1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
|
/*
This file is part of TALER
Copyright (C) 2023 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file aml_signatures.c
* @brief Utility functions for AML officers
* @author Christian Grothoff
*/
#include "platform.h"
#include "taler_util.h"
#include "taler_signatures.h"
GNUNET_NETWORK_STRUCT_BEGIN
/**
* @brief Format used to generate the signature on an AML decision.
*/
struct TALER_AmlDecisionPS
{
/**
* Purpose must be #TALER_SIGNATURE_AML_DECISION.
* Used for an EdDSA signature with the `struct TALER_AmlOfficerPublicKeyP`.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hash over the justification text.
*/
struct GNUNET_HashCode h_justification GNUNET_PACKED;
/**
* Time when this decision was made.
*/
struct GNUNET_TIME_TimestampNBO decision_time;
/**
* New threshold for triggering possibly a new AML process.
*/
struct TALER_AmountNBO new_threshold;
/**
* Hash of the account identifier to which the decision applies.
*/
struct TALER_PaytoHashP h_payto GNUNET_PACKED;
/**
* Hash over JSON array with KYC requirements that were imposed. All zeros
* for none.
*/
struct GNUNET_HashCode h_kyc_requirements;
/**
* What is the new AML status?
*/
uint32_t new_state GNUNET_PACKED;
};
GNUNET_NETWORK_STRUCT_END
void
TALER_officer_aml_decision_sign (
const char *justification,
struct GNUNET_TIME_Timestamp decision_time,
const struct TALER_Amount *new_threshold,
const struct TALER_PaytoHashP *h_payto,
enum TALER_AmlDecisionState new_state,
const json_t *kyc_requirements,
const struct TALER_AmlOfficerPrivateKeyP *officer_priv,
struct TALER_AmlOfficerSignatureP *officer_sig)
{
struct TALER_AmlDecisionPS ad = {
.purpose.purpose = htonl (TALER_SIGNATURE_AML_DECISION),
.purpose.size = htonl (sizeof (ad)),
.decision_time = GNUNET_TIME_timestamp_hton (decision_time),
.h_payto = *h_payto,
.new_state = htonl ((uint32_t) new_state)
};
GNUNET_CRYPTO_hash (justification,
strlen (justification),
&ad.h_justification);
TALER_amount_hton (&ad.new_threshold,
new_threshold);
if (NULL != kyc_requirements)
TALER_json_hash (kyc_requirements,
&ad.h_kyc_requirements);
GNUNET_CRYPTO_eddsa_sign (&officer_priv->eddsa_priv,
&ad,
&officer_sig->eddsa_signature);
}
enum GNUNET_GenericReturnValue
TALER_officer_aml_decision_verify (
const char *justification,
struct GNUNET_TIME_Timestamp decision_time,
const struct TALER_Amount *new_threshold,
const struct TALER_PaytoHashP *h_payto,
enum TALER_AmlDecisionState new_state,
const json_t *kyc_requirements,
const struct TALER_AmlOfficerPublicKeyP *officer_pub,
const struct TALER_AmlOfficerSignatureP *officer_sig)
{
struct TALER_AmlDecisionPS ad = {
.purpose.purpose = htonl (TALER_SIGNATURE_AML_DECISION),
.purpose.size = htonl (sizeof (ad)),
.decision_time = GNUNET_TIME_timestamp_hton (decision_time),
.h_payto = *h_payto,
.new_state = htonl ((uint32_t) new_state)
};
GNUNET_CRYPTO_hash (justification,
strlen (justification),
&ad.h_justification);
TALER_amount_hton (&ad.new_threshold,
new_threshold);
if (NULL != kyc_requirements)
TALER_json_hash (kyc_requirements,
&ad.h_kyc_requirements);
return GNUNET_CRYPTO_eddsa_verify (
TALER_SIGNATURE_AML_DECISION,
&ad,
&officer_sig->eddsa_signature,
&officer_pub->eddsa_pub);
}
GNUNET_NETWORK_STRUCT_BEGIN
/**
* @brief Format used to generate the signature on any AML query.
*/
struct TALER_AmlQueryPS
{
/**
* Purpose must be #TALER_SIGNATURE_AML_QUERY.
* Used for an EdDSA signature with the `struct TALER_AmlOfficerPublicKeyP`.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
};
GNUNET_NETWORK_STRUCT_END
void
TALER_officer_aml_query_sign (
const struct TALER_AmlOfficerPrivateKeyP *officer_priv,
struct TALER_AmlOfficerSignatureP *officer_sig)
{
struct TALER_AmlQueryPS aq = {
.purpose.purpose = htonl (TALER_SIGNATURE_AML_QUERY),
.purpose.size = htonl (sizeof (aq))
};
GNUNET_CRYPTO_eddsa_sign (&officer_priv->eddsa_priv,
&aq,
&officer_sig->eddsa_signature);
}
/**
* Verify AML query authorization.
*
* @param officer_pub public key of AML officer
* @param officer_sig signature to verify
* @return #GNUNET_OK if the signature is valid
*/
enum GNUNET_GenericReturnValue
TALER_officer_aml_query_verify (
const struct TALER_AmlOfficerPublicKeyP *officer_pub,
const struct TALER_AmlOfficerSignatureP *officer_sig)
{
struct TALER_AmlQueryPS aq = {
.purpose.purpose = htonl (TALER_SIGNATURE_AML_QUERY),
.purpose.size = htonl (sizeof (aq))
};
return GNUNET_CRYPTO_eddsa_verify (
TALER_SIGNATURE_AML_QUERY,
&aq,
&officer_sig->eddsa_signature,
&officer_pub->eddsa_pub);
}
/* end of aml_signatures.c */
|
