From e9eb00e285c80f63cfc08fdd9ea6707d55162e60 Mon Sep 17 00:00:00 2001 From: Özgür Kesim Date: Tue, 1 Mar 2022 17:02:37 +0100 Subject: Refactoring TALER_AgeCommitment Instead of a single struct TALER_AgeCommitment, we now use 1. TALER_AgeCommitment for the age mask and list public keys for age restriciton. 2. TALER_AgeProof for list of private keys for age restriction 3. TALER_AgeCommitmentProof for the aggregation of the former two. Also, we introduce TALER_AgeAttestation as the EDDSA signature to attest a particular age group, along with the function prototypes TALER_age_commitment_attest and TALER_age_commitment_verify. --- src/include/taler_crypto_lib.h | 85 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 76 insertions(+), 9 deletions(-) (limited to 'src/include/taler_crypto_lib.h') diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index ed447e905..38f91a8e0 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -864,6 +864,14 @@ struct TALER_AgeCommitmentHash struct GNUNET_ShortHashCode shash; }; +/** + * @brief Signature of an age with the private key for the corresponding age group of an age commitment. + */ +struct TALER_AgeAttestation +{ + struct GNUNET_CRYPTO_EddsaSignature attest; +}; + extern const struct TALER_AgeCommitmentHash TALER_ZeroAgeCommitmentHash; #define TALER_AgeCommitmentHash_isNullOrZero(ph) ((NULL == ph) || \ (0 == memcmp (ph, \ @@ -3307,7 +3315,7 @@ struct TALER_AgeCommitment /* The number of public keys, which must be the same as the number of * groups in the mask. */ - size_t num_pub; + size_t num; /* The list of #num_pub public keys. In must have same size as the number of * age groups defined in the mask. @@ -3319,12 +3327,17 @@ struct TALER_AgeCommitment * The list has been allocated via GNUNET_malloc. */ struct TALER_AgeCommitmentPublicKeyP *pub; +}; +struct TALER_AgeProof +{ /* The number of private keys, which must be at most num_pub_keys. One minus * this number corresponds to the largest age group that is supported with * this age commitment. + * **Note**, that this and the next field are only relevant on the wallet + * side for attestation and derive operations. */ - size_t num_priv; + size_t num; /* List of #num_priv private keys. * @@ -3337,6 +3350,12 @@ struct TALER_AgeCommitment struct TALER_AgeCommitmentPrivateKeyP *priv; }; +struct TALER_AgeCommitmentProof +{ + struct TALER_AgeCommitment commitment; + struct TALER_AgeProof proof; +}; + /* * @brief Generates a hash of the public keys in the age commitment. * @@ -3354,7 +3373,7 @@ TALER_age_commitment_hash ( * @param mask The age mask the defines the age groups * @param age The actual age for which an age commitment is generated * @param salt The salt that goes into the key generation. MUST be choosen uniformly random. - * @param commitment[out] The generated age commitment, ->priv and ->pub allocated via GNUNET_malloc on success + * @param comm_proof[out] The generated age commitment, ->priv and ->pub allocated via GNUNET_malloc on success * @return GNUNET_OK on success, GNUNET_SYSERR otherwise */ enum GNUNET_GenericReturnValue @@ -3362,28 +3381,76 @@ TALER_age_restriction_commit ( const struct TALER_AgeMask *mask, const uint8_t age, const uint64_t salt, - struct TALER_AgeCommitment *commitment); + struct TALER_AgeCommitmentProof *comm_proof); /* * @brief Derives another, equivalent age commitment for a given one. * * @param orig Original age commitment * @param salt Salt to randomly move the points on the elliptic curve in order to generate another, equivalent commitment. - * @param derived[out] The resulting age commitment, ->priv and ->pub allocated via GNUNET_malloc on success. + * @param[out] derived The resulting age commitment, ->priv and ->pub allocated via GNUNET_malloc on success. * @return GNUNET_OK on success, GNUNET_SYSERR otherwise */ enum GNUNET_GenericReturnValue TALER_age_commitment_derive ( - const struct TALER_AgeCommitment *orig, + const struct TALER_AgeCommitmentProof *orig, const uint64_t salt, - struct TALER_AgeCommitment *derived); + struct TALER_AgeCommitmentProof *derived); + + +/* + * @brief Provide attestation for a given age, from a given age commitment, if possible. + * + * @param comm_proof The age commitment to be used for attestation. For successful attestation, it must contain the private key for the corresponding age group. + * @param age Age (not age group) for which the an attestation should be done + * @param[out] attest Signature of the age with the appropriate key from the age commitment for the corresponding age group, if applicaple. + * @return GNUNET_OK on success, GNUNET_NO when no attestation can be made for that age with the given commitment, GNUNET_SYSERR otherwise + */ +enum GNUNET_GenericReturnValue +TALER_age_commitment_attest ( + const struct TALER_AgeCommitmentProof *comm_proof, + uint8_t age, + struct TALER_AgeAttestation *attest); + +/* + * @brief Verify the attestation for an given age and age commitment + * + * @param commitent The age commitment that went into the attestation. Only the public keys are needed. + * @param age Age (not age group) for which the an attestation should be done + * @param attest Signature of the age with the appropriate key from the age commitment for the corresponding age group, if applicaple. + * @return GNUNET_OK when the attestation was successfull, GNUNET_NO no attestation couldn't be verified, GNUNET_SYSERR otherwise + */ +enum GNUNET_GenericReturnValue +TALER_age_commitment_verify ( + const struct TALER_AgeCommitment *commitment, + uint8_t age, + const struct TALER_AgeAttestation *attest); /* * @brief helper function to free memory of a struct TALER_AgeCommitment - * @param cmt the commitment from which all memory should be freed. + * + * @param p the commitment from which all memory should be freed. */ void TALER_age_commitment_free ( - struct TALER_AgeCommitment *cmt); + struct TALER_AgeCommitment *p); + +/* + * @brief helper function to free memory of a struct TALER_AgeProof + * + * @param p the proof of commitment from which all memory should be freed. + */ +void +TALER_age_proof_free ( + struct TALER_AgeProof *p); + +/* + * @brief helper function to free memory of a struct TALER_AgeCommitmentProof + * + * @param p the commitment and its proof from which all memory should be freed. + */ +void +TALER_age_commitment_proof_free ( + struct TALER_AgeCommitmentProof *p); #endif -- cgit v1.2.3