aboutsummaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorChristian Grothoff <grothoff@gnunet.org>2023-10-25 22:54:20 +0200
committerChristian Grothoff <grothoff@gnunet.org>2023-10-25 22:54:20 +0200
commit82d7d87cc3946a01bfed221c7da0fb9ef2c18eb1 (patch)
treef0d3cb66869650e7dc1a5bc3a197c5f05636cf3e /src/lib
parentbc74ed7c2eb54820a58cf832cb7aa83b1b331458 (diff)
downloadexchange-82d7d87cc3946a01bfed221c7da0fb9ef2c18eb1.tar.xz
new blind signing code builds
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/exchange_api_age_withdraw.c82
-rw-r--r--src/lib/exchange_api_batch_withdraw.c35
-rw-r--r--src/lib/exchange_api_csr_melt.c3
-rw-r--r--src/lib/exchange_api_csr_withdraw.c9
-rw-r--r--src/lib/exchange_api_handle.c18
-rw-r--r--src/lib/exchange_api_link.c19
-rw-r--r--src/lib/exchange_api_management_get_keys.c18
-rw-r--r--src/lib/exchange_api_melt.c21
-rw-r--r--src/lib/exchange_api_recoup.c42
-rw-r--r--src/lib/exchange_api_recoup_refresh.c45
-rw-r--r--src/lib/exchange_api_refresh_common.c32
-rw-r--r--src/lib/exchange_api_refresh_common.h2
-rw-r--r--src/lib/exchange_api_refreshes_reveal.c5
13 files changed, 181 insertions, 150 deletions
diff --git a/src/lib/exchange_api_age_withdraw.c b/src/lib/exchange_api_age_withdraw.c
index ea9c0371e..6c6460b2b 100644
--- a/src/lib/exchange_api_age_withdraw.c
+++ b/src/lib/exchange_api_age_withdraw.c
@@ -67,25 +67,40 @@ struct CoinCandidate
*/
struct CSRClosure
{
- /* Points to the actual candidate in CoinData.coin_candidates, to continue
- * to build its contents based on the results from /csr-withdraw */
+ /**
+ * Points to the actual candidate in CoinData.coin_candidates, to continue
+ * to build its contents based on the results from /csr-withdraw
+ */
struct CoinCandidate *candidate;
- /* The planchet to finally generate. Points to the corresponding candidate
- * in CoindData.planchet_details */
+ /**
+ * The planchet to finally generate. Points to the corresponding candidate
+ * in CoindData.planchet_details
+ */
struct TALER_PlanchetDetail *planchet;
- /* Handler to the originating call to /age-withdraw, needed to either
+ /**
+ * Handler to the originating call to /age-withdraw, needed to either
* cancel the running age-withdraw request (on failure of the current call
* to /csr-withdraw), or to eventually perform the protocol, once all
- * csr-withdraw requests have successfully finished. */
+ * csr-withdraw requests have successfully finished.
+ */
struct TALER_EXCHANGE_AgeWithdrawHandle *age_withdraw_handle;
- /* Denomination information, needed for CS coins for the
- * step after /csr-withdraw */
+ /**
+ * Session nonce.
