exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE

auditor_signatures.c (6689B)

      1 /*
      2   This file is part of TALER
      3   Copyright (C) 2020, 2022 Taler Systems SA
      4 
      5   TALER is free software; you can redistribute it and/or modify it under the
      6   terms of the GNU General Public License as published by the Free Software
      7   Foundation; either version 3, or (at your option) any later version.
      8 
      9   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
     10   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
     11   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
     12 
     13   You should have received a copy of the GNU General Public License along with
     14   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
     15 */
     16 /**
     17  * @file auditor_signatures.c
     18  * @brief Utility functions for Taler auditor signatures
     19  * @author Christian Grothoff
     20  */
     21 #include "taler/taler_util.h"
     22 #include "taler/taler_signatures.h"
     23 
     24 
     25 /**
     26  * @brief Information signed by an auditor affirming
     27  * the master public key and the denomination keys
     28  * of a exchange.
     29  */
     30 struct TALER_ExchangeKeyValidityPS
     31 {
     32 
     33   /**
     34    * Purpose is #TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS.
     35    */
     36   struct GNUNET_CRYPTO_SignaturePurpose purpose;
     37 
     38   /**
     39    * Hash of the auditor's URL (including 0-terminator).
     40    */
     41   struct GNUNET_HashCode auditor_url_hash;
     42 
     43   /**
     44    * The long-term offline master key of the exchange, affirmed by the
     45    * auditor.
     46    */
     47   struct TALER_MasterPublicKeyP master;
     48 
     49   /**
     50    * Start time of the validity period for this key.
     51    */
     52   struct GNUNET_TIME_TimestampNBO start;
     53 
     54   /**
     55    * The exchange will sign fresh coins between @e start and this time.
     56    * @e expire_withdraw will be somewhat larger than @e start to
     57    * ensure a sufficiently large anonymity set, while also allowing
     58    * the Exchange to limit the financial damage in case of a key being
     59    * compromised.  Thus, exchanges with low volume are expected to have a
     60    * longer withdraw period (@e expire_withdraw - @e start) than exchanges
     61    * with high transaction volume.  The period may also differ between
     62    * types of coins.  A exchange may also have a few denomination keys
     63    * with the same value with overlapping validity periods, to address
     64    * issues such as clock skew.
     65    */
     66   struct GNUNET_TIME_TimestampNBO expire_withdraw;
     67 
     68   /**
     69    * Coins signed with the denomination key must be spent or refreshed
     70    * between @e start and this expiration time.  After this time, the
     71    * exchange will refuse transactions involving this key as it will
     72    * "drop" the table with double-spending information (shortly after)
     73    * this time.  Note that wallets should refresh coins significantly
     74    * before this time to be on the safe side.  @e expire_deposit must be
     75    * significantly larger than @e expire_withdraw (by months or even
     76    * years).
     77    */
     78   struct GNUNET_TIME_TimestampNBO expire_deposit;
     79 
     80   /**
     81    * When do signatures with this denomination key become invalid?
     82    * After this point, these signatures cannot be used in (legal)
     83    * disputes anymore, as the Exchange is then allowed to destroy its side
     84    * of the evidence.  @e expire_legal is expected to be significantly
     85    * larger than @e expire_deposit (by a year or more).
     86    */
     87   struct GNUNET_TIME_TimestampNBO expire_legal;
     88 
     89   /**
     90    * The value of the coins signed with this denomination key.
     91    */
     92   struct TALER_AmountNBO value;
     93 
     94   /**
     95    * Fees for the coin.
     96    */
     97   struct TALER_DenomFeeSetNBOP fees;
     98 
     99   /**
    100    * Hash code of the denomination public key. (Used to avoid having
    101    * the variable-size RSA key in this struct.)
