diff options
Diffstat (limited to 'src/include/taler_crypto_lib.h')
| -rw-r--r-- | src/include/taler_crypto_lib.h | 4775 |
1 files changed, 4507 insertions, 268 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 71579170a..b941316b5 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2020 Taler Systems SA + Copyright (C) 2014-2023 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -18,14 +18,88 @@ * @brief taler-specific crypto functions * @author Sree Harsha Totakura <sreeharsha@totakura.in> * @author Christian Grothoff <christian@grothoff.org> + * @author Özgür Kesim <oec-taler@kesim.org> */ +#if ! defined (__TALER_UTIL_LIB_H_INSIDE__) +#error "Only <taler_util.h> can be included directly." +#endif + #ifndef TALER_CRYPTO_LIB_H #define TALER_CRYPTO_LIB_H #include <gnunet/gnunet_util_lib.h> -#include "taler_util.h" #include "taler_error_codes.h" #include <gcrypt.h> +#include <jansson.h> + + +/** + * Maximum number of coins we allow per operation. + */ +#define TALER_MAX_FRESH_COINS 256 + +/** + * Cut-and-choose size for refreshing. Client looses the gamble (of + * unaccountable transfers) with probability 1/TALER_CNC_KAPPA. Refresh cost + * increases linearly with TALER_CNC_KAPPA, and 3 is sufficient up to a + * income/sales tax of 66% of total transaction value. As there is + * no good reason to change this security parameter, we declare it + * fixed and part of the protocol. + */ +#define TALER_CNC_KAPPA 3 +#define TALER_CNC_KAPPA_MINUS_ONE_STR "2" + + +/** + * Possible AML decision states. + */ +enum TALER_AmlDecisionState +{ + + /** + * All AML requirements are currently satisfied. + */ + TALER_AML_NORMAL = 0, + + /** + * An AML investigation is pending. + */ + TALER_AML_PENDING = 1, + + /** + * An AML decision has concluded that the funds must be frozen. + */ + TALER_AML_FROZEN = 2, + + /** + * Maximum allowed numeric value for AML status. + */ + TALER_AML_MAX = 2 +}; + + +/** + * Possible algorithms for confirmation code generation. + */ +enum TALER_MerchantConfirmationAlgorithm +{ + + /** + * No purchase confirmation. + */ + TALER_MCA_NONE = 0, + + /** + * Purchase confirmation without payment + */ + TALER_MCA_WITHOUT_PRICE = 1, + + /** + * Purchase confirmation with payment + */ + TALER_MCA_WITH_PRICE = 2 + +}; /* ****************** Coin crypto primitives ************* */ @@ -45,6 +119,26 @@ struct TALER_SecurityModulePublicKeyP struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; }; +/** + * @brief Set of the public keys of the security modules + */ +struct TALER_SecurityModulePublicKeySetP +{ + /** + * Public key of the RSA security module + */ + struct TALER_SecurityModulePublicKeyP rsa; + + /** + * Public key of the CS security module + */ + struct TALER_SecurityModulePublicKeyP cs; + + /** + * Public key of the eddsa security module + */ + struct TALER_SecurityModulePublicKeyP eddsa; +}; /** * @brief Type of private keys for Taler security modules (software or hardware). @@ -107,6 +201,18 @@ struct TALER_ReserveSignatureP /** + * (Symmetric) key used to encrypt KYC attribute data in the database. + */ +struct TALER_AttributeKeyP +{ + /** + * Actual key material. + */ + struct GNUNET_HashCode key; +}; + + +/** * @brief Type of public keys to for merchant authorizations. * Merchants can issue refunds using the corresponding * private key. @@ -160,7 +266,7 @@ struct TALER_TransferPublicKeyP /** - * @brief Type of transfer public keys used during refresh + * @brief Type of transfer private keys used during refresh * operations. */ struct TALER_TransferPrivateKeyP @@ -173,6 +279,32 @@ struct TALER_TransferPrivateKeyP /** + * @brief Type of public keys used for contract + * encryption. + */ +struct TALER_ContractDiffiePublicP +{ + /** + * Taler uses ECDHE for contract encryption. + */ + struct GNUNET_CRYPTO_EcdhePublicKey ecdhe_pub; +}; + + +/** + * @brief Type of private keys used for contract + * encryption. + */ +struct TALER_ContractDiffiePrivateP +{ + /** + * Taler uses ECDHE for contract encryption. + */ + struct GNUNET_CRYPTO_EcdhePrivateKey ecdhe_priv; +}; + + +/** * @brief Type of online public keys used by the exchange to sign * messages. */ @@ -223,6 +355,30 @@ struct TALER_MasterPublicKeyP /** + * @brief Type of the offline master public keys used by the exchange. + */ +struct TALER_MasterPrivateKeyP +{ + /** + * Taler uses EdDSA for the long-term offline master key. + */ + struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; +}; + + +/** + * @brief Type of signatures by the offline master public key used by the exchange. + */ +struct TALER_MasterSignatureP +{ + /** + * Taler uses EdDSA for the long-term offline master key. + */ + struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; +}; + + +/** * @brief Type of the private key used by the auditor. */ struct TALER_AuditorPrivateKeyP @@ -259,77 +415,201 @@ struct TALER_AuditorSignatureP /** - * @brief Type of the offline master public keys used by the exchange. + * @brief Type of public keys for Taler coins. The same key material is used + * for EdDSA and ECDHE operations. */ -struct TALER_MasterPrivateKeyP +struct TALER_CoinSpendPublicKeyP { /** - * Taler uses EdDSA for the long-term offline master key. + * Taler uses EdDSA for coins when signing deposit requests. */ - struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; + struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; + }; /** - * @brief Type of signatures by the offline master public key used by the exchange. + * @brief Type of private keys for Taler coins. The same key material is used + * for EdDSA and ECDHE operations. */ -struct TALER_MasterSignatureP +struct TALER_CoinSpendPrivateKeyP { /** - * Taler uses EdDSA for the long-term offline master key. + * Taler uses EdDSA for coins when signing deposit requests. + */ + struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; +}; + +/** + * @brief Type of signatures made with Taler coins. + */ +struct TALER_CoinSpendSignatureP +{ + /** + * Taler uses EdDSA for coins. */ struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; }; /** - * @brief Type of public keys for Taler coins. The same key material is used - * for EdDSA and ECDHE operations. + * @brief Type of private keys for age commitment in coins. */ -struct TALER_CoinSpendPublicKeyP +struct TALER_AgeCommitmentPrivateKeyP { +#ifdef AGE_RESTRICTION_WITH_ECDSA /** - * Taler uses EdDSA for coins when signing deposit requests. + * Taler uses EcDSA for coins when signing age verification attestation. + */ + struct GNUNET_CRYPTO_EcdsaPrivateKey priv; +#else + /** + * Taler uses Edx25519 for coins when signing age verification attestation. + */ + struct GNUNET_CRYPTO_Edx25519PrivateKey priv; +#endif +}; + + +/** + * @brief Type of public keys for age commitment in coins. + */ +struct TALER_AgeCommitmentPublicKeyP +{ +#ifdef AGE_RESTRICTION_WITH_ECDSA + /** + * Taler uses EcDSA for coins when signing age verification attestation. + */ + struct GNUNET_CRYPTO_EcdsaPublicKey pub; +#else + /** + * Taler uses Edx25519 for coins when signing age verification attestation. + */ + struct GNUNET_CRYPTO_Edx25519PublicKey pub; +#endif +}; + + +/* + * @brief Hash to represent the commitment to n*kappa blinded keys during a + * age-withdrawal. It is the running SHA512 hash over the hashes of the blinded + * envelopes of n*kappa coins. + */ +struct TALER_AgeWithdrawCommitmentHashP +{ + struct GNUNET_HashCode hash; +}; + + +/** + * @brief Type of online public keys used by the wallet to establish a purse and the associated contract meta data. + */ +struct TALER_PurseContractPublicKeyP +{ + /** + * Taler uses EdDSA for purse message signing. */ struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; +}; + +/** + * @brief Type of online private keys used by the wallet to + * bind a purse to a particular contract (and other meta data). + */ +struct TALER_PurseContractPrivateKeyP +{ + /** + * Taler uses EdDSA for online signatures sessions. + */ + struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; }; /** - * @brief Type of private keys for Taler coins. The same key material is used - * for EdDSA and ECDHE operations. + * @brief Type of signatures used by the wallet to sign purse creation messages online. */ -struct TALER_CoinSpendPrivateKeyP +struct TALER_PurseContractSignatureP { /** - * Taler uses EdDSA for coins when signing deposit requests. + * Taler uses EdDSA for online signatures sessions. + */ + struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; +}; + + +/** + * @brief Type of online public keys used by the wallet to + * sign a merge of a purse into an account. + */ +struct TALER_PurseMergePublicKeyP +{ + /** + * Taler uses EdDSA for purse message signing. + */ + struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; +}; + + +/** + * @brief Type of online private keys used by the wallet to + * sign a merge of a purse into an account. + */ +struct TALER_PurseMergePrivateKeyP +{ + /** + * Taler uses EdDSA for online signatures sessions. */ struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; }; /** - * @brief Type of signatures made with Taler coins. + * @brief Type of signatures used by the wallet to sign purse merge requests online. */ -struct TALER_CoinSpendSignatureP +struct TALER_PurseMergeSignatureP { /** - * Taler uses EdDSA for coins. + * Taler uses EdDSA for online signatures sessions. */ struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; }; /** - * @brief Type of blinding keys for Taler. + * @brief Type of online public keys used by AML officers. + */ +struct TALER_AmlOfficerPublicKeyP +{ + /** + * Taler uses EdDSA for AML decision signing. + */ + struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; +}; + + +/** + * @brief Type of online private keys used to identify + * AML officers. */ -struct TALER_DenominationBlindingKeyP +struct TALER_AmlOfficerPrivateKeyP { /** - * Taler uses RSA for blind signatures. + * Taler uses EdDSA for AML decision signing. */ - struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; + struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; +}; + + +/** + * @brief Type of signatures used by AML officers. + */ +struct TALER_AmlOfficerSignatureP +{ + /** + * Taler uses EdDSA for AML decision signing. + */ + struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; }; @@ -347,6 +627,19 @@ struct TALER_RefreshCommitmentP /** + * Symmetric key we use to encrypt KYC attributes + * in our database. + */ +struct TALER_AttributeEncryptionKeyP +{ + /** + * The key is a hash code. + */ + struct GNUNET_HashCode hash; +}; + + +/** * Token used for access control to the merchant's unclaimed * orders. */ @@ -359,30 +652,609 @@ struct TALER_ClaimTokenP }; +/** + * Salt used to hash a merchant's payto:// URI to + * compute the "h_wire" (say for deposit requests). + */ +struct TALER_WireSaltP +{ + /** + * Actual 128-bit salt value. + */ + uint32_t salt[4]; +}; + + +/** + * Hash used to represent an CS public key. Does not include age + * restrictions and is ONLY for CS. Used ONLY for interactions with the CS + * security module. + */ +struct TALER_CsPubHashP +{ + /** + * Actual hash value. + */ + struct GNUNET_HashCode hash; +}; + + +/** + * Hash used to represent an RSA public key. Does not include age + * restrictions and is ONLY for RSA. Used ONLY for interactions with the RSA + * security module. + */ +struct TALER_RsaPubHashP +{ + /** + * Actual hash value. + */ + struct GNUNET_HashCode hash; +}; + + +/** + * Master key material for the deriviation of + * private coins and blinding factors during + * withdraw or refresh. + */ +struct TALER_PlanchetMasterSecretP +{ + + /** + * Key material. + */ + uint32_t key_data[8]; + +}; + + +/** + * Master key material for the deriviation of + * private coins and blinding factors. + */ +struct TALER_RefreshMasterSecretP +{ + + /** + * Key material. + */ + uint32_t key_data[8]; + +}; + + +/** + * Hash used to represent a denomination public key + * and associated age restrictions (if any). + */ +struct TALER_DenominationHashP +{ + /** + * Actual hash value. + */ + struct GNUNET_HashCode hash; +}; + + +/** + * Hash used to represent the private part + * of a contract between merchant and consumer. + */ +struct TALER_PrivateContractHashP +{ + /** + * Actual hash value. + */ + struct GNUNET_HashCode hash; +}; + + +/** + * Hash used to represent the policy extension to a deposit + */ +struct TALER_ExtensionPolicyHashP +{ + /** + * Actual hash value. + */ + struct GNUNET_HashCode hash; +}; + + +/** + * Hash used to represent the salted hash of a + * merchant's bank account. + */ +struct TALER_MerchantWireHashP +{ + /** + * Actual hash value. + */ + struct GNUNET_HashCode hash; +}; + + +/** + * Hash used to represent the unsalted hash of a + * payto:// URI representing a bank account. + */ +struct TALER_PaytoHashP +{ + /** + * Actual hash value. + */ + struct GNUNET_ShortHashCode hash; +}; + + +/** + * Hash used to represent a commitment to a blinded + * coin, i.e. the hash of the envelope. + */ +struct TALER_BlindedCoinHashP +{ + /** + * Actual hash value. + */ + struct GNUNET_HashCode hash; +}; + + +/** + * Hash used to represent the hash of the public + * key of a coin (without blinding). + */ +struct TALER_CoinPubHashP +{ + /** + * Actual hash value. + */ + struct GNUNET_HashCode hash; +}; + + +/** + * @brief Value that uniquely identifies a reward. + */ +struct TALER_RewardIdentifierP +{ + /** + * The tip identifier is a SHA-512 hash code. + */ + struct GNUNET_HashCode hash; +}; + + +/** + * @brief Value that uniquely identifies a tip pick up operation. + */ +struct TALER_PickupIdentifierP +{ + /** + * The pickup identifier is a SHA-512 hash code. + */ + struct GNUNET_HashCode hash; +}; + + +/** + * @brief Salted hash over the JSON object representing the manifests of + * extensions. + */ +struct TALER_ExtensionManifestsHashP +{ + /** + * Actual hash value. + */ + struct GNUNET_HashCode hash; +}; + + +/** + * Set of the fees applying to a denomination. + */ +struct TALER_DenomFeeSetNBOP +{ + + /** + * The fee the exchange charges when a coin of this type is withdrawn. + * (can be zero). + */ + struct TALER_AmountNBO withdraw; + + /** + * The fee the exchange charges when a coin of this type is deposited. + * (can be zero). + */ + struct TALER_AmountNBO deposit; + + /** + * The fee the exchange charges when a coin of this type is refreshed. + * (can be zero). + */ + struct TALER_AmountNBO refresh; + + /** + * The fee the exchange charges when a coin of this type is refunded. + * (can be zero). Note that refund fees are charged to the customer; + * if a refund is given, the deposit fee is also refunded. + */ + struct TALER_AmountNBO refund; + +}; + + +/** + * Set of the fees applying for a given + * time-range and wire method. + */ +struct TALER_WireFeeSetNBOP +{ + + /** + * The fee the exchange charges for wiring funds + * to a merchant. + */ + struct TALER_AmountNBO wire; + + /** + * The fee the exchange charges for closing a reserve + * and wiring the funds back to the origin account. + */ + struct TALER_AmountNBO closing; + +}; + + +/** + * Set of the fees applying globally for a given + * time-range. + */ +struct TALER_GlobalFeeSetNBOP +{ + + /** + * The fee the exchange charges for returning the history of a reserve or + * account. + */ + struct TALER_AmountNBO history; + + /** + * The fee the exchange charges for keeping an account or reserve open for a + * year. + */ + struct TALER_AmountNBO account; + + /** + * The fee the exchange charges if a purse is abandoned and this was not + * covered by the account limit. + */ + struct TALER_AmountNBO purse; +}; + + GNUNET_NETWORK_STRUCT_END /** + * Compute RFC 3548 base32 decoding of @a val and write + * result to @a udata. + * + * @param val value to decode + * @param val_size number of bytes in @a val + * @param key is the val in bits + * @param key_len is the size of @a key + */ +int +TALER_rfc3548_base32decode (const char *val, + size_t val_size, + void *key, + size_t key_len); + + +/** + * @brief Builds POS confirmation token to verify payment. + * + * @param pos_key encoded key for verification payment + * @param pos_alg algorithm to compute the payment verification + * @param total of the order paid + * @param ts is the time given + * @return POS token on success, NULL otherwise + */ +char * +TALER_build_pos_confirmation (const char *pos_key, + enum TALER_MerchantConfirmationAlgorithm pos_alg, + const struct TALER_Amount *total, + struct GNUNET_TIME_Timestamp ts); + + +/** + * Set of the fees applying to a denomination. + */ +struct TALER_DenomFeeSet +{ + + /** + * The fee the exchange charges when a coin of this type is withdrawn. + * (can be zero). + */ + struct TALER_Amount withdraw; + + /** + * The fee the exchange charges when a coin of this type is deposited. + * (can be zero). + */ + struct TALER_Amount deposit; + + /** + * The fee the exchange charges when a coin of this type is refreshed. + * (can be zero). + */ + struct TALER_Amount refresh; + + /** + * The fee the exchange charges when a coin of this type is refunded. + * (can be zero). Note that refund fees are charged to the customer; + * if a refund is given, the deposit fee is also refunded. + */ + struct TALER_Amount refund; + +}; + + +/** + * Set of the fees applying for a given time-range and wire method. + */ +struct TALER_WireFeeSet +{ + + /** + * The fee the exchange charges for wiring funds to a merchant. + */ + struct TALER_Amount wire; + + /** + * The fee the exchange charges for closing a reserve + * and wiring the funds back to the origin account. + */ + struct TALER_Amount closing; + +}; + + +/** + * Set of the fees applying globally for a given + * time-range. + */ +struct TALER_GlobalFeeSet +{ + + /** + * The fee the exchange charges for returning the + * history of a reserve or account. + */ + struct TALER_Amount history; + + /** + * The fee the exchange charges for keeping + * an account or reserve open for a year. + */ + struct TALER_Amount account; + + /** + * The fee the exchange charges if a purse + * is abandoned and this was not covered by + * the account limit. + */ + struct TALER_Amount purse; +}; + + +/** + * Convert fee set from host to network byte order. + * + * @param[out] nbo where to write the result + * @param fees fee set to convert + */ +void +TALER_denom_fee_set_hton (struct TALER_DenomFeeSetNBOP *nbo, + const struct TALER_DenomFeeSet *fees); + + +/** + * Convert fee set from network to host network byte order. + * + * @param[out] fees where to write the result + * @param nbo fee set to convert + */ +void +TALER_denom_fee_set_ntoh (struct TALER_DenomFeeSet *fees, + const struct TALER_DenomFeeSetNBOP *nbo); + + +/** + * Convert global fee set from host to network byte order. + * + * @param[out] nbo where to write the result + * @param fees fee set to convert + */ +void +TALER_global_fee_set_hton (struct TALER_GlobalFeeSetNBOP *nbo, + const struct TALER_GlobalFeeSet *fees); + + +/** + * Convert global fee set from network to host network byte order. + * + * @param[out] fees where to write the result + * @param nbo fee set to convert + */ +void +TALER_global_fee_set_ntoh (struct TALER_GlobalFeeSet *fees, + const struct TALER_GlobalFeeSetNBOP *nbo); + + +/** + * Compare global fee sets. + * + * @param f1 first set to compare + * @param f2 second set to compare + * @return 0 if sets are equal + */ +int +TALER_global_fee_set_cmp (const struct TALER_GlobalFeeSet *f1, + const struct TALER_GlobalFeeSet *f2); + + +/** + * Convert wire fee set from host to network byte order. + * + * @param[out] nbo where to write the result + * @param fees fee set to convert + */ +void +TALER_wire_fee_set_hton (struct TALER_WireFeeSetNBOP *nbo, + const struct TALER_WireFeeSet *fees); + + +/** + * Convert wire fee set from network to host network byte order. + * + * @param[out] fees where to write the result + * @param nbo fee set to convert + */ +void +TALER_wire_fee_set_ntoh (struct TALER_WireFeeSet *fees, + const struct TALER_WireFeeSetNBOP *nbo); + + +/** + * Compare wire fee sets. + * + * @param f1 first set to compare + * @param f2 second set to compare + * @return 0 if sets are equal + */ +int +TALER_wire_fee_set_cmp (const struct TALER_WireFeeSet *f1, + const struct TALER_WireFeeSet *f2); + + +/** + * Hash @a rsa. + * + * @param rsa key to hash + * @param[out] h_rsa where to write the result + */ +void +TALER_rsa_pub_hash (const struct GNUNET_CRYPTO_RsaPublicKey *rsa, + struct TALER_RsaPubHashP *h_rsa); + + +/** + * Hash @a cs. + * + * @param cs key to hash + * @param[out] h_cs where to write the result + */ +void +TALER_cs_pub_hash (const struct GNUNET_CRYPTO_CsPublicKey *cs, + struct TALER_CsPubHashP *h_cs); + + +/** * @brief Type of (unblinded) coin signatures for Taler. */ struct TALER_DenominationSignature { /** - * Taler uses RSA for blinding. + * Denominations use blind signatures. + */ + struct GNUNET_CRYPTO_UnblindedSignature *unblinded_sig; +}; + + +/** + * @brief Type for *blinded* denomination signatures for Taler. + * Must be unblinded before it becomes valid. + */ +struct TALER_BlindedDenominationSignature +{ + /** + * Denominations use blind signatures. */ - struct GNUNET_CRYPTO_RsaSignature *rsa_signature; + struct GNUNET_CRYPTO_BlindedSignature *blinded_sig; }; +/* *************** Age Restriction *********************************** */ + +/* + * @brief Type of a list of age groups, represented as bit mask. + * + * The bits set in the mask mark the edges at the beginning of a next age + * group. F.e. for the age groups + * 0-7, 8-9, 10-11, 12-13, 14-15, 16-17, 18-21, 21-* + * the following bits are set: + * + * 31 24 16 8 0 + * | | | | | + * oooooooo oo1oo1o1 o1o1o1o1 ooooooo1 + * + * A value of 0 means that the exchange does not support the extension for + * age-restriction. + * + * For a non-0 age mask, the 0th bit always must be set, otherwise the age + * mask is considered invalid. + */ +struct TALER_AgeMask +{ + uint32_t bits; +}; + +/** + * @brief Age commitment of a coin. + */ +struct TALER_AgeCommitmentHash +{ + /** + * The commitment is a SHA-256 hash code. + */ + struct GNUNET_ShortHashCode shash; +}; + +/** + * @brief Signature of an age with the private key for the corresponding age group of an age commitment. + */ +struct TALER_AgeAttestation +{ +#ifdef AGE_RESTRICTION_WITH_ECDSA + struct GNUNET_CRYPTO_EcdsaSignature signature; +#else + struct GNUNET_CRYPTO_Edx25519Signature signature; +#endif +}; + +#define TALER_AgeCommitmentHash_isNullOrZero(ph) ((NULL == ph) || \ + GNUNET_is_zero (ph)) + /** * @brief Type of public signing keys for verifying blindly signed coins. */ struct TALER_DenominationPublicKey { + /** - * Taler uses RSA for signing coins. + * Age restriction mask used for the key. */ - struct GNUNET_CRYPTO_RsaPublicKey *rsa_public_key; + struct TALER_AgeMask age_mask; + + /** + * Type of the public key. + */ + struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub_key; + }; @@ -391,10 +1263,22 @@ struct TALER_DenominationPublicKey */ struct TALER_DenominationPrivateKey { + + struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv_key; + +}; + + +/** + * @brief Blinded planchet send to exchange for blind signing. + */ +struct TALER_BlindedPlanchet +{ /** - * Taler uses RSA for signing coins. + * A blinded message. */ - struct GNUNET_CRYPTO_RsaPrivateKey *rsa_private_key; + struct GNUNET_CRYPTO_BlindedMessage *blinded_message; + }; @@ -414,7 +1298,18 @@ struct TALER_CoinPublicInfo * Hash of the public key representing the denomination of the coin that is * being deposited. */ - struct GNUNET_HashCode denom_pub_hash; + struct TALER_DenominationHashP denom_pub_hash; + + /** + * Hash of the age commitment. If no age commitment was provided, it must be + * set to all zeroes. + */ + struct TALER_AgeCommitmentHash h_age_commitment; + + /** + * True, if age commitment is not applicable. + */ + bool no_age_commitment; /** * (Unblinded) signature over @e coin_pub with @e denom_pub, @@ -433,7 +1328,7 @@ struct TALER_TrackTransferDetails /** * Hash of the proposal data. */ - struct GNUNET_HashCode h_contract_terms; + struct TALER_PrivateContractHashP h_contract_terms; /** * Which coin was deposited? @@ -441,19 +1336,391 @@ struct TALER_TrackTransferDetails struct TALER_CoinSpendPublicKeyP coin_pub; /** - * Value of the deposit (including fee). + * Value of the deposit (including fee), after refunds. */ struct TALER_Amount coin_value; /** - * Fee charged by the exchange for the deposit. + * Fee charged by the exchange for the deposit, + * possibly reduced (or waived) due to refunds. */ struct TALER_Amount coin_fee; + /** + * Total amount of refunds applied to this coin. + */ + struct TALER_Amount refund_total; + +}; + + +/** + * @brief Inputs needed from the exchange for blind signing. + */ +struct TALER_ExchangeWithdrawValues +{ + + /** + * Input values. + */ + struct GNUNET_CRYPTO_BlindingInputValues *blinding_inputs; }; /** + * Return the alg value singleton for creation of + * blinding secrets for RSA. + * + * @return singleton to use for RSA blinding + */ +const struct TALER_ExchangeWithdrawValues * +TALER_denom_ewv_rsa_singleton (void); + + +/** + * Make a (deep) copy of the given @a bi_src to + * @a bi_dst. + * + * @param[out] bi_dst target to copy to + * @param bi_src blinding input values to copy + */ +void +TALER_denom_ewv_copy ( + struct TALER_ExchangeWithdrawValues *bi_dst, + const struct TALER_ExchangeWithdrawValues *bi_src); + + +/** + * Create private key for a Taler coin. + * @param ps planchet secret to derive coin priv key + * @param alg_values includes algorithm specific values + * @param[out] coin_priv private key to initialize + */ +void +TALER_planchet_setup_coin_priv ( + const struct TALER_PlanchetMasterSecretP *ps, + const struct TALER_ExchangeWithdrawValues *alg_values, + struct TALER_CoinSpendPrivateKeyP *coin_priv); + + +/** + * @brief Method to derive withdraw /csr nonce + * + * @param ps planchet secrets of the coin + * @param[out] nonce withdraw nonce included in the request to generate R_0 and R_1 + */ +void +TALER_cs_withdraw_nonce_derive ( + const struct TALER_PlanchetMasterSecretP *ps, + struct GNUNET_CRYPTO_CsSessionNonce *nonce); + + +/** + * @brief Method to derive /csr nonce + * to be used during refresh/melt operation. + * + * @param rms secret input for the refresh operation + * @param idx index of the fresh coin + * @param[out] nonce set to nonce included in the request to generate R_0 and R_1 + */ +void +TALER_cs_refresh_nonce_derive ( + const struct TALER_RefreshMasterSecretP *rms, + uint32_t idx, + struct GNUNET_CRYPTO_CsSessionNonce *nonce); + + +/** + * Initialize denomination public-private key pair. + * + * For #GNUNET_CRYPTO_BSA_RSA, an additional "unsigned int" + * argument with the number of bits for 'n' (e.g. 2048) must + * be passed. + * + * @param[out] denom_priv where to write the private key + * @param[out] denom_pub where to write the public key + * @param cipher which type of cipher to use + * @param ... RSA key size (eg. 2048/3072/4096) + * @return #GNUNET_OK on success, #GNUNET_NO if parameters were invalid + */ +enum GNUNET_GenericReturnValue +TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv, + struct TALER_DenominationPublicKey *denom_pub, + enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, + ...); + + +/** + * Free internals of @a denom_pub, but not @a denom_pub itself. + * + * @param[in] denom_pub key to free + */ +void +TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub); + + +/** + * Free internals of @a ewv, but not @a ewv itself. + * + * @param[in] ewv input values to free + */ +void +TALER_denom_ewv_free (struct TALER_ExchangeWithdrawValues *ewv); + + +/** + * Free internals of @a denom_priv, but not @a denom_priv itself. + * + * @param[in] denom_priv key to free + */ +void +TALER_denom_priv_free (struct TALER_DenominationPrivateKey *denom_priv); + + +/** + * Free internals of @a denom_sig, but not @a denom_sig itself. + * + * @param[in] denom_sig signature to free + */ +void +TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig); + + +/** + * Blind coin for blind signing with @a dk using blinding secret @a coin_bks. + * + * NOTE: As a particular oddity, the @a blinded_planchet is only partially + * initialized by this function in the case of CS-denominations. Here, the + * 'nonce' must be initialized separately! + * + * @param dk denomination public key to blind for + * @param coin_bks blinding secret to use + * @param nonce nonce used to derive session values, + * could be NULL for ciphers that do not use it + * @param age_commitment_hash hash of the age commitment to be used for the coin. NULL if no commitment is made. + * @param coin_pub public key of the coin to blind + * @param alg_values algorithm specific values to blind the planchet + * @param[out] c_hash resulting hashed coin + * @param[out] blinded_planchet planchet data to initialize + * @return #GNUNET_OK on success + */ +enum GNUNET_GenericReturnValue +TALER_denom_blind (const struct TALER_DenominationPublicKey *dk, + const union GNUNET_CRYPTO_BlindingSecretP *coin_bks, + const union GNUNET_CRYPTO_BlindSessionNonce *nonce, + const struct TALER_AgeCommitmentHash *age_commitment_hash, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_ExchangeWithdrawValues *alg_values, + struct TALER_CoinPubHashP *c_hash, + struct TALER_BlindedPlanchet *blinded_planchet); + + +/** + * Create blinded signature. + * + * @param[out] denom_sig where to write the signature + * @param denom_priv private key to use for signing + * @param for_melt true to use the HKDF for melt + * @param blinded_planchet the planchet already blinded + * @return #GNUNET_OK on success + */ +enum GNUNET_GenericReturnValue +TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, + const struct TALER_DenominationPrivateKey *denom_priv, + bool for_melt, + const struct TALER_BlindedPlanchet *blinded_planchet); + + +/** + * Unblind blinded signature. + * + * @param[out] denom_sig where to write the unblinded signature + * @param bdenom_sig the blinded signature + * @param bks blinding secret to use + * @param c_hash hash of the coin's public key for verification of the signature + * @param alg_values algorithm specific values + * @param denom_pub public key used for signing + * @return #GNUNET_OK on success + */ +enum GNUNET_GenericReturnValue +TALER_denom_sig_unblind ( + struct TALER_DenominationSignature *denom_sig, + const struct TALER_BlindedDenominationSignature *bdenom_sig, + const union GNUNET_CRYPTO_BlindingSecretP *bks, + const struct TALER_CoinPubHashP *c_hash, + const struct TALER_ExchangeWithdrawValues *alg_values, + const struct TALER_DenominationPublicKey *denom_pub); + + +/** + * Free internals of @a denom_sig, but not @a denom_sig itself. + * + * @param[in] denom_sig signature to free + */ +void +TALER_blinded_denom_sig_free ( + struct TALER_BlindedDenominationSignature *denom_sig); + + +/** + * Compute the hash of the given @a denom_pub. + * + * @param denom_pub public key to hash + * @param[out] denom_hash resulting hash value + */ +void +TALER_denom_pub_hash (const struct TALER_DenominationPublicKey *denom_pub, + struct TALER_DenominationHashP *denom_hash); + + +/** + * Make a (deep) copy of the given @a denom_src to + * @a denom_dst. + * + * @param[out] denom_dst target to copy to + * @param denom_src public key to copy + */ +void +TALER_denom_pub_copy (struct TALER_DenominationPublicKey *denom_dst, + const struct TALER_DenominationPublicKey *denom_src); + + +/** + * Make a (deep) copy of the given @a denom_src to + * @a denom_dst. + * + * @param[out] denom_dst target to copy to + * @param denom_src public key to copy + */ +void +TALER_denom_sig_copy (struct TALER_DenominationSignature *denom_dst, + const struct TALER_DenominationSignature *denom_src); + + +/** + * Make a (deep) copy of the given @a denom_src to + * @a denom_dst. + * + * @param[out] denom_dst target to copy to + * @param denom_src public key to copy + */ +void +TALER_blinded_denom_sig_copy ( + struct TALER_BlindedDenominationSignature *denom_dst, + const struct TALER_BlindedDenominationSignature *denom_src); + + +/** + * Compare two denomination public keys. + * + * @param denom1 first key + * @param denom2 second key + * @return 0 if the keys are equal, otherwise -1 or 1 + */ +int +TALER_denom_pub_cmp (const struct TALER_DenominationPublicKey *denom1, + const struct TALER_DenominationPublicKey *denom2); + + +/** + * Compare two denomination signatures. + * + * @param sig1 first signature + * @param sig2 second signature + * @return 0 if the keys are equal, otherwise -1 or 1 + */ +int +TALER_denom_sig_cmp (const struct TALER_DenominationSignature *sig1, + const struct TALER_DenominationSignature *sig2); + + +/** + * Compare two blinded denomination signatures. + * + * @param sig1 first signature + * @param sig2 second signature + * @return 0 if the keys are equal, otherwise -1 or 1 + */ +int +TALER_blinded_denom_sig_cmp ( + const struct TALER_BlindedDenominationSignature *sig1, + const struct TALER_BlindedDenominationSignature *sig2); + + +/** + * Compare two blinded planchets. + * + * @param bp1 first blinded planchet + * @param bp2 second blinded planchet + * @return 0 if the keys are equal, otherwise -1 or 1 + */ +int +TALER_blinded_planchet_cmp ( + const struct TALER_BlindedPlanchet *bp1, + const struct TALER_BlindedPlanchet *bp2); + + +/** + * Verify signature made with a denomination public key + * over a coin. + * + * @param denom_pub public denomination key + * @param denom_sig signature made with the private key + * @param c_hash hash over the coin + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_denom_pub_verify (const struct TALER_DenominationPublicKey *denom_pub, + const struct TALER_DenominationSignature *denom_sig, + const struct TALER_CoinPubHashP *c_hash); + + +/** + * Encrypts KYC attributes for storage in the database. + * + * @param key encryption key to use + * @param attr set of attributes to encrypt + * @param[out] enc_attr encrypted attribute data + * @param[out] enc_attr_size number of bytes in @a enc_attr + */ +void +TALER_CRYPTO_kyc_attributes_encrypt ( + const struct TALER_AttributeEncryptionKeyP *key, + const json_t *attr, + void **enc_attr, + size_t *enc_attr_size); + + +/** + * Encrypts KYC attributes for storage in the database. + * + * @param key encryption key to use + * @param enc_attr encrypted attribute data + * @param enc_attr_size number of bytes in @a enc_attr + * @return set of decrypted attributes, NULL on failure + */ +json_t * +TALER_CRYPTO_kyc_attributes_decrypt ( + const struct TALER_AttributeEncryptionKeyP *key, + const void *enc_attr, + size_t enc_attr_size); + + +/** + * Takes a set of KYC attributes and extracts key + * data that we use to detect similar / duplicate + * entries in the database. + * + * @param attr set of KYC attributes + * @param[out] kyc_prox set to the proximity hash + */ +void +TALER_CRYPTO_attributes_to_kyc_prox ( + const json_t *attr, + struct GNUNET_ShortHashCode *kyc_prox); + + +/** * Check if a coin is valid; that is, whether the denomination key exists, * is not expired, and the signature is correct. * @@ -468,31 +1735,41 @@ TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info, const struct TALER_DenominationPublicKey *denom_pub); -GNUNET_NETWORK_STRUCT_BEGIN - /** - * Header for serializations of coin-specific information about the - * fresh coins we generate. These are the secrets that arise during - * planchet generation, which is the first stage of creating a new - * coin. + * Compute the hash of a blinded coin. + * + * @param blinded_planchet blinded planchet + * @param denom_hash hash of the denomination public key + * @param[out] bch where to write the hash */ -struct TALER_PlanchetSecretsP -{ - - /** - * Private key of the coin. - */ - struct TALER_CoinSpendPrivateKeyP coin_priv; +void +TALER_coin_ev_hash (const struct TALER_BlindedPlanchet *blinded_planchet, + const struct TALER_DenominationHashP *denom_hash, + struct TALER_BlindedCoinHashP *bch); - /** - * The blinding key. - */ - struct TALER_DenominationBlindingKeyP blinding_key; -}; +/** + * Compute the hash of a coin. + * + * @param coin_pub public key of the coin + * @param age_commitment_hash hash of the age commitment vector. NULL, if no age commitment was set + * @param[out] coin_h where to write the hash + */ +void +TALER_coin_pub_hash (const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_AgeCommitmentHash *age_commitment_hash, + struct TALER_CoinPubHashP *coin_h); -GNUNET_NETWORK_STRUCT_END +/** + * Compute the hash of a payto URI. + * + * @param payto URI to hash + * @param[out] h_payto where to write the hash + */ +void +TALER_payto_hash (const char *payto, + struct TALER_PaytoHashP *h_payto); /** @@ -506,17 +1783,12 @@ struct TALER_PlanchetDetail /** * Hash of the denomination public key. */ - struct GNUNET_HashCode denom_pub_hash; - - /** - * Blinded coin (see GNUNET_CRYPTO_rsa_blind()). Note: is malloc()'ed! - */ - void *coin_ev; + struct TALER_DenominationHashP denom_pub_hash; /** - * Number of bytes in @a coin_ev. + * The blinded planchet */ - size_t coin_ev_size; + struct TALER_BlindedPlanchet blinded_planchet; }; @@ -538,6 +1810,10 @@ struct TALER_FreshCoin */ struct TALER_CoinSpendPrivateKeyP coin_priv; + /** + * Optional hash of an age commitment bound to this coin, maybe NULL. + */ + const struct TALER_AgeCommitmentHash *h_age_commitment; }; @@ -630,44 +1906,121 @@ GNUNET_NETWORK_STRUCT_END /** - * Setup information for a fresh coin, deriving the coin private key - * and the blinding factor from the @a secret_seed with a KDF salted - * by the @a coin_num_salt. + * Setup information for a fresh coin, deriving the coin planchet secrets from + * which we will later derive the private key and the blinding factor. The + * planchet secrets derivation is based on the @a secret_seed with a KDF + * salted by the @a coin_num_salt. * * @param secret_seed seed to use for KDF to derive coin keys * @param coin_num_salt number of the coin to include in KDF * @param[out] ps value to initialize */ void -TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed, - uint32_t coin_num_salt, - struct TALER_PlanchetSecretsP *ps); +TALER_transfer_secret_to_planchet_secret ( + const struct TALER_TransferSecretP *secret_seed, + uint32_t coin_num_salt, + struct TALER_PlanchetMasterSecretP *ps); + + +/** + * Derive the @a coin_num transfer private key @a tpriv from a refresh from + * the @a rms seed and the @a old_coin_pub of the refresh operation. The + * transfer private key derivation is based on the @a ps with a KDF salted by + * the @a coin_num. + * + * @param rms seed to use for KDF to derive transfer keys + * @param old_coin_priv private key of the old coin + * @param cnc_num cut and choose number to include in KDF + * @param[out] tpriv value to initialize + */ +void +TALER_planchet_secret_to_transfer_priv ( + const struct TALER_RefreshMasterSecretP *rms, + const struct TALER_CoinSpendPrivateKeyP *old_coin_priv, + uint32_t cnc_num, + struct TALER_TransferPrivateKeyP *tpriv); /** - * Setup information for a fresh coin. + * Setup secret seed information for fresh coins to be + * withdrawn. * * @param[out] ps value to initialize */ void -TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps); +TALER_planchet_master_setup_random ( + struct TALER_PlanchetMasterSecretP *ps); + + +/** + * Setup secret seed for fresh coins to be refreshed. + * + * @param[out] rms value to initialize + */ +void +TALER_refresh_master_setup_random ( + struct TALER_RefreshMasterSecretP *rms); + + +/** + * Create a blinding secret @a bks given the client's @a ps and the alg_values + * from the exchange. + * + * @param ps secret to derive blindings from + * @param alg_values withdraw values containing cipher and additional CS values + * @param[out] bks blinding secrets + */ +void +TALER_planchet_blinding_secret_create ( + const struct TALER_PlanchetMasterSecretP *ps, + const struct TALER_ExchangeWithdrawValues *alg_values, + union GNUNET_CRYPTO_BlindingSecretP *bks); /** - * Prepare a planchet for tipping. Creates and blinds a coin. + * Prepare a planchet for withdrawal. Creates and blinds a coin. * * @param dk denomination key for the coin to be created - * @param ps secret planchet internals (for #TALER_planchet_to_coin) + * @param alg_values algorithm specific values + * @param bks blinding secrets + * @param nonce session nonce used to get @a alg_values + * @param coin_priv coin private key + * @param ach hash of age commitment to bind to this coin, maybe NULL * @param[out] c_hash set to the hash of the public key of the coin (needed later) * @param[out] pd set to the planchet detail for TALER_MERCHANT_tip_pickup() and - * other withdraw operations + * other withdraw operations, `pd->blinded_planchet.cipher` will be set + * to cipher from @a dk * @return #GNUNET_OK on success */ enum GNUNET_GenericReturnValue -TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, - const struct TALER_PlanchetSecretsP *ps, - struct GNUNET_HashCode *c_hash, - struct TALER_PlanchetDetail *pd); +TALER_planchet_prepare ( + const struct TALER_DenominationPublicKey *dk, + const struct TALER_ExchangeWithdrawValues *alg_values, + const union GNUNET_CRYPTO_BlindingSecretP *bks, + const union GNUNET_CRYPTO_BlindSessionNonce *nonce, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + const struct TALER_AgeCommitmentHash *ach, + struct TALER_CoinPubHashP *c_hash, + struct TALER_PlanchetDetail *pd); + + +/** + * Frees blinded message inside blinded planchet depending on `blinded_planchet->cipher`. + * Does not free the @a blinded_planchet itself! + * + * @param[in] blinded_planchet blinded planchet + */ +void +TALER_blinded_planchet_free (struct TALER_BlindedPlanchet *blinded_planchet); + + +/** + * Frees blinded message inside planchet detail @a pd. + * + * @param[in] pd planchet detail to free + */ +void +TALER_planchet_detail_free (struct TALER_PlanchetDetail *pd); /** @@ -676,20 +2029,36 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, * * @param dk denomination key, must match what was given to #TALER_planchet_prepare() * @param blind_sig blind signature from the exchange - * @param