exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE

auditor_signatures.c (6717B)

      1 /*
      2   This file is part of TALER
      3   Copyright (C) 2020, 2022 Taler Systems SA
      4 
      5   TALER is free software; you can redistribute it and/or modify it under the
      6   terms of the GNU General Public License as published by the Free Software
      7   Foundation; either version 3, or (at your option) any later version.
      8 
      9   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
     10   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
     11   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
     12 
     13   You should have received a copy of the GNU General Public License along with
     14   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
     15 */
     16 /**
     17  * @file auditor_signatures.c
     18  * @brief Utility functions for Taler auditor signatures
     19  * @author Christian Grothoff
     20  */
     21 #include "taler/platform.h"
     22 #include "taler/taler_util.h"
     23 #include "taler/taler_signatures.h"
     24 
     25 
     26 /**
     27  * @brief Information signed by an auditor affirming
     28  * the master public key and the denomination keys
     29  * of a exchange.
     30  */
     31 struct TALER_ExchangeKeyValidityPS
     32 {
     33 
     34   /**
     35    * Purpose is #TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS.
     36    */
     37   struct GNUNET_CRYPTO_SignaturePurpose purpose;
     38 
     39   /**
     40    * Hash of the auditor's URL (including 0-terminator).
     41    */
     42   struct GNUNET_HashCode auditor_url_hash;
     43 
     44   /**
     45    * The long-term offline master key of the exchange, affirmed by the
     46    * auditor.
     47    */
     48   struct TALER_MasterPublicKeyP master;
     49 
     50   /**
     51    * Start time of the validity period for this key.
     52    */
     53   struct GNUNET_TIME_TimestampNBO start;
     54 
     55   /**
     56    * The exchange will sign fresh coins between @e start and this time.
     57    * @e expire_withdraw will be somewhat larger than @e start to
     58    * ensure a sufficiently large anonymity set, while also allowing
     59    * the Exchange to limit the financial damage in case of a key being
     60    * compromised.  Thus, exchanges with low volume are expected to have a
     61    * longer withdraw period (@e expire_withdraw - @e start) than exchanges
     62    * with high transaction volume.  The period may also differ between
     63    * types of coins.  A exchange may also have a few denomination keys
     64    * with the same value with overlapping validity periods, to address
     65    * issues such as clock skew.
     66    */
     67   struct GNUNET_TIME_TimestampNBO expire_withdraw;
     68 
     69   /**
     70    * Coins signed with the denomination key must be spent or refreshed
     71    * between @e start and this expiration time.  After this time, the
     72    * exchange will refuse transactions involving this key as it will
     73    * "drop" the table with double-spending information (shortly after)
     74    * this time.  Note that wallets should refresh coins significantly
     75    * before this time to be on the safe side.  @e expire_deposit must be
     76    * significantly larger than @e expire_withdraw (by months or even
     77    * years).
     78    */
     79   struct GNUNET_TIME_TimestampNBO expire_deposit;
     80 
     81   /**
     82    * When do signatures with this denomination key become invalid?
     83    * After this point, these signatures cannot be used in (legal)
     84    * disputes anymore, as the Exchange is then allowed to destroy its side
     85    * of the evidence.  @e expire_legal is expected to be significantly
     86    * larger than @e expire_deposit (by a year or more).
     87    */
     88   struct GNUNET_TIME_TimestampNBO expire_legal;
     89 
     90   /**
     91    * The value of the coins signed with this denomination key.
     92    */
     93   struct TALER_AmountNBO value;
     94 
     95   /**
     96    * Fees for the coin.
     97    */
     98   struct TALER_DenomFeeSetNBOP fees;
     99 
    100   /**
    101    * Hash code of the denomination public key. (Used to avoid having
    102    * the variable-size RSA key in this struct.)