+ */
+ union GNUNET_CRYPTO_BlindSessionNonce nonce;
+
+ /**
+ * Denomination information, needed for CS coins for the
+ * step after /csr-withdraw
+ */
const struct TALER_EXCHANGE_DenomPublicKey *denom_pub;
- /* Handler for the CS R request */
+ /**
+ * Handler for the CS R request
+ */
struct TALER_EXCHANGE_CsRWithdrawHandle *csr_withdraw_handle;
};
@@ -663,13 +678,19 @@ copy_results (
struct TALER_EXCHANGE_AgeWithdrawResponse resp = {
.hr = awbr->hr,
.details = {
- .ok = { .noreveal_index = awbr->details.ok.noreveal_index,
- .h_commitment = awbr->details.ok.h_commitment,
- .exchange_pub = awbr->details.ok.exchange_pub,
- .num_coins = awh->num_coins,
- .coin_details = details,
- .blinded_coin_hs = blinded_coin_hs},
- },
+ .ok = {
+ .noreveal_index = awbr->details.ok.noreveal_index,
+ .h_commitment = awbr->details.ok.h_commitment,
+ .exchange_pub = awbr->details.ok.exchange_pub,
+ .num_coins = awh->num_coins,
+ .coin_details = details,
+ .blinded_coin_hs = blinded_coin_hs
+ }
+
+
+ }
+
+
};
for (size_t n = 0; n< awh->num_coins; n++)
@@ -678,10 +699,8 @@ copy_results (
details[n].planchet = awh->coin_data[n].planchet_details[k];
blinded_coin_hs[n] = awh->coin_data[n].coin_candidates[k].blinded_coin_h;
}
-
awh->callback (awh->callback_cls,
&resp);
-
awh->callback = NULL;
}
@@ -795,8 +814,8 @@ csr_withdraw_done (
bool success = false;
/* Complete the initialization of the coin with CS denomination */
can->details.alg_values = csrr->details.ok.alg_values;
- GNUNET_assert (can->details.alg_values.cipher
- == TALER_DENOMINATION_CS);
+ GNUNET_assert (can->details.alg_values.blinding_inputs->cipher
+ == GNUNET_CRYPTO_BSA_CS);
TALER_planchet_setup_coin_priv (&can->secret,
&can->details.alg_values,
&can->details.coin_priv);
@@ -810,6 +829,7 @@ csr_withdraw_done (
TALER_planchet_prepare (&csr->denom_pub->key,
&can->details.alg_values,
&can->details.blinding_key,
+ &csr->nonce,
&can->details.coin_priv,
&can->details.h_age_commitment,
&can->details.h_coin_pub,
@@ -912,11 +932,10 @@ prepare_coins (
TALER_age_commitment_hash (&can->details.age_commitment_proof.commitment,
&can->details.h_age_commitment);
- switch (input->denom_pub->key.cipher)
+ switch (input->denom_pub->key.bsign_pub_key->cipher)
{
- case TALER_DENOMINATION_RSA:
+ case GNUNET_CRYPTO_BSA_RSA:
{
- can->details.alg_values.cipher = TALER_DENOMINATION_RSA;
TALER_planchet_setup_coin_priv (&can->secret,
&can->details.alg_values,
&can->details.coin_priv);
@@ -925,8 +944,9 @@ prepare_coins (
&can->details.blinding_key);
FAIL_IF (GNUNET_OK !=
TALER_planchet_prepare (&cd->denom_pub.key,
- &can->details.alg_values,
+ NULL,
&can->details.blinding_key,
+ NULL,
&can->details.coin_priv,
&can->details.h_age_commitment,
&can->details.h_coin_pub,
@@ -937,10 +957,8 @@ prepare_coins (
&can->blinded_coin_h));
break;
}
- case TALER_DENOMINATION_CS:
+ case GNUNET_CRYPTO_BSA_CS:
{
- can->details.alg_values.cipher = TALER_DENOMINATION_CS;
-
struct CSRClosure *cls = &cd->csr_cls[k];
/**
* Save the handler and the denomination for the callback
@@ -949,21 +967,15 @@ prepare_coins (
cls->candidate = can;
cls->planchet = planchet;
cls->denom_pub = &cd->denom_pub;
-
TALER_cs_withdraw_nonce_derive (
&can->secret,
- &planchet->blinded_planchet.details.cs_blinded_planchet.nonce);
-
- /* Note that we only initialize the first half
- of the blinded_planchet here; the other part
- will be done after the /csr-withdraw request! */
- planchet->blinded_planchet.cipher = TALER_DENOMINATION_CS;
+ &cls->nonce.cs_nonce);
cls->csr_withdraw_handle =
TALER_EXCHANGE_csr_withdraw (
awh->curl_ctx,
awh->exchange_url,
&cd->denom_pub,
- &planchet->blinded_planchet.details.cs_blinded_planchet.nonce,
+ &cls->nonce.cs_nonce,
&csr_withdraw_done,
cls);
FAIL_IF (NULL == cls->csr_withdraw_handle);
diff --git a/src/lib/exchange_api_batch_withdraw.c b/src/lib/exchange_api_batch_withdraw.c
index a1fcccce4..d17a00f1b 100644
--- a/src/lib/exchange_api_batch_withdraw.c
+++ b/src/lib/exchange_api_batch_withdraw.c
@@ -54,9 +54,14 @@ struct CoinData
const struct TALER_AgeCommitmentHash *ach;
/**
- * blinding secret
+ * blinding secret
*/
- union TALER_DenominationBlindingKeyP bks;
+ union GNUNET_CRYPTO_BlindingSecretP bks;
+
+ /**
+ * Session nonce.
