diff options
Diffstat (limited to 'src/include/taler_crypto_lib.h')
-rw-r--r-- | src/include/taler_crypto_lib.h | 1612 |
1 files changed, 1168 insertions, 444 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index fa13a29ca..b941316b5 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2022 Taler Systems SA + Copyright (C) 2014-2023 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -18,7 +18,12 @@ * @brief taler-specific crypto functions * @author Sree Harsha Totakura <sreeharsha@totakura.in> * @author Christian Grothoff <christian@grothoff.org> + * @author Özgür Kesim <oec-taler@kesim.org> */ +#if ! defined (__TALER_UTIL_LIB_H_INSIDE__) +#error "Only <taler_util.h> can be included directly." +#endif + #ifndef TALER_CRYPTO_LIB_H #define TALER_CRYPTO_LIB_H @@ -42,6 +47,59 @@ * fixed and part of the protocol. */ #define TALER_CNC_KAPPA 3 +#define TALER_CNC_KAPPA_MINUS_ONE_STR "2" + + +/** + * Possible AML decision states. + */ +enum TALER_AmlDecisionState +{ + + /** + * All AML requirements are currently satisfied. + */ + TALER_AML_NORMAL = 0, + + /** + * An AML investigation is pending. + */ + TALER_AML_PENDING = 1, + + /** + * An AML decision has concluded that the funds must be frozen. + */ + TALER_AML_FROZEN = 2, + + /** + * Maximum allowed numeric value for AML status. + */ + TALER_AML_MAX = 2 +}; + + +/** + * Possible algorithms for confirmation code generation. + */ +enum TALER_MerchantConfirmationAlgorithm +{ + + /** + * No purchase confirmation. + */ + TALER_MCA_NONE = 0, + + /** + * Purchase confirmation without payment + */ + TALER_MCA_WITHOUT_PRICE = 1, + + /** + * Purchase confirmation with payment + */ + TALER_MCA_WITH_PRICE = 2 + +}; /* ****************** Coin crypto primitives ************* */ @@ -143,6 +201,18 @@ struct TALER_ReserveSignatureP /** + * (Symmetric) key used to encrypt KYC attribute data in the database. + */ +struct TALER_AttributeKeyP +{ + /** + * Actual key material. + */ + struct GNUNET_HashCode key; +}; + + +/** * @brief Type of public keys to for merchant authorizations. * Merchants can issue refunds using the corresponding * private key. @@ -420,6 +490,17 @@ struct TALER_AgeCommitmentPublicKeyP }; +/* + * @brief Hash to represent the commitment to n*kappa blinded keys during a + * age-withdrawal. It is the running SHA512 hash over the hashes of the blinded + * envelopes of n*kappa coins. + */ +struct TALER_AgeWithdrawCommitmentHashP +{ + struct GNUNET_HashCode hash; +}; + + /** * @brief Type of online public keys used by the wallet to establish a purse and the associated contract meta data. */ @@ -496,20 +577,39 @@ struct TALER_PurseMergeSignatureP /** - * @brief Type of blinding keys for Taler. - * must be 32 bytes (DB) + * @brief Type of online public keys used by AML officers. */ -union TALER_DenominationBlindingKeyP +struct TALER_AmlOfficerPublicKeyP { /** - * Clause Schnorr Signatures have 2 blinding secrets, each containing two unpredictable values. (must be 32 bytes) + * Taler uses EdDSA for AML decision signing. */ - struct GNUNET_CRYPTO_CsNonce nonce; + struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; +}; + +/** + * @brief Type of online private keys used to identify + * AML officers. + */ +struct TALER_AmlOfficerPrivateKeyP +{ /** - * Taler uses RSA for blind signatures. + * Taler uses EdDSA for AML decision signing. */ - struct GNUNET_CRYPTO_RsaBlindingKeySecret rsa_bks; + struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; +}; + + +/** + * @brief Type of signatures used by AML officers. + */ +struct TALER_AmlOfficerSignatureP +{ + /** + * Taler uses EdDSA for AML decision signing. + */ + struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; }; @@ -527,6 +627,19 @@ struct TALER_RefreshCommitmentP /** + * Symmetric key we use to encrypt KYC attributes + * in our database. + */ +struct TALER_AttributeEncryptionKeyP +{ + /** + * The key is a hash code. + */ + struct GNUNET_HashCode hash; +}; + + +/** * Token used for access control to the merchant's unclaimed * orders. */ @@ -638,10 +751,9 @@ struct TALER_PrivateContractHashP /** - * Hash used to represent the "public" extensions to - * a contract that is shared with the exchange. + * Hash used to represent the policy extension to a deposit */ -struct TALER_ExtensionContractHashP +struct TALER_ExtensionPolicyHashP { /** * Actual hash value. @@ -703,9 +815,9 @@ struct TALER_CoinPubHashP /** - * @brief Value that uniquely identifies a tip. + * @brief Value that uniquely identifies a reward. */ -struct TALER_TipIdentifierP +struct TALER_RewardIdentifierP { /** * The tip identifier is a SHA-512 hash code. @@ -727,10 +839,10 @@ struct TALER_PickupIdentifierP /** - * @brief Salted hash over the JSON object representing the configuration of an - * extension. + * @brief Salted hash over the JSON object representing the manifests of + * extensions. */ -struct TALER_ExtensionConfigHashP +struct TALER_ExtensionManifestsHashP { /** * Actual hash value. @@ -792,12 +904,6 @@ struct TALER_WireFeeSetNBOP */ struct TALER_AmountNBO closing; - /** - * The fee the exchange charges for cross-exchange - * P2P payments. - */ - struct TALER_AmountNBO wad; - }; @@ -809,28 +915,20 @@ struct TALER_GlobalFeeSetNBOP { /** - * The fee the exchange charges for returning the - * history of a reserve or account. + * The fee the exchange charges for returning the history of a reserve or + * account. */ struct TALER_AmountNBO history; /** - * The fee the exchange charges for performing a - * KYC check on a reserve to turn it into an account - * that can be used for P2P payments. - */ - struct TALER_AmountNBO kyc; - - /** - * The fee the exchange charges for keeping - * an account or reserve open for a year. + * The fee the exchange charges for keeping an account or reserve open for a + * year. */ struct TALER_AmountNBO account; /** - * The fee the exchange charges if a purse - * is abandoned and this was not covered by - * the account limit. + * The fee the exchange charges if a purse is abandoned and this was not + * covered by the account limit. */ struct TALER_AmountNBO purse; }; @@ -840,6 +938,38 @@ GNUNET_NETWORK_STRUCT_END /** + * Compute RFC 3548 base32 decoding of @a val and write + * result to @a udata. + * + * @param val value to decode + * @param val_size number of bytes in @a val + * @param key is the val in bits + * @param key_len is the size of @a key + */ +int +TALER_rfc3548_base32decode (const char *val, + size_t val_size, + void *key, + size_t key_len); + + +/** + * @brief Builds POS confirmation token to verify payment. + * + * @param pos_key encoded key for verification payment + * @param pos_alg algorithm to compute the payment verification + * @param total of the order paid + * @param ts is the time given + * @return POS token on success, NULL otherwise + */ +char * +TALER_build_pos_confirmation (const char *pos_key, + enum TALER_MerchantConfirmationAlgorithm pos_alg, + const struct TALER_Amount *total, + struct GNUNET_TIME_Timestamp ts); + + +/** * Set of the fees applying to a denomination. */ struct TALER_DenomFeeSet @@ -874,15 +1004,13 @@ struct TALER_DenomFeeSet /** - * Set of the fees applying for a given - * time-range and wire method. + * Set of the fees applying for a given time-range and wire method. */ struct TALER_WireFeeSet { /** - * The fee the exchange charges for wiring funds - * to a merchant. + * The fee the exchange charges for wiring funds to a merchant. */ struct TALER_Amount wire; @@ -892,12 +1020,6 @@ struct TALER_WireFeeSet */ struct TALER_Amount closing; - /** - * The fee the exchange charges for cross-exchange - * P2P payments. - */ - struct TALER_Amount wad; - }; @@ -915,13 +1037,6 @@ struct TALER_GlobalFeeSet struct TALER_Amount history; /** - * The fee the exchange charges for performing a - * KYC check on a reserve to turn it into an account - * that can be used for P2P payments. - */ - struct TALER_Amount kyc; - - /** * The fee the exchange charges for keeping * an account or reserve open for a year. */ @@ -1036,6 +1151,7 @@ void TALER_rsa_pub_hash (const struct GNUNET_CRYPTO_RsaPublicKey *rsa, struct TALER_RsaPubHashP *h_rsa); + /** * Hash @a cs. * @@ -1048,75 +1164,16 @@ TALER_cs_pub_hash (const struct GNUNET_CRYPTO_CsPublicKey *cs, /** - * Types of public keys used for denominations in Taler. - */ -enum TALER_DenominationCipher -{ - - /** - * Invalid type of signature. - */ - TALER_DENOMINATION_INVALID = 0, - - /** - * RSA blind signature. - */ - TALER_DENOMINATION_RSA = 1, - - /** - * Clause Blind Schnorr signature. - */ - TALER_DENOMINATION_CS = 2 -}; - - -/** * @brief Type of (unblinded) coin signatures for Taler. */ struct TALER_DenominationSignature { - - /** - * Type of the signature. - */ - enum TALER_DenominationCipher cipher; - /** - * Details, depending on @e cipher. + * Denominations use blind signatures. */ - union - { - /** - * If we use #TALER_DENOMINATION_CS in @a cipher. - */ - struct GNUNET_CRYPTO_CsSignature cs_signature; - - /** - * If we use #TALER_DENOMINATION_RSA in @a cipher. - */ - struct GNUNET_CRYPTO_RsaSignature *rsa_signature; - - } details; - + struct GNUNET_CRYPTO_UnblindedSignature *unblinded_sig; }; -/** - * The Sign Answer for Clause Blind Schnorr signature. - * The sign operation returns a parameter @param b and the signature - * scalar @param s_scalar. - */ -struct TALER_BlindedDenominationCsSignAnswer -{ - /** - * To make ROS problem harder, the signer chooses an unpredictable b and only calculates signature of c_b - */ - unsigned int b; - - /** - * The blinded s scalar calculated from c_b - */ - struct GNUNET_CRYPTO_CsBlindS s_scalar; -}; /** * @brief Type for *blinded* denomination signatures for Taler. @@ -1124,33 +1181,13 @@ struct TALER_BlindedDenominationCsSignAnswer */ struct TALER_BlindedDenominationSignature { - /** - * Type of the signature. + * Denominations use blind signatures. */ - enum TALER_DenominationCipher cipher; - - /** - * Details, depending on @e cipher. - */ - union - { - /** - * If we use #TALER_DENOMINATION_CS in @a cipher. - * At this point only the blinded s scalar is used. - * The final signature consisting of r,s is built after unblinding. - */ - struct TALER_BlindedDenominationCsSignAnswer blinded_cs_answer; - - /** - * If we use #TALER_DENOMINATION_RSA in @a cipher. - */ - struct GNUNET_CRYPTO_RsaSignature *blinded_rsa_signature; - - } details; - + struct GNUNET_CRYPTO_BlindedSignature *blinded_sig; }; + /* *************** Age Restriction *********************************** */ /* @@ -1167,6 +1204,9 @@ struct TALER_BlindedDenominationSignature * * A value of 0 means that the exchange does not