diff options
22 files changed, 630 insertions, 66 deletions
diff --git a/packages/taler-util/src/nacl-fast.ts b/packages/taler-util/src/nacl-fast.ts index 82bdc7cec..c45674bef 100644 --- a/packages/taler-util/src/nacl-fast.ts +++ b/packages/taler-util/src/nacl-fast.ts @@ -1769,7 +1769,7 @@ function crypto_scalarmult_base(q: Uint8Array, n: Uint8Array): number { return crypto_scalarmult(q, n, _9); } -function crypto_scalarmult_noclamp( +export function crypto_scalarmult_noclamp( q: Uint8Array, n: Uint8Array, p: Uint8Array, @@ -3033,6 +3033,18 @@ export function crypto_core_ed25519_scalar_add( return o; } +/** + * Reduce a scalar "s" to "s mod L". The input can be up to 64 bytes long. + */ +export function crypto_core_ed25519_scalar_reduce(x: Uint8Array): Uint8Array { + const len = x.length; + const z = new Float64Array(64); + for (let i = 0; i < len; i++) z[i] = x[i]; + const o = new Uint8Array(32); + modL(o, z); + return o; +} + export function crypto_core_ed25519_scalar_sub( x: Uint8Array, y: Uint8Array, @@ -3063,11 +3075,7 @@ export function crypto_edx25519_private_key_create_from_seed( } export function crypto_edx25519_get_public(priv: Uint8Array): Uint8Array { - const pub = new Uint8Array(32); - if (0 != crypto_scalarmult_base_noclamp(pub.subarray(32), priv)) { - throw Error(); - } - return pub; + return crypto_scalarmult_ed25519_base_noclamp(priv.subarray(0, 32)); } export function crypto_edx25519_sign_detached( @@ -3076,19 +3084,16 @@ export function crypto_edx25519_sign_detached( pkx: Uint8Array, ): Uint8Array { const n: number = m.length; - const d = new Uint8Array(64), - h = new Uint8Array(64), - r = new Uint8Array(64); + const h = new Uint8Array(64); + const r = new Uint8Array(64); let i, j; const x = new Float64Array(64); const p = [gf(), gf(), gf(), gf()]; - for (i = 0; i < 64; i++) d[i] = skx[i]; - const sm = new Uint8Array(n + 64); for (i = 0; i < n; i++) sm[64 + i] = m[i]; - for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; + for (i = 0; i < 32; i++) sm[32 + i] = skx[32 + i]; crypto_hash(r, sm.subarray(32), n + 32); reduce(r); @@ -3103,12 +3108,12 @@ export function crypto_edx25519_sign_detached( for (i = 0; i < 32; i++) x[i] = r[i]; for (i = 0; i < 32; i++) { for (j = 0; j < 32; j++) { - x[i + j] += h[i] * d[j]; + x[i + j] += h[i] * skx[j]; } } modL(sm.subarray(32), x); - return sm.subarray(64); + return sm.subarray(0, 64); } export function crypto_edx25519_sign_detached_verify( diff --git a/packages/taler-util/src/talerCrypto.test.ts b/packages/taler-util/src/talerCrypto.test.ts index 70ad8a614..5e8f37d80 100644 --- a/packages/taler-util/src/talerCrypto.test.ts +++ b/packages/taler-util/src/talerCrypto.test.ts @@ -34,6 +34,10 @@ import { scalarMultBase25519, deriveSecrets, calcRBlind, + Edx25519, + getRandomBytes, + bigintToNaclArr, + bigintFromNaclArr, } from "./talerCrypto.js"; import { sha512, kdf } from "./kdf.js"; import * as nacl from "./nacl-fast.js"; @@ -44,6 +48,7 @@ import { initNodePrng } from "./prng-node.js"; initNodePrng(); import bigint from "big-integer"; import { AssertionError } from "assert"; +import BigInteger from "big-integer"; test("encoding", (t) => { const s = "Hello, World"; @@ -343,9 +348,86 @@ test("taler CS blind c", async (t) => { }; const sig = await csUnblind(bseed, rPub, pub, b, blindsig); - t.deepEqual(sig.s, decodeCrock("F4ZKMFW3Q7DFN0N94KAMG2JFFHAC362T0QZ6ZCVZ73RS8P91CR70")); - t.deepEqual(sig.rPub, decodeCrock("CHK7JC4SXZ4Y9RDA3881S82F7BP99H35Q361WR6RBXN5YN2ZM1M0")); + t.deepEqual( + sig.s, + decodeCrock("F4ZKMFW3Q7DFN0N94KAMG2JFFHAC362T0QZ6ZCVZ73RS8P91CR70"), + ); + t.deepEqual( + sig.rPub, + decodeCrock("CHK7JC4SXZ4Y9RDA3881S82F7BP99H35Q361WR6RBXN5YN2ZM1M0"), + ); const res = await csVerify(decodeCrock(msg_hash), sig, pub); t.deepEqual(res, true); }); + +test("bigint/nacl conversion", async (t) => { + const b1 = BigInteger(42); + const n1 = bigintToNaclArr(b1, 32); + t.is(n1[0], 42); + t.is(n1.length, 32); + const b2 = bigintFromNaclArr(n1); + t.true(b1.eq(b2)); +}); + +test("taler age restriction crypto", async (t) => { + const priv1 = await Edx25519.keyCreate(); + const pub1 = await Edx25519.getPublic(priv1); + + const seed = encodeCrock(getRandomBytes(32)); + + const priv2 = await Edx25519.privateKeyDerive(priv1, seed); + const pub2 = await Edx25519.publicKeyDerive(pub1, seed); + + const pub2Ref = await Edx25519.getPublic(priv2); + + t.is(pub2, pub2Ref); +}); + +test("edx signing", async (t) => { + const priv1 = await Edx25519.keyCreate(); + const pub1 = await Edx25519.getPublic(priv1); + + const msg = stringToBytes("hello world"); + + const sig = nacl.crypto_edx25519_sign_detached( + msg, + decodeCrock(priv1), + decodeCrock(pub1), + ); + + t.true( + nacl.crypto_edx25519_sign_detached_verify(msg, sig, decodeCrock(pub1)), + ); + + sig[0]++; + + t.false( + nacl.crypto_edx25519_sign_detached_verify(msg, sig, decodeCrock(pub1)), + ); +}); + +test("edx test vector", async (t) => { + // Generated by gnunet-crypto-tvg + const tv = { + operation: "edx25519_derive", + priv1_edx: + "216KF1XM46K4JN8TX3Z8HNRX1DX4WRMX1BTCQM3KBS83PYKFY1GV6XRNBYRC5YM02HVDX8BDR20V7A27YX4MZJ8X8K0ADPZ43BD1GXG", + pub1_edx: "RKGRRG74SZ8PKF8SYG5SSDY8VRCYYGY5N2AKAJCG0103Z3JK6HTG", + seed: "EFK7CYT98YWGPNZNHPP84VJZDMXD5A41PP3E94NSAQZXRCAKVVXHAQNXG9XM2MAND2FJ56ZM238KGDCF3B0KCWNZCYKKHKDB56X6QA0", + priv2_edx: + "JRV3S06REHQV90E4HJA1FAMCVDBZZAZP9C6N2WF01MSR3CD5KM28QM7HTGGAV6MBJZ73QJ8PSZFA0D6YENJ7YT97344FDVVCGVAFNER", + pub2_edx: "ZB546ZC7ZP16DB99AMK67WNZ67WZFPWMRY67Y4PZR9YR1D82GVZ0", + }; + + { + const pub1Prime = await Edx25519.getPublic(tv.priv1_edx); + t.is(pub1Prime, tv.pub1_edx); + } + + const pub2Prime = await Edx25519.publicKeyDerive(tv.pub1_edx, tv.seed); + t.is(pub2Prime, tv.pub2_edx); + + const priv2Prime = await Edx25519.privateKeyDerive(tv.priv1_edx, tv.seed); + t.is(priv2Prime, tv.priv2_edx); +}); diff --git a/packages/taler-util/src/talerCrypto.ts b/packages/taler-util/src/talerCrypto.ts index 282d22d8b..228dc3269 100644 --- a/packages/taler-util/src/talerCrypto.ts +++ b/packages/taler-util/src/talerCrypto.ts @@ -27,6 +27,7 @@ import bigint from "big-integer"; import { Base32String, CoinEnvelope, + CoinPublicKeyString, DenominationPubKey, DenomKeyType, HashCodeString, @@ -643,6 +644,17 @@ export function hashCoinEvInner( } } +export function hashCoinPub( + coinPub: CoinPublicKeyString, + ach?: HashCodeString, +): Uint8Array { + if (!ach) { + return hash(decodeCrock(coinPub)); + } + + return hash(typedArrayConcat([decodeCrock(coinPub), decodeCrock(ach)])); +} + /** * Hash a denomination public key. */ @@ -652,6 +664,7 @@ export function hashDenomPub(pub: DenominationPubKey): Uint8Array { const hashInputBuf = new ArrayBuffer(pubBuf.length + 4 + 4); const uint8ArrayBuf = new Uint8Array(hashInputBuf); const dv = new DataView(hashInputBuf); + logger.info("age_mask", pub.age_mask); dv.setUint32(0, pub.age_mask ?? 