donau_crypto_lib.h (17858B)
1 /* 2 This file is part of TALER 3 Copyright (C) 2023-2024 Taler Systems SA 4 5 TALER is free software; you can redistribute it and/or modify it under the 6 terms of the GNU General Public License as published by the Free Software 7 Foundation; either version 3, or (at your option) any later version. 8 9 TALER is distributed in the hope that it will be useful, but WITHOUT ANY 10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 11 A PARTICULAR PURPOSE. See the GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License along with 14 TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> 15 */ 16 /** 17 * @file include/donau_crypto_lib.h 18 * @file include/gnunet_crypto_lib.h 19 * @brief taler-specific crypto functions 20 * @author Sree Harsha Totakura <sreeharsha@totakura.in> 21 * @author Christian Grothoff <christian@grothoff.org> 22 * @author Özgür Kesim <oec-taler@kesim.org> 23 * @author Lukas Matyja 24 * @author Pius Loosli 25 */ 26 27 #if ! defined (__DONAU_UTIL_LIB_H_INSIDE__) 28 #error "Only <donau_util.h> can be included directly." 29 #endif 30 31 #ifndef DONAU_CRYPTO_LIB_H 32 #define DONAU_CRYPTO_LIB_H 33 34 #include <gnunet/gnunet_util_lib.h> 35 #include <taler/taler_error_codes.h> 36 #include <taler/taler_util.h> 37 #include <gcrypt.h> 38 #include <jansson.h> 39 40 41 /* ****************** donau crypto primitives ************* */ 42 43 /** 44 * Regular online message signing key used by Donau. 45 */ 46 struct DONAU_DonauPublicKeyP 47 { 48 /** 49 * Donau uses EdDSA for non-blind signing. 50 */ 51 struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; 52 53 }; 54 55 /** 56 * @brief Private key used by the donau to 57 * sign messages. 58 */ 59 struct DONAU_PrivateKeyP 60 { 61 /** 62 * Donau uses EdDSA for non-blind signing. 63 */ 64 struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; 65 }; 66 67 68 /** 69 * Signing key for whole batches of BUDI-key-pairs. Used by a Charity. 70 */ 71 struct DONAU_CharityPublicKeyP 72 { 73 /** 74 * Donau uses EdDSA for BUDI-key-pair signing 75 */ 76 struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; 77 78 }; 79 80 /** 81 * Signing key for whole batches of BUDI-key-pairs. Used by a Charity. 82 */ 83 struct DONAU_CharityPrivateKeyP 84 { 85 /** 86 * Donau uses EdDSA for BUDI-key-pair signing 87 */ 88 struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; 89 90 }; 91 92 /** 93 * @brief Type of public signing keys for verifying blindly signed budis. 94 */ 95 struct DONAU_DonationUnitPublicKey 96 { 97 98 /** 99 * Type of the public key. 100 */ 101 struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub_key; 102 103 }; 104 105 /** 106 * @brief Type of private signing keys for blind signing of budis. 107 */ 108 struct DONAU_DonationUnitPrivateKey 109 { 110 111 struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv_key; 112 113 }; 114 115 /** 116 * Hash of a donation unit public key. MUST match the 117 * `struct TALER_CsPubHashP` and `struct TALER_RsaPubHashP` 118 * of the GNU Taler exchange secmod helpers! 119 */ 120 struct DONAU_DonationUnitHashP 121 { 122 struct GNUNET_HashCode hash; 123 }; 124 125 /** 126 * Compare two donation unit public keys. 127 * 128 * @param donation_unit1 first key 129 * @param donation_unit2 second key 130 * @return 0 if the keys are equal, otherwise -1 or 1 131 */ 132 int 133 DONAU_donation_unit_pub_cmp ( 134 const struct DONAU_DonationUnitPublicKey *donation_unit1, 135 const struct DONAU_DonationUnitPublicKey *donation_unit2); 136 137 /** 138 * Make a (deep) copy of the given @a donation_unit_src to 139 * @a donation_unit_dst. 140 * 141 * @param[out] donation_unit_dst target to copy to 142 * @param donation_unit_src public key to copy 143 */ 144 void 145 DONAU_donation_unit_pub_deep_copy ( 146 struct DONAU_DonationUnitPublicKey *donation_unit_dst, 147 const struct DONAU_DonationUnitPublicKey *donation_unit_src); 148 149 /** 150 * Free internals of @a donation_unit_pub, but not @a donation_unit_pub itself. 