diff options
Diffstat (limited to 'src/util/offline_signatures.c')
| -rw-r--r-- | src/util/offline_signatures.c | 218 |
1 files changed, 187 insertions, 31 deletions
diff --git a/src/util/offline_signatures.c b/src/util/offline_signatures.c index 108c665ef..fbff850df 100644 --- a/src/util/offline_signatures.c +++ b/src/util/offline_signatures.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2020-2022 Taler Systems SA + Copyright (C) 2020-2023 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -27,6 +27,99 @@ GNUNET_NETWORK_STRUCT_BEGIN /** * @brief Signature made by the exchange offline key over the information of + * an AML officer status change. + */ +struct TALER_MasterAmlOfficerStatusPS +{ + + /** + * Purpose is #TALER_SIGNATURE_MASTER_AML_KEY. Signed + * by a `struct TALER_MasterPublicKeyP` using EdDSA. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Time of the change. + */ + struct GNUNET_TIME_TimestampNBO change_date; + + /** + * Public key of the AML officer. + */ + struct TALER_AmlOfficerPublicKeyP officer_pub; + + /** + * Hash over the AML officer's name. + */ + struct GNUNET_HashCode h_officer_name GNUNET_PACKED; + + /** + * Bitmask: 1 if enabled; 2 for read-only access. in NBO. + */ + uint32_t is_active GNUNET_PACKED; +}; +GNUNET_NETWORK_STRUCT_END + + +void +TALER_exchange_offline_aml_officer_status_sign ( + const struct TALER_AmlOfficerPublicKeyP *officer_pub, + const char *officer_name, + struct GNUNET_TIME_Timestamp change_date, + bool is_active, + bool read_only, + const struct TALER_MasterPrivateKeyP *master_priv, + struct TALER_MasterSignatureP *master_sig) +{ + struct TALER_MasterAmlOfficerStatusPS as = { + .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_AML_KEY), + .purpose.size = htonl (sizeof (as)), + .change_date = GNUNET_TIME_timestamp_hton (change_date), + .officer_pub = *officer_pub, + .is_active = htonl ((is_active ? 1 : 0) + (read_only ? 2 : 0)) + }; + + GNUNET_CRYPTO_hash (officer_name, + strlen (officer_name) + 1, + &as.h_officer_name); + GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv, + &as, + &master_sig->eddsa_signature); +} + + +enum GNUNET_GenericReturnValue +TALER_exchange_offline_aml_officer_status_verify ( + const struct TALER_AmlOfficerPublicKeyP *officer_pub, + const char *officer_name, + struct GNUNET_TIME_Timestamp change_date, + bool is_active, + bool read_only, + const struct TALER_MasterPublicKeyP *master_pub, + const struct TALER_MasterSignatureP *master_sig) +{ + struct TALER_MasterAmlOfficerStatusPS as = { + .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_AML_KEY), + .purpose.size = htonl (sizeof (as)), + .change_date = GNUNET_TIME_timestamp_hton (change_date), + .officer_pub = *officer_pub, + .is_active = htonl ((is_active ? 1 : 0) + (read_only ? 2 : 0)) + }; + + GNUNET_CRYPTO_hash (officer_name, + strlen (officer_name) + 1, + &as.h_officer_name); + return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_AML_KEY, + &as, + &master_sig->eddsa_signature, + &master_pub->eddsa_pub); +} + + +GNUNET_NETWORK_STRUCT_BEGIN + +/** + * @brief Signature made by the exchange offline key over the information of * an auditor to be added to the exchange's set of auditors. */ struct TALER_MasterAddAuditorPS @@ -584,6 +677,22 @@ struct TALER_MasterAddWirePS * Hash over the exchange's payto URI. */ struct TALER_PaytoHashP h_payto GNUNET_PACKED; + + /** + * Hash over the conversion URL, all zeros if there + * is no conversion URL. + */ + struct GNUNET_HashCode h_conversion_url; + + /** + * Hash over the debit restrictions. + */ + struct GNUNET_HashCode h_debit_restrictions; + + /** + * Hash over the credit restrictions. + */ + struct GNUNET_HashCode h_credit_restrictions; }; GNUNET_NETWORK_STRUCT_END @@ -592,6 +701,9 @@ GNUNET_NETWORK_STRUCT_END void TALER_exchange_offline_wire_add_sign ( const char *payto_uri, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, struct GNUNET_TIME_Timestamp now, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig) @@ -604,6 +716,14 @@ TALER_exchange_offline_wire_add_sign ( TALER_payto_hash (payto_uri, &kv.h_payto); + if (NULL != conversion_url) + GNUNET_CRYPTO_hash (conversion_url, + strlen (conversion_url) + 1, + &kv.h_conversion_url); + TALER_json_hash (debit_restrictions, + &kv.h_debit_restrictions); + TALER_json_hash (credit_restrictions, + &kv.h_credit_restrictions); GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv, &kv, &master_sig->eddsa_signature); @@ -613,6 +733,9 @@ TALER_exchange_offline_wire_add_sign ( enum GNUNET_GenericReturnValue TALER_exchange_offline_wire_add_verify ( const char *payto_uri, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, struct GNUNET_TIME_Timestamp sign_time, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig) @@ -625,6 +748,14 @@ TALER_exchange_offline_wire_add_verify ( TALER_payto_hash (payto_uri, &aw.h_payto); + if (NULL != conversion_url) + GNUNET_CRYPTO_hash (conversion_url, + strlen (conversion_url) + 1, + &aw.h_conversion_url); + TALER_json_hash (debit_restrictions, + &aw.h_debit_restrictions); + TALER_json_hash (credit_restrictions, + &aw.h_credit_restrictions); return GNUNET_CRYPTO_eddsa_verify ( TALER_SIGNATURE_MASTER_ADD_WIRE, @@ -840,15 +971,6 @@ struct TALER_MasterGlobalFeePS struct GNUNET_TIME_RelativeNBO purse_timeout; /** - * How long does the exchange promise to keep funds - * an account for which the KYC has never happened - * after a purse was merged into an account? Basically, - * after this time funds in an account without KYC are - * forfeit. - */ - struct GNUNET_TIME_RelativeNBO kyc_timeout; - - /** * How long will the exchange preserve the account history? After an * account was deleted/closed, the exchange will retain the account history * for legal reasons until this time. @@ -878,27 +1000,25 @@ TALER_exchange_offline_global_fee_sign ( struct GNUNET_TIME_Timestamp end_time, const struct TALER_GlobalFeeSet *fees, struct GNUNET_TIME_Relative purse_timeout, - struct GNUNET_TIME_Relative kyc_timeout, struct GNUNET_TIME_Relative history_expiration, uint32_t purse_account_limit, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig) { - struct TALER_MasterGlobalFeePS kv = { + struct TALER_MasterGlobalFeePS wf = { .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_GLOBAL_FEES), - .purpose.size = htonl (sizeof (kv)), + .purpose.size = htonl (sizeof (wf)), .start_date = GNUNET_TIME_timestamp_hton (start_time), .end_date = GNUNET_TIME_timestamp_hton (end_time), .purse_timeout = GNUNET_TIME_relative_hton (purse_timeout), - .kyc_timeout = GNUNET_TIME_relative_hton (kyc_timeout), .history_expiration = GNUNET_TIME_relative_hton (history_expiration), .purse_account_limit = htonl (purse_account_limit) }; - TALER_global_fee_set_hton (&kv.fees, + TALER_global_fee_set_hton (&wf.fees, fees); GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv, - &kv, + &wf, &master_sig->eddsa_signature); } @@ -909,7 +1029,6 @@ TALER_exchange_offline_global_fee_verify ( struct GNUNET_TIME_Timestamp end_time, const struct TALER_GlobalFeeSet *fees, struct GNUNET_TIME_Relative purse_timeout, - struct GNUNET_TIME_Relative kyc_timeout, struct GNUNET_TIME_Relative history_expiration, uint32_t purse_account_limit, const struct TALER_MasterPublicKeyP *master_pub, @@ -921,7 +1040,6 @@ TALER_exchange_offline_global_fee_verify ( .start_date = GNUNET_TIME_timestamp_hton (start_time), .end_date = GNUNET_TIME_timestamp_hton (end_time), .purse_timeout = GNUNET_TIME_relative_hton (purse_timeout), - .kyc_timeout = GNUNET_TIME_relative_hton (kyc_timeout), .history_expiration = GNUNET_TIME_relative_hton (history_expiration), .purse_account_limit = htonl (purse_account_limit) }; @@ -939,10 +1057,10 @@ TALER_exchange_offline_global_fee_verify ( GNUNET_NETWORK_STRUCT_BEGIN /** - * @brief Signature made by the exchange offline key over the - * configuration of an extension. + * @brief Signature made