WIP: first steps towards age-withdraw, DOESN'T COMPILE YET

src/exchange/Makefile.am

@@ -122,6 +122,8 @@ taler_exchange_wirewatch_LDADD = \
 
 taler_exchange_httpd_SOURCES = \
   taler-exchange-httpd.c taler-exchange-httpd.h \
+  taler-exchange-httpd_age-withdraw.c taler-exchange-httpd_age-withdraw.h \
+  taler-exchange-httpd_age-withdraw_reveal.c taler-exchange-httpd_age-withdraw_reveal.h \
   taler-exchange-httpd_auditors.c taler-exchange-httpd_auditors.h \
   taler-exchange-httpd_batch-deposit.c taler-exchange-httpd_batch-deposit.h \
   taler-exchange-httpd_batch-withdraw.c taler-exchange-httpd_batch-withdraw.h \

src/exchange/taler-exchange-httpd_age-withdraw.c

@@ -0,0 +1,385 @@
+/*
+  This file is part of TALER
+  Copyright (C) 2023 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify
+  it under the terms of the GNU Affero General Public License as
+  published by the Free Software Foundation; either version 3,
+  or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty
+  of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+  See the GNU Affero General Public License for more details.
+
+  You should have received a copy of the GNU Affero General
+  Public License along with TALER; see the file COPYING.  If not,
+  see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file taler-exchange-httpd_age-withdraw.c
+ * @brief Handle /reserves/$RESERVE_PUB/age-withdraw requests
+ * @author Özgür Kesim
+ */
+#include "platform.h"
+#include <gnunet/gnunet_util_lib.h>
+#include <jansson.h>
+#include "taler_json_lib.h"
+#include "taler_kyclogic_lib.h"
+#include "taler_mhd_lib.h"
+#include "taler-exchange-httpd_withdraw.h"
+#include "taler-exchange-httpd_responses.h"
+#include "taler-exchange-httpd_keys.h"
+
+
+/**
+ * Context for #age_withdraw_transaction.
+ */
+struct AgeWithdrawContext
+{
+  /**
+   * KYC status for the operation.
+   */
+  struct TALER_EXCHANGEDB_KycStatus kyc;
+
+  /**
+   * The commitment request, for n*kappa coins.
+   */
+  struct TALER_EXCHANGEDB_AgeWithdrawCommitment commitment;
+
+  /**
+   * Current time for the DB transaction.
+   */
+  struct GNUNET_TIME_Timestamp now;
+};
+
+
+#if 0
+/**
+ * Function called to iterate over KYC-relevant
+ * transaction amounts for a particular time range.
+ * Called within a database transaction, so must
+ * not start a new one.
+ *
+ * @param cls closure, identifies the event type and
+ *        account to iterate over events for
+ * @param limit maximum time-range for which events
+ *        should be fetched (timestamp in the past)
+ * @param cb function to call on each event found,
+ *        events must be returned in reverse chronological
+ *        order
+ * @param cb_cls closure for @a cb
+ */
+static void
+withdraw_amount_cb (void *cls,
+                    struct GNUNET_TIME_Absolute limit,
+                    TALER_EXCHANGEDB_KycAmountCallback cb,
+                    void *cb_cls)
+{
+  struct AgeWithdrawContext *awc = cls;
+  enum GNUNET_DB_QueryStatus qs;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "Signaling amount %s for KYC check during age-withdrawal\n",
+              TALER_amount2s (&awc->amount_with_fee));
+  if (GNUNET_OK !=
+      cb (cb_cls,
+          &awc->amount_with_fee,
+          awc->now.abs_time))
+    return;
+  qs = TEH_plugin->select_withdraw_amounts_for_kyc_check (
+    TEH_plugin->cls,
+    &wc->h_payto,
+    limit,
+    cb,
+    cb_cls);
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "Got %d additional transactions for this age-withdrawal and limit %llu\n",
+              qs,
+              (unsigned long long) limit.abs_value_us);
+  GNUNET_break (qs >= 0);
+}
+
+
+#endif
+
+
+#if 0
+/**
+ * TODO: REWRITE
+ * Function implementing age withdraw transaction.  Runs the
+ * transaction logic; IF it returns a non-error code, the transaction
+ * logic MUST NOT queue a MHD response.  IF it returns an hard error,
+ * the transaction logic MUST queue a MHD response and set @a mhd_ret.
+ * IF it returns the soft error code, the function MAY be called again
+ * to retry and MUST not queue a MHD response.
+ *
+ * Note that "wc->collectable.sig" is set before entering this function as we
+ * signed before entering the transaction.
+ *
+ * @param cls a `struct WithdrawContext *`
+ * @param connection MHD request which triggered the transaction
+ * @param[out] mhd_ret set to MHD response status for @a connection,
+ *             if transaction failed (!)
+ * @return transaction status
+ */
+static enum GNUNET_DB_QueryStatus
+age_withdraw_transaction (void *cls,
+                          struct MHD_Connection *connection,