151 * 152 * @param[in] donation_unit_pub key to free 153 */ 154 void 155 DONAU_donation_unit_pub_free ( 156 struct DONAU_DonationUnitPublicKey *donation_unit_pub); 157 158 /** 159 * Compute the hash of the given @a donation_unit_pub. 160 * 161 * @param donation_unit_pub public key to hash 162 * @param[out] donation_unit_hash resulting hash value 163 */ 164 void 165 DONAU_donation_unit_pub_hash ( 166 const struct DONAU_DonationUnitPublicKey *donation_unit_pub, 167 struct DONAU_DonationUnitHashP *donation_unit_hash 168 ); 169 170 171 /** 172 * Hash used to represent a Donation Receipt 173 */ 174 struct DONAU_DonationReceiptHashP 175 { 176 /** 177 * Actual hash value. 178 */ 179 struct GNUNET_HashCode hash; 180 }; 181 182 /** 183 * Nonce for Donation Receipt 184 */ 185 struct DONAU_UniqueDonorIdentifierNonce 186 { 187 /** 188 * Actual nonce value. 189 */ 190 uint32_t value[32 / 4]; 191 }; 192 193 /** 194 * Donor's hashed and salted unique donation identifier. 195 */ 196 struct DONAU_HashDonorTaxId 197 { 198 unsigned char hash[512 / 8]; 199 }; 200 201 /** 202 * blind signatures from the blinded donation envelopes. 203 */ 204 struct DONAU_BlindedDonationUnitSignature 205 { 206 /** 207 * Donation Units use blind signatures. 208 */ 209 struct GNUNET_CRYPTO_BlindedSignature *blinded_sig; 210 211 }; 212 213 214 /** 215 * @brief Type of (unblinded) donation receipts signatures for Taler. 216 */ 217 struct DONAU_DonationUnitSignature 218 { 219 /** 220 * Donation units use blind signatures. 221 */ 222 struct GNUNET_CRYPTO_UnblindedSignature *unblinded_sig; 223 }; 224 225 226 /** 227 * @brief Type of signature used by the donau for non-blind signatures. 228 */ 229 struct DONAU_DonauSignatureP 230 { 231 /** 232 * Donau uses EdDSA for for non-blind signatures. 233 */ 234 struct GNUNET_CRYPTO_EddsaSignature eddsa_sig; 235 }; 236 237 /** 238 * @brief Type of signature used by charities 239 */ 240 struct DONAU_CharitySignatureP 241 { 242 /** 243 * Charities use EdDSA signatures. 244 */ 245 struct GNUNET_CRYPTO_EddsaSignature eddsa_sig; 246 }; 247 248 /** 249 * Token used for access control for admin to the donau. 250 */ 251 struct DONAU_BearerToken 252 { 253 /** 254 * The token of variable length. 255 */ 256 const char *token; 257 }; 258 259 260 /** 261 * @brief Wrapper around GNUNET primitive for the blinded unique donation identifier 262 */ 263 struct DONAU_BlindedUniqueDonorIdentifier 264 { 265 /** 266 * GNUNET primitive type representing a generic blinded message 267 */ 268 struct GNUNET_CRYPTO_BlindedMessage *blinded_message; 269 }; 270 271 272 /** 273 * Information needed for a donation receipt to be signed. 274 */ 275 struct DONAU_BlindedUniqueDonorIdentifierKeyPair 276 { 277 278 /** 279 * The hash of the donation unit's public key. 280 */ 281 struct DONAU_DonationUnitHashP h_donation_unit_pub; 282 283 /** 284 * Donor's blinded donation identifier. It must be blindly signed 285 * to become donation receipt. 286 */ 287 struct DONAU_BlindedUniqueDonorIdentifier blinded_udi; 288 289 }; 290 291 /** 292 * Donation Receipt 293 */ 294 struct DONAU_DonationReceipt 295 { 296 297 /** 298 * The hash of the donation unit's public key. 299 */ 300 struct DONAU_DonationUnitHashP h_donation_unit_pub; 301 302 /** 303 * Nonce from the Unique Donor Identifier. 304 */ 305 struct DONAU_UniqueDonorIdentifierNonce nonce; 306 307 /** 308 * Unblinded donation unit signature from the donau. 309 */ 310 struct DONAU_DonationUnitSignature donation_unit_sig; 311 312 }; 313 314 /** 315 * Information needed to create a blind signature. 