BitcreditProtocol
diff --git a/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎crates/bcr-ebill-api/src/service/bill_service/mod.rs‎
Lines changed: 2 additions & 1 deletion b/‎crates/bcr-ebill-api/src/service/bill_service/mod.rs‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎crates/bcr-ebill-core/src/blockchain/bill/block.rs‎
Lines changed: 143 additions & 42 deletions b/‎crates/bcr-ebill-core/src/blockchain/bill/block.rs‎
Lines changed: 143 additions & 42 deletions
diff --git a/‎crates/bcr-ebill-core/src/blockchain/bill/chain.rs‎
Lines changed: 9 additions & 9 deletions b/‎crates/bcr-ebill-core/src/blockchain/bill/chain.rs‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎crates/bcr-ebill-core/src/blockchain/company/mod.rs‎
Lines changed: 80 additions & 1 deletion b/‎crates/bcr-ebill-core/src/blockchain/company/mod.rs‎
Lines changed: 80 additions & 1 deletion
@@ -1,3 +1,8 @@
+# 0.3.18
+
+* Add `plaintext_hash` to Identity, Company and Bill Blocks, which is a hash over the plaintext data
+    * (breaks all chains in the DB)
+
 # 0.3.17
 
 * Changed minted proofs token format from cashu Token v3 to BitcrB (v4)
 
@@ -1,5 +1,5 @@
 [workspace.package]
-version = "0.3.17"
+version = "0.3.18"
 edition = "2024"
 license = "MIT"
 
 
@@ -2393,12 +2393,13 @@ pub mod tests {
                 bill_id_test(),
                 123456,
                 "prevhash".to_string(),
-                "hash".to_string(),
+                "data".to_string(),
                 BillOpCode::Accept,
                 &keys,
                 None,
                 &BcrKeys::from_private_key(&private_key_test()).unwrap(),
                 1731593928,
+                "plain text hash".to_string(),
             )
             .unwrap(),
         );
 
@@ -150,7 +150,7 @@ impl BillBlockchain {
         for sell_pair in sell_pairs {
             let offer_to_sell_block = sell_pair.0;
             let block_data_decrypted: BillOfferToSellBlockData =
-                offer_to_sell_block.get_decrypted_block_bytes(bill_keys)?;
+                offer_to_sell_block.get_decrypted_block(bill_keys)?;
 
             if *node_id != block_data_decrypted.seller.node_id() {
                 // node id is not beneficiary - skip
@@ -261,7 +261,7 @@ impl BillBlockchain {
         for recourse_pair in recourse_pairs {
             let request_to_recourse_block = recourse_pair.0;
             let block_data_decrypted: BillRequestRecourseBlockData =
-                request_to_recourse_block.get_decrypted_block_bytes(bill_keys)?;
+                request_to_recourse_block.get_decrypted_block(bill_keys)?;
 
             if *node_id != block_data_decrypted.recourser.node_id {
                 // node id is not beneficiary - skip
@@ -379,7 +379,7 @@ impl BillBlockchain {
                 }
 
                 let block_data_decrypted: BillRequestRecourseBlockData =
-                    last_version_block.get_decrypted_block_bytes(bill_keys)?;
+                    last_version_block.get_decrypted_block(bill_keys)?;
                 return Ok(RecourseWaitingForPayment::Yes(Box::new(
                     RecoursePaymentInfo {
                         recoursee: block_data_decrypted.recoursee,
@@ -417,7 +417,7 @@ impl BillBlockchain {
                 }
 
                 let block_data_decrypted: BillOfferToSellBlockData =
-                    last_version_block_offer_to_sell.get_decrypted_block_bytes(bill_keys)?;
+                    last_version_block_offer_to_sell.get_decrypted_block(bill_keys)?;
                 return Ok(OfferToSellWaitingForPayment::Yes(Box::new(PaymentInfo {
                     buyer: block_data_decrypted.buyer.into(),
                     seller: block_data_decrypted.seller.into(),
@@ -444,7 +444,7 @@ impl BillBlockchain {
     pub fn get_first_version_bill(&self, bill_keys: &BillKeys) -> Result<BillIssueBlockData> {
         let first_block_data = &self.get_first_block();
         let bill_first_version: BillIssueBlockData =
-            first_block_data.get_decrypted_block_bytes(bill_keys)?;
+            first_block_data.get_decrypted_block(bill_keys)?;
         Ok(bill_first_version)
     }
 