+                          MHD_RESULT *mhd_ret)
+{
+  struct AgeWithdrawContext *wc = cls;
+  enum GNUNET_DB_QueryStatus qs;
+  bool found = false;
+  bool balance_ok = false;
+  bool nonce_ok = false;
+  uint64_t ruuid;
+  const struct TALER_CsNonce *nonce;
+  const struct TALER_BlindedPlanchet *bp;
+
+  wc->now = GNUNET_TIME_timestamp_get ();
+  qs = TEH_plugin->reserves_get_origin (TEH_plugin->cls,
+                                        &wc->collectable.reserve_pub,
+                                        &wc->h_payto);
+  if (qs < 0)
+    return qs;
+  /* If no results, reserve was created by merge,
+     in which case no KYC check is required as the
+     merge already did that. */
+  if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs)
+  {
+    const char *kyc_required;
+
+    kyc_required = TALER_KYCLOGIC_kyc_test_required (
+      TALER_KYCLOGIC_KYC_TRIGGER_WITHDRAW,
+      &wc->h_payto,
+      TEH_plugin->select_satisfied_kyc_processes,
+      TEH_plugin->cls,
+      &withdraw_amount_cb,
+      wc);
+    if (NULL != kyc_required)
+    {
+      /* insert KYC requirement into DB! */
+      wc->kyc.ok = false;
+      return TEH_plugin->insert_kyc_requirement_for_account (
+        TEH_plugin->cls,
+        kyc_required,
+        &wc->h_payto,
+        &wc->kyc.requirement_row);
+    }
+  }
+  wc->kyc.ok = true;
+  bp = &wc->blinded_planchet;
+  nonce = (TALER_DENOMINATION_CS == bp->cipher)
+    ? &bp->details.cs_blinded_planchet.nonce
+    : NULL;
+  qs = TEH_plugin->do_withdraw (TEH_plugin->cls,
+                                nonce,
+                                &wc->collectable,
+                                wc->now,
+                                &found,
+                                &balance_ok,
+                                &nonce_ok,
+                                &ruuid);
+  if (0 > qs)
+  {
+    if (GNUNET_DB_STATUS_HARD_ERROR == qs)
+      *mhd_ret = TALER_MHD_reply_with_error (connection,
+                                             MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                             TALER_EC_GENERIC_DB_FETCH_FAILED,
+                                             "do_withdraw");
+    return qs;
+  }
+  if (! found)
+  {
+    *mhd_ret = TALER_MHD_reply_with_error (connection,
+                                           MHD_HTTP_NOT_FOUND,
+                                           TALER_EC_EXCHANGE_GENERIC_RESERVE_UNKNOWN,
+                                           NULL);
+    return GNUNET_DB_STATUS_HARD_ERROR;
+  }
+  if (! balance_ok)
+  {
+    TEH_plugin->rollback (TEH_plugin->cls);
+    *mhd_ret = TEH_RESPONSE_reply_reserve_insufficient_balance (
+      connection,
+      TALER_EC_EXCHANGE_WITHDRAW_INSUFFICIENT_FUNDS,
+      &wc->collectable.amount_with_fee,
+      &wc->collectable.reserve_pub);
+    return GNUNET_DB_STATUS_HARD_ERROR;
+  }
+  if (! nonce_ok)
+  {
+    TEH_plugin->rollback (TEH_plugin->cls);
+    *mhd_ret = TALER_MHD_reply_with_error (connection,
+                                           MHD_HTTP_CONFLICT,
+                                           TALER_EC_EXCHANGE_WITHDRAW_NONCE_REUSE,
+                                           NULL);
+    return GNUNET_DB_STATUS_HARD_ERROR;
+  }
+  if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs)
+    TEH_METRICS_num_success[TEH_MT_SUCCESS_WITHDRAW]++;
+  return qs;
+}
+
+
+#endif
+
+
+/**
+ * Check if the @a rc is replayed and we already have an
+ * answer. If so, replay the existing answer and return the
+ * HTTP response.
+ *
+ * @param rc request context
+ * @param[in,out] awc parsed request data
+ * @param[out] mret HTTP status, set if we return true
+ * @return true if the request is idempotent with an existing request
+ *    false if we did not find the request in the DB and did not set @a mret
+ */
+static bool
+request_is_idempotent (struct TEH_RequestContext *rc,
+                       struct AgeWithdrawContext *awc,
+                       MHD_RESULT *mret)
+{
+  enum GNUNET_DB_QueryStatus qs;
+
+  qs = TEH_plugin->get_age_withdraw_info (TEH_plugin->cls,
+                                          &awc->reserve_pub,
+                                          &awc->commitment);
+  if (0 > qs)
+  {
+    GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
+    if (GNUNET_DB_STATUS_HARD_ERROR == qs)
+      *mret = TALER_MHD_reply_with_error (rc->connection,
+                                          MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                          TALER_EC_GENERIC_DB_FETCH_FAILED,
