exchange/src/include/taler_signatures.h

1416 lines
38 KiB
C
Raw Normal View History

2015-01-08 18:37:20 +01:00
/*
This file is part of TALER
Copyright (C) 2014-2017 GNUnet e.V.
2015-01-08 18:37:20 +01:00
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
2016-07-07 17:55:25 +02:00
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
2015-01-08 18:37:20 +01:00
*/
/**
* @file taler_signatures.h
* @brief message formats and signature constants used to define
* the binary formats of signatures in Taler
2015-01-08 18:37:20 +01:00
* @author Florian Dold
* @author Benedikt Mueller
*
2015-03-28 13:31:09 +01:00
* This file should define the constants and C structs that one needs
* to know to implement Taler clients (wallets or merchants or
* auditor) that need to produce or verify Taler signatures.
2015-01-08 18:37:20 +01:00
*/
#ifndef TALER_SIGNATURES_H
#define TALER_SIGNATURES_H
2015-07-20 10:34:32 +02:00
#if HAVE_GNUNET_GNUNET_UTIL_LIB_H
#include <gnunet/gnunet_util_lib.h>
#elif HAVE_GNUNET_GNUNET_UTIL_TALER_WALLET_LIB_H
#include <gnunet/gnunet_util_taler_wallet_lib.h>
#endif
#include "taler_amount_lib.h"
#include "taler_crypto_lib.h"
/**
* Cut-and-choose size for refreshing. Client looses the gamble (of
* unaccountable transfers) with probability 1/TALER_CNC_KAPPA. Refresh cost
* increases linearly with TALER_CNC_KAPPA, and 3 is sufficient up to a
* income/sales tax of 66% of total transaction value. As there is
* no good reason to change this security parameter, we declare it
* fixed and part of the protocol.
*/
#define TALER_CNC_KAPPA 3
/*********************************************/
2016-03-01 15:35:04 +01:00
/* Exchange offline signatures (with master key) */
/*********************************************/
2015-01-08 18:37:20 +01:00
/**
2016-03-01 15:35:04 +01:00
* Purpose for signing public keys signed by the exchange master key.
2015-01-08 18:37:20 +01:00
*/
#define TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY 1024
2015-01-08 18:37:20 +01:00
/**
2016-03-01 15:35:04 +01:00
* Purpose for denomination keys signed by the exchange master key.
2015-01-08 18:37:20 +01:00
*/
#define TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY 1025
2015-01-08 18:37:20 +01:00
/**
* Fees charged per (aggregate) wire transfer to the merchant.
*/
#define TALER_SIGNATURE_MASTER_WIRE_FEES 1028
/**
* The given revocation key was revoked and must no longer be used.
*/
#define TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED 1029
2015-01-08 18:37:20 +01:00
/**
* Signature where the Exchange confirms its IBAN details in
* the /wire response.
*/
#define TALER_SIGNATURE_MASTER_WIRE_DETAILS 1030
/*********************************************/
2016-03-01 15:35:04 +01:00
/* Exchange online signatures (with signing key) */
/*********************************************/
2015-01-08 18:37:20 +01:00
/**
2016-03-01 15:35:04 +01:00
* Purpose for the state of a reserve, signed by the exchange's signing
* key.
2015-01-08 18:37:20 +01:00
*/
2016-03-01 15:35:04 +01:00
#define TALER_SIGNATURE_EXCHANGE_RESERVE_STATUS 1032
2015-01-08 18:37:20 +01:00
/**
2016-03-01 15:35:04 +01:00
* Signature where the Exchange confirms a deposit request.
2015-01-08 18:37:20 +01:00
*/
2016-03-01 15:35:04 +01:00
#define TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT 1033
2015-01-08 18:37:20 +01:00
/**
2016-03-01 15:35:04 +01:00
* Signature where the exchange (current signing key) confirms the
* no-reveal index for cut-and-choose and the validity of the melted
* coins.
*/
2016-03-01 15:35:04 +01:00
#define TALER_SIGNATURE_EXCHANGE_CONFIRM_MELT 1034
/**
2016-03-01 15:35:04 +01:00
* Signature where the Exchange confirms the full /keys response set.
*/
2016-03-01 15:35:04 +01:00
#define TALER_SIGNATURE_EXCHANGE_KEY_SET 1035
2016-01-17 18:19:09 +01:00
/**
* Signature where the Exchange confirms the /track/transaction response.
2016-01-17 18:19:09 +01:00
*/
2016-03-01 15:35:04 +01:00
#define TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE 1036
2016-01-17 18:19:09 +01:00
/**
* Signature where the Exchange confirms the /wire/deposit response.
*/
#define TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE_DEPOSIT 1037
2016-05-04 09:42:52 +02:00
/**
* Signature where the Exchange confirms a refund request.
*/
#define TALER_SIGNATURE_EXCHANGE_CONFIRM_REFUND 1038
/**
* Signature where the Exchange confirms a payback.
*/
#define TALER_SIGNATURE_EXCHANGE_CONFIRM_PAYBACK 1039
/**
* Signature where the Exchange confirms it closed a reserve.
*/
#define TALER_SIGNATURE_EXCHANGE_RESERVE_CLOSED 1040
/**
* Signature where the Exchange confirms a payback-refresh operation.
*/
#define TALER_SIGNATURE_EXCHANGE_CONFIRM_PAYBACK_REFRESH 1041
2019-06-26 15:34:14 +02:00
/**********************/
/* Auditor signatures */
/**********************/
/**
2015-07-08 09:59:51 +02:00
* Signature where the auditor confirms that he is
2016-03-01 15:35:04 +01:00
* aware of certain denomination keys from the exchange.
*/
2016-03-01 15:35:04 +01:00
#define TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS 1064
2015-01-08 18:37:20 +01:00
/***********************/
/* Merchant signatures */
/***********************/
/**
* Signature where the merchant confirms a contract (to the customer).
