diff --git a/src/exchange/Makefile.am b/src/exchange/Makefile.am
index ffcfc5e99..9c9fa7421 100644
--- a/src/exchange/Makefile.am
+++ b/src/exchange/Makefile.am
@@ -122,6 +122,8 @@ taler_exchange_wirewatch_LDADD = \
taler_exchange_httpd_SOURCES = \
taler-exchange-httpd.c taler-exchange-httpd.h \
+ taler-exchange-httpd_age-withdraw.c taler-exchange-httpd_age-withdraw.h \
+ taler-exchange-httpd_age-withdraw_reveal.c taler-exchange-httpd_age-withdraw_reveal.h \
taler-exchange-httpd_auditors.c taler-exchange-httpd_auditors.h \
taler-exchange-httpd_aml-decision.c taler-exchange-httpd_aml-decision.h \
taler-exchange-httpd_batch-deposit.c taler-exchange-httpd_batch-deposit.h \
diff --git a/src/exchange/taler-exchange-httpd_age-withdraw.c b/src/exchange/taler-exchange-httpd_age-withdraw.c
new file mode 100644
index 000000000..7f406310b
--- /dev/null
+++ b/src/exchange/taler-exchange-httpd_age-withdraw.c
@@ -0,0 +1,385 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2023 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as
+ published by the Free Software Foundation; either version 3,
+ or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty
+ of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General
+ Public License along with TALER; see the file COPYING. If not,
+ see
+*/
+/**
+ * @file taler-exchange-httpd_age-withdraw.c
+ * @brief Handle /reserves/$RESERVE_PUB/age-withdraw requests
+ * @author Özgür Kesim
+ */
+#include "platform.h"
+#include
+#include
+#include "taler_json_lib.h"
+#include "taler_kyclogic_lib.h"
+#include "taler_mhd_lib.h"
+#include "taler-exchange-httpd_withdraw.h"
+#include "taler-exchange-httpd_responses.h"
+#include "taler-exchange-httpd_keys.h"
+
+
+/**
+ * Context for #age_withdraw_transaction.
+ */
+struct AgeWithdrawContext
+{
+ /**
+ * KYC status for the operation.
+ */
+ struct TALER_EXCHANGEDB_KycStatus kyc;
+
+ /**
+ * The commitment request, for n*kappa coins.
+ */
+ struct TALER_EXCHANGEDB_AgeWithdrawCommitment commitment;
+
+ /**
+ * Current time for the DB transaction.
+ */
+ struct GNUNET_TIME_Timestamp now;
+};
+
+
+#if 0
+/**
+ * Function called to iterate over KYC-relevant
+ * transaction amounts for a particular time range.
+ * Called within a database transaction, so must
+ * not start a new one.
+ *
+ * @param cls closure, identifies the event type and
+ * account to iterate over events for
+ * @param limit maximum time-range for which events
+ * should be fetched (timestamp in the past)
+ * @param cb function to call on each event found,
+ * events must be returned in reverse chronological
+ * order
+ * @param cb_cls closure for @a cb
+ */
+static void
+withdraw_amount_cb (void *cls,
+ struct GNUNET_TIME_Absolute limit,
+ TALER_EXCHANGEDB_KycAmountCallback cb,
+ void *cb_cls)
+{
+ struct AgeWithdrawContext *awc = cls;
+ enum GNUNET_DB_QueryStatus qs;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Signaling amount %s for KYC check during age-withdrawal\n",
+ TALER_amount2s (&awc->amount_with_fee));
+ if (GNUNET_OK !=
+ cb (cb_cls,
+ &awc->amount_with_fee,
+ awc->now.abs_time))
+ return;
+ qs = TEH_plugin->select_withdraw_amounts_for_kyc_check (
+ TEH_plugin->cls,
+ &wc->h_payto,
+ limit,
+ cb,
+ cb_cls);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Got %d additional transactions for this age-withdrawal and limit %llu\n",
+ qs,
+ (unsigned long long) limit.abs_value_us);
+ GNUNET_break (qs >= 0);
+}
+
+
+#endif
+
+
+#if 0
+/**
+ * TODO: REWRITE
+ * Function implementing age withdraw transaction. Runs the
+ * transaction logic; IF it returns a non-error code, the transaction
+ * logic MUST NOT queue a MHD response. IF it returns an hard error,
+ * the transaction logic MUST queue a MHD response and set @a mhd_ret.