    103    */
    104   struct TALER_DenominationHashP denom_hash GNUNET_PACKED;
    105 
    106 };
    107 
    108 
    109 void
    110 TALER_auditor_denom_validity_sign (
    111   const char *auditor_url,
    112   const struct TALER_DenominationHashP *h_denom_pub,
    113   const struct TALER_MasterPublicKeyP *master_pub,
    114   struct GNUNET_TIME_Timestamp stamp_start,
    115   struct GNUNET_TIME_Timestamp stamp_expire_withdraw,
    116   struct GNUNET_TIME_Timestamp stamp_expire_deposit,
    117   struct GNUNET_TIME_Timestamp stamp_expire_legal,
    118   const struct TALER_Amount *coin_value,
    119   const struct TALER_DenomFeeSet *fees,
    120   const struct TALER_AuditorPrivateKeyP *auditor_priv,
    121   struct TALER_AuditorSignatureP *auditor_sig)
    122 {
    123   struct TALER_ExchangeKeyValidityPS kv = {
    124     .purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS),
    125     .purpose.size = htonl (sizeof (kv)),
    126     .start = GNUNET_TIME_timestamp_hton (stamp_start),
    127     .expire_withdraw = GNUNET_TIME_timestamp_hton (stamp_expire_withdraw),
    128     .expire_deposit = GNUNET_TIME_timestamp_hton (stamp_expire_deposit),
    129     .expire_legal = GNUNET_TIME_timestamp_hton (stamp_expire_legal),
    130     .denom_hash = *h_denom_pub,
    131     .master = *master_pub,
    132   };
    133 
    134   TALER_amount_hton (&kv.value,
    135                      coin_value);
    136   TALER_denom_fee_set_hton (&kv.fees,
    137                             fees);
    138   GNUNET_CRYPTO_hash (auditor_url,
    139                       strlen (auditor_url) + 1,
    140                       &kv.auditor_url_hash);
    141   GNUNET_CRYPTO_eddsa_sign (&auditor_priv->eddsa_priv,
    142                             &kv,
    143                             &auditor_sig->eddsa_sig);
    144 }
    145 
    146 
    147 enum GNUNET_GenericReturnValue
    148 TALER_auditor_denom_validity_verify (
    149   const char *auditor_url,
    150   const struct TALER_DenominationHashP *h_denom_pub,
    151   const struct TALER_MasterPublicKeyP *master_pub,
    152   struct GNUNET_TIME_Timestamp stamp_start,
    153   struct GNUNET_TIME_Timestamp stamp_expire_withdraw,
    154   struct GNUNET_TIME_Timestamp stamp_expire_deposit,
    155   struct GNUNET_TIME_Timestamp stamp_expire_legal,
    156   const struct TALER_Amount *coin_value,
    157   const struct TALER_DenomFeeSet *fees,
    158   const struct TALER_AuditorPublicKeyP *auditor_pub,
    159   const struct TALER_AuditorSignatureP *auditor_sig)
    160 {
    161   struct TALER_ExchangeKeyValidityPS kv = {
    162     .purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS),
    163     .purpose.size = htonl (sizeof (kv)),
    164     .start = GNUNET_TIME_timestamp_hton (stamp_start),
    165     .expire_withdraw = GNUNET_TIME_timestamp_hton (stamp_expire_withdraw),
    166     .expire_deposit = GNUNET_TIME_timestamp_hton (stamp_expire_deposit),
    167     .expire_legal = GNUNET_TIME_timestamp_hton (stamp_expire_legal),
    168     .denom_hash = *h_denom_pub,
    169     .master = *master_pub,
    170   };
    171 
    172   TALER_amount_hton (&kv.value,
    173                      coin_value);
    174   TALER_denom_fee_set_hton (&kv.fees,
    175                             fees);
    176   GNUNET_CRYPTO_hash (auditor_url,
    177                       strlen (auditor_url) + 1,
    178                       &kv.auditor_url_hash);
    179   return
    180     GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS,
    181                                 &kv,
    182                                 &auditor_sig->eddsa_sig,
    183                                 &auditor_pub->eddsa_pub);
    184 }
    185 
    186 
    187 /* end of auditor_signatures.c */