donau_crypto_lib.h (17885B)
1 /* 2 This file is part of TALER 3 Copyright (C) 2023-2024 Taler Systems SA 4 5 TALER is free software; you can redistribute it and/or modify it under the 6 terms of the GNU General Public License as published by the Free Software 7 Foundation; either version 3, or (at your option) any later version. 8 9 TALER is distributed in the hope that it will be useful, but WITHOUT ANY 10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 11 A PARTICULAR PURPOSE. See the GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License along with 14 TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> 15 */ 16 /** 17 * @file donau_crypto_lib.h 18 * @brief taler-specific crypto functions 19 * @author Sree Harsha Totakura <sreeharsha@totakura.in> 20 * @author Christian Grothoff <christian@grothoff.org> 21 * @author Özgür Kesim <oec-taler@kesim.org> 22 * @author Lukas Matyja 23 * @author Pius Loosli 24 */ 25 26 #if ! defined (__DONAU_UTIL_LIB_H_INSIDE__) 27 #error "Only <donau_util.h> can be included directly." 28 #endif 29 30 #ifndef DONAU_CRYPTO_LIB_H 31 #define DONAU_CRYPTO_LIB_H 32 33 #include <gnunet/gnunet_util_lib.h> 34 #include <taler/taler_error_codes.h> 35 #include <taler/taler_util.h> 36 #include <gcrypt.h> 37 #include <jansson.h> 38 39 40 /* ****************** donau crypto primitives ************* */ 41 42 /** 43 * Regular online message signing key used by Donau. 44 */ 45 struct DONAU_DonauPublicKeyP 46 { 47 /** 48 * Donau uses EdDSA for non-blind signing. 49 */ 50 struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; 51 52 }; 53 54 /** 55 * @brief Private key used by the donau to 56 * sign messages. 57 */ 58 struct DONAU_PrivateKeyP 59 { 60 /** 61 * Donau uses EdDSA for non-blind signing. 62 */ 63 struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; 64 }; 65 66 67 /** 68 * Signing key for whole batches of BUDI-key-pairs. Used by a Charity. 69 */ 70 struct DONAU_CharityPublicKeyP 71 { 72 /** 73 * Donau uses EdDSA for BUDI-key-pair signing 74 */ 75 struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub; 76 77 }; 78 79 /** 80 * Signing key for whole batches of BUDI-key-pairs. Used by a Charity. 81 */ 82 struct DONAU_CharityPrivateKeyP 83 { 84 /** 85 * Donau uses EdDSA for BUDI-key-pair signing 86 */ 87 struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; 88 89 }; 90 91 /** 92 * @brief Type of public signing keys for verifying blindly signed budis. 93 */ 94 struct DONAU_DonationUnitPublicKey 95 { 96 97 /** 98 * Type of the public key. 99 */ 100 struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub_key; 101 102 }; 103 104 /** 105 * @brief Type of private signing keys for blind signing of budis. 106 */ 107 struct DONAU_DonationUnitPrivateKey 108 { 109 110 struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv_key; 111 112 }; 113 114 /** 115 * Hash of a donation unit public key. MUST match the 116 * `struct TALER_CsPubHashP` and `struct TALER_RsaPubHashP` 117 * of the GNU Taler exchange secmod helpers! 118 */ 119 struct DONAU_DonationUnitHashP 120 { 121 struct GNUNET_HashCode hash; 122 }; 123 124 /** 125 * Compare two donation unit public keys. 126 * 127 * @param donation_unit1 first key 128 * @param donation_unit2 second key 129 * @return 0 if the keys are equal, otherwise -1 or 1 130 */ 131 int 132 DONAU_donation_unit_pub_cmp ( 133 const struct DONAU_DonationUnitPublicKey *donation_unit1, 134 const struct DONAU_DonationUnitPublicKey *donation_unit2); 135 136 /** 137 * Make a (deep) copy of the given @a donation_unit_src to 138 * @a donation_unit_dst. 139 * 140 * @param[out] donation_unit_dst target to copy to 141 * @param donation_unit_src public key to copy 142 */ 143 void 144 DONAU_donation_unit_pub_deep_copy ( 145 struct DONAU_DonationUnitPublicKey *donation_unit_dst, 146 const struct DONAU_DonationUnitPublicKey *donation_unit_src); 147 148 /** 149 * Free internals of @a donation_unit_pub, but not @a donation_unit_pub itself. 