+ * IF it returns the soft error code, the function MAY be called again
+ * to retry and MUST not queue a MHD response.
+ *
+ * Note that "wc->collectable.sig" is set before entering this function as we
+ * signed before entering the transaction.
+ *
+ * @param cls a `struct WithdrawContext *`
+ * @param connection MHD request which triggered the transaction
+ * @param[out] mhd_ret set to MHD response status for @a connection,
+ * if transaction failed (!)
+ * @return transaction status
+ */
+static enum GNUNET_DB_QueryStatus
+age_withdraw_transaction (void *cls,
+ struct MHD_Connection *connection,
+ MHD_RESULT *mhd_ret)
+{
+ struct AgeWithdrawContext *wc = cls;
+ enum GNUNET_DB_QueryStatus qs;
+ bool found = false;
+ bool balance_ok = false;
+ bool nonce_ok = false;
+ uint64_t ruuid;
+ const struct TALER_CsNonce *nonce;
+ const struct TALER_BlindedPlanchet *bp;
+
+ wc->now = GNUNET_TIME_timestamp_get ();
+ qs = TEH_plugin->reserves_get_origin (TEH_plugin->cls,
+ &wc->collectable.reserve_pub,
+ &wc->h_payto);
+ if (qs < 0)
+ return qs;
+ /* If no results, reserve was created by merge,
+ in which case no KYC check is required as the
+ merge already did that. */
+ if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs)
+ {
+ const char *kyc_required;
+
+ kyc_required = TALER_KYCLOGIC_kyc_test_required (
+ TALER_KYCLOGIC_KYC_TRIGGER_WITHDRAW,
+ &wc->h_payto,
+ TEH_plugin->select_satisfied_kyc_processes,
+ TEH_plugin->cls,
+ &withdraw_amount_cb,
+ wc);
+ if (NULL != kyc_required)
+ {
+ /* insert KYC requirement into DB! */
+ wc->kyc.ok = false;
+ return TEH_plugin->insert_kyc_requirement_for_account (
+ TEH_plugin->cls,
+ kyc_required,
+ &wc->h_payto,
+ &wc->kyc.requirement_row);
+ }
+ }
+ wc->kyc.ok = true;
+ bp = &wc->blinded_planchet;
+ nonce = (TALER_DENOMINATION_CS == bp->cipher)
+ ? &bp->details.cs_blinded_planchet.nonce
+ : NULL;
+ qs = TEH_plugin->do_withdraw (TEH_plugin->cls,
+ nonce,
+ &wc->collectable,
+ wc->now,
+ &found,
+ &balance_ok,
+ &nonce_ok,
+ &ruuid);
+ if (0 > qs)
+ {
+ if (GNUNET_DB_STATUS_HARD_ERROR == qs)
+ *mhd_ret = TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_GENERIC_DB_FETCH_FAILED,
+ "do_withdraw");
+ return qs;
+ }
+ if (! found)
+ {
+ *mhd_ret = TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_NOT_FOUND,
+ TALER_EC_EXCHANGE_GENERIC_RESERVE_UNKNOWN,
+ NULL);
+ return GNUNET_DB_STATUS_HARD_ERROR;
+ }
+ if (! balance_ok)
+ {
+ TEH_plugin->rollback (TEH_plugin->cls);
+ *mhd_ret = TEH_RESPONSE_reply_reserve_insufficient_balance (
+ connection,
+ TALER_EC_EXCHANGE_WITHDRAW_INSUFFICIENT_FUNDS,
+ &wc->collectable.amount_with_fee,
+ &wc->collectable.reserve_pub);
+ return GNUNET_DB_STATUS_HARD_ERROR;
+ }
+ if (! nonce_ok)
+ {
+ TEH_plugin->rollback (TEH_plugin->cls);
+ *mhd_ret = TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_CONFLICT,
+ TALER_EC_EXCHANGE_WITHDRAW_NONCE_REUSE,
+ NULL);
+ return GNUNET_DB_STATUS_HARD_ERROR;
+ }
+ if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs)
+ TEH_METRICS_num_success[TEH_MT_SUCCESS_WITHDRAW]++;
+ return qs;
+}
+
+
+#endif
+
+
+/**
+ * Check if the @a rc is replayed and we already have an
+ * answer. If so, replay the existing answer and return the
+ * HTTP response.