2015-01-08 18:37:20 +01:00
*/
#define TALER_SIGNATURE_MERCHANT_CONTRACT 1101
2015-01-08 18:37:20 +01:00
/**
* Signature where the merchant confirms a refund (of a coin).
*/
#define TALER_SIGNATURE_MERCHANT_REFUND 1102
2015-11-11 18:09:19 +01:00
/**
* Signature where the merchant confirms that he needs the wire
* transfer identifier for a deposit operation.
*/
#define TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION 1103
2015-11-11 18:09:19 +01:00
/**
* Signature where the merchant confirms that the payment was
* successful
*/
#define TALER_SIGNATURE_MERCHANT_PAYMENT_OK 1104
2017-07-05 09:33:08 +02:00
/**
* Signature where the merchant confirms a refund increase
*/
#define TALER_SIGNATURE_MERCHANT_REFUND_OK 1105
2018-01-04 13:47:03 +01:00
/**
* Signature where the merchant confirms that the user replayed
* a payment for a browser session.
*/
#define TALER_SIGNATURE_MERCHANT_PAY_SESSION 1106
/**
* Signature where the merchant confirms its own (salted)
* wire details (not yet really used).
*/
#define TALER_SIGNATURE_MERCHANT_WIRE_DETAILS 1107
2015-01-08 18:37:20 +01:00
/*********************/
/* Wallet signatures */
/*********************/
/**
* Signature where the reserve key confirms a withdraw request.
2015-01-08 18:37:20 +01:00
*/
#define TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW 1200
2015-01-08 18:37:20 +01:00
/**
* Signature made by the wallet of a user to confirm a deposit of a coin.
2015-01-08 18:37:20 +01:00
*/
#define TALER_SIGNATURE_WALLET_COIN_DEPOSIT 1201
/**
* Signature using a coin key confirming the melting of a coin.
*/
#define TALER_SIGNATURE_WALLET_COIN_MELT 1202
/**
* Signature using a coin key requesting payback.
*/
#define TALER_SIGNATURE_WALLET_COIN_PAYBACK 1203
2019-06-26 15:34:14 +02:00
/**
* Signature using a coin key authenticating link data.
*/
#define TALER_SIGNATURE_WALLET_COIN_LINK 1204
/*******************/
/* Test signatures */
/*******************/
/**
* EdDSA test signature.
*/
#define TALER_SIGNATURE_CLIENT_TEST_EDDSA 1302
/**
* EdDSA test signature.
*/
2016-03-01 15:35:04 +01:00
#define TALER_SIGNATURE_EXCHANGE_TEST_EDDSA 1303
2015-01-08 18:37:20 +01:00
2019-10-08 18:07:33 +02:00
/************************/
/* Anastasis signatures */
/************************/
/**
* EdDSA signature for a policy upload.
*/
#define TALER_SIGNATURE_ANASTASIS_POLICY_UPLOAD 1400
/**
* EdDSA signature for a policy download.
*/
#define TALER_SIGNATURE_ANASTASIS_POLICY_DOWNLOAD 1401
GNUNET_NETWORK_STRUCT_BEGIN
2019-06-26 15:34:14 +02:00
/**
* @brief Format used for to allow the wallet to authenticate
* link data provided by the exchange.
*/
struct TALER_LinkDataPS
{
/**
* Purpose must be #TALER_SIGNATURE_WALLET_COIN_LINK.
* Used with an EdDSA signature of a `struct TALER_CoinPublicKeyP`.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hash of the denomination public key of the new coin.
*/
struct GNUNET_HashCode h_denom_pub;
/**
* Public key of the old coin being refreshed.
*/
struct TALER_CoinSpendPublicKeyP old_coin_pub;
/**
* Transfer public key (for which the private key was not revealed)
*/
struct TALER_TransferPublicKeyP transfer_pub;
/**
* Hash of the blinded new coin.
*/
struct GNUNET_HashCode coin_envelope_hash;
};
/**
2015-03-28 15:53:53 +01:00
* @brief Format used for to generate the signature on a request to withdraw
* coins from a reserve.
*/
struct TALER_WithdrawRequestPS
{
/**
* Purpose must be #TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW.
* Used with an EdDSA signature of a `struct TALER_ReservePublicKeyP`.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Reserve public key (which reserve to withdraw from). This is
* the public key which must match the signature.
*/
struct TALER_ReservePublicKeyP reserve_pub;
/**
2016-03-01 15:35:04 +01:00
* Value of the coin being exchangeed (matching the denomination key)
* plus the transaction fee. We include this in what is being
* signed so that we can verify a reserve's remaining total balance
* without needing to access the respective denomination key
* information each time.
*/
struct TALER_AmountNBO amount_with_fee;
/**
2016-03-01 15:35:04 +01:00
* Withdrawl fee charged by the exchange. This must match the Exchange's
* denomination key's withdrawl fee. If the client puts in an
* invalid withdrawl fee (too high or too low) that does not match
2016-03-01 15:35:04 +01:00
* the Exchange's denomination key, the withdraw operation is invalid
* and will be rejected by the exchange. The @e amount_with_fee minus
* the @e withdraw_fee is must match the value of the generated
* coin. We include this in what is being signed so that we can
2016-03-01 15:35:04 +01:00
* verify a exchange's accounting without needing to access the
* respective denomination key information each time.
*/
struct TALER_AmountNBO withdraw_fee;
/**
* Hash of the denomination public key for the coin that is withdrawn.
*/
struct GNUNET_HashCode h_denomination_pub GNUNET_PACKED;
/**
2016-03-01 15:35:04 +01:00
* Hash of the (blinded) message to be signed by the Exchange.
