Refactoring TALER_AgeCommitment

Instead of a single struct TALER_AgeCommitment, we now use 1. TALER_AgeCommitment for the age mask and list public keys for age restriciton. 2. TALER_AgeProof for list of private keys for age restriction 3. TALER_AgeCommitmentProof for the aggregation of the former two. Also, we introduce TALER_AgeAttestation as the EDDSA signature to attest a particular age group, along with the function prototypes TALER_age_commitment_attest and TALER_age_commitment_verify.
author: Özgür Kesim <oec-taler@kesim.org> 2022-03-01 17:02:37 +0100
committer: Özgür Kesim <oec-taler@kesim.org> 2022-03-01 17:02:37 +0100
commit: e9eb00e285c80f63cfc08fdd9ea6707d55162e60 (patch)
tree: 82868974066e473a7905ae3e91c230e2eb96d5d3 /src/include
parent: 3716592addcac5e31d092a83cf02a0fec57d8743 (diff)
3 files changed, 84 insertions, 15 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index ed447e905..38f91a8e0 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -864,6 +864,14 @@ struct TALER_AgeCommitmentHash
   struct GNUNET_ShortHashCode shash;
 };
 
+/**
+ * @brief Signature of an age with the private key for the corresponding age group of an age commitment.
+ */
+struct TALER_AgeAttestation
+{
+  struct GNUNET_CRYPTO_EddsaSignature attest;
+};
+
 extern const struct TALER_AgeCommitmentHash TALER_ZeroAgeCommitmentHash;
 #define TALER_AgeCommitmentHash_isNullOrZero(ph) ((NULL == ph) || \
                                                   (0 == memcmp (ph, \
@@ -3307,7 +3315,7 @@ struct TALER_AgeCommitment
   /* The number of public keys, which must be the same as the number of
    * groups in the mask.
    */
-  size_t num_pub;
+  size_t num;
 
   /* The list of #num_pub public keys.  In must have same size as the number of
    * age groups defined in the mask.
@@ -3319,12 +3327,17 @@ struct TALER_AgeCommitment
    * The list has been allocated via GNUNET_malloc.
    */
   struct TALER_AgeCommitmentPublicKeyP *pub;
+};
 
+struct TALER_AgeProof
+{
   /* The number of private keys, which must be at most num_pub_keys.  One minus
    * this number corresponds to the largest age group that is supported with
    * this age commitment.
+   * **Note**, that this and the next field are only relevant on the wallet
+   * side for attestation and derive operations.
    */
-  size_t num_priv;
+  size_t num;
 
   /* List of #num_priv private keys.
    *
@@ -3337,6 +3350,12 @@ struct TALER_AgeCommitment
   struct TALER_AgeCommitmentPrivateKeyP *priv;
 };
 
+struct TALER_AgeCommitmentProof
+{
+  struct TALER_AgeCommitment commitment;
+  struct TALER_AgeProof proof;
+};
+
 /*
  * @brief Generates a hash of the public keys in the age commitment.
  *
@@ -3354,7 +3373,7 @@ TALER_age_commitment_hash (
  * @param mask The age mask the defines the age groups
  * @param age The actual age for which an age commitment is generated
  * @param salt The salt that goes into the key generation.  MUST be choosen uniformly random.
- * @param commitment[out] The generated age commitment, ->priv and ->pub allocated via GNUNET_malloc on success
+ * @param comm_proof[out] The generated age commitment, ->priv and ->pub allocated via GNUNET_malloc on success
  * @return GNUNET_OK on success, GNUNET_SYSERR otherwise
  */
 enum GNUNET_GenericReturnValue
@@ -3362,28 +3381,76 @@ TALER_age_restriction_commit (
   const struct TALER_AgeMask *mask,
   const uint8_t age,
   const uint64_t salt,
-  struct TALER_AgeCommitment *commitment);
+  struct TALER_AgeCommitmentProof *comm_proof);
 
 /*
  * @brief Derives another, equivalent age commitment for a given one.
  *
  * @param orig Original age commitment
  * @param salt Salt to randomly move the points on the elliptic curve in order to generate another, equivalent commitment.
- * @param derived[out] The resulting age commitment, ->priv and ->pub allocated via GNUNET_malloc on success.
+ * @param[out] derived The resulting age commitment, ->priv and ->pub allocated via GNUNET_malloc on success.
  * @return GNUNET_OK on success, GNUNET_SYSERR otherwise
  */
 enum GNUNET_GenericReturnValue
 TALER_age_commitment_derive (
-  const struct TALER_AgeCommitment *orig,
+  const struct TALER_AgeCommitmentProof *orig,
   const uint64_t salt,
-  struct TALER_AgeCommitment *derived);
+  struct TALER_AgeCommitmentProof *derived);
+
+
+/*
+ * @brief Provide attestation for a given age, from a given age commitment, if possible.
+ *
+ * @param comm_proof The age commitment to be used for attestation.  For successful attestation, it must contain the private key for the corresponding age group.
+ * @param age Age (not age group) for which the an attestation should be done
+ * @param[out] attest Signature of the age with the appropriate key from the age commitment for the corresponding age group, if applicaple.
+ * @return GNUNET_OK on success, GNUNET_NO when no attestation can be made for that age with the given commitment, GNUNET_SYSERR otherwise
+ */
+enum GNUNET_GenericReturnValue
+TALER_age_commitment_attest (
+  const struct TALER_AgeCommitmentProof *comm_proof,
+  uint8_t age,
+  struct TALER_AgeAttestation *attest);
+
+/*
+ * @brief Verify the attestation for an given age and age commitment
+ *
+ * @param commitent The age commitment that went into the attestation.  Only the public keys are needed.
+ * @param age Age (not age group) for which the an attestation should be done
+ * @param attest Signature of the age with the appropriate key from the age commitment for the corresponding age group, if applicaple.
+ * @return GNUNET_OK when the attestation was successfull, GNUNET_NO no attestation couldn't be verified, GNUNET_SYSERR otherwise
+ */
+enum GNUNET_GenericReturnValue
+TALER_age_commitment_verify (
+  const struct TALER_AgeCommitment *commitment,
+  uint8_t age,
+  const struct TALER_AgeAttestation *attest);
 