+ */
+ union GNUNET_CRYPTO_BlindSessionNonce nonce;
/**
* Private key of the coin we are withdrawing.
@@ -79,7 +84,7 @@ struct CoinData
struct TALER_CoinPubHashP c_hash;
/**
- * Handler for the CS R request (only used for TALER_DENOMINATION_CS denominations)
+ * Handler for the CS R request (only used for GNUNET_CRYPTO_BSA_CS denominations)
*/
struct TALER_EXCHANGE_CsRWithdrawHandle *csrh;
@@ -295,7 +300,8 @@ withdraw_cs_stage_two_callback (
};
cd->csrh = NULL;
- GNUNET_assert (TALER_DENOMINATION_CS == cd->pk.key.cipher);
+ GNUNET_assert (GNUNET_CRYPTO_BSA_CS ==
+ cd->pk.key.bsign_pub_key->cipher);
switch (csrr->hr.http_status)
{
case MHD_HTTP_OK:
@@ -306,12 +312,11 @@ withdraw_cs_stage_two_callback (
TALER_planchet_blinding_secret_create (&cd->ps,
&cd->alg_values,
&cd->bks);
- /* This initializes the 2nd half of the
- wh->pd.blinded_planchet! */
if (GNUNET_OK !=
TALER_planchet_prepare (&cd->pk.key,
&cd->alg_values,
&cd->bks,
+ &cd->nonce,
&cd->priv,
cd->ach,
&cd->c_hash,
@@ -367,11 +372,10 @@ TALER_EXCHANGE_batch_withdraw (
cd->pk = *wci->pk;
TALER_denom_pub_deep_copy (&cd->pk.key,
&wci->pk->key);
- switch (wci->pk->key.cipher)
+ switch (wci->pk->key.bsign_pub_key->cipher)
{
- case TALER_DENOMINATION_RSA:
+ case GNUNET_CRYPTO_BSA_RSA:
{
- cd->alg_values.cipher = TALER_DENOMINATION_RSA;
TALER_planchet_setup_coin_priv (&cd->ps,
&cd->alg_values,
&cd->priv);
@@ -380,8 +384,9 @@ TALER_EXCHANGE_batch_withdraw (
&cd->bks);
if (GNUNET_OK !=
TALER_planchet_prepare (&cd->pk.key,
- &cd->alg_values,
+ NULL,
&cd->bks,
+ NULL,
&cd->priv,
cd->ach,
&cd->c_hash,
@@ -393,20 +398,16 @@ TALER_EXCHANGE_batch_withdraw (
}
break;
}
- case TALER_DENOMINATION_CS:
+ case GNUNET_CRYPTO_BSA_CS:
{
TALER_cs_withdraw_nonce_derive (
&cd->ps,
- &cd->pd.blinded_planchet.details.cs_blinded_planchet.nonce);
- /* Note that we only initialize the first half
- of the blinded_planchet here; the other part
- will be done after the /csr-withdraw request! */
- cd->pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
+ &cd->nonce.cs_nonce);
cd->csrh = TALER_EXCHANGE_csr_withdraw (
curl_ctx,
exchange_url,
&cd->pk,
- &cd->pd.blinded_planchet.details.cs_blinded_planchet.nonce,
+ &cd->nonce.cs_nonce,
&withdraw_cs_stage_two_callback,
cd);
if (NULL == cd->csrh)
diff --git a/src/lib/exchange_api_csr_melt.c b/src/lib/exchange_api_csr_melt.c
index f59995af3..f5887bd60 100644
--- a/src/lib/exchange_api_csr_melt.c
+++ b/src/lib/exchange_api_csr_melt.c
@@ -234,7 +234,8 @@ TALER_EXCHANGE_csr_melt (
return NULL;
}
for (unsigned int i = 0; i<nks_len; i++)
- if (TALER_DENOMINATION_CS != nks[i].pk->key.cipher)
+ if (GNUNET_CRYPTO_BSA_CS !=
+ nks[i].pk->key.bsign_pub_key->cipher)
