diff options
Diffstat (limited to 'src/util/auditor_signatures.c')
-rw-r--r-- | src/util/auditor_signatures.c | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/src/util/auditor_signatures.c b/src/util/auditor_signatures.c new file mode 100644 index 000000000..c35b6f192 --- /dev/null +++ b/src/util/auditor_signatures.c @@ -0,0 +1,187 @@ +/* + This file is part of TALER + Copyright (C) 2020, 2022 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file auditor_signatures.c + * @brief Utility functions for Taler auditor signatures + * @author Christian Grothoff + */ +#include "platform.h" +#include "taler_util.h" +#include "taler_signatures.h" + + +/** + * @brief Information signed by an auditor affirming + * the master public key and the denomination keys + * of a exchange. + */ +struct TALER_ExchangeKeyValidityPS +{ + + /** + * Purpose is #TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Hash of the auditor's URL (including 0-terminator). + */ + struct GNUNET_HashCode auditor_url_hash; + + /** + * The long-term offline master key of the exchange, affirmed by the + * auditor. + */ + struct TALER_MasterPublicKeyP master; + + /** + * Start time of the validity period for this key. + */ + struct GNUNET_TIME_TimestampNBO start; + + /** + * The exchange will sign fresh coins between @e start and this time. + * @e expire_withdraw will be somewhat larger than @e start to + * ensure a sufficiently large anonymity set, while also allowing + * the Exchange to limit the financial damage in case of a key being + * compromised. Thus, exchanges with low volume are expected to have a + * longer withdraw period (@e expire_withdraw - @e start) than exchanges + * with high transaction volume. The period may also differ between + * types of coins. A exchange may also have a few denomination keys + * with the same value with overlapping validity periods, to address + * issues such as clock skew. + */ + struct GNUNET_TIME_TimestampNBO expire_withdraw; + + /** + * Coins signed with the denomination key must be spent or refreshed + * between @e start and this expiration time. After this time, the + * exchange will refuse transactions involving this key as it will + * "drop" the table with double-spending information (shortly after) + * this time. Note that wallets should refresh coins significantly + * before this time to be on the safe side. @e expire_deposit must be + * significantly larger than @e expire_withdraw (by months or even + * years). + */ + struct GNUNET_TIME_TimestampNBO expire_deposit; + + /** + * When do signatures with this denomination key become invalid? + * After this point, these signatures cannot be used in (legal) + * disputes anymore, as the Exchange is then allowed to destroy its side + * of the evidence. @e expire_legal is expected to be significantly + * larger than @e expire_deposit (by a year or more). + */ + struct GNUNET_TIME_TimestampNBO expire_legal; + + /** + * The value of the coins signed with this denomination key. + */ + struct TALER_AmountNBO value; + + /** + * Fees for the coin. + */ + struct TALER_DenomFeeSetNBOP fees; + + /** + * Hash code of the denomination public key. (Used to avoid having + * the variable-size RSA key in this struct.) + */ + struct TALER_DenominationHashP denom_hash GNUNET_PACKED; + +}; + + +void +TALER_auditor_denom_validity_sign ( + const char *auditor_url, + const struct TALER_DenominationHashP *h_denom_pub, + const struct TALER_MasterPublicKeyP *master_pub, + struct GNUNET_TIME_Timestamp stamp_start, + struct GNUNET_TIME_Timestamp stamp_expire_withdraw, + struct GNUNET_TIME_Timestamp stamp_expire_deposit, + struct GNUNET_TIME_Timestamp stamp_expire_legal, + const struct TALER_Amount *coin_value, + const struct TALER_DenomFeeSet *fees, + const struct TALER_AuditorPrivateKeyP *auditor_priv, + struct TALER_AuditorSignatureP *auditor_sig) +{ + struct TALER_ExchangeKeyValidityPS kv = { + .purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS), + .purpose.size = htonl (sizeof (kv)), + .start = GNUNET_TIME_timestamp_hton (stamp_start), + .expire_withdraw = GNUNET_TIME_timestamp_hton (stamp_expire_withdraw), + .expire_deposit = GNUNET_TIME_timestamp_hton (stamp_expire_deposit), + .expire_legal = GNUNET_TIME_timestamp_hton (stamp_expire_legal), + .denom_hash = *h_denom_pub, + .master = *master_pub, + }; + + TALER_amount_hton (&kv.value, + coin_value); + TALER_denom_fee_set_hton (&kv.fees, + fees); + GNUNET_CRYPTO_hash (auditor_url, + strlen (auditor_url) + 1, + &kv.auditor_url_hash); + GNUNET_CRYPTO_eddsa_sign (&auditor_priv->eddsa_priv, + &kv, + &auditor_sig->eddsa_sig); +} + + +enum GNUNET_GenericReturnValue +TALER_auditor_denom_validity_verify ( + const char *auditor_url, + const struct TALER_DenominationHashP *h_denom_pub, + const struct TALER_MasterPublicKeyP *master_pub, + struct GNUNET_TIME_Timestamp stamp_start, + struct GNUNET_TIME_Timestamp stamp_expire_withdraw, + struct GNUNET_TIME_Timestamp stamp_expire_deposit, + struct GNUNET_TIME_Timestamp stamp_expire_legal, + const struct TALER_Amount *coin_value, + const struct TALER_DenomFeeSet *fees, + const struct TALER_AuditorPublicKeyP *auditor_pub, + const struct TALER_AuditorSignatureP *auditor_sig) +{ + struct TALER_ExchangeKeyValidityPS kv = { + .purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS), + .purpose.size = htonl (sizeof (kv)), + .start = GNUNET_TIME_timestamp_hton (stamp_start), + .expire_withdraw = GNUNET_TIME_timestamp_hton (stamp_expire_withdraw), + .expire_deposit = GNUNET_TIME_timestamp_hton (stamp_expire_deposit), + .expire_legal = GNUNET_TIME_timestamp_hton (stamp_expire_legal), + .denom_hash = *h_denom_pub, + .master = *master_pub, + }; + + TALER_amount_hton (&kv.value, + coin_value); + TALER_denom_fee_set_hton (&kv.fees, + fees); + GNUNET_CRYPTO_hash (auditor_url, + strlen (auditor_url) + 1, + &kv.auditor_url_hash); + return + GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS, + &kv, + &auditor_sig->eddsa_sig, + &auditor_pub->eddsa_pub); +} + + +/* end of auditor_signatures.c */ |