Refactoring TALER_AgeCommitment

Instead of a single struct TALER_AgeCommitment, we now use 1. TALER_AgeCommitment for the age mask and list public keys for age restriciton. 2. TALER_AgeProof for list of private keys for age restriction 3. TALER_AgeCommitmentProof for the aggregation of the former two. Also, we introduce TALER_AgeAttestation as the EDDSA signature to attest a particular age group, along with the function prototypes TALER_age_commitment_attest and TALER_age_commitment_verify.
author: Özgür Kesim <oec-taler@kesim.org> 2022-03-01 17:02:37 +0100
committer: Özgür Kesim <oec-taler@kesim.org> 2022-03-01 17:02:37 +0100
commit: e9eb00e285c80f63cfc08fdd9ea6707d55162e60 (patch)
tree: 82868974066e473a7905ae3e91c230e2eb96d5d3 /src/lib
parent: 3716592addcac5e31d092a83cf02a0fec57d8743 (diff)
download: exchange-e9eb00e285c80f63cfc08fdd9ea6707d55162e60.tar.gz
exchange-e9eb00e285c80f63cfc08fdd9ea6707d55162e60.tar.bz2
exchange-e9eb00e285c80f63cfc08fdd9ea6707d55162e60.zip
4 files changed, 36 insertions, 33 deletions
diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c
index fdb34f075..5840cac63 100644
--- a/src/lib/exchange_api_link.c
+++ b/src/lib/exchange_api_link.c
@@ -67,10 +67,10 @@ struct TALER_EXCHANGE_LinkHandle
   struct TALER_CoinSpendPrivateKeyP coin_priv;
 
   /**
-   * Age commitment of the original coin, might be NULL.
-   * Required to derive the new age commitment
+   * Age commitment and proof of the original coin, might be NULL.
+   * Required to derive the new age commitment and proof.
    */
-  const struct TALER_AgeCommitment *age_commitment;
+  const struct TALER_AgeCommitmentProof *age_commitment_proof;
 
 };
 
@@ -143,25 +143,25 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
                                          &alg_values,
                                          &bks);
 
-  lci->age_commitment = NULL;
+  lci->age_commitment_proof = NULL;
   lci->h_age_commitment = NULL;
 
   /* Derive the age commitment and calculate the hash */
-  if (NULL != lh->age_commitment)
+  if (NULL != lh->age_commitment_proof)
   {
     uint64_t seed  = (uint64_t) secret.key.bits[0]
                      | (uint64_t) secret.key.bits[1] << 32;
-    lci->age_commitment = GNUNET_new (struct TALER_AgeCommitment);
+    lci->age_commitment_proof = GNUNET_new (struct TALER_AgeCommitmentProof);
     lci->h_age_commitment = GNUNET_new (struct TALER_AgeCommitmentHash);
 
     GNUNET_assert (GNUNET_OK ==
                    TALER_age_commitment_derive (
-                     lh->age_commitment,
+                     lh->age_commitment_proof,
                      seed,
-                     lci->age_commitment));
+                     lci->age_commitment_proof));
 
     TALER_age_commitment_hash (
-      lci->age_commitment,
+      &(lci->age_commitment_proof->commitment),
       lci->h_age_commitment);
   }
 
@@ -471,7 +471,8 @@ handle_link_finished (void *cls,
 struct TALER_EXCHANGE_LinkHandle *
 TALER_EXCHANGE_link (struct TALER_EXCHANGE_Handle *exchange,
                      const struct TALER_CoinSpendPrivateKeyP *coin_priv,
-                     const struct TALER_AgeCommitment *age_commitment,
+                     const struct
+                     TALER_AgeCommitmentProof *age_commitment_proof,
                      TALER_EXCHANGE_LinkCallback link_cb,
                      void *link_cb_cls)
 {
@@ -510,7 +511,7 @@ TALER_EXCHANGE_link (struct TALER_EXCHANGE_Handle *exchange,
   lh->link_cb = link_cb;
   lh->link_cb_cls = link_cb_cls;
   lh->coin_priv = *coin_priv;
-  lh->age_commitment = age_commitment;
+  lh->age_commitment_proof = age_commitment_proof;
   lh->url = TEAH_path_to_url (exchange,
                               arg_str);
   if (NULL == lh->url)
diff --git a/src/lib/exchange_api_refresh_common.c b/src/lib/exchange_api_refresh_common.c
index 997d1fec8..94d0dc8cb 100644
--- a/src/lib/exchange_api_refresh_common.c
+++ b/src/lib/exchange_api_refresh_common.c
@@ -78,7 +78,7 @@ TALER_EXCHANGE_get_melt_data_ (
   md->melted_coin.fee_melt = rd->melt_pk.fees.refresh;
   md->melted_coin.original_value = rd->melt_pk.value;
   md->melted_coin.expire_deposit = rd->melt_pk.expire_deposit;
-  md->melted_coin.age_commitment = rd->melt_age_commitment;
+  md->melted_coin.age_commitment_proof = rd->melt_age_commitment_proof;
   md->melted_coin.h_age_commitment = rd->melt_h_age_commitment;
 
   GNUNET_assert (GNUNET_OK ==
@@ -183,24 +183,25 @@ TALER_EXCHANGE_get_melt_data_ (
                                              bks);
 
       /* Handle age commitment, if present */
-      if (NULL != md->melted_coin.age_commitment)
+      if (NULL != md->melted_coin.age_commitment_proof)
       {
         /* We use the first 8 bytes of the trans_sec to generate a new age
          * commitment */
         uint64_t age_seed = (uint64_t) trans_sec.key.bits[0]
                             | (uint64_t) trans_sec.key.bits[1] << 32;
 