{
GNUNET_break (0);
return NULL;
diff --git a/src/lib/exchange_api_csr_withdraw.c b/src/lib/exchange_api_csr_withdraw.c
index 4c1d83a9a..fa2b0dc85 100644
--- a/src/lib/exchange_api_csr_withdraw.c
+++ b/src/lib/exchange_api_csr_withdraw.c
@@ -203,13 +203,14 @@ TALER_EXCHANGE_csr_withdraw (
struct GNUNET_CURL_Context *curl_ctx,
const char *exchange_url,
const struct TALER_EXCHANGE_DenomPublicKey *pk,
- const struct TALER_CsNonce *nonce,
+ const struct GNUNET_CRYPTO_CsSessionNonce *nonce,
TALER_EXCHANGE_CsRWithdrawCallback res_cb,
void *res_cb_cls)
{
struct TALER_EXCHANGE_CsRWithdrawHandle *csrh;
- if (TALER_DENOMINATION_CS != pk->key.cipher)
+ if (GNUNET_CRYPTO_BSA_CS !=
+ pk->key.bsign_pub_key->cipher)
{
GNUNET_break (0);
return NULL;
@@ -233,10 +234,10 @@ TALER_EXCHANGE_csr_withdraw (
req = GNUNET_JSON_PACK (
GNUNET_JSON_pack_data_varsize ("nonce",
nonce,
- sizeof(struct TALER_CsNonce)),
+ sizeof(*nonce)),
GNUNET_JSON_pack_data_varsize ("denom_pub_hash",
&pk->h_key,
- sizeof(struct TALER_DenominationHashP)));
+ sizeof(pk->h_key)));
GNUNET_assert (NULL != req);
eh = TALER_EXCHANGE_curl_easy_get_ (csrh->url);
if ( (NULL == eh) ||
diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c
index 50a1a9ce9..24d1590cc 100644
--- a/src/lib/exchange_api_handle.c
+++ b/src/lib/exchange_api_handle.c
@@ -458,7 +458,7 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key,
static enum GNUNET_GenericReturnValue
parse_json_denomkey_partially (
struct TALER_EXCHANGE_DenomPublicKey *denom_key,
- enum TALER_DenominationCipher cipher,
+ enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher,
bool check_sigs,
const json_t *denom_key_obj,
struct TALER_MasterPublicKeyP *master_key,
@@ -1111,7 +1111,6 @@ decode_keys_json (const json_t *resp_obj,
denomination. Required to make the validity check inside
parse_json_denomkey_partially pass */
struct TALER_EXCHANGE_DenomPublicKey dk = {
- .key.cipher = group.cipher,
.value = group.value,
.fees = group.fees,
.key.age_mask = group.age_mask
@@ -1978,10 +1977,10 @@ add_grp (void *cls,
(void) key;
switch (gd->meta.cipher)
{
- case TALER_DENOMINATION_RSA:
+ case GNUNET_CRYPTO_BSA_RSA:
cipher = age_restricted ? "RSA+age_restricted" : "RSA";
break;
- case TALER_DENOMINATION_CS:
+ case GNUNET_CRYPTO_BSA_CS:
cipher = age_restricted ? "CS+age_restricted" : "CS";
break;
default:
@@ -2125,7 +2124,6 @@ TALER_EXCHANGE_keys_to_json (const struct TALER_EXCHANGE_Keys *kd)
{
const struct TALER_EXCHANGE_DenomPublicKey *dk = &kd->denom_keys[i];
struct TALER_DenominationGroup meta = {
- .cipher = dk->key.cipher,
.value = dk->value,
.fees = dk->fees,
.age_mask = dk->key.age_mask