+                                          "get_age_withdraw_info");
+    return true; /* well, kind-of */
+  }
+
+  if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
+    return false;
+
+  /* generate idempotent reply */
+  TEH_METRICS_num_requests[TEH_MT_REQUEST_IDEMPOTENT_AGE_WITHDRAW]++;
+  *mret = TALER_MHD_REPLY_JSON_PACK (
+    rc->connection,
+    MHD_HTTP_OK,
+    GNUNET_JSON_pack_uint64 ("noreveal_index",
+                             &awc->commitment.noreveal_index),
+    GNUNET_JSON_pack_data_auto ("exchange_sig",
+                                &awc->commitment.sig),
+    GNUNET_JSON_pack_data_auto ("exchange_pub",
+                                /* TODO:oec: where does the pub come from? */
+                                &pub));
+  return true;
+}
+
+
+MHD_RESULT
+TEH_handler_age_withdraw (struct TEH_RequestContext *rc,
+                          const struct TALER_ReservePublicKeyP *reserve_pub,
+                          const json_t *root)
+{
+  struct AgeWithdrawContext awc;
+  struct GNUNET_JSON_Specification spec[] = {
+    GNUNET_JSON_spec_fixed_auto ("reserve_sig",
+                                 &awc.commitment.reserve_sig),
+    GNUNET_JSON_spec_fixed_auto ("age_restricted_coins_commitment",
+                                 &awc.commitment.h_commitment),
+    TALER_JSON_spec_amount ("amount",
+                            &awc.commitment.amount_with_fee);
+    GNUNET_JSON_spec_uint8 ("max_age_group",
+                            &awc.commitment.max_age_group),
+    GNUNET_JSON_spec_end ()
+  };
+  enum TALER_ErrorCode ec;
+
+  memset (&awc, 0, sizeof (awc));
+  awc.commitment.reserve_pub = *reserve_pub;
+
+
+  {
+    enum GNUNET_GenericReturnValue res;
+
+    res = TALER_MHD_parse_json_data (rc->connection,
+                                     root,
+                                     spec);
+    if (GNUNET_OK != res)
+      return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
+  }
+
+  if (request_is_idempotent (rc,
+                             &awc,
+                             &mret))
+  {
+    GNUNET_JSON_parse_free (spec);
+    return mret;
+  }
+
+  TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++;
+  if (GNUNET_OK !=
+      TALER_wallet_age_withdraw_verify (&awc.commitment.h_commitment,
+                                        &awc.commitment.amount_with_fee,
+                                        &awc.commitment.max_age_group,
+                                        &awc.commitment.reserve_pub,
+                                        &awc.commitment.reserve_sig))
+  {
+    GNUNET_break_op (0);
+    GNUNET_JSON_parse_free (spec);
+    return TALER_MHD_reply_with_error (rc->connection,
+                                       MHD_HTTP_FORBIDDEN,
+                                       TALER_EC_EXCHANGE_WITHDRAW_RESERVE_SIGNATURE_INVALID,
+                                       NULL);
+  }
+
+  /* run transaction */
+  {
+    MHD_RESULT mhd_ret;
+
+    if (GNUNET_OK !=
+        TEH_DB_run_transaction (rc->connection,
+                                "run age withdraw",
+                                TEH_MT_REQUEST_AGE_WITHDRAW,
+                                &mhd_ret,
+                                &age_withdraw_transaction,
+                                &awc))
+    {
+      /* Even if #withdraw_transaction() failed, it may have created a signature
+         (or we might have done it optimistically above). */
+      /*TODO:oec:which function to call here!? */
+      TALER_blinded_denom_sig_free (&awc.commitment.sig);
+      GNUNET_JSON_parse_free (spec);
+      return mhd_ret;
+    }
+  }
+
+  /* Clean up and send back final response */
+  GNUNET_JSON_parse_free (spec);
+
+  if (! awc.kyc.ok)
+    return TEH_RESPONSE_reply_kyc_required (rc->connection,
+                                            &awc.h_payto,
+                                            &awc.kyc);
+  {
+    MHD_RESULT ret;
+
+    ret = TALER_MHD_REPLY_JSON_PACK (
+      rc->connection,
+      MHD_HTTP_OK,
+      /* TODO:oec: put in the right answer fields */
+      GNUNET_JSON_pack_uint64 ("noreveal_index",
+                               &awc->commitment.noreveal_index),
+      GNUNET_JSON_pack_data_auto ("exchange_sig",
+                                  &awc->commitment.sig),
+      GNUNET_JSON_pack_data_auto ("exchange_pub",
+                                  /* TODO:oec: where does the pub come from? */
+                                  &pub));
+    TALER_blinded_denom_sig_free (&awc.commitment.sig);
+    return ret;
+  }
+}
+
+
+/* end of taler-exchange-httpd_age-withdraw.c */

