Line data Source code
1 : /*
2 : This file is part of TALER
3 : Copyright (C) 2020, 2022 Taler Systems SA
4 :
5 : TALER is free software; you can redistribute it and/or modify it under the
6 : terms of the GNU General Public License as published by the Free Software
7 : Foundation; either version 3, or (at your option) any later version.
8 :
9 : TALER is distributed in the hope that it will be useful, but WITHOUT ANY
10 : WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
11 : A PARTICULAR PURPOSE. See the GNU General Public License for more details.
12 :
13 : You should have received a copy of the GNU General Public License along with
14 : TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
15 : */
16 : /**
17 : * @file auditor_signatures.c
18 : * @brief Utility functions for Taler auditor signatures
19 : * @author Christian Grothoff
20 : */
21 : #include "platform.h"
22 : #include "taler_util.h"
23 : #include "taler_signatures.h"
24 :
25 :
26 : /**
27 : * @brief Information signed by an auditor affirming
28 : * the master public key and the denomination keys
29 : * of a exchange.
30 : */
31 : struct TALER_ExchangeKeyValidityPS
32 : {
33 :
34 : /**
35 : * Purpose is #TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS.
36 : */
37 : struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
38 :
39 : /**
40 : * Hash of the auditor's URL (including 0-terminator).
41 : */
42 : struct GNUNET_HashCode auditor_url_hash;
43 :
44 : /**
45 : * The long-term offline master key of the exchange, affirmed by the
46 : * auditor.
47 : */
48 : struct TALER_MasterPublicKeyP master;
49 :
50 : /**
51 : * Start time of the validity period for this key.
52 : */
53 : struct GNUNET_TIME_TimestampNBO start;
54 :
55 : /**
56 : * The exchange will sign fresh coins between @e start and this time.
57 : * @e expire_withdraw will be somewhat larger than @e start to
58 : * ensure a sufficiently large anonymity set, while also allowing
59 : * the Exchange to limit the financial damage in case of a key being
60 : * compromised. Thus, exchanges with low volume are expected to have a
61 : * longer withdraw period (@e expire_withdraw - @e start) than exchanges
62 : * with high transaction volume. The period may also differ between
63 : * types of coins. A exchange may also have a few denomination keys
64 : * with the same value with overlapping validity periods, to address
65 : * issues such as clock skew.
66 : */
67 : struct GNUNET_TIME_TimestampNBO expire_withdraw;
68 :
69 : /**
70 : * Coins signed with the denomination key must be spent or refreshed
71 : * between @e start and this expiration time. After this time, the
72 : * exchange will refuse transactions involving this key as it will
73 : * "drop" the table with double-spending information (shortly after)
74 : * this time. Note that wallets should refresh coins significantly
75 : * before this time to be on the safe side. @e expire_deposit must be
76 : * significantly larger than @e expire_withdraw (by months or even
77 : * years).
78 : */
79 : struct GNUNET_TIME_TimestampNBO expire_deposit;
80 :
81 : /**
82 : * When do signatures with this denomination key become invalid?
83 : * After this point, these signatures cannot be used in (legal)
84 : * disputes anymore, as the Exchange is then allowed to destroy its side
85 : * of the evidence. @e expire_legal is expected to be significantly
86 : * larger than @e expire_deposit (by a year or more).
87 : */
88 : struct GNUNET_TIME_TimestampNBO expire_legal;
89 :
90 : /**
91 : * The value of the coins signed with this denomination key.
92 : */
93 : struct TALER_AmountNBO value;
94 :
95 : /**
96 : * Fees for the coin.
97 : */
98 : struct TALER_DenomFeeSetNBOP fees;
99 :
100 : /**
101 : * Hash code of the denomination public key. (Used to avoid having
102 : * the variable-size RSA key in this struct.)
