2959,10 @@ wallet-to-wallet payments. Only another exchange should access this endpoint. // Total transfer amount claimed by the exchange. total: Amount; + // Indicative time by which the wad was given to the + // bank to execute the wire transfer. + wad_execution_time: Timestamp; + // Transfers aggregated in the wad. items: WadItem[]; diff --git a/design-documents/013-peer-to-peer-payments.rst b/design-documents/013-peer-to-peer-payments.rst index 3a998c78..5e786203 100644 --- a/design-documents/013-peer-to-peer-payments.rst +++ b/design-documents/013-peer-to-peer-payments.rst @@ -655,29 +655,44 @@ database.) -- CREATE TABLE IF NOT EXISTS kyc_requests (kyc_request_serial_id BIGSERIAL UNIQUE - ,reserve_pub BYTEA NOT NULL REFERENCES reserves (reserve_pub) ON DELETE CASCADE + ,reserve_uuid INT8 NOT NULL REFERENCES reserves (reserve_uuid) ON DELETE CASCADE ,kyc_date INT8 NOT NULL + ,kyc_retry INT8 NOT NULL ,kyc_fee_val INT8 NOT NULL ,kyc_fee_frac INT4 NOT NULL - ,payto_uri TEXT NOT NULL ,reserve_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64)) - ,PRIMARY KEY (reserve_pub, kyc_date) + ,kyc_id TEXT NOT NULL + ,PRIMARY KEY (reserve_uuid, kyc_date) ); + COMMENT ON COLUMN kyc_requests.reserve_uuid + IS 'Reserve for which the KYC request was triggered.'; + COMMENT ON COLUMN kyc_requests.reserve_sig + IS 'Signature affirming the KYC request'; + COMMENT ON COLUMN kyc_requests.kyc_fee_val + IS 'Amount paid by the reserve for the KYC process.'; + COMMENT ON COLUMN kyc_requests.kyc_date + IS 'When was the KYC process originally initiated.'; + COMMENT ON COLUMN kyc_requests.kyc_retry + IS 'Timestamp when we should next query the KYC backend for the KYC status. The maximum possible numeric value indicates that we do not need to ever check the status of this KYC process again.'; + COMMENT ON COLUMN kyc_requests.kyc_id + IS 'ID of the KYC process, used to compute the URL returned to the client as well as for the exchange to check if the KYC has completed. Format depends on the KYC process of the bank.'; + -- CREATE TABLE IF NOT EXISTS mergers (merge_request_serial_id BIGSERIAL UNIQUE - ,reserve_pub BYTEA NOT NULL REFERENCES reserves (reserve_pub) ON DELETE CASCADE + ,reserve_uuid BYTEA NOT NULL REFERENCES reserves (reserve_uuid) ON DELETE CASCADE ,purse_url TEXT NOT NULL, ,purse_pub BYTEA NOT NULL CHECK (LENGTH(purse_pub)=32), ,reserve_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64)) - ,purse_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64)) + ,purse_sig BYTEA NOT NULL CHECK (LENGTH(purse_sig)=64)) ,merge_timestamp INT8 NOT NULL ,purse_expiration INT8 NOT NULL ,h_contract_terms BYTEA NOT NULL CHECK (LENGTH(h_contract_terms)=64)) - ,h_wire BYTEA NOT NULL CHECK (LENGTH(h_contract_terms)=64)) + ,h_wire BYTEA NOT NULL CHECK (LENGTH(h_wire)=64)) ,purse_val INT8 NOT NULL ,purse_frac INT4 NOT NULL ,PRIMARY KEY (purse_pub) ); + -- CREATE TABLE IF NOT EXISTS contracts (contract_serial_id BIGSERIAL UNIQUE ,purse_pub BYTEA NOT NULL CHECK (LENGTH(purse_pub)=32), @@ -685,12 +700,23 @@ database.) ,e_contract BYTEA NOT NULL, ,PRIMARY KEY (purse_pub) ); + -- CREATE TABLE IF NOT EXISTS history_requests - (reserve_pub BYTEA NOT NULL CHECK (LENGTH(purse_pub)=32), + (reserve_uuid INT8 NOT NULL REFERENCES reserves(reserve_uuid) ON DELETE CASCADE, ,request_timestamp INT8 NOT NULL ,reserve_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64)) - ,PRIMARY KEY (reserve_pub,request_timestamp) + ,PRIMARY KEY (reserve_uuid,request_timestamp) ); + -- + CREATE TABLE IF NOT EXISTS close_requests + (reserve_uuid INT8 NOT NULL REFERENCES reserves(reserve_uuid) ON DELETE CASCADE, + ,close_timestamp INT8 NOT NULL + ,reserve_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64)) + ,close_val INT8 NOT NULL + ,close_frac INT4 NOT NULL + ,PRIMARY KEY (reserve_uuid,close_timestamp) + ); + -- CREATE TABLE IF NOT EXISTS purse_deposits (purse_deposit_serial_id BIGSERIAL UNIQUE ,purse_pub BYTEA NOT NULL CHECK (LENGTH(purse_pub)=32), @@ -701,16 +727,35 @@ database.) ,coin_sig BYTEA NOT NULL CHECK(LENGTH(coin_sig)=64) ,PRIMARY KEY (purse_pub,coin_pub) ); + -- CREATE TABLE IF NOT EXISTS wads (wad_serial_id BIGSERIAL UNIQUE - ,reserve_pub BYTEA NOT NULL REFERENCES reserves (reserve_pub) ON DELETE CASCADE - ,kyc_date INT8 NOT NULL - ,kyc_fee_val INT8 NOT NULL - ,kyc_fee_frac INT4 NOT NULL - ,payto_uri TEXT NOT NULL + ,wad_id BYTEA PRIMARY KEY CHECK (LENGTH(wad_id)=24) + ,exchange_url TEXT NOT NULL + ,amount_val INT8 NOT NULL + ,amount_frac INT4 NOT NULL + ,execution_time INT8 NOT NULL + ,UNIQUE (exchange_url, execution_time) + ); + -- + CREATE TABLE IF NOT EXISTS wad_entries + (wad_entry_serial_id BIGSERIAL UNIQUE + ,wad_serial_id INT8 REFERENCES wads (wad_serial_id) ON DELETE CASCADE + ,reserve_pub BYTEA NOT NULL CHECK(LENGTH(reserve_pub)=32) + ,purse_pub BYTEA PRIMARY KEY CHECK(LENGTH(purse_pub)=32) + ,h_contract BYTEA NOT NULL CHECK(LENGTH(h_contract)=64) + ,purse_expiration INT8 NOT NULL + ,merge_timestamp INT8 NOT NULL + ,amount_with_fee_val INT8 NOT NULL + ,amount_with_fee_frac INT4 NOT NULL + ,wad_fee_val INT8 NOT NULL + ,wad_fee_frac INT4 NOT NULL + ,deposit_fees_val INT8 NOT NULL + ,deposit_fees_frac INT4 NOT NULL ,reserve_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64)) - ,PRIMARY KEY (reserve_pub, kyc_date) + ,purse_sig BYTEA NOT NULL CHECK (LENGTH(purse_sig)=64)) ); + -- FIXME: need more tables for exchange RECEIVING a wad! -- Complete transaction COMMIT; -- cgit v1.2.3 From b944ce40628194e9f77d769fab8c6004446c9e21 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 15 May 2021 13:29:53 +0200 Subject: misc spec fixes --- core/api-common.rst | 148 ++++++++++++++++++++++++++++++++++++++++++++++++++ core/api-exchange.rst | 101 ++++++++++++++++++++-------------- 2 files changed, 208 insertions(+), 41 deletions(-) (limited to 'core/api-common.rst') diff --git a/core/api-common.rst b/core/api-common.rst index bcb0570f..81b85ab9 100644 --- a/core/api-common.rst +++ b/core/api-common.rst @@ -500,6 +500,13 @@ uses 512-bit hash codes (64 bytes). uint8_t hash[64]; // usually SHA-512 }; +.. _TALER_EcdhEphemeralPublicKeyP: +.. sourcecode:: c + + struct TALER_EcdhEphemeralPublicKeyP { + uint8_t ecdh_pub[32]; + }; + .. _reserve-pub: .. sourcecode:: c @@ -760,6 +767,9 @@ within the struct TALER_ExchangePublicKeyP signkey_pub; }; +.. _TALER_ExchangeKeySetPS: +.. sourcecode:: c + struct TALER_ExchangeKeySetPS { /** * purpose.purpose = TALER_SIGNATURE_EXCHANGE_KEY_SET @@ -1219,3 +1229,141 @@ within the struct GNUNET_HashCode h_items; struct TALER_WadId wad_id; }; + +.. _TALER_WadPartnerSignaturePS: +.. sourcecode:: c + + struct TALER_WadPartnerSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_MASTER_PARTNER_DETAILS + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_HashCode h_partner_base_url; + struct TALER_MasterPublicKeyP master_public_key; + struct GNUNET_TIME_AbsoluteNBO start_date; + struct GNUNET_TIME_AbsoluteNBO end_date; + struct TALER_AmountNBO wad_fee; + struct GNUNET_TIME_RelativeNBO wad_frequency; + }; + + +.. _TALER_P2PFeesPS: +.. sourcecode:: c + + struct TALER_P2PFeesPS { + /** + * purpose.purpose = TALER_SIGNATURE_P2P_FEES + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_TIME_AbsoluteNBO start_date; + struct GNUNET_TIME_AbsoluteNBO end_date; + struct TALER_AmountNBO kyc_fee; + struct TALER_AmountNBO purse_fee; + struct TALER_AmountNBO account_history_fee; + struct TALER_AmountNBO account_annual_fee; + struct GNUNET_TIME_RelativeNBO account_kyc_timeout; + struct GNUNET_TIME_RelativeNBO purse_timeout; + uint32_t purse_account_limit; + }; + + +.. _TALER_DenominationKeyAnnouncementPS: +.. sourcecode:: c + + struct TALER_DenominationKeyAnnouncementPS { + /** + * purpose.purpose = TALER_SIGNATURE_SM_DENOMINATION_KEY + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_HashCode h_denom_pub; + struct GNUNET_HashCode h_section_name; + struct GNUNET_TIME_AbsoluteNBO anchor_time; + struct GNUNET_TIME_RelativeNBO duration_withdraw; + }; + + +.. _TALER_SigningKeyAnnouncementPS: +.. sourcecode:: c + + struct TALER_SigningKeyAnnouncementPS { + /** + * purpose.purpose = TALER_SIGNATURE_SM_SIGNING_KEY . + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_ExchangePublicKeyP exchange_pub; + struct GNUNET_TIME_AbsoluteNBO anchor_time; + struct GNUNET_TIME_RelativeNBO duration; + }; + +.. _TALER_MasterDenominationKeyRevocationPS: +.. sourcecode:: c + + struct TALER_MasterDenominationKeyRevocationPS { + /** + * purpose.purpose = TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_HashCode h_denom_pub; + }; + + +.. _TALER_MasterSigningKeyRevocationPS: +.. sourcecode:: c + + struct TALER_MasterSigningKeyRevocationPS { + /** + * purpose.purpose = TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_ExchangePublicKeyP exchange_pub; + }; + + +.. _TALER_MasterAddAuditorPS: +.. sourcecode:: c + + struct TALER_MasterAddAuditorPS { + /** + * purpose.purpose = TALER_SIGNATURE_MASTER_ADD_AUDITOR + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_TIME_AbsoluteNBO start_date; + struct TALER_AuditorPublicKeyP auditor_pub; + struct GNUNET_HashCode h_auditor_url; + }; + +.. _TALER_MasterDelAuditorPS: +.. sourcecode:: c + + struct TALER_MasterDelAuditorPS { + /** + * purpose.purpose = TALER_SIGNATURE_MASTER_DEL_AUDITOR + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_TIME_AbsoluteNBO end_date; + struct TALER_AuditorPublicKeyP auditor_pub; + }; + +.. _TALER_MasterAddWirePS: +.. sourcecode:: c + + struct TALER_MasterAddWirePS { + /** + * purpose.purpose = TALER_SIGNATURE_MASTER_ADD_WIRE. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_TIME_AbsoluteNBO start_date; + struct GNUNET_HashCode h_wire GNUNET_PACKED; + }; + +.. _TALER_MasterDelWirePS: +.. sourcecode:: c + + struct TALER_MasterDelWirePS { + /** + * purpose.purpose = TALER_SIGNATURE_MASTER_DEL_WIRE. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_TIME_AbsoluteNBO end_date; + struct GNUNET_HashCode h_wire GNUNET_PACKED; + }; diff --git a/core/api-exchange.rst b/core/api-exchange.rst index 3f80d4d7..44dfd2a5 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -140,7 +140,7 @@ possibly by using HTTPS. // Fees relevant for wallet-to-wallet (or peer-to-peer) payments. // If no fees are provided for a given time range, then the // exchange simply does not support purses/p2p-payments at that time. - p2p_fees: P2Pfees[]; + p2p_fees: P2PFees[]; // The date when the denomination keys were last updated. list_issue_date: Timestamp; @@ -160,6 +160,7 @@ possibly by using HTTPS. // is sabotaging end-user anonymity by giving disjoint denomination keys to // different users. If an exchange were to do this, this signature allows the // clients to demonstrate to the public that the exchange is dishonest. + // Signature of `TALER_ExchangeKeySetPS` eddsa_sig: EddsaSignature; // Public EdDSA key of the exchange that was used to generate the signature. @@ -197,10 +198,9 @@ possibly by using HTTPS. // regulatory reasons.) account_annual_fee: Amount; - // How long will the exchange preserve the account - // history? After an account was deleted/closed, the - // exchange will retain the account history for - // legal reasons until this time. + // How long will the exchange preserve the account history? + // After an account was deleted/closed, the exchange will + // retain the account history for legal reasons until this time. legal_history_retention: RelativeTime; // How long does the exchange promise to keep funds @@ -217,13 +217,12 @@ possibly by using HTTPS. // Non-negative number of concurrent purses that any // account holder is allowed to create without having // to pay the purse_fee. - purse_account_limit: integer; + purse_account_limit: Integer; - // How long does an exchange keep a purse around - // after a purse has expired (or been successfully - // merged)? A 'GET' request for a purse will - // succeed until the purse expiration time plus this - // value. + // How long does an exchange keep a purse around after a purse + // has expired (or been successfully merged)? A 'GET' request + // for a purse will succeed until the purse expiration time + // plus this value. purse_timeout: RelativeTime; // Signature of `TALER_P2PFeesPS`. @@ -308,6 +307,7 @@ possibly by using HTTPS. stamp_end: Timestamp; // Signature over ``key`` and ``stamp_expire`` by the exchange master key. + // Signature of `TALER_ExchangeSigningKeyValidityPS`. // Must have purpose ``TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY``. master_sig: EddsaSignature; } @@ -453,7 +453,8 @@ possibly by using HTTPS. // How long is this partnership expected to last? end_date: Timestamp; - // Signature using the exchange's offline key + // Signature using the exchange's offline key over + // `TALER_WadPartnerSignaturePS` // with purpose ``TALER_SIGNATURE_MASTER_PARTNER_DETAILS``. master_sig: EddsaSignature; } @@ -542,7 +543,10 @@ Management operations authorized by master key // Fee charged by the exchange for refunding a coin of this denomination. fee_refund: Amount; - // Signature over this denomination by the denomination security module. + // Signature by the denomination security module + // over `TALER_DenominationKeyAnnouncementPS` + // for this denomination with purpose + // ``TALER_SIGNATURE_SM_DENOMINATION_KEY``. denom_secmod_sig: EddsaSignature; } @@ -564,7 +568,9 @@ Management operations authorized by master key // henceforth no longer be considered valid in legal disputes. stamp_end: Timestamp; - // Signature over this signing key by the signkey security module. + // Signature over `TALER_SigningKeyAnnouncementPS` + // for this signing key by the signkey security + // module using purpose ``TALER_SIGNATURE_SM_SIGNING_KEY``. signkey_secmod_sig: EddsaSignature; } @@ -607,7 +613,8 @@ Management operations authorized by master key // Hash of the public (RSA) key of the denomination. h_denom_pub: HashCode; - // Signature of `TALER_DenominationKeyValidityPS`. + // Signature over `TALER_DenominationKeyValidityPS`. + // Must have purpose ``TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY`` master_sig: EddsaSignature; } @@ -618,7 +625,8 @@ Management operations authorized by master key // The actual exchange's EdDSA signing public key. key: EddsaPublicKey; - // Signature by the exchange master key. + // Signature by the exchange master key over + // `TALER_ExchangeSigningKeyValidityPS`. // Must have purpose ``TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY``. master_sig: EddsaSignature; @@ -646,7 +654,8 @@ Management operations authorized by master key interface DenomRevocationSignature { - // Signature by the exchange master key. + // Signature by the exchange master key over a + // `TALER_MasterDenominationKeyRevocationPS`. // Must have purpose ``TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED``. master_sig: EddsaSignature; @@ -673,7 +682,8 @@ Management operations authorized by master key interface SignkeyRevocationSignature { - // Signature by the exchange master key. + // Signature by the exchange master key over a + // `TALER_MasterSigningKeyRevocationPS`. // Must have purpose ``TALER_SIGNATURE_MASTER_SIGN_KEY_REVOKED``. master_sig: EddsaSignature; @@ -712,8 +722,9 @@ Management operations authorized by master key // The auditor's EdDSA signing public key. auditor_pub: EddsaPublicKey; - // Signature by the exchange master key. - // Must have purpose ``TALER_SIGNATURE_MASTER_AUDITOR_ADD``. + // Signature by the exchange master ke yover a + // `TALER_MasterAddAuditorPS`. + // Must have purpose ``TALER_SIGNATURE_MASTER_ADD_AUDITOR``. master_sig: EddsaSignature; // When does the auditor become active? @@ -756,7 +767,8 @@ Management operations authorized by master key interface AuditorTeardownMessage { - // Signature by the exchange master key. + // Signature by the exchange master key over a + // `TALER_MasterDelAuditorPS`. // Must have purpose ``TALER_SIGNATURE_MASTER_AUDITOR_DEL``. master_sig: EddsaSignature; @@ -849,7 +861,8 @@ Management operations authorized by master key // with purpose ``TALER_SIGNATURE_MASTER_WIRE_DETAILS``. master_sig_wire: EddsaSignature; - // Signature using the exchange's offline key + // Signature using the exchange's offline key over a + // `TALER_MasterAddWirePS` // with purpose ``TALER_SIGNATURE_MASTER_WIRE_ADD``. master_sig_add: EddsaSignature; @@ -896,7 +909,8 @@ Management operations authorized by master key // ``payto://`` URL identifying the account and wire method payto_uri: string; - // Signature using the exchange's offline key + // Signature using the exchange's offline key over a + // `TALER_MasterDelWirePS`. // with purpose ``TALER_SIGNATURE_MASTER_WIRE_DEL``. master_sig_del: EddsaSignature; @@ -1063,7 +1077,7 @@ exchange. } - .. ts:def:: AccountSetupTransaction + .. ts:def:: AccountSetupTransaction interface AccountSetupTransaction { type: "SETUP"; @@ -1374,7 +1388,7 @@ exchange. The account is unknown to the exchange. :http:statuscode:`409 Conflict`: The account is still has digital cash in it, the associated - wire method is ``void'' and the *force* option was not provided. + wire method is ``void`` and the *force* option was not provided. This response comes with a standard `ErrorDetail` response. **Details:** @@ -2477,7 +2491,7 @@ Wallet-to-wallet transfers purse_expiration: Timestamp; // Indicative time at which the exchange is answering the - // status request. Used as part of `exchange_sig`. + // status request. Used as part of 'exchange_sig'. status_timestamp: Timestamp; // Maximum deposit fees that can be charged under the contract. @@ -2489,13 +2503,13 @@ Wallet-to-wallet transfers // EdDSA signature of the exchange affirming the purse status. exchange_sig: EddsaSignature; - // EdDSA public key exchange used for exchange_sig. + // EdDSA public key exchange used for 'exchange_sig'. exchange_pub: EddsaPublicKey; // AES-GCM Encrypted contract terms using encryption // key derived from DH of 'contract_pub' and the 'purse_pub'. // Optional, may be omitted if not desired by the client. - e_contract_terms?: byte[]; + e_contract_terms?: string; // If a merge request was received, information about the // merge request. Omitted if the purse has not yet received @@ -2583,23 +2597,27 @@ Wallet-to-wallet transfers deposits: PurseDeposit[]; } - .. ts:def:: EncryptedContract { + .. ts:def:: EncryptedContract + + interface EncryptedContract { // ECDH contract_public key used to encrypt the contract. // Optional as the contract terms may already be known // to the exchange or the other wallet from a different // interaction. - contract_pub: EcdhPublicKey; + contract_pub: TALER_EcdhEphemeralPublicKeyP; // AES-GCM Encrypted contract terms using encryption - // key derived from DH of 'contract_pub' and the 'purse_pub'. + // key derived from DH of ``contract_pub`` and the ``purse_pub``. // Optional as the contract terms may already be known // to the exchange or the other wallet from a different // interaction. - e_contract_terms: byte[]; - } + e_contract_terms: string; + } - .. ts:def:: PurseDeposit { + .. ts:def:: PurseDeposit + + interface PurseDeposit { // Public key of the coin being deposited into the purse. coin_pub: EddsaPublicKey; @@ -2614,7 +2632,8 @@ Wallet-to-wallet transfers // Exchange's unblinded RSA signature of the coin. ub_sig: RsaSignature; - // Signature of `TALER_PurseDepositRequestPS`, + // Signature over `TALER_PurseDepositSignaturePS` + // of purpose ``TALER_SIGNATURE_PURSE_DEPOSIT`` // made by the customer with the // `coin's private key `. coin_sig: EddsaSignature; @@ -2810,7 +2829,7 @@ Wallet-to-wallet transfers // The number of remaining purses that can still be opened // under the given account. - remaining_purses: integer; + remaining_purses: Integer; } @@ -2835,7 +2854,7 @@ Wallet-to-wallet transfers :http:statuscode:`200 Ok`: The operation succeeded, the exchange confirms that the account can now be used. - The response will be an `AccountStatus` object. + The response will be an `AccountKycStatus` object. :http:statuscode:`202 Accepted`: The user should be redirected to the provided location to perform the required KYC checks to open the account. Afterwards, the @@ -2890,7 +2909,7 @@ Wallet-to-wallet transfers exchange_pub: EddsaPublicKey; } - .. ts:def:: AccountKycRedirect + .. ts:def:: AccountKycRedirect interface AccountKycRedirect { @@ -2946,13 +2965,13 @@ wallet-to-wallet payments. Only another exchange should access this endpoint. items: WadItem[]; // EdDSA signature of the exchange affirming the wad - // data is correct, must be of purpose - // TALER_SIGNATURE_WAD_DATA. + // data is correct, must be over `TALER_WadDataSignaturePS` + // and of purpose ``TALER_SIGNATURE_WAD_DATA``. exchange_sig: EddsaSignature; // public key used to create the signature. exchange_pub: EddsaPublicKey; - } + } Objects in the wad item list have the following format: -- cgit v1.2.3 From d267f23fc695a99d95cbcffc4d35602ccef5c563 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 15 May 2021 16:05:52 +0200 Subject: more work on DD13 spec --- core/api-common.rst | 64 +++++++++---- core/api-exchange.rst | 256 ++++++++++++++++++++++++++++++++++++-------------- core/api-merchant.rst | 4 +- 3 files changed, 234 insertions(+), 90 deletions(-) (limited to 'core/api-common.rst') diff --git a/core/api-common.rst b/core/api-common.rst index 81b85ab9..cc69870b 100644 --- a/core/api-common.rst +++ b/core/api-common.rst @@ -64,6 +64,8 @@ handle the error as if an internal error (500) had been returned. changed, the client MUST follow the link to the new location. If possible, the client SHOULD remember the new URL for the reserve for future requests. + :http:statuscode:`400 Bad request`: + One of the arguments to the request is missing or malformed. :http:statuscode:`500 Internal server error`: This always indicates some serious internal operational error of the exchange, such as a program bug, database problems, etc., and must not be used for @@ -75,10 +77,7 @@ handle the error as if an internal error (500) had been returned. although the auditor API for this is not yet specified. However, as internal server errors are always reported to the exchange operator, a good operator should naturally be able to address them in a timely fashion, especially - within 24h. When generating an internal server error, the exchange responds with - a JSON object containing the following fields: FIXME: What are the fields? - :http:statuscode:`400 Bad request`: - One of the arguments to the request is missing or malformed. + within 24h. Unless specified otherwise, all error status codes (4xx and 5xx) have a message body with an `ErrorDetail` JSON object. @@ -720,11 +719,6 @@ within the struct TALER_MerchantPublicKeyP merchant; }; -.. _TALER_RefreshCommitmentP: -.. sourcecode:: c - - // FIXME: put definition here - .. _TALER_RefreshMeltCoinAffirmationPS: .. sourcecode:: c @@ -810,7 +804,6 @@ within the struct GNUNET_HashCode h_wire_details; }; - .. _TALER_MasterWireFeePS: .. sourcecode:: c @@ -831,7 +824,7 @@ within the struct TALER_DepositTrackPS { /** - * purpose.purpose = TALER_SIGNATURE_MASTER_SEPA_DETAILS || TALER_SIGNATURE_MASTER_TEST_DETAILS + * purpose.purpose = TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION */ struct GNUNET_CRYPTO_EccSignaturePurpose purpose; struct GNUNET_HashCode h_contract_terms; @@ -851,7 +844,6 @@ within the struct TALER_AmountNBO deposit_fee; }; - .. _TALER_WireDepositDataPS: .. _TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE_DEPOSIT: .. sourcecode:: c @@ -934,12 +926,31 @@ within the .. _TALER_SIGNATURE_EXCHANGE_CONFIRM_REFUND: .. sourcecode:: c - // FIXME: put definition here + struct TALER_RefundConfirmationPS { + /** + * purpose.purpose = TALER_SIGNATURE_EXCHANGE_CONFIRM_REFUND. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_HashCode h_contract_terms; + struct TALER_CoinSpendPublicKeyP coin_pub; + struct TALER_MerchantPublicKeyP merchant; + uint64_t rtransaction_id; + struct TALER_AmountNBO refund_amount; + }; .. _TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION: .. sourcecode:: c - // FIXME: put definition here + struct TALER_DepositTrackPS { + /** + * purpose.purpose = TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_HashCode h_contract_terms; + struct GNUNET_HashCode h_wire; + struct TALER_MerchantPublicKeyP merchant; + struct TALER_CoinSpendPublicKeyP coin_pub; + }; .. _TALER_RefundRequestPS: .. sourcecode:: c @@ -957,6 +968,9 @@ within the struct TALER_AmountNBO refund_fee; }; +.. _TALER_MerchantRefundConfirmationPS: +.. sourcecode:: c + struct TALER_MerchantRefundConfirmationPS { /** * purpose.purpose = TALER_SIGNATURE_MERCHANT_REFUND_OK @@ -986,7 +1000,6 @@ within the .. sourcecode:: c struct TALER_RecoupRefreshConfirmationPS { - /** * purpose.purpose = TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP_REFRESH */ @@ -1105,6 +1118,26 @@ within the struct GNUNET_CRYPTO_EccSignaturePurpose purpose; }; +.. _TALER_RefreshCommitmentP: +.. sourcecode:: c + + struct TALER_RefreshCommitmentP { + struct GNUNET_HashCode session_hash; + }; + + +.. _TALER_PurseRequestSignaturePS: +.. sourcecode:: c + + struct TALER_PurseRequestSignaturePS { + /** + * purpose.purpose = TALER_SIGNATURE_PURSE_REQUEST + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_TIME_AbsoluteNBO purse_expiration; + struct TALER_AmountNBO total_purse_amount; + struct GNUNET_HashCode h_contract_terms; + }; .. _TALER_PurseDepositSignaturePS: @@ -1137,7 +1170,6 @@ within the struct GNUNET_HashCode h_contract_terms; }; - .. _TALER_PurseMergeSignaturePS: .. sourcecode:: c diff --git a/core/api-exchange.rst b/core/api-exchange.rst index 44dfd2a5..089890af 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -398,7 +398,8 @@ possibly by using HTTPS. // ``payto://`` URI identifying the account and wire method payto_uri: string; - // Signature using the exchange's offline key + // Signature using the exchange's offline key over + // a `TALER_MasterWireDetailsPS` // with purpose ``TALER_SIGNATURE_MASTER_WIRE_DETAILS``. master_sig: EddsaSignature; } @@ -858,6 +859,7 @@ Management operations authorized by master key payto_uri: string; // Signature using the exchange's offline key + // over a `TALER_MasterWireDetailsPS` // with purpose ``TALER_SIGNATURE_MASTER_WIRE_DETAILS``. master_sig_wire: EddsaSignature; @@ -964,8 +966,9 @@ This part of the API is for