+ *
+ * @param rc request context
+ * @param[in,out] awc parsed request data
+ * @param[out] mret HTTP status, set if we return true
+ * @return true if the request is idempotent with an existing request
+ * false if we did not find the request in the DB and did not set @a mret
+ */
+static bool
+request_is_idempotent (struct TEH_RequestContext *rc,
+ struct AgeWithdrawContext *awc,
+ MHD_RESULT *mret)
+{
+ enum GNUNET_DB_QueryStatus qs;
+
+ qs = TEH_plugin->get_age_withdraw_info (TEH_plugin->cls,
+ &awc->reserve_pub,
+ &awc->commitment);
+ if (0 > qs)
+ {
+ GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
+ if (GNUNET_DB_STATUS_HARD_ERROR == qs)
+ *mret = TALER_MHD_reply_with_error (rc->connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_GENERIC_DB_FETCH_FAILED,
+ "get_age_withdraw_info");
+ return true; /* well, kind-of */
+ }
+
+ if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
+ return false;
+
+ /* generate idempotent reply */
+ TEH_METRICS_num_requests[TEH_MT_REQUEST_IDEMPOTENT_AGE_WITHDRAW]++;
+ *mret = TALER_MHD_REPLY_JSON_PACK (
+ rc->connection,
+ MHD_HTTP_OK,
+ GNUNET_JSON_pack_uint64 ("noreveal_index",
+ &awc->commitment.noreveal_index),
+ GNUNET_JSON_pack_data_auto ("exchange_sig",
+ &awc->commitment.sig),
+ GNUNET_JSON_pack_data_auto ("exchange_pub",
+ /* TODO:oec: where does the pub come from? */
+ &pub));
+ return true;
+}
+
+
+MHD_RESULT
+TEH_handler_age_withdraw (struct TEH_RequestContext *rc,
+ const struct TALER_ReservePublicKeyP *reserve_pub,
+ const json_t *root)
+{
+ struct AgeWithdrawContext awc;
+ struct GNUNET_JSON_Specification spec[] = {
+ GNUNET_JSON_spec_fixed_auto ("reserve_sig",
+ &awc.commitment.reserve_sig),
+ GNUNET_JSON_spec_fixed_auto ("age_restricted_coins_commitment",
+ &awc.commitment.h_commitment),
+ TALER_JSON_spec_amount ("amount",
+ &awc.commitment.amount_with_fee);
+ GNUNET_JSON_spec_uint8 ("max_age_group",
+ &awc.commitment.max_age_group),
+ GNUNET_JSON_spec_end ()
+ };
+ enum TALER_ErrorCode ec;
+
+ memset (&awc, 0, sizeof (awc));
+ awc.commitment.reserve_pub = *reserve_pub;
+
+
+ {
+ enum GNUNET_GenericReturnValue res;
+
+ res = TALER_MHD_parse_json_data (rc->connection,
+ root,
+ spec);
+ if (GNUNET_OK != res)
+ return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
+ }
+
+ if (request_is_idempotent (rc,
+ &awc,
+ &mret))
+ {
+ GNUNET_JSON_parse_free (spec);
+ return mret;
+ }
+
+ TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++;
+ if (GNUNET_OK !=
+ TALER_wallet_age_withdraw_verify (&awc.commitment.h_commitment,
+ &awc.commitment.amount_with_fee,
+ &awc.commitment.max_age_group,
+ &awc.commitment.reserve_pub,
+ &awc.commitment.reserve_sig))