@@ -638,7 +638,7 @@ impl BillBlockchain {
             Some((
                 endorse_block_encrypted.id,
                 endorse_block_encrypted
-                    .get_decrypted_block_bytes::<BillEndorseBlockData>(bill_keys)?
+                    .get_decrypted_block::<BillEndorseBlockData>(bill_keys)?
                     .endorsee,
             ))
         } else {
@@ -650,7 +650,7 @@ impl BillBlockchain {
             Some((
                 mint_block_encrypted.id,
                 mint_block_encrypted
-                    .get_decrypted_block_bytes::<BillMintBlockData>(bill_keys)?
+                    .get_decrypted_block::<BillMintBlockData>(bill_keys)?
                     .endorsee,
             ))
         } else {
@@ -662,7 +662,7 @@ impl BillBlockchain {
             Some((
                 sell_block_encrypted.id,
                 sell_block_encrypted
-                    .get_decrypted_block_bytes::<BillSellBlockData>(bill_keys)?
+                    .get_decrypted_block::<BillSellBlockData>(bill_keys)?
                     .buyer,
             ))
         } else {
@@ -675,7 +675,7 @@ impl BillBlockchain {
                 recourse_block_encrypted.id,
                 BillParticipantBlockData::Ident(
                     recourse_block_encrypted
-                        .get_decrypted_block_bytes::<BillRecourseBlockData>(bill_keys)?
+                        .get_decrypted_block::<BillRecourseBlockData>(bill_keys)?
                         .recoursee,
                 ),
             ))
 
@@ -8,8 +8,9 @@ use crate::{
     File, OptionalPostalAddress, PostalAddress,
     company::{Company, CompanyKeys},
 };
-use borsh::to_vec;
+use borsh::{from_slice, to_vec};
 use borsh_derive::{BorshDeserialize, BorshSerialize};
+use log::error;
 use secp256k1::PublicKey;
 use serde::{Deserialize, Serialize};
 
@@ -26,6 +27,7 @@ pub enum CompanyOpCode {
 pub struct CompanyBlockDataToHash {
     company_id: NodeId,
     id: u64,
+    plaintext_hash: String,
     previous_hash: String,
     data: String,
     timestamp: u64,
@@ -54,6 +56,7 @@ pub struct CompanyBlockData {
 pub struct CompanyBlock {
     pub company_id: NodeId,
     pub id: u64,
+    pub plaintext_hash: String,
     pub hash: String,
     pub timestamp: u64,
     pub data: String,
@@ -145,6 +148,10 @@ impl Block for CompanyBlock {
         &self.op_code
     }
 
+    fn plaintext_hash(&self) -> &str {
+        &self.plaintext_hash
+    }
+
     fn hash(&self) -> &str {
         &self.hash
     }
@@ -169,10 +176,52 @@ impl Block for CompanyBlock {
         true
     }
 