the use by auditors interacting with the exchange. interface AuditorSignatureAddMessage { - // Signature by the auditor. - // Must have purpose ``TALER_SIGNATURE_AUDITOR_XXX``. + // Signature by the auditor over a + // `TALER_ExchangeKeyValidityPS`. + // Must have purpose ``TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS``. auditor_sig: EddsaSignature; } @@ -1022,8 +1025,9 @@ exchange. .. ts:def:: ReserveStatusRequest interface ReserveStatusRequest { - // Signature of type - // TALER_SIGNATURE_RESERVE_STATUS_REQUEST + // Signature of purpose + // ``TALER_SIGNATURE_RESERVE_STATUS_REQUEST`` over + // a `TALER_ReserveStatusRequestSignaturePS`. reserve_sig: EddsaSignature; } @@ -1072,7 +1076,8 @@ exchange. request_timestamp: Timestamp; // Signature created with the reserve's private key. - // Must be of purpose TALER_SIGNATURE_RESERVE_HISTORY_REQUEST. + // Must be of purpose ``TALER_SIGNATURE_RESERVE_HISTORY_REQUEST`` over + // a `TALER_ReserveHistoryRequestSignaturePS`. reserve_sig: EddsaSignature; } @@ -1096,7 +1101,8 @@ exchange. h_wire: HashCode; // Signature created with the reserve's private key. - // Must be of purpose TALER_SIGNATURE_ACCOUNT_SETUP_REQUEST. + // Must be of purpose ``TALER_SIGNATURE_ACCOUNT_SETUP_REQUEST`` over + // a `TALER_AccountSetupRequestSignaturePS`. reserve_sig: EddsaSignature; } @@ -1125,12 +1131,17 @@ exchange. // Hash of the contract. h_contract: HashCode; + // Hash of the wire details of the reserve. + h_wire: HashCode; + // Signature created with the reserve's private key. - // Must be of purpose TALER_SIGNATURE_ACCOUNT_MERGE. + // Must be of purpose ``TALER_SIGNATURE_ACCOUNT_MERGE`` over + // a `TALER_AccountMergeSignaturePS`. reserve_sig: EddsaSignature; // Signature created with the purse's private key. - // Must be of purpose TALER_SIGNATURE_PURSE_MERGE. + // Must be of purpose ``TALER_SIGNATURE_PURSE_MERGE`` + // over a `TALER_PurseMergeSignaturePS`. purse_sig: EddsaSignature; // Deposit fees that were charged to the purse. @@ -1151,8 +1162,9 @@ exchange. // Hash of the blinded coin to be signed. h_coin_envelope: HashCode; - // Signature of ``TALER_WithdrawRequestPS`` created with the reserve's - // private key. + // Signature over a `TALER_WithdrawRequestPS` + // with purpose ``TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW`` + // created with the reserve's private key. reserve_sig: EddsaSignature; // Fee that is charged for withdraw. @@ -1198,11 +1210,11 @@ exchange. receiver_account_details: string; // This is a signature over a - // struct ``TALER_ReserveCloseConfirmationPS`` with purpose + // struct `TALER_ReserveCloseConfirmationPS` with purpose // ``TALER_SIGNATURE_EXCHANGE_RESERVE_CLOSED``. exchange_sig: EddsaSignature; - // Public key used to create ``exchange_sig``. + // Public key used to create 'exchange_sig'. exchange_pub: EddsaPublicKey; // Time when the reserve was closed. @@ -1219,11 +1231,11 @@ exchange. amount: Amount; // This is a signature over - // a struct ``TALER_PaybackConfirmationPS`` with purpose - // ``TALER_SIGNATURE_EXCHANGE_CONFIRM_PAYBACK``. + // a struct `TALER_RecoupConfirmationPS` with purpose + // ``TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP``. exchange_sig: EddsaSignature; - // Public key used to create ``exchange_sig``. + // Public key used to create 'exchange_sig'. exchange_pub: EddsaPublicKey; // Time when the funds were paid back into the reserve. @@ -1262,7 +1274,8 @@ exchange. interface ReserveHistoryRequest { // Signature of type - // TALER_SIGNATURE_RESERVE_HISTORY_REQUEST + // ``TALER_SIGNATURE_RESERVE_HISTORY_REQUEST`` + // over a `TALER_ReserveHistoryRequestSignaturePS`. reserve_sig: EddsaSignature; // Time when the client made the request. @@ -1332,7 +1345,8 @@ exchange. coin_ev: CoinEnvelope; // Signature of `TALER_WithdrawRequestPS` created with - // the `reserves's private key `. + // the `reserves's private key ` + // using purpose ``TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW``. reserve_sig: EddsaSignature; } @@ -1340,7 +1354,7 @@ exchange. .. ts:def:: WithdrawResponse interface WithdrawResponse { - // The blinded RSA signature over the ``coin_ev``, affirms the coin's + // The blinded RSA signature over the 'coin_ev', affirms the coin's // validity after unblinding. ev_sig: BlindedRsaSignature; @@ -1363,6 +1377,8 @@ exchange. history: TransactionHistoryItem[] } +.. _delete-reserve: + .. http:DELETE:: /reserves/$RESERVE_PUB Forcefully closes a reserve. @@ -1432,7 +1448,6 @@ credited an amount specified in the deposit permission, possibly a fraction of the total coin's value, minus the deposit fee as specified by the coin's denomination. - .. _deposit: .. http:POST:: /coins/$COIN_PUB/deposit @@ -1445,10 +1460,9 @@ denomination. exchange. The exchange MUST return a 307 or 308 redirection to the correct base URL if this is the case. - The request should contain a JSON object with the - following fields: + **Request:** - **Request:** The request body must be a `DepositRequest` object. + The request body must be a `DepositRequest` object. **Response:** @@ -1516,7 +1530,7 @@ denomination. // exchange, possibly zero if refunds are not allowed. refund_deadline: Timestamp; - // Signature of `TALER_DepositRequestPS`, made by the customer with the + // Signature over `TALER_DepositRequestPS`, made by the customer with the // `coin's private key `. coin_sig: EddsaSignature; } @@ -1604,14 +1618,16 @@ denomination. // exchange, possibly zero if refunds are not allowed. refund_deadline: Timestamp; - // Signature by the coin. + // Signature over `TALER_DepositRequestPS`, made by the customer with the + // `coin's private key `. coin_sig: EddsaSignature; // Hash of the bank account from where we received the funds. h_wire: HashCode; // Hash of the public denomination key used to sign the coin. - // FIXME: why do we care to have this? + // Needed because 'coin_sig' signs over this, and + // that is important to fix the coin's denomination. h_denom_pub: HashCode; // Hash over the proposal data of the contract that @@ -1631,7 +1647,9 @@ denomination. // subtracting the amounts. amount: Amount; - // Signature by the coin. + // Signature by the coin over a + // `TALER_RefreshMeltCoinAffirmationPS` of + // purpose ``TALER_SIGNATURE_WALLET_COIN_MELT``. coin_sig: EddsaSignature; // Melt fee. @@ -1641,7 +1659,8 @@ denomination. rc: TALER_RefreshCommitmentP; // Hash of the public denomination key used to sign the coin. - // FIXME: why do we care to have this? + // Needed because 'coin_sig' signs over this, and + // that is important to fix the coin's denomination. h_denom_pub: HashCode; } @@ -1658,7 +1677,7 @@ denomination. // adding the amounts to the coin's denomination value. amount: Amount; - // Refund fee in case of type "REFUND". + // Refund fee. refund_fee: Amount; // Hash over the proposal data of the contract that @@ -1668,7 +1687,9 @@ denomination. // Refund transaction ID. rtransaction_id: Integer; - // `EdDSA Signature ` authorizing the REFUND. Made with + // `EdDSA Signature ` authorizing the REFUND over a + // `TALER_MerchantRefundConfirmationPS` with + // purpose ``TALER_SIGNATURE_MERCHANT_REFUND_OK``. Made with // the `public key of the merchant `. merchant_sig: EddsaSignature; @@ -1689,11 +1710,14 @@ denomination. // Date when the operation was made. timestamp: Timestamp; - // Signature by the coin. + // Signature by the coin over a + // `TALER_RecoupRequestPS` with purpose + // ``TALER_SIGNATURE_WALLET_COIN_RECOUP``. coin_sig: EddsaSignature; // Hash of the public denomination key used to sign the coin. - // FIXME: why do we care to have this? + // Needed because 'coin_sig' signs over this, and + // that is important to fix the coin's denomination. h_denom_pub: HashCode; // Coin blinding key. @@ -1702,11 +1726,12 @@ denomination. // Reserve receiving the recoup. reserve_pub: EddsaPublicKey; - // Signature by the exchange, must be - // of type TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP. + // Signature by the exchange over a + // `TALER_RecoupConfirmationPS`, must be + // of purpose ``TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP``. exchange_sig: EddsaSignature; - // Public key used to sign ``exchange_sig`` + // Public key of the private key used to create 'exchange_sig'. exchange_pub: EddsaPublicKey; } @@ -1725,11 +1750,12 @@ denomination. // Date when the operation was made. timestamp: Timestamp; - // Signature by the exchange - // of type TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP_REFRESH. + // Signature by the exchange over a + // `TALER_RecoupRefreshConfirmationPS` + // of purpose ``TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP_REFRESH``. exchange_sig: EddsaSignature; - // Public key used to sign ``exchange_sig``, + // Public key of the private