@@ -2159,18 +2157,18 @@ TALER_EXCHANGE_keys_to_json (const struct TALER_EXCHANGE_Keys *kd)
}
switch (meta.cipher)
{
- case TALER_DENOMINATION_RSA:
+ case GNUNET_CRYPTO_BSA_RSA:
key_spec =
GNUNET_JSON_pack_rsa_public_key (
"rsa_pub",
- dk->key.details.rsa_public_key);
+ dk->key.bsign_pub_key->details.rsa_public_key);
break;
- case TALER_DENOMINATION_CS:
+ case GNUNET_CRYPTO_BSA_CS:
key_spec =
GNUNET_JSON_pack_data_varsize (
"cs_pub",
- &dk->key.details.cs_public_key,
- sizeof (dk->key.details.cs_public_key));
+ &dk->key.bsign_pub_key->details.cs_public_key,
+ sizeof (dk->key.bsign_pub_key->details.cs_public_key));
break;
default:
GNUNET_assert (false);
diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c
index f408b87d0..2d56ec915 100644
--- a/src/lib/exchange_api_link.c
+++ b/src/lib/exchange_api_link.c
@@ -1,6 +1,6 @@
/*
This file is part of TALER
- Copyright (C) 2015-2021 Taler Systems SA
+ Copyright (C) 2015-2023 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
@@ -89,9 +89,9 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
struct TALER_BlindedDenominationSignature bsig;
struct TALER_DenominationPublicKey rpub;
struct TALER_CoinSpendSignatureP link_sig;
- union TALER_DenominationBlindingKeyP bks;
+ union GNUNET_CRYPTO_BlindingSecretP bks;
struct TALER_ExchangeWithdrawValues alg_values;
- struct TALER_CsNonce nonce;
+ union GNUNET_CRYPTO_BlindSessionNonce nonce;
bool no_nonce;
uint32_t coin_idx;
struct GNUNET_JSON_Specification spec[] = {
@@ -163,6 +163,9 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
&rpub,
&alg_values,
&bks,
+ no_nonce
+ ? NULL
+ : &nonce,
&lci->coin_priv,
pah,
&c_hash,
@@ -172,16 +175,6 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
GNUNET_JSON_parse_free (spec);
return GNUNET_SYSERR;
}
- if (TALER_DENOMINATION_CS == alg_values.cipher)
- {
- if (no_nonce)
- {
- GNUNET_break_op (0);
- GNUNET_JSON_parse_free (spec);
- return GNUNET_SYSERR;
- }
- pd.blinded_planchet.details.cs_blinded_planchet.nonce = nonce;
- }
/* extract coin and signature */
if (GNUNET_OK !=
TALER_denom_sig_unblind (&lci->sig,
diff --git a/src/lib/exchange_api_management_get_keys.c b/src/lib/exchange_api_management_get_keys.c
index 03339c663..b88ddc205 100644
--- a/src/lib/exchange_api_management_get_keys.c
+++ b/src/lib/exchange_api_management_get_keys.c
@@ -1,6 +1,6 @@
/*
This file is part of TALER
- Copyright (C) 2015-2020 Taler Systems SA
+ Copyright (C) 2015-2023 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
@@ -228,14 +228,15 @@ handle_ok (struct TALER_EXCHANGE_ManagementGetKeysHandle *gh,
TALER_denom_pub_hash (&denom_key->key,
&h_denom_pub);
- switch (denom_key->key.cipher)