+ {
+ GNUNET_break_op (0);
+ GNUNET_JSON_parse_free (spec);
+ return TALER_MHD_reply_with_error (rc->connection,
+ MHD_HTTP_FORBIDDEN,
+ TALER_EC_EXCHANGE_WITHDRAW_RESERVE_SIGNATURE_INVALID,
+ NULL);
+ }
+
+ /* run transaction */
+ {
+ MHD_RESULT mhd_ret;
+
+ if (GNUNET_OK !=
+ TEH_DB_run_transaction (rc->connection,
+ "run age withdraw",
+ TEH_MT_REQUEST_AGE_WITHDRAW,
+ &mhd_ret,
+ &age_withdraw_transaction,
+ &awc))
+ {
+ /* Even if #withdraw_transaction() failed, it may have created a signature
+ (or we might have done it optimistically above). */
+ /*TODO:oec:which function to call here!? */
+ TALER_blinded_denom_sig_free (&awc.commitment.sig);
+ GNUNET_JSON_parse_free (spec);
+ return mhd_ret;
+ }
+ }
+
+ /* Clean up and send back final response */
+ GNUNET_JSON_parse_free (spec);
+
+ if (! awc.kyc.ok)
+ return TEH_RESPONSE_reply_kyc_required (rc->connection,
+ &awc.h_payto,
+ &awc.kyc);
+ {
+ MHD_RESULT ret;
+
+ ret = TALER_MHD_REPLY_JSON_PACK (
+ rc->connection,
+ MHD_HTTP_OK,
+ /* TODO:oec: put in the right answer fields */
+ GNUNET_JSON_pack_uint64 ("noreveal_index",
+ &awc->commitment.noreveal_index),
+ GNUNET_JSON_pack_data_auto ("exchange_sig",
+ &awc->commitment.sig),
+ GNUNET_JSON_pack_data_auto ("exchange_pub",
+ /* TODO:oec: where does the pub come from? */
+ &pub));
+ TALER_blinded_denom_sig_free (&awc.commitment.sig);
+ return ret;
+ }
+}
+
+
+/* end of taler-exchange-httpd_age-withdraw.c */
diff --git a/src/exchange/taler-exchange-httpd_age-withdraw.h b/src/exchange/taler-exchange-httpd_age-withdraw.h
new file mode 100644
index 000000000..a76779190
--- /dev/null
+++ b/src/exchange/taler-exchange-httpd_age-withdraw.h
@@ -0,0 +1,47 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2023 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU Affero General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License along with
+ TALER; see the file COPYING. If not, see
+*/
+/**
+ * @file taler-exchange-httpd_age-withdraw.h
+ * @brief Handle /reserve/$RESERVE_PUB/age-withdraw requests
+ * @author Özgür Kesim
+ */
+#ifndef TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H
+#define TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H
+
+#include
+#include "taler-exchange-httpd.h"
+
+
+/**
+ * Handle a "/reserves/$RESERVE_PUB/age-withdraw" request.
+ *
+ * Parses the batch of commitments to withdraw age restricted coins, and checks
+ * that the signature "reserve_sig" makes this a valid withdrawal request from
+ * the specified reserve. If the request is valid, the response contains a
+ * noreveal_index which the client has to use for the subsequent call to
+ * /age-withdraw/$ACH/reveal.