ps secrets from #TALER_planchet_prepare() + * @param bks blinding key secret + * @param coin_priv private key of the coin + * @param ach hash of age commitment that is bound to this coin, maybe NULL * @param c_hash hash of the coin's public key for verification of the signature + * @param alg_values values obtained from the exchange for the withdrawal * @param[out] coin set to the details of the fresh coin * @return #GNUNET_OK on success */ enum GNUNET_GenericReturnValue -TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk, - const struct GNUNET_CRYPTO_RsaSignature *blind_sig, - const struct TALER_PlanchetSecretsP *ps, - const struct GNUNET_HashCode *c_hash, - struct TALER_FreshCoin *coin); +TALER_planchet_to_coin ( + const struct TALER_DenominationPublicKey *dk, + const struct TALER_BlindedDenominationSignature *blind_sig, + const union GNUNET_CRYPTO_BlindingSecretP *bks, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + const struct TALER_AgeCommitmentHash *ach, + const struct TALER_CoinPubHashP *c_hash, + const struct TALER_ExchangeWithdrawValues *alg_values, + struct TALER_FreshCoin *coin); -/* ****************** Refresh crypto primitives ************* */ +/** + * Add the hash of the @a bp (in some canonicalized form) + * to the @a hash_context. + * + * @param bp blinded planchet to hash + * @param[in,out] hash_context hash context to use + */ +void +TALER_blinded_planchet_hash_ (const struct TALER_BlindedPlanchet *bp, + struct GNUNET_HashContext *hash_context); /** @@ -752,14 +2121,9 @@ struct TALER_RefreshCoinData const struct TALER_DenominationPublicKey *dk; /** - * The envelope with the blinded coin. - */ - void *coin_ev; - - /** - * Number of bytes in @a coin_ev + * The blinded planchet (details depend on cipher). */ - size_t coin_ev_size; + struct TALER_BlindedPlanchet blinded_planchet; }; @@ -787,6 +2151,7 @@ struct TALER_RefreshCommitmentEntry * * @param[out] rc set to the value the wallet must commit to * @param kappa number of transfer public keys involved (must be #TALER_CNC_KAPPA) + * @param rms refresh master secret to include, can be NULL! * @param num_new_coins number of new coins to be created * @param rcs array of @a kappa commitments * @param coin_pub public key of the coin to be melted @@ -795,17 +2160,177 @@ struct TALER_RefreshCommitmentEntry void TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc, uint32_t kappa, + const struct TALER_RefreshMasterSecretP *rms, uint32_t num_new_coins, const struct TALER_RefreshCommitmentEntry *rcs, const struct TALER_CoinSpendPublicKeyP *coin_pub, const struct TALER_Amount *amount_with_fee); + +/** + * Encrypt contract for transmission to a party that will + * merge it into a reserve. + * + * @param purse_pub public key of the purse + * @param contract_priv private key of the contract + * @param merge_priv merge capability to include + * @param contract_terms contract terms to encrypt + * @param[out] econtract set to encrypted contract + * @param[out] econtract_size set to number of bytes in @a econtract + */ +void +TALER_CRYPTO_contract_encrypt_for_merge ( + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_ContractDiffiePrivateP *contract_priv, + const struct TALER_PurseMergePrivateKeyP *merge_priv, + const json_t *contract_terms, + void **econtract, + size_t *econtract_size); + + +/** + * Decrypt contract for the party that will + * merge it into a reserve. + * + * @param purse_pub public key of the purse + * @param contract_priv private key of the contract + * @param econtract encrypted contract + * @param econtract_size number of bytes in @a econtract + * @param[out] merge_priv set to merge capability + * @return decrypted contract terms, or NULL on failure + */ +json_t * +TALER_CRYPTO_contract_decrypt_for_merge ( + const struct TALER_ContractDiffiePrivateP *contract_priv, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const void *econtract, + size_t econtract_size, + struct TALER_PurseMergePrivateKeyP *merge_priv); + + +/** + * Encrypt contract for transmission to a party that will + * pay for it. + * + * @param purse_pub public key of the purse + * @param contract_priv private key of the contract + * @param contract_terms contract terms to encrypt + * @param[out] econtract set to encrypted contract + * @param[out] econtract_size set to number of bytes in @a econtract + */ +void +TALER_CRYPTO_contract_encrypt_for_deposit ( + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_ContractDiffiePrivateP *contract_priv, + const json_t *contract_terms, + void **econtract, + size_t *econtract_size); + + +/** + * Decrypt contract for the party that will pay for it. + * + * @param contract_priv private key of the contract + * @param econtract encrypted contract + * @param econtract_size number of bytes in @a econtract + * @return decrypted contract terms, or NULL on failure + */ +json_t * +TALER_CRYPTO_contract_decrypt_for_deposit ( + const struct TALER_ContractDiffiePrivateP *contract_priv, + const void *econtract, + size_t econtract_size); + + +/* **************** AML officer signatures **************** */ + +/** + * Sign AML query. Simple authentication, doesn't actually + * sign anything. + * + * @param officer_priv private key of AML officer + * @param[out] officer_sig where to write the signature + */ +void +TALER_officer_aml_query_sign ( + const struct TALER_AmlOfficerPrivateKeyP *officer_priv, + struct TALER_AmlOfficerSignatureP *officer_sig); + + +/** + * Verify AML query authorization. + * + * @param officer_pub public key of AML officer + * @param officer_sig signature to verify + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_officer_aml_query_verify ( + const struct TALER_AmlOfficerPublicKeyP *officer_pub, + const struct TALER_AmlOfficerSignatureP *officer_sig); + + +/** + * Sign AML decision. + * + * @param justification human-readable justification + * @param decision_time when was the decision made + * @param new_threshold at what monthly amount threshold + * should a revision be triggered + * @param h_payto payto URI hash of the account the + * decision is about + * @param new_state updated AML state + * @param kyc_requirements additional KYC requirements to + * impose, can be NULL + * @param officer_priv private key of AML officer + * @param[out] officer_sig where to write the signature + */ +void +TALER_officer_aml_decision_sign ( + const char *justification, + struct GNUNET_TIME_Timestamp decision_time, + const struct TALER_Amount *new_threshold, + const struct TALER_PaytoHashP *h_payto, + enum TALER_AmlDecisionState new_state, + const json_t *kyc_requirements, + const struct TALER_AmlOfficerPrivateKeyP *officer_priv, + struct TALER_AmlOfficerSignatureP *officer_sig); + + +/** + * Verify AML decision. + * + * @param justification human-readable justification + * @param decision_time when was the decision made + * @param new_threshold at what monthly amount threshold + * should a revision be triggered + * @param h_payto payto URI hash of the account the + * decision is about + * @param new_state updated AML state + * @param kyc_requirements additional KYC requirements to + * impose, can be NULL + * @param officer_pub public key of AML officer + * @param officer_sig signature to verify + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_officer_aml_decision_verify ( + const char *justification, + struct GNUNET_TIME_Timestamp decision_time, + const struct TALER_Amount *new_threshold, + const struct TALER_PaytoHashP *h_payto, + enum TALER_AmlDecisionState new_state, + const json_t *kyc_requirements, + const struct TALER_AmlOfficerPublicKeyP *officer_pub, + const struct TALER_AmlOfficerSignatureP *officer_sig); + + /* **************** Helper-based RSA operations **************** */ /** * Handle for talking to an Denomination key signing helper. */ -struct TALER_CRYPTO_DenominationHelper; +struct TALER_CRYPTO_RsaDenominationHelper; /** * Function called with information about available keys for signing. Usually @@ -819,20 +2344,20 @@ struct TALER_CRYPTO_DenominationHelper; * zero if the key has been revoked or purged * @param validity_duration how long does the key remain available for signing; * zero if the key has been revoked or purged - * @param h_denom_pub hash of the @a denom_pub that is available (or was purged) - * @param denom_pub the public key itself, NULL if the key was revoked or purged + * @param h_rsa hash of the RSA @a denom_pub that is available (or was purged) + * @param bs_pub the public key itself, NULL if the key was revoked or purged * @param sm_pub public key of the security module, NULL if the key was revoked or purged * @param sm_sig signature from the security module, NULL if the key was revoked or purged * The signature was already verified against @a sm_pub. */ typedef void -(*TALER_CRYPTO_DenominationKeyStatusCallback)( +(*TALER_CRYPTO_RsaDenominationKeyStatusCallback)( void *cls, const char *section_name, - struct GNUNET_TIME_Absolute start_time, + struct GNUNET_TIME_Timestamp start_time, struct GNUNET_TIME_Relative validity_duration, - const struct GNUNET_HashCode *h_denom_pub, - const struct TALER_DenominationPublicKey *denom_pub, + const struct TALER_RsaPubHashP *h_rsa, + struct GNUNET_CRYPTO_BlindSignPublicKey *bs_pub, const struct TALER_SecurityModulePublicKeyP *sm_pub, const struct TALER_SecurityModuleSignatureP *sm_sig); @@ -841,14 +2366,16 @@ typedef void * Initiate connection to an denomination key helper. * * @param cfg configuration to use + * @param section configuration section prefix to use, usually 'taler' or 'donau' * @param dkc function to call with key information * @param dkc_cls closure for @a dkc * @return NULL on error (such as bad @a cfg). */ -struct TALER_CRYPTO_DenominationHelper * -TALER_CRYPTO_helper_denom_connect ( +struct TALER_CRYPTO_RsaDenominationHelper * +TALER_CRYPTO_helper_rsa_connect ( const struct GNUNET_CONFIGURATION_Handle *cfg, - TALER_CRYPTO_DenominationKeyStatusCallback dkc, + const char *section, + TALER_CRYPTO_RsaDenominationKeyStatusCallback dkc, void *dkc_cls); @@ -862,12 +2389,34 @@ TALER_CRYPTO_helper_denom_connect ( * @param dh helper process connection */ void -TALER_CRYPTO_helper_denom_poll (struct TALER_CRYPTO_DenominationHelper *dh); +TALER_CRYPTO_helper_rsa_poll (struct TALER_CRYPTO_RsaDenominationHelper *dh); + + +/** + * Information needed for an RSA signature request. + */ +struct TALER_CRYPTO_RsaSignRequest +{ + /** + * Hash of the RSA public key. + */ + const struct TALER_RsaPubHashP *h_rsa; + + /** + * Message to be (blindly) signed. + */ + const void *msg; + + /** + * Number of bytes in @e msg. + */ + size_t msg_size; +}; /** - * Request helper @a dh to sign @a msg using the public key corresponding to - * @a h_denom_pub. + * Request helper @a dh to sign message in @a rsr using the public key + * corresponding to the key in @a rsr. * * This operation will block until the signature has been obtained. Should * this process receive a signal (that is not ignored) while the operation is @@ -876,24 +2425,48 @@ TALER_CRYPTO_helper_denom_poll (struct TALER_CRYPTO_DenominationHelper *dh); * differences in the signature counters. Retrying in this case may work. * * @param dh helper process connection - * @param h_denom_pub hash of the public key to use to sign - * @param msg message to sign - * @param msg_size number of bytes in @a msg - * @param[out] ec set to the error code (or #TALER_EC_NONE on success) - * @return signature, the value inside the structure will be NULL on failure, - * see @a ec for details about the failure + * @param rsr details about the requested signature + * @param[out] bs set to the blind signature + * @return #TALER_EC_NONE on success */ -struct TALER_DenominationSignature -TALER_CRYPTO_helper_denom_sign ( - struct TALER_CRYPTO_DenominationHelper *dh, - const struct GNUNET_HashCode *h_denom_pub, - const void *msg, - size_t msg_size, - enum TALER_ErrorCode *ec); +enum TALER_ErrorCode +TALER_CRYPTO_helper_rsa_sign ( + struct TALER_CRYPTO_RsaDenominationHelper *dh, + const struct TALER_CRYPTO_RsaSignRequest *rsr, + struct TALER_BlindedDenominationSignature *bs); /** - * Ask the helper to revoke the public key associated with @param h_denom_pub . + * Request helper @a dh to batch sign messages in @a rsrs using the public key + * corresponding to the keys in @a rsrs. + * + * This operation will block until all the signatures have been obtained. Should + * this process receive a signal (that is not ignored) while the operation is + * pending, the operation will fail. Note that the helper may still believe + * that it created the signature. Thus, signals may result in a small + * differences in the signature counters. Retrying in this case may work. + * + * Note that in case of errors, the @a bss array may still have been partially + * filled with signatures, which in this case must be freed by the caller + * (this is in contrast to the #TALER_CRYPTO_helper_rsa_sign() API which never + * returns any signatures if there was an error). + * + * @param dh helper process connection + * @param rsrs array with details about the requested signatures + * @param rsrs_length length of the @a rsrs array + * @param[out] bss array set to the blind signatures, must be of length @a rsrs_length! + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_CRYPTO_helper_rsa_batch_sign ( + struct TALER_CRYPTO_RsaDenominationHelper *dh, + unsigned int rsrs_length, + const struct TALER_CRYPTO_RsaSignRequest rsrs[static rsrs_length], + struct TALER_BlindedDenominationSignature bss[static rsrs_length]); + + +/** + * Ask the helper to revoke the public key associated with @a h_denom_pub. * Will cause the helper to tell all clients that the key is now unavailable, * and to create a replacement key. * @@ -905,12 +2478,12 @@ TALER_CRYPTO_helper_denom_sign ( * callback. * * @param dh helper to process connection - * @param h_denom_pub hash of the public key to revoke + * @param h_rsa hash of the RSA public key to revoke */ void -TALER_CRYPTO_helper_denom_revoke ( - struct TALER_CRYPTO_DenominationHelper *dh, - const struct GNUNET_HashCode *h_denom_pub); +TALER_CRYPTO_helper_rsa_revoke ( + struct TALER_CRYPTO_RsaDenominationHelper *dh, + const struct TALER_RsaPubHashP *h_rsa); /** @@ -919,11 +2492,240 @@ TALER_CRYPTO_helper_denom_revoke ( * @param[in] dh connection to close */ void -TALER_CRYPTO_helper_denom_disconnect ( - struct TALER_CRYPTO_DenominationHelper *dh); +TALER_CRYPTO_helper_rsa_disconnect ( + struct TALER_CRYPTO_RsaDenominationHelper *dh); + + +/* **************** Helper-based CS operations **************** */ + +/** + * Handle for talking to an Denomination key signing helper. + */ +struct TALER_CRYPTO_CsDenominationHelper; + +/** + * Function called with information about available keys for signing. Usually + * only called once per key upon connect. Also called again in case a key is + * being revoked, in that case with an @a end_time of zero. + * + * @param cls closure + * @param section_name name of the denomination type in the configuration; + * NULL if the key has been revoked or purged + * @param start_time when does the key become available for signing; + * zero if the key has been revoked or purged + * @param validity_duration how long does the key remain available for signing; + * zero if the key has been revoked or purged + * @param h_cs hash of the CS @a denom_pub that is available (or was purged) + * @param bsign_pub the public key itself, NULL if the key was revoked or purged + * @param sm_pub public key of the security module, NULL if the key was revoked or purged + * @param sm_sig signature from the security module, NULL if the key was revoked or purged + * The signature was already verified against @a sm_pub. + */ +typedef void +(*TALER_CRYPTO_CsDenominationKeyStatusCallback)( + void *cls, + const char *section_name, + struct GNUNET_TIME_Timestamp start_time, + struct GNUNET_TIME_Relative validity_duration, + const struct TALER_CsPubHashP *h_cs, + struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, + const struct TALER_SecurityModulePublicKeyP *sm_pub, + const struct TALER_SecurityModuleSignatureP *sm_sig); + + +/** + * Initiate connection to an denomination key helper. + * + * @param cfg configuration to use + * @param section configuration section prefix to use, usually 'taler' or 'donau' + * @param dkc function to call with key information + * @param dkc_cls closure for @a dkc + * @return NULL on error (such as bad @a cfg). + */ +struct TALER_CRYPTO_CsDenominationHelper * +TALER_CRYPTO_helper_cs_connect ( + const struct GNUNET_CONFIGURATION_Handle *cfg, + const char *section, + TALER_CRYPTO_CsDenominationKeyStatusCallback dkc, + void *dkc_cls); + + +/** + * Function to call to 'poll' for updates to the available key material. + * Should be called whenever it is important that the key material status is + * current, like when handling a "/keys" request. This function basically + * briefly checks if there are messages from the helper announcing changes to + * denomination keys. + * + * @param dh helper process connection + */ +void +TALER_CRYPTO_helper_cs_poll (struct TALER_CRYPTO_CsDenominationHelper *dh); + + +/** + * Information about what we should sign over. + */ +struct TALER_CRYPTO_CsSignRequest +{ + /** + * Hash of the CS public key to use to sign. + */ + const struct TALER_CsPubHashP *h_cs; + + /** + * Blinded planchet containing c and the nonce. + */ + const struct GNUNET_CRYPTO_CsBlindedMessage *blinded_planchet; + +}; + + +/** + * Request helper @a dh to sign @a req. + * + * This operation will block until the signature has been obtained. Should + * this process receive a signal (that is not ignored) while the operation is + * pending, the operation will fail. Note that the helper may still believe + * that it created the signature. Thus, signals may result in a small + * differences in the signature counters. Retrying in this case may work. + * + * @param dh helper process connection + * @param req information about the key to sign with and the value to sign + * @param for_melt true if for melt operation + * @param[out] bs set to the blind signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_CRYPTO_helper_cs_sign ( + struct TALER_CRYPTO_CsDenominationHelper *dh, + const struct TALER_CRYPTO_CsSignRequest *req, + bool for_melt, + struct TALER_BlindedDenominationSignature *bs); + + +/** + * Request helper @a dh to sign batch of @a reqs requests. + * + * This operation will block until the signature has been obtained. Should + * this process receive a signal (that is not ignored) while the operation is + * pending, the operation will fail. Note that the helper may still believe + * that it created the signature. Thus, signals may result in a small + * differences in the signature counters. Retrying in this case may work. + * + * @param dh helper process connection + * @param reqs information about the keys to sign with and the values to sign + * @param reqs_length length of the @a reqs array + * @param for_melt true if this is for a melt operation + * @param[out] bss array set to the blind signatures, must be of length @a reqs_length! + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_CRYPTO_helper_cs_batch_sign ( + struct TALER_CRYPTO_CsDenominationHelper *dh, + unsigned int reqs_length, + const struct TALER_CRYPTO_CsSignRequest reqs[static reqs_length], + bool for_melt, + struct TALER_BlindedDenominationSignature bss[static reqs_length]); + + +/** + * Ask the helper to revoke the public key associated with @a h_cs. + * Will cause the helper to tell all clients that the key is now unavailable, + * and to create a replacement key. + * + * This operation will block until the revocation request has been + * transmitted. Should this process receive a signal (that is not ignored) + * while the operation is pending, the operation may fail. If the key is + * unknown, this function will also appear to have succeeded. To be sure that + * the revocation worked, clients must watch the denomination key status + * callback. + * + * @param dh helper to process connection + * @param h_cs hash of the CS public key to revoke + */ +void +TALER_CRYPTO_helper_cs_revoke ( + struct TALER_CRYPTO_CsDenominationHelper *dh, + const struct TALER_CsPubHashP *h_cs); /** + * Information about what we should derive for. + */ +struct TALER_CRYPTO_CsDeriveRequest +{ + /** + * Hash of the CS public key to use to sign. + */ + const struct TALER_CsPubHashP *h_cs; + + /** + * Nonce to use for the /csr request. + */ + const struct GNUNET_CRYPTO_CsSessionNonce *nonce; +}; + + +/** + * Ask the helper to derive R using the information + * from @a cdr. + * + * This operation will block until the R has been obtained. Should + * this process receive a signal (that is not ignored) while the operation is + * pending, the operation will fail. Note that the helper may still believe + * that it created the signature. Thus, signals may result in a small + * differences in the signature counters. Retrying in this case may work. + * + * @param dh helper to process connection + * @param cdr derivation input data + * @param for_melt true if this