support the extension for * age-restriction. + * + * For a non-0 age mask, the 0th bit always must be set, otherwise the age + * mask is considered invalid. */ struct TALER_AgeMask { @@ -1196,13 +1236,8 @@ struct TALER_AgeAttestation #endif }; -extern const struct TALER_AgeCommitmentHash TALER_ZeroAgeCommitmentHash; #define TALER_AgeCommitmentHash_isNullOrZero(ph) ((NULL == ph) || \ - (0 == memcmp (ph, \ - & \ - TALER_ZeroAgeCommitmentHash, \ - sizeof(struct \ - TALER_AgeCommitmentHash)))) + GNUNET_is_zero (ph)) /** * @brief Type of public signing keys for verifying blindly signed coins. @@ -1211,31 +1246,15 @@ struct TALER_DenominationPublicKey { /** - * Type of the public key. - */ - enum TALER_DenominationCipher cipher; - - /** * Age restriction mask used for the key. */ struct TALER_AgeMask age_mask; /** - * Details, depending on @e cipher. + * Type of the public key. */ - union - { - /** - * If we use #TALER_DENOMINATION_CS in @a cipher. - */ - struct GNUNET_CRYPTO_CsPublicKey cs_public_key; - - /** - * If we use #TALER_DENOMINATION_RSA in @a cipher. - */ - struct GNUNET_CRYPTO_RsaPublicKey *rsa_public_key; + struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub_key; - } details; }; @@ -1245,121 +1264,21 @@ struct TALER_DenominationPublicKey struct TALER_DenominationPrivateKey { - /** - * Type of the public key. - */ - enum TALER_DenominationCipher cipher; - - /** - * Details, depending on @e cipher. - */ - union - { - /** - * If we use #TALER_DENOMINATION_CS in @a cipher. - */ - struct GNUNET_CRYPTO_CsPrivateKey cs_private_key; - - /** - * If we use #TALER_DENOMINATION_RSA in @a cipher. - */ - struct GNUNET_CRYPTO_RsaPrivateKey *rsa_private_key; + struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv_key; - } details; -}; - -/** - * @brief RSA Parameters to create blinded signature - * - */ -struct TALER_BlindedRsaPlanchet -{ - /** - * Blinded message to be signed - * Note: is malloc()'ed! - */ - void *blinded_msg; - - /** - * Size of the @e blinded_msg to be signed. - */ - size_t blinded_msg_size; -}; - - -/** - * Withdraw nonce for CS denominations - */ -struct TALER_CsNonce -{ - /** - * 32 bit nonce to include in withdrawals when using CS. - */ - struct GNUNET_CRYPTO_CsNonce nonce; }; /** - * @brief CS Parameters to create blinded signature - */ -struct TALER_BlindedCsPlanchet -{ - /** - * The Clause Schnorr c_0 and c_1 containing the blinded message - */ - struct GNUNET_CRYPTO_CsC c[2]; - - /** - * Public nonce. - */ - struct TALER_CsNonce nonce; -}; - - -/** - * @brief Type including Parameters to create blinded signature + * @brief Blinded planchet send to exchange for blind signing. */ struct TALER_BlindedPlanchet { /** - * Type of the sign blinded message - */ - enum TALER_DenominationCipher cipher; - - /** - * Details, depending on @e cipher. + * A blinded message. */ - union - { - /** - * If we use #TALER_DENOMINATION_CS in @a cipher. - */ - struct TALER_BlindedCsPlanchet cs_blinded_planchet; + struct GNUNET_CRYPTO_BlindedMessage *blinded_message; - /** - * If we use #TALER_DENOMINATION_RSA in @a cipher. - */ - struct TALER_BlindedRsaPlanchet rsa_blinded_planchet; - - } details; -}; - - -/** - * Pair of Public R values for Cs denominations - */ -struct TALER_DenominationCSPublicRPairP -{ - struct GNUNET_CRYPTO_CsRPublic r_pub[2]; -}; - - -/** - * Secret r for Cs denominations - */ -struct TALER_DenominationCSPrivateRPairP -{ - struct GNUNET_CRYPTO_CsRSecret r[2]; }; @@ -1417,51 +1336,58 @@ struct TALER_TrackTransferDetails struct TALER_CoinSpendPublicKeyP coin_pub; /** - * Value of the deposit (including fee). + * Value of the deposit (including fee), after refunds. */ struct TALER_Amount coin_value; /** - * Fee charged by the exchange for the deposit. + * Fee charged by the exchange for the deposit, + * possibly reduced (or waived) due to refunds. */ struct TALER_Amount coin_fee; + /** + * Total amount of refunds applied to this coin. + */ + struct TALER_Amount refund_total; + }; /** - * @brief Type of algorithm specific Values for withdrawal + * @brief Inputs needed from the exchange for blind signing. */ struct TALER_ExchangeWithdrawValues { /** - * Type of the signature. - */ - enum TALER_DenominationCipher cipher; - - /** - * Details, depending on @e cipher. + * Input values. */ - union - { - /** - * If we use #TALER_DENOMINATION_CS in @a cipher. - */ - struct TALER_DenominationCSPublicRPairP cs_values; + struct GNUNET_CRYPTO_BlindingInputValues *blinding_inputs; +}; - } details; -}; +/** + * Return the alg value singleton for creation of + * blinding secrets for RSA. + * + * @return singleton to use for RSA blinding + */ +const struct TALER_ExchangeWithdrawValues * +TALER_denom_ewv_rsa_singleton (void); /** - * Free internals of @a denom_pub, but not @a denom_pub itself. + * Make a (deep) copy of the given @a bi_src to + * @a bi_dst. * - * @param[in] denom_pub key to free + * @param[out] bi_dst target to copy to + * @param bi_src blinding input values to copy */ void -TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub); +TALER_denom_ewv_copy ( + struct TALER_ExchangeWithdrawValues *bi_dst, + const struct TALER_ExchangeWithdrawValues *bi_src); /** @@ -1486,7 +1412,7 @@ TALER_planchet_setup_coin_priv ( void TALER_cs_withdraw_nonce_derive ( const struct TALER_PlanchetMasterSecretP *ps, - struct TALER_CsNonce *nonce); + struct GNUNET_CRYPTO_CsSessionNonce *nonce); /** @@ -1501,13 +1427,13 @@ void TALER_cs_refresh_nonce_derive ( const struct TALER_RefreshMasterSecretP *rms, uint32_t idx, - struct TALER_CsNonce *nonce); + struct GNUNET_CRYPTO_CsSessionNonce *nonce); /** * Initialize denomination public-private key pair. * - * For #TALER_DENOMINATION_RSA, an additional "unsigned int" + * For #GNUNET_CRYPTO_BSA_RSA, an additional "unsigned int" * argument with the number of bits for 'n' (e.g. 2048) must * be passed. * @@ -1520,11 +1446,29 @@ TALER_cs_refresh_nonce_derive ( enum GNUNET_GenericReturnValue TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv, struct TALER_DenominationPublicKey *denom_pub, - enum TALER_DenominationCipher cipher, + enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, ...); /** + * Free internals of @a denom_pub, but not @a denom_pub itself. + * + * @param[in] denom_pub key to free + */ +void +TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub); + + +/** + * Free internals of @a ewv, but not @a ewv itself. + * + * @param[in] ewv input values to free + */ +void +TALER_denom_ewv_free (struct TALER_ExchangeWithdrawValues *ewv); + + +/** * Free internals of @a denom_priv, but not @a denom_priv itself. * * @param[in] denom_priv key to free @@ -1551,6 +1495,8 @@ TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig); * * @param dk denomination public key to blind for * @param coin_bks blinding secret to use + * @param nonce nonce used to derive session values, + * could be NULL for ciphers that do not use it * @param age_commitment_hash hash of the age commitment to be used for the coin. NULL if no commitment is made. * @param coin_pub public key of the coin to blind * @param alg_values algorithm specific values to blind the planchet @@ -1560,7 +1506,8 @@ TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig); */ enum GNUNET_GenericReturnValue TALER_denom_blind (const struct TALER_DenominationPublicKey *dk, - const union TALER_DenominationBlindingKeyP *coin_bks, + const union GNUNET_CRYPTO_BlindingSecretP *coin_bks, + const union GNUNET_CRYPTO_BlindSessionNonce *nonce, const struct TALER_AgeCommitmentHash *age_commitment_hash, const struct TALER_CoinSpendPublicKeyP *coin_pub, const struct TALER_ExchangeWithdrawValues *alg_values, @@ -1599,7 +1546,7 @@ enum GNUNET_GenericReturnValue TALER_denom_sig_unblind ( struct TALER_DenominationSignature *denom_sig, const struct TALER_BlindedDenominationSignature *bdenom_sig, - const union TALER_DenominationBlindingKeyP *bks, + const union GNUNET_CRYPTO_BlindingSecretP *bks, const struct TALER_CoinPubHashP *c_hash, const struct TALER_ExchangeWithdrawValues *alg_values, const struct TALER_DenominationPublicKey *denom_pub); @@ -1634,8 +1581,8 @@ TALER_denom_pub_hash (const struct TALER_DenominationPublicKey *denom_pub, * @param denom_src public key to copy */ void -TALER_denom_pub_deep_copy (struct TALER_DenominationPublicKey *denom_dst, - const struct TALER_DenominationPublicKey *denom_src); +TALER_denom_pub_copy (struct TALER_DenominationPublicKey *denom_dst, + const struct TALER_DenominationPublicKey *denom_src); /** @@ -1646,8 +1593,8 @@ TALER_denom_pub_deep_copy (struct TALER_DenominationPublicKey *denom_dst, * @param denom_src public key to copy */ void -TALER_denom_sig_deep_copy (struct TALER_DenominationSignature *denom_dst, - const struct TALER_DenominationSignature *denom_src); +TALER_denom_sig_copy (struct TALER_DenominationSignature *denom_dst, + const struct TALER_DenominationSignature *denom_src); /** @@ -1658,7 +1605,7 @@ TALER_denom_sig_deep_copy (struct TALER_DenominationSignature *denom_dst, * @param denom_src public key to copy */ void -TALER_blinded_denom_sig_deep_copy ( +TALER_blinded_denom_sig_copy ( struct TALER_BlindedDenominationSignature *denom_dst, const struct TALER_BlindedDenominationSignature *denom_src); @@ -1714,19 +1661,6 @@ TALER_blinded_planchet_cmp ( /** - * Obtain denomination public key from a denomination private key. - * - * @param denom_priv private key to convert - * @param age_mask age mask to be applied - * @param[out] denom_pub where to return the public key - */ -void -TALER_denom_priv_to_pub (const struct TALER_DenominationPrivateKey *denom_priv, - const struct TALER_AgeMask age_mask, - struct TALER_DenominationPublicKey *denom_pub); - - -/** * Verify signature made with a denomination public key * over a coin. * @@ -1742,6 +1676,51 @@ TALER_denom_pub_verify (const struct TALER_DenominationPublicKey *denom_pub, /** + * Encrypts KYC attributes for storage in the database. + * + * @param key encryption key to use + * @param attr set of attributes to encrypt + * @param[out] enc_attr encrypted attribute data + * @param[out] enc_attr_size number of bytes in @a enc_attr + */ +void +TALER_CRYPTO_kyc_attributes_encrypt ( + const struct TALER_AttributeEncryptionKeyP *key, + const json_t *attr, + void **enc_attr, + size_t *enc_attr_size); + + +/** + * Encrypts KYC attributes for storage in the database. + * + * @param key encryption key to use + * @param enc_attr encrypted attribute data + * @param enc_attr_size number of bytes in @a enc_attr + * @return set of decrypted attributes, NULL on failure + */ +json_t * +TALER_CRYPTO_kyc_attributes_decrypt ( + const