*/
struct GNUNET_HashCode h_coin_envelope GNUNET_PACKED;
};
/**
2015-03-28 15:53:53 +01:00
* @brief Format used to generate the signature on a request to deposit
* a coin into the account of a merchant.
*/
struct TALER_DepositRequestPS
{
/**
* Purpose must be #TALER_SIGNATURE_WALLET_COIN_DEPOSIT.
* Used for an EdDSA signature with the `struct TALER_CoinSpendPublicKeyP`.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hash over the contract for which this deposit is made.
*/
struct GNUNET_HashCode h_contract_terms GNUNET_PACKED;
/**
* Hash over the wiring information of the merchant.
*/
struct GNUNET_HashCode h_wire GNUNET_PACKED;
/**
* Time when this request was generated. Used, for example, to
* assess when (roughly) the income was achieved for tax purposes.
2016-03-01 15:35:04 +01:00
* Note that the Exchange will only check that the timestamp is not "too
* far" into the future (i.e. several days). The fact that the
* timestamp falls within the validity period of the coin's
* denomination key is irrelevant for the validity of the deposit
* request, as obviously the customer and merchant could conspire to
2016-03-01 15:35:04 +01:00
* set any timestamp. Also, the Exchange must accept very old deposit
* requests, as the merchant might have been unable to transmit the
* deposit request in a timely fashion (so back-dating is not
* prevented).
*/
struct GNUNET_TIME_AbsoluteNBO timestamp;
/**
* How much time does the merchant have to issue a refund request?
* Zero if refunds are not allowed. After this time, the coin
* cannot be refunded.
*/
struct GNUNET_TIME_AbsoluteNBO refund_deadline;
/**
* Amount to be deposited, including deposit fee charged by the
2016-03-01 15:35:04 +01:00
* exchange. This is the total amount that the coin's value at the exchange
* will be reduced by.
*/
struct TALER_AmountNBO amount_with_fee;
/**
2016-03-01 15:35:04 +01:00
* Depositing fee charged by the exchange. This must match the Exchange's
* denomination key's depositing fee. If the client puts in an
* invalid deposit fee (too high or too low) that does not match the
2016-03-01 15:35:04 +01:00
* Exchange's denomination key, the deposit operation is invalid and
* will be rejected by the exchange. The @e amount_with_fee minus the
* @e deposit_fee is the amount that will be transferred to the
* account identified by @e h_wire.
*/
struct TALER_AmountNBO deposit_fee;
/**
* The Merchant's public key. Allows the merchant to later refund
2015-11-11 18:09:19 +01:00
* the transaction or to inquire about the wire transfer identifier.
*/
struct TALER_MerchantPublicKeyP merchant;
/**
* The coin's public key. This is the value that must have been
2016-03-01 15:35:04 +01:00
* signed (blindly) by the Exchange. The deposit request is to be
* signed by the corresponding private key (using EdDSA).
*/
struct TALER_CoinSpendPublicKeyP coin_pub;
};
/**
2015-03-28 15:53:53 +01:00
* @brief Format used to generate the signature on a confirmation
2016-03-01 15:35:04 +01:00
* from the exchange that a deposit request succeeded.
*/
struct TALER_DepositConfirmationPS
{
/**
2016-03-01 15:35:04 +01:00
* Purpose must be #TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT. Signed
* by a `struct TALER_ExchangePublicKeyP` using EdDSA.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hash over the contract for which this deposit is made.
*/
struct GNUNET_HashCode h_contract_terms GNUNET_PACKED;
/**
* Hash over the wiring information of the merchant.
*/
struct GNUNET_HashCode h_wire GNUNET_PACKED;
/**
* Time when this confirmation was generated.
*/
struct GNUNET_TIME_AbsoluteNBO timestamp;
/**
* How much time does the @e merchant have to issue a refund
* request? Zero if refunds are not allowed. After this time, the
* coin cannot be refunded. Note that the wire transfer will not be
2016-03-01 15:35:04 +01:00
* performed by the exchange until the refund deadline. This value
* is taken from the original deposit request.
*/
struct GNUNET_TIME_AbsoluteNBO refund_deadline;
/**
* Amount to be deposited, excluding fee. Calculated from the
* amount with fee and the fee from the deposit request.
*/
struct TALER_AmountNBO amount_without_fee;
/**
* The coin's public key. This is the value that must have been
2016-03-01 15:35:04 +01:00
* signed (blindly) by the Exchange. The deposit request is to be
* signed by the corresponding private key (using EdDSA).
*/
struct TALER_CoinSpendPublicKeyP coin_pub;
/**
* The Merchant's public key. Allows the merchant to later refund
2015-11-11 18:09:19 +01:00
* the transaction or to inquire about the wire transfer identifier.
*/
struct TALER_MerchantPublicKeyP merchant;
};
/**
* @brief Format used to generate the signature on a request to refund
* a coin into the account of the customer.
*/
struct TALER_RefundRequestPS
{
/**
* Purpose must be #TALER_SIGNATURE_MERCHANT_REFUND.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
2017-02-06 15:41:39 +01:00
* Hash over the proposal data to identify the contract
* which is being refunded.
*/
struct GNUNET_HashCode h_contract_terms GNUNET_PACKED;
/**
* The coin's public key. This is the value that must have been
* signed (blindly) by the Exchange.
*/
struct TALER_CoinSpendPublicKeyP coin_pub;
/**
* The Merchant's public key. Allows the merchant to later refund
* the transaction or to inquire about the wire transfer identifier.
*/
struct TALER_MerchantPublicKeyP merchant;
/**
* Merchant-generated transaction ID for the refund.
*/
uint64_t rtransaction_id GNUNET_PACKED;
/**
* Amount to be refunded, including refund fee charged by the
* exchange to the customer.
