diff options
author | Christian Grothoff <grothoff@gnunet.org> | 2022-03-22 02:33:51 +0100 |
---|---|---|
committer | Christian Grothoff <grothoff@gnunet.org> | 2022-03-22 02:33:51 +0100 |
commit | e200e860321abdff235863bd83e663ae57cf037a (patch) | |
tree | dd0c3429a3e0438fad970bfa2eee303b5c3c9ec5 /src/include/taler_crypto_lib.h | |
parent | bdc797a5830983e22b42bf8d97c25d80ad9f6346 (diff) | |
download | exchange-e200e860321abdff235863bd83e663ae57cf037a.tar.xz |
implement helper functions for p2p signatures, clean up existing signature logic
Diffstat (limited to 'src/include/taler_crypto_lib.h')
-rw-r--r-- | src/include/taler_crypto_lib.h | 321 |
1 files changed, 298 insertions, 23 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 8786a3783..521a24aee 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -32,6 +32,16 @@ */ #define TALER_MAX_FRESH_COINS 256 +/** + * Cut-and-choose size for refreshing. Client looses the gamble (of + * unaccountable transfers) with probability 1/TALER_CNC_KAPPA. Refresh cost + * increases linearly with TALER_CNC_KAPPA, and 3 is sufficient up to a + * income/sales tax of 66% of total transaction value. As there is + * no good reason to change this security parameter, we declare it + * fixed and part of the protocol. + */ +#define TALER_CNC_KAPPA 3 + /* ****************** Coin crypto primitives ************* */ @@ -248,62 +258,62 @@ struct TALER_MasterPublicKeyP /** - * @brief Type of the private key used by the auditor. + * @brief Type of the offline master public keys used by the exchange. */ -struct TALER_AuditorPrivateKeyP +struct TALER_MasterPrivateKeyP { /** - * Taler uses EdDSA for the auditor's signing key. + * Taler uses EdDSA for the long-term offline master key. */ struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; }; /** - * @brief Type of the public key used by the auditor. + * @brief Type of signatures by the offline master public key used by the exchange. */ -struct TALER_AuditorPublicKeyP +struct TALER_MasterSignatureP { /** - * Taler uses EdDSA for the auditor's signing key. + * Taler uses EdDSA for the long-term offline master key. */ - struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; + struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; }; /** - * @brief Type of signatures used by the auditor. + * @brief Type of the private key used by the auditor. */ -struct TALER_AuditorSignatureP +struct TALER_AuditorPrivateKeyP { /** - * Taler uses EdDSA signatures for auditors. + * Taler uses EdDSA for the auditor's signing key. */ - struct GNUNET_CRYPTO_EddsaSignature eddsa_sig; + struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; }; /** - * @brief Type of the offline master public keys used by the exchange. + * @brief Type of the public key used by the auditor. */ -struct TALER_MasterPrivateKeyP +struct TALER_AuditorPublicKeyP { /** - * Taler uses EdDSA for the long-term offline master key. + * Taler uses EdDSA for the auditor's signing key. */ - struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; + struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; }; /** - * @brief Type of signatures by the offline master public key used by the exchange. + * @brief Type of signatures used by the auditor. */ -struct TALER_MasterSignatureP +struct TALER_AuditorSignatureP { /** - * Taler uses EdDSA for the long-term offline master key. + * Taler uses EdDSA signatures for auditors. */ - struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; + struct GNUNET_CRYPTO_EddsaSignature eddsa_sig; }; @@ -334,6 +344,18 @@ struct TALER_CoinSpendPrivateKeyP }; /** + * @brief Type of signatures made with Taler coins. + */ +struct TALER_CoinSpendSignatureP +{ + /** + * Taler uses EdDSA for coins. + */ + struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; +}; + + +/** * @brief Type of private keys for age commitment in coins. */ struct TALER_AgeCommitmentPrivateKeyP @@ -358,12 +380,37 @@ struct TALER_AgeCommitmentPublicKeyP /** - * @brief Type of signatures made with Taler coins. + * @brief Type of online public keys used by the wallet to establish a purse. */ -struct TALER_CoinSpendSignatureP +struct TALER_PursePublicKeyP { /** - * Taler