+ switch (denom_key->key.bsign_pub_key->cipher)
{
- case TALER_DENOMINATION_RSA:
+ case GNUNET_CRYPTO_BSA_RSA:
{
struct TALER_RsaPubHashP h_rsa;
- TALER_rsa_pub_hash (denom_key->key.details.rsa_public_key,
- &h_rsa);
+ TALER_rsa_pub_hash (
+ denom_key->key.bsign_pub_key->details.rsa_public_key,
+ &h_rsa);
if (GNUNET_OK !=
TALER_exchange_secmod_rsa_verify (&h_rsa,
section_name,
@@ -250,12 +251,13 @@ handle_ok (struct TALER_EXCHANGE_ManagementGetKeysHandle *gh,
}
}
break;
- case TALER_DENOMINATION_CS:
+ case GNUNET_CRYPTO_BSA_CS:
{
struct TALER_CsPubHashP h_cs;
- TALER_cs_pub_hash (&denom_key->key.details.cs_public_key,
- &h_cs);
+ TALER_cs_pub_hash (
+ &denom_key->key.bsign_pub_key->details.cs_public_key,
+ &h_cs);
if (GNUNET_OK !=
TALER_exchange_secmod_cs_verify (&h_cs,
section_name,
diff --git a/src/lib/exchange_api_melt.c b/src/lib/exchange_api_melt.c
index ba4241dab..906772767 100644
--- a/src/lib/exchange_api_melt.c
+++ b/src/lib/exchange_api_melt.c
@@ -460,18 +460,16 @@ csr_cb (void *cls,
&mh->rd->fresh_pks[i];
struct TALER_ExchangeWithdrawValues *wv = &mh->mbds[i].alg_value;
- switch (fresh_pk->key.cipher)
+ switch (fresh_pk->key.bsign_pub_key->cipher)
{
- case TALER_DENOMINATION_INVALID:
+ case GNUNET_CRYPTO_BSA_INVALID:
GNUNET_break (0);
fail_mh (mh,
TALER_EC_GENERIC_CLIENT_INTERNAL_ERROR);
return;
- case TALER_DENOMINATION_RSA:
- GNUNET_assert (TALER_DENOMINATION_RSA == wv->cipher);
+ case GNUNET_CRYPTO_BSA_RSA:
break;
- case TALER_DENOMINATION_CS:
- GNUNET_assert (TALER_DENOMINATION_CS == wv->cipher);
+ case GNUNET_CRYPTO_BSA_CS:
*wv = csrr->details.ok.alg_values[nks_off];
nks_off++;
break;
@@ -521,20 +519,17 @@ TALER_EXCHANGE_melt (
for (unsigned int i = 0; i<rd->fresh_pks_len; i++)
{
const struct TALER_EXCHANGE_DenomPublicKey *fresh_pk = &rd->fresh_pks[i];
- struct TALER_ExchangeWithdrawValues *wv = &mh->mbds[i].alg_value;
- switch (fresh_pk->key.cipher)
+ switch (fresh_pk->key.bsign_pub_key->cipher)
{
- case TALER_DENOMINATION_INVALID:
+ case GNUNET_CRYPTO_BSA_INVALID:
GNUNET_break (0);
GNUNET_free (mh->mbds);
GNUNET_free (mh);
return NULL;
- case TALER_DENOMINATION_RSA:
- wv->cipher = TALER_DENOMINATION_RSA;
+ case GNUNET_CRYPTO_BSA_RSA:
break;
- case TALER_DENOMINATION_CS:
- wv->cipher = TALER_DENOMINATION_CS;
+ case GNUNET_CRYPTO_BSA_CS:
nks[nks_off].pk = fresh_pk;
nks[nks_off].cnc_num = nks_off;
nks_off++;
diff --git a/src/lib/exchange_api_recoup.c b/src/lib/exchange_api_recoup.c
index cfd265f04..56499f381 100644
--- a/src/lib/exchange_api_recoup.c
+++ b/src/lib/exchange_api_recoup.c
@@ -245,7 +245,7 @@ TALER_EXCHANGE_recoup (
CURL *eh;
char arg_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2 + 32];