*/
struct TALER_AmountNBO refund_amount;
2016-05-04 09:42:52 +02:00
/**
* Refund fee charged by the exchange. This must match the
* Exchange's denomination key's refund fee. If the client puts in
* an invalid refund fee (too high or too low) that does not match
* the Exchange's denomination key, the refund operation is invalid
* and will be rejected by the exchange. The @e amount_with_fee
* minus the @e refund_fee is the amount that will be credited to
* the original coin.
*/
struct TALER_AmountNBO refund_fee;
};
/**
* @brief Format used to generate the signature on a request to refund
* a coin into the account of the customer.
*/
struct TALER_RefundConfirmationPS
{
/**
* Purpose must be #TALER_SIGNATURE_EXCHANGE_CONFIRM_REFUND.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
2017-02-06 15:41:39 +01:00
* Hash over the proposal data to identify the contract
* which is being refunded.
2016-05-04 09:42:52 +02:00
*/
struct GNUNET_HashCode h_contract_terms GNUNET_PACKED;
2016-05-04 09:42:52 +02:00
/**
* The coin's public key. This is the value that must have been
* signed (blindly) by the Exchange.
*/
struct TALER_CoinSpendPublicKeyP coin_pub;
/**
* The Merchant's public key. Allows the merchant to later refund
* the transaction or to inquire about the wire transfer identifier.
*/
struct TALER_MerchantPublicKeyP merchant;
/**
* Merchant-generated transaction ID for the refund.
*/
uint64_t rtransaction_id GNUNET_PACKED;
/**
* Amount to be refunded, including refund fee charged by the
* exchange to the customer.
*/
struct TALER_AmountNBO refund_amount;
/**
* Refund fee charged by the exchange. This must match the
* Exchange's denomination key's refund fee. If the client puts in
* an invalid refund fee (too high or too low) that does not match
* the Exchange's denomination key, the refund operation is invalid
* and will be rejected by the exchange. The @e amount_with_fee
* minus the @e refund_fee is the amount that will be credited to
* the original coin.
*/
struct TALER_AmountNBO refund_fee;
};
/**
2015-03-28 15:53:53 +01:00
* @brief Message signed by a coin to indicate that the coin should be
* melted.
*/
struct TALER_RefreshMeltCoinAffirmationPS
{
/**
* Purpose is #TALER_SIGNATURE_WALLET_COIN_MELT.
* Used for an EdDSA signature with the `struct TALER_CoinSpendPublicKeyP`.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
2015-03-10 16:15:14 +01:00
/**
2017-11-27 23:42:17 +01:00
* Which melt commitment is made by the wallet.
2015-03-10 16:15:14 +01:00
*/
2017-11-27 23:42:17 +01:00
struct TALER_RefreshCommitmentP rc GNUNET_PACKED;
2015-03-10 16:15:14 +01:00
/**
* How much of the value of the coin should be melted? This amount
* includes the fees, so the final amount contributed to the melt is
* this value minus the fee for melting the coin. We include the
* fee in what is being signed so that we can verify a reserve's
* remaining total balance without needing to access the respective
* denomination key information each time.
*/
struct TALER_AmountNBO amount_with_fee;
/**
2016-03-01 15:35:04 +01:00
* Melting fee charged by the exchange. This must match the Exchange's
* denomination key's melting fee. If the client puts in an invalid
2016-03-01 15:35:04 +01:00
* melting fee (too high or too low) that does not match the Exchange's
* denomination key, the melting operation is invalid and will be
2016-03-01 15:35:04 +01:00
* rejected by the exchange. The @e amount_with_fee minus the @e
* melt_fee is the amount that will be credited to the melting
* session.
*/
struct TALER_AmountNBO melt_fee;
/**
* The coin's public key. This is the value that must have been
2016-03-01 15:35:04 +01:00
* signed (blindly) by the Exchange. The deposit request is to be
* signed by the corresponding private key (using EdDSA).
*/
struct TALER_CoinSpendPublicKeyP coin_pub;
};
/**
2016-03-01 15:35:04 +01:00
* @brief Format of the block signed by the Exchange in response to a successful
* "/refresh/melt" request. Hereby the exchange affirms that all of the
* coins were successfully melted. This also commits the exchange to a
2015-03-10 16:15:14 +01:00
* particular index to not be revealed during the refresh.
*/
struct TALER_RefreshMeltConfirmationPS
{
/**
2016-03-01 15:35:04 +01:00
* Purpose is #TALER_SIGNATURE_EXCHANGE_CONFIRM_MELT. Signed
* by a `struct TALER_ExchangePublicKeyP` using EdDSA.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
2017-11-27 23:42:17 +01:00
* Commitment made in the /refresh/melt.
*/
2017-11-27 23:42:17 +01:00
struct TALER_RefreshCommitmentP rc GNUNET_PACKED;
/**
* Index that the client will not have to reveal, in NBO.
* Must be smaller than #TALER_CNC_KAPPA.
*/
2017-11-27 23:42:17 +01:00
uint32_t noreveal_index GNUNET_PACKED;
2015-08-14 15:01:11 +02:00
};
/**
2016-03-01 15:35:04 +01:00
* @brief Information about a signing key of the exchange. Signing keys are used
* to sign exchange messages other than coins, i.e. to confirm that a
2015-03-15 18:18:14 +01:00
* deposit was successful or that a refresh was accepted.
*/
2016-03-01 15:35:04 +01:00
struct TALER_ExchangeSigningKeyValidityPS
{
2015-03-15 18:18:14 +01:00
/**
* Purpose is #TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY.
2015-03-15 18:18:14 +01:00
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
2015-03-15 18:18:14 +01:00
/**
2016-03-01 15:35:04 +01:00
* Master public key of the exchange corresponding to @e signature.
* This is the long-term offline master key of the exchange.