src/exchange/taler-exchange-httpd_age-withdraw.h

@@ -0,0 +1,47 @@
+/*
+  This file is part of TALER
+  Copyright (C) 2023 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU Affero General Public License as published by the Free Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
+
+  You should have received a copy of the GNU Affero General Public License along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file taler-exchange-httpd_age-withdraw.h
+ * @brief Handle /reserve/$RESERVE_PUB/age-withdraw requests
+ * @author Özgür Kesim
+ */
+#ifndef TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H
+#define TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H
+
+#include <microhttpd.h>
+#include "taler-exchange-httpd.h"
+
+
+/**
+ * Handle a "/reserves/$RESERVE_PUB/age-withdraw" request.
+ *
+ * Parses the batch of commitments to withdraw age restricted coins, and checks
+ * that the signature "reserve_sig" makes this a valid withdrawal request from
+ * the specified reserve.  If the request is valid, the response contains a
+ * noreveal_index which the client has to use for the subsequent call to
+ * /age-withdraw/$ACH/reveal.
+ *
+ * @param rc request context
+ * @param root uploaded JSON data
+ * @param reserve_pub public key of the reserve
+ * @return MHD result code
+  */
+MHD_RESULT
+TEH_handler_age_withdraw (struct TEH_RequestContext *rc,
+                          const struct TALER_ReservePublicKeyP *reserve_pub,
+                          const json_t *root);
+
+#endif