0); dv.setUint32(4, DenomKeyType.toIntTag(pub.cipher)); uint8ArrayBuf.set(pubBuf, 8); @@ -705,6 +718,14 @@ export function bufferForUint32(n: number): Uint8Array { return buf; } +export function bufferForUint8(n: number): Uint8Array { + const arrBuf = new ArrayBuffer(1); + const buf = new Uint8Array(arrBuf); + const dv = new DataView(arrBuf); + dv.setUint8(0, n); + return buf; +} + export function setupTipPlanchet( secretSeed: Uint8Array, coinNumber: number, @@ -753,6 +774,7 @@ export enum TalerSignaturePurpose { WALLET_COIN_RECOUP = 1203, WALLET_COIN_LINK = 1204, WALLET_COIN_RECOUP_REFRESH = 1206, + WALLET_AGE_ATTESTATION = 1207, EXCHANGE_CONFIRM_RECOUP = 1039, EXCHANGE_CONFIRM_RECOUP_REFRESH = 1041, ANASTASIS_POLICY_UPLOAD = 1400, @@ -807,6 +829,25 @@ export type Edx25519PublicKey = FlavorP<string, "Edx25519PublicKey", 32>; export type Edx25519PrivateKey = FlavorP<string, "Edx25519PrivateKey", 64>; export type Edx25519Signature = FlavorP<string, "Edx25519Signature", 64>; +/** + * Convert a big integer to a fixed-size, little-endian array. + */ +export function bigintToNaclArr( + x: bigint.BigInteger, + size: number, +): Uint8Array { + const byteArr = new Uint8Array(size); + const arr = x.toArray(256).value.reverse(); + byteArr.set(arr, 0); + return byteArr; +} + +export function bigintFromNaclArr(arr: Uint8Array): bigint.BigInteger { + let rev = new Uint8Array(arr); + rev = rev.reverse(); + return bigint.fromArray(Array.from(rev), 256, false); +} + export namespace Edx25519 { const revL = [ 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, @@ -846,9 +887,9 @@ export namespace Edx25519 { ): Promise<OpaqueData> { const res = kdfKw({ outputLength: 64, - salt: stringToBytes("edx2559-derivation"), + salt: decodeCrock(seed), ikm: decodeCrock(pub), - info: decodeCrock(seed), + info: stringToBytes("edx2559-derivation"), }); return encodeCrock(res); @@ -860,28 +901,191 @@ export namespace Edx25519 { ): Promise<Edx25519PrivateKey> { const pub = await getPublic(priv); const privDec = decodeCrock(priv); - const privA = privDec.subarray(0, 32).reverse(); - const a = bigint.fromArray(Array.from(privA), 256, false); + const a = bigintFromNaclArr(privDec.subarray(0, 32)); + const factorEnc = await deriveFactor(pub, seed); + const factorModL = bigintFromNaclArr(decodeCrock(factorEnc)).mod(L); + + const aPrime = a.divide(8).multiply(factorModL).mod(L).multiply(8).mod(L); + const bPrime = nacl + .hash( + typedArrayConcat([privDec.subarray(32, 64), decodeCrock(factorEnc)]), + ) + .subarray(0, 32); + + const newPriv = encodeCrock( + typedArrayConcat([bigintToNaclArr(aPrime, 32), bPrime]), + ); + + return newPriv; + } - const factorBuf = await deriveFactor(pub, seed); + export async function publicKeyDerive( + pub: Edx25519PublicKey, + seed: OpaqueData, + ): Promise<Edx25519PublicKey> { + const factorEnc = await deriveFactor(pub, seed); + const factorReduced = nacl.crypto_core_ed25519_scalar_reduce( + decodeCrock(factorEnc), + ); + const res = nacl.crypto_scalarmult_ed25519_noclamp( + factorReduced, + decodeCrock(pub), + ); + return encodeCrock(res); + } +} - const factor = bigint.fromArray(Array.from(factorBuf), 256, false); +export interface AgeCommitment { + mask: number; - const aPrime = a.divide(8).multiply(factor).multiply(8); + /** + * Public keys, one for each age group specified in the age mask. + */ + publicKeys: Edx25519PublicKey[]; +} - const bPrime = nacl.hash( - typedArrayConcat([privDec.subarray(32, 64), decodeCrock(factorBuf)]), - ); +export interface AgeProof { + /** + * Private keys. Typically smaller than the number of public keys, + * because we drop private keys from age groups that are restricted. + */ + privateKeys: Edx25519PrivateKey[]; +} - Uint8Array.from(aPrime.toArray(256).value) +export interface AgeCommitmentProof { + commitment: AgeCommitment; + proof: AgeProof; +} +function invariant(cond: boolean): asserts cond { + if (!cond) { + throw Error("invariant failed"); + } +} + +export namespace AgeRestriction { + export function hashCommitment(ac: AgeCommitment): HashCodeString { + const hc = new nacl.HashState(); + for (const pub of ac.publicKeys) { + hc.update(decodeCrock(pub)); + } + return encodeCrock(hc.finish().subarray(0, 32)); + } + + export function countAgeGroups(mask: number): number { + let count = 0; + let m = mask; + while (m > 0) { + count += m & 1; + m = m >> 1; + } + return count; + } + + export function getAgeGroupIndex(mask: number, age: number): number { + invariant((mask & 1) === 1); + let i = 0; + let m = mask; + let a = age; + while (m > 0) { + if (a <= 0) { + break; + } + m = m >> 1; + i += m & 1; + a--; + } + return i; + } + + export function ageGroupSpecToMask(ageGroupSpec: string): number { throw Error("not implemented"); } - export function publicKeyDerive( - priv: Edx25519PrivateKey, - seed: OpaqueData, - ): Promise<Edx25519PublicKey> { - throw Error("not implemented") + export async function restrictionCommit( + ageMask: number, + age: number, + ): Promise<AgeCommitmentProof> { + invariant((ageMask & 1) === 1); + const numPubs = countAgeGroups(ageMask) - 1; + const numPrivs = getAgeGroupIndex(ageMask, age); + + const pubs: Edx25519PublicKey[] = []; + const privs: Edx25519PrivateKey[] = []; + + for (let i = 0; i < numPubs; i++) { + const priv = await Edx25519.keyCreate(); + const pub = await Edx25519.getPublic(priv); + pubs.push(pub); + if (i < numPrivs) { + privs.push(priv); + } + } + + return { + commitment: { + mask: ageMask, + publicKeys: pubs, + }, + proof: { + privateKeys: privs, + }, + }; + } + + export async function commitmentDerive( + commitmentProof: AgeCommitmentProof, + salt: OpaqueData, + ): Promise<AgeCommitmentProof> { + const newPrivs: Edx25519PrivateKey[] = []; + const newPubs: Edx25519PublicKey[] = []; + + for (const oldPub of commitmentProof.commitment.publicKeys) { + newPubs.push(await Edx25519.publicKeyDerive(oldPub, salt)); + } + + for (const oldPriv of commitmentProof.proof.privateKeys) { + newPrivs.push(await Edx25519.privateKeyDerive(oldPriv, salt)); + } + + return { + commitment: { + mask: commitmentProof.commitment.mask, + publicKeys: newPubs, + }, + proof: { + privateKeys: newPrivs, + }, + }; + } + + export function commitmentAttest( + commitmentProof: AgeCommitmentProof, + age: number, + ): Edx25519Signature { + const d = buildSigPS(TalerSignaturePurpose.WALLET_AGE_ATTESTATION) + .put(bufferForUint32(commitmentProof.commitment.mask)) + .put(bufferForUint32(age)) + .build(); + const group = getAgeGroupIndex(commitmentProof.commitment.mask, age); + if (group === 0) { + // No attestation required. + return encodeCrock(new Uint8Array(64)); + } + const priv = commitmentProof.proof.privateKeys[group - 1]; + const pub = commitmentProof.commitment.publicKeys[group - 1]; + const sig = nacl.crypto_edx25519_sign_detached( + d, + decodeCrock(priv), + decodeCrock(pub), + ); + return encodeCrock(sig); + } + + export function commitmentVerify( + commitmentProof: AgeCommitmentProof, + age: number, + ): Edx25519Signature { + throw Error("not implemented"); } } diff --git a/packages/taler-util/src/talerTypes.ts b/packages/taler-util/src/talerTypes.ts index b1bf6ab38..abac1cd12 100644 --- a/packages/taler-util/src/talerTypes.ts +++ b/packages/taler-util/src/talerTypes.ts @@ -47,6 +47,7 @@ import { } from "./time.js"; import { codecForAmountString } from "./amounts.js"; import { strcmp } from "./helpers.js"; +import { Edx25519PublicKey } from "./talerCrypto.js"; /** * Denomination as found in the /keys response from the exchange. @@ -283,6 +284,10 @@ export interface CoinDepositPermission { * URL of the exchange this coin was withdrawn from. */ exchange_url: string; + + minimum_age_sig?: EddsaSignatureString; + + age_commitment?: Edx25519PublicKey[]; } /** @@ -539,6 +544,8 @@ export interface ContractTerms { */ max_wire_fee?: string; + minimum_age?: number; + /** * Extra data, interpreted by the mechant only. */ @@ -957,6 +964,7 @@ export interface ExchangeMeltRequest { denom_sig: UnblindedSignature; rc: string; value_with_fee: AmountString; + age_commitment_hash?: HashCodeString; } export interface ExchangeMeltResponse { @@ -1122,7 +1130,7 @@ export type DenominationPubKey = RsaDenominationPubKey | CsDenominationPubKey; export interface RsaDenominationPubKey { readonly cipher: DenomKeyType.Rsa; readonly rsa_public_key: string; - readonly age_mask?: number; + readonly age_mask: number; } export interface CsDenominationPubKey { @@ -1177,12 +1185,14 @@ export const codecForRsaDenominationPubKey = () => buildCodecForObject<RsaDenominationPubKey>() .property("cipher", codecForConstString(DenomKeyType.Rsa)) .property("rsa_public_key", codecForString()) + .property("age_mask", codecForNumber()) .build("DenominationPubKey"); export const codecForCsDenominationPubKey = () => buildCodecForObject<CsDenominationPubKey>() .property("cipher", codecForConstString(DenomKeyType.ClauseSchnorr)) .property("cs_public_key", codecForString()) + .property("age_mask", codecForNumber()) .build("CsDenominationPubKey"); export const codecForBankWithdrawalOperationPostResponse = @@ -1312,6 +1322,7 @@ export const codecForContractTerms = (): Codec<ContractTerms> => .property("exchanges", codecForList(codecForExchangeHandle())) .property("products", codecOptional(codecForList(codecForProduct()))) .property("extra", codecForAny()) + .property("minimum_age", codecOptional(codecForNumber())) .build("ContractTerms"); export const codecForMerchantRefundPermission = @@ -1717,6 +1728,13 @@ export interface ExchangeRefreshRevealRequest { transfer_pub: EddsaPublicKeyString; link_sigs: EddsaSignatureString[]; + + /** + * Iff the corresponding denomination has support for age restriction, + * the client MUST provide the original age commitment, i.e. the vector + * of public keys. + */ + old_age_commitment?: Edx25519PublicKey[]; } export interface DepositSuccess { diff --git a/packages/taler-util/src/walletTypes.ts b/packages/taler-util/src/walletTypes.ts index 818ba37fe..e094bc385 100644 --- a/packages/taler-util/src/walletTypes.ts +++ b/packages/taler-util/src/walletTypes.ts @@ -47,6 +47,7 @@ import { codecForConstString, codecForAny, buildCodecForUnion, + codecForNumber, } from "./codec.js"; import { AmountString, @@ -61,6 +62,7 @@ import { OrderShortInfo, codecForOrderShortInfo } from "./transactionsTypes.js"; import { BackupRecovery } from "./backupTypes.js"; import { PaytoUri } from "./payto.js"; import { TalerErrorCode } from "./taler-error-codes.js"; +import { AgeCommitmentProof } from "./talerCrypto.js"; /** * Response for the create reserve request to the wallet. @@ -218,6 +220,8 @@ export interface CreateReserveRequest { * from this reserve, only used for testing. */ forcedDenomSel?: ForcedDenomSel; + + restrictAge?: number; } export const codecForCreateReserveRequest = (): Codec<CreateReserveRequest> => @@ -489,6 +493,7 @@ export interface WithdrawalPlanchet { coinEv: CoinEnvelope; coinValue: AmountJson; coinEvHash: string; + ageCommitmentProof?: AgeCommitmentProof; } export interface PlanchetCreationRequest { @@ -499,6 +504,7 @@ export interface PlanchetCreationRequest { denomPub: DenominationPubKey; reservePub: string; reservePriv: string; + restrictAge?: number; } /** @@ -545,6 +551,10 @@ export interface DepositInfo { denomKeyType: DenomKeyType; denomPubHash: string; denomSig: UnblindedSignature; + + requiredMinimumAge?: number; + + ageCommitmentProof?: AgeCommitmentProof; } export interface ExchangesListRespose { @@ -728,12 +738,14 @@ export const codecForAcceptManualWithdrawalRequet = export interface GetWithdrawalDetailsForAmountRequest { exchangeBaseUrl: string; amount: string; + restrictAge?: number; } export interface AcceptBankIntegratedWithdrawalRequest { talerWithdrawUri: string; exchangeBaseUrl: string; forcedDenomSel?: ForcedDenomSel; + restrictAge?: number; } export const codecForAcceptBankIntegratedWithdrawalRequest = @@ -742,6 +754,7 @@ export const codecForAcceptBankIntegratedWithdrawalRequest = .property("exchangeBaseUrl", codecForString()) .property("talerWithdrawUri", codecForString()) .property("forcedDenomSel", codecForAny()) + .property("restrictAge", codecOptional(codecForNumber())) .build("AcceptBankIntegratedWithdrawalRequest"); export const codecForGetWithdrawalDetailsForAmountRequest = @@ -774,11 +787,13 @@ export const codecForApplyRefundRequest = (): Codec<ApplyRefundRequest> => export interface GetWithdrawalDetailsForUriRequest { talerWithdrawUri: string; + restrictAge?: number; } export const codecForGetWithdrawalDetailsForUri = (): Codec<GetWithdrawalDetailsForUriRequest> => buildCodecForObject<GetWithdrawalDetailsForUriRequest>() .property("talerWithdrawUri", codecForString()) + .property("restrictAge", codecOptional(codecForNumber())) .build("GetWithdrawalDetailsForUriRequest"); export interface ListKnownBankAccountsRequest { diff --git a/packages/taler-wallet-cli/src/harness/denomStructures.ts b/packages/taler-wallet-cli/src/harness/denomStructures.ts index 2ca777030..b12857c7e 100644 --- a/packages/taler-wallet-cli/src/harness/denomStructures.ts +++ b/packages/taler-wallet-cli/src/harness/denomStructures.ts @@ -24,6 +24,7 @@ export interface CoinCoinfigCommon { feeDeposit: string; feeRefresh: string; feeRefund: string; + ageRestricted?: boolean; } export interface CoinConfigRsa extends CoinCoinfigCommon { diff --git a/packages/taler-wallet-cli/src/harness/harness.ts b/packages/taler-wallet-cli/src/harness/harness.ts index 30503e488..a2339e5f3 100644 --- a/packages/taler-wallet-cli/src/harness/harness.ts +++ b/packages/taler-wallet-cli/src/harness/harness.ts @@ -430,6 +430,9 @@ function setCoin(config: Configuration, c: CoinConfig) { config.setString(s, "fee_withdraw", c.feeWithdraw); config.setString(s, "fee_refresh", c.feeRefresh); config.setString(s, "fee_refund", c.feeRefund); + if (c.ageRestricted) { + config.setString(s, "age_restricted", "yes"); + } if (c.cipher === "RSA") { config.setString(s, "rsa_keysize", `${c.rsaKeySize}`); config.setString(s, "cipher", "RSA"); @@ -1112,6 +1115,17 @@ export class ExchangeService implements ExchangeServiceInterface { config.write(this.configFilename); } + enableAgeRestrictions(maskStr: string) { + const config = Configuration.load(this.configFilename); + config.setString("exchange-extension-age_restriction", "enabled", "yes"); + config.setString( + "exchange-extension-age_restriction", + "age_groups", + maskStr, + ); + config.write(this.configFilename); + } + get masterPub() { return encodeCrock(this.keyPair.eddsaPub); } @@ -1645,8 +1659,14 @@ export class MerchantService implements MerchantServiceInterface { await exec(`taler-merchant-dbinit -c "${this.configFilename}"`); this.proc = this.globalState.spawnService( - "taler-merchant-httpd", - ["-LDEBUG", "-c", this.configFilename, ...this.timetravelArgArr], + "valgrind", + [ + "taler-merchant-httpd", + "-LDEBUG", + "-c", + this.configFilename, + ...this.timetravelArgArr, + ], `merchant-${this.merchantConfig.name}`, ); } @@ -1848,6 +1868,9 @@ export async function runTestWithState( } } catch (e) { console.error("FATAL: test failed with exception", e); + if (e instanceof TalerError) { + console.error(`error detail: ${j2s(e.errorDetail)}`); + } status = "fail"; } finally { await gc.shutdown(); diff --git a/packages/taler-wallet-cli/src/harness/helpers.ts b/packages/taler-wallet-cli/src/harness/helpers.ts index 3840dcf94..db66efbb6 100644 --- a/packages/taler-wallet-cli/src/harness/helpers.ts +++ b/packages/taler-wallet-cli/src/harness/helpers.ts @@ -65,6 +65,13 @@ export interface SimpleTestEnvironment { wallet: WalletCli; } +export interface EnvOptions { + /** + * If provided, enable age restrictions with the specified age mask string. + */ + ageMaskSpec?: string; +} + /** * Run a test case with a simple TESTKUDOS Taler environment, consisting * of one exchange, one bank and one merchant. @@ -72,6 +79,7 @@ export interface SimpleTestEnvironment { export async function createSimpleTestkudosEnvironment( t: GlobalTestState, coinConfig: CoinConfig[] = defaultCoinConfig.map((x) => x("TESTKUDOS")), + opts: EnvOptions = {}, ): Promise<SimpleTestEnvironment> { const db = await setupDb(t); @@ -108,7 +116,17 @@ export async function createSimpleTestkudosEnvironment( await bank.pingUntilAvailable(); - exchange.addCoinConfigList(coinConfig); + const ageMaskSpec = opts.ageMaskSpec; + + if (ageMaskSpec) { + exchange.enableAgeRestrictions(ageMaskSpec); + // Enable age restriction for all coins. + exchange.addCoinConfigList( + coinConfig.map((x) => ({ ...x, ageRestricted: true })), + ); + } else { + exchange.addCoinConfigList(coinConfig); + } await exchange.start(); await exchange.pingUntilAvailable(); @@ -259,6 +277,7 @@ export async function startWithdrawViaBank( bank: BankService; exchange: ExchangeServiceInterface; amount: AmountString; + restrictAge?: number; }, ): Promise<void> { const { wallet, bank, exchange, amount } = p; @@ -270,6 +289,7 @@ export async function startWithdrawViaBank( await wallet.client.call(WalletApiOperation.GetWithdrawalDetailsForUri, { talerWithdrawUri: wop.taler_withdraw_uri, + restrictAge: p.restrictAge, }); await wallet.runPending(); @@ -279,6 +299,7 @@ export async function startWithdrawViaBank( await wallet.client.call(WalletApiOperation.AcceptBankIntegratedWithdrawal, { exchangeBaseUrl: exchange.baseUrl, talerWithdrawUri: wop.taler_withdraw_uri, + restrictAge: p.restrictAge, }); // Confirm it @@ -299,6 +320,7 @@ export async function withdrawViaBank( bank: BankService; exchange: ExchangeServiceInterface; amount: AmountString; + restrictAge?: number; }, ): Promise<void> { const { wallet } = p; diff --git a/packages/taler-wallet-cli/src/integrationtests/test-age-restrictions.ts b/packages/taler-wallet-cli/src/integrationtests/test-age-restrictions.ts new file mode 100644 index 000000000..9f523ae5d --- /dev/null +++ b/packages/taler-wallet-cli/src/integrationtests/test-age-restrictions.ts @@ -0,0 +1,64 @@ +/* + This file is part of GNU Taler + (C) 2022 Taler Systems S.A. + + GNU Taler is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + GNU Taler; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ + +/** + * Imports. + */ +import { defaultCoinConfig } from "../harness/denomStructures.js"; +import { GlobalTestState } from "../harness/harness.js"; +import { + createSimpleTestkudosEnvironment, + withdrawViaBank, + makeTestPayment, +} from "../harness/helpers.js"; + +/** + * Run test for basic, bank-integrated withdrawal and payment. + */ +export async function runAgeRestrictionsTest(t: GlobalTestState) { + // Set up test environment + + const { wallet, bank, exchange, merchant } = + await createSimpleTestkudosEnvironment( + t, + defaultCoinConfig.map((x) => x("TESTKUDOS")), + { + ageMaskSpec: "8:10:12:14:16:18:21", + }, + ); + + // Withdraw digital cash into the wallet. + + await withdrawViaBank(t, { + wallet, + bank, + exchange, + amount: "TESTKUDOS:20", + restrictAge: 13, + }); + + const order = { + summary: "Buy me!", + amount: "TESTKUDOS:5", + fulfillment_url: "taler://fulfillment-success/thx", + minimum_age: 9, + }; + + await makeTestPayment(t, { wallet, merchant, order }); + await wallet.runUntilDone(); +} + +runAgeRestrictionsTest.suites = ["wallet"]; diff --git a/packages/taler-wallet-cli/src/integrationtests/testrunner.ts b/packages/taler-wallet-cli/src/integrationtests/testrunner.ts index d8dc569d2..dcbf84497 100644 --- a/packages/taler-wallet-cli/src/integrationtests/testrunner.ts +++ b/packages/taler-wallet-cli/src/integrationtests/testrunner.ts @@ -25,6 +25,7 @@ import { shouldLingerInTest, TestRunResult, } from "../harness/harness.js"; +import { runAgeRestrictionsTest } from "./test-age-restrictions.js"; import { runBankApiTest } from "./test-bank-api"; import { runClaimLoopTest } from "./test-claim-loop"; import { runClauseSchnorrTest } from "./test-clause-schnorr.js"; @@ -103,6 +104,7 @@ interface TestMainFunction { } const allTests: TestMainFunction[] = [ + runAgeRestrictionsTest, runBankApiTest, runClaimLoopTest, runClauseSchnorrTest, diff --git a/packages/taler-wallet-core/src/crypto/cryptoImplementation.ts b/packages/taler-wallet-core/src/crypto/cryptoImplementation.ts index fa754e354..052d50ca7 100644 --- a/packages/taler-wallet-core/src/crypto/cryptoImplementation.ts +++ b/packages/taler-wallet-core/src/crypto/cryptoImplementation.ts @@ -69,6 +69,10 @@ import { kdf, ecdheGetPublic, getRandomBytes, + AgeCommitmentProof, + AgeRestriction, + hashCoinPub, + HashCodeString, } from "@gnu-taler/taler-util"; import bigint from "big-integer"; import { DenominationRecord, TipCoinSource, WireFee } from "../db.js"; @@ -82,7 +86,7 @@ import { SignTrackTransactionRequest, } from "./cryptoTypes.js"; -//const logger = new Logger("cryptoImplementation.ts"); +const logger = new Logger("cryptoImplementation.ts"); /** * Interface for (asynchronous) cryptographic operations that @@ -547,12 +551,34 @@ export const nativeCryptoR: TalerCryptoInterfaceR = { const denomPub = req.denomPub; if (denomPub.cipher === DenomKeyType.Rsa) { const reservePub = decodeCrock(req.reservePub); - const denomPubRsa = decodeCrock(denomPub.rsa_public_key); const derivedPlanchet = await tci.setupWithdrawalPlanchet(tci, { coinNumber: req.coinIndex, secretSeed: req.secretSeed, }); - const coinPubHash = hash(decodeCrock(derivedPlanchet.coinPub)); + + let maybeAcp: AgeCommitmentProof | undefined = undefined; + let maybeAgeCommitmentHash: string | undefined = undefined; + if (req.restrictAge) { + if (denomPub.age_mask === 0) { + throw Error( + "requested age restriction for a denomination that does not support age restriction", + ); + } + logger.info("creating age-restricted planchet"); + maybeAcp = await AgeRestriction.restrictionCommit( + denomPub.age_mask, + req.restrictAge, + ); + maybeAgeCommitmentHash = AgeRestriction.hashCommitment( + maybeAcp.commitment, + ); + } + + const coinPubHash = hashCoinPub( + derivedPlanchet.coinPub, + maybeAgeCommitmentHash, + ); + const blindResp = await tci.rsaBlind(tci, { bks: derivedPlanchet.bks, hm: encodeCrock(coinPubHash), @@ -589,6 +615,7 @@ export const nativeCryptoR: TalerCryptoInterfaceR = { reservePub: encodeCrock(reservePub), withdrawSig: sigResult.sig, coinEvHash: encodeCrock(evHash), + ageCommitmentProof: maybeAcp, }; return planchet; } else { @@ -880,7 +907,23 @@ export const nativeCryptoR: TalerCryptoInterfaceR = { ): Promise<CoinDepositPermission> { // FIXME: put extensions here if used const hExt = new Uint8Array(64); - const hAgeCommitment = new Uint8Array(32); + let hAgeCommitment: Uint8Array; + let maybeAgeCommitmentHash: string | undefined = undefined; + let minimumAgeSig: string | undefined = undefined; + if (depositInfo.ageCommitmentProof) { + const ach = AgeRestriction.hashCommitment( + depositInfo.ageCommitmentProof.commitment, + ); + maybeAgeCommitmentHash = ach; + hAgeCommitment = decodeCrock(ach); + minimumAgeSig = AgeRestriction.commitmentAttest( + depositInfo.ageCommitmentProof, + depositInfo.requiredMinimumAge!, + ); + } else { + // All zeros. + hAgeCommitment = new Uint8Array(32); + } let d: Uint8Array; if (depositInfo.denomKeyType === DenomKeyType.Rsa) { d = buildSigPS(TalerSignaturePurpose.WALLET_COIN_DEPOSIT) @@ -914,6 +957,8 @@ export const nativeCryptoR: TalerCryptoInterfaceR = { cipher: DenomKeyType.Rsa, rsa_signature: depositInfo.denomSig.rsa_signature, }, + age_commitment: depositInfo.ageCommitmentProof?.commitment.publicKeys, + minimum_age_sig: minimumAgeSig, }; return s; } else { @@ -999,10 +1044,19 @@ export const nativeCryptoR: TalerCryptoInterfaceR = { coinNumber: coinIndex, transferSecret: transferSecretRes.h, }); + let newAc: AgeCommitmentProof | undefined = undefined; + let newAch: HashCodeString | undefined = undefined; + if (req.meltCoinAgeCommitmentProof) { + newAc = await AgeRestriction.commitmentDerive( + req.meltCoinAgeCommitmentProof, + transferSecretRes.h, + ); + newAch = AgeRestriction.hashCommitment(newAc.commitment); + } coinPriv = decodeCrock(fresh.coinPriv); coinPub = decodeCrock(fresh.coinPub); blindingFactor = decodeCrock(fresh.bks); - const coinPubHash = hash(coinPub); + const coinPubHash = hashCoinPub(fresh.coinPub, newAch); if (denomSel.denomPub.cipher !