2015-03-15 18:18:14 +01:00
*/
struct TALER_MasterPublicKeyP master_public_key;
2015-03-15 18:18:14 +01:00
/**
* When does this signing key begin to be valid?
*/
struct GNUNET_TIME_AbsoluteNBO start;
2015-03-15 18:18:14 +01:00
/**
* When does this signing key expire? Note: This is currently when
2016-03-01 15:35:04 +01:00
* the Exchange will definitively stop using it. Signatures made with
* the key remain valid until @e end. When checking validity periods,
* clients should allow for some overlap between keys and tolerate
* the use of either key during the overlap time (due to the
* possibility of clock skew).
2015-03-15 18:18:14 +01:00
*/
struct GNUNET_TIME_AbsoluteNBO expire;
2015-03-15 18:18:14 +01:00
/**
* When do signatures with this signing key become invalid? After
* this point, these signatures cannot be used in (legal) disputes
2016-03-01 15:35:04 +01:00
* anymore, as the Exchange is then allowed to destroy its side of the
* evidence. @e end is expected to be significantly larger than @e
* expire (by a year or more).
*/
struct GNUNET_TIME_AbsoluteNBO end;
2015-03-15 18:18:14 +01:00
/**
2016-03-01 15:35:04 +01:00
* The public online signing key that the exchange will use
2015-03-15 18:18:14 +01:00
* between @e start and @e expire.
*/
2016-03-01 15:35:04 +01:00
struct TALER_ExchangePublicKeyP signkey_pub;
};
/**
2016-03-01 15:35:04 +01:00
* @brief Signature made by the exchange over the full set of keys, used
* to detect cheating exchanges that give out different sets to
* different users.
*/
2016-03-01 15:35:04 +01:00
struct TALER_ExchangeKeySetPS
{
/**
2016-03-01 15:35:04 +01:00
* Purpose is #TALER_SIGNATURE_EXCHANGE_KEY_SET. Signed
* by a `struct TALER_ExchangePublicKeyP` using EdDSA.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Time of the key set issue.
*/
struct GNUNET_TIME_AbsoluteNBO list_issue_date;
2015-08-11 16:11:22 +02:00
/**
2015-04-19 15:10:48 +02:00
* Hash over the various denomination signing keys returned.
*/
2015-08-14 15:01:11 +02:00
struct GNUNET_HashCode hc GNUNET_PACKED;
};
/**
2015-03-28 15:53:53 +01:00
* @brief Information about a denomination key. Denomination keys
2015-03-15 18:18:14 +01:00
* are used to sign coins of a certain value into existence.
*/
struct TALER_DenominationKeyValidityPS
{
2015-03-15 18:18:14 +01:00
/**
* Purpose is #TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY.
2015-03-15 18:18:14 +01:00
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
2015-03-15 18:18:14 +01:00
/**
2016-03-01 15:35:04 +01:00
* The long-term offline master key of the exchange that was
2015-03-15 18:18:14 +01:00
* used to create @e signature.
*/
struct TALER_MasterPublicKeyP master;
2015-03-15 18:18:14 +01:00
/**
* Start time of the validity period for this key.
*/
struct GNUNET_TIME_AbsoluteNBO start;
2015-03-15 18:18:14 +01:00
/**
2016-03-01 15:35:04 +01:00
* The exchange will sign fresh coins between @e start and this time.
* @e expire_withdraw will be somewhat larger than @e start to
* ensure a sufficiently large anonymity set, while also allowing
2016-03-01 15:35:04 +01:00
* the Exchange to limit the financial damage in case of a key being
* compromised. Thus, exchanges with low volume are expected to have a
* longer withdraw period (@e expire_withdraw - @e start) than exchanges
* with high transaction volume. The period may also differ between
2016-03-01 15:35:04 +01:00
* types of coins. A exchange may also have a few denomination keys
* with the same value with overlapping validity periods, to address
* issues such as clock skew.
2015-03-15 18:18:14 +01:00
*/
struct GNUNET_TIME_AbsoluteNBO expire_withdraw;
2015-03-15 18:18:14 +01:00
/**
* Coins signed with the denomination key must be spent or refreshed
* between @e start and this expiration time. After this time, the
2016-03-01 15:35:04 +01:00
* exchange will refuse transactions involving this key as it will
2015-03-15 18:18:14 +01:00
* "drop" the table with double-spending information (shortly after)
* this time. Note that wallets should refresh coins significantly
2016-05-02 05:10:40 +02:00
* before this time to be on the safe side. @e expire_deposit must be
* significantly larger than @e expire_withdraw (by months or even
* years).
2015-03-15 18:18:14 +01:00
*/
2016-05-02 05:10:40 +02:00
struct GNUNET_TIME_AbsoluteNBO expire_deposit;
2015-03-15 18:18:14 +01:00
/**
* When do signatures with this denomination key become invalid?
* After this point, these signatures cannot be used in (legal)
2016-03-01 15:35:04 +01:00
* disputes anymore, as the Exchange is then allowed to destroy its side
* of the evidence. @e expire_legal is expected to be significantly
2016-05-02 05:10:40 +02:00
* larger than @e expire_deposit (by a year or more).
*/
struct GNUNET_TIME_AbsoluteNBO expire_legal;
2015-03-15 18:18:14 +01:00
/**
* The value of the coins signed with this denomination key.
*/
struct TALER_AmountNBO value;
2015-03-15 18:18:14 +01:00
/**
2016-03-01 15:35:04 +01:00
* The fee the exchange charges when a coin of this type is withdrawn.
2015-03-15 18:18:14 +01:00
* (can be zero).
*/
struct TALER_AmountNBO fee_withdraw;
2015-03-15 18:18:14 +01:00
/**
2016-03-01 15:35:04 +01:00
* The fee the exchange charges when a coin of this type is deposited.