by the exchange offline key over the manifest of + * an extension. */ -struct TALER_MasterExtensionConfigurationPS +struct TALER_MasterExtensionManifestPS { /** * Purpose is #TALER_SIGNATURE_MASTER_EXTENSION. Signed @@ -951,24 +1069,24 @@ struct TALER_MasterExtensionConfigurationPS struct GNUNET_CRYPTO_EccSignaturePurpose purpose; /** - * Hash of the JSON object that represents the configuration of an extension. + * Hash of the JSON object that represents the manifests of extensions. */ - struct TALER_ExtensionConfigHashP h_config GNUNET_PACKED; + struct TALER_ExtensionManifestsHashP h_manifest GNUNET_PACKED; }; GNUNET_NETWORK_STRUCT_END void -TALER_exchange_offline_extension_config_hash_sign ( - const struct TALER_ExtensionConfigHashP *h_config, +TALER_exchange_offline_extension_manifests_hash_sign ( + const struct TALER_ExtensionManifestsHashP *h_manifest, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig) { - struct TALER_MasterExtensionConfigurationPS ec = { + struct TALER_MasterExtensionManifestPS ec = { .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_EXTENSION), .purpose.size = htonl (sizeof(ec)), - .h_config = *h_config + .h_manifest = *h_manifest }; GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv, &ec, @@ -977,16 +1095,16 @@ TALER_exchange_offline_extension_config_hash_sign ( enum GNUNET_GenericReturnValue -TALER_exchange_offline_extension_config_hash_verify ( - const struct TALER_ExtensionConfigHashP *h_config, +TALER_exchange_offline_extension_manifests_hash_verify ( + const struct TALER_ExtensionManifestsHashP *h_manifest, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig ) { - struct TALER_MasterExtensionConfigurationPS ec = { + struct TALER_MasterExtensionManifestPS ec = { .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_EXTENSION), .purpose.size = htonl (sizeof(ec)), - .h_config = *h_config + .h_manifest = *h_manifest }; return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_EXTENSION, @@ -1015,6 +1133,22 @@ struct TALER_MasterWireDetailsPS */ struct TALER_PaytoHashP h_wire_details GNUNET_PACKED; + /** + * Hash over the conversion URL, all zeros if there + * is no conversion URL. + */ + struct GNUNET_HashCode h_conversion_url; + + /** + * Hash over the debit restrictions. + */ + struct GNUNET_HashCode h_debit_restrictions; + + /** + * Hash over the credit restrictions. + */ + struct GNUNET_HashCode h_credit_restrictions; + }; GNUNET_NETWORK_STRUCT_END @@ -1023,6 +1157,9 @@ GNUNET_NETWORK_STRUCT_END enum GNUNET_GenericReturnValue TALER_exchange_wire_signature_check ( const char *payto_uri, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterSignatureP *master_sig) { @@ -1033,6 +1170,14 @@ TALER_exchange_wire_signature_check ( TALER_payto_hash (payto_uri, &wd.h_wire_details); + if (NULL != conversion_url) + GNUNET_CRYPTO_hash (conversion_url, + strlen (conversion_url) + 1, + &wd.h_conversion_url); + TALER_json_hash (debit_restrictions, + &wd.h_debit_restrictions); + TALER_json_hash (credit_restrictions, + &wd.h_credit_restrictions); return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_WIRE_DETAILS, &wd, &master_sig->eddsa_signature, @@ -1043,6 +1188,9 @@ TALER_exchange_wire_signature_check ( void TALER_exchange_wire_signature_make ( const char *payto_uri, + const char *conversion_url, + const json_t *debit_restrictions, + const json_t *credit_restrictions, const struct TALER_MasterPrivateKeyP *master_priv, struct TALER_MasterSignatureP *master_sig) { @@ -1053,6 +1201,14 @@ TALER_exchange_wire_signature_make ( TALER_payto_hash (payto_uri, &wd.h_wire_details); + if (NULL != conversion_url) + GNUNET_CRYPTO_hash (conversion_url, + strlen (conversion_url) + 1, + &wd.h_conversion_url); + TALER_json_hash (debit_restrictions, + &wd.h_debit_restrictions); + TALER_json_hash (credit_restrictions, + &wd.h_credit_restrictions); GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv, &wd, &master_sig->eddsa_signature); |