key used to create 'exchange_sig'. exchange_pub: EddsaPublicKey; } @@ -1749,21 +1775,24 @@ denomination. // Date when the operation was made. timestamp: Timestamp; - // Signature by the coin. + // Signature by the coin over a `TALER_RecoupRequestPS` + // with purpose ``TALER_SIGNATURE_WALLET_COIN_RECOUP``. coin_sig: EddsaSignature; // Hash of the public denomination key used to sign the coin. - // FIXME: why do we care to have this? + // Needed because 'coin_sig' signs over this, and + // that is important to fix the coin's denomination. h_denom_pub: HashCode; // Coin blinding key. coin_blind: DenominationBlindingKeyP; - // Signature by the exchange - // of type TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP_REFRESH. + // Signature by the exchange over a + // `TALER_RecoupRefreshConfirmationPS` + // of purpose ``TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP_REFRESH``. exchange_sig: EddsaSignature; - // Public key used to sign ``exchange_sig``, + // Public key used to sign 'exchange_sig'. exchange_pub: EddsaPublicKey; // Blinding factor of the revoked new coin. @@ -1795,11 +1824,14 @@ denomination. // Date when the purse was set to expire. purse_expiration: Timestamp; - // Signature by the coin. + // Signature by the coin over a + // `TALER_PurseDepositSignaturePS` of + // purpose ``TALER_SIGNATURE_PURSE_DEPOSIT``. coin_sig: EddsaSignature; // Hash of the public denomination key used to sign the coin. - // FIXME: why do we care to have this? + // Needed because 'coin_sig' signs over this, and + // that is important to fix the coin's denomination. h_denom_pub: HashCode; } @@ -2167,6 +2199,7 @@ in using this API. interface RecoupWithdrawalConfirmation { // Tag to distinguish the `RecoupConfirmation` response type. refreshed: false; + // Public key of the reserve that will receive the recoup. reserve_pub: EddsaPublicKey; } @@ -2176,6 +2209,7 @@ in using this API. interface RecoupRefreshConfirmation { // Tag to distinguish the `RecoupConfirmation` response type. refreshed: true; + // Public key of the old coin that will receive the recoup. old_coin_pub: EddsaPublicKey; } @@ -2250,7 +2284,8 @@ typically also view the balance.) deposits: TrackTransferDetail[]; // Signature from the exchange made with purpose - // `TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE_DEPOSIT`. + // ``TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE_DEPOSIT`` + // over a `TALER_WireDepositDataPS`. exchange_sig: EddsaSignature; // Public EdDSA key of the exchange that was used to generate the signature. @@ -2286,7 +2321,7 @@ typically also view the balance.) **Request:** - :query merchant_sig: EdDSA signature of the merchant made with purpose ``TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION``, affirming that it is really the merchant who requires obtaining the wire transfer identifier. + :query merchant_sig: EdDSA signature of the merchant made with purpose ``TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION`` over a `TALER_DepositTrackPS`, affirming that it is really the merchant who requires obtaining the wire transfer identifier. **Response:** @@ -2320,7 +2355,8 @@ typically also view the balance.) // Total amount transferred. total_amount: Amount; - // Binary-only Signature_ for purpose `TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE` + // Binary-only Signature_ with purpose ``TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE`` + // over a `TALER_ConfirmWirePS` // whereby the exchange affirms the successful wire transfer. exchange_sig: EddsaSignature; @@ -2392,7 +2428,10 @@ Refunds // EdDSA public key of the merchant. merchant_pub: EddsaPublicKey; - // EdDSA signature of the merchant affirming the refund. + // EdDSA signature of the merchant over a + // `TALER_RefundRequestPS` with purpose + // ``TALER_SIGNATURE_MERCHANT_REFUND`` + // affirming the refund. merchant_sig: EddsaPublicKey; } @@ -2402,7 +2441,9 @@ Refunds interface RefundSuccess { // The EdDSA :ref:`signature` (binary-only) with purpose - // `TALER_SIGNATURE_EXCHANGE_CONFIRM_REFUND` using a current signing key of the + // ``TALER_SIGNATURE_EXCHANGE_CONFIRM_REFUND`` over + // a `TALER_RecoupRefreshConfirmationPS` + // using a current signing key of the // exchange affirming the successful refund. exchange_sig: EddsaSignature; @@ -2500,7 +2541,10 @@ Wallet-to-wallet transfers // SHA-512 hash of the contact of the purse. h_contract_terms: HashCode; - // EdDSA signature of the exchange affirming the purse status. + // EdDSA signature of the exchange over a + // `TALER_PurseStatusResponseSignaturePS` + // with purpose ``TALER_SIGNATURE_PURSE_STATUS_RESPONSE`` + // affirming the purse status. exchange_sig: EddsaSignature; // EdDSA public key exchange used for 'exchange_sig'. @@ -2523,7 +2567,9 @@ Wallet-to-wallet transfers Deposit money into a purse. Endpoint used by the buyer. - **Request:** The request body must be a `PurseRequest` object. + **Request:** + + The request body must be a `PurseRequest` object. **Response:** @@ -2557,6 +2603,11 @@ Wallet-to-wallet transfers In this case, the response is a `PurseDepositDoubleSpendError`. If the value of all successful coins is below the purse fee, the exchange may not setup the purse at all. + :http:statuscode:`425 Too Early`: + This response type is used if the given purse expiration time + is too far in the future (at least from the perspective + of the exchange). Thus, retrying at a later time may + succeed. The client should look at the ``Date:`` header of the response to see if a minor time difference is to blame and possibly adjust the request accordingly. **Details:** @@ -2565,7 +2616,10 @@ Wallet-to-wallet transfers interface PurseRequest { - // EdDSA signature of the purse confirming the key + // EdDSA signature of the purse over a + // `TALER_PurseRequestSignaturePS` + // of purpose ``TALER_SIGNATURE_PURSE_REQUEST`` + // confirming the key // invariants associated with the purse. // (amount, h_contract_terms, expiration). purse_sig: EddsaSignature; @@ -2651,7 +2705,8 @@ Wallet-to-wallet transfers total_deposit_fees: Amount; // EdDSA signature of the exchange affirming the payment, - // of purpose TALER_SIGNATURE_PURSE_DEPOSIT_CONFIRMED + // of purpose ``TALER_SIGNATURE_PURSE_DEPOSIT_CONFIRMED`` + // over a `TALER_PurseDepositConfirmedSignaturePS`. // Signs over the above and the purse public key and // the hash of the contract terms. exchange_sig: EddsaSignature; @@ -2676,22 +2731,68 @@ Wallet-to-wallet transfers .. ts:def:: PurseConflict - interface PurseConflict { + // Union discriminated by the "type" field. + type PurseConflict = + | PurseMergeConflict + | PurseRequestConflict; - // Total amount to be paid into the purse as per - // the previous request. - total_purse_amount: Amount; + .. ts:def:: PurseMergeConflict + + interface PurseMergeConflict { + type: "MERGE"; // SHA-512 hash of the contact of the purse. h_contract_terms: HashCode; + // Hash of the wire details of the reserve. + h_wire: HashCode; + + // Reserve merging the purse. + reserve_pub: EddsaPublicKey; + // Indicative time by which the purse should expire // if it has not been merged into an account. At this // point, all of the deposits made should be // auto-refunded. purse_expiration: Timestamp; - // EdDSA signature of the purse confirming that the + // When was the merge request generated. + merge_timestamp: Timestamp; + + // Total amount to be merged into the reserve. + // (excludes fees). + purse_value_after_fees: Amount; + + // EdDSA signature of the purse over + // `TALER_PurseMergeSignaturePS` of + // purpose ``TALER_SIGNATURE_PURSE_MERGE`` + // confirming that the + // above details hold for this purse. + purse_sig: EddsaSignature; + } + + .. ts:def:: PurseRequestConflict + + interface PurseRequestConflict { + type: "REQUEST"; + + // SHA-512 hash of the contact of the purse. + h_contract_terms: HashCode; + + // Indicative time by which the purse should expire + // if it has not been merged into an account. At this + // point, all of the deposits made should be + // auto-refunded. + purse_expiration: Timestamp; + + // Total amount to be paid into the purse as per + // the previous request. + total_purse_amount: Amount; + + // EdDSA signature of the purse over + // `TALER_PurseRequestSignaturePS` of + // purpose ``TALER_SIGNATURE_PURSE_REQUEST`` + // confirming that the // above details hold for this purse. purse_sig: EddsaSignature; @@ -2723,7 +2824,9 @@ Wallet-to-wallet transfers Merge purse with account, adding the value of the purse into the account. Endpoint to be used by the seller. - **Request:** The request body must be a `MergeRequest` object. + **Request:** + + The request body must be a `MergeRequest` object. :query timeout_ms=NUMBER: *Optional.