2015-03-15 18:18:14 +01:00
* (can be zero).
*/
struct TALER_AmountNBO fee_deposit;
2015-03-15 18:18:14 +01:00
/**
2016-03-01 15:35:04 +01:00
* The fee the exchange charges when a coin of this type is refreshed.
2015-03-15 18:18:14 +01:00
* (can be zero).
*/
struct TALER_AmountNBO fee_refresh;
2015-03-15 18:18:14 +01:00
2016-04-20 01:50:26 +02:00
/**
* The fee the exchange charges when a coin of this type is refunded.
* (can be zero). Note that refund fees are charged to the customer;
* if a refund is given, the deposit fee is also refunded.
*/
struct TALER_AmountNBO fee_refund;
/**
* Hash code of the denomination public key. (Used to avoid having
* the variable-size RSA key in this struct.)
*/
2015-08-14 15:01:11 +02:00
struct GNUNET_HashCode denom_hash GNUNET_PACKED;
};
/**
2015-07-06 10:25:52 +02:00
* @brief Information signed by an auditor affirming
* the master public key and the denomination keys
2016-03-01 15:35:04 +01:00
* of a exchange.
*/
2016-03-01 15:35:04 +01:00
struct TALER_ExchangeKeyValidityPS
{
/**
2016-03-01 15:35:04 +01:00
* Purpose is #TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
2016-03-21 01:45:53 +01:00
/**
* Hash of the auditor's URL (including 0-terminator).
2016-03-21 01:45:53 +01:00
*/
struct GNUNET_HashCode auditor_url_hash;
/**
2016-03-01 15:35:04 +01:00
* The long-term offline master key of the exchange, affirmed by the
2016-03-21 01:45:53 +01:00
* auditor. Hashed string, including 0-terminator.
*/
struct TALER_MasterPublicKeyP master;
/**
* Start time of the validity period for this key.
*/
struct GNUNET_TIME_AbsoluteNBO start;
/**
2016-03-01 15:35:04 +01:00
* The exchange will sign fresh coins between @e start and this time.
* @e expire_withdraw will be somewhat larger than @e start to
* ensure a sufficiently large anonymity set, while also allowing
2016-03-01 15:35:04 +01:00
* the Exchange to limit the financial damage in case of a key being
* compromised. Thus, exchanges with low volume are expected to have a
* longer withdraw period (@e expire_withdraw - @e start) than exchanges
* with high transaction volume. The period may also differ between
2016-03-01 15:35:04 +01:00
* types of coins. A exchange may also have a few denomination keys
* with the same value with overlapping validity periods, to address
* issues such as clock skew.
*/
struct GNUNET_TIME_AbsoluteNBO expire_withdraw;
/**
* Coins signed with the denomination key must be spent or refreshed
* between @e start and this expiration time. After this time, the
2016-03-01 15:35:04 +01:00
* exchange will refuse transactions involving this key as it will
* "drop" the table with double-spending information (shortly after)
* this time. Note that wallets should refresh coins significantly
2016-05-02 05:10:40 +02:00
* before this time to be on the safe side. @e expire_deposit must be
* significantly larger than @e expire_withdraw (by months or even
* years).
*/
2016-05-02 05:10:40 +02:00
struct GNUNET_TIME_AbsoluteNBO expire_deposit;
/**
* When do signatures with this denomination key become invalid?
* After this point, these signatures cannot be used in (legal)
2016-03-01 15:35:04 +01:00
* disputes anymore, as the Exchange is then allowed to destroy its side
* of the evidence. @e expire_legal is expected to be significantly
2016-05-02 05:10:40 +02:00
* larger than @e expire_deposit (by a year or more).
*/
struct GNUNET_TIME_AbsoluteNBO expire_legal;
/**
* The value of the coins signed with this denomination key.
*/
struct TALER_AmountNBO value;
/**
2016-03-01 15:35:04 +01:00
* The fee the exchange charges when a coin of this type is withdrawn.
* (can be zero).
*/
struct TALER_AmountNBO fee_withdraw;
/**
2016-03-01 15:35:04 +01:00
* The fee the exchange charges when a coin of this type is deposited.
* (can be zero).
*/
struct TALER_AmountNBO fee_deposit;
/**
2016-03-01 15:35:04 +01:00
* The fee the exchange charges when a coin of this type is refreshed.
* (can be zero).
*/
struct TALER_AmountNBO fee_refresh;
2016-04-20 01:50:26 +02:00
/**
* The fee the exchange charges when a coin of this type is refreshed.
* (can be zero).
*/
struct TALER_AmountNBO fee_refund;
/**
* Hash code of the denomination public key. (Used to avoid having
* the variable-size RSA key in this struct.)
*/
struct GNUNET_HashCode denom_hash GNUNET_PACKED;
};
2015-08-11 14:40:09 +02:00
/**
2016-03-01 15:35:04 +01:00
* @brief Information signed by the exchange's master
* key affirming the IBAN details for the exchange.
2015-08-11 14:40:09 +02:00
*/
struct TALER_MasterWireDetailsPS
2015-08-11 14:40:09 +02:00
{
/**
* Purpose is #TALER_SIGNATURE_MASTER_WIRE_DETAILS.
2015-08-11 14:40:09 +02:00
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hash over the account holder's payto:// URL and
* the salt, as done by #TALER_wire_signature_hash().
2015-08-11 14:40:09 +02:00
*/
struct GNUNET_HashCode h_wire_details GNUNET_PACKED;
2015-08-11 14:40:09 +02:00
};
/**
* @brief Information signed by the exchange's master
* key stating the wire fee to be paid per wire transfer.
*/
struct TALER_MasterWireFeePS
{
/**
* Purpose is #TALER_SIGNATURE_MASTER_WIRE_FEES.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hash over the wire method (yes, H("x-taler-bank") or H("iban")), in lower
2017-03-04 18:09:39 +01:00
* case, including 0-terminator. Used to uniquely identify which
* wire method these fees apply to.