150 * 151 * @param[in] donation_unit_pub key to free 152 */ 153 void 154 DONAU_donation_unit_pub_free ( 155 struct DONAU_DonationUnitPublicKey *donation_unit_pub); 156 157 /** 158 * Compute the hash of the given @a donation_unit_pub. 159 * 160 * @param donation_unit_pub public key to hash 161 * @param[out] donation_unit_hash resulting hash value 162 */ 163 void 164 DONAU_donation_unit_pub_hash ( 165 const struct DONAU_DonationUnitPublicKey *donation_unit_pub, 166 struct DONAU_DonationUnitHashP *donation_unit_hash 167 ); 168 169 170 /** 171 * Hash used to represent a Donation Receipt 172 */ 173 struct DONAU_DonationReceiptHashP 174 { 175 /** 176 * Actual hash value. 177 */ 178 struct GNUNET_HashCode hash; 179 }; 180 181 /** 182 * Nonce for Donation Receipt 183 */ 184 struct DONAU_UniqueDonorIdentifierNonce 185 { 186 /** 187 * Actual nonce value. 188 */ 189 uint32_t value[32 / 4]; 190 }; 191 192 /** 193 * Donor's hashed and salted unique donation identifier. 194 */ 195 struct DONAU_HashDonorTaxId 196 { 197 unsigned char hash[512 / 8]; 198 }; 199 200 /** 201 * blind signatures from the blinded donation envelopes. 202 */ 203 struct DONAU_BlindedDonationUnitSignature 204 { 205 /** 206 * Donation Units use blind signatures. 207 */ 208 struct GNUNET_CRYPTO_BlindedSignature *blinded_sig; 209 210 }; 211 212 213 /** 214 * @brief Type of (unblinded) donation receipts signatures for Taler. 215 */ 216 struct DONAU_DonationUnitSignature 217 { 218 /** 219 * Donation units use blind signatures. 220 */ 221 struct GNUNET_CRYPTO_UnblindedSignature *unblinded_sig; 222 }; 223 224 225 /** 226 * @brief Type of signature used by the donau for non-blind signatures. 227 */ 228 struct DONAU_DonauSignatureP 229 { 230 /** 231 * Donau uses EdDSA for for non-blind signatures. 232 */ 233 struct GNUNET_CRYPTO_EddsaSignature eddsa_sig; 234 }; 235 236 /** 237 * @brief Type of signature used by charities 238 */ 239 struct DONAU_CharitySignatureP 240 { 241 /** 242 * Charities use EdDSA signatures. 243 */ 244 struct GNUNET_CRYPTO_EddsaSignature eddsa_sig; 245 }; 246 247 /** 248 * Token used for access control for admin to the donau. 249 */ 250 struct DONAU_BearerToken 251 { 252 /** 253 * The token of variable length. 254 */ 255 const char *token; 256 }; 257 258 259 /** 260 * @brief Wrapper around GNUNET primitive for the blinded unique donation identifier 261 */ 262 struct DONAU_BlindedUniqueDonorIdentifier 263 { 264 /** 265 * GNUNET primitive type representing a generic blinded message 266 */ 267 struct GNUNET_CRYPTO_BlindedMessage *blinded_message; 268 }; 269 270 271 /** 272 * Information needed for a donation receipt to be signed. 273 */ 274 struct DONAU_BlindedUniqueDonorIdentifierKeyPair 275 { 276 277 /** 278 * The hash of the donation unit's public key. 279 */ 280 struct DONAU_DonationUnitHashP h_donation_unit_pub; 281 282 /** 283 * Donor's blinded donation identifier. It must be blindly signed 284 * to become donation receipt. 285 */ 286 struct DONAU_BlindedUniqueDonorIdentifier blinded_udi; 287 288 }; 289 290 /** 291 * Donation Receipt 292 */ 293 struct DONAU_DonationReceipt 294 { 295 296 /** 297 * The hash of the donation unit's public key. 298 */ 299 struct DONAU_DonationUnitHashP h_donation_unit_pub; 300 301 /** 302 * Nonce from the Unique Donor Identifier. 303 */ 304 struct DONAU_UniqueDonorIdentifierNonce nonce; 305 306 /** 307 * Unblinded donation unit signature from the donau. 308 */ 309 struct DONAU_DonationUnitSignature donation_unit_sig; 310 311 }; 312 313 /** 314 * Information needed to create a blind signature. 315 */ 316 struct DONAU_BkpSignData 317 { 318 /** 319 * Hash of key to sign with. 320 */ 321 const struct DONAU_DonationUnitHashP *h_donation_unit_pub; 322 323 /** 324 * Blinded planchet to sign over. 325 */ 326 const struct DONAU_BlindedUniqueDonorIdentifier *budi; 327 }; 328 329 /** 330 * Hash of a Unique Donor Identifier (h_donor_tax_id + nonce) 331 */ 332 struct DONAU_UniqueDonorIdentifierHashP 333 { 334 struct GNUNET_HashCode hash; 335 }; 336 337 /** 338 * Hash of a budikeypair array 339 */ 340 struct DONAU_BudiHashP 341 { 342 struct GNUNET_HashCode hash; 343 }; 344 345 /** 346 * @brief Inputs needed from the donau for blind signing. 