* If specified, the exchange will wait up to ``timeout_ms`` milliseconds to receive payment before @@ -2764,15 +2867,17 @@ Wallet-to-wallet transfers interface MergeRequest { // payto://-URI of the account the purse is to be merged into. - // Must be of the form: "payto://taler/EXCHANGE_URL/RESERVE_PUB". + // Must be of the form: 'payto://taler/$EXCHANGE_URL/$RESERVE_PUB'. payto_uri: string; - // EdDSA signature of the account/reserve affirming the merge. - // Must be of purpose TALER_SIGNATURE_ACCOUNT_MERGE + // EdDSA signature of the account/reserve affirming the merge + // over a `TALER_AccountMergeSignaturePS`. + // Must be of purpose ``TALER_SIGNATURE_ACCOUNT_MERGE`` reserve_sig: EddsaSignature; - // EdDSA signature of the purse private key affirming the merge. - // Must be of purpose TALER_SIGNATURE_PURSE_MERGE. + // EdDSA signature of the purse private key affirming the merge + // over a `TALER_PurseMergeSignaturePS`. + // Must be of purpose ``TALER_SIGNATURE_PURSE_MERGE``. purse_sig: EddsaSignature; // Minimum amount that must be credited to the reserve, that is @@ -2814,7 +2919,8 @@ Wallet-to-wallet transfers contract_time: Timestamp; // EdDSA signature of the exchange affirming the merge of - // purpose TALER_SIGNATURE_PURSE_MERGE_SUCCESS. + // purpose ``TALER_SIGNATURE_PURSE_MERGE_SUCCESS`` + // over `TALER_PurseMergeSuccessSignaturePS`. // Signs over the above and the account public key. exchange_sig: EddsaSignature; @@ -2877,17 +2983,18 @@ Wallet-to-wallet transfers kyc_timestamp: Timestamp; // Bank account to be associated with the account. - // Can be ``payto://void/`` to not associate the + // Can be 'payto://void/' to not associate the // account with any bank account. In this case, // closing the account will result in the balance // being forfeit. If the provided wire method is - // not supported by the exchange *and* not ``void``, + // not supported by the exchange *and* not 'void', // this is a ``Bad Request`` (HTTP status 400). payto_uri: string; // EdDSA signature of the reserve affirming the request // to create the account, must be of purpose - // TALER_SIGNATURE_ACCOUNT_SETUP_REQUEST + // ``TALER_SIGNATURE_ACCOUNT_SETUP_REQUEST`` + // and over `TALER_AccountSetupRequestSignaturePS`. reserve_sig: EddsaPublicKey; } @@ -2902,7 +3009,8 @@ Wallet-to-wallet transfers // EdDSA signature of the exchange affirming the account // is KYC'ed, must be of purpose - // TALER_SIGNATURE_ACCOUNT_SETUP_SUCCESS. + // ``TALER_SIGNATURE_ACCOUNT_SETUP_SUCCESS`` + // and over `TALER_AccountSetupRequestSignaturePS`. exchange_sig: EddsaSignature; // public key used to create the signature. @@ -2983,7 +3091,7 @@ wallet-to-wallet payments. Only another exchange should access this endpoint. amount: Amount; // payto://-URI of the account the purse is to be merged into. - // Must be of the form: "payto://taler/EXCHANGE_URL/RESERVE_PUB". + // Must be of the form: 'payto://taler/EXCHANGE_URL/RESERVE_PUB'. payto_uri: string; // Purse public key. @@ -3000,11 +3108,13 @@ wallet-to-wallet payments. Only another exchange should access this endpoint. merge_timestamp: Timestamp; // Signature created with the reserve's private key. - // Must be of purpose TALER_SIGNATURE_ACCOUNT_MERGE + // Must be of purpose ``TALER_SIGNATURE_ACCOUNT_MERGE`` + // and over `TALER_AccountMergeSignaturePS`. reserve_sig: EddsaSignature; // Signature created with the purse's private key. - // Must be of purpose TALER_SIGNATURE_PURSE_MERGE + // Must be of purpose ``TALER_SIGNATURE_PURSE_MERGE`` + // and over `TALER_PurseMergeSignaturePS`. purse_sig: EddsaSignature; // Deposit fees that were charged to the purse. diff --git a/core/api-merchant.rst b/core/api-merchant.rst index 21956e5d..c9d9ca5e 100644 --- a/core/api-merchant.rst +++ b/core/api-merchant.rst @@ -1542,11 +1542,13 @@ Creating orders :ts:type:`PostOrderResponse`. :http:statuscode:`404 Not found`: Possible reasons are: + (1) The order given used products from the inventory, but those were not found in the inventory. (2) The merchant instance is unknown (including possibly the instance being not configured for new orders). (3) The wire method specified is not supported by the backend. + Details in the error code. NOTE: currently the client has no good way to find out which product is not in the inventory, we MAY want to specify that in the reply. @@ -1624,7 +1626,7 @@ Creating orders fulfillment_url?: string; } - The following `ProductSpecification` can be provided if the parts of the + The following `MinimalInventoryProduct` can be provided if the parts of the order are inventory-based, that is if the `PostOrderRequest` uses ``inventory_products``. For such products, which must be in the backend's inventory, the backend can automatically fill in the amount and other details about -- cgit v1.2.3 From d35d8df37b02c23561c5af1d8fc70f69f99a4fab Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 18 May 2021 18:29:25 +0200 Subject: deal with purse auto-refund on expiration, ensure exchange has max_deposit_fees always --- core/api-common.rst | 17 +++++++++++++++++ core/api-exchange.rst | 44 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 60 insertions(+), 1 deletion(-) (limited to 'core/api-common.rst') diff --git a/core/api-common.rst b/core/api-common.rst index cc69870b..e5afa872 100644 --- a/core/api-common.rst +++ b/core/api-common.rst @@ -1299,6 +1299,23 @@ within the }; +.. _TALER_SIGNATURE_EXCHANGE_CONFIRM_PURSE_REFUND: +.. sourcecode:: c + + struct TALER_CoinPurseRefundConfirmationPS { + /** + * purpose.purpose = TALER_SIGNATURE_EXCHANGE_CONFIRM_PURSE_REFUND. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct TALER_PursePublicKey purse_pub; + struct TALER_CoinSpendPublicKeyP coin_pub; + struct TALER_MerchantPublicKeyP merchant; + struct TALER_AmountNBO remaining_amount; + struct TALER_AmountNBO purse_fee_share; + struct TALER_AmountNBO refund_fee; + }; + + .. _TALER_DenominationKeyAnnouncementPS: .. sourcecode:: c diff --git a/core/api-exchange.rst b/core/api-exchange.rst index d588e582..b8f61a8a 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -1628,7 +1628,8 @@ denomination. | CoinRecoupTransaction | CoinOldCoinRecoupTransaction | CoinRecoupRefreshTransaction - | CoinPurseDepositTransaction; + | CoinPurseDepositTransaction + | CoinPurseRefundTransaction; .. ts:def:: CoinDepositTransaction @@ -1874,6 +1875,39 @@ denomination. } + .. ts:def:: CoinPurseRefundTransaction + + interface CoinPurseRefundTransaction { + type: "PURSE_REFUND"; + + // The total amount of the coin's value restored + // by this transaction. + // The amount given excludes the refund fee. + // The current coin value can thus be computed by + // adding the amount to the coin's denomination value. + amount: Amount; + + // Refund fee (of the coin's denomination). The deposit + // fee will be waived. + refund_fee: Amount; + + // Share of the purse fee charged to this coin. + // The sum of all purse fee shares will match the + // total purse fee. + purse_fee_share: Amount; + + // Public key of the purse that expired. + purse_pub: EddsaPublicKey; + + // Signature by the exchange over a + // `TALER_CoinPurseRefundConfirmationPS` + // of purpose ``TALER_SIGNATURE_EXCHANGE_CONFIRM_PURSE_REFUND``. + exchange_sig: EddsaSignature; + + // Public key used to sign 'exchange_sig'. + exchange_pub: EddsaPublicKey; + + } ---------- @@ -2675,6 +2709,9 @@ Wallet-to-wallet transfers // purse once the amount given here is reached. total_purse_amount: Amount; + // Maximum deposit fees that can be charged under the contract. + max_deposit_fees: Amount; + // SHA-512 hash of the contact of the purse. h_contract_terms: HashCode; @@ -2930,6 +2967,11 @@ Wallet-to-wallet transfers // reserve can be higher! minimum_amount_contributed: Amount; + // Maximum deposit fees that can be charged under the contract. + // The 'total_purse_amount' will be the + // 'minimum_amount_contributed' plus the 'max_deposit_fees'. + max_deposit_fees: Amount; + // SHA-512 hash of the contact of the purse. h_contract_terms: HashCode; -- cgit v1.2.3 From a846c5a30c7291e0bb514e5f639e96e079b30ff4 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 18 May 2021 18:37:14 +0200 Subject: revise purse amount handling --- core/api-common.rst | 8 ++++---- core/api-exchange.rst | 24 +++++------------------- 2 files changed, 9 insertions(+), 23 deletions(-) (limited to 'core/api-common.rst') diff --git a/core/api-common.rst b/core/api-common.rst index e5afa872..41e3b8fa 100644 --- a/core/api-common.rst +++ b/core/api-common.rst @@ -1135,7 +1135,7 @@ within the */ struct GNUNET_CRYPTO_EccSignaturePurpose purpose; struct GNUNET_TIME_AbsoluteNBO purse_expiration; - struct TALER_AmountNBO total_purse_amount; + struct TALER_AmountNBO merge_value_after_fees; struct GNUNET_HashCode h_contract_terms; }; @@ -1181,7 +1181,7 @@ within the struct TALER_ReservePublicKey reserve_pub; struct GNUNET_TIME_AbsoluteNBO merge_timestamp; struct GNUNET_TIME_AbsoluteNBO purse_expiration; - struct TALER_AmountNBO purse_value_after_fees; + struct TALER_AmountNBO merge_value_after_fees; struct GNUNET_HashCode h_contract_terms; struct GNUNET_HashCode h_wire; }; @@ -1198,7 +1198,7 @@ within the struct TALER_PursePublicKey purse_pub; struct GNUNET_TIME_AbsoluteNBO merge_timestamp; struct GNUNET_TIME_AbsoluteNBO purse_expiration; - struct TALER_AmountNBO purse_value_after_fees; + struct TALER_AmountNBO merge_value_after_fees; struct GNUNET_HashCode h_contract_terms; struct GNUNET_HashCode h_wire; }; @@ -1214,7 +1214,7 @@ within the struct GNUNET_CRYPTO_EccSignaturePurpose purpose; struct TALER_ReservePublicKey reserve_pub; struct TALER_PursePublicKey purse_pub; - struct TALER_AmountNBO merge_amount; + struct TALER_AmountNBO merge_amount_after_fees; struct GNUNET_TIME_AbsoluteNBO contract_time; struct GNUNET_HashCode h_contract_terms; struct GNUNET_HashCode h_wire; diff --git a/core/api-exchange.rst b/core/api-exchange.rst index d0168376..abb90c7c 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -2592,12 +2592,9 @@ Wallet-to-wallet transfers interface PurseStatus { - // Total amount that must be paid into the purse. - total_purse_amount: Amount; - // Total amount deposited into the purse so far. // If 'total_deposit_amount' minus 'deposit_fees' - // exceeds 'purse_value_after_fees', and a + // exceeds 'merge_value_after_fees', and a // 'merge_request' exists for the purse, then the // purse will (have been) merged with the account. total_deposit_amount: Amount; @@ -2609,15 +2606,12 @@ Wallet-to-wallet transfers // Desired total amount to be merged into the reserve. // (excludes fees). - purse_value_after_fees: Amount; + merge_value_after_fees: Amount; // Indicative time at which the exchange is answering the // status request. Used as part of 'exchange_sig'. status_timestamp: Timestamp; - // Maximum deposit fees that can be charged under the contract. - max_deposit_fees: Amount; - // Deposit fees charged so far to all deposited coins. deposit_fees: Amount; @@ -2718,10 +2712,7 @@ Wallet-to-wallet transfers // first request failed with a double-spending error. // The exchange will confirm the creation of the // purse once the amount given here is reached. - total_purse_amount: Amount; - - // Maximum deposit fees that can be charged under the contract. - max_deposit_fees: Amount; + merge_value_after_fees: Amount; // SHA-512 hash of the contact of the purse. h_contract_terms: HashCode; @@ -2853,7 +2844,7 @@ Wallet-to-wallet transfers // Total amount to be merged into the reserve. // (excludes fees). - purse_value_after_fees: Amount; + merge_value_after_fees: Amount; // EdDSA signature of the purse over // `TALER_PurseMergeSignaturePS` of @@ -2976,12 +2967,7 @@ Wallet-to-wallet transfers // the total value of the purse minus the deposit fees. // If the deposit fees are lower, the contribution to the // reserve can be higher! - minimum_amount_contributed: Amount; - - // Maximum deposit fees that can be charged under the contract. - // The 'total_purse_amount' will be the - // 'minimum_amount_contributed' plus the 'max_deposit_fees'. - max_deposit_fees: Amount; + merge_value_after_fees: Amount; // SHA-512 hash of the contact of the purse. h_contract_terms: HashCode; -- cgit v1.2.3 From 17d2d92487f398aa95f8a55224eb26ebda2e1ada Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 18 May 2021 19:20:52 +0200 Subject: hw --- core/api-common.rst | 1 + core/api-exchange.rst | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) (limited to 'core/api-common.rst') diff --git a/core/api-common.rst b/core/api-common.rst index 41e3b8fa..45e24ddf 100644 --- a/core/api-common.rst +++ b/core/api-common.rst @@ -1064,6 +1064,7 @@ within the * purpose.purpose = TALER_SIGNATURE_RESERVE_STATUS_REQUEST */ struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_TIME_AbsoluteNBO request_timestamp; }; diff --git a/core/api-exchange.rst b/core/api-exchange.rst index abb90c7c..23365ef8 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -1055,6 +1055,8 @@ exchange. :http:statuscode:`401 Unauthorized`: The *Account-Request-Signature* is invalid. This response comes with a standard `ErrorDetail` response. + :http:statuscode:`403 Forbidden`: + The provided timestamp is not close to the current time. :http:statuscode:`404 Not found`: The reserve key does not belong to a reserve known to the exchange. @@ -1067,6 +1069,12 @@ exchange. // ``TALER_SIGNATURE_RESERVE_STATUS_REQUEST`` over // a `TALER_ReserveStatusRequestSignaturePS`. reserve_sig: EddsaSignature; + + // Time when the client made the request. + // Timestamp must be reasonably close to the time of + // the exchange, otherwise the exchange may reject + // the request. + request_timestamp: Timestamp; } .. ts:def:: ReserveStatus @@ -1300,6 +1308,8 @@ exchange. :http:statuscode:`401 Unauthorized`: The *Account-Request-Signature* is invalid. This response comes with a standard `ErrorDetail` response. + :http:statuscode:`403 Forbidden`: + The provided timestamp is not close to the current time. :http:statuscode:`404 Not found`: The reserve key does not belong to a reserve known to the exchange. :http:statuscode:`412 Precondition failed`: @@ -2406,7 +2416,7 @@ typically also view the balance.) merchant should come back later and ask again. The response body is a `TrackTransactionAcceptedResponse`. :http:statuscode:`401 Unauthorized`: - The signature is invalid. + A signature is invalid. :http:statuscode:`404 Not found`: The deposit operation is unknown to the exchange. @@ -2663,6 +2673,9 @@ Wallet-to-wallet transfers The response will include a `PurseDepositAccepted` object. :http:statuscode:`401 Unauthorized`: A coin signature is invalid. + FIXME: add message that tells the client + which coin signature(s) were valid. ErrorDetail is not enough + to identify the problematic coin. This response comes with a standard `ErrorDetail` response. :http:statuscode:`403 Forbidden`: The server is denying the operation as a purse with a @@ -2731,6 +2744,7 @@ Wallet-to-wallet transfers contract?: EncryptedContract; // Array of coins being deposited into the purse. + // Maximum length is 128. deposits: PurseDeposit[]; } -- cgit v1.2.3 From f6c20b01e192c9cbb05722a6194b7441f300b09e Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 25 May 2021 20:51:55 +0200 Subject: doc update for #6889 --- core/api-common.rst | 15 ++++++++++++++- core/api-exchange.rst | 43 +++++++++++++++++++++++++++++++++++++------ 2 files changed, 51 insertions(+), 7 deletions(-) (limited to 'core/api-common.rst') diff --git a/core/api-common.rst b/core/api-common.rst index 45e24ddf..97ce02d1 100644 --- a/core/api-common.rst +++ b/core/api-common.rst @@ -1015,7 +1015,7 @@ within the struct TALER_RecoupConfirmationPS { /** - * purpose.purpose = TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP + * purpose.purpose = TALER_SIGNATURE_EXCHANGE_CONFIRM_RECOUP */ struct GNUNET_CRYPTO_EccSignaturePurpose purpose; struct GNUNET_TIME_AbsoluteNBO timestamp; @@ -1025,6 +1025,19 @@ within the }; +.. _TALER_DenominationUnknownAffirmationPS: +.. sourcecode:: c + + struct TALER_DenominationUnknownAffirmationPS { + /** + * purpose.purpose = TALER_SIGNATURE_EXCHANGE_AFFIRM_DENOM_UNKNOWN + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_TIME_AbsoluteNBO timestamp; + struct GNUNET_HashCode h_denom_pub; + }; + + .. _TALER_ReserveCloseConfirmationPS: .. sourcecode:: c diff --git a/core/api-exchange.rst b/core/api-exchange.rst index 06f76582..8e41447a 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -993,6 +993,7 @@ This part of the API is for the use by auditors interacting with the exchange. The auditor signature is invalid. :http:statuscode:`404 Not found`: The denomination key for which the auditor is providing a signature is unknown. + The response will be a `DenominationUnkownMessage`. :http:statuscode:`410 Gone`: This auditor is no longer supported by the exchange. :http:statuscode:`412 Precondition failed`: @@ -1000,6 +1001,30 @@ This part of the API is for the use by auditors interacting with the exchange. **Details:** + .. ts:def:: DenominationUnknownMessage + + interface DenominationUnknownMessage { + + // Taler error code. + code: number; + + // Signature by the exchange over a + // `TALER_DenominationUnknownAffirmationPS`. + // Must have purpose ``TALER_SIGNATURE_EXCHANGE_AFFIRM_DENOM_UNKNOWN``. + exchange_sig: EddsaSignature; + + // Public key of the exchange used to create + // the 'exchange_sig. + exchange_pub: EddsaPublicKey; + + // Hash of the denomination public key that is unknown. + h_denom_pub: HashCode; + + // When was the signature created. + timestamp: Timestamp; + + } + .. ts:def:: AuditorSignatureAddMessage interface AuditorSignatureAddMessage { @@ -1365,8 +1390,9 @@ exchange. :http:statuscode:`404 Not found`: The denomination key or the reserve are not known to the exchange. If the denomination key is unknown, this suggests a bug in the wallet as the - wallet should have used current denomination keys from ``/keys``. If the - reserve is unknown, the wallet should not report a hard error yet, but + wallet should have used current denomination keys from ``/keys``. + In this case, the response will be a `DenominationUnkownMessage`. + If the reserve is unknown, the wallet should not report a hard error yet, but instead simply wait for up to a day, as the wire transaction might simply not yet have completed and might be known to the exchange in the near future. In this case, the wallet should repeat the exact same request later again @@ -1520,8 +1546,10 @@ denomination. :http:statuscode:`401 Unauthorized`: One of the signatures is invalid. :http:statuscode:`404 Not found`: - Either the denomination key is not recognized (expired or invalid) or - the wire type is not recognized. + Either the denomination key is not recognized (expired or invalid), + or the wire type is not recognized. + If the denomination key is unknown, the response will be + a `DenominationUnkownMessage`. :http:statuscode:`409 Conflict`: The deposit operation has either failed because the coin has insufficient residual value, or because the same public key of the coin has been @@ -1956,6 +1984,8 @@ the API during normal operation. :http:statuscode:`404 Not found`: The exchange does not recognize the denomination key as belonging to the exchange, or it has expired. + If the denomination key is unknown, the response will be + a `DenominationUnkownMessage`. :http:statuscode:`409 Conflict`: The operation is not allowed as the coin has insufficient residual value, or because the same public key of the coin has been @@ -2236,6 +2266,8 @@ in using this API. The denomination key is not in the set of denomination keys where emergency pay back is enabled, or the blinded coin is not known to have been withdrawn. + If the denomination key is unknown, the response will be + a `DenominationUnkownMessage`. :http:statuscode:`409 Conflict`: The operation is not allowed as the coin has insufficient residual value, or because the same public key of the coin has been @@ -2679,8 +2711,7 @@ Wallet-to-wallet transfers different contract or total amount already exists. This response comes with a standard `PurseConflict` response. :http:statuscode:`404 Not found`: - Either the denomination key is not recognized (expired or invalid) or - the wire type is not recognized. + FIXME: when exactly does this happen? :http:statuscode:`409 Conflict`: The deposit operation has either failed because a coin has insufficient residual value, or because the same public key of the coin has been -- cgit v1.2.3 From bb21dbf3a97083964a0172b4e6516eb34cbd48d5 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 25 May 2021 21:33:41 +0200 Subject: spec message for denomination expired/revoked/too-early signature (#6889) --- core/api-common.rst | 14 +++++++++++ core/api-exchange.rst | 69 ++++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 77 insertions(+), 6 deletions(-) (limited to 'core/api-common.rst') diff --git a/core/api-common.rst b/core/api-common.rst index 97ce02d1..9c23b905 100644 --- a/core/api-common.rst +++ b/core/api-common.rst @@ -1038,6 +1038,20 @@ within the }; +.. _TALER_DenominationExpiredAffirmationPS: +.. sourcecode:: c + + struct TALER_DenominationExpiredAffirmationPS { + /** + * purpose.purpose = TALER_SIGNATURE_EXCHANGE_GENERIC_DENOMINATIN_EXPIRED + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + struct GNUNET_TIME_AbsoluteNBO timestamp; + char operation[8]; + struct GNUNET_HashCode h_denom_pub; + }; + + .. _TALER_ReserveCloseConfirmationPS: .. sourcecode:: c diff --git a/core/api-exchange.rst b/core/api-exchange.rst index 8e41447a..ce482837 100644 --- a/core/api-exchange.rst +++ b/core/api-exchange.rst @@ -1401,12 +1401,45 @@ exchange. The balance of the reserve is not sufficient to withdraw a coin of the indicated denomination. The response is `WithdrawError` object. :http:statuscode:`410 Gone`: - The requested denomination key is no longer valid. It either expired or was revoked. - :http:statuscode:`412 Precondition failed`: - The requested denomination key is not yet valid. It is too early to withdraw. + The requested denomination key is not yet or no longer valid. + It either before the validity start, past the expiration or was revoked. The response is a + `DenominationExpiredMessage`. Clients must evaluate + the error code provided to understand which of the + cases this is and handle it accordingly. **Details:** + .. ts:def:: DenominationExpiredMessage + + interface DenominationExpiredMessage { + + // Taler error code. Note that beyond + // expiration this message format is also + // used if the key is not yet valid, or + // has been revoked. + code: number; + + // Signature by the exchange over a + // `TALER_DenominationExpiredAffirmationPS`. + // Must have purpose ``TALER_SIGNATURE_EXCHANGE_AFFIRM_DENOM_EXPIRED``. + exchange_sig: EddsaSignature; + + // Public key of the exchange used to create + // the 'exchange_sig. + exchange_pub: EddsaPublicKey; + + // Hash of the denomination public key that is unknown. + h_denom_pub: HashCode; + + // When was the signature created. + timestamp: Timestamp; + + // What kind of operation was requested that now + // failed? + oper: String; + } + + .. ts:def:: WithdrawRequest interface WithdrawRequest { @@ -1559,6 +1592,12 @@ denomination. The fields of the response are the same in both cases. The request should not be repeated again with this coin. In this case, the response is a `DepositDoubleSpendError`. + :http:statuscode:`410 Gone`: + The requested denomination key is not yet or no longer valid. + It either before the validity start, past the expiration or was revoked. The response is a + `DenominationExpiredMessage`. Clients must evaluate + the error code provided to understand which of the + cases this is and handle it accordingly. **Details:** @@ -1993,6 +2032,12 @@ the API during normal operation. can be decided by looking at the error code (``TALER_EC_EXCHANGE_MELT_INSUFFICIENT_FUNDS`` or ``TALER_EC_EXCHANGE_GENERIC_COIN_CONFLICTING_DENOMINATION_KEY``). The response is `MeltForbiddenResponse` in both cases. + :http:statuscode:`410 Gone`: + The requested denomination key is not yet or no longer valid. + It either before the validity start, past the expiration or was revoked. The response is a + `DenominationExpiredMessage`. Clients must evaluate + the error code provided to understand which of the + cases this is and handle it accordingly. **Details:** @@ -2119,6 +2164,12 @@ the API during normal operation. rather verbose, as it includes most of the original /refresh/melt request, but of course expected to be primarily used for diagnostics. The response body is a `RevealConflictResponse`. + :http:statuscode:`410 Gone`: + The requested denomination key (for the fresh coins) is not yet or no longer valid. + It either before the validity start, past the expiration or was revoked. The response is a + `DenominationExpiredMessage`. Clients must evaluate + the error code provided to understand which of the + cases this is and handle it accordingly. **Details:** @@ -2263,8 +2314,7 @@ in using this API. :http:statuscode:`401 Unauthorized`: The coin's signature is invalid. :http:statuscode:`404 Not found`: - The denomination key is not in the set of denomination - keys where emergency pay back is enabled, or the blinded + The denomination key is unknown, or the blinded coin is not known to have been withdrawn. If the denomination key is unknown, the response will be a `DenominationUnkownMessage`. @@ -2273,8 +2323,15 @@ in using this API. residual value, or because the same public key of the coin has been previously used with a different denomination. Which case it is can be decided by looking at the error code - (``TALER_EC_EXCHANGE_RECOUP_COIN_BALANCE_ZERO`` or ``TALER_EC_EXCHANGE_GENERIC_COIN_CONFLICTING_DENOMINATION_KEY``). + (``TALER_EC_EXCHANGE_RECOUP_COIN_BALANCE_ZERO`` or + ``TALER_EC_EXCHANGE_GENERIC_COIN_CONFLICTING_DENOMINATION_KEY``). The response is a `DepositDoubleSpendError`. + :http:statuscode:`410 Gone`: + The requested denomination key is not yet or no longer valid. + It either before the validity start, past the expiration or was not yet revoked. The response is a + `DenominationExpiredMessage`. Clients must evaluate + the error code provided to understand which of the + cases this is and handle it accordingly. **Details:** -- cgit v1.2.3