struct TALER_CoinSpendPrivateKeyP coin_priv;
- union TALER_DenominationBlindingKeyP bks;
+ union GNUNET_CRYPTO_BlindingSecretP bks;
ph = GNUNET_new (struct TALER_EXCHANGE_RecoupHandle);
TALER_planchet_setup_coin_priv (ps,
@@ -273,22 +273,32 @@ TALER_EXCHANGE_recoup (
&ph->coin_sig),
GNUNET_JSON_pack_data_auto ("coin_blind_key_secret",
&bks));
- if (TALER_DENOMINATION_CS == denom_sig->cipher)
+ switch (denom_sig->unblinded_sig->cipher)
{
- struct TALER_CsNonce nonce;
-
- /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash()
- it is not strictly clear that the nonce is needed. Best case would be
- to find a way to include it more 'naturally' somehow, for example with
- the variant union version of bks! */
- TALER_cs_withdraw_nonce_derive (ps,
- &nonce);
- GNUNET_assert (
- 0 ==
- json_object_set_new (recoup_obj,
- "cs_nonce",
- GNUNET_JSON_from_data_auto (
- &nonce)));
+ case GNUNET_CRYPTO_BSA_INVALID:
+ json_decref (recoup_obj);
+ GNUNET_break (0);
+ GNUNET_free (ph);
+ return NULL;
+ case GNUNET_CRYPTO_BSA_RSA:
+ break;
+ case GNUNET_CRYPTO_BSA_CS:
+ {
+ union GNUNET_CRYPTO_BlindSessionNonce nonce;
+
+ /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash()
+ it is not strictly clear that the nonce is needed. Best case would be
+ to find a way to include it more 'naturally' somehow, for example with
+ the variant union version of bks! */
+ TALER_cs_withdraw_nonce_derive (ps,
+ &nonce.cs_nonce);
+ GNUNET_assert (
+ 0 ==
+ json_object_set_new (recoup_obj,
+ "cs_nonce",
+ GNUNET_JSON_from_data_auto (
+ &nonce)));
+ }
}
{
diff --git a/src/lib/exchange_api_recoup_refresh.c b/src/lib/exchange_api_recoup_refresh.c
index 0bcd44dec..0c2e21cbf 100644
--- a/src/lib/exchange_api_recoup_refresh.c
+++ b/src/lib/exchange_api_recoup_refresh.c
@@ -235,7 +235,7 @@ TALER_EXCHANGE_recoup_refresh (
CURL *eh;
char arg_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2 + 32];
struct TALER_CoinSpendPrivateKeyP coin_priv;
- union TALER_DenominationBlindingKeyP bks;
+ union GNUNET_CRYPTO_BlindingSecretP bks;
GNUNET_assert (NULL != recoup_cb);
ph = GNUNET_new (struct TALER_EXCHANGE_RecoupRefreshHandle);
@@ -271,23 +271,34 @@ TALER_EXCHANGE_recoup_refresh (
GNUNET_JSON_pack_data_auto ("coin_blind_key_secret",
&bks));
- if (TALER_DENOMINATION_CS == denom_sig->cipher)
+ switch (denom_sig->unblinded_sig->cipher)
{
- struct TALER_CsNonce nonce;
-
- /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash()
- it is not strictly clear that the nonce is needed. Best case would be
- to find a way to include it more 'naturally' somehow, for example with
- the variant union version of bks! */
- TALER_cs_refresh_nonce_derive (rms,