is for a melt operation + * @param[out] crp set to the pair of R values + * @return set to the error code (or #TALER_EC_NONE on success) + */ +enum TALER_ErrorCode +TALER_CRYPTO_helper_cs_r_derive ( + struct TALER_CRYPTO_CsDenominationHelper *dh, + const struct TALER_CRYPTO_CsDeriveRequest *cdr, + bool for_melt, + struct GNUNET_CRYPTO_CSPublicRPairP *crp); + + +/** + * Ask the helper to derive R using the information from @a cdrs. + * + * This operation will block until the R has been obtained. Should + * this process receive a signal (that is not ignored) while the operation is + * pending, the operation will fail. Note that the helper may still believe + * that it created the signature. Thus, signals may result in a small + * differences in the signature counters. Retrying in this case may work. + * + * @param dh helper to process connection + * @param cdrs_length length of the @a cdrs array + * @param cdrs array with derivation input data + * @param for_melt true if this is for a melt operation + * @param[out] crps array set to the pair of R values, must be of length @a cdrs_length + * @return set to the error code (or #TALER_EC_NONE on success) + */ +enum TALER_ErrorCode +TALER_CRYPTO_helper_cs_r_batch_derive ( + struct TALER_CRYPTO_CsDenominationHelper *dh, + unsigned int cdrs_length, + const struct TALER_CRYPTO_CsDeriveRequest cdrs[static cdrs_length], + bool for_melt, + struct GNUNET_CRYPTO_CSPublicRPairP crps[static cdrs_length]); + + +/** + * Close connection to @a dh. + * + * @param[in] dh connection to close + */ +void +TALER_CRYPTO_helper_cs_disconnect ( + struct TALER_CRYPTO_CsDenominationHelper *dh); + +/** * Handle for talking to an online key signing helper. */ struct TALER_CRYPTO_ExchangeSignHelper; @@ -946,7 +2748,7 @@ struct TALER_CRYPTO_ExchangeSignHelper; typedef void (*TALER_CRYPTO_ExchangeKeyStatusCallback)( void *cls, - struct GNUNET_TIME_Absolute start_time, + struct GNUNET_TIME_Timestamp start_time, struct GNUNET_TIME_Relative validity_duration, const struct TALER_ExchangePublicKeyP *exchange_pub, const struct TALER_SecurityModulePublicKeyP *sm_pub, @@ -957,6 +2759,7 @@ typedef void * Initiate connection to an online signing key helper. * * @param cfg configuration to use + * @param section configuration section prefix to use, usually 'taler' or 'donau' * @param ekc function to call with key information * @param ekc_cls closure for @a ekc * @return NULL on error (such as bad @a cfg). @@ -964,6 +2767,7 @@ typedef void struct TALER_CRYPTO_ExchangeSignHelper * TALER_CRYPTO_helper_esign_connect ( const struct GNUNET_CONFIGURATION_Handle *cfg, + const char *section, TALER_CRYPTO_ExchangeKeyStatusCallback ekc, void *ekc_cls); @@ -1034,7 +2838,7 @@ TALER_CRYPTO_helper_esign_sign_ ( /** - * Ask the helper to revoke the public key @param exchange_pub . + * Ask the helper to revoke the public key @a exchange_pub . * Will cause the helper to tell all clients that the key is now unavailable, * and to create a replacement key. * @@ -1065,23 +2869,640 @@ TALER_CRYPTO_helper_esign_disconnect ( /* ********************* wallet signing ************************** */ + +/** + * Sign a request to create a purse. + * + * @param purse_expiration when should the purse expire + * @param h_contract_terms contract the two parties agree on + * @param merge_pub public key defining the merge capability + * @param min_age age restriction to apply for deposits into the purse + * @param amount total amount in the purse (including fees) + * @param purse_priv key identifying the purse + * @param[out] purse_sig resulting signature + */ +void +TALER_wallet_purse_create_sign ( + struct GNUNET_TIME_Timestamp purse_expiration, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_PurseMergePublicKeyP *merge_pub, + uint32_t min_age, + const struct TALER_Amount *amount, + const struct TALER_PurseContractPrivateKeyP *purse_priv, + struct TALER_PurseContractSignatureP *purse_sig); + + +/** + * Verify a purse creation request. + * + * @param purse_expiration when should the purse expire + * @param h_contract_terms contract the two parties agree on + * @param merge_pub public key defining the merge capability + * @param min_age age restriction to apply for deposits into the purse + * @param amount total amount in the purse (including fees) + * @param purse_pub purse’s public key + * @param purse_sig the signature made with purpose #TALER_SIGNATURE_WALLET_PURSE_CREATE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_purse_create_verify ( + struct GNUNET_TIME_Timestamp purse_expiration, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_PurseMergePublicKeyP *merge_pub, + uint32_t min_age, + const struct TALER_Amount *amount, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PurseContractSignatureP *purse_sig); + + +/** + * Sign a request to delete a purse. + * + * @param purse_priv key identifying the purse + * @param[out] purse_sig resulting signature + */ +void +TALER_wallet_purse_delete_sign ( + const struct TALER_PurseContractPrivateKeyP *purse_priv, + struct TALER_PurseContractSignatureP *purse_sig); + + +/** + * Verify a purse deletion request. + * + * @param purse_pub purse’s public key + * @param purse_sig the signature made with purpose #TALER_SIGNATURE_WALLET_PURSE_DELETE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_purse_delete_verify ( + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PurseContractSignatureP *purse_sig); + + +/** + * Sign a request to upload an encrypted contract. + * + * @param econtract encrypted contract + * @param econtract_size number of bytes in @a econtract + * @param contract_pub public key for the DH-encryption + * @param purse_priv key identifying the purse + * @param[out] purse_sig resulting signature + */ +void +TALER_wallet_econtract_upload_sign ( + const void *econtract, + size_t econtract_size, + const struct TALER_ContractDiffiePublicP *contract_pub, + const struct TALER_PurseContractPrivateKeyP *purse_priv, + struct TALER_PurseContractSignatureP *purse_sig); + + +/** + * Verify a signature over encrypted contract. + * + * @param econtract encrypted contract + * @param econtract_size number of bytes in @a econtract + * @param contract_pub public key for the DH-encryption + * @param purse_pub purse’s public key + * @param purse_sig the signature made with purpose #TALER_SIGNATURE_WALLET_PURSE_CREATE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_econtract_upload_verify ( + const void *econtract, + size_t econtract_size, + const struct TALER_ContractDiffiePublicP *contract_pub, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PurseContractSignatureP *purse_sig); + + +/** + * Verify a signature over encrypted contract. + * + * @param h_econtract hashed encrypted contract + * @param contract_pub public key for the DH-encryption + * @param purse_pub purse’s public key + * @param purse_sig the signature made with purpose #TALER_SIGNATURE_WALLET_PURSE_CREATE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_econtract_upload_verify2 ( + const struct GNUNET_HashCode *h_econtract, + const struct TALER_ContractDiffiePublicP *contract_pub, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PurseContractSignatureP *purse_sig); + + +/** + * Sign a request to inquire about a purse's status. + * + * @param purse_priv key identifying the purse + * @param[out] purse_sig resulting signature + */ +void +TALER_wallet_purse_status_sign ( + const struct TALER_PurseContractPrivateKeyP *purse_priv, + struct TALER_PurseContractSignatureP *purse_sig); + + +/** + * Verify a purse status request signature. + * + * @param purse_pub purse’s public key + * @param purse_sig the signature made with purpose #TALER_SIGNATURE_WALLET_PURSE_STATUS + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_purse_status_verify ( + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PurseContractSignatureP *purse_sig); + + +/** + * Sign a request to deposit a coin into a purse. + * + * @param exchange_base_url URL of the exchange hosting the purse + * @param purse_pub purse’s public key + * @param amount amount of the coin's value to transfer to the purse + * @param h_denom_pub hash of the coin's denomination + * @param h_age_commitment hash of the coin's age commitment + * @param coin_priv key identifying the coin to be deposited + * @param[out] coin_sig resulting signature + */ +void +TALER_wallet_purse_deposit_sign ( + const char *exchange_base_url, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_Amount *amount, + const struct TALER_DenominationHashP *h_denom_pub, + const struct TALER_AgeCommitmentHash *h_age_commitment, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Verify a purse deposit request. + * + * @param exchange_base_url URL of the exchange hosting the purse + * @param purse_pub purse’s public key + * @param amount amount of the coin's value to transfer to the purse + * @param h_denom_pub hash of the coin's denomination + * @param h_age_commitment hash of the coin's age commitment + * @param coin_pub key identifying the coin that is being deposited + * @param[out] coin_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_purse_deposit_verify ( + const char *exchange_base_url, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_Amount *amount, + const struct TALER_DenominationHashP *h_denom_pub, + const struct TALER_AgeCommitmentHash *h_age_commitment, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Sign a request by a purse to merge it into an account. + * + * @param reserve_uri identifies the location of the reserve + * @param merge_timestamp time when the merge happened + * @param purse_pub key identifying the purse + * @param merge_priv key identifying the merge capability + * @param[out] merge_sig resulting signature + */ +void +TALER_wallet_purse_merge_sign ( + const char *reserve_uri, + struct GNUNET_TIME_Timestamp merge_timestamp, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PurseMergePrivateKeyP *merge_priv, + struct TALER_PurseMergeSignatureP *merge_sig); + + +/** + * Verify a purse merge request. + * + * @param reserve_uri identifies the location of the reserve + * @param merge_timestamp time when the merge happened + * @param purse_pub public key of the purse to merge + * @param merge_pub public key of the merge capability + * @param merge_sig the signature made with purpose #TALER_SIGNATURE_WALLET_PURSE_MERGE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_purse_merge_verify ( + const char *reserve_uri, + struct GNUNET_TIME_Timestamp merge_timestamp, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PurseMergePublicKeyP *merge_pub, + const struct TALER_PurseMergeSignatureP *merge_sig); + + +/** + * Flags for a merge signature. + */ +enum TALER_WalletAccountMergeFlags +{ + + /** + * A mode must be set. None is not a legal mode! + */ + TALER_WAMF_MODE_NONE = 0, + + /** + * We are merging a fully paid-up purse into a reserve. + */ + TALER_WAMF_MODE_MERGE_FULLY_PAID_PURSE = 1, + + /** + * We are creating a fresh purse, from the contingent + * of free purses that our account brings. + */ + TALER_WAMF_MODE_CREATE_FROM_PURSE_QUOTA = 2, + + /** + * The account owner is willing to pay the purse_fee for the purse to be + * created from the account balance. + */ + TALER_WAMF_MODE_CREATE_WITH_PURSE_FEE = 3, + + /** + * Bitmask to AND the full flags with to get the mode. + */ + TALER_WAMF_MERGE_MODE_MASK = 3 + +}; + + +/** + * Sign a request by an account to merge a purse. + * + * @param merge_timestamp time when the merge happened + * @param purse_pub public key of the purse to merge + * @param purse_expiration when should the purse expire + * @param h_contract_terms contract the two parties agree on + * @param amount total amount in the purse (including fees) + * @param purse_fee purse fee the reserve will pay, + * only used if @a flags is #TALER_WAMF_MODE_CREATE_WITH_PURSE_FEE + * @param min_age age restriction to apply for deposits into the purse + * @param flags flags for the operation + * @param reserve_priv key identifying the reserve + * @param[out] reserve_sig resulting signature + */ +void +TALER_wallet_account_merge_sign ( + struct GNUNET_TIME_Timestamp merge_timestamp, + const struct TALER_PurseContractPublicKeyP *purse_pub, + struct GNUNET_TIME_Timestamp purse_expiration, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_Amount *amount, + const struct TALER_Amount *purse_fee, + uint32_t min_age, + enum TALER_WalletAccountMergeFlags flags, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Verify an account's request to merge a purse. + * + * @param merge_timestamp time when the merge happened + * @param purse_pub public key of the purse to merge + * @param purse_expiration when should the purse expire + * @param h_contract_terms contract the two parties agree on + * @param amount total amount in the purse (including fees) + * @param purse_fee purse fee the reserve will pay, + * only used if @a flags is #TALER_WAMF_MODE_CREATE_WITH_PURSE_FEE + * @param min_age age restriction to apply for deposits into the purse + * @param flags flags for the operation + * @param reserve_pub account’s public key + * @param reserve_sig the signature made with purpose #TALER_SIGNATURE_WALLET_ACCOUNT_MERGE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_account_merge_verify ( + struct GNUNET_TIME_Timestamp merge_timestamp, + const struct TALER_PurseContractPublicKeyP *purse_pub, + struct GNUNET_TIME_Timestamp purse_expiration, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_Amount *amount, + const struct TALER_Amount *purse_fee, + uint32_t min_age, + enum TALER_WalletAccountMergeFlags flags, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Sign a request to keep a reserve open. + * + * @param reserve_payment how much to pay from the + * reserve's own balance for opening the reserve + * @param request_timestamp when was the request created + * @param reserve_expiration desired expiration time for the reserve + * @param purse_limit minimum number of purses the client + * wants to have concurrently open for this reserve + * @param reserve_priv key identifying the reserve + * @param[out] reserve_sig resulting signature + */ +void +TALER_wallet_reserve_open_sign ( + const struct TALER_Amount *reserve_payment, + struct GNUNET_TIME_Timestamp request_timestamp, + struct GNUNET_TIME_Timestamp reserve_expiration, + uint32_t purse_limit, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Verify a request to keep a reserve open. + * + * @param reserve_payment how much to pay from the + * reserve's own balance for opening the reserve + * @param request_timestamp when was the request created + * @param reserve_expiration desired expiration time for the reserve + * @param purse_limit minimum number of purses the client + * wants to have concurrently open for this reserve + * @param reserve_pub key identifying the reserve + * @param reserve_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_reserve_open_verify ( + const struct TALER_Amount *reserve_payment, + struct GNUNET_TIME_Timestamp request_timestamp, + struct GNUNET_TIME_Timestamp reserve_expiration, + uint32_t purse_limit, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Sign to deposit coin to pay for keeping a reserve open. + * + * @param coin_contribution how much the coin should contribute + * @param reserve_sig signature over the reserve open operation + * @param coin_priv private key of the coin + * @param[out] coin_sig signature by the coin + */ +void +TALER_wallet_reserve_open_deposit_sign ( + const struct TALER_Amount *coin_contribution, + const struct TALER_ReserveSignatureP *reserve_sig, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Verify signature that deposits coin to pay for keeping a reserve open. + * + * @param coin_contribution how much the coin should contribute + * @param reserve_sig signature over the reserve open operation + * @param coin_pub public key of the coin + * @param coin_sig signature by the coin + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_reserve_open_deposit_verify ( + const struct TALER_Amount *coin_contribution, + const struct TALER_ReserveSignatureP *reserve_sig, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Sign a request to close a reserve. + * + * @param request_timestamp when was the request created + * @param h_payto where to send the funds (NULL allowed to send + * to origin of the reserve) + * @param reserve_priv key identifying the reserve + * @param[out] reserve_sig resulting signature + */ +void +TALER_wallet_reserve_close_sign ( + struct GNUNET_TIME_Timestamp request_timestamp, + const struct TALER_PaytoHashP *h_payto, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Verify wallet request to close an account. + * + * @param request_timestamp when was the request created + * @param h_payto where to send the funds (NULL/all zeros + * allowed to send to origin of the reserve) + * @param reserve_pub account’s public key + * @param reserve_sig the signature made with purpose #TALER_SIGNATURE_WALLET_RESERVE_CLOSE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_reserve_close_verify ( + struct GNUNET_TIME_Timestamp request_timestamp, + const struct TALER_PaytoHashP *h_payto, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Sign a request by a wallet to perform a KYC check. + * + * @param reserve_priv key identifying the wallet/account + * @param balance_threshold the balance threshold the wallet is about to cross + * @param[out] reserve_sig resulting signature + */ +void +TALER_wallet_account_setup_sign ( + const struct TALER_ReservePrivateKeyP *reserve_priv, + const struct TALER_Amount *balance_threshold, + struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Verify account setup request. + * + * @param reserve_pub reserve the setup request was for + * @param balance_threshold the balance threshold the wallet is about to cross + * @param reserve_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_account_setup_verify ( + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_Amount *balance_threshold, + const struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Sign request to the exchange to confirm certain + * @a details about the owner of a reserve. + * + * @param request_timestamp when was the request created + * @param details which attributes are requested + * @param reserve_priv private key of the reserve + * @param[out] reserve_sig where to store the signature + */ +void +TALER_wallet_reserve_attest_request_sign ( + struct GNUNET_TIME_Timestamp request_timestamp, + const json_t *details, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Verify request to the exchange to confirm certain + * @a details about the owner of a reserve. + * + * @param request_timestamp when was the request created + * @param details which attributes are requested + * @param reserve_pub public key of the reserve + * @param reserve_sig where to store the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_reserve_attest_request_verify ( + struct GNUNET_TIME_Timestamp request_timestamp, + const json_t *details, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Sign a deposit permission. Function for wallets. + * + * @param amount the amount to be deposited + * @param deposit_fee the deposit fee we expect to pay + * @param h_wire hash of the merchant’s account details + * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange) + * @param wallet_data_hash hash over wallet inputs into the contract (maybe NULL) + * @param h_age_commitment hash over the age commitment, if applicable to the denomination (maybe NULL) + * @param h_policy hash over the policy extension + * @param h_denom_pub hash of the coin denomination's public key + * @param coin_priv coin’s private key + * @param wallet_timestamp timestamp when the contract was finalized, must not be too far in the future + * @param merchant_pub the public key of the merchant (used to identify the merchant for refund requests) + * @param refund_deadline date until which the merchant can issue a refund to the customer via the exchange (can be zero if refunds are not allowed); must not be after the @a wire_deadline + * @param[out] coin_sig set to the signature made with purpose #TALER_SIGNATURE_WALLET_COIN_DEPOSIT + */ +void +TALER_wallet_deposit_sign ( + const struct TALER_Amount *amount, + const struct TALER_Amount *deposit_fee, + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct GNUNET_HashCode *wallet_data_hash, + const struct TALER_AgeCommitmentHash *h_age_commitment, + const struct TALER_ExtensionPolicyHashP *h_policy, + const struct TALER_DenominationHashP *h_denom_pub, + struct GNUNET_TIME_Timestamp wallet_timestamp, + const struct TALER_MerchantPublicKeyP *merchant_pub, + struct GNUNET_TIME_Timestamp refund_deadline, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Verify a deposit permission. + * + * @param amount the amount to be deposited + * @param deposit_fee the deposit fee we expect to pay + * @param h_wire hash of the merchant’s account details + * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange) + * @param wallet_data_hash hash over wallet inputs into the