struct TALER_AttributeEncryptionKeyP *key, + const void *enc_attr, + size_t enc_attr_size); + + +/** + * Takes a set of KYC attributes and extracts key + * data that we use to detect similar / duplicate + * entries in the database. + * + * @param attr set of KYC attributes + * @param[out] kyc_prox set to the proximity hash + */ +void +TALER_CRYPTO_attributes_to_kyc_prox ( + const json_t *attr, + struct GNUNET_ShortHashCode *kyc_prox); + + +/** * Check if a coin is valid; that is, whether the denomination key exists, * is not expired, and the signature is correct. * @@ -1760,11 +1739,10 @@ TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info, * Compute the hash of a blinded coin. * * @param blinded_planchet blinded planchet - * @param denom_hash hash of the denomination publick key + * @param denom_hash hash of the denomination public key * @param[out] bch where to write the hash - * @return #GNUNET_OK when successful, #GNUNET_SYSERR if an internal error occurred */ -enum GNUNET_GenericReturnValue +void TALER_coin_ev_hash (const struct TALER_BlindedPlanchet *blinded_planchet, const struct TALER_DenominationHashP *denom_hash, struct TALER_BlindedCoinHashP *bch); @@ -1793,6 +1771,7 @@ void TALER_payto_hash (const char *payto, struct TALER_PaytoHashP *h_payto); + /** * Details about a planchet that the customer wants to obtain * a withdrawal authorization. This is the information that @@ -1995,7 +1974,7 @@ void TALER_planchet_blinding_secret_create ( const struct TALER_PlanchetMasterSecretP *ps, const struct TALER_ExchangeWithdrawValues *alg_values, - union TALER_DenominationBlindingKeyP *bks); + union GNUNET_CRYPTO_BlindingSecretP *bks); /** @@ -2004,6 +1983,7 @@ TALER_planchet_blinding_secret_create ( * @param dk denomination key for the coin to be created * @param alg_values algorithm specific values * @param bks blinding secrets + * @param nonce session nonce used to get @a alg_values * @param coin_priv coin private key * @param ach hash of age commitment to bind to this coin, maybe NULL * @param[out] c_hash set to the hash of the public key of the coin (needed later) @@ -2013,13 +1993,15 @@ TALER_planchet_blinding_secret_create ( * @return #GNUNET_OK on success */ enum GNUNET_GenericReturnValue -TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, - const struct TALER_ExchangeWithdrawValues *alg_values, - const union TALER_DenominationBlindingKeyP *bks, - const struct TALER_CoinSpendPrivateKeyP *coin_priv, - const struct TALER_AgeCommitmentHash *ach, - struct TALER_CoinPubHashP *c_hash, - struct TALER_PlanchetDetail *pd); +TALER_planchet_prepare ( + const struct TALER_DenominationPublicKey *dk, + const struct TALER_ExchangeWithdrawValues *alg_values, + const union GNUNET_CRYPTO_BlindingSecretP *bks, + const union GNUNET_CRYPTO_BlindSessionNonce *nonce, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + const struct TALER_AgeCommitmentHash *ach, + struct TALER_CoinPubHashP *c_hash, + struct TALER_PlanchetDetail *pd); /** @@ -2059,7 +2041,7 @@ enum GNUNET_GenericReturnValue TALER_planchet_to_coin ( const struct TALER_DenominationPublicKey *dk, const struct TALER_BlindedDenominationSignature *blind_sig, - const union TALER_DenominationBlindingKeyP *bks, + const union GNUNET_CRYPTO_BlindingSecretP *bks, const struct TALER_CoinSpendPrivateKeyP *coin_priv, const struct TALER_AgeCommitmentHash *ach, const struct TALER_CoinPubHashP *c_hash, @@ -2260,6 +2242,89 @@ TALER_CRYPTO_contract_decrypt_for_deposit ( size_t econtract_size); +/* **************** AML officer signatures **************** */ + +/** + * Sign AML query. Simple authentication, doesn't actually + * sign anything. + * + * @param officer_priv private key of AML officer + * @param[out] officer_sig where to write the signature + */ +void +TALER_officer_aml_query_sign ( + const struct TALER_AmlOfficerPrivateKeyP *officer_priv, + struct TALER_AmlOfficerSignatureP *officer_sig); + + +/** + * Verify AML query authorization. + * + * @param officer_pub public key of AML officer + * @param officer_sig signature to verify + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_officer_aml_query_verify ( + const struct TALER_AmlOfficerPublicKeyP *officer_pub, + const struct TALER_AmlOfficerSignatureP *officer_sig); + + +/** + * Sign AML decision. + * + * @param justification human-readable justification + * @param decision_time when was the decision made + * @param new_threshold at what monthly amount threshold + * should a revision be triggered + * @param h_payto payto URI hash of the account the + * decision is about + * @param new_state updated AML state + * @param kyc_requirements additional KYC requirements to + * impose, can be NULL + * @param officer_priv private key of AML officer + * @param[out] officer_sig where to write the signature + */ +void +TALER_officer_aml_decision_sign ( + const char *justification, + struct GNUNET_TIME_Timestamp decision_time, + const struct TALER_Amount *new_threshold, + const struct TALER_PaytoHashP *h_payto, + enum TALER_AmlDecisionState new_state, + const json_t *kyc_requirements, + const struct TALER_AmlOfficerPrivateKeyP *officer_priv, + struct TALER_AmlOfficerSignatureP *officer_sig); + + +/** + * Verify AML decision. + * + * @param justification human-readable justification + * @param decision_time when was the decision made + * @param new_threshold at what monthly amount threshold + * should a revision be triggered + * @param h_payto payto URI hash of the account the + * decision is about + * @param new_state updated AML state + * @param kyc_requirements additional KYC requirements to + * impose, can be NULL + * @param officer_pub public key of AML officer + * @param officer_sig signature to verify + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_officer_aml_decision_verify ( + const char *justification, + struct GNUNET_TIME_Timestamp decision_time, + const struct TALER_Amount *new_threshold, + const struct TALER_PaytoHashP *h_payto, + enum TALER_AmlDecisionState new_state, + const json_t *kyc_requirements, + const struct TALER_AmlOfficerPublicKeyP *officer_pub, + const struct TALER_AmlOfficerSignatureP *officer_sig); + + /* **************** Helper-based RSA operations **************** */ /** @@ -2280,7 +2345,7 @@ struct TALER_CRYPTO_RsaDenominationHelper; * @param validity_duration how long does the key remain available for signing; * zero if the key has been revoked or purged * @param h_rsa hash of the RSA @a denom_pub that is available (or was purged) - * @param denom_pub the public key itself, NULL if the key was revoked or purged + * @param bs_pub the public key itself, NULL if the key was revoked or purged * @param sm_pub public key of the security module, NULL if the key was revoked or purged * @param sm_sig signature from the security module, NULL if the key was revoked or purged * The signature was already verified against @a sm_pub. @@ -2292,7 +2357,7 @@ typedef void struct GNUNET_TIME_Timestamp start_time, struct GNUNET_TIME_Relative validity_duration, const struct TALER_RsaPubHashP *h_rsa, - const struct TALER_DenominationPublicKey *denom_pub, + struct GNUNET_CRYPTO_BlindSignPublicKey *bs_pub, const struct TALER_SecurityModulePublicKeyP *sm_pub, const struct TALER_SecurityModuleSignatureP *sm_sig); @@ -2301,6 +2366,7 @@ typedef void * Initiate connection to an denomination key helper. * * @param cfg configuration to use + * @param section configuration section prefix to use, usually 'taler' or 'donau' * @param dkc function to call with key information * @param dkc_cls closure for @a dkc * @return NULL on error (such as bad @a cfg). @@ -2308,6 +2374,7 @@ typedef void struct TALER_CRYPTO_RsaDenominationHelper * TALER_CRYPTO_helper_rsa_connect ( const struct GNUNET_CONFIGURATION_Handle *cfg, + const char *section, TALER_CRYPTO_RsaDenominationKeyStatusCallback dkc, void *dkc_cls); @@ -2379,6 +2446,11 @@ TALER_CRYPTO_helper_rsa_sign ( * that it created the signature. Thus, signals may result in a small * differences in the signature counters. Retrying in this case may work. * + * Note that in case of errors, the @a bss array may still have been partially + * filled with signatures, which in this case must be freed by the caller + * (this is in contrast to the #TALER_CRYPTO_helper_rsa_sign() API which never + * returns any signatures if there was an error). + * * @param dh helper process connection * @param rsrs array with details about the requested signatures * @param rsrs_length length of the @a rsrs array @@ -2388,9 +2460,9 @@ TALER_CRYPTO_helper_rsa_sign ( enum TALER_ErrorCode TALER_CRYPTO_helper_rsa_batch_sign ( struct TALER_CRYPTO_RsaDenominationHelper *dh, - const struct TALER_CRYPTO_RsaSignRequest *rsrs, unsigned int rsrs_length, - struct TALER_BlindedDenominationSignature *bss); + const struct TALER_CRYPTO_RsaSignRequest rsrs[static rsrs_length], + struct TALER_BlindedDenominationSignature bss[static rsrs_length]); /** @@ -2423,6 +2495,7 @@ void TALER_CRYPTO_helper_rsa_disconnect ( struct TALER_CRYPTO_RsaDenominationHelper *dh); + /* **************** Helper-based CS operations **************** */ /** @@ -2443,7 +2516,7 @@ struct TALER_CRYPTO_CsDenominationHelper; * @param validity_duration how long does the key remain available for signing; * zero if the key has been revoked or purged * @param h_cs hash of the CS @a denom_pub that is available (or was purged) - * @param denom_pub the public key itself, NULL if the key was revoked or purged + * @param bsign_pub the public key itself, NULL if the key was revoked or purged * @param sm_pub public key of the security module, NULL if the key was revoked or purged * @param sm_sig signature from the security module, NULL if the key was revoked or purged * The signature was already verified against @a sm_pub. @@ -2455,7 +2528,7 @@ typedef void struct GNUNET_TIME_Timestamp start_time, struct GNUNET_TIME_Relative validity_duration, const struct TALER_CsPubHashP *h_cs, - const struct TALER_DenominationPublicKey *denom_pub, + struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, const struct TALER_SecurityModulePublicKeyP *sm_pub, const struct TALER_SecurityModuleSignatureP *sm_sig); @@ -2464,6 +2537,7 @@ typedef void * Initiate connection to an denomination key helper. * * @param cfg configuration to use + * @param section configuration section prefix to use, usually 'taler' or 'donau' * @param dkc function to call with key information * @param dkc_cls closure for @a dkc * @return NULL on error (such as bad @a cfg). @@ -2471,6 +2545,7 @@ typedef void struct TALER_CRYPTO_CsDenominationHelper * TALER_CRYPTO_helper_cs_connect ( const