*/
struct GNUNET_HashCode h_wire_method;
/**
* Start date when the fee goes into effect.
*/
struct GNUNET_TIME_AbsoluteNBO start_date;
/**
* End date when the fee stops being in effect (exclusive)
*/
struct GNUNET_TIME_AbsoluteNBO end_date;
/**
* Fee charged to the merchant per wire transfer.
*/
struct TALER_AmountNBO wire_fee;
2017-04-17 14:01:55 +02:00
/**
* Closing fee charged when we wire back funds of a reserve.
*/
struct TALER_AmountNBO closing_fee;
};
/**
* @brief Message confirming that a denomination key was revoked.
*/
2019-02-23 14:47:44 +01:00
struct TALER_MasterDenominationKeyRevocationPS
{
/**
* Purpose is #TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hash of the denomination key.
*/
struct GNUNET_HashCode h_denom_pub;
};
2015-11-11 18:09:19 +01:00
/**
* @brief Format used to generate the signature on a request to obtain
* the wire transfer identifier associated with a deposit.
*/
struct TALER_DepositTrackPS
{
/**
* Purpose must be #TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION.
2015-11-11 18:09:19 +01:00
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
2017-02-06 15:41:39 +01:00
* Hash over the proposal data of the contract for which this deposit is made.
2015-11-11 18:09:19 +01:00
*/
struct GNUNET_HashCode h_contract_terms GNUNET_PACKED;
2015-11-11 18:09:19 +01:00
/**
* Hash over the wiring information of the merchant.
*/
struct GNUNET_HashCode h_wire GNUNET_PACKED;
/**
* The Merchant's public key. The deposit inquiry request is to be
* signed by the corresponding private key (using EdDSA).
*/
struct TALER_MerchantPublicKeyP merchant;
/**
* The coin's public key. This is the value that must have been
2016-03-01 15:35:04 +01:00
* signed (blindly) by the Exchange.
2015-11-11 18:09:19 +01:00
*/
struct TALER_CoinSpendPublicKeyP coin_pub;
};
/**
* @brief Format internally used for packing the detailed information
* to generate the signature for /track/transfer signatures.
*/
struct TALER_WireDepositDetailP
{
/**
* Hash of the contract
*/
struct GNUNET_HashCode h_contract_terms;
/**
* Time when the wire transfer was performed by the exchange.
*/
struct GNUNET_TIME_AbsoluteNBO execution_time;
/**
* Coin's public key.
*/
struct TALER_CoinSpendPublicKeyP coin_pub;
/**
* Total value of the coin.
*/
struct TALER_AmountNBO deposit_value;
/**
* Fees charged by the exchange for the deposit.
*/
struct TALER_AmountNBO deposit_fee;
};
/**
* @brief Format used to generate the signature for /wire/deposit
* replies.
*/
struct TALER_WireDepositDataPS
{
/**
* Purpose header for the signature over the contract with
* purpose #TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE_DEPOSIT.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Total amount that was transferred.
*/
struct TALER_AmountNBO total;
2017-03-04 16:49:33 +01:00
/**
* Wire fee that was charged.
*/
struct TALER_AmountNBO wire_fee;
/**
* Public key of the merchant (for all aggregated transactions).
*/
struct TALER_MerchantPublicKeyP merchant_pub;
/**
* Hash of wire details of the merchant.
*/
struct GNUNET_HashCode h_wire;
/**
* Hash of the individual deposits that were aggregated,
* each in the format of a `struct TALER_WireDepositDetailP`.
*/
struct GNUNET_HashCode h_details;
};
2015-11-25 13:37:38 +01:00
/**
* The contract sent by the merchant to the wallet.
*/
2017-02-03 18:32:03 +01:00
struct TALER_ProposalDataPS
2015-11-25 13:37:38 +01:00
{
/**
2017-02-03 18:26:47 +01:00
* Purpose header for the signature over the proposal data
* with purpose #TALER_SIGNATURE_MERCHANT_CONTRACT.
2015-11-25 13:37:38 +01:00
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hash of the JSON contract in UTF-8 including 0-termination,
* using JSON_COMPACT | JSON_SORT_KEYS
*/
2017-02-06 13:54:17 +01:00
struct GNUNET_HashCode hash;
2015-11-25 13:37:38 +01:00
};
/**
* Used by merchants to return signed responses to /pay requests.
* Currently only used to return 200 OK signed responses.
*/
struct PaymentResponsePS
{
2016-10-07 18:21:12 +02:00
/**
* Set to TALER_SIGNATURE_MERCHANT_PAYMENT_OK so far. Note that
* unsuccessful payments are usually proven by some exchange's signature,
* thus it is unlikely that a merchant needs to set a purpose other than
* the above mentioned
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
2016-10-07 18:21:12 +02:00
/**
2017-02-04 11:07:15 +01:00
* Hash of the proposal data associated with this confirmation
2016-10-07 18:21:12 +02:00
*/
struct GNUNET_HashCode h_contract_terms;
};
2015-11-11 18:09:19 +01:00
2016-01-17 18:19:09 +01:00
/**
2016-03-01 15:35:04 +01:00
* Details affirmed by the exchange about a wire transfer the exchange
2016-01-17 18:19:09 +01:00
* claims to have done with respect to a deposit operation.
*/
struct TALER_ConfirmWirePS
{
/**
* Purpose header for the signature over the contract with
2016-03-01 15:35:04 +01:00
* purpose #TALER_SIGNATURE_EXCHANGE_CONFIRM_WIRE.
2016-01-17 18:19:09 +01:00
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hash over the wiring information of the merchant.
