packages/taler-util/src/taler-signatures.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

/*
 This file is part of GNU Taler
 (C) 2024 GNUnet e.V.

 GNU Taler is free software; you can redistribute it and/or modify it under the
 terms of the GNU General Public License as published by the Free Software
 Foundation; either version 3, or (at your option) any later version.

 GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

 You should have received a copy of the GNU General Public License along with
 GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 */

import { canonicalJson } from "./index.js";
import {
  bufferForUint64,
  buildSigPS,
  decodeCrock,
  eddsaSign,
  hash,
  stringToBytes,
  TalerSignaturePurpose,
  timestampRoundedToBuffer,
} from "./taler-crypto.js";
import { AmlDecisionRequestWithoutSignature } from "./types-taler-exchange.js";

/**
 * Implementation of Taler protocol signatures.
 *
 * In this file, we have implementations of signatures that are not used in the wallet,
 * but in other places (tests, SPAs, ...).
 */

/**
 * Signature for the POST /aml/$OFFICER_PUB/decisions endpoint.
 */
export function signAmlDecision(
  priv: Uint8Array,
  decision: AmlDecisionRequestWithoutSignature,
): Uint8Array {
  const builder = buildSigPS(TalerSignaturePurpose.AML_DECISION);

  const flags: number = decision.keep_investigating ? 1 : 0;

  builder.put(timestampRoundedToBuffer(decision.decision_time));
  builder.put(decodeCrock(decision.h_payto));
  builder.put(hash(stringToBytes(decision.justification)));
  builder.put(hash(stringToBytes(canonicalJson(decision.properties) + "\0")));
  builder.put(hash(stringToBytes(canonicalJson(decision.new_rules) + "\0")));
  if (decision.new_measures != null) {
    builder.put(hash(stringToBytes(decision.new_measures)));
  } else {
    builder.put(new Uint8Array(64));
  }
  builder.put(bufferForUint64(flags));

  const sigBlob = builder.build();

  return eddsaSign(sigBlob, priv);
}

export function signAmlQuery(key: Uint8Array): Uint8Array {
  const sigBlob = buildSigPS(TalerSignaturePurpose.AML_QUERY).build();

  return eddsaSign(sigBlob, key);
}