struct GNUNET_CONFIGURATION_Handle *cfg, + const char *section, TALER_CRYPTO_CsDenominationKeyStatusCallback dkc, void *dkc_cls); @@ -2489,8 +2564,25 @@ TALER_CRYPTO_helper_cs_poll (struct TALER_CRYPTO_CsDenominationHelper *dh); /** - * Request helper @a dh to sign @a msg using the public key corresponding to - * @a h_denom_pub. + * Information about what we should sign over. + */ +struct TALER_CRYPTO_CsSignRequest +{ + /** + * Hash of the CS public key to use to sign. + */ + const struct TALER_CsPubHashP *h_cs; + + /** + * Blinded planchet containing c and the nonce. + */ + const struct GNUNET_CRYPTO_CsBlindedMessage *blinded_planchet; + +}; + + +/** + * Request helper @a dh to sign @a req. * * This operation will block until the signature has been obtained. Should * this process receive a signal (that is not ignored) while the operation is @@ -2499,22 +2591,21 @@ TALER_CRYPTO_helper_cs_poll (struct TALER_CRYPTO_CsDenominationHelper *dh); * differences in the signature counters. Retrying in this case may work. * * @param dh helper process connection - * @param h_cs hash of the CS public key to use to sign - * @param blinded_planchet blinded planchet containing c and nonce + * @param req information about the key to sign with and the value to sign + * @param for_melt true if for melt operation * @param[out] bs set to the blind signature * @return #TALER_EC_NONE on success */ enum TALER_ErrorCode -TALER_CRYPTO_helper_cs_sign_melt ( +TALER_CRYPTO_helper_cs_sign ( struct TALER_CRYPTO_CsDenominationHelper *dh, - const struct TALER_CsPubHashP *h_cs, - const struct TALER_BlindedCsPlanchet *blinded_planchet, + const struct TALER_CRYPTO_CsSignRequest *req, + bool for_melt, struct TALER_BlindedDenominationSignature *bs); /** - * Request helper @a dh to sign @a msg using the public key corresponding to - * @a h_denom_pub. + * Request helper @a dh to sign batch of @a reqs requests. * * This operation will block until the signature has been obtained. Should * this process receive a signal (that is not ignored) while the operation is @@ -2523,17 +2614,19 @@ TALER_CRYPTO_helper_cs_sign_melt ( * differences in the signature counters. Retrying in this case may work. * * @param dh helper process connection - * @param h_cs hash of the CS public key to use to sign - * @param blinded_planchet blinded planchet containing c and nonce - * @param[out] bs set to the blind signature + * @param reqs information about the keys to sign with and the values to sign + * @param reqs_length length of the @a reqs array + * @param for_melt true if this is for a melt operation + * @param[out] bss array set to the blind signatures, must be of length @a reqs_length! * @return #TALER_EC_NONE on success */ enum TALER_ErrorCode -TALER_CRYPTO_helper_cs_sign_withdraw ( +TALER_CRYPTO_helper_cs_batch_sign ( struct TALER_CRYPTO_CsDenominationHelper *dh, - const struct TALER_CsPubHashP *h_cs, - const struct TALER_BlindedCsPlanchet *blinded_planchet, - struct TALER_BlindedDenominationSignature *bs); + unsigned int reqs_length, + const struct TALER_CRYPTO_CsSignRequest reqs[static reqs_length], + bool for_melt, + struct TALER_BlindedDenominationSignature bss[static reqs_length]); /** @@ -2558,8 +2651,25 @@ TALER_CRYPTO_helper_cs_revoke ( /** - * Ask the helper to derive R using the @a nonce and denomination key - * associated with @a h_cs. + * Information about what we should derive for. + */ +struct TALER_CRYPTO_CsDeriveRequest +{ + /** + * Hash of the CS public key to use to sign. + */ + const struct TALER_CsPubHashP *h_cs; + + /** + * Nonce to use for the /csr request. + */ + const struct GNUNET_CRYPTO_CsSessionNonce *nonce; +}; + + +/** + * Ask the helper to derive R using the information + * from @a cdr. * * This operation will block until the R has been obtained. Should * this process receive a signal (that is not ignored) while the operation is @@ -2568,22 +2678,21 @@ TALER_CRYPTO_helper_cs_revoke ( * differences in the signature counters. Retrying in this case may work. * * @param dh helper to process connection - * @param h_cs hash of the CS public key to revoke - * @param nonce witdhraw nonce + * @param cdr derivation input data + * @param for_melt true if this is for a melt operation * @param[out] crp set to the pair of R values * @return set to the error code (or #TALER_EC_NONE on success) */ enum TALER_ErrorCode -TALER_CRYPTO_helper_cs_r_derive_withdraw ( +TALER_CRYPTO_helper_cs_r_derive ( struct TALER_CRYPTO_CsDenominationHelper *dh, - const struct TALER_CsPubHashP *h_cs, - const struct TALER_CsNonce *nonce, - struct TALER_DenominationCSPublicRPairP *crp); + const struct TALER_CRYPTO_CsDeriveRequest *cdr, + bool for_melt, + struct GNUNET_CRYPTO_CSPublicRPairP *crp); /** - * Ask the helper to derive R using the @a nonce and denomination key - * associated with @a h_cs. + * Ask the helper to derive R using the information from @a cdrs. * * This operation will block until the R has been obtained. Should * this process receive a signal (that is not ignored) while the operation is @@ -2592,17 +2701,19 @@ TALER_CRYPTO_helper_cs_r_derive_withdraw ( * differences in the signature counters. Retrying in this case may work. * * @param dh helper to process connection - * @param h_cs hash of the CS public key to revoke - * @param nonce witdhraw nonce - * @param[out] crp set to the pair of R values + * @param cdrs_length length of the @a cdrs array + * @param cdrs array with derivation input data + * @param for_melt true if this is for a melt operation + * @param[out] crps array set to the pair of R values, must be of length @a cdrs_length * @return set to the error code (or #TALER_EC_NONE on success) */ enum TALER_ErrorCode -TALER_CRYPTO_helper_cs_r_derive_melt ( +TALER_CRYPTO_helper_cs_r_batch_derive ( struct TALER_CRYPTO_CsDenominationHelper *dh, - const struct TALER_CsPubHashP *h_cs, - const struct TALER_CsNonce *nonce, - struct TALER_DenominationCSPublicRPairP *crp); + unsigned int cdrs_length, + const struct TALER_CRYPTO_CsDeriveRequest cdrs[static cdrs_length], + bool for_melt, + struct GNUNET_CRYPTO_CSPublicRPairP crps[static cdrs_length]); /** @@ -2648,6 +2759,7 @@ typedef void * Initiate connection to an online signing key helper. * * @param cfg configuration to use + * @param section configuration section prefix to use, usually 'taler' or 'donau' * @param ekc function to call with key information * @param ekc_cls closure for @a ekc * @return NULL on error (such as bad @a cfg). @@ -2655,6 +2767,7 @@ typedef void struct TALER_CRYPTO_ExchangeSignHelper * TALER_CRYPTO_helper_esign_connect ( const struct GNUNET_CONFIGURATION_Handle *cfg, + const char *section, TALER_CRYPTO_ExchangeKeyStatusCallback ekc, void *ekc_cls); @@ -2771,7 +2884,7 @@ TALER_CRYPTO_helper_esign_disconnect ( void TALER_wallet_purse_create_sign ( struct GNUNET_TIME_Timestamp purse_expiration, - struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_PrivateContractHashP *h_contract_terms, const struct TALER_PurseMergePublicKeyP *merge_pub, uint32_t min_age, const struct TALER_Amount *amount, @@ -2794,7 +2907,7 @@ TALER_wallet_purse_create_sign ( enum GNUNET_GenericReturnValue TALER_wallet_purse_create_verify ( struct GNUNET_TIME_Timestamp purse_expiration, - struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_PrivateContractHashP *h_contract_terms, const struct TALER_PurseMergePublicKeyP *merge_pub, uint32_t min_age, const struct TALER_Amount *amount, @@ -2803,6 +2916,31 @@ TALER_wallet_purse_create_verify ( /** + * Sign a request to delete a purse. + * + * @param purse_priv key identifying the purse + * @param[out] purse_sig resulting signature + */ +void +TALER_wallet_purse_delete_sign ( + const struct TALER_PurseContractPrivateKeyP *purse_priv, + struct TALER_PurseContractSignatureP *purse_sig); + + +/** + * Verify a purse deletion request. + * + * @param purse_pub purse’s public key + * @param purse_sig the signature made with purpose #TALER_SIGNATURE_WALLET_PURSE_DELETE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_purse_delete_verify ( + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PurseContractSignatureP *purse_sig); + + +/** * Sign a request to upload an encrypted contract. * * @param econtract encrypted contract @@ -2929,7 +3067,7 @@ TALER_wallet_purse_deposit_verify ( /** * Sign a request by a purse to merge it into an account. * - * @param reserve_url identifies the location of the reserve + * @param reserve_uri identifies the location of the reserve * @param merge_timestamp time when the merge happened * @param purse_pub key identifying the purse * @param merge_priv key identifying the merge capability @@ -2937,7 +3075,7 @@ TALER_wallet_purse_deposit_verify ( */ void TALER_wallet_purse_merge_sign ( - const char *reserve_url, + const char *reserve_uri, struct GNUNET_TIME_Timestamp merge_timestamp, const struct TALER_PurseContractPublicKeyP *purse_pub, const struct TALER_PurseMergePrivateKeyP *merge_priv, @@ -2947,7 +3085,7 @@ TALER_wallet_purse_merge_sign ( /** * Verify a purse merge request. * - * @param reserve_url identifies the location of the reserve + * @param reserve_uri identifies the location of the reserve * @param merge_timestamp time when the merge happened * @param purse_pub public key of the purse to merge * @param merge_pub public key of the merge capability @@ -2956,7 +3094,7 @@ TALER_wallet_purse_merge_sign ( */ enum GNUNET_GenericReturnValue TALER_wallet_purse_merge_verify ( - const char *reserve_url, + const char *reserve_uri, struct GNUNET_TIME_Timestamp merge_timestamp, const struct TALER_PurseContractPublicKeyP *purse_pub, const struct TALER_PurseMergePublicKeyP *merge_pub, @@ -3059,13 +3197,96 @@ TALER_wallet_account_merge_verify ( /** - * Sign a request to delete/close an account. + * Sign a request to keep a reserve open. + * + * @param reserve_payment how much to pay from the + * reserve's own balance for opening the reserve + * @param request_timestamp when was the request created + * @param reserve_expiration desired expiration time for the reserve + * @param purse_limit minimum number of purses the client + * wants to have concurrently open for this reserve + * @param reserve_priv key identifying the reserve + * @param[out] reserve_sig resulting signature + */ +void +TALER_wallet_reserve_open_sign ( + const struct TALER_Amount *reserve_payment, + struct GNUNET_TIME_Timestamp request_timestamp, + struct GNUNET_TIME_Timestamp reserve_expiration, + uint32_t purse_limit, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Verify a request to keep a reserve open. + * + * @param reserve_payment how much to pay from the + * reserve's own balance for opening the reserve + * @param request_timestamp when was the request created + * @param reserve_expiration desired expiration time for the reserve + * @param purse_limit minimum number of purses the client + * wants to have concurrently open for this reserve + * @param reserve_pub key identifying the reserve + * @param reserve_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_reserve_open_verify ( + const struct TALER_Amount *reserve_payment, + struct GNUNET_TIME_Timestamp request_timestamp, + struct GNUNET_TIME_Timestamp reserve_expiration, + uint32_t purse_limit, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Sign to deposit coin to pay for keeping a reserve open. + * + * @param coin_contribution how much the coin should contribute + * @param reserve_sig signature over the reserve open operation + * @param coin_priv private key of the coin + * @param[out] coin_sig signature by the coin + */ +void +TALER_wallet_reserve_open_deposit_sign ( + const struct TALER_Amount *coin_contribution, + const struct TALER_ReserveSignatureP *reserve_sig, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Verify signature that deposits coin to pay for keeping a reserve open. + * + * @param coin_contribution how much the coin should contribute + * @param reserve_sig signature over the reserve open operation + * @param coin_pub public key of the coin + * @param coin_sig signature by the coin + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_reserve_open_deposit_verify ( + const struct TALER_Amount *coin_contribution, + const struct TALER_ReserveSignatureP *reserve_sig, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Sign a request to close a reserve. * + * @param request_timestamp when was the request created + * @param h_payto where to send the funds (NULL allowed to send + * to origin of the reserve) * @param reserve_priv key identifying the reserve * @param[out] reserve_sig resulting signature */ void -TALER_wallet_account_close_sign ( +TALER_wallet_reserve_close_sign ( + struct GNUNET_TIME_Timestamp request_timestamp, + const struct TALER_PaytoHashP *h_payto, const struct TALER_ReservePrivateKeyP *reserve_priv, struct TALER_ReserveSignatureP *reserve_sig); @@ -3073,12 +3294,17 @@ TALER_wallet_account_close_sign ( /** * Verify wallet request to close an account. * + * @param request_timestamp when was the request created + * @param h_payto where to send the funds (NULL/all zeros + * allowed to send to origin of the reserve) * @param reserve_pub account’s public key * @param reserve_sig the signature made with purpose #TALER_SIGNATURE_WALLET_RESERVE_CLOSE * @return #GNUNET_OK if the signature is valid */ enum GNUNET_GenericReturnValue -TALER_wallet_account_close_verify ( +TALER_wallet_reserve_close_verify ( + struct GNUNET_TIME_Timestamp request_timestamp, + const struct TALER_PaytoHashP *h_payto, const struct TALER_ReservePublicKeyP *reserve_pub, const struct TALER_ReserveSignatureP *reserve_sig); @@ -3087,11 +3313,13 @@ TALER_wallet_account_close_verify ( * Sign a request by a wallet to perform a KYC check. * * @param reserve_priv key identifying the wallet/account + * @param balance_threshold the balance threshold the wallet is about to cross * @param[out] reserve_sig resulting signature */ void TALER_wallet_account_setup_sign ( const struct TALER_ReservePrivateKeyP *reserve_priv, + const struct TALER_Amount *balance_threshold, struct TALER_ReserveSignatureP *reserve_sig); @@ -3099,12 +3327,49 @@ TALER_wallet_account_setup_sign ( * Verify account setup request. * * @param reserve_pub reserve the setup request was for + * @param balance_threshold the balance threshold the wallet is about to cross * @param reserve_sig resulting signature * @return #GNUNET_OK if the signature is valid */ enum GNUNET_GenericReturnValue TALER_wallet_account_setup_verify ( const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_Amount *balance_threshold, + const struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Sign request to the exchange to confirm certain + * @a details about the owner of a reserve. + * + * @param request_timestamp when was the request created + * @param details which attributes are requested + * @param reserve_priv private key of the reserve + * @param[out] reserve_sig where to store the signature + */ +void +TALER_wallet_reserve_attest_request_sign ( + struct GNUNET_TIME_Timestamp request_timestamp, + const json_t *details, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Verify request to the exchange to confirm certain + * @a details about the owner of a reserve. + * + * @param request_timestamp when was the request created + * @param details which attributes are requested + * @param reserve_pub public key of the reserve + * @param reserve_sig where to store the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_reserve_attest_request_verify ( + struct GNUNET_TIME_Timestamp request_timestamp, + const json_t *details, + const struct TALER_ReservePublicKeyP *reserve_pub, const struct TALER_ReserveSignatureP *reserve_sig); @@ -3115,8 +3380,9 @@ TALER_wallet_account_setup_verify ( * @param deposit_fee the deposit fee we expect to pay * @param h_wire hash of the merchant’s account details * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange) + * @param wallet_data_hash hash over wallet inputs into the contract (maybe NULL) * @param h_age_commitment hash over the age commitment, if applicable to the denomination (maybe NULL) - * @param h_extensions hash over the extensions + * @param h_policy hash over the policy extension * @param h_denom_pub hash of the coin denomination's public key * @param coin_priv coin’s private key * @param wallet_timestamp timestamp when the contract was finalized, must not be too far in the future @@ -3130,8 +3396,9 @@ TALER_wallet_deposit_sign ( const struct TALER_Amount *deposit_fee, const struct TALER_MerchantWireHashP *h_wire, const struct TALER_PrivateContractHashP *h_contract_terms, + const struct GNUNET_HashCode *wallet_data_hash, const struct TALER_AgeCommitmentHash *h_age_commitment, - const struct TALER_ExtensionContractHashP *h_extensions, + const struct TALER_ExtensionPolicyHashP *h_policy, const struct TALER_DenominationHashP *h_denom_pub, struct GNUNET_TIME_Timestamp wallet_timestamp, const struct TALER_MerchantPublicKeyP *merchant_pub, @@ -3147,8 +3414,9 @@ TALER_wallet_deposit_sign ( * @param deposit_fee the deposit fee we expect to pay * @param h_wire hash of the merchant’s account details * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange) + * @param wallet_data_hash hash over wallet inputs into the contract (maybe NULL) * @param h_age_commitment hash over the age commitment (maybe all zeroes, if not applicable to the denomination) - * @param h_extensions hash over the extensions + * @param h_policy hash over the policy extension * @param h_denom_pub hash of the coin denomination's public key * @param wallet_timestamp timestamp when the contract was finalized, must not be too far in the future * @param merchant_pub the public key of the merchant (used to identify the merchant for refund requests) @@ -3163,8 +3431,9 @@ TALER_wallet_deposit_verify ( const struct TALER_Amount *deposit_fee, const struct TALER_MerchantWireHashP *h_wire, const struct TALER_PrivateContractHashP *h_contract_terms, + const struct GNUNET_HashCode *wallet_data_hash, const struct TALER_AgeCommitmentHash *h_age_commitment, - const struct TALER_ExtensionContractHashP *h_extensions, + const struct TALER_ExtensionPolicyHashP *h_policy, const struct TALER_DenominationHashP *h_denom_pub, struct GNUNET_TIME_Timestamp wallet_timestamp, const struct TALER_MerchantPublicKeyP *merchant_pub, @@ -3293,6 +3562,45 @@ TALER_wallet_withdraw_verify ( /** + * Sign age-withdraw request. + * + * @param h_commitment hash over all n*kappa blinded coins in the commitment for the age-withdraw + * @param amount_with_fee amount to debit the reserve for + * @param mask the mask that defines the age groups + * @param max_age maximum age from which the age group is derived, that the withdrawn coins must be restricted to. + * @param reserve_priv private key to sign with + * @param[out] reserve_sig resulting signature + */ +void +TALER_wallet_age_withdraw_sign ( + const struct TALER_AgeWithdrawCommitmentHashP *h_commitment, + const struct TALER_Amount *amount_with_fee, + const struct TALER_AgeMask *mask, + uint8_t max_age, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + +/** + * Verify an age-withdraw request. + * + * @param h_commitment hash all n*kappa blinded coins in the commitment for the age-withdraw + * @param amount_with_fee amount to debit the reserve for + * @param mask the mask that defines the age groups + * @param max_age maximum age from which the age group is derived, that the withdrawn coins must be restricted to. + * @param reserve_pub public key of the reserve + * @param reserve_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_age_withdraw_verify ( + const struct TALER_AgeWithdrawCommitmentHashP *h_commitment, + const struct TALER_Amount *amount_with_fee, + const struct TALER_AgeMask *mask, + uint8_t max_age, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + +/** * Verify exchange melt confirmation. * * @param rc refresh session this is about @@ -3321,7 +3629,7 @@ TALER_exchange_melt_confirmation_verify ( enum GNUNET_GenericReturnValue TALER_wallet_recoup_verify ( const struct TALER_DenominationHashP *h_denom_pub, - const union TALER_DenominationBlindingKeyP *coin_bks, + const union GNUNET_CRYPTO_BlindingSecretP *coin_bks, const struct TALER_CoinSpendPublicKeyP *coin_pub, const struct TALER_CoinSpendSignatureP *coin_sig); @@ -3337,7 +3645,7 @@ TALER_wallet_recoup_verify ( void TALER_wallet_recoup_sign ( const struct TALER_DenominationHashP *h_denom_pub, - const union TALER_DenominationBlindingKeyP *coin_bks, + const union GNUNET_CRYPTO_BlindingSecretP *coin_bks, const struct TALER_CoinSpendPrivateKeyP *coin_priv, struct TALER_CoinSpendSignatureP *coin_sig); @@ -3354,7 +3662,7 @@ TALER_wallet_recoup_sign ( enum GNUNET_GenericReturnValue TALER_wallet_recoup_refresh_verify ( const struct TALER_DenominationHashP *h_denom_pub, - const union TALER_DenominationBlindingKeyP *coin_bks, + const union GNUNET_CRYPTO_BlindingSecretP *coin_bks, const struct TALER_CoinSpendPublicKeyP *coin_pub, const struct TALER_CoinSpendSignatureP *coin_sig); @@ -3370,7 +3678,7 @@ TALER_wallet_recoup_refresh_verify ( void TALER_wallet_recoup_refresh_sign ( const struct TALER_DenominationHashP *h_denom_pub, - const union TALER_DenominationBlindingKeyP *coin_bks, + const union GNUNET_CRYPTO_BlindingSecretP *coin_bks, const struct TALER_CoinSpendPrivateKeyP *coin_priv, struct TALER_CoinSpendSignatureP *coin_sig); @@ -3378,63 +3686,59 @@ TALER_wallet_recoup_refresh_sign ( /** * Verify reserve history request signature. * - * @param ts timestamp used - * @param history_fee how much did the wallet say it would pay + * @param start_off start of the requested range * @param reserve_pub reserve the history request was for * @param reserve_sig resulting signature * @return #GNUNET_OK if the signature is valid */ enum GNUNET_GenericReturnValue TALER_wallet_reserve_history_verify ( - const struct GNUNET_TIME_Timestamp ts, - const struct TALER_Amount *history_fee, + uint64_t start_off, const struct TALER_ReservePublicKeyP *reserve_pub, const struct TALER_ReserveSignatureP *reserve_sig); /** - * Create reserve history request signature. + * Create reserve status request signature. * - * @param ts timestamp used - * @param history_fee how much do we expect to pay + * @param start_off start of the requested range * @param reserve_priv private key of the reserve the history request is for * @param[out] reserve_sig resulting signature */ void TALER_wallet_reserve_history_sign ( - const struct GNUNET_TIME_Timestamp ts, - const struct TALER_Amount *history_fee, + uint64_t start_off, const struct TALER_ReservePrivateKeyP *reserve_priv, struct TALER_ReserveSignatureP *reserve_sig); /** - * Verify reserve status request signature. + * Verify coin history request signature. * - * @param ts timestamp used - * @param reserve_pub reserve the status request was for - * @param reserve_sig resulting signature + * @param start_off start of the requested range + * @param coin_pub coin the history request was for + * @param coin_sig resulting signature * @return #GNUNET_OK if the signature is valid */ enum GNUNET_GenericReturnValue -TALER_wallet_reserve_status_verify ( - const struct GNUNET_TIME_Timestamp ts, - const struct TALER_ReservePublicKeyP *reserve_pub, - const struct TALER_ReserveSignatureP *reserve_sig); +TALER_wallet_coin_history_verify ( + uint64_t start_off, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig); /** - * Create reserve status request signature. + * Create coin status request signature. * - * @param ts timestamp used - * @param reserve_priv private key of the reserve the status request is for - * @param[out] reserve_sig resulting signature + * @param start_off start of the requested range + * @param coin_priv private key of the coin the history request is for + * @param[out] coin_sig resulting signature */ void -TALER_wallet_reserve_status_sign ( - const struct GNUNET_TIME_Timestamp ts, - const struct TALER_ReservePrivateKeyP *reserve_priv, - struct TALER_ReserveSignatureP *reserve_sig); +TALER_wallet_coin_history_sign ( + uint64_t start_off, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); /* ********************* merchant signing ************************** */ @@ -3569,12 +3873,13 @@ typedef enum TALER_ErrorCode * @param scb function to call to create the signature * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange) * @param h_wire hash of the merchant’s account details - * @param h_extensions hash over the extensions, can be NULL + * @param h_policy hash over the policy extension, can be NULL * @param exchange_timestamp timestamp when the contract was finalized, must not be too far off * @param wire_deadline date until which the exchange should wire the funds * @param refund_deadline date until which the merchant can issue a refund to the customer via the exchange (can be zero if refunds are not allowed); must not be after the @a wire_deadline - * @param amount_without_fee the amount to be deposited after fees - * @param coin_pub public key of the deposited coin + * @param total_without_fee the total amount to be deposited after fees over all coins + * @param num_coins length of @a coin_sigs array + * @param coin_sigs signatures of the deposited coins * @param merchant_pub the public key of the merchant (used to identify the merchant for refund requests) * @param[out] pub where to write the public key * @param[out] sig where to write the signature @@ -3585,12 +3890,13 @@ TALER_exchange_online_deposit_confirmation_sign ( TALER_ExchangeSignCallback scb, const struct TALER_PrivateContractHashP *h_contract_terms, const struct TALER_MerchantWireHashP *h_wire, - const struct TALER_ExtensionContractHashP *h_extensions, + const struct TALER_ExtensionPolicyHashP *h_policy, struct GNUNET_TIME_Timestamp exchange_timestamp, struct GNUNET_TIME_Timestamp wire_deadline, struct GNUNET_TIME_Timestamp refund_deadline, - const struct TALER_Amount *amount_without_fee, - const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_Amount *total_without_fee, + unsigned int num_coins, + const struct TALER_CoinSpendSignatureP *coin_sigs[static num_coins], const struct TALER_MerchantPublicKeyP *merchant_pub, struct TALER_ExchangePublicKeyP *pub, struct TALER_ExchangeSignatureP *sig); @@ -3601,12 +3907,13 @@ TALER_exchange_online_deposit_confirmation_sign ( * * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange) * @param h_wire hash of the merchant’s account details - * @param h_extensions hash over the extensions, can be NULL + * @param h_policy hash over the policy extension, can be NULL * @param exchange_timestamp timestamp when the contract was finalized, must not be too far off * @param wire_deadline date until which the exchange should wire the funds * @param refund_deadline date until which the merchant can issue a refund to the customer via the exchange (can be zero if refunds are not allowed); must not be after the @a wire_deadline - * @param amount_without_fee the amount to be deposited after fees - * @param coin_pub public key of the deposited coin + * @param total_without_fee the total amount to be deposited after fees over all coins + * @param num_coins length of @a coin_sigs array + * @param coin_sigs signatures of the deposited coins * @param merchant_pub the public key of the merchant (used to identify the merchant for refund requests) * @param pub where to write the public key * @param sig where to write the signature @@ -3616,12 +3923,13 @@ enum GNUNET_GenericReturnValue TALER_exchange_online_deposit_confirmation_verify ( const struct TALER_PrivateContractHashP *h_contract_terms, const struct TALER_MerchantWireHashP *h_wire, - const struct TALER_ExtensionContractHashP *h_extensions, + const struct TALER_ExtensionPolicyHashP *h_policy, struct GNUNET_TIME_Timestamp exchange_timestamp, struct GNUNET_TIME_Timestamp wire_deadline, struct GNUNET_TIME_Timestamp refund_deadline, - const struct TALER_Amount *amount_without_fee, - const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_Amount *total_without_fee, + unsigned int num_coins, + const struct TALER_CoinSpendSignatureP *coin_sigs[static num_coins], const struct TALER_MerchantPublicKeyP *merchant_pub, const struct TALER_ExchangePublicKeyP *pub, const struct TALER_ExchangeSignatureP *sig); @@ -3712,6 +4020,51 @@ TALER_exchange_online_melt_confirmation_verify ( /** + * Create exchange purse refund confirmation signature. + * + * @param scb function to call to create the signature + * @param amount_without_fee refunded amount + * @param refund_fee refund fee charged + * @param coin_pub coin that was refunded + * @param purse_pub public key of the expired purse + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_purse_refund_sign ( + TALER_ExchangeSignCallback scb, + const struct TALER_Amount *amount_without_fee, + const struct TALER_Amount *refund_fee, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_PurseContractPublicKeyP *purse_pub, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify signature of exchange affirming purse refund + * from purse expiration. + * + * @param amount_without_fee refunded amount + * @param refund_fee refund fee charged + * @param coin_pub coin that was refunded + * @param purse_pub public key of the expired purse + * @param pub public key to verify signature against + * @param sig signature to verify + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_purse_refund_verify ( + const struct TALER_Amount *amount_without_fee, + const struct TALER_Amount *refund_fee, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** * Create exchange key set signature. * * @param scb function to call to create the signature @@ -3737,8 +4090,8 @@ TALER_exchange_online_key_set_sign ( * * @param timestamp time when the key set was issued * @param hc hash over all the keys - * @param pub where to write the public key - * @param sig where to write the signature + * @param pub public key to verify signature against + * @param sig signature to verify * @return #GNUNET_OK if the signature is valid */ enum GNUNET_GenericReturnValue @@ -3750,10 +4103,12 @@ TALER_exchange_online_key_set_verify ( /** - * Create account setup success signature. + * Create account KYC setup success signature. * * @param scb function to call to create the signature * @param h_payto target of the KYC account + * @param kyc JSON data describing which KYC checks + * were satisfied * @param timestamp time when the KYC was confirmed * @param[out] pub where to write the public key * @param[out] sig where to write the signature @@ -3763,15 +4118,18 @@ enum TALER_ErrorCode TALER_exchange_online_account_setup_success_sign ( TALER_ExchangeSignCallback scb, const struct TALER_PaytoHashP *h_payto, + const json_t *kyc, struct GNUNET_TIME_Timestamp timestamp, struct TALER_ExchangePublicKeyP *pub, struct TALER_ExchangeSignatureP *sig); /** - * Verify account setup success signature. + * Verify account KYC setup success signature. * * @param h_payto target of the KYC account + * @param kyc JSON data describing which KYC checks + * were satisfied * @param timestamp time when the KYC was confirmed * @param pub where to write the public key * @param sig where to write the signature @@ -3780,12 +4138,25 @@ TALER_exchange_online_account_setup_success_sign ( enum GNUNET_GenericReturnValue TALER_exchange_online_account_setup_success_verify ( const struct TALER_PaytoHashP *h_payto, + const json_t *kyc, struct GNUNET_TIME_Timestamp timestamp, const struct TALER_ExchangePublicKeyP *pub, const struct TALER_ExchangeSignatureP *sig); /** + * Hash normalized @a j JSON object or array and + * store the result in @a hc. + * + * @param j JSON to hash + * @param[out] hc where to write the hash + */ +void +TALER_json_hash (const json_t *j, + struct GNUNET_HashCode *hc); + + +/** * Update the @a hash_context in the computation of the * h_details for a wire status signature. * @@ -4125,6 +4496,52 @@ TALER_exchange_online_reserve_closed_verify ( /** + * Create signature by exchange affirming that a reserve + * has had certain attributes verified via KYC. + * + * @param scb function to call to create the signature + * @param attest_timestamp our time + * @param expiration_time when does the KYC data expire + * @param reserve_pub for which reserve are attributes attested + * @param attributes JSON object with attributes being attested to + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_reserve_attest_details_sign ( + TALER_ExchangeSignCallback scb, + struct GNUNET_TIME_Timestamp attest_timestamp, + struct GNUNET_TIME_Timestamp expiration_time, + const struct TALER_ReservePublicKeyP *reserve_pub, + const json_t *attributes, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify signature by exchange affirming that a reserve + * has had certain attributes verified via KYC. + * + * @param attest_timestamp our time + * @param expiration_time when does the KYC data expire + * @param reserve_pub for which reserve are attributes attested + * @param attributes JSON object with attributes being attested to + * @param pub exchange public key + * @param sig exchange signature to verify + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_reserve_attest_details_verify ( + struct GNUNET_TIME_Timestamp attest_timestamp, + struct GNUNET_TIME_Timestamp expiration_time, + const struct TALER_ReservePublicKeyP *reserve_pub, + const json_t *attributes, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** * Create signature by exchange affirming that a purse was created. * * @param scb function to call to create the signature @@ -4272,10 +4689,90 @@ TALER_exchange_online_purse_status_verify ( const struct TALER_ExchangeSignatureP *exchange_sig); +/** + * Create age-withdraw confirmation signature. + * + * @param scb function to call to create the signature + * @param h_commitment age-withdraw commitment that identifies the n*kappa blinded coins + * @param noreveal_index gamma cut-and-choose value chosen by the exchange + * @param[out] pub where to write the exchange public key + * @param[out] sig where to write the exchange signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_age_withdraw_confirmation_sign ( + TALER_ExchangeSignCallback scb, + const struct TALER_AgeWithdrawCommitmentHashP *h_commitment, + uint32_t noreveal_index, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify an exchange age-withdraw confirmation + * + * @param h_commitment Commitment over all n*kappa coin candidates from the original request to age-withdraw + * @param noreveal_index The index returned by the exchange + * @param exchange_pub The public key used for signing + * @param exchange_sig The signature from the exchange + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_age_withdraw_confirmation_verify ( + const struct TALER_AgeWithdrawCommitmentHashP *h_commitment, + uint32_t noreveal_index, + const struct TALER_ExchangePublicKeyP *exchange_pub, + const struct TALER_ExchangeSignatureP *exchange_sig); + + /* ********************* offline signing ************************** */ /** + * Create AML officer status change signature. + * + * @param officer_pub public key of the AML officer + * @param officer_name name of the officer + * @param change_date when to affect the status change + * @param is_active true to enable the officer + * @param read_only true to only allow read-only access + * @param master_priv private key to sign with + * @param[out] master_sig where to write the signature + */ +void +TALER_exchange_offline_aml_officer_status_sign ( + const struct TALER_AmlOfficerPublicKeyP *officer_pub, + const char *officer_name, + struct GNUNET_TIME_Timestamp change_date, + bool is_active, + bool read_only, + const struct TALER_MasterPrivateKeyP *master_priv, + struct TALER_MasterSignatureP *master_sig); + + +/** + * Verify AML officer status change signature. + * + * @param officer_pub public key of the AML officer + * @param officer_name name of the officer + * @param change_date when to affect the status change + * @param is_active true to enable the officer + * @param read_only true to only allow read-only access + * @param master_pub public key to verify against + * @param master_sig the signature the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_offline_aml_officer_status_verify ( + const struct TALER_AmlOfficerPublicKeyP *officer_pub, + const char *officer_name, + struct GNUNET_TIME_Timestamp change_date, + bool is_active, + bool read_only, + const struct TALER_MasterPublicKeyP *master_pub, + const struct TALER_MasterSignatureP *master_sig); + + +/** * Create auditor addition signature. * * @param auditor_pub public key of the auditor @@ -4547,6 +5044,55 @@ TALER_exchange_offline_partner_details_verify ( /** + * Create offline signature about wiring profits to a + * regular non-escrowed account of the exchange. + * + * @param wtid (random) wire transfer ID to be used + * @param date when was the profit drain approved (not exact time of execution) + * @param amount how much should be wired + * @param account_section configuration section of the + * exchange specifying the account to be debited + * @param payto_uri target account to be credited + * @param master_priv private key to sign with + * @param[out] master_sig where to write the signature + */ +void +TALER_exchange_offline_profit_drain_sign ( + const struct TALER_WireTransferIdentifierRawP *wtid, + struct GNUNET_TIME_Timestamp date, + const struct TALER_Amount *amount, + const char *account_section, + const char *payto_uri, + const struct TALER_MasterPrivateKeyP *master_priv, + struct TALER_MasterSignatureP *master_sig); + + +/** + * Verify offline signature about wiring profits to a + * regular non-escrowed account of the exchange. + * + * @param wtid (random) wire transfer ID to be used + * @param date when was the profit drain approved (not exact time of execution) + * @param amount how much should be wired + * @param account_section configuration section of the + * exchange specifying the account to be debited + * @param payto_uri target account to be credited + * @param master_pub public key to verify signature against + * @param master_sig the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_offline_profit_drain_verify ( + const struct TALER_WireTransferIdentifierRawP *wtid, + struct GNUNET_TIME_Timestamp date, + const struct TALER_Amount *amount, + const char *account_section, + const char *payto_uri, + const struct TALER_MasterPublicKeyP *master_pub, + const struct TALER_MasterSignatureP *master_sig); + + +/** * Create security module EdDSA signature. * * @param exchange_pub public signing key to validate @@ -4777,7 +5323,6 @@ TALER_exchange_offline_wire_fee_verify ( * @param end_time when do the fees start to apply * @param fees the global fees * @param purse_timeout how long do unmerged purses stay around - * @param kyc_timeout how long do we keep funds in a reserve without KYC? * @param history_expiration how long do we keep the history of an account * @param purse_account_limit how many concurrent purses are free per account holder * @param master_priv private key to sign with @@ -4789,7 +5334,6 @@ TALER_exchange_offline_global_fee_sign ( struct GNUNET_TIME_Timestamp end_time, const struct TALER_GlobalFeeSet *fees, struct GNUNET_TIME_Relative purse_timeout, - struct GNUNET_TIME_Relative kyc_timeout, struct GNUNET_TIME_Relative history_expiration, uint32_t purse_account_limit, const struct TALER_MasterPrivateKeyP *master_priv, @@ -4803,7 +5347,6 @@ TALER_exchange_offline_global_fee_sign ( * @param end_time when do the fees start to apply * @param fees the global fees * @param purse_timeout how long do unmerged purses stay around - * @param kyc_timeout how long do we keep funds in a reserve without KYC? * @param history_expiration how long do we keep the history of an account * @param purse_account_limit how many concurrent purses are free per account holder * @param master_pub public key to verify against @@ -4816,7 +5359,6 @@ TALER_exchange_offline_global_fee_verify ( struct GNUNET_TIME_Timestamp end_time, const struct TALER_GlobalFeeSet *fees, struct GNUNET_TIME_Relative purse_timeout, - struct GNUNET_TIME_Relative kyc_timeout, struct GNUNET_TIME_Relative history_expiration, uint32_t purse_account_limit, const struct TALER_MasterPublicKeyP *master_pub, @@ -4827,6 +5369,9 @@ TALER_exchange_offline_global_fee_verify ( * Create wire account addition signature. * * @param payto_uri bank account + * @param conversion_url URL of the conversion service, or NULL if none + * @param debit_restrictions JSON encoding of debit restrictions on the account; see AccountRestriction in the spec + * @param credit_restrictions JSON encoding of credit restrictions on the account; see AccountRestriction in the spec * @param now timestamp to use for the signature (rounded) * @param master_priv private key to sign with * @param[out] master_sig where to write the signature @@ -4834,6 +5379,9 @@ TALER_exchange_offline_global_fee_verify ( void TALER_exchange_offline_wire_add_sign ( const char *payto_uri, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, struct GNUNET_TIME_Timestamp now, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); @@ -4843,6 +5391,9 @@ TALER_exchange_offline_wire_add_sign ( * Verify wire account addition signature. * * @param payto_uri bank account + * @param conversion_url URL of the conversion service, or NULL if none + * @param debit_restrictions JSON encoding of debit restrictions on the account; see AccountRestriction in the spec + * @param credit_restrictions JSON encoding of credit restrictions on the account; see AccountRestriction in the spec * @param sign_time timestamp when signature was created * @param master_pub public key to verify against * @param master_sig the signature the signature @@ -4851,6 +5402,9 @@ TALER_exchange_offline_wire_add_sign ( enum GNUNET_GenericReturnValue TALER_exchange_offline_wire_add_verify ( const char *payto_uri, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, struct GNUNET_TIME_Timestamp sign_time, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig); @@ -4893,6 +5447,9 @@ TALER_exchange_offline_wire_del_verify ( * Check the signature in @a master_sig. * * @param payto_uri URI that is signed + * @param conversion_url URL of the conversion service, or NULL if none + * @param debit_restrictions JSON encoding of debit restrictions on the account; see AccountRestriction in the spec + * @param credit_restrictions JSON