+ *
+ * @param rc request context
+ * @param root uploaded JSON data
+ * @param reserve_pub public key of the reserve
+ * @return MHD result code
+ */
+MHD_RESULT
+TEH_handler_age_withdraw (struct TEH_RequestContext *rc,
+ const struct TALER_ReservePublicKeyP *reserve_pub,
+ const json_t *root);
+
+#endif
diff --git a/src/exchange/taler-exchange-httpd_age-withdraw_reveal.h b/src/exchange/taler-exchange-httpd_age-withdraw_reveal.h
new file mode 100644
index 000000000..ed7e37b3b
--- /dev/null
+++ b/src/exchange/taler-exchange-httpd_age-withdraw_reveal.h
@@ -0,0 +1,56 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2023 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU Affero General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License along with
+ TALER; see the file COPYING. If not, see
+*/
+/**
+ * @file taler-exchange-httpd_age-withdraw_reveal.h
+ * @brief Handle /age-withdraw/$ACH/reveal requests
+ * @author Özgür Kesim
+ */
+#ifndef TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H
+#define TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H
+
+#include
+#include "taler-exchange-httpd.h"
+
+
+/**
+ * Handle a "/age-withdraw/$ACH/reveal" request.
+ *
+ * The client got a noreveal_index in response to a previous request
+ * /reserve/$RESERVE_PUB/age-withdraw. It now has to reveal all n*(kappa-1)
+ * coin's private keys (except for the noreveal_index), from which all other
+ * coin-relevant data (blinding, age restriction, nonce) is derived from.
+ *
+ * The exchange computes those values, ensures that the maximum age is
+ * correctly applied, calculates the hash of the blinded envelopes, and -
+ * together with the non-disclosed blinded envelopes - compares the hash of
+ * those against the original commitment $ACH.
+ *
+ * If all those checks and the used denominations turn out to be correct, the
+ * exchange signs all blinded envelopes with their appropriate denomination
+ * keys.
+ *
+ * @param rc request context
+ * @param root uploaded JSON data
+ * @param ach commitment to the age restricted coints from the age-withdraw request
+ * @return MHD result code
+ */
+MHD_RESULT
+TEH_handler_age_withdraw_reveal (
+ struct TEH_RequestContext *rc,
+ const struct TALER_AgeRestrictedCoinsCommitmentP *ach,
+ const json_t *root);
+
+#endif
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index d6bf798c5..bd16bf57d 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -1050,6 +1050,52 @@ struct TALER_EXCHANGEDB_CollectableBlindcoin
struct TALER_ReserveSignatureP reserve_sig;
};
+/**
+ * @brief Information we keep for an age-withdraw commitment
+ * to reproduce the /age-withdraw operation if neede, and to have proof
+ * that a reserve was drained by this amount.
+ */
+struct TALER_EXCHANGEDB_AgeWithdrawCommitment
+{
+ /**
+ * Total amount (with fee) committed to withdraw
+ */
+ struct TALER_Amount amount_with_fee;
+
+ /**
+ * Public key of the reserve that was drained.
+ */
+ struct TALER_ReservePublicKeyP reserve_pub;
+
+ /**
+ * Maximum age group that the coins are restricted to.
+ */
+ uint8_t max_age_group;
+
+ /**
+ * The hash of the commitment of all n*kappa coins
+ */
+ struct TALER_AgeWithdrawCommitmentHashP h_commitment;
+
+ /**
+ * Index (smaller #TALER_CNC_KAPPA) which the exchange has chosen to not have
+ * revealed during cut and choose. This value applies to all n coins in the
+ * commitment.
+ */
+ uint32_t noreveal_index;
+
+ /**
+ * Signature confirming the age withdrawal, matching @e reserve_pub, @e
+ * maximum_age_group and @e h_commitment and @e total_amount_with_fee.
+ */
+ struct TALER_ReserveSignatureP reserve_sig;
+
+ /**
+ * The exchange's signature of the response.
+ */
+ struct TALER_ExchangeSignatureP sig;
+}
+
/**
* Information the exchange records about a recoup request
diff --git a/src/util/exchange_signatures.c b/src/util/exchange_signatures.c
index c2a841839..21dad5299 100644
--- a/src/util/exchange_signatures.c
+++ b/src/util/exchange_signatures.c
@@ -359,6 +359,8 @@ TALER_exchange_online_melt_confirmation_verify (
}
+/* TODO:oec: add signature for age-withdraw and reveal */
+
GNUNET_NETWORK_STRUCT_BEGIN
/**