347 */ 348 struct DONAU_BatchIssueValues 349 { 350 /** 351 * Input values. 352 */ 353 struct GNUNET_CRYPTO_BlindingInputValues *blinding_inputs; 354 }; 355 356 /** 357 * Master key material for the deriviation of 358 * blinding factors during issuing receipts. 359 */ 360 struct DONAU_BudiMasterSecretP 361 { 362 363 /** 364 * Key material. 365 */ 366 uint32_t key_data[8]; 367 368 }; 369 370 /** 371 * Donation Statement 372 */ 373 struct DONAU_DonationStatement 374 { 375 /** 376 * The corresponding year. 377 */ 378 uint64_t year; 379 380 /** 381 * The salted and hashed donor id. 382 */ 383 const struct DONAU_HashDonorTaxId *h_donor_tax_id; 384 385 /** 386 * The salt used for @a h_donor_tax_id. 387 */ 388 const char *donor_tax_id; 389 390 /** 391 * The cleartext tax id of the user used for @a h_donor_tax_id. 392 */ 393 const char *salt; 394 395 /** 396 * The total donated amount. 397 */ 398 struct TALER_Amount total_amount; 399 400 /** 401 * The donation statement signature over @a year, @a h_donor_tax_id and @a total_amount. 402 */ 403 struct DONAU_DonauSignatureP donation_statement_sig; 404 405 }; 406 407 /* ********************* charity eddsa signing ************************** */ 408 409 410 /** 411 * Create charity eddsa signature approving to issue a donation part. 412 * 413 * @param num_bkp number of bkps 414 * @param bkp to be signed 415 * @param charity_priv private key of the charity 416 * @param[out] charity_sig where to write the signature 417 */ 418 void 419 DONAU_charity_bkp_sign ( 420 const size_t num_bkp, 421 const struct DONAU_BlindedUniqueDonorIdentifierKeyPair *bkp, 422 const struct DONAU_CharityPrivateKeyP *charity_priv, 423 struct DONAU_CharitySignatureP *charity_sig); 424 425 426 /** 427 * Verify charity eddsa signature approving to issue a donation part. 428 * 429 * @param num_bkp number of bkps 430 * @param bkp array to verify 431 * @param charity_pub public key of the charity 432 * @param charity_sig where to write the signature 433 * @return #GNUNET_OK if the signature is valid 434 */ 435 enum GNUNET_GenericReturnValue 436 DONAU_charity_bkp_verify ( 437 const size_t num_bkp, 438 const struct DONAU_BlindedUniqueDonorIdentifierKeyPair *bkp, 439 const struct DONAU_CharityPublicKeyP *charity_pub, 440 const struct DONAU_CharitySignatureP *charity_sig); 441 442 443 /** 444 * Create charity eddsa signature approving a request for charity 445 * status information. 446 * 447 * @param charity_priv private key of the charity 448 * @param[out] charity_sig where to write the signature 449 */ 450 void 451 DONAU_charity_get_info_sign ( 452 const struct DONAU_CharityPrivateKeyP *charity_priv, 453 struct DONAU_CharitySignatureP *charity_sig); 454 455 456 /** 457 * Verify charity eddsa signature requesting charity information. 458 * 459 * @param charity_pub public key of the charity 460 * @param charity_sig where to write the signature 461 * @return #GNUNET_OK if the signature is valid 462 */ 463 enum GNUNET_GenericReturnValue 464 DONAU_charity_get_info_verify ( 465 const struct DONAU_CharityPublicKeyP *charity_pub, 466 const struct DONAU_CharitySignatureP *charity_sig); 467 468 469 /* ********************* donau eddsa signing ************************** */ 470 471 /** 472 * Signature of a function that signs the message in @a purpose with the 473 * exchange's signing key. 474 * 475 * The @a purpose data is the beginning of the data of which the signature is 476 * to be created. The `size` field in @a purpose must correctly indicate the 477 * number of bytes of the data structure, including its header. * 478 * @param purpose the message to sign 479 * @param[out] pub set to the current public signing key of the exchange 480 * @param[out] sig signature over purpose using current signing key 481 * @return #TALER_EC_NONE on success 482 */ 483 typedef enum TALER_ErrorCode 484 (*DONAU_DonauSignCallback)( 485 const struct GNUNET_CRYPTO_SignaturePurpose *purpose, 486 struct DONAU_DonauPublicKeyP *pub, 487 struct DONAU_DonauSignatureP *sig); 488 489 /** 490 * Create donau eddsa signature. Another name for this 491 * is the donation statement. 