contract (maybe NULL) + * @param h_age_commitment hash over the age commitment (maybe all zeroes, if not applicable to the denomination) + * @param h_policy hash over the policy extension + * @param h_denom_pub hash of the coin denomination's public key + * @param wallet_timestamp timestamp when the contract was finalized, must not be too far in the future + * @param merchant_pub the public key of the merchant (used to identify the merchant for refund requests) + * @param refund_deadline date until which the merchant can issue a refund to the customer via the exchange (can be zero if refunds are not allowed); must not be after the @a wire_deadline + * @param coin_pub coin’s public key + * @param coin_sig the signature made with purpose #TALER_SIGNATURE_WALLET_COIN_DEPOSIT + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_deposit_verify ( + const struct TALER_Amount *amount, + const struct TALER_Amount *deposit_fee, + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct GNUNET_HashCode *wallet_data_hash, + const struct TALER_AgeCommitmentHash *h_age_commitment, + const struct TALER_ExtensionPolicyHashP *h_policy, + const struct TALER_DenominationHashP *h_denom_pub, + struct GNUNET_TIME_Timestamp wallet_timestamp, + const struct TALER_MerchantPublicKeyP *merchant_pub, + struct GNUNET_TIME_Timestamp refund_deadline, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Sign a melt request. + * + * @param amount_with_fee the amount to be melted (with fee) + * @param melt_fee the melt fee we expect to pay + * @param rc refresh session we are committed to + * @param h_denom_pub hash of the coin denomination's public key + * @param h_age_commitment hash of the age commitment (may be NULL) + * @param coin_priv coin’s private key + * @param[out] coin_sig set to the signature made with purpose #TALER_SIGNATURE_WALLET_COIN_MELT + */ +void +TALER_wallet_melt_sign ( + const struct TALER_Amount *amount_with_fee, + const struct TALER_Amount *melt_fee, + const struct TALER_RefreshCommitmentP *rc, + const struct TALER_DenominationHashP *h_denom_pub, + const struct TALER_AgeCommitmentHash *h_age_commitment, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Verify a melt request. + * + * @param amount_with_fee the amount to be melted (with fee) + * @param melt_fee the melt fee we expect to pay + * @param rc refresh session we are committed to + * @param h_denom_pub hash of the coin denomination's public key + * @param h_age_commitment hash of the age commitment (may be NULL) + * @param coin_pub coin’s public key + * @param coin_sig the signature made with purpose #TALER_SIGNATURE_WALLET_COIN_MELT + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_melt_verify ( + const struct TALER_Amount *amount_with_fee, + const struct TALER_Amount *melt_fee, + const struct TALER_RefreshCommitmentP *rc, + const struct TALER_DenominationHashP *h_denom_pub, + const struct TALER_AgeCommitmentHash *h_age_commitment, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig); + + /** * Sign link data. * * @param h_denom_pub hash of the denomiantion public key of the new coin * @param transfer_pub transfer public key - * @param coin_ev coin envelope - * @param coin_ev_size number of bytes in @a coin_ev + * @param bch blinded coin hash * @param old_coin_priv private key to sign with * @param[out] coin_sig resulting signature */ void -TALER_wallet_link_sign (const struct GNUNET_HashCode *h_denom_pub, - const struct TALER_TransferPublicKeyP *transfer_pub, - const void *coin_ev, - size_t coin_ev_size, - const struct TALER_CoinSpendPrivateKeyP *old_coin_priv, - struct TALER_CoinSpendSignatureP *coin_sig); +TALER_wallet_link_sign ( + const struct TALER_DenominationHashP *h_denom_pub, + const struct TALER_TransferPublicKeyP *transfer_pub, + const struct TALER_BlindedCoinHashP *bch, + const struct TALER_CoinSpendPrivateKeyP *old_coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); /** @@ -1089,25 +3510,1269 @@ TALER_wallet_link_sign (const struct GNUNET_HashCode *h_denom_pub, * * @param h_denom_pub hash of the denomiantion public key of the new coin * @param transfer_pub transfer public key - * @param coin_ev coin envelope - * @param coin_ev_size number of bytes in @a coin_ev + * @param h_coin_ev hash of the coin envelope * @param old_coin_pub old coin key that the link signature is for * @param coin_sig resulting signature * @return #GNUNET_OK if the signature is valid */ enum GNUNET_GenericReturnValue TALER_wallet_link_verify ( - const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_DenominationHashP *h_denom_pub, const struct TALER_TransferPublicKeyP *transfer_pub, - const void *coin_ev, - size_t coin_ev_size, + const struct TALER_BlindedCoinHashP *h_coin_ev, const struct TALER_CoinSpendPublicKeyP *old_coin_pub, const struct TALER_CoinSpendSignatureP *coin_sig); + +/** + * Sign withdraw request. + * + * @param h_denom_pub hash of the denomiantion public key of the coin to withdraw + * @param amount_with_fee amount to debit the reserve for + * @param bch blinded coin hash + * @param reserve_priv private key to sign with + * @param[out] reserve_sig resulting signature + */ +void +TALER_wallet_withdraw_sign ( + const struct TALER_DenominationHashP *h_denom_pub, + const struct TALER_Amount *amount_with_fee, + const struct TALER_BlindedCoinHashP *bch, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Verify withdraw request. + * + * @param h_denom_pub hash of the denomiantion public key of the coin to withdraw + * @param amount_with_fee amount to debit the reserve for + * @param bch blinded coin hash + * @param reserve_pub public key of the reserve + * @param reserve_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_withdraw_verify ( + const struct TALER_DenominationHashP *h_denom_pub, + const struct TALER_Amount *amount_with_fee, + const struct TALER_BlindedCoinHashP *bch, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Sign age-withdraw request. + * + * @param h_commitment hash over all n*kappa blinded coins in the commitment for the age-withdraw + * @param amount_with_fee amount to debit the reserve for + * @param mask the mask that defines the age groups + * @param max_age maximum age from which the age group is derived, that the withdrawn coins must be restricted to. + * @param reserve_priv private key to sign with + * @param[out] reserve_sig resulting signature + */ +void +TALER_wallet_age_withdraw_sign ( + const struct TALER_AgeWithdrawCommitmentHashP *h_commitment, + const struct TALER_Amount *amount_with_fee, + const struct TALER_AgeMask *mask, + uint8_t max_age, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + +/** + * Verify an age-withdraw request. + * + * @param h_commitment hash all n*kappa blinded coins in the commitment for the age-withdraw + * @param amount_with_fee amount to debit the reserve for + * @param mask the mask that defines the age groups + * @param max_age maximum age from which the age group is derived, that the withdrawn coins must be restricted to. + * @param reserve_pub public key of the reserve + * @param reserve_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_age_withdraw_verify ( + const struct TALER_AgeWithdrawCommitmentHashP *h_commitment, + const struct TALER_Amount *amount_with_fee, + const struct TALER_AgeMask *mask, + uint8_t max_age, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + +/** + * Verify exchange melt confirmation. + * + * @param rc refresh session this is about + * @param noreveal_index gamma value chosen by the exchange + * @param exchange_pub public signing key used + * @param exchange_sig signature to check + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_melt_confirmation_verify ( + const struct TALER_RefreshCommitmentP *rc, + uint32_t noreveal_index, + const struct TALER_ExchangePublicKeyP *exchange_pub, + const struct TALER_ExchangeSignatureP *exchange_sig); + + +/** + * Verify recoup signature. + * + * @param h_denom_pub hash of the denomiantion public key of the coin + * @param coin_bks blinding factor used when withdrawing the coin + * @param coin_pub coin key of the coin to be recouped + * @param coin_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_recoup_verify ( + const struct TALER_DenominationHashP *h_denom_pub, + const union GNUNET_CRYPTO_BlindingSecretP *coin_bks, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Create recoup signature. + * + * @param h_denom_pub hash of the denomiantion public key of the coin + * @param coin_bks blinding factor used when withdrawing the coin + * @param coin_priv coin key of the coin to be recouped + * @param[out] coin_sig resulting signature + */ +void +TALER_wallet_recoup_sign ( + const struct TALER_DenominationHashP *h_denom_pub, + const union GNUNET_CRYPTO_BlindingSecretP *coin_bks, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Verify recoup-refresh signature. + * + * @param h_denom_pub hash of the denomiantion public key of the coin + * @param coin_bks blinding factor used when withdrawing the coin + * @param coin_pub coin key of the coin to be recouped + * @param coin_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_recoup_refresh_verify ( + const struct TALER_DenominationHashP *h_denom_pub, + const union GNUNET_CRYPTO_BlindingSecretP *coin_bks, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Create recoup-refresh signature. + * + * @param h_denom_pub hash of the denomiantion public key of the coin + * @param coin_bks blinding factor used when withdrawing the coin + * @param coin_priv coin key of the coin to be recouped + * @param[out] coin_sig resulting signature + */ +void +TALER_wallet_recoup_refresh_sign ( + const struct TALER_DenominationHashP *h_denom_pub, + const union GNUNET_CRYPTO_BlindingSecretP *coin_bks, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Verify reserve history request signature. + * + * @param start_off start of the requested range + * @param reserve_pub reserve the history request was for + * @param reserve_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_reserve_history_verify ( + uint64_t start_off, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Create reserve status request signature. + * + * @param start_off start of the requested range + * @param reserve_priv private key of the reserve the history request is for + * @param[out] reserve_sig resulting signature + */ +void +TALER_wallet_reserve_history_sign ( + uint64_t start_off, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Verify coin history request signature. + * + * @param start_off start of the requested range + * @param coin_pub coin the history request was for + * @param coin_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_coin_history_verify ( + uint64_t start_off, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Create coin status request signature. + * + * @param start_off start of the requested range + * @param coin_priv private key of the coin the history request is for + * @param[out] coin_sig resulting signature + */ +void +TALER_wallet_coin_history_sign ( + uint64_t start_off, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); + + +/* ********************* merchant signing ************************** */ + + +/** + * Create merchant signature approving a refund. + * + * @param coin_pub coin to be refunded + * @param h_contract_terms contract to be refunded + * @param rtransaction_id unique ID for this (partial) refund + * @param amount amount to be refunded + * @param merchant_priv private key to sign with + * @param[out] merchant_sig where to write the signature + */ +void +TALER_merchant_refund_sign ( + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_PrivateContractHashP *h_contract_terms, + uint64_t rtransaction_id, + const struct TALER_Amount *amount, + const struct TALER_MerchantPrivateKeyP *merchant_priv, + struct TALER_MerchantSignatureP *merchant_sig); + + +/** + * Verify merchant signature approving a refund. + * + * @param coin_pub coin to be refunded + * @param h_contract_terms contract to be refunded + * @param rtransaction_id unique ID for this (partial) refund + * @param amount amount to be refunded + * @param merchant_pub public key of the merchant + * @param merchant_sig signature to verify + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_merchant_refund_verify ( + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_PrivateContractHashP *h_contract_terms, + uint64_t rtransaction_id, + const struct TALER_Amount *amount, + const struct TALER_MerchantPublicKeyP *merchant_pub, + const struct TALER_MerchantSignatureP *merchant_sig); + + +/* ********************* exchange deposit signing ************************* */ + +/** + * Sign a deposit. + * + * @param h_contract_terms hash of contract terms + * @param h_wire hash of the merchant account details + * @param coin_pub coin to be deposited + * @param merchant_priv private key to sign with + * @param[out] merchant_sig where to write the signature + */ +void +TALER_merchant_deposit_sign ( + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_MerchantPrivateKeyP *merchant_priv, + struct TALER_MerchantSignatureP *merchant_sig); + + +/** + * Verify a deposit. + * + * @param merchant merchant public key + * @param coin_pub public key of the deposited coin + * @param h_contract_terms hash of contract terms + * @param h_wire hash of the merchant account details + * @param merchant_sig signature of the merchant + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_merchant_deposit_verify ( + const struct TALER_MerchantPublicKeyP *merchant, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_MerchantSignatureP *merchant_sig); + + +/* ********************* exchange online signing ************************** */ + + +/** + * Signature of a function that signs the message in @a purpose with the + * exchange's signing key. + * + * The @a purpose data is the beginning of the data of which the signature is + * to be created. The `size` field in @a purpose must correctly indicate the + * number of bytes of the data structure, including its header. * + * @param purpose the message to sign + * @param[out] pub set to the current public signing key of the exchange + * @param[out] sig signature over purpose using current signing key + * @return #TALER_EC_NONE on success + */ +typedef enum TALER_ErrorCode +(*TALER_ExchangeSignCallback)( + const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Signature of a function that signs the message in @a purpose with the + * exchange's signing key. + * + * The @a purpose data is the beginning of the data of which the signature is + * to be created. The `size` field in @a purpose must correctly indicate the + * number of bytes of the data structure, including its header. * + * @param cls closure + * @param purpose the message to sign + * @param[out] pub set to the current public signing key of the exchange + * @param[out] sig signature over purpose using current signing key + * @return #TALER_EC_NONE on success + */ +typedef enum TALER_ErrorCode +(*TALER_ExchangeSignCallback2)( + void *cls, + const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Create deposit confirmation signature. + * + * @param scb function to call to create the signature + * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange) + * @param h_wire hash of the merchant’s account details + * @param h_policy hash over the policy extension, can be NULL + * @param exchange_timestamp timestamp when the contract was finalized, must not be too far off + * @param wire_deadline date until which the exchange should wire the funds + * @param refund_deadline date until which the merchant can issue a refund to the customer via the exchange (can be zero if refunds are not allowed); must not be after the @a wire_deadline + * @param total_without_fee the total amount to be deposited after fees over all coins + * @param num_coins length of @a coin_sigs array + * @param coin_sigs signatures of the deposited coins + * @param merchant_pub the public key of the merchant (used to identify the merchant for refund requests) + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_deposit_confirmation_sign ( + TALER_ExchangeSignCallback scb, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_ExtensionPolicyHashP *h_policy, + struct GNUNET_TIME_Timestamp exchange_timestamp, + struct GNUNET_TIME_Timestamp wire_deadline, + struct GNUNET_TIME_Timestamp refund_deadline, + const struct TALER_Amount *total_without_fee, + unsigned int num_coins, + const struct TALER_CoinSpendSignatureP *coin_sigs[static num_coins], + const struct TALER_MerchantPublicKeyP *merchant_pub, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify deposit confirmation signature. + * + * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange) + * @param h_wire hash of the merchant’s account details + * @param h_policy hash over the policy extension, can be NULL + * @param exchange_timestamp timestamp when the contract was finalized, must not be too far off + * @param wire_deadline date until which the exchange should wire the funds + * @param refund_deadline date until which the merchant can issue a refund to the customer via the exchange (can be zero if refunds are not allowed); must not be after the @a wire_deadline + * @param total_without_fee the total amount to be deposited after fees over all coins + * @param num_coins length of @a coin_sigs array + * @param coin_sigs signatures of the deposited coins + * @param merchant_pub the public key of the merchant (used to identify the merchant for refund requests) + * @param pub where to write the public key + * @param sig where to write the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_deposit_confirmation_verify ( + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_ExtensionPolicyHashP *h_policy, + struct GNUNET_TIME_Timestamp exchange_timestamp, + struct GNUNET_TIME_Timestamp wire_deadline, + struct GNUNET_TIME_Timestamp refund_deadline, + const struct TALER_Amount *total_without_fee, + unsigned int num_coins, + const struct TALER_CoinSpendSignatureP *coin_sigs[static num_coins], + const struct TALER_MerchantPublicKeyP *merchant_pub, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create refund confirmation signature. + * + * @param scb function to call to create the signature + * @param h_contract_terms hash of contract being refunded + * @param coin_pub public key of the coin receiving the refund + * @param merchant public key of the merchant that granted the refund + * @param rtransaction_id refund transaction ID used by the merchant + * @param refund_amount amount refunded + * @param[out] pub where to write the exchange public key + * @param[out] sig where to write the exchange signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_refund_confirmation_sign ( + TALER_ExchangeSignCallback scb, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_MerchantPublicKeyP *merchant, + uint64_t rtransaction_id, + const struct TALER_Amount *refund_amount, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify refund confirmation signature. + * + * @param h_contract_terms hash of contract being refunded + * @param coin_pub public key of the coin receiving the refund + * @param merchant public key of the merchant that granted the refund + * @param rtransaction_id refund transaction ID used by the merchant + * @param refund_amount amount refunded + * @param pub where to write the public key + * @param sig where to write the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_refund_confirmation_verify ( + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_MerchantPublicKeyP *merchant, + uint64_t rtransaction_id, + const struct TALER_Amount *refund_amount, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create refresh melt confirmation signature. + * + * @param scb function to call to create the signature + * @param rc refresh commitment that identifies the melt operation + * @param noreveal_index gamma cut-and-choose value chosen by the exchange + * @param[out] pub where to write the exchange public key + * @param[out] sig where to write the exchange signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_melt_confirmation_sign ( + TALER_ExchangeSignCallback scb, + const struct TALER_RefreshCommitmentP *rc, + uint32_t noreveal_index, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify refresh melt confirmation signature. + * + * @param rc refresh commitment that identifies the melt operation + * @param noreveal_index gamma cut-and-choose value chosen by the exchange + * @param pub where to write the public key + * @param sig where to write the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_melt_confirmation_verify ( + const struct TALER_RefreshCommitmentP *rc, + uint32_t noreveal_index, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create exchange purse refund confirmation signature. + * + * @param scb function to call to create the signature + * @param amount_without_fee refunded amount + * @param refund_fee refund fee charged + * @param coin_pub coin that was refunded + * @param purse_pub public key of the expired purse + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_purse_refund_sign ( + TALER_ExchangeSignCallback scb, + const struct TALER_Amount *amount_without_fee, + const struct TALER_Amount *refund_fee, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_PurseContractPublicKeyP *purse_pub, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify signature of exchange affirming purse refund + * from purse expiration. + * + * @param amount_without_fee refunded amount + * @param refund_fee refund fee charged + * @param coin_pub coin that was refunded + * @param purse_pub public key of the expired purse + * @param pub public key to verify signature against + * @param sig signature to verify + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_purse_refund_verify ( + const struct TALER_Amount *amount_without_fee, + const struct TALER_Amount *refund_fee, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create exchange key set signature. + * + * @param scb function to call to create the signature + * @param cls closure for @a scb + * @param timestamp time when the key set was issued + * @param hc hash over all the keys + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_key_set_sign ( + TALER_ExchangeSignCallback2 scb, + void *cls, + struct GNUNET_TIME_Timestamp timestamp, + const struct GNUNET_HashCode *hc, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify key set signature. + * + * @param timestamp time when the key set was issued + * @param hc hash over all the keys + * @param pub public key to verify signature against + * @param sig signature to verify + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_key_set_verify ( + struct GNUNET_TIME_Timestamp timestamp, + const struct GNUNET_HashCode *hc, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create account KYC setup success signature. + * + * @param scb function to call to create the signature + * @param h_payto target of the KYC account + * @param kyc JSON data describing which KYC checks + * were satisfied + * @param timestamp time when the KYC was confirmed + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_account_setup_success_sign ( + TALER_ExchangeSignCallback scb, + const struct TALER_PaytoHashP *h_payto, + const json_t *kyc, + struct GNUNET_TIME_Timestamp timestamp, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify account KYC setup success signature. + * + * @param h_payto target of the KYC account + * @param kyc JSON data describing which KYC checks + * were satisfied + * @param timestamp time when the KYC was confirmed + * @param pub where to write the public key + * @param sig where to write the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_account_setup_success_verify ( + const struct TALER_PaytoHashP *h_payto, + const json_t *kyc, + struct GNUNET_TIME_Timestamp timestamp, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Hash normalized @a j JSON object or array and + * store the result in @a hc. + * + * @param j JSON to hash + * @param[out] hc where to write the hash + */ +void +TALER_json_hash (const json_t *j, + struct GNUNET_HashCode *hc); + + +/** + * Update the @a hash_context in the computation of the + * h_details for a wire status signature. + * + * @param[in,out] hash_context context to update + * @param h_contract_terms hash of the contract + * @param execution_time when was the wire transfer initiated + * @param coin_pub deposited coin + * @param deposit_value contribution of the coin + * @param deposit_fee how high was the deposit fee + */ +void +TALER_exchange_online_wire_deposit_append ( + struct GNUNET_HashContext *hash_context, + const struct TALER_PrivateContractHashP *h_contract_terms, + struct GNUNET_TIME_Timestamp execution_time, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_Amount *deposit_value, + const struct TALER_Amount *deposit_fee); + + +/** + * Create wire deposit signature. + * + * @param scb function to call to create the signature + * @param total amount the merchant was credited + * @param wire_fee fee charged by the exchange for the wire transfer + * @param merchant_pub which merchant was credited + * @param payto payto://-URI of the merchant account + * @param h_details hash over the aggregation details + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_wire_deposit_sign ( + TALER_ExchangeSignCallback scb, + const struct TALER_Amount *total, + const struct TALER_Amount *wire_fee, + const struct TALER_MerchantPublicKeyP *merchant_pub, + const char *payto, + const struct GNUNET_HashCode *h_details, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify wire deposit signature. + * + * @param total amount the merchant was credited + * @param wire_fee fee charged by the exchange for the wire transfer + * @param merchant_pub which merchant was credited + * @param h_payto hash of the payto://-URI of the merchant account + * @param h_details hash over the aggregation details + * @param pub where to write the public key + * @param sig where to write the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_wire_deposit_verify ( + const struct TALER_Amount *total, + const struct TALER_Amount *wire_fee, + const struct TALER_MerchantPublicKeyP *merchant_pub, + const struct TALER_PaytoHashP *h_payto, + const struct GNUNET_HashCode *h_details, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create wire confirmation signature. + * + * @param scb function to call to create the signature + * @param h_wire hash of the merchant's account + * @param h_contract_terms hash of the contract + * @param wtid wire transfer this deposit was aggregated into + * @param coin_pub public key of the deposited coin + * @param execution_time when was wire transfer initiated + * @param coin_contribution what was @a coin_pub's contribution to the wire transfer + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_confirm_wire_sign ( + TALER_ExchangeSignCallback scb, + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_WireTransferIdentifierRawP *wtid, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + struct GNUNET_TIME_Timestamp execution_time, + const struct TALER_Amount *coin_contribution, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify confirm wire signature. + * + * @param h_wire hash of the merchant's account + * @param h_contract_terms hash of the contract + * @param wtid wire transfer this deposit was aggregated into + * @param coin_pub public key of the deposited coin + * @param execution_time when was wire transfer initiated + * @param coin_contribution what was @a coin_pub's contribution to the wire transfer + * @param pub where to write the public key + * @param sig where to write the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_confirm_wire_verify ( + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_WireTransferIdentifierRawP *wtid, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + struct GNUNET_TIME_Timestamp execution_time, + const struct TALER_Amount *coin_contribution, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create confirm recoup signature. + * + * @param scb function to call to create the signature + * @param timestamp when was the recoup done + * @param recoup_amount how much was recouped + * @param coin_pub coin that was recouped + * @param reserve_pub reserve that was credited + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_confirm_recoup_sign ( + TALER_ExchangeSignCallback scb, + struct GNUNET_TIME_Timestamp timestamp, + const struct TALER_Amount *recoup_amount, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_ReservePublicKeyP *reserve_pub, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify confirm recoup signature. + * + * @param timestamp when was the recoup done + * @param recoup_amount how much was recouped + * @param coin_pub coin that was recouped + * @param reserve_pub reserve that was credited + * @param pub where to write the public key + * @param sig where to write the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_confirm_recoup_verify ( + struct GNUNET_TIME_Timestamp timestamp, + const struct TALER_Amount *recoup_amount, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create confirm recoup refresh signature. + * + * @param scb function to call to create the signature + * @param timestamp when was the recoup done + * @param recoup_amount how much was recouped + * @param coin_pub coin that was recouped + * @param old_coin_pub old coin that was credited + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_confirm_recoup_refresh_sign ( + TALER_ExchangeSignCallback scb, + struct GNUNET_TIME_Timestamp timestamp, + const struct TALER_Amount *recoup_amount, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendPublicKeyP *old_coin_pub, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify confirm recoup refresh signature. + * + * @param timestamp when was the recoup done + * @param recoup_amount how much was recouped + * @param coin_pub coin that was recouped + * @param old_coin_pub old coin that was credited + * @param pub where to write the public key + * @param sig where to write the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_confirm_recoup_refresh_verify ( + struct GNUNET_TIME_Timestamp timestamp, + const struct TALER_Amount *recoup_amount, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendPublicKeyP *old_coin_pub, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create denomination unknown signature. + * + * @param scb function to call to create the signature + * @param timestamp when was the error created + * @param h_denom_pub hash of denomination that is unknown + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_denomination_unknown_sign ( + TALER_ExchangeSignCallback scb, + struct GNUNET_TIME_Timestamp timestamp, + const struct TALER_DenominationHashP *h_denom_pub, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify denomination unknown signature. + * + * @param timestamp when was the error created + * @param h_denom_pub hash of denomination that is unknown + * @param pub where to write the public key + * @param sig where to write the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_denomination_unknown_verify ( + struct GNUNET_TIME_Timestamp timestamp, + const struct TALER_DenominationHashP *h_denom_pub, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create denomination expired signature. + * + * @param scb function to call to create the signature + * @param timestamp when was the error created + * @param h_denom_pub hash of denomination that is expired + * @param op character string describing the operation for which + * the denomination is expired + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_denomination_expired_sign ( + TALER_ExchangeSignCallback scb, + struct GNUNET_TIME_Timestamp timestamp, + const struct TALER_DenominationHashP *h_denom_pub, + const char *op, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify denomination expired signature. + * + * @param timestamp when was the error created + * @param h_denom_pub hash of denomination that is expired + * @param op character string describing the operation for which + * the denomination is expired + * @param pub where to write the public key + * @param sig where to write the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_denomination_expired_verify ( + struct GNUNET_TIME_Timestamp timestamp, + const struct TALER_DenominationHashP *h_denom_pub, + const char *op, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create reserve closure signature. + * + * @param scb function to call to create the signature + * @param timestamp time when the reserve was closed + * @param closing_amount amount left in the reserve + * @param closing_fee closing fee charged + * @param payto target of the wire transfer + * @param wtid wire transfer subject used + * @param reserve_pub public key of the closed reserve + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_reserve_closed_sign ( + TALER_ExchangeSignCallback scb, + struct GNUNET_TIME_Timestamp timestamp, + const struct TALER_Amount *closing_amount, + const struct TALER_Amount *closing_fee, + const char *payto, + const struct TALER_WireTransferIdentifierRawP *wtid, + const struct TALER_ReservePublicKeyP *reserve_pub, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify reserve closure signature. + * + * @param timestamp time when the reserve was closed + * @param closing_amount amount left in the reserve + * @param closing_fee closing fee charged + * @param payto target of the wire transfer + * @param wtid wire transfer subject used + * @param reserve_pub public key of the closed reserve + * @param pub the public key of the exchange to check against + * @param sig the signature to check + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_reserve_closed_verify ( + struct GNUNET_TIME_Timestamp timestamp, + const struct TALER_Amount *closing_amount, + const struct TALER_Amount *closing_fee, + const char *payto, + const struct TALER_WireTransferIdentifierRawP *wtid, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Create signature by exchange affirming that a reserve + * has had certain attributes verified via KYC. + * + * @param scb function to call to create the signature + * @param attest_timestamp our time + * @param expiration_time when does the KYC data expire + * @param reserve_pub for which reserve are attributes attested + * @param attributes JSON object with attributes being attested to + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_reserve_attest_details_sign ( + TALER_ExchangeSignCallback scb, + struct GNUNET_TIME_Timestamp attest_timestamp, + struct GNUNET_TIME_Timestamp expiration_time, + const struct TALER_ReservePublicKeyP *reserve_pub, + const json_t *attributes, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify signature by exchange affirming that a reserve + * has had certain attributes verified via KYC. + * + * @param attest_timestamp our time + * @param expiration_time when does the KYC data expire + * @param reserve_pub for which reserve are attributes attested + * @param attributes JSON object with attributes being attested to + * @param pub exchange public key + * @param sig exchange signature to verify + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_reserve_attest_details_verify ( + struct GNUNET_TIME_Timestamp attest_timestamp, + struct GNUNET_TIME_Timestamp expiration_time, + const struct TALER_ReservePublicKeyP *reserve_pub, + const json_t *attributes, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Create signature by exchange affirming that a purse was created. + * + * @param scb function to call to create the signature + * @param exchange_time our time + * @param purse_expiration when will the purse expire + * @param amount_without_fee total amount to be put into the purse (without deposit fees) + * @param total_deposited total currently in the purse + * @param purse_pub public key of the purse + * @param h_contract_terms hash of the contract for the purse + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_purse_created_sign ( + TALER_ExchangeSignCallback scb, + struct GNUNET_TIME_Timestamp exchange_time, + struct GNUNET_TIME_Timestamp purse_expiration, + const struct TALER_Amount *amount_without_fee, + const struct TALER_Amount *total_deposited, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PrivateContractHashP *h_contract_terms, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify exchange signature about a purse creation and balance. + * + * @param exchange_time our time + * @param purse_expiration when will the purse expire + * @param amount_without_fee total amount to be put into the purse (without deposit fees) + * @param total_deposited total currently in the purse + * @param purse_pub public key of the purse + * @param h_contract_terms hash of the contract for the purse + * @param pub the public key of the exchange to check against + * @param sig the signature to check + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_purse_created_verify ( + struct GNUNET_TIME_Timestamp exchange_time, + struct GNUNET_TIME_Timestamp purse_expiration, + const struct TALER_Amount *amount_without_fee, + const struct TALER_Amount *total_deposited, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Sign affirmation that a purse was merged. + * + * @param scb function to call to create the signature + * @param exchange_time our time + * @param purse_expiration when does the purse expire + * @param amount_without_fee total amount that should be in the purse without deposit fees + * @param purse_pub public key of the purse + * @param h_contract_terms hash of the contract of the purse + * @param reserve_pub reserve the purse will be merged into + * @param exchange_url exchange at which the @a reserve_pub lives + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_purse_merged_sign ( + TALER_ExchangeSignCallback scb, + struct GNUNET_TIME_Timestamp exchange_time, + struct GNUNET_TIME_Timestamp purse_expiration, + const struct TALER_Amount *amount_without_fee, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_ReservePublicKeyP *reserve_pub, + const char *exchange_url, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify affirmation that a purse will be merged. + * + * @param exchange_time our time + * @param purse_expiration when does the purse expire + * @param amount_without_fee total amount that should be in the purse without deposit fees + * @param purse_pub public key of the purse + * @param h_contract_terms hash of the contract of the purse + * @param reserve_pub reserve the purse will be merged into + * @param exchange_url exchange at which the @a reserve_pub lives + * @param pub the public key of the exchange to check against + * @param sig the signature to check + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_purse_merged_verify ( + struct GNUNET_TIME_Timestamp exchange_time, + struct GNUNET_TIME_Timestamp purse_expiration, + const struct TALER_Amount *amount_without_fee, + const struct TALER_PurseContractPublicKeyP *purse_pub, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_ReservePublicKeyP *reserve_pub, + const char *exchange_url, + const struct TALER_ExchangePublicKeyP *pub, + const struct TALER_ExchangeSignatureP *sig); + + +/** + * Sign information about the status of a purse. + * + * @param scb function to call to create the signature + * @param merge_timestamp when was the purse merged (can be never) + * @param deposit_timestamp when was the purse fully paid up (can be never) + * @param balance current balance of the purse + * @param[out] pub where to write the public key + * @param[out] sig where to write the signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_purse_status_sign ( + TALER_ExchangeSignCallback scb, + struct GNUNET_TIME_Timestamp merge_timestamp, + struct GNUNET_TIME_Timestamp deposit_timestamp, + const struct TALER_Amount *balance, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify signature over information about the status of a purse. + * + * @param merge_timestamp when was the purse merged (can be never) + * @param deposit_timestamp when was the purse fully paid up (can be never) + * @param balance current balance of the purse + * @param exchange_pub the public key of the exchange to check against + * @param exchange_sig the signature to check + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_purse_status_verify ( + struct GNUNET_TIME_Timestamp merge_timestamp, + struct GNUNET_TIME_Timestamp deposit_timestamp, + const struct TALER_Amount *balance, + const struct TALER_ExchangePublicKeyP *exchange_pub, + const struct TALER_ExchangeSignatureP *exchange_sig); + + +/** + * Create age-withdraw confirmation signature. + * + * @param scb function to call to create the signature + * @param h_commitment age-withdraw commitment that identifies the n*kappa blinded coins + * @param noreveal_index gamma cut-and-choose value chosen by the exchange + * @param[out] pub where to write the exchange public key + * @param[out] sig where to write the exchange signature + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_exchange_online_age_withdraw_confirmation_sign ( + TALER_ExchangeSignCallback scb, + const struct TALER_AgeWithdrawCommitmentHashP *h_commitment, + uint32_t noreveal_index, + struct TALER_ExchangePublicKeyP *pub, + struct TALER_ExchangeSignatureP *sig); + + +/** + * Verify an exchange age-withdraw confirmation + * + * @param h_commitment Commitment over all n*kappa coin candidates from the original request to age-withdraw + * @param noreveal_index The index returned by the exchange + * @param exchange_pub The public key used for signing + * @param exchange_sig The signature from the exchange + */ +enum GNUNET_GenericReturnValue +TALER_exchange_online_age_withdraw_confirmation_verify ( + const struct TALER_AgeWithdrawCommitmentHashP *h_commitment, + uint32_t noreveal_index, + const struct TALER_ExchangePublicKeyP *exchange_pub, + const struct TALER_ExchangeSignatureP *exchange_sig); + + /* ********************* offline signing ************************** */ /** + * Create AML officer status change signature. + * + * @param officer_pub public key of the AML