 /*
  * @brief helper function to free memory of a struct TALER_AgeCommitment
- * @param cmt the commitment from which all memory should be freed.
+ *
+ * @param p the commitment from which all memory should be freed.
  */
 void
 TALER_age_commitment_free (
-  struct TALER_AgeCommitment *cmt);
+  struct TALER_AgeCommitment *p);
+
+/*
+ * @brief helper function to free memory of a struct TALER_AgeProof
+ *
+ * @param p the proof of commitment from which all memory should be freed.
+ */
+void
+TALER_age_proof_free (
+  struct TALER_AgeProof *p);
+
+/*
+ * @brief helper function to free memory of a struct TALER_AgeCommitmentProof
+ *
+ * @param p the commitment and its proof from which all memory should be freed.
+ */
+void
+TALER_age_commitment_proof_free (
+  struct TALER_AgeCommitmentProof *p);
 
 #endif
diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h
index d1800c01d..2a20bda73 100644
--- a/src/include/taler_exchange_service.h
+++ b/src/include/taler_exchange_service.h
@@ -1682,10 +1682,10 @@ struct TALER_EXCHANGE_RefreshData
   struct TALER_CoinSpendPrivateKeyP melt_priv;
 
   /*
-   * age commitment and its hash that went into the original coin, might be
-   * NULL
+   * age commitment and proof and its hash that went into the original coin,
+   * might be NULL.
    */
-  const struct TALER_AgeCommitment *melt_age_commitment;
+  const struct TALER_AgeCommitmentProof *melt_age_commitment_proof;
   const struct TALER_AgeCommitmentHash *melt_h_age_commitment;
 
   /**
@@ -1858,7 +1858,7 @@ struct TALER_EXCHANGE_RevealedCoinInfo
   /**
    * Age commitment and its hash of the coin, might be NULL.
    */
-  struct TALER_AgeCommitment *age_commitment;
+  struct TALER_AgeCommitmentProof *age_commitment_proof;
   struct TALER_AgeCommitmentHash *h_age_commitment;
 
   /**
@@ -2002,7 +2002,7 @@ struct TALER_EXCHANGE_LinkedCoinInfo
   /**
    * Age commitment and its hash, if applicable.  Might be NULL.
    */
-  struct TALER_AgeCommitment *age_commitment;
+  struct TALER_AgeCommitmentProof *age_commitment_proof;
   struct TALER_AgeCommitmentHash *h_age_commitment;
 
   /**
@@ -2092,7 +2092,8 @@ typedef void
 struct TALER_EXCHANGE_LinkHandle *
 TALER_EXCHANGE_link (struct TALER_EXCHANGE_Handle *exchange,
                      const struct TALER_CoinSpendPrivateKeyP *coin_priv,
-                     const struct TALER_AgeCommitment *age_commitment,
+                     const struct
+                     TALER_AgeCommitmentProof *age_commitment_proof,
                      TALER_EXCHANGE_LinkCallback link_cb,
                      void *link_cb_cls);
 
diff --git a/src/include/taler_testing_lib.h b/src/include/taler_testing_lib.h
index 531d9d261..081a93478 100644
--- a/src/include/taler_testing_lib.h
+++ b/src/include/taler_testing_lib.h
@@ -2484,6 +2484,7 @@ TALER_TESTING_get_trait (const struct TALER_TESTING_Trait *traits,
   op (denom_pub, const struct TALER_EXCHANGE_DenomPublicKey)           \
   op (denom_sig, const struct TALER_DenominationSignature)             \
   op (age_commitment, const struct TALER_AgeCommitment)                \
+  op (age_commitment_proof, const struct TALER_AgeCommitmentProof)     \
   op (h_age_commitment, const struct TALER_AgeCommitmentHash)          \
   op (planchet_secrets, const struct TALER_PlanchetMasterSecretP)      \
   op (exchange_wd_value, const struct TALER_ExchangeWithdrawValues)    \
author	Özgür Kesim <oec-taler@kesim.org>	2022-03-01 17:02:37 +0100
committer	Özgür Kesim <oec-taler@kesim.org>	2022-03-01 17:02:37 +0100
commit	e9eb00e285c80f63cfc08fdd9ea6707d55162e60 (patch)
tree	82868974066e473a7905ae3e91c230e2eb96d5d3 /src/include
parent	3716592addcac5e31d092a83cf02a0fec57d8743 (diff)