uses EdDSA for coins. + * Taler uses EdDSA for purse message signing. + */ + struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; +}; + + +/** + * @brief Type of online private keys used by the wallet for + * a purse. + */ +struct TALER_PursePrivateKeyP +{ + /** + * Taler uses EdDSA for online signatures sessions. + */ + struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; +}; + + +/** + * @brief Type of signatures used by the wallet to sign purse messages online. + */ +struct TALER_PurseSignatureP +{ + /** + * Taler uses EdDSA for online signatures sessions. */ struct GNUNET_CRYPTO_EddsaSignature eddsa_signature; }; @@ -2542,11 +2589,226 @@ TALER_exchange_deposit_confirm_verify ( /* ********************* wallet signing ************************** */ + +/** + * Sign a request to create a purse. + * + * @param purse_expiration when should the purse expire + * @param h_contract_terms contract the two parties agree on + * @param min_age age restriction to apply for deposits into the purse + * @param amount total amount in the purse (including fees) + * @param purse_priv key identifying the purse + * @param[out] purse_sig resulting signature + */ +void +TALER_wallet_purse_create_sign ( + struct GNUNET_TIME_Timestamp purse_expiration, + struct TALER_PrivateContractHashP *h_contract_terms, + uint32_t min_age, + const struct TALER_Amount *amount, + const struct TALER_PursePrivateKeyP *purse_priv, + struct TALER_PurseSignatureP *purse_sig); + + +/** + * Verify a purse creation request. + * + * @param purse_expiration when should the purse expire + * @param h_contract_terms contract the two parties agree on + * @param min_age age restriction to apply for deposits into the purse + * @param amount total amount in the purse (including fees) + * @param purse_pub purse’s public key + * @param purse_sig the signature made with purpose #TALER_SIGNATURE_WALLET_PURSE_CREATE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_purse_create_verify ( + struct GNUNET_TIME_Timestamp purse_expiration, + struct TALER_PrivateContractHashP *h_contract_terms, + uint32_t min_age, + const struct TALER_Amount *amount, + const struct TALER_PursePublicKeyP *purse_pub, + const struct TALER_PurseSignatureP *purse_sig); + + +/** + * Sign a request to inquire about a purse's status. + * + * @param purse_priv key identifying the purse + * @param[out] purse_sig resulting signature + */ +void +TALER_wallet_purse_status_sign ( + const struct TALER_PursePrivateKeyP *purse_priv, + struct TALER_PurseSignatureP *purse_sig); + + +/** + * Verify a purse status request signature. + * + * @param purse_pub purse’s public key + * @param purse_sig the signature made with purpose #TALER_SIGNATURE_WALLET_PURSE_STATUS_REQUEST + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_purse_status_verify ( + const struct TALER_PursePublicKeyP *purse_pub, + const struct TALER_PurseSignatureP *purse_sig); + + +/** + * Sign a request to deposit a coin into a purse. + * + * @param purse_pub purse’s public key + * @param amount amount of the coin's value to transfer to the purse + * @param coin_priv key identifying the coin to be deposited + * @param[out] coin_sig resulting signature + */ +void +TALER_wallet_purse_deposit_sign ( + const struct TALER_PursePublicKeyP *purse_pub, + const struct TALER_Amount *amount, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Verify a purse deposit request. + * + * @param purse_pub purse’s public key + * @param amount amount of the coin's value to transfer to the purse + * @param coin_pub key identifying the coin that is being deposited + * @param[out] coin_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_purse_deposit_verify ( + const struct TALER_PursePublicKeyP *purse_pub, + const struct TALER_Amount *amount, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Sign a request by a purse to merge it into an account. + * + * @param reserve_url identifies the location of the reserve, + * included public key must match @e reserve_priv + * @param merge_timestamp time when the merge happened + * @param purse_priv key identifying the purse + * @param[out] purse_sig resulting signature + */ +void +TALER_wallet_purse_merge_sign ( + const char *reserve_url, + struct GNUNET_TIME_Timestamp merge_timestamp, + const struct TALER_PursePrivateKeyP *purse_priv, + struct TALER_PurseSignatureP *purse_sig); + + +/** + * Verify a purse merge request. + * + * @param reserve_url identifies the location of the reserve, + * included public key must match @e reserve_priv + * @param merge_timestamp time when the merge happened + * @param purse_pub public key of the purse to merge + * @param purse_sig the signature made with purpose #TALER_SIGNATURE_WALLET_PURSE_MERGE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_purse_merge_verify ( + const char *reserve_url, + struct GNUNET_TIME_Timestamp merge_timestamp, + const struct TALER_PursePublicKeyP *purse_pub, + const struct TALER_PurseSignatureP *purse_sig); + + +/** + * Sign a request by an account to merge a purse. + * + * @param reserve_url identifies the location of the reserve, + * included public key must match @e reserve_priv + * @param merge_timestamp time when the merge happened + * @param purse_pub public key of the purse to merge + * @param purse_expiration when should the purse expire + * @param h_contract_terms contract the two parties agree on + * @param amount total amount in the purse (including fees) + * @param min_age age restriction to apply for deposits into the purse + * @param reserve_priv key identifying the reserve + * @param[out] reserve_sig resulting signature + */ +void +TALER_wallet_account_merge_sign ( + const char *reserve_url, + struct GNUNET_TIME_Timestamp merge_timestamp, + const struct TALER_PursePublicKeyP *purse_pub, + struct GNUNET_TIME_Timestamp purse_expiration, + struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_Amount *amount, + uint32_t min_age, + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Verify an account's request to merge a purse. + * + * @param reserve_url identifies the location of the reserve, + * included public key must match @e reserve_priv + * @param merge_timestamp time when the merge happened + * @param purse_pub public key of the purse to merge + * @param purse_expiration when should the purse expire + * @param h_contract_terms contract the two parties agree on + * @param amount total amount in the purse (including fees) + * @param min_age age restriction to apply for deposits into the purse + * @param reserve_pub account’s public key + * @param reserve_sig the signature made with purpose #TALER_SIGNATURE_WALLET_ACCOUNT_MERGE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_account_merge_verify ( + const char *reserve_url, + struct GNUNET_TIME_Timestamp merge_timestamp, + const struct TALER_PursePublicKeyP *purse_pub, + struct GNUNET_TIME_Timestamp purse_expiration, + struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_Amount *amount, + uint32_t min_age, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Sign a request to delete/close an account. + * + * @param reserve_priv key identifying the reserve + * @param[out] reserve_sig resulting signature + */ +void +TALER_wallet_account_close_sign ( + const struct TALER_ReservePrivateKeyP *reserve_priv, + struct TALER_ReserveSignatureP *reserve_sig); + + +/** + * Verify wallet request to close an account. + * + * @param reserve_pub account’s public key + * @param reserve_sig the signature made with purpose #TALER_SIGNATURE_WALLET_RESERVE_CLOSE + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_account_close_verify ( + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + + /** * Sign a request by a wallet to perform a KYC check. * * @param reserve_priv key identifying the wallet/account - * @param reserve_sig resulting signature + * @param[out] reserve_sig resulting signature */ void TALER_wallet_account_setup_sign ( @@ -2555,6 +2817,19 @@ TALER_wallet_account_setup_sign ( /** + * Verify account setup request. + * + * @param reserve_pub reserve the setup request was for + * @param reserve_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_account_setup_verify ( + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_ReserveSignatureP *reserve_sig); + + +/** * Sign a deposit permission. Function for wallets. * * @param amount the amount to be deposited |