*/
struct GNUNET_HashCode h_wire GNUNET_PACKED;
/**
* Hash over the contract for which this deposit is made.
*/
struct GNUNET_HashCode h_contract_terms GNUNET_PACKED;
/**
* Raw value (binary encoding) of the wire transfer subject.
*/
2016-01-20 18:50:19 +01:00
struct TALER_WireTransferIdentifierRawP wtid;
/**
* The coin's public key. This is the value that must have been
2016-03-01 15:35:04 +01:00
* signed (blindly) by the Exchange.
*/
struct TALER_CoinSpendPublicKeyP coin_pub;
/**
2016-03-01 15:35:04 +01:00
* When did the exchange execute this transfer? Note that the
* timestamp may not be exactly the same on the wire, i.e.
* because the wire has a different timezone or resolution.
*/
struct GNUNET_TIME_AbsoluteNBO execution_time;
/**
* The contribution of @e coin_pub to the total transfer volume.
* This is the value of the deposit minus the fee.
*/
struct TALER_AmountNBO coin_contribution;
2016-01-17 18:19:09 +01:00
};
2015-11-11 18:09:19 +01:00
/**
* Signed data to request that a coin should be refunded as part of
* the "emergency" /payback protocol. The refund will go back to the bank
* account that created the reserve.
*/
struct TALER_PaybackRequestPS
{
/**
* Purpose is #TALER_SIGNATURE_WALLET_COIN_PAYBACK
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Public key of the coin to be refunded.
*/
struct TALER_CoinSpendPublicKeyP coin_pub;
/**
* Hash of the denomination public key of the coin.
*/
struct GNUNET_HashCode h_denom_pub;
/**
* Blinding factor that was used to withdraw the coin.
*/
struct TALER_DenominationBlindingKeyP coin_blind;
};
/**
* Response by which the exchange affirms that it will
* refund a coin as part of the emergency /payback
* protocol. The payback will go back to the bank
* account that created the reserve.
*/
struct TALER_PaybackConfirmationPS
{
/**
* Purpose is #TALER_SIGNATURE_EXCHANGE_CONFIRM_PAYBACK
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* When did the exchange receive the payback request?
* Indirectly determines when the wire transfer is (likely)
* to happen.
*/
struct GNUNET_TIME_AbsoluteNBO timestamp;
/**
* How much of the coin's value will the exchange transfer?
* (Needed in case the coin was partially spent.)
*/
struct TALER_AmountNBO payback_amount;
/**
* Public key of the coin.
*/
struct TALER_CoinSpendPublicKeyP coin_pub;
/**
* Public key of the reserve that will receive the payback.
*/
struct TALER_ReservePublicKeyP reserve_pub;
};
/**
* Response by which the exchange affirms that it will refund a refreshed coin
* as part of the emergency /payback protocol. The payback will go back to the
* old coin's balance.
*/
struct TALER_PaybackRefreshConfirmationPS
{
/**
* Purpose is #TALER_SIGNATURE_EXCHANGE_CONFIRM_PAYBACK_REFRESH
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* When did the exchange receive the payback request?
* Indirectly determines when the wire transfer is (likely)
* to happen.
*/
struct GNUNET_TIME_AbsoluteNBO timestamp;
/**
* How much of the coin's value will the exchange transfer?
* (Needed in case the coin was partially spent.)
*/
struct TALER_AmountNBO payback_amount;
/**
* Public key of the refreshed coin.
*/
struct TALER_CoinSpendPublicKeyP coin_pub;
/**
* Public key of the old coin that will receive the payback.
*/
struct TALER_CoinSpendPublicKeyP old_coin_pub;
};
/**
* Response by which the exchange affirms that it has
* closed a reserve and send back the funds.
*/
struct TALER_ReserveCloseConfirmationPS
{
/**
* Purpose is #TALER_SIGNATURE_EXCHANGE_RESERVE_CLOSED
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* When did the exchange initiate the wire transfer.
*/
struct GNUNET_TIME_AbsoluteNBO timestamp;
/**
* How much did the exchange send?
*/
struct TALER_AmountNBO closing_amount;
2017-04-18 21:05:27 +02:00
/**
* How much did the exchange charge for closing the reserve?
*/
struct TALER_AmountNBO closing_fee;
/**
* Public key of the reserve that received the payback.
*/
struct TALER_ReservePublicKeyP reserve_pub;
/**
* Hash of the receiver's bank account.
*/
struct GNUNET_HashCode h_wire;
/**
* Wire transfer subject.
*/
struct TALER_WireTransferIdentifierRawP wtid;
};
2017-07-05 14:11:42 +02:00
/**
* Used by the merchant to confirm with a signature that the refund has
* been successfully done. Even though the frontend doesn't usually do crypto,
* this signature may turn useful in court.
*/
struct TALER_MerchantRefundConfirmationPS
{
/**
* Set to #TALER_SIGNATURE_MERCHANT_REFUND_OK.
2017-07-05 14:11:42 +02:00
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hashed order id; in case frontend wants to check it.
* Hashed without the 0-termination.
2017-07-05 14:11:42 +02:00
*/
struct GNUNET_HashCode h_order_id GNUNET_PACKED;
};
2018-01-04 13:47:03 +01:00
/**
* Used by the merchant to confirm to the frontend that
* the user did a payment replay with the current browser session.
*/
struct TALER_MerchantPaySessionSigPS
{
/**
* Set to #TALER_SIGNATURE_MERCHANT_PAY_SESSION.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hashed order id.
* Hashed without the 0-termination.
*/
struct GNUNET_HashCode h_order_id GNUNET_PACKED;
/**
* Hashed session id.
* Hashed without the 0-termination.
*/
struct GNUNET_HashCode h_session_id GNUNET_PACKED;
};
GNUNET_NETWORK_STRUCT_END
2015-01-08 18:37:20 +01:00
#endif