316 */ 317 struct DONAU_BkpSignData 318 { 319 /** 320 * Hash of key to sign with. 321 */ 322 const struct DONAU_DonationUnitHashP *h_donation_unit_pub; 323 324 /** 325 * Blinded planchet to sign over. 326 */ 327 const struct DONAU_BlindedUniqueDonorIdentifier *budi; 328 }; 329 330 /** 331 * Hash of a Unique Donor Identifier (h_donor_tax_id + nonce) 332 */ 333 struct DONAU_UniqueDonorIdentifierHashP 334 { 335 struct GNUNET_HashCode hash; 336 }; 337 338 /** 339 * Hash of a budikeypair array 340 */ 341 struct DONAU_BudiHashP 342 { 343 struct GNUNET_HashCode hash; 344 }; 345 346 /** 347 * @brief Inputs needed from the donau for blind signing. 348 */ 349 struct DONAU_BatchIssueValues 350 { 351 /** 352 * Input values. 353 */ 354 struct GNUNET_CRYPTO_BlindingInputValues *blinding_inputs; 355 }; 356 357 /** 358 * Master key material for the deriviation of 359 * blinding factors during issuing receipts. 360 */ 361 struct DONAU_BudiMasterSecretP 362 { 363 364 /** 365 * Key material. 366 */ 367 uint32_t key_data[8]; 368 369 }; 370 371 /** 372 * Donation Statement 373 */ 374 struct DONAU_DonationStatement 375 { 376 /** 377 * The corresponding year. 378 */ 379 uint64_t year; 380 381 /** 382 * The salted and hashed donor id. 383 */ 384 const struct DONAU_HashDonorTaxId *h_donor_tax_id; 385 386 /** 387 * The salt used for @h_donor_tax_id. 388 */ 389 const char *donor_tax_id; 390 391 /** 392 * The cleartext tax id of the user used for @h_donor_tax_id. 393 */ 394 const char *salt; 395 396 /** 397 * The total donated amount. 398 */ 399 struct TALER_Amount total_amount; 400 401 /** 402 * The donation statement signature over @year, @h_donor_tax_id and @total_amount. 403 */ 404 struct DONAU_DonauSignatureP donation_statement_sig; 405 406 }; 407 408 /* ********************* charity eddsa signing ************************** */ 409 410 411 /** 412 * Create charity eddsa signature approving to issue a donation part. 413 * 414 * @param num_bkp number of bkps 415 * @param bkp to be signed 416 * @param charity_priv private key of the charity 417 * @param[out] charity_sig where to write the signature 418 */ 419 void 420 DONAU_charity_bkp_sign ( 421 const size_t num_bkp, 422 const struct DONAU_BlindedUniqueDonorIdentifierKeyPair *bkp, 423 const struct DONAU_CharityPrivateKeyP *charity_priv, 424 struct DONAU_CharitySignatureP *charity_sig); 425 426 427 /** 428 * Verify charity eddsa signature approving to issue a donation part. 429 * 430 * @param num_bkp number of bkps 431 * @param bkp array to verify 432 * @param charity_pub public key of the charity 433 * @param charity_sig where to write the signature 434 * @return #GNUNET_OK if the signature is valid 435 */ 436 enum GNUNET_GenericReturnValue 437 DONAU_charity_bkp_verify ( 438 const size_t num_bkp, 439 const struct DONAU_BlindedUniqueDonorIdentifierKeyPair *bkp, 440 const struct DONAU_CharityPublicKeyP *charity_pub, 441 const struct DONAU_CharitySignatureP *charity_sig); 442 443 444 /** 445 * Create charity eddsa signature approving a request for charity 446 * status information. 447 * 448 * @param charity_priv private key of the charity 449 * @param[out] charity_sig where to write the signature 450 */ 451 void 452 DONAU_charity_get_info_sign ( 453 const struct DONAU_CharityPrivateKeyP *charity_priv, 454 struct DONAU_CharitySignatureP *charity_sig); 455 456 457 /** 458 * Verify charity eddsa signature requesting charity information. 459 * 460 * @param charity_pub public key of the charity 461 * @param charity_sig where to write the signature 462 * @return #GNUNET_OK if the signature is valid 463 */ 464 enum GNUNET_GenericReturnValue 465 DONAU_charity_get_info_verify ( 466 const struct DONAU_CharityPublicKeyP *charity_pub, 467 const struct DONAU_CharitySignatureP *charity_sig); 468 469 470 /* ********************* donau eddsa signing ************************** */ 471 472 /** 473 * Signature of a function that signs the message in @a purpose with the 474 * exchange's signing key. 475 * 476 * The @a purpose data is the beginning of the data of which the signature is 477 * to be created. The `size` field in @a purpose must correctly indicate the 478 * number of bytes of the data structure, including its header. * 479 * @param purpose the message to sign 480 * @param[out] pub set to the current public signing key of the exchange 481 * @param[out] sig signature over purpose using current signing key 482 * @return #TALER_EC_NONE on success 483 */ 484 typedef enum TALER_ErrorCode 485 (*DONAU_DonauSignCallback)( 486 const struct GNUNET_CRYPTO_SignaturePurpose *purpose, 487 struct DONAU_DonauPublicKeyP *pub, 488 struct DONAU_DonauSignatureP *sig); 489 490 /** 491 * Create donau eddsa signature. Another name for this 492 * is the donation statement. 