WiP: age-withdraw implementation, part 1/n

Commit phase of the age-withdraw protocol implemented, according to
https://docs.taler.net/core/api-exchange.html#withdraw-with-age-restriction

2 files changed, 143 insertions, 0 deletions

diff --git a/src/util/exchange_signatures.c b/src/util/exchange_signatures.c
index c2a841839..d8bf716c7 100644
--- a/src/util/exchange_signatures.c
+++ b/src/util/exchange_signatures.c
@@ -362,6 +362,63 @@ TALER_exchange_online_melt_confirmation_verify (
 GNUNET_NETWORK_STRUCT_BEGIN
 
 /**
+ * @brief Format of the block signed by the Exchange in response to a
+ * successful "/reserves/$RESERVE_PUB/age-withdraw" request.  Hereby the
+ * exchange affirms that the commitment along with the maximum age group and
+ * the amount were accepted.  This also commits the exchange to a particular
+ * index to not be revealed during the reveal.
+ */
+struct TALER_AgeWithdrawConfirmationPS
+{
+  /**
+   * Purpose is #TALER_SIGNATURE_EXCHANGE_CONFIRM_AGE_WITHDRAW.   Signed by a
+   * `struct TALER_ExchangePublicKeyP` using EdDSA.
+   */
+  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+  /**
+   * Commitment made in the /reserves/$RESERVE_PUB/age-withdraw.
+   */
+  struct TALER_AgeWithdrawCommitmentHashP h_commitment GNUNET_PACKED;
+
+  /**
+   * Index that the client will not have to reveal, in NBO.
+   * Must be smaller than #TALER_CNC_KAPPA.
+   */
+  uint32_t noreveal_index GNUNET_PACKED;
+
+};
+
+GNUNET_NETWORK_STRUCT_END
+
+enum TALER_ErrorCode
+TALER_exchange_online_age_withdraw_confirmation_sign (
+  TALER_ExchangeSignCallback scb,
+  const struct TALER_AgeWithdrawCommitmentHashP *h_commitment,
+  uint32_t noreveal_index,
+  struct TALER_ExchangePublicKeyP *pub,
+  struct TALER_ExchangeSignatureP *sig)
+{
+
+  struct TALER_AgeWithdrawConfirmationPS confirm = {
+    .purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_CONFIRM_AGE_WITHDRAW),
+    .purpose.size = htonl (sizeof (confirm)),
+    .h_commitment = *h_commitment,
+    .noreveal_index = htonl (noreveal_index)
+  };
+
+  return scb (&confirm.purpose,
+              pub,
+              sig);
+}
+
+
+/* TODO:oec: add signature for age-withdraw, age-reveal */
+
+
+GNUNET_NETWORK_STRUCT_BEGIN
+
+/**
  * @brief Signature made by the exchange over the full set of keys, used
  * to detect cheating exchanges that give out different sets to
  * different users.
diff --git a/src/util/wallet_signatures.c b/src/util/wallet_signatures.c
index e655c3e5e..221865e73 100644
--- a/src/util/wallet_signatures.c
+++ b/src/util/wallet_signatures.c
@@ -606,6 +606,92 @@ TALER_wallet_withdraw_verify (
 
 GNUNET_NETWORK_STRUCT_BEGIN
 
+/**
+ * @brief Format used for to generate the signature on a request to
+ * age-withdraw from a reserve.
+ */
+struct TALER_AgeWithdrawRequestPS
+{
+
+  /**
+   * Purpose must be #TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW.
+   * Used with an EdDSA signature of a `struct TALER_ReservePublicKeyP`.
+   */
+  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+  /**
+   * Hash of the commitment of n*kappa coins
+   */
+  struct TALER_AgeWithdrawCommitmentHashP h_commitment GNUNET_PACKED;
+
+  /**
+   * Value of the coin being exchanged (matching the denomination key)
+   * plus the transaction fee.  We include this in what is being
+   * signed so that we can verify a reserve's remaining total balance
+   * without needing to access the respective denomination key
+   * information each time.
+   */
+  struct TALER_AmountNBO amount_with_fee;
+
+  /**
+   * Maximum age group that the coins are going to be restricted to.
+   */
+  uint32_t max_age_group;
+};
+
+
+GNUNET_NETWORK_STRUCT_END
+
+void
+TALER_wallet_age_withdraw_sign (
+  const struct TALER_AgeWithdrawCommitmentHashP *h_commitment,
+  const struct TALER_Amount *amount_with_fee,
+  uint32_t max_age_group,
+  const struct TALER_ReservePrivateKeyP *reserve_priv,
+  struct TALER_ReserveSignatureP *reserve_sig)
+{
+  struct TALER_AgeWithdrawRequestPS req = {
+    .purpose.size = htonl (sizeof (req)),
+    .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_RESERVE_AGE_WITHDRAW),
+    .h_commitment = *h_commitment,
+    .max_age_group = max_age_group
+  };
+
+  TALER_amount_hton (&req.amount_with_fee,
+                     amount_with_fee);
+  GNUNET_CRYPTO_eddsa_sign (&reserve_priv->eddsa_priv,
+                            &req,
+                            &reserve_sig->eddsa_signature);
+}
+
+
+enum GNUNET_GenericReturnValue
+TALER_wallet_age_withdraw_verify (
+  const struct TALER_AgeWithdrawCommitmentHashP *h_commitment,
+  const struct TALER_Amount *amount_with_fee,
+  uint32_t max_age_group,
+  const struct TALER_ReservePublicKeyP *reserve_pub,
+  const struct TALER_ReserveSignatureP *reserve_sig)
+{
+  struct TALER_AgeWithdrawRequestPS awsrd = {
+    .purpose.size = htonl (sizeof (awsrd)),
+    .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_RESERVE_AGE_WITHDRAW),
+    .h_commitment = *h_commitment,
+    .max_age_group = max_age_group
+  };
+
+  TALER_amount_hton (&awsrd.amount_with_fee,
+                     amount_with_fee);
+  return GNUNET_CRYPTO_eddsa_verify (
+    TALER_SIGNATURE_WALLET_RESERVE_AGE_WITHDRAW,
+    &awsrd,
+    &reserve_sig->eddsa_signature,
+    &reserve_pub->eddsa_pub);
+}
+
+
+GNUNET_NETWORK_STRUCT_BEGIN
+
 
 /**
  * @brief Format used for to generate the signature on a request to withdraw