-        fcd->age_commitment[i] = GNUNET_new (struct TALER_AgeCommitment);
+        fcd->age_commitment_proof[i] = GNUNET_new (struct
+                                                   TALER_AgeCommitmentProof);
         ach = GNUNET_new (struct TALER_AgeCommitmentHash);
 
         GNUNET_assert (GNUNET_OK ==
                        TALER_age_commitment_derive (
-                         md->melted_coin.age_commitment,
+                         md->melted_coin.age_commitment_proof,
                          age_seed,
-                         fcd->age_commitment[i]));
+                         fcd->age_commitment_proof[i]));
 
         TALER_age_commitment_hash (
-          fcd->age_commitment[i],
+          &fcd->age_commitment_proof[i]->commitment,
           ach);
       }
 
diff --git a/src/lib/exchange_api_refresh_common.h b/src/lib/exchange_api_refresh_common.h
index 8d7eb282e..c06824fec 100644
--- a/src/lib/exchange_api_refresh_common.h
+++ b/src/lib/exchange_api_refresh_common.h
@@ -53,10 +53,10 @@ struct MeltedCoin
   struct TALER_Amount original_value;
 
   /**
-   * The original age commitment and its hash.  MUST be NULL if no age
-   * commitment was set.
+   * The original age commitment, its proof and its hash.  MUST be NULL if no
+   * age commitment was set.
    */
-  const struct TALER_AgeCommitment *age_commitment;
+  const struct TALER_AgeCommitmentProof *age_commitment_proof;
   const struct TALER_AgeCommitmentHash *h_age_commitment;
 
   /**
@@ -100,11 +100,11 @@ struct FreshCoinData
   struct TALER_CoinSpendPrivateKeyP coin_priv;
 
   /**
-   * Arrays age commitments to be created, one for each cut-and-choose
-   * dimension.  The entries in each list might be NULL and indicate no age
-   * commitment/restriction on the particular coin.
+   * Arrays of age commitments and proofs to be created, one for each
+   * cut-and-choose dimension.  The entries in each list might be NULL and
+   * indicate no age commitment/restriction on the particular coin.
    */
-  struct TALER_AgeCommitment *age_commitment[TALER_CNC_KAPPA];
+  struct TALER_AgeCommitmentProof *age_commitment_proof[TALER_CNC_KAPPA];
 
   /**
    * Blinding key secrets for the coins, depending on the
diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c
index 881c7e731..6427c637b 100644
--- a/src/lib/exchange_api_refreshes_reveal.c
+++ b/src/lib/exchange_api_refreshes_reveal.c
@@ -156,21 +156,21 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshesRevealHandle *rrh,
 
     rci->ps = fcd->ps[rrh->noreveal_index];
     rci->bks = fcd->bks[rrh->noreveal_index];
-    rci->age_commitment = fcd->age_commitment[rrh->noreveal_index];
+    rci->age_commitment_proof = fcd->age_commitment_proof[rrh->noreveal_index];
     rci->h_age_commitment = NULL;
     pk = &fcd->fresh_pk;
     jsonai = json_array_get (jsona, i);
 
     GNUNET_assert (NULL != jsonai);
     GNUNET_assert (
-      (NULL != rrh->md.melted_coin.age_commitment) ==
-      (NULL != rci->age_commitment));
+      (NULL != rrh->md.melted_coin.age_commitment_proof) ==
+      (NULL != rci->age_commitment_proof));
 
-    if (NULL != rci->age_commitment)
+    if (NULL != rci->age_commitment_proof)
     {
       rci->h_age_commitment = GNUNET_new (struct TALER_AgeCommitmentHash);
       TALER_age_commitment_hash (
-        rci->age_commitment,
+        &rci->age_commitment_proof->commitment,
         rci->h_age_commitment);
     }
 
@@ -429,18 +429,19 @@ TALER_EXCHANGE_refreshes_reveal (
   }
 
   /* build array of old age commitment, if applicable */
-  GNUNET_assert ((NULL == rd->melt_age_commitment) ==
+  GNUNET_assert ((NULL == rd->melt_age_commitment_proof) ==
                  (NULL == rd->melt_h_age_commitment));
-  if (NULL != rd->melt_age_commitment)
+  if (NULL != rd->melt_age_commitment_proof)
   {
     GNUNET_assert (NULL != (old_age_commitment = json_array ()));
 
-    for (size_t i = 0; i < rd->melt_age_commitment->num_pub; i++)
+    for (size_t i = 0; i < rd->melt_age_commitment_proof->commitment.num; i++)
     {
       GNUNET_assert (0 ==
                      json_array_append_new (old_age_commitment,
                                             GNUNET_JSON_from_data_auto (
-                                              &rd->melt_age_commitment->pub[i])));
+                                              &rd->melt_age_commitment_proof->
+                                              commitment.pub[i])));
     }
   }
author	Özgür Kesim <oec-taler@kesim.org>	2022-03-01 17:02:37 +0100
committer	Özgür Kesim <oec-taler@kesim.org>	2022-03-01 17:02:37 +0100
commit	e9eb00e285c80f63cfc08fdd9ea6707d55162e60 (patch)
tree	82868974066e473a7905ae3e91c230e2eb96d5d3 /src/lib
parent	3716592addcac5e31d092a83cf02a0fec57d8743 (diff)
download	exchange-e9eb00e285c80f63cfc08fdd9ea6707d55162e60.tar.gz exchange-e9eb00e285c80f63cfc08fdd9ea6707d55162e60.tar.bz2 exchange-e9eb00e285c80f63cfc08fdd9ea6707d55162e60.zip