== DenomKeyType.Rsa) { throw Error("unsupported cipher, can't create refresh session"); } @@ -1035,8 +1089,16 @@ export const nativeCryptoR: TalerCryptoInterfaceR = { const sessionHash = sessionHc.finish(); let confirmData: Uint8Array; - // FIXME: fill in age commitment - const hAgeCommitment = new Uint8Array(32); + let hAgeCommitment: Uint8Array; + if (req.meltCoinAgeCommitmentProof) { + hAgeCommitment = decodeCrock( + AgeRestriction.hashCommitment( + req.meltCoinAgeCommitmentProof.commitment, + ), + ); + } else { + hAgeCommitment = new Uint8Array(32); + } confirmData = buildSigPS(TalerSignaturePurpose.WALLET_COIN_MELT) .put(sessionHash) .put(decodeCrock(meltCoinDenomPubHash)) diff --git a/packages/taler-wallet-core/src/crypto/cryptoTypes.ts b/packages/taler-wallet-core/src/crypto/cryptoTypes.ts index deff15071..fe5dbcec6 100644 --- a/packages/taler-wallet-core/src/crypto/cryptoTypes.ts +++ b/packages/taler-wallet-core/src/crypto/cryptoTypes.ts @@ -28,6 +28,7 @@ * Imports. */ import { + AgeCommitmentProof, AmountJson, CoinEnvelope, DenominationPubKey, @@ -55,6 +56,7 @@ export interface DeriveRefreshSessionRequest { meltCoinPub: string; meltCoinPriv: string; meltCoinDenomPubHash: string; + meltCoinAgeCommitmentProof?: AgeCommitmentProof; newCoinDenoms: RefreshNewDenomInfo[]; feeRefresh: AmountJson; } diff --git a/packages/taler-wallet-core/src/crypto/workers/cryptoDispatcher.ts b/packages/taler-wallet-core/src/crypto/workers/cryptoDispatcher.ts index f6c8ae61e..2ef0d7c69 100644 --- a/packages/taler-wallet-core/src/crypto/workers/cryptoDispatcher.ts +++ b/packages/taler-wallet-core/src/crypto/workers/cryptoDispatcher.ts @@ -321,9 +321,9 @@ export class CryptoDispatcher { return new Promise<T>((resolve, reject) => { let timedOut = false; const timeout = timer.after(5000, () => { - logger.warn("crypto RPC call timed out"); + logger.warn(`crypto RPC call ('${operation}') timed out`); timedOut = true; - reject(new Error("crypto RPC call timed out")); + reject(new Error(`crypto RPC call ('${operation}') timed out`)); }); p.then((x) => { if (timedOut) { diff --git a/packages/taler-wallet-core/src/db.ts b/packages/taler-wallet-core/src/db.ts index e3da35975..0a1b40d2a 100644 --- a/packages/taler-wallet-core/src/db.ts +++ b/packages/taler-wallet-core/src/db.ts @@ -40,6 +40,7 @@ import { CoinEnvelope, TalerProtocolTimestamp, TalerProtocolDuration, + AgeCommitmentProof, } from "@gnu-taler/taler-util"; import { RetryInfo } from "./util/retries.js"; import { PayCoinSelection } from "./util/coinSelection.js"; @@ -188,6 +189,15 @@ export interface ReserveRecord { */ bankInfo?: ReserveBankInfo; + /** + * Restrict withdrawals from this reserve to this age. + */ + restrictAge?: number; + + /** + * Pre-allocated ID of the withdrawal group for the first withdrawal + * on this reserve. + */ initialWithdrawalGroupId: string; /** @@ -600,6 +610,8 @@ export interface PlanchetRecord { coinEv: CoinEnvelope; coinEvHash: string; + + ageCommitmentProof?: AgeCommitmentProof; } /** @@ -724,6 +736,8 @@ export interface CoinRecord { * Used to prevent allocation of the same coin for two different payments. */ allocation?: CoinAllocation; + + ageCommitmentProof?: AgeCommitmentProof; } export interface CoinAllocation { @@ -1148,6 +1162,7 @@ export interface WalletContractData { wireMethod: string; wireInfoHash: string; maxDepositFee: AmountJson; + minimumAge?: number; } export enum AbortStatus { diff --git a/packages/taler-wallet-core/src/operations/exchanges.ts b/packages/taler-wallet-core/src/operations/exchanges.ts index 26bca8c14..39edd6307 100644 --- a/packages/taler-wallet-core/src/operations/exchanges.ts +++ b/packages/taler-wallet-core/src/operations/exchanges.ts @@ -33,6 +33,7 @@ import { ExchangeSignKeyJson, ExchangeWireJson, hashDenomPub, + j2s, LibtoolVersion, Logger, NotificationType, @@ -445,6 +446,7 @@ async function downloadExchangeKeysInfo( ); logger.info("received /keys response"); + logger.info(`${j2s(exchangeKeysJsonUnchecked)}`); if (exchangeKeysJsonUnchecked.denoms.length === 0) { throw TalerError.fromDetail( diff --git a/packages/taler-wallet-core/src/operations/pay.ts b/packages/taler-wallet-core/src/operations/pay.ts index fa36c724f..a1773547a 100644 --- a/packages/taler-wallet-core/src/operations/pay.ts +++ b/packages/taler-wallet-core/src/operations/pay.ts @@ -26,6 +26,7 @@ */ import { AbsoluteTime, + AgeRestriction, AmountJson, Amounts, codecForContractTerms, @@ -197,6 +198,14 @@ export interface CoinSelectionRequest { maxWireFee: AmountJson; maxDepositFee: AmountJson; + + /** + * Minimum age requirement for the coin selection. + * + * When present, only select coins with either no age restriction + * or coins with an age commitment that matches the minimum age. + */ + minimumAge?: number; } /** @@ -651,6 +660,7 @@ export function extractContractData( merchant: parsedContractTerms.merchant, products: parsedContractTerms.products, summaryI18n: parsedContractTerms.summary_i18n, + minimumAge: parsedContractTerms.minimum_age, }; } @@ -825,6 +835,8 @@ async function processDownloadProposalImpl( proposalResp.sig, ); + logger.trace(`extracted contract data: ${j2s(contractData)}`); + await ws.db .mktx((x) => ({ proposals: x.proposals, purchases: x.purchases })) .runReadWrite(async (tx) => { @@ -1379,6 +1391,11 @@ export async function generateDepositPermissions( const { coin, denom } = coinWithDenom[i]; let wireInfoHash: string; wireInfoHash = contractData.wireInfoHash; + logger.trace( + `signing deposit permission for coin with acp=${j2s( + coin.ageCommitmentProof, + )}`, + ); const dp = await ws.cryptoApi.signDepositPermission({ coinPriv: coin.coinPriv, coinPub: coin.coinPub, @@ -1393,6 +1410,8 @@ export async function generateDepositPermissions( spendAmount: payCoinSel.coinContributions[i], timestamp: contractData.timestamp, wireInfoHash, + ageCommitmentProof: coin.ageCommitmentProof, + requiredMinimumAge: contractData.minimumAge, }); depositPermissions.push(dp); } diff --git a/packages/taler-wallet-core/src/operations/refresh.ts b/packages/taler-wallet-core/src/operations/refresh.ts index 10584fb94..215676118 100644 --- a/packages/taler-wallet-core/src/operations/refresh.ts +++ b/packages/taler-wallet-core/src/operations/refresh.ts @@ -15,6 +15,8 @@ */ import { + AgeCommitment, + AgeRestriction, CoinPublicKeyString, DenomKeyType, encodeCrock, @@ -22,7 +24,9 @@ import { ExchangeProtocolVersion, ExchangeRefreshRevealRequest, getRandomBytes, + HashCodeString, HttpStatusCode, + j2s, TalerProtocolTimestamp, } from "@gnu-taler/taler-util"; import { @@ -83,6 +87,7 @@ import { GetReadWriteAccess } from "../util/query.js"; import { guardOperationException } from "./common.js"; import { CryptoApiStoppedError } from "../crypto/workers/cryptoDispatcher.js"; import { TalerCryptoInterface } from "../crypto/cryptoImplementation.js"; +import { TalerError } from "../errors.js"; const logger = new Logger("refresh.ts"); @@ -380,6 +385,7 @@ async function refreshMelt( meltCoinPriv: oldCoin.coinPriv, meltCoinPub: oldCoin.coinPub, feeRefresh: oldDenom.feeRefresh, + meltCoinAgeCommitmentProof: oldCoin.ageCommitmentProof, newCoinDenoms, sessionSecretSeed: refreshSession.sessionSecretSeed, }); @@ -388,6 +394,14 @@ async function refreshMelt( `coins/${oldCoin.coinPub}/melt`, oldCoin.exchangeBaseUrl, ); + + let maybeAch: HashCodeString | undefined; + if (oldCoin.ageCommitmentProof) { + maybeAch = AgeRestriction.hashCommitment( + oldCoin.ageCommitmentProof.commitment, + ); + } + const meltReqBody: ExchangeMeltRequest = { coin_pub: oldCoin.coinPub, confirm_sig: derived.confirmSig, @@ -395,6 +409,7 @@ async function refreshMelt( denom_sig: oldCoin.denomSig, rc: derived.hash, value_with_fee: Amounts.stringify(derived.meltValueWithFee), + age_commitment_hash: maybeAch, }; const resp = await ws.runSequentialized([EXCHANGE_COINS_LOCK], async () => { @@ -475,6 +490,7 @@ export async function assembleRefreshRevealRequest(args: { denomPubHash: string; count: number; }[]; + oldAgeCommitment?: AgeCommitment; }): Promise<ExchangeRefreshRevealRequest> { const { derived, @@ -517,6 +533,7 @@ export async function assembleRefreshRevealRequest(args: { transfer_privs: privs, transfer_pub: derived.transferPubs[norevealIndex], link_sigs: linkSigs, + old_age_commitment: args.oldAgeCommitment?.publicKeys, }; return req; } @@ -622,6 +639,7 @@ async function refreshReveal( meltCoinPub: oldCoin.coinPub, feeRefresh: oldDenom.feeRefresh, newCoinDenoms, + meltCoinAgeCommitmentProof: oldCoin.ageCommitmentProof, sessionSecretSeed: refreshSession.sessionSecretSeed, }); @@ -637,6 +655,7 @@ async function refreshReveal( norevealIndex: norevealIndex, oldCoinPriv: oldCoin.coinPriv, oldCoinPub: oldCoin.coinPub, + oldAgeCommitment: oldCoin.ageCommitmentProof?.commitment, }); const resp = await ws.runSequentialized([EXCHANGE_COINS_LOCK], async () => { @@ -822,6 +841,11 @@ async function processRefreshGroupImpl( logger.info( "crypto API stopped while processing refresh group, probably the wallet is currently shutting down.", ); + } else if (x instanceof TalerError) { + logger.warn("process refresh session got exception (TalerError)"); + logger.warn(`exc ${x}`); + logger.warn(`exc stack ${x.stack}`); + logger.warn(`error detail: ${j2s(x.errorDetail)}`); } else { logger.warn("process refresh session got exception"); logger.warn(`exc ${x}`); diff --git a/packages/taler-wallet-core/src/operations/reserves.ts b/packages/taler-wallet-core/src/operations/reserves.ts index ff09d1a50..8e606bd60 100644 --- a/packages/taler-wallet-core/src/operations/reserves.ts +++ b/packages/taler-wallet-core/src/operations/reserves.ts @@ -200,6 +200,7 @@ export async function createReserve( lastError: undefined, currency: req.amount.currency, operationStatus: OperationStatus.Pending, + restrictAge: req.restrictAge, }; const exchangeInfo = await updateExchangeFromUrl(ws, req.exchange); @@ -541,12 +542,9 @@ async function updateReserve( const reserveUrl = new URL(`reserves/${reservePub}`, reserve.exchangeBaseUrl); reserveUrl.searchParams.set("timeout_ms", "200"); - const resp = await ws.http.get( - reserveUrl.href, - { - timeout: getReserveRequestTimeout(reserve), - }, - ); + const resp = await ws.http.get(reserveUrl.href, { + timeout: getReserveRequestTimeout(reserve), + }); const result = await readSuccessResponseJsonOrErrorCode( resp, @@ -632,17 +630,12 @@ async function updateReserve( amountReservePlus, amountReserveMinus, ).amount; - const denomSel = selectWithdrawalDenominations( - remainingAmount, - denoms, - ); + const denomSel = selectWithdrawalDenominations(remainingAmount, denoms); logger.trace( `Remaining unclaimed amount in reseve is ${Amounts.stringify( remainingAmount, - )} and can be withdrawn with ${ - denomSel.selectedDenoms.length - } coins`, + )} and can be withdrawn with ${denomSel.selectedDenoms.length} coins`, ); if (denomSel.selectedDenoms.length === 0) { @@ -759,6 +752,7 @@ export async function createTalerWithdrawReserve( selectedExchange: string, options: { forcedDenomSel?: ForcedDenomSel; + restrictAge?: number; } = {}, ): Promise<AcceptWithdrawalResponse> { await updateExchangeFromUrl(ws, selectedExchange); @@ -774,6 +768,7 @@ export async function createTalerWithdrawReserve( exchange: selectedExchange, senderWire: withdrawInfo.senderWire, exchangePaytoUri: exchangePaytoUri, + restrictAge: options.restrictAge, }); // We do this here, as the reserve should be registered before we return, // so that we can redirect the user to the bank's status page. diff --git a/packages/taler-wallet-core/src/operations/withdraw.test.ts b/packages/taler-wallet-core/src/operations/withdraw.test.ts index e5894a3e7..9f9146719 100644 --- a/packages/taler-wallet-core/src/operations/withdraw.test.ts +++ b/packages/taler-wallet-core/src/operations/withdraw.test.ts @@ -32,6 +32,7 @@ test("withdrawal selection bug repro", (t) => { cipher: DenomKeyType.Rsa, rsa_public_key: "040000XT67C8KBD6B75TTQ3SK8FWXMNQW4372T3BDDGPAMB9RFCA03638W8T3F71WFEFK9NP32VKYVNFXPYRWQ1N1HDKV5J0DFEKHBPJCYSWCBJDRNWD7G8BN8PT97FA9AMV75MYEK4X54D1HGJ207JSVJBGFCATSPNTEYNHEQF1F220W00TBZR1HNPDQFD56FG0DJQ9KGHM8EC33H6AY9YN9CNX5R3Z4TZ4Q23W47SBHB13H6W74FQJG1F50X38VRSC4SR8RWBAFB7S4K8D2H4NMRFSQT892A3T0BTBW7HM5C0H2CK6FRKG31F7W9WP1S29013K5CXYE55CT8TH6N8J9B780R42Y5S3ZB6J6E9H76XBPSGH4TGYSR2VZRB98J417KCQMZKX1BB67E7W5KVE37TC9SJ904002", + age_mask: 0, }, denomPubHash: "Q21FQSSG4FXNT96Z14CHXM8N1RZAG9GPHAV8PRWS0PZAAVWH7PBW6R97M2CH19KKP65NNSWXY7B6S53PT3CBM342E357ZXDDJ8RDVW8", @@ -86,6 +87,7 @@ test("withdrawal selection bug repro", (t) => { cipher: DenomKeyType.Rsa, rsa_public_key: "040000Y63CF78QFPKRY77BRK9P557Q1GQWX3NCZ3HSYSK0Z7TT0KGRA7N4SKBKEHSTVHX1Z9DNXMJR4EXSY1TXCKV0GJ3T3YYC6Z0JNMJFVYQAV4FX5J90NZH1N33MZTV8HS9SMNAA9S6K73G4P99GYBB01B0P6M1KXZ5JRDR7VWBR3MEJHHGJ6QBMCJR3NWJRE3WJW9PRY8QPQ2S7KFWTWRESH2DBXCXWBD2SRN6P9YX8GRAEMFEGXC9V5GVJTEMH6ZDGNXFPWZE3JVJ2Q4N9GDYKBCHZCJ7M7M2RJ9ZV4Y64NAN9BT6XDC68215GKKRHTW1BBF1MYY6AR3JCTT9HYAM923RMVQR3TAEB7SDX8J76XRZWYH3AGJCZAQGMN5C8SSH9AHQ9RNQJQ15CN45R37X4YNFJV904002", + age_mask: 0, }, denomPubHash: @@ -141,6 +143,7 @@ test("withdrawal selection bug repro", (t) => { cipher: DenomKeyType.Rsa, rsa_public_key: "040000YDESWC2B962DA4WK356SC50MA3N9KV0ZSGY3RC48JCTY258W909C7EEMT5BTC5KZ5T4CERCZ141P9QF87EK2BD1XEEM5GB07MB3H19WE4CQGAS8X84JBWN83PQGQXVMWE5HFA992KMGHC566GT9ZS2QPHZB6X89C4A80Z663PYAAPXP728VHAKATGNNBQ01ZZ2XD1CH9Y38YZBSPJ4K7GB2J76GBCYAVD9ENHDVWXJAXYRPBX4KSS5TXRR3K5NEN9ZV3AJD2V65K7ABRZDF5D5V1FJZZMNJ5XZ4FEREEKEBV9TDFPGJTKDEHEC60K3DN24DAATRESDJ1ZYYSYSRCAT4BT2B62ARGVMJTT5N2R126DRW9TGRWCW0ZAF2N2WET1H4NJEW77X0QT46Z5R3MZ0XPHD04002", + age_mask: 0, }, denomPubHash: "JS61DTKAFM0BX8Q4XV3ZSKB921SM8QK745Z2AFXTKFMBHHFNBD8TQ5ETJHFNDGBGX22FFN2A2ERNYG1SGSDQWNQHQQ2B14DBVJYJG8R", @@ -195,6 +198,7 @@ test("withdrawal selection bug repro", (t) => { cipher: DenomKeyType.Rsa, rsa_public_key: "040000YG3T1ADB8DVA6BD3EPV6ZHSHTDW35DEN4VH1AE6CSB7P1PSDTNTJG866PHF6QB1CCWYCVRGA0FVBJ9Q0G7KV7AD9010GDYBQH0NNPHW744MTNXVXWBGGGRGQGYK4DTYN1DSWQ1FZNDSZZPB5BEKG2PDJ93NX2JTN06Y8QMS2G734Z9XHC10EENBG2KVB7EJ3CM8PV1T32RC7AY62F3496E8D8KRHJQQTT67DSGMNKK86QXVDTYW677FG27DP20E8XY3M6FQD53NDJ1WWES91401MV1A3VXVPGC76GZVDD62W3WTJ1YMKHTTA3MRXX3VEAAH3XTKDN1ER7X6CZPMYTF8VK735VP2B2TZGTF28TTW4FZS32SBS64APCDF6SZQ427N5538TJC7SRE71YSP5ET8GS904002", + age_mask: 0, }, denomPubHash: @@ -250,6 +254,7 @@ test("withdrawal selection bug repro", (t) => { cipher: DenomKeyType.Rsa, rsa_public_key: "040000ZC0G60E9QQ5PD81TSDWD9GV5Y6P8Z05NSPA696DP07NGQQVSRQXBA76Q6PRB0YFX295RG4MTQJXAZZ860ET307HSC2X37XAVGQXRVB8Q4F1V7NP5ZEVKTX75DZK1QRAVHEZGQYKSSH6DBCJNQF6V9WNQF3GEYVA4KCBHA7JF772KHXM9642C28Z0AS4XXXV2PABAN5C8CHYD5H7JDFNK3920W5Q69X0BS84XZ4RE2PW6HM1WZ6KGZ3MKWWWCPKQ1FSFABRBWKAB09PF563BEBXKY6M38QETPH5EDWGANHD0SC3QV0WXYVB7BNHNNQ0J5BNV56K563SYHM4E5ND260YRJSYA1GN5YSW2B1J5T1A1EBNYF2DN6JNJKWXWEQ42G5YS17ZSZ5EWDRA9QKV8EGTCNAD04002", + age_mask: 0, }, denomPubHash: "A41HW0Q2H9PCNMEWW0C0N45QAYVXZ8SBVRRAHE4W6X24SV1TH38ANTWDT80JXEBW9Z8PVPGT9GFV2EYZWJ5JW5W1N34NFNKHQSZ1PFR", @@ -304,6 +309,7 @@ test("withdrawal selection bug repro", (t) => { cipher: DenomKeyType.Rsa, rsa_public_key: "040000ZSK2PMVY6E3NBQ52KXMW029M60F4BWYTDS0FZSD0PE53CNZ9H6TM3GQK1WRTEKQ5GRWJ1J9DY6Y42SP47QVT1XD1G0W05SQ5F3F7P5KSWR0FJBJ9NZBXQEVN8Q4JRC94X3JJ3XV3KBYTZ2HTDFV28C3H2SRR0XGNZB4FY85NDZF1G4AEYJJ9QB3C0V8H70YB8RV3FKTNH7XS4K4HFNZHJ5H9VMX5SM9Z2DX37HA5WFH0E2MJBVVF2BWWA5M0HPPSB365RAE2AMD42Q65A96WD80X27SB2ZNQZ8WX0K13FWF85GZ6YNYAJGE1KGN06JDEKE9QD68Z651D7XE8V6664TVVC8M68S7WD0DSXMJQKQ0BNJXNDE29Q7MRX6DA3RW0PZ44B3TKRK0294FPVZTNSTA6XF04002", + age_mask: 0, }, denomPubHash: "F5NGBX33DTV4595XZZVK0S2MA1VMXFEJQERE5EBP5DS4QQ9EFRANN7YHWC1TKSHT2K6CQWDBRES8D3DWR0KZF5RET40B4AZXZ0RW1ZG", diff --git a/packages/taler-wallet-core/src/operations/withdraw.ts b/packages/taler-wallet-core/src/operations/withdraw.ts index d4ca58401..94f8e20b9 100644 --- a/packages/taler-wallet-core/src/operations/withdraw.ts +++ b/packages/taler-wallet-core/src/operations/withdraw.ts @@ -266,8 +266,6 @@ export function selectForcedWithdrawalDenominations( denoms: DenominationRecord[], forcedDenomSel: ForcedDenomSel, ): DenomSelectionState { - let remaining = Amounts.copy(amountAvailable); - const selectedDenoms: { count: number; denomPubHash: string; @@ -454,6 +452,7 @@ async function processPlanchetGenerate( value: denom.value, coinIndex: coinIdx, secretSeed: withdrawalGroup.secretSeed, + restrictAge: reserve.restrictAge, }); const newPlanchet: PlanchetRecord = { blindingKey: r.blindingKey, @@ -467,6 +466,7 @@ async function processPlanchetGenerate( withdrawalDone: false, withdrawSig: r.withdrawSig, withdrawalGroupId: withdrawalGroup.withdrawalGroupId, + ageCommitmentProof: r.ageCommitmentProof, lastError: undefined, }; await ws.db @@ -701,6 +701,7 @@ async function processPlanchetVerifyAndStoreCoin( withdrawalGroupId: withdrawalGroup.withdrawalGroupId, }, suspended: false, + ageCommitmentProof: planchet.ageCommitmentProof, }; const planchetCoinPub = planchet.coinPub; @@ -1101,11 +1102,6 @@ export async function getExchangeWithdrawalInfo( } } - const withdrawFee = Amounts.sub( - selectedDenoms.totalWithdrawCost, - selectedDenoms.totalCoinValue, - ).amount; - const ret: ExchangeWithdrawDetails = { earliestDepositExpiration, exchangeInfo: exchange, @@ -1127,6 +1123,10 @@ export async function getExchangeWithdrawalInfo( return ret; } +export interface GetWithdrawalDetailsForUriOpts { + restrictAge?: number; +} + /** * Get more information about a taler://withdraw URI. * @@ -1137,6 +1137,7 @@ export async function getExchangeWithdrawalInfo( export async function getWithdrawalDetailsForUri( ws: InternalWalletState, talerWithdrawUri: string, + opts: GetWithdrawalDetailsForUriOpts = {}, ): Promise<WithdrawUriInfoResponse> { logger.trace(`getting withdrawal details for URI ${talerWithdrawUri}`); const info = await getBankWithdrawalInfo(ws.http, talerWithdrawUri); diff --git a/packages/taler-wallet-core/src/util/coinSelection.test.ts b/packages/taler-wallet-core/src/util/coinSelection.test.ts index 1675a9a35..dc64a57dc 100644 --- a/packages/taler-wallet-core/src/util/coinSelection.test.ts +++ b/packages/taler-wallet-core/src/util/coinSelection.test.ts @@ -36,6 +36,7 @@ function fakeAci(current: string, feeDeposit: string): AvailableCoinInfo { denomPub: { cipher: DenomKeyType.Rsa, rsa_public_key: "foobar", + age_mask: 0, }, feeDeposit: a(feeDeposit), exchangeBaseUrl: "https://example.com/", diff --git a/packages/taler-wallet-core/src/wallet.ts b/packages/taler-wallet-core/src/wallet.ts index e17bbb805..96722aefb 100644 --- a/packages/taler-wallet-core/src/wallet.ts +++ b/packages/taler-wallet-core/src/wallet.ts @@ -843,6 +843,7 @@ async function dispatchRequestInternal( req.exchangeBaseUrl, { forcedDenomSel: req.forcedDenomSel, + restrictAge: req.restrictAge, }, ); } @@ -1207,7 +1208,7 @@ class InternalWalletStateImpl implements InternalWalletState { ) { this.cryptoDispatcher = new CryptoDispatcher(cryptoWorkerFactory); this.cryptoApi = this.cryptoDispatcher.cryptoApi; - this.timerGroup = new TimerGroup(timer) + this.timerGroup = new TimerGroup(timer); } async getDenomInfo( |