encoding of credit restrictions on the account; see AccountRestriction in the spec * @param master_pub master public key of the exchange * @param master_sig signature of the exchange * @return #GNUNET_OK if signature is valid @@ -4900,6 +5457,9 @@ TALER_exchange_offline_wire_del_verify ( enum GNUNET_GenericReturnValue TALER_exchange_wire_signature_check ( const char *payto_uri, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig); @@ -4908,12 +5468,18 @@ TALER_exchange_wire_signature_check ( * Create a signed wire statement for the given account. * * @param payto_uri account specification + * @param conversion_url URL of the conversion service, or NULL if none + * @param debit_restrictions JSON encoding of debit restrictions on the account; see AccountRestriction in the spec + * @param credit_restrictions JSON encoding of credit restrictions on the account; see AccountRestriction in the spec * @param master_priv private key to sign with * @param[out] master_sig where to write the signature */ void TALER_exchange_wire_signature_make ( const char *payto_uri, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); @@ -4977,7 +5543,7 @@ void TALER_merchant_pay_sign ( const struct TALER_PrivateContractHashP *h_contract_terms, const struct TALER_MerchantPrivateKeyP *merch_priv, - struct GNUNET_CRYPTO_EddsaSignature *merch_sig); + struct TALER_MerchantSignatureP *merch_sig); /** @@ -5012,31 +5578,31 @@ TALER_merchant_contract_sign ( /* **************** /management/extensions offline signing **************** */ /** - * Create a signature for the hash of the configuration of an extension + * Create a signature for the hash of the manifests of extensions * - * @param h_config hash of the JSON object representing the configuration + * @param h_manifests hash of the JSON object representing the manifests * @param master_priv private key to sign with * @param[out] master_sig where to write the signature */ void -TALER_exchange_offline_extension_config_hash_sign ( - const struct TALER_ExtensionConfigHashP *h_config, +TALER_exchange_offline_extension_manifests_hash_sign ( + const struct TALER_ExtensionManifestsHashP *h_manifests, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); /** * Verify the signature in @a master_sig of the given hash, taken over the JSON - * blob representing the configuration of an extension + * blob representing the manifests of extensions * - * @param h_config hash of the JSON blob of a configuration of an extension + * @param h_manifest hash of the JSON blob of manifests of extensions * @param master_pub master public key of the exchange * @param master_sig signature of the exchange * @return #GNUNET_OK if signature is valid */ enum GNUNET_GenericReturnValue -TALER_exchange_offline_extension_config_hash_verify ( - const struct TALER_ExtensionConfigHashP *h_config, +TALER_exchange_offline_extension_manifests_hash_verify ( + const struct TALER_ExtensionManifestsHashP *h_manifest, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig ); @@ -5082,8 +5648,8 @@ struct TALER_AgeCommitment * * This struct is used in a call to TALER_age_commitment_attest to create an * attestation for a minimum age (if that minimum age is less or equal to the - * commited age for this proof). It consists of a list private keys, one per - * age group, for which the commited age is either lager or within that + * committed age for this proof). It consists of a list private keys, one per + * age group, for which the committed age is either lager or within that * particular group. */ struct TALER_AgeProof @@ -5159,12 +5725,11 @@ TALER_age_commitment_hash ( * @param age The actual age for which an age commitment is generated * @param seed The seed that goes into the key generation. MUST be chosen uniformly random. * @param[out] comm_proof The generated age commitment, ->priv and ->pub allocated via GNUNET_malloc() on success - * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise */ -enum GNUNET_GenericReturnValue +void TALER_age_restriction_commit ( const struct TALER_AgeMask *mask, - const uint8_t age, + uint8_t age, const struct GNUNET_HashCode *seed, struct TALER_AgeCommitmentProof *comm_proof); @@ -5189,7 +5754,7 @@ TALER_age_commitment_derive ( * * @param comm_proof The age commitment to be used for attestation. For successful attestation, it must contain the private key for the corresponding age group. * @param age Age (not age group) for which the an attestation should be done - * @param[out] attest Signature of the age with the appropriate key from the age commitment for the corresponding age group, if applicaple. + * @param[out] attest Signature of the age with the appropriate key from the age commitment for the corresponding age group, if applicable. * @return #GNUNET_OK on success, #GNUNET_NO when no attestation can be made for that age with the given commitment, #GNUNET_SYSERR otherwise */ enum GNUNET_GenericReturnValue @@ -5204,7 +5769,7 @@ TALER_age_commitment_attest ( * * @param commitment The age commitment that went into the attestation. Only the public keys are needed. * @param age Age (not age group) for which the an attestation should be done - * @param attest Signature of the age with the appropriate key from the age commitment for the corresponding age group, if applicaple. + * @param attest Signature of the age with the appropriate key from the age commitment for the corresponding age group, if applicable. * @return #GNUNET_OK when the attestation was successful, #GNUNET_NO no attestation couldn't be verified, #GNUNET_SYSERR otherwise */ enum GNUNET_GenericReturnValue @@ -5217,30 +5782,189 @@ TALER_age_commitment_verify ( /** * @brief helper function to free memory of a struct TALER_AgeCommitment * - * @param p the commitment from which all memory should be freed. + * @param ac the commitment from which all memory should be freed. */ void TALER_age_commitment_free ( - struct TALER_AgeCommitment *p); + struct TALER_AgeCommitment *ac); /** * @brief helper function to free memory of a struct TALER_AgeProof * - * @param p the proof of commitment from which all memory should be freed. + * @param ap the proof of commitment from which all memory should be freed. */ void TALER_age_proof_free ( - struct TALER_AgeProof *p); + struct TALER_AgeProof *ap); /** * @brief helper function to free memory of a struct TALER_AgeCommitmentProof * - * @param p the commitment and its proof from which all memory should be freed. + * @param acp the commitment and its proof from which all memory should be freed. */ void TALER_age_commitment_proof_free ( - struct TALER_AgeCommitmentProof *p); + struct TALER_AgeCommitmentProof *acp); + + +/** + * @brief helper function to allocate and copy a struct TALER_AgeCommitmentProof + * + * @param[in] acp The original age commitment proof + * @return The deep copy of @e acp, allocated + */ +struct TALER_AgeCommitmentProof * +TALER_age_commitment_proof_duplicate ( + const struct TALER_AgeCommitmentProof *acp); + +/** + * @brief helper function to copy a struct TALER_AgeCommitmentProof + * + * @param[in] acp The original age commitment proof + * @param[out] nacp The struct to copy the data into, with freshly allocated and copied keys. + */ +void +TALER_age_commitment_proof_deep_copy ( + const struct TALER_AgeCommitmentProof *acp, + struct TALER_AgeCommitmentProof *nacp); + +/** + * @brief For age-withdraw, clients have to prove that the public keys for all + * age groups larger than the allowed maximum age group are derived by scalar + * multiplication from this Edx25519 public key (in Crockford Base32 encoding): + * + * DZJRF6HXN520505XDAWM8NMH36QV9J3VH77265WQ09EBQ76QSKCG + * + * Its private key was chosen randomly and then deleted. + */ +extern struct +#ifndef AGE_RESTRICTION_WITH_ECDSA +GNUNET_CRYPTO_Edx25519PublicKey +#else +GNUNET_CRYPTO_EcdsaPublicKey +#endif +TALER_age_commitment_base_public_key; + +/** + * @brief Similar to TALER_age_restriction_commit, but takes the coin's + * private key as seed input and calculates the public keys in the slots larger + * than the given age as derived from TALER_age_commitment_base_public_key. + * + * See https://docs.taler.net/core/api-exchange.html#withdraw-with-age-restriction + * + * @param secret The master secret of the coin from which we derive the age restriction + * @param mask The age mask, defining the age groups + * @param max_age The maximum age for this coin. + * @param[out] comm_proof The commitment and proof for age restriction for age @a max_age + */ +void +TALER_age_restriction_from_secret ( + const struct TALER_PlanchetMasterSecretP *secret, + const struct TALER_AgeMask *mask, + const uint8_t max_age, + struct TALER_AgeCommitmentProof *comm_proof); + + +/** + * Group of Denominations. These are the common fields of an array of + * denominations. + * + * The corresponding JSON-blob will also contain an array of particular + * denominations with only the timestamps, cipher-specific public key and the + * master signature. + */ +struct TALER_DenominationGroup +{ + + /** + * Value of coins in this denomination group. + */ + struct TALER_Amount value; + + /** + * Fee structure for all coins in the group. + */ + struct TALER_DenomFeeSet fees; + + /** + * Cipher used for the denomination. + */ + enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; + + /** + * Age mask for the denomination. + */ + struct TALER_AgeMask age_mask; + +}; + + +/** + * Compute a unique key for the meta data of a denomination group. + * + * @param dg denomination group to evaluate + * @param[out] key key to set + */ +void +TALER_denomination_group_get_key ( + const struct TALER_DenominationGroup *dg, + struct GNUNET_HashCode *key); + + +/** + * Token family public key. + */ +struct TALER_TokenFamilyPublicKey +{ + /** + * Type of the signature. + */ + struct GNUNET_CRYPTO_BlindSignPublicKey public_key; +}; + +/** + * Hash of a public key of a token family. + */ +struct TALER_TokenFamilyPublicKeyHash +{ + /** + * Hash of the token public key. + */ + struct GNUNET_HashCode hash; +}; + +/** + * Token family private key. + */ +struct TALER_TokenFamilyPrivateKey +{ + struct GNUNET_CRYPTO_BlindSignPrivateKey private_key; +}; + +/** + * Token public key. + */ +struct TALER_TokenPublicKey +{ + struct GNUNET_CRYPTO_EddsaPublicKey public_key; +}; + +/** + * Signature made using a token private key. + */ +struct TALER_TokenSignature +{ + struct GNUNET_CRYPTO_EddsaSignature signature; +}; + +/** + * Blind signature for a token (signed by merchant). + */ +struct TALER_TokenBlindSignature +{ + struct GNUNET_CRYPTO_BlindedSignature signature; +}; #endif |