493 * 494 * @param scb function to call to create the signature 495 * @param amount_tot total donated amount of @a year 496 * @param year 497 * @param i hash value, the identifier of the donor 498 * @param donau_pub public key of the donau 499 * @param[out] donau_sig where to write the signature 500 */ 501 enum TALER_ErrorCode 502 DONAU_donation_statement_sign ( 503 DONAU_DonauSignCallback scb, 504 const struct TALER_Amount *amount_tot, 505 const uint64_t year, 506 const struct DONAU_HashDonorTaxId *i, 507 struct DONAU_DonauPublicKeyP *donau_pub, 508 struct DONAU_DonauSignatureP *donau_sig); 509 510 511 /** 512 * Verify donau eddsa signature/donation statement. 513 * 514 * @param amount_tot total donated amount of @a year 515 * @param year 516 * @param i hash value, the identifier of the donor 517 * @param donau_priv private key of the donau 518 * @param statement_sig signature to verify 519 * @return #GNUNET_OK if the signature is valid 520 */ 521 enum GNUNET_GenericReturnValue 522 DONAU_donation_statement_verify ( 523 const struct TALER_Amount *amount_tot, 524 const uint64_t year, 525 const struct DONAU_HashDonorTaxId *i, 526 const struct DONAU_DonauPublicKeyP *donau_pub, 527 const struct DONAU_DonauSignatureP *statement_sig); 528 529 530 /* ********************* donau blind signing ************************** */ 531 532 /** 533 * Verify donation receipt. 534 * 535 * @param donation_unit_pub public key of the donation_unit 536 * @param h_udi hash of h_donor_tax_id + nonce 537 * @param donation_unit_sig signature to verify 538 * @return #GNUNET_OK if the signature is valid 539 */ 540 enum GNUNET_GenericReturnValue 541 DONAU_donation_receipt_verify ( 542 const struct DONAU_DonationUnitPublicKey *donation_unit_pub, 543 const struct DONAU_UniqueDonorIdentifierHashP *h_udi, 544 const struct DONAU_DonationUnitSignature *donation_unit_sig); 545 546 547 /** 548 * Free internals of @a donation_unit_sig, but not @a donation_unit_sig itself. 549 * 550 * @param[in] donation_unit_sig signature to free 551 */ 552 void 553 DONAU_blinded_donation_unit_sig_free ( 554 struct DONAU_BlindedDonationUnitSignature *donation_unit_sig); 555 556 557 /** 558 * Verify signature made with a donation unit public key 559 * over a budi. 560 * 561 * @param du_pub public donation unit key 562 * @param du_sig signature made with the private key 563 * @param budi_hash hash over the budi 564 * @return #GNUNET_OK if the signature is valid 565 */ 566 enum GNUNET_GenericReturnValue 567 TALER_donation_unit_pub_verify (const struct 568 DONAU_DonationUnitPublicKey *du_pub, 569 const struct 570 DONAU_DonationUnitSignature *du_sig, 571 const struct DONAU_BudiHashP *budi_hash); 572 573 574 /* ********************* client blind/unblind ************************** */ 575 576 /** 577 * Create a blinding secret @a bks given the client's @a ps and the alg_values 578 * from the exchange. 579 * 580 * @param ps secret to derive blindings from 581 * @param alg_values containing cipher and additional CS values 582 * @param[out] bks blinding secrets 583 */ 584 void 585 DONAU_budi_secret_create ( 586 const struct DONAU_BudiMasterSecretP *ps, 587 const struct DONAU_BatchIssueValues *alg_values, 588 union GNUNET_CRYPTO_BlindingSecretP *bks); 589 590 591 /** 592 * Return the alg value singleton for creation of 593 * blinding secrets for RSA. 594 * 595 * @return singleton to use for RSA blinding 596 */ 597 const struct DONAU_BatchIssueValues * 598 DONAU_donation_unit_ewv_rsa_singleton (void); 599 600 601 /** 602 * Make a (deep) copy of the given @a bi_src to 603 * @a bi_dst. 604 * 605 * @param[out] bi_dst target to copy to 606 * @param bi_src blinding input values to copy 607 */ 608 void 609 DONAU_donation_unit_ewv_copy ( 610 struct DONAU_BatchIssueValues *bi_dst, 611 const struct DONAU_BatchIssueValues *bi_src); 612 613 614 /** 615 * Blind udi for blind signing with @a du_pub using blinding secret @a budi_secret. 