src/exchange/taler-exchange-httpd_age-withdraw_reveal.h

@@ -0,0 +1,56 @@
+/*
+  This file is part of TALER
+  Copyright (C) 2023 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU Affero General Public License as published by the Free Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
+
+  You should have received a copy of the GNU Affero General Public License along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file taler-exchange-httpd_age-withdraw_reveal.h
+ * @brief Handle /age-withdraw/$ACH/reveal requests
+ * @author Özgür Kesim
+ */
+#ifndef TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H
+#define TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H
+
+#include <microhttpd.h>
+#include "taler-exchange-httpd.h"
+
+
+/**
+ * Handle a "/age-withdraw/$ACH/reveal" request.
+ *
+ * The client got a noreveal_index in response to a previous request
+ * /reserve/$RESERVE_PUB/age-withdraw.  It now has to reveal all n*(kappa-1)
+ * coin's private keys (except for the noreveal_index), from which all other
+ * coin-relevant data (blinding, age restriction, nonce) is derived from.
+ *
+ * The exchange computes those values, ensures that the maximum age is
+ * correctly applied, calculates the hash of the blinded envelopes, and -
+ * together with the non-disclosed blinded envelopes - compares the hash of
+ * those against the original commitment $ACH.
+ *
+ * If all those checks and the used denominations turn out to be correct, the
+ * exchange signs all blinded envelopes with their appropriate denomination
+ * keys.
+ *
+ * @param rc request context
+ * @param root uploaded JSON data
+ * @param ach commitment to the age restricted coints from the age-withdraw request
+ * @return MHD result code
+ */
+MHD_RESULT
+TEH_handler_age_withdraw_reveal (
+  struct TEH_RequestContext *rc,
+  const struct TALER_AgeRestrictedCoinsCommitmentP *ach,
+  const json_t *root);
+
+#endif

src/include/taler_exchangedb_plugin.h

@@ -1050,6 +1050,52 @@ struct TALER_EXCHANGEDB_CollectableBlindcoin
   struct TALER_ReserveSignatureP reserve_sig;
 };
 
+/**
+ * @brief Information we keep for an age-withdraw commitment
+ * to reproduce the /age-withdraw operation if neede, and to have proof
+ * that a reserve was drained by this amount.
+ */
+struct TALER_EXCHANGEDB_AgeWithdrawCommitment
+{
+  /**
+   * Total amount (with fee) committed to withdraw
+   */
+  struct TALER_Amount amount_with_fee;
+
+  /**
+   * Public key of the reserve that was drained.
+   */
+  struct TALER_ReservePublicKeyP reserve_pub;
+
+  /**
+   * Maximum age group that the coins are restricted to.
+   */
+  uint8_t max_age_group;
+
+  /**
+   * The hash of the commitment of all n*kappa coins
+   */
+  struct TALER_AgeWithdrawCommitmentHashP h_commitment;
+
+  /**
+   * Index (smaller #TALER_CNC_KAPPA) which the exchange has chosen to not have
+   * revealed during cut and choose.  This value applies to all n coins in the
+   * commitment.
+   */
+  uint32_t noreveal_index;
+
+  /**
+   * Signature confirming the age withdrawal, matching @e reserve_pub, @e
+   * maximum_age_group and @e h_commitment and @e total_amount_with_fee.
+   */
+  struct TALER_ReserveSignatureP reserve_sig;
+
+  /**
+   * The exchange's signature of the response.
+   */
+  struct TALER_ExchangeSignatureP sig;
+}
+
 
 /**
  * Information the exchange records about a recoup request

src/util/exchange_signatures.c

@@ -359,6 +359,8 @@ TALER_exchange_online_melt_confirmation_verify (
 }
 
 
+/* TODO:oec: add signature for age-withdraw and reveal */
+
 GNUNET_NETWORK_STRUCT_BEGIN
 
 /**