officer + * @param officer_name name of the officer + * @param change_date when to affect the status change + * @param is_active true to enable the officer + * @param read_only true to only allow read-only access + * @param master_priv private key to sign with + * @param[out] master_sig where to write the signature + */ +void +TALER_exchange_offline_aml_officer_status_sign ( + const struct TALER_AmlOfficerPublicKeyP *officer_pub, + const char *officer_name, + struct GNUNET_TIME_Timestamp change_date, + bool is_active, + bool read_only, + const struct TALER_MasterPrivateKeyP *master_priv, + struct TALER_MasterSignatureP *master_sig); + + +/** + * Verify AML officer status change signature. + * + * @param officer_pub public key of the AML officer + * @param officer_name name of the officer + * @param change_date when to affect the status change + * @param is_active true to enable the officer + * @param read_only true to only allow read-only access + * @param master_pub public key to verify against + * @param master_sig the signature the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_offline_aml_officer_status_verify ( + const struct TALER_AmlOfficerPublicKeyP *officer_pub, + const char *officer_name, + struct GNUNET_TIME_Timestamp change_date, + bool is_active, + bool read_only, + const struct TALER_MasterPublicKeyP *master_pub, + const struct TALER_MasterSignatureP *master_sig); + + +/** * Create auditor addition signature. * * @param auditor_pub public key of the auditor @@ -1120,7 +4785,7 @@ void TALER_exchange_offline_auditor_add_sign ( const struct TALER_AuditorPublicKeyP *auditor_pub, const char *auditor_url, - struct GNUNET_TIME_Absolute start_date, + struct GNUNET_TIME_Timestamp start_date, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); @@ -1139,7 +4804,7 @@ enum GNUNET_GenericReturnValue TALER_exchange_offline_auditor_add_verify ( const struct TALER_AuditorPublicKeyP *auditor_pub, const char *auditor_url, - struct GNUNET_TIME_Absolute start_date, + struct GNUNET_TIME_Timestamp start_date, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig); @@ -1155,7 +4820,7 @@ TALER_exchange_offline_auditor_add_verify ( void TALER_exchange_offline_auditor_del_sign ( const struct TALER_AuditorPublicKeyP *auditor_pub, - struct GNUNET_TIME_Absolute end_date, + struct GNUNET_TIME_Timestamp end_date, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); @@ -1172,7 +4837,7 @@ TALER_exchange_offline_auditor_del_sign ( enum GNUNET_GenericReturnValue TALER_exchange_offline_auditor_del_verify ( const struct TALER_AuditorPublicKeyP *auditor_pub, - struct GNUNET_TIME_Absolute end_date, + struct GNUNET_TIME_Timestamp end_date, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig); @@ -1186,7 +4851,7 @@ TALER_exchange_offline_auditor_del_verify ( */ void TALER_exchange_offline_denomination_revoke_sign ( - const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_DenominationHashP *h_denom_pub, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); @@ -1201,7 +4866,7 @@ TALER_exchange_offline_denomination_revoke_sign ( */ enum GNUNET_GenericReturnValue TALER_exchange_offline_denomination_revoke_verify ( - const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_DenominationHashP *h_denom_pub, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig); @@ -1248,9 +4913,9 @@ TALER_exchange_offline_signkey_revoke_verify ( void TALER_exchange_offline_signkey_validity_sign ( const struct TALER_ExchangePublicKeyP *exchange_pub, - struct GNUNET_TIME_Absolute start_sign, - struct GNUNET_TIME_Absolute end_sign, - struct GNUNET_TIME_Absolute end_legal, + struct GNUNET_TIME_Timestamp start_sign, + struct GNUNET_TIME_Timestamp end_sign, + struct GNUNET_TIME_Timestamp end_legal, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); @@ -1269,9 +4934,9 @@ TALER_exchange_offline_signkey_validity_sign ( enum GNUNET_GenericReturnValue TALER_exchange_offline_signkey_validity_verify ( const struct TALER_ExchangePublicKeyP *exchange_pub, - struct GNUNET_TIME_Absolute start_sign, - struct GNUNET_TIME_Absolute end_sign, - struct GNUNET_TIME_Absolute end_legal, + struct GNUNET_TIME_Timestamp start_sign, + struct GNUNET_TIME_Timestamp end_sign, + struct GNUNET_TIME_Timestamp end_legal, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig); @@ -1285,25 +4950,19 @@ TALER_exchange_offline_signkey_validity_verify ( * @param stamp_expire_deposit how long does the exchange accept the deposit of coins with this key * @param stamp_expire_legal how long does the exchange preserve information for legal disputes with this key * @param coin_value what is the value of coins signed with this key - * @param fee_withdraw what withdraw fee does the exchange charge for this denomination - * @param fee_deposit what deposit fee does the exchange charge for this denomination - * @param fee_refresh what refresh fee does the exchange charge for this denomination - * @param fee_refund what refund fee does the exchange charge for this denomination + * @param fees fees for this denomination * @param master_priv private key to sign with * @param[out] master_sig where to write the signature */ void TALER_exchange_offline_denom_validity_sign ( - const struct GNUNET_HashCode *h_denom_pub, - struct GNUNET_TIME_Absolute stamp_start, - struct GNUNET_TIME_Absolute stamp_expire_withdraw, - struct GNUNET_TIME_Absolute stamp_expire_deposit, - struct GNUNET_TIME_Absolute stamp_expire_legal, + const struct TALER_DenominationHashP *h_denom_pub, + struct GNUNET_TIME_Timestamp stamp_start, + struct GNUNET_TIME_Timestamp stamp_expire_withdraw, + struct GNUNET_TIME_Timestamp stamp_expire_deposit, + struct GNUNET_TIME_Timestamp stamp_expire_legal, const struct TALER_Amount *coin_value, - const struct TALER_Amount *fee_withdraw, - const struct TALER_Amount *fee_deposit, - const struct TALER_Amount *fee_refresh, - const struct TALER_Amount *fee_refund, + const struct TALER_DenomFeeSet *fees, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); @@ -1317,26 +4976,118 @@ TALER_exchange_offline_denom_validity_sign ( * @param stamp_expire_deposit how long does the exchange accept the deposit of coins with this key * @param stamp_expire_legal how long does the exchange preserve information for legal disputes with this key * @param coin_value what is the value of coins signed with this key - * @param fee_withdraw what withdraw fee does the exchange charge for this denomination - * @param fee_deposit what deposit fee does the exchange charge for this denomination - * @param fee_refresh what refresh fee does the exchange charge for this denomination - * @param fee_refund what refund fee does the exchange charge for this denomination + * @param fees fees for this denomination * @param master_pub public key to verify against * @param master_sig the signature the signature * @return #GNUNET_OK if the signature is valid */ enum GNUNET_GenericReturnValue TALER_exchange_offline_denom_validity_verify ( - const struct GNUNET_HashCode *h_denom_pub, - struct GNUNET_TIME_Absolute stamp_start, - struct GNUNET_TIME_Absolute stamp_expire_withdraw, - struct GNUNET_TIME_Absolute stamp_expire_deposit, - struct GNUNET_TIME_Absolute stamp_expire_legal, + const struct TALER_DenominationHashP *h_denom_pub, + struct GNUNET_TIME_Timestamp stamp_start, + struct GNUNET_TIME_Timestamp stamp_expire_withdraw, + struct GNUNET_TIME_Timestamp stamp_expire_deposit, + struct GNUNET_TIME_Timestamp stamp_expire_legal, const struct TALER_Amount *coin_value, - const struct TALER_Amount *fee_withdraw, - const struct TALER_Amount *fee_deposit, - const struct TALER_Amount *fee_refresh, - const struct TALER_Amount *fee_refund, + const struct TALER_DenomFeeSet *fees, + const struct TALER_MasterPublicKeyP *master_pub, + const struct TALER_MasterSignatureP *master_sig); + + +/** + * Create offline signature about an exchange's partners. + * + * @param partner_pub master public key of the partner + * @param start_date validity period start + * @param end_date validity period end + * @param wad_frequency how often will we do wad transfers to this partner + * @param wad_fee what is the wad fee to this partner + * @param partner_base_url what is the base URL of the @a partner_pub exchange + * @param master_priv private key to sign with + * @param[out] master_sig where to write the signature + */ +void +TALER_exchange_offline_partner_details_sign ( + const struct TALER_MasterPublicKeyP *partner_pub, + struct GNUNET_TIME_Timestamp start_date, + struct GNUNET_TIME_Timestamp end_date, + struct GNUNET_TIME_Relative wad_frequency, + const struct TALER_Amount *wad_fee, + const char *partner_base_url, + const struct TALER_MasterPrivateKeyP *master_priv, + struct TALER_MasterSignatureP *master_sig); + + +/** + * Verify signature about an exchange's partners. + * + * @param partner_pub master public key of the partner + * @param start_date validity period start + * @param end_date validity period end + * @param wad_frequency how often will we do wad transfers to this partner + * @param wad_fee what is the wad fee to this partner + * @param partner_base_url what is the base URL of the @a partner_pub exchange + * @param master_pub public key to verify against + * @param master_sig the signature the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_offline_partner_details_verify ( + const struct TALER_MasterPublicKeyP *partner_pub, + struct GNUNET_TIME_Timestamp start_date, + struct GNUNET_TIME_Timestamp end_date, + struct GNUNET_TIME_Relative wad_frequency, + const struct TALER_Amount *wad_fee, + const char *partner_base_url, + const struct TALER_MasterPublicKeyP *master_pub, + const struct TALER_MasterSignatureP *master_sig); + + +/** + * Create offline signature about wiring profits to a + * regular non-escrowed account of the exchange. + * + * @param wtid (random) wire transfer ID to be used + * @param date when was the profit drain approved (not exact time of execution) + * @param amount how much should be wired + * @param account_section configuration section of the + * exchange specifying the account to be debited + * @param payto_uri target account to be credited + * @param master_priv private key to sign with + * @param[out] master_sig where to write the signature + */ +void +TALER_exchange_offline_profit_drain_sign ( + const struct TALER_WireTransferIdentifierRawP *wtid, + struct GNUNET_TIME_Timestamp date, + const struct TALER_Amount *amount, + const char *account_section, + const char *payto_uri, + const struct TALER_MasterPrivateKeyP *master_priv, + struct TALER_MasterSignatureP *master_sig); + + +/** + * Verify offline signature about wiring profits to a + * regular non-escrowed account of the exchange. + * + * @param wtid (random) wire transfer ID to be used + * @param date when was the profit drain approved (not exact time of execution) + * @param amount how much should be wired + * @param account_section configuration section of the + * exchange specifying the account to be debited + * @param payto_uri target account to be credited + * @param master_pub public key to verify signature against + * @param master_sig the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_offline_profit_drain_verify ( + const struct TALER_WireTransferIdentifierRawP *wtid, + struct GNUNET_TIME_Timestamp date, + const struct TALER_Amount *amount, + const char *account_section, + const char *payto_uri, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig); @@ -1353,7 +5104,7 @@ TALER_exchange_offline_denom_validity_verify ( void TALER_exchange_secmod_eddsa_sign ( const struct TALER_ExchangePublicKeyP *exchange_pub, - struct GNUNET_TIME_Absolute start_sign, + struct GNUNET_TIME_Timestamp start_sign, struct GNUNET_TIME_Relative duration, const struct TALER_SecurityModulePrivateKeyP *secm_priv, struct TALER_SecurityModuleSignatureP *secm_sig); @@ -1372,16 +5123,16 @@ TALER_exchange_secmod_eddsa_sign ( enum GNUNET_GenericReturnValue TALER_exchange_secmod_eddsa_verify ( const struct TALER_ExchangePublicKeyP *exchange_pub, - struct GNUNET_TIME_Absolute start_sign, + struct GNUNET_TIME_Timestamp start_sign, struct GNUNET_TIME_Relative duration, const struct TALER_SecurityModulePublicKeyP *secm_pub, const struct TALER_SecurityModuleSignatureP *secm_sig); /** - * Create security module RSA signature. + * Create security module denomination signature. * - * @param h_denom_pub hash of the public key to validate + * @param h_rsa hash of the RSA public key to sign * @param section_name name of the section in the configuration * @param start_sign starting point of validity for signing * @param duration how long will the key be in use @@ -1390,18 +5141,18 @@ TALER_exchange_secmod_eddsa_verify ( */ void TALER_exchange_secmod_rsa_sign ( - const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_RsaPubHashP *h_rsa, const char *section_name, - struct GNUNET_TIME_Absolute start_sign, + struct GNUNET_TIME_Timestamp start_sign, struct GNUNET_TIME_Relative duration, const struct TALER_SecurityModulePrivateKeyP *secm_priv, struct TALER_SecurityModuleSignatureP *secm_sig); /** - * Verify security module RSA signature. + * Verify security module denomination signature. * - * @param h_denom_pub hash of the public key to validate + * @param h_rsa hash of the public key to validate * @param section_name name of the section in the configuration * @param start_sign starting point of validity for signing * @param duration how long will the key be in use @@ -1411,9 +5162,50 @@ TALER_exchange_secmod_rsa_sign ( */ enum GNUNET_GenericReturnValue TALER_exchange_secmod_rsa_verify ( - const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_RsaPubHashP *h_rsa, const char *section_name, - struct GNUNET_TIME_Absolute start_sign, + struct GNUNET_TIME_Timestamp start_sign, + struct GNUNET_TIME_Relative duration, + const struct TALER_SecurityModulePublicKeyP *secm_pub, + const struct TALER_SecurityModuleSignatureP *secm_sig); + + +/** + * Create security module denomination signature. + * + * @param h_cs hash of the CS public key to sign + * @param section_name name of the section in the configuration + * @param start_sign starting point of validity for signing + * @param duration how long will the key be in use + * @param secm_priv security module key to sign with + * @param[out] secm_sig where to write the signature + */ +void +TALER_exchange_secmod_cs_sign ( + const struct TALER_CsPubHashP *h_cs, + const char *section_name, + struct GNUNET_TIME_Timestamp start_sign, + struct GNUNET_TIME_Relative duration, + const struct TALER_SecurityModulePrivateKeyP *secm_priv, + struct TALER_SecurityModuleSignatureP *secm_sig); + + +/** + * Verify security module denomination signature. + * + * @param h_cs hash of the public key to validate + * @param section_name name of the section in the configuration + * @param start_sign starting point of validity for signing + * @param duration how long will the key be in use + * @param secm_pub public key to verify against + * @param secm_sig the signature the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_secmod_cs_verify ( + const struct TALER_CsPubHashP *h_cs, + const char *section_name, + struct GNUNET_TIME_Timestamp start_sign, struct GNUNET_TIME_Relative duration, const struct TALER_SecurityModulePublicKeyP *secm_pub, const struct TALER_SecurityModuleSignatureP *secm_sig); @@ -1430,27 +5222,21 @@ TALER_exchange_secmod_rsa_verify ( * @param stamp_expire_deposit how long does the exchange accept the deposit of coins with this key * @param stamp_expire_legal how long does the exchange preserve information for legal disputes with this key * @param coin_value what is the value of coins signed with this key - * @param fee_withdraw what withdraw fee does the exchange charge for this denomination - * @param fee_deposit what deposit fee does the exchange charge for this denomination - * @param fee_refresh what refresh fee does the exchange charge for this denomination - * @param fee_refund what refund fee does the exchange charge for this denomination + * @param fees fees the exchange charges for this denomination * @param auditor_priv private key to sign with * @param[out] auditor_sig where to write the signature */ void TALER_auditor_denom_validity_sign ( const char *auditor_url, - const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_DenominationHashP *h_denom_pub, const struct TALER_MasterPublicKeyP *master_pub, - struct GNUNET_TIME_Absolute stamp_start, - struct GNUNET_TIME_Absolute stamp_expire_withdraw, - struct GNUNET_TIME_Absolute stamp_expire_deposit, - struct GNUNET_TIME_Absolute stamp_expire_legal, + struct GNUNET_TIME_Timestamp stamp_start, + struct GNUNET_TIME_Timestamp stamp_expire_withdraw, + struct GNUNET_TIME_Timestamp stamp_expire_deposit, + struct GNUNET_TIME_Timestamp stamp_expire_legal, const struct TALER_Amount *coin_value, - const struct TALER_Amount *fee_withdraw, - const struct TALER_Amount *fee_deposit, - const struct TALER_Amount *fee_refresh, - const struct TALER_Amount *fee_refund, + const struct TALER_DenomFeeSet *fees, const struct TALER_AuditorPrivateKeyP *auditor_priv, struct TALER_AuditorSignatureP *auditor_sig); @@ -1466,10 +5252,7 @@ TALER_auditor_denom_validity_sign ( * @param stamp_expire_deposit how long does the exchange accept the deposit of coins with this key * @param stamp_expire_legal how long does the exchange preserve information for legal disputes with this key * @param coin_value what is the value of coins signed with this key - * @param fee_withdraw what withdraw fee does the exchange charge for this denomination - * @param fee_deposit what deposit fee does the exchange charge for this denomination - * @param fee_refresh what refresh fee does the exchange charge for this denomination - * @param fee_refund what refund fee does the exchange charge for this denomination + * @param fees fees the exchange charges for this denomination * @param auditor_pub public key to verify against * @param auditor_sig the signature the signature * @return #GNUNET_OK if the signature is valid @@ -1477,17 +5260,14 @@ TALER_auditor_denom_validity_sign ( enum GNUNET_GenericReturnValue TALER_auditor_denom_validity_verify ( const char *auditor_url, - const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_DenominationHashP *h_denom_pub, const struct TALER_MasterPublicKeyP *master_pub, - struct GNUNET_TIME_Absolute stamp_start, - struct GNUNET_TIME_Absolute stamp_expire_withdraw, - struct GNUNET_TIME_Absolute stamp_expire_deposit, - struct GNUNET_TIME_Absolute stamp_expire_legal, + struct GNUNET_TIME_Timestamp stamp_start, + struct GNUNET_TIME_Timestamp stamp_expire_withdraw, + struct GNUNET_TIME_Timestamp stamp_expire_deposit, + struct GNUNET_TIME_Timestamp stamp_expire_legal, const struct TALER_Amount *coin_value, - const struct TALER_Amount *fee_withdraw, - const struct TALER_Amount *fee_deposit, - const struct TALER_Amount *fee_refresh, - const struct TALER_Amount *fee_refund, + const struct TALER_DenomFeeSet *fees, const struct TALER_AuditorPublicKeyP *auditor_pub, const struct TALER_AuditorSignatureP *auditor_sig); @@ -1501,18 +5281,16 @@ TALER_auditor_denom_validity_verify ( * @param payment_method the payment method * @param start_time when do the fees start to apply * @param end_time when do the fees start to apply - * @param wire_fee the wire fee - * @param closing_fee the closing fee + * @param fees the wire fees * @param master_priv private key to sign with * @param[out] master_sig where to write the signature */ void TALER_exchange_offline_wire_fee_sign ( const char *payment_method, - struct GNUNET_TIME_Absolute start_time, - struct GNUNET_TIME_Absolute end_time, - const struct TALER_Amount *wire_fee, - const struct TALER_Amount *closing_fee, + struct GNUNET_TIME_Timestamp start_time, + struct GNUNET_TIME_Timestamp end_time, + const struct TALER_WireFeeSet *fees, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); @@ -1523,8 +5301,7 @@ TALER_exchange_offline_wire_fee_sign ( * @param payment_method the payment method * @param start_time when do the fees start to apply * @param end_time when do the fees start to apply - * @param wire_fee the wire fee - * @param closing_fee the closing fee + * @param fees the wire fees * @param master_pub public key to verify against * @param master_sig the signature the signature * @return #GNUNET_OK if the signature is valid @@ -1532,10 +5309,58 @@ TALER_exchange_offline_wire_fee_sign ( enum GNUNET_GenericReturnValue TALER_exchange_offline_wire_fee_verify ( const char *payment_method, - struct GNUNET_TIME_Absolute start_time, - struct GNUNET_TIME_Absolute end_time, - const struct TALER_Amount *wire_fee, - const struct TALER_Amount *closing_fee, + struct GNUNET_TIME_Timestamp start_time, + struct GNUNET_TIME_Timestamp end_time, + const struct TALER_WireFeeSet *fees, + const struct TALER_MasterPublicKeyP *master_pub, + const struct TALER_MasterSignatureP *master_sig); + + +/** + * Create global fees signature. + * + * @param start_time when do the fees start to apply + * @param end_time when do the fees start to apply + * @param fees the global fees + * @param purse_timeout how