103 : */
104 : struct TALER_DenominationHashP denom_hash GNUNET_PACKED;
105 :
106 : };
107 :
108 :
109 : void
110 0 : TALER_auditor_denom_validity_sign (
111 : const char *auditor_url,
112 : const struct TALER_DenominationHashP *h_denom_pub,
113 : const struct TALER_MasterPublicKeyP *master_pub,
114 : struct GNUNET_TIME_Timestamp stamp_start,
115 : struct GNUNET_TIME_Timestamp stamp_expire_withdraw,
116 : struct GNUNET_TIME_Timestamp stamp_expire_deposit,
117 : struct GNUNET_TIME_Timestamp stamp_expire_legal,
118 : const struct TALER_Amount *coin_value,
119 : const struct TALER_DenomFeeSet *fees,
120 : const struct TALER_AuditorPrivateKeyP *auditor_priv,
121 : struct TALER_AuditorSignatureP *auditor_sig)
122 : {
123 0 : struct TALER_ExchangeKeyValidityPS kv = {
124 0 : .purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS),
125 0 : .purpose.size = htonl (sizeof (kv)),
126 0 : .start = GNUNET_TIME_timestamp_hton (stamp_start),
127 0 : .expire_withdraw = GNUNET_TIME_timestamp_hton (stamp_expire_withdraw),
128 0 : .expire_deposit = GNUNET_TIME_timestamp_hton (stamp_expire_deposit),
129 0 : .expire_legal = GNUNET_TIME_timestamp_hton (stamp_expire_legal),
130 : .denom_hash = *h_denom_pub,
131 : .master = *master_pub,
132 : };
133 :
134 0 : TALER_amount_hton (&kv.value,
135 : coin_value);
136 0 : TALER_denom_fee_set_hton (&kv.fees,
137 : fees);
138 0 : GNUNET_CRYPTO_hash (auditor_url,
139 0 : strlen (auditor_url) + 1,
140 : &kv.auditor_url_hash);
141 0 : GNUNET_CRYPTO_eddsa_sign (&auditor_priv->eddsa_priv,
142 : &kv,
143 : &auditor_sig->eddsa_sig);
144 0 : }
145 :
146 :
147 : enum GNUNET_GenericReturnValue
148 0 : TALER_auditor_denom_validity_verify (
149 : const char *auditor_url,
150 : const struct TALER_DenominationHashP *h_denom_pub,
151 : const struct TALER_MasterPublicKeyP *master_pub,
152 : struct GNUNET_TIME_Timestamp stamp_start,
153 : struct GNUNET_TIME_Timestamp stamp_expire_withdraw,
154 : struct GNUNET_TIME_Timestamp stamp_expire_deposit,
155 : struct GNUNET_TIME_Timestamp stamp_expire_legal,
156 : const struct TALER_Amount *coin_value,
157 : const struct TALER_DenomFeeSet *fees,
158 : const struct TALER_AuditorPublicKeyP *auditor_pub,
159 : const struct TALER_AuditorSignatureP *auditor_sig)
160 : {
161 0 : struct TALER_ExchangeKeyValidityPS kv = {
162 0 : .purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS),
163 0 : .purpose.size = htonl (sizeof (kv)),
164 0 : .start = GNUNET_TIME_timestamp_hton (stamp_start),
165 0 : .expire_withdraw = GNUNET_TIME_timestamp_hton (stamp_expire_withdraw),
166 0 : .expire_deposit = GNUNET_TIME_timestamp_hton (stamp_expire_deposit),
167 0 : .expire_legal = GNUNET_TIME_timestamp_hton (stamp_expire_legal),
168 : .denom_hash = *h_denom_pub,
169 : .master = *master_pub,
170 : };
171 :
172 0 : TALER_amount_hton (&kv.value,
173 : coin_value);
174 0 : TALER_denom_fee_set_hton (&kv.fees,
175 : fees);
176 0 : GNUNET_CRYPTO_hash (auditor_url,
177 0 : strlen (auditor_url) + 1,
178 : &kv.auditor_url_hash);
179 : return
180 0 : GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS,
181 : &kv,
182 : &auditor_sig->eddsa_sig,
183 : &auditor_pub->eddsa_pub);
184 : }
185 :
186 :
187 : /* end of auditor_signatures.c */
|