- idx,
- &nonce);
- GNUNET_assert (
- 0 ==
- json_object_set_new (recoup_obj,
- "cs_nonce",
- GNUNET_JSON_from_data_auto (
- &nonce)));
+ case GNUNET_CRYPTO_BSA_INVALID:
+ json_decref (recoup_obj);
+ GNUNET_break (0);
+ GNUNET_free (ph);
+ return NULL;
+ case GNUNET_CRYPTO_BSA_RSA:
+ break;
+ case GNUNET_CRYPTO_BSA_CS:
+ {
+ union GNUNET_CRYPTO_BlindSessionNonce nonce;
+
+ /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash()
+ it is not strictly clear that the nonce is needed. Best case would be
+ to find a way to include it more 'naturally' somehow, for example with
+ the variant union version of bks! */
+ TALER_cs_refresh_nonce_derive (rms,
+ idx,
+ &nonce.cs_nonce);
+ GNUNET_assert (
+ 0 ==
+ json_object_set_new (recoup_obj,
+ "cs_nonce",
+ GNUNET_JSON_from_data_auto (
+ &nonce)));
+ }
+ break;
}
{
diff --git a/src/lib/exchange_api_refresh_common.c b/src/lib/exchange_api_refresh_common.c
index 0a6665b55..57011a6b4 100644
--- a/src/lib/exchange_api_refresh_common.c
+++ b/src/lib/exchange_api_refresh_common.c
@@ -68,7 +68,7 @@ TALER_EXCHANGE_get_melt_data_ (
{
struct TALER_Amount total;
struct TALER_CoinSpendPublicKeyP coin_pub;
- struct TALER_CsNonce nonces[rd->fresh_pks_len];
+ union GNUNET_CRYPTO_BlindSessionNonce nonces[rd->fresh_pks_len];
bool uses_cs = false;
GNUNET_CRYPTO_eddsa_key_get_public (&rd->melt_priv.eddsa_priv,
@@ -99,19 +99,27 @@ TALER_EXCHANGE_get_melt_data_ (
{
struct FreshCoinData *fcd = &md->fcds[j];
- if (alg_values[j].cipher != rd->fresh_pks[j].key.cipher)
+ switch (fcd->fresh_pk.bsign_pub_key->cipher)
{
+ case GNUNET_CRYPTO_BSA_INVALID:
GNUNET_break (0);
TALER_EXCHANGE_free_melt_data_ (md);
return GNUNET_SYSERR;
- }
- if (TALER_DENOMINATION_CS == alg_values[j].cipher)
- {
+ case GNUNET_CRYPTO_BSA_RSA:
+ break;
+ case GNUNET_CRYPTO_BSA_CS:
+ if (alg_values[j].blinding_inputs->cipher !=
+ fcd->fresh_pk.bsign_pub_key->cipher)
+ {
+ GNUNET_break (0);
+ TALER_EXCHANGE_free_melt_data_ (md);
+ return GNUNET_SYSERR;
+ }
uses_cs = true;
- TALER_cs_refresh_nonce_derive (
- rms,
- j,
- &nonces[j]);
+ TALER_cs_refresh_nonce_derive (rms,
+ j,
+ &nonces[j].cs_nonce);
+ break;
}
TALER_denom_pub_deep_copy (&fcd->fresh_pk,
&rd->fresh_pks[j].key);
@@ -170,7 +178,7 @@ TALER_EXCHANGE_get_melt_data_ (
struct TALER_CoinSpendPrivateKeyP *coin_priv = &fcd->coin_priv;
struct TALER_PlanchetMasterSecretP *ps = &fcd->ps[i];
struct TALER_RefreshCoinData *rcd = &md->rcd[i][j];
- union TALER_DenominationBlindingKeyP *bks = &fcd->bks[i];
+ union GNUNET_CRYPTO_BlindingSecretP *bks = &fcd->bks[i];
struct TALER_PlanchetDetail pd;
struct TALER_CoinPubHashP c_hash;
struct TALER_AgeCommitmentHash ach;
@@ -205,13 