long do unmerged purses stay around + * @param history_expiration how long do we keep the history of an account + * @param purse_account_limit how many concurrent purses are free per account holder + * @param master_priv private key to sign with + * @param[out] master_sig where to write the signature + */ +void +TALER_exchange_offline_global_fee_sign ( + struct GNUNET_TIME_Timestamp start_time, + struct GNUNET_TIME_Timestamp end_time, + const struct TALER_GlobalFeeSet *fees, + struct GNUNET_TIME_Relative purse_timeout, + struct GNUNET_TIME_Relative history_expiration, + uint32_t purse_account_limit, + const struct TALER_MasterPrivateKeyP *master_priv, + struct TALER_MasterSignatureP *master_sig); + + +/** + * Verify global fees signature. + * + * @param start_time when do the fees start to apply + * @param end_time when do the fees start to apply + * @param fees the global fees + * @param purse_timeout how long do unmerged purses stay around + * @param history_expiration how long do we keep the history of an account + * @param purse_account_limit how many concurrent purses are free per account holder + * @param master_pub public key to verify against + * @param master_sig the signature the signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_offline_global_fee_verify ( + struct GNUNET_TIME_Timestamp start_time, + struct GNUNET_TIME_Timestamp end_time, + const struct TALER_GlobalFeeSet *fees, + struct GNUNET_TIME_Relative purse_timeout, + struct GNUNET_TIME_Relative history_expiration, + uint32_t purse_account_limit, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig); @@ -1544,6 +5369,9 @@ TALER_exchange_offline_wire_fee_verify ( * Create wire account addition signature. * * @param payto_uri bank account + * @param conversion_url URL of the conversion service, or NULL if none + * @param debit_restrictions JSON encoding of debit restrictions on the account; see AccountRestriction in the spec + * @param credit_restrictions JSON encoding of credit restrictions on the account; see AccountRestriction in the spec * @param now timestamp to use for the signature (rounded) * @param master_priv private key to sign with * @param[out] master_sig where to write the signature @@ -1551,7 +5379,10 @@ TALER_exchange_offline_wire_fee_verify ( void TALER_exchange_offline_wire_add_sign ( const char *payto_uri, - struct GNUNET_TIME_Absolute now, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, + struct GNUNET_TIME_Timestamp now, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); @@ -1560,6 +5391,9 @@ TALER_exchange_offline_wire_add_sign ( * Verify wire account addition signature. * * @param payto_uri bank account + * @param conversion_url URL of the conversion service, or NULL if none + * @param debit_restrictions JSON encoding of debit restrictions on the account; see AccountRestriction in the spec + * @param credit_restrictions JSON encoding of credit restrictions on the account; see AccountRestriction in the spec * @param sign_time timestamp when signature was created * @param master_pub public key to verify against * @param master_sig the signature the signature @@ -1568,7 +5402,10 @@ TALER_exchange_offline_wire_add_sign ( enum GNUNET_GenericReturnValue TALER_exchange_offline_wire_add_verify ( const char *payto_uri, - struct GNUNET_TIME_Absolute sign_time, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, + struct GNUNET_TIME_Timestamp sign_time, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig); @@ -1584,7 +5421,7 @@ TALER_exchange_offline_wire_add_verify ( void TALER_exchange_offline_wire_del_sign ( const char *payto_uri, - struct GNUNET_TIME_Absolute now, + struct GNUNET_TIME_Timestamp now, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); @@ -1601,27 +5438,18 @@ TALER_exchange_offline_wire_del_sign ( enum GNUNET_GenericReturnValue TALER_exchange_offline_wire_del_verify ( const char *payto_uri, - struct GNUNET_TIME_Absolute sign_time, + struct GNUNET_TIME_Timestamp sign_time, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig); /** - * Compute the hash of the given wire details. The resulting - * hash is what is signed by the master key. - * - * @param payto_uri bank account - * @param[out] hc set to the hash - */ -void -TALER_exchange_wire_signature_hash (const char *payto_uri, - struct GNUNET_HashCode *hc); - - -/** * Check the signature in @a master_sig. * * @param payto_uri URI that is signed + * @param conversion_url URL of the conversion service, or NULL if none + * @param debit_restrictions JSON encoding of debit restrictions on the account; see AccountRestriction in the spec + * @param credit_restrictions JSON encoding of credit restrictions on the account; see AccountRestriction in the spec * @param master_pub master public key of the exchange * @param master_sig signature of the exchange * @return #GNUNET_OK if signature is valid @@ -1629,6 +5457,9 @@ TALER_exchange_wire_signature_hash (const char *payto_uri, enum GNUNET_GenericReturnValue TALER_exchange_wire_signature_check ( const char *payto_uri, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig); @@ -1637,12 +5468,18 @@ TALER_exchange_wire_signature_check ( * Create a signed wire statement for the given account. * * @param payto_uri account specification + * @param conversion_url URL of the conversion service, or NULL if none + * @param debit_restrictions JSON encoding of debit restrictions on the account; see AccountRestriction in the spec + * @param credit_restrictions JSON encoding of credit restrictions on the account; see AccountRestriction in the spec * @param master_priv private key to sign with * @param[out] master_sig where to write the signature */ void TALER_exchange_wire_signature_make ( const char *payto_uri, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig); @@ -1658,8 +5495,8 @@ TALER_exchange_wire_signature_make ( */ void TALER_merchant_wire_signature_hash (const char *payto_uri, - const char *salt, - struct GNUNET_HashCode *hc); + const struct TALER_WireSaltP *salt, + struct TALER_MerchantWireHashP *hc); /** @@ -1674,7 +5511,7 @@ TALER_merchant_wire_signature_hash (const char *payto_uri, enum GNUNET_GenericReturnValue TALER_merchant_wire_signature_check ( const char *payto_uri, - const char *salt, + const struct TALER_WireSaltP *salt, const struct TALER_MerchantPublicKeyP *merch_pub, const struct TALER_MerchantSignatureP *merch_sig); @@ -1690,42 +5527,444 @@ TALER_merchant_wire_signature_check ( void TALER_merchant_wire_signature_make ( const char *payto_uri, - const char *salt, + const struct TALER_WireSaltP *salt, const struct TALER_MerchantPrivateKeyP *merch_priv, struct TALER_MerchantSignatureP *merch_sig); /** - * Blinds the given message with the given blinding key + * Sign a payment confirmation. + * + * @param h_contract_terms hash of the contact of the merchant with the customer + * @param merch_priv private key to sign with + * @param[out] merch_sig where to write the signature + */ +void +TALER_merchant_pay_sign ( + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_MerchantPrivateKeyP *merch_priv, + struct TALER_MerchantSignatureP *merch_sig); + + +/** + * Verify payment confirmation signature. + * + * @param h_contract_terms hash of the contact of the merchant with the customer + * @param merchant_pub public key of the merchant + * @param merchant_sig signature to verify + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_merchant_pay_verify ( + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_MerchantPublicKeyP *merchant_pub, + const struct TALER_MerchantSignatureP *merchant_sig); + + +/** + * Sign contract sent by the merchant to the wallet. + * + * @param h_contract_terms hash of the contract terms + * @param merch_priv private key to sign with + * @param[out] merch_sig where to write the signature + */ +void +TALER_merchant_contract_sign ( + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_MerchantPrivateKeyP *merch_priv, + struct GNUNET_CRYPTO_EddsaSignature *merch_sig); + + +/* **************** /management/extensions offline signing **************** */ + +/** + * Create a signature for the hash of the manifests of extensions + * + * @param h_manifests hash of the JSON object representing the manifests + * @param master_priv private key to sign with + * @param[out] master_sig where to write the signature + */ +void +TALER_exchange_offline_extension_manifests_hash_sign ( + const struct TALER_ExtensionManifestsHashP *h_manifests, + const struct TALER_MasterPrivateKeyP *master_priv, + struct TALER_MasterSignatureP *master_sig); + + +/** + * Verify the signature in @a master_sig of the given hash, taken over the JSON + * blob representing the manifests of extensions * - * @param hash hash of the message to sign - * @param bks the blinding key - * @param pkey the public key of the signer - * @param[out] buf set to a buffer with the blinded message to be signed - * @param[out] buf_size number of bytes stored in @a buf - * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious + * @param h_manifest hash of the JSON blob of manifests of extensions + * @param master_pub master public key of the exchange + * @param master_sig signature of the exchange + * @return #GNUNET_OK if signature is valid */ enum GNUNET_GenericReturnValue -TALER_rsa_blind (const struct GNUNET_HashCode *hash, - const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, - struct GNUNET_CRYPTO_RsaPublicKey *pkey, - void **buf, - size_t *buf_size); +TALER_exchange_offline_extension_manifests_hash_verify ( + const struct TALER_ExtensionManifestsHashP *h_manifest, + const struct TALER_MasterPublicKeyP *master_pub, + const struct TALER_MasterSignatureP *master_sig + ); /** - * Unblind a blind-signed signature. The signature should have been generated - * with GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with - * GNUNET_CRYPTO_rsa_blind(). + * @brief Representation of an age commitment: one public key per age group. * - * @param sig the signature made on the blinded signature purpose - * @param bks the blinding key secret used to blind the signature purpose - * @param pkey the public key of the signer - * @return unblinded signature on success, NULL if RSA key is bad or malicious. + * The number of keys must be be the same as the number of bits set in the + * corresponding age mask. */ -struct GNUNET_CRYPTO_RsaSignature * -TALER_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, - const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, - struct GNUNET_CRYPTO_RsaPublicKey *pkey); +struct TALER_AgeCommitment +{ + + /** + * The age mask defines the age groups that were a parameter during the + * generation of this age commitment + */ + struct TALER_AgeMask mask; + + /** + * The number of public keys, which must be the same as the number of + * groups in the mask. + */ + size_t num; + + /** + * The list of @e num public keys. In must have same size as the number of + * age groups defined in the mask. + * + * A hash of this list is the hashed commitment that goes into FDC + * calculation during the withdraw and refresh operations for new coins. That + * way, the particular age commitment becomes mandatory and bound to a coin. + * + * The list has been allocated via GNUNET_malloc(). + */ + struct TALER_AgeCommitmentPublicKeyP *keys; +}; + + +/** + * @brief Proof for a particular age commitment, used in age attestation + * + * This struct is used in a call to TALER_age_commitment_attest to create an + * attestation for a minimum age (if that minimum age is less or equal to the + * committed age for this proof). It consists of a list private keys, one per + * age group, for which the committed age is either lager or within that + * particular group. + */ +struct TALER_AgeProof +{ + /** + * The number of private keys, which must be at most num_pub_keys. One minus + * this number corresponds to the largest age group that is supported with + * this age commitment. + * **Note**, that this and the next field are only relevant on the wallet + * side for attestation and derive operations. + */ + size_t num; + + /** + * List of @e num private keys. + * + * Note that the list can be _smaller_ than the corresponding list of public + * keys. In that case, the wallet can sign off only for a subset of the age + * groups. + * + * The list has been allocated via GNUNET_malloc. + */ + struct TALER_AgeCommitmentPrivateKeyP *keys; +}; + + +/** + * @brief Commitment and Proof for a maximum age + * + * Calling TALER_age_restriction_commit on an (maximum) age value returns this + * data structure. It consists of the proof, which is used to create + * attestations for compatible minimum ages, and the commitment, which is used + * to verify the attestations and derived commitments. + * + * The hash value of the commitment is bound to a particular coin with age + * restriction. + */ +struct TALER_AgeCommitmentProof +{ + /** + * The commitment is used to verify a particular attestation. Its hash value + * is bound to a particular coin with age restriction. This structure is + * sent to the merchant in order to verify a particular attestation for a + * minimum age. + * In itself, it does not convey any information about the maximum age that + * went into the call to TALER_age_restriction_commit. + */ + struct TALER_AgeCommitment commitment; + + /** + * The proof is used to create an attestation for a (compatible) minimum age. + */ + struct TALER_AgeProof proof; +}; + + +/** + * @brief Generates a hash of the public keys in the age commitment. + * + * @param commitment the age commitment - one public key per age group + * @param[out] hash resulting hash + */ +void +TALER_age_commitment_hash ( + const struct TALER_AgeCommitment *commitment, + struct TALER_AgeCommitmentHash *hash); + + +/** + * @brief Generates an age commitent for the given age. + * + * @param mask The age mask the defines the age groups + * @param age The actual age for which an age commitment is generated + * @param seed The seed that goes into the key generation. MUST be chosen uniformly random. + * @param[out] comm_proof The generated age commitment, ->priv and ->pub allocated via GNUNET_malloc() on success + */ +void +TALER_age_restriction_commit ( + const struct TALER_AgeMask *mask, + uint8_t age, + const struct GNUNET_HashCode *seed, + struct TALER_AgeCommitmentProof *comm_proof); + + +/** + * @brief Derives another, equivalent age commitment for a given one. + * + * @param orig Original age commitment + * @param salt Salt to randomly move the points on the elliptic curve in order to generate another, equivalent commitment. + * @param[out] derived The resulting age commitment, ->priv and ->pub allocated via GNUNET_malloc() on success. + * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise + */ +enum GNUNET_GenericReturnValue +TALER_age_commitment_derive ( + const struct TALER_AgeCommitmentProof *orig, + const struct GNUNET_HashCode *salt, + struct TALER_AgeCommitmentProof *derived); + + +/** + * @brief Provide attestation for a given age, from a given age commitment, if possible. + * + * @param comm_proof The age commitment to be used for attestation. For successful attestation, it must contain the private key for the corresponding age group. + * @param age Age (not age group) for which the an attestation should be done + * @param[out] attest Signature of the age with the appropriate key from the age commitment for the corresponding age group, if applicable. + * @return #GNUNET_OK on success, #GNUNET_NO when no attestation can be made for that age with the given commitment, #GNUNET_SYSERR otherwise + */ +enum GNUNET_GenericReturnValue +TALER_age_commitment_attest ( + const struct TALER_AgeCommitmentProof *comm_proof, + uint8_t age, + struct TALER_AgeAttestation *attest); + + +/** + * @brief Verify the attestation for an given age and age commitment + * + * @param commitment The age commitment that went into the attestation. Only the public keys are needed. + * @param age Age (not age group) for which the an attestation should be done + * @param attest Signature of the age with the appropriate key from the age commitment for the corresponding age group, if applicable. + * @return #GNUNET_OK when the attestation was successful, #GNUNET_NO no attestation couldn't be verified, #GNUNET_SYSERR otherwise + */ +enum GNUNET_GenericReturnValue +TALER_age_commitment_verify ( + const struct TALER_AgeCommitment *commitment, + uint8_t age, + const struct TALER_AgeAttestation *attest); + + +/** + * @brief helper function to free memory of a struct TALER_AgeCommitment + * + * @param ac the commitment from which all memory should be freed. + */ +void +TALER_age_commitment_free ( + struct TALER_AgeCommitment *ac); + + +/** + * @brief helper function to free memory of a struct TALER_AgeProof + * + * @param ap the proof of commitment from which all memory should be freed. + */ +void +TALER_age_proof_free ( + struct TALER_AgeProof *ap); + + +/** + * @brief helper function to free memory of a struct TALER_AgeCommitmentProof + * + * @param acp the commitment and its proof from which all memory should be freed. + */ +void +TALER_age_commitment_proof_free ( + struct TALER_AgeCommitmentProof *acp); + + +/** + * @brief helper function to allocate and copy a struct TALER_AgeCommitmentProof + * + * @param[in] acp The original age commitment proof + * @return The deep copy of @e acp, allocated + */ +struct TALER_AgeCommitmentProof * +TALER_age_commitment_proof_duplicate ( + const struct TALER_AgeCommitmentProof *acp); + +/** + * @brief helper function to copy a struct TALER_AgeCommitmentProof + * + * @param[in] acp The original age commitment proof + * @param[out] nacp The struct to copy the data into, with freshly allocated and copied keys. + */ +void +TALER_age_commitment_proof_deep_copy ( + const struct TALER_AgeCommitmentProof *acp, + struct TALER_AgeCommitmentProof *nacp); + +/** + * @brief For age-withdraw, clients have to prove that the public keys for all + * age groups larger than the allowed maximum age group are derived by scalar + * multiplication from this Edx25519 public key (in Crockford Base32 encoding): + * + * DZJRF6HXN520505XDAWM8NMH36QV9J3VH77265WQ09EBQ76QSKCG + * + * Its private key was chosen randomly and then deleted. + */ +extern struct +#ifndef AGE_RESTRICTION_WITH_ECDSA +GNUNET_CRYPTO_Edx25519PublicKey +#else +GNUNET_CRYPTO_EcdsaPublicKey +#endif +TALER_age_commitment_base_public_key; + +/** + * @brief Similar to TALER_age_restriction_commit, but takes the coin's + * private key as seed input and calculates the public keys in the slots larger + * than the given age as derived from TALER_age_commitment_base_public_key. + * + * See https://docs.taler.net/core/api-exchange.html#withdraw-with-age-restriction + * + * @param secret The master secret of the coin from which we derive the age restriction + * @param mask The age mask, defining the age groups + * @param max_age The maximum age for this coin. + * @param[out] comm_proof The commitment and proof for age restriction for age @a max_age + */ +void +TALER_age_restriction_from_secret ( + const struct TALER_PlanchetMasterSecretP *secret, + const struct TALER_AgeMask *mask, + const uint8_t max_age, + struct TALER_AgeCommitmentProof *comm_proof); + + +/** + * Group of Denominations. These are the common fields of an array of + * denominations. + * + * The corresponding JSON-blob will also contain an array of particular + * denominations with only the timestamps, cipher-specific public key and the + * master signature. + */ +struct TALER_DenominationGroup +{ + + /** + * Value of coins in this denomination group. + */ + struct TALER_Amount value; + + /** + * Fee structure for all coins in the group. + */ + struct TALER_DenomFeeSet fees; + + /** + * Cipher used for the denomination. + */ + enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; + + /** + * Age mask for the denomination. + */ + struct TALER_AgeMask age_mask; + +}; + + +/** + * Compute a unique key for the meta data of a denomination group. + * + * @param dg denomination group to evaluate + * @param[out] key key to set + */ +void +TALER_denomination_group_get_key ( + const struct TALER_DenominationGroup *dg, + struct GNUNET_HashCode *key); + + +/** + * Token family public key. + */ +struct TALER_TokenFamilyPublicKey +{ + /** + * Type of the signature. + */ + struct GNUNET_CRYPTO_BlindSignPublicKey public_key; +}; + +/** + * Hash of a public key of a token family. + */ +struct TALER_TokenFamilyPublicKeyHash +{ + /** + * Hash of the token public key. + */ + struct GNUNET_HashCode hash; +}; + +/** + * Token family private key. + */ +struct TALER_TokenFamilyPrivateKey +{ + struct GNUNET_CRYPTO_BlindSignPrivateKey private_key; +}; + +/** + * Token public key. + */ +struct TALER_TokenPublicKey +{ + struct GNUNET_CRYPTO_EddsaPublicKey public_key; +}; + +/** + * Signature made using a token private key. + */ +struct TALER_TokenSignature +{ + struct GNUNET_CRYPTO_EddsaSignature signature; +}; + +/** + * Blind signature for a token (signed by merchant). + */ +struct TALER_TokenBlindSignature +{ + struct GNUNET_CRYPTO_BlindedSignature signature; +}; #endif |