    102    */
    103   struct TALER_DenominationHashP denom_hash GNUNET_PACKED;
    104 
    105 };
    106 
    107 
    108 void
    109 TALER_auditor_denom_validity_sign (
    110   const char *auditor_url,
    111   const struct TALER_DenominationHashP *h_denom_pub,
    112   const struct TALER_MasterPublicKeyP *master_pub,
    113   struct GNUNET_TIME_Timestamp stamp_start,
    114   struct GNUNET_TIME_Timestamp stamp_expire_withdraw,
    115   struct GNUNET_TIME_Timestamp stamp_expire_deposit,
    116   struct GNUNET_TIME_Timestamp stamp_expire_legal,
    117   const struct TALER_Amount *coin_value,
    118   const struct TALER_DenomFeeSet *fees,
    119   const struct TALER_AuditorPrivateKeyP *auditor_priv,
    120   struct TALER_AuditorSignatureP *auditor_sig)
    121 {
    122   struct TALER_ExchangeKeyValidityPS kv = {
    123     .purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS),
    124     .purpose.size = htonl (sizeof (kv)),
    125     .start = GNUNET_TIME_timestamp_hton (stamp_start),
    126     .expire_withdraw = GNUNET_TIME_timestamp_hton (stamp_expire_withdraw),
    127     .expire_deposit = GNUNET_TIME_timestamp_hton (stamp_expire_deposit),
    128     .expire_legal = GNUNET_TIME_timestamp_hton (stamp_expire_legal),
    129     .denom_hash = *h_denom_pub,
    130     .master = *master_pub,
    131   };
    132 
    133   TALER_amount_hton (&kv.value,
    134                      coin_value);
    135   TALER_denom_fee_set_hton (&kv.fees,
    136                             fees);
    137   GNUNET_CRYPTO_hash (auditor_url,
    138                       strlen (auditor_url) + 1,
    139                       &kv.auditor_url_hash);
    140   GNUNET_CRYPTO_eddsa_sign (&auditor_priv->eddsa_priv,
    141                             &kv,
    142                             &auditor_sig->eddsa_sig);
    143 }
    144 
    145 
    146 enum GNUNET_GenericReturnValue
    147 TALER_auditor_denom_validity_verify (
    148   const char *auditor_url,
    149   const struct TALER_DenominationHashP *h_denom_pub,
    150   const struct TALER_MasterPublicKeyP *master_pub,
    151   struct GNUNET_TIME_Timestamp stamp_start,
    152   struct GNUNET_TIME_Timestamp stamp_expire_withdraw,
    153   struct GNUNET_TIME_Timestamp stamp_expire_deposit,
    154   struct GNUNET_TIME_Timestamp stamp_expire_legal,
    155   const struct TALER_Amount *coin_value,
    156   const struct TALER_DenomFeeSet *fees,
    157   const struct TALER_AuditorPublicKeyP *auditor_pub,
    158   const struct TALER_AuditorSignatureP *auditor_sig)
    159 {
    160   struct TALER_ExchangeKeyValidityPS kv = {
    161     .purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS),
    162     .purpose.size = htonl (sizeof (kv)),
    163     .start = GNUNET_TIME_timestamp_hton (stamp_start),
    164     .expire_withdraw = GNUNET_TIME_timestamp_hton (stamp_expire_withdraw),
    165     .expire_deposit = GNUNET_TIME_timestamp_hton (stamp_expire_deposit),
    166     .expire_legal = GNUNET_TIME_timestamp_hton (stamp_expire_legal),
    167     .denom_hash = *h_denom_pub,
    168     .master = *master_pub,
    169   };
    170 
    171   TALER_amount_hton (&kv.value,
    172                      coin_value);
    173   TALER_denom_fee_set_hton (&kv.fees,
    174                             fees);
    175   GNUNET_CRYPTO_hash (auditor_url,
    176                       strlen (auditor_url) + 1,
    177                       &kv.auditor_url_hash);
    178   return
    179     GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS,
    180                                 &kv,
    181                                 &auditor_sig->eddsa_sig,
    182                                 &auditor_pub->eddsa_pub);
    183 }
    184 
    185 
    186 /* end of auditor_signatures.c */