616 * 617 * NOTE: As a particular oddity, the @a budi is only partially 618 * initialized by this function in the case of CS donation units. Here, the 619 * 'nonce' must be initialized separately! 620 * 621 * @param du_pub donation unit public key to blind for 622 * @param budi_secret blinding secret to use 623 * @param cs_nonce nonce used to derive session values, 624 * could be NULL for ciphers that do not use it 625 * @param udi_nonce guarantees uniqueness, part of the message to blind 626 * @param h_tax_id hashed and salted tax id, part of the message to blind 627 * @param alg_values algorithm specific values to blind the udi 628 * @param[out] udi_hash resulting hashed @a h_tax_id with @a udi_nonce 629 * @param[out] budi blinded udi data to initialize 630 * @return #GNUNET_OK on success 631 */ 632 enum GNUNET_GenericReturnValue 633 DONAU_donation_unit_blind ( 634 const struct DONAU_DonationUnitPublicKey *du_pub, 635 const union GNUNET_CRYPTO_BlindingSecretP *budi_secret, 636 const union GNUNET_CRYPTO_BlindSessionNonce *cs_nonce, 637 const struct DONAU_UniqueDonorIdentifierNonce *udi_nonce,// message 638 const struct DONAU_HashDonorTaxId *h_tax_id, // message 639 const struct DONAU_BatchIssueValues *alg_values, 640 struct DONAU_UniqueDonorIdentifierHashP *udi_hash, 641 struct DONAU_BlindedUniqueDonorIdentifier *budi); 642 643 644 /** 645 * Unblind blinded signature. 646 * 647 * @param[out] du_sig where to write the unblinded signature 648 * @param blind_du_sig the blinded signature 649 * @param budi_secret blinding secret to use 650 * @param udi_hash hash of udi for verification of the signature 651 * @param alg_values algorithm specific values 652 * @param du_pub public key used for signing 653 * @return #GNUNET_OK on success 654 */ 655 enum GNUNET_GenericReturnValue 656 DONAU_donation_unit_sig_unblind ( 657 struct DONAU_DonationUnitSignature *du_sig, 658 const struct DONAU_BlindedDonationUnitSignature *blind_du_sig, 659 const union GNUNET_CRYPTO_BlindingSecretP *budi_secret, 660 const struct DONAU_UniqueDonorIdentifierHashP *udi_hash, 661 const struct DONAU_BatchIssueValues *alg_values, 662 const struct DONAU_DonationUnitPublicKey *du_pub); 663 664 /*********************** helpers ************************************************/ 665 /** 666 * Group of donation units. These are the common fields of an array of 667 * donation units. 668 */ 669 struct DONAU_DonationUnitGroup 670 { 671 672 /** 673 * Value of coins in this donation unit group. 674 */ 675 struct TALER_Amount value; 676 677 /** 678 * Cipher used for the donation unit. 679 */ 680 enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; 681 682 }; 683 684 /** 685 * Compute a unique key for the meta data of a donation unit group. 686 * 687 * @param dg donation unit group to evaluate 688 * @param[out] key key to set 689 */ 690 void 691 DONAU_donation_unit_group_get_key ( 692 const struct DONAU_DonationUnitGroup *dg, 693 struct GNUNET_HashCode *key); 694 695 /** 696 * Compute the hash of a Unique Donor Identifier. 697 * 698 * @param h_donor_tax_id hash of the tax id 699 * @param nonce that makes the Donor Identifier unique 700 * @param[out] h_udi where to write the hash 701 */ 702 void 703 DONAU_unique_donor_id_hash ( 704 const struct DONAU_HashDonorTaxId *h_donor_tax_id, 705 const struct DONAU_UniqueDonorIdentifierNonce *nonce, 706 struct DONAU_UniqueDonorIdentifierHashP *h_udi); 707 708 #endif