+    /// We validate the plaintext hash against the plaintext data from the CompanyBlockData wrapper
+    fn validate_plaintext_hash(&self, private_key: &secp256k1::SecretKey) -> bool {
+        match util::base58_decode(&self.data) {
+            Ok(decoded_wrapper) => match from_slice::<CompanyBlockData>(&decoded_wrapper) {
+                Ok(data_wrapper) => match util::base58_decode(&data_wrapper.data) {
+                    Ok(decoded) => match util::crypto::decrypt_ecies(&decoded, private_key) {
+                        Ok(decrypted) => self.plaintext_hash() == util::sha256_hash(&decrypted),
+                        Err(e) => {
+                            error!(
+                                "Decrypt Error while validating plaintext hash for id {}: {e}",
+                                self.id()
+                            );
+                            false
+                        }
+                    },
+                    Err(e) => {
+                        error!(
+                            "Decode Error while validating plaintext hash for id {}: {e}",
+                            self.id()
+                        );
+                        false
+                    }
+                },
+                Err(e) => {
+                    error!(
+                        "Wrapper Deserialize Error while validating plaintext hash for id {}: {e}",
+                        self.id()
+                    );
+                    false
+                }
+            },
+            Err(e) => {
+                error!(
+                    "Wrapper Decode Error while validating plaintext hash for id {}: {e}",
+                    self.id()
+                );
+                false
+            }
+        }
+    }
+
     fn get_block_data_to_hash(&self) -> Self::BlockDataToHash {
         CompanyBlockDataToHash {
             company_id: self.company_id.clone(),
             id: self.id(),
+            plaintext_hash: self.plaintext_hash().to_owned(),
             previous_hash: self.previous_hash().to_owned(),
             data: self.data().to_owned(),
             timestamp: self.timestamp(),
@@ -195,6 +244,7 @@ impl CompanyBlock {
         identity_keys: &BcrKeys,
         company_keys: &CompanyKeys,
         timestamp: u64,
+        plaintext_hash: String,
     ) -> Result<Self> {
         // The order here is important: identity -> company
         let keys: Vec<secp256k1::SecretKey> = vec![
@@ -206,6 +256,7 @@ impl CompanyBlock {
         let hash = Self::calculate_hash(CompanyBlockDataToHash {
             company_id: company_id.clone(),
             id,
+            plaintext_hash: plaintext_hash.clone(),
             previous_hash: previous_hash.clone(),
             data: data.clone(),
             timestamp,
@@ -218,6 +269,7 @@ impl CompanyBlock {
         Ok(Self {
             company_id,
             id,
+            plaintext_hash,
             hash,
             timestamp,
             previous_hash,
@@ -238,6 +290,7 @@ impl CompanyBlock {
         timestamp: u64,
     ) -> Result<Self> {
         let company_bytes = to_vec(company)?;
+        let plaintext_hash = Self::calculate_plaintext_hash(company)?;
         // encrypt data using company pub key
         let encrypted_data = util::base58_encode(&util::crypto::encrypt_ecies(
             &company_bytes,
@@ -266,6 +319,7 @@ impl CompanyBlock {
             identity_keys,
             company_keys,
             timestamp,
+            plaintext_hash,
         )
     }
 
@@ -365,6 +419,7 @@ impl CompanyBlock {
         op_code: CompanyOpCode,
     ) -> Result<Self> {
         let bytes = to_vec(&data)?;
+        let plaintext_hash = Self::calculate_plaintext_hash(data)?;
         // encrypt data using the company pub key
         let encrypted_data = util::base58_encode(&util::crypto::encrypt_ecies(
             &bytes,
@@ -400,6 +455,7 @@ impl CompanyBlock {
             identity_keys,
             company_keys,
             timestamp,
+            plaintext_hash,
         )?;
 
         if !new_block.validate_with_previous(previous_block) {
@@ -504,6 +560,24 @@ mod tests {
             ),
         )
     }
+
+    #[test]
+    fn test_plaintext_hash() {
+        let (_id, (company, company_keys)) = get_baseline_company_data();
+
+        let chain = CompanyBlockchain::new(
+            &CompanyCreateBlockData::from(company),
+            &BcrKeys::new(),
+            &company_keys,
+            1731593928,
+        );
+        assert!(chain.is_ok());
+        assert!(chain.as_ref().unwrap().is_chain_valid());
+        assert!(
+            chain.as_ref().unwrap().blocks()[0].validate_plaintext_hash(&company_keys.private_key)
+        );
+    }
+
     #[test]
     fn create_and_check_validity() {
         let (_id, (company, company_keys)) = get_baseline_company_data();
@@ -605,6 +679,11 @@ mod tests {
         assert!(new_chain_from_empty_blocks.is_err());
 
         let blocks = chain.blocks();
+
+        for block in blocks {
+            assert!(block.validate_plaintext_hash(&company_keys.private_key));
+        }
+
         let new_chain_from_blocks = CompanyBlockchain::new_from_blocks(blocks.to_owned());
         assert!(new_chain_from_blocks.is_ok());
         assert!(new_chain_from_blocks.as_ref().unwrap().is_chain_valid());