492 * 493 * @param scb function to call to create the signature 494 * @param amount_tot total donated amount of @a year 495 * @param year donation year for the statement 496 * @param i hash value, the identifier of the donor 497 * @param donau_pub public key of the donau 498 * @param[out] donau_sig where to write the signature 499 */ 500 enum TALER_ErrorCode 501 DONAU_donation_statement_sign ( 502 DONAU_DonauSignCallback scb, 503 const struct TALER_Amount *amount_tot, 504 const uint64_t year, 505 const struct DONAU_HashDonorTaxId *i, 506 struct DONAU_DonauPublicKeyP *donau_pub, 507 struct DONAU_DonauSignatureP *donau_sig); 508 509 510 /** 511 * Verify donau eddsa signature/donation statement. 512 * 513 * @param amount_tot total donated amount of @a year 514 * @param year donation year for the statement 515 * @param i hash value, the identifier of the donor 516 * @param donau_pub public key of the donau 517 * @param statement_sig signature to verify 518 * @return #GNUNET_OK if the signature is valid 519 */ 520 enum GNUNET_GenericReturnValue 521 DONAU_donation_statement_verify ( 522 const struct TALER_Amount *amount_tot, 523 const uint64_t year, 524 const struct DONAU_HashDonorTaxId *i, 525 const struct DONAU_DonauPublicKeyP *donau_pub, 526 const struct DONAU_DonauSignatureP *statement_sig); 527 528 529 /* ********************* donau blind signing ************************** */ 530 531 /** 532 * Verify donation receipt. 533 * 534 * @param donation_unit_pub public key of the donation_unit 535 * @param h_udi hash of h_donor_tax_id + nonce 536 * @param donation_unit_sig signature to verify 537 * @return #GNUNET_OK if the signature is valid 538 */ 539 enum GNUNET_GenericReturnValue 540 DONAU_donation_receipt_verify ( 541 const struct DONAU_DonationUnitPublicKey *donation_unit_pub, 542 const struct DONAU_UniqueDonorIdentifierHashP *h_udi, 543 const struct DONAU_DonationUnitSignature *donation_unit_sig); 544 545 546 /** 547 * Free internals of @a donation_unit_sig, but not @a donation_unit_sig itself. 548 * 549 * @param[in] donation_unit_sig signature to free 550 */ 551 void 552 DONAU_blinded_donation_unit_sig_free ( 553 struct DONAU_BlindedDonationUnitSignature *donation_unit_sig); 554 555 556 /** 557 * Verify signature made with a donation unit public key 558 * over a budi. 559 * 560 * @param du_pub public donation unit key 561 * @param du_sig signature made with the private key 562 * @param budi_hash hash over the budi 563 * @return #GNUNET_OK if the signature is valid 564 */ 565 enum GNUNET_GenericReturnValue 566 TALER_donation_unit_pub_verify (const struct 567 DONAU_DonationUnitPublicKey *du_pub, 568 const struct 569 DONAU_DonationUnitSignature *du_sig, 570 const struct DONAU_BudiHashP *budi_hash); 571 572 573 /* ********************* client blind/unblind ************************** */ 574 575 /** 576 * Create a blinding secret @a bks given the client's @a ps and the alg_values 577 * from the exchange. 578 * 579 * @param ps secret to derive blindings from 580 * @param alg_values containing cipher and additional CS values 581 * @param[out] bks blinding secrets 582 */ 583 void 584 DONAU_budi_secret_create ( 585 const struct DONAU_BudiMasterSecretP *ps, 586 const struct DONAU_BatchIssueValues *alg_values, 587 union GNUNET_CRYPTO_BlindingSecretP *bks); 588 589 590 /** 591 * Return the alg value singleton for creation of 592 * blinding secrets for RSA. 593 * 594 * @return singleton to use for RSA blinding 595 */ 596 const struct DONAU_BatchIssueValues * 597 DONAU_donation_unit_ewv_rsa_singleton (void); 598 599 600 /** 601 * Make a (deep) copy of the given @a bi_src to 602 * @a bi_dst. 603 * 604 * @param[out] bi_dst target to copy to 605 * @param bi_src blinding input values to copy 606 */ 607 void 608 DONAU_donation_unit_ewv_copy ( 609 struct DONAU_BatchIssueValues *bi_dst, 610 const struct DONAU_BatchIssueValues *bi_src); 611 612 613 /** 614 * Blind udi for blind signing with @a du_pub using blinding secret @a budi_secret. 615 * 616 * NOTE: As a particular oddity, the @a budi is only partially 617 * initialized by this function in the case of CS donation units. Here, the 618 * 'nonce' must be initialized separately! 619 * 620 * @param du_pub donation unit public key to blind for 621 * @param budi_secret blinding secret to use 622 * @param cs_nonce nonce used to derive session values, 623 * could be NULL for ciphers that do not use it 624 * @param udi_nonce guarantees uniqueness, part of the message to blind 625 * @param h_tax_id hashed and salted tax id, part of the message to blind 626 * @param alg_values algorithm specific values to blind the udi 627 * @param[out] udi_hash resulting hashed @a h_tax_id with @a udi_nonce 628 * @param[out] budi blinded udi data to initialize 629 * @return #GNUNET_OK on success 630 */ 631 enum GNUNET_GenericReturnValue 632 DONAU_donation_unit_blind ( 633 const struct DONAU_DonationUnitPublicKey *du_pub, 634 const union GNUNET_CRYPTO_BlindingSecretP *budi_secret, 635 const union GNUNET_CRYPTO_BlindSessionNonce *cs_nonce, 636 const struct DONAU_UniqueDonorIdentifierNonce *udi_nonce,// message 637 const struct DONAU_HashDonorTaxId *h_tax_id, // message 638 const struct DONAU_BatchIssueValues *alg_values, 639 struct DONAU_UniqueDonorIdentifierHashP *udi_hash, 640 struct DONAU_BlindedUniqueDonorIdentifier *budi); 641 642 643 /** 644 * Unblind blinded signature. 645 * 646 * @param[out] du_sig where to write the unblinded signature 647 * @param blind_du_sig the blinded signature 648 * @param budi_secret blinding secret to use 649 * @param udi_hash hash of udi for verification of the signature 650 * @param alg_values algorithm specific values 651 * @param du_pub public key used for signing 652 * @return #GNUNET_OK on success 653 */ 654 enum GNUNET_GenericReturnValue 655 DONAU_donation_unit_sig_unblind ( 656 struct DONAU_DonationUnitSignature *du_sig, 657 const struct DONAU_BlindedDonationUnitSignature *blind_du_sig, 658 const union GNUNET_CRYPTO_BlindingSecretP *budi_secret, 659 const struct DONAU_UniqueDonorIdentifierHashP *udi_hash, 660 const struct DONAU_BatchIssueValues *alg_values, 661 const struct DONAU_DonationUnitPublicKey *du_pub); 662 663 /*********************** helpers ************************************************/ 664 /** 665 * Group of donation units. These are the common fields of an array of 666 * donation units. 667 */ 668 struct DONAU_DonationUnitGroup 669 { 670 671 /** 672 * Value of coins in this donation unit group. 673 */ 674 struct TALER_Amount value; 675 676 /** 677 * Cipher used for the donation unit. 678 */ 679 enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; 680 681 }; 682 683 /** 684 * Compute a unique key for the meta data of a donation unit group. 685 * 686 * @param dg donation unit group to evaluate 687 * @param[out] key key to set 688 */ 689 void 690 DONAU_donation_unit_group_get_key ( 691 const struct DONAU_DonationUnitGroup *dg, 692 struct GNUNET_HashCode *key); 693 694 /** 695 * Compute the hash of a Unique Donor Identifier. 696 * 697 * @param h_donor_tax_id hash of the tax id 698 * @param nonce that makes the Donor Identifier unique 699 * @param[out] h_udi where to write the hash 700 */ 701 void 702 DONAU_unique_donor_id_hash ( 703 const struct DONAU_HashDonorTaxId *h_donor_tax_id, 704 const struct DONAU_UniqueDonorIdentifierNonce *nonce, 705 struct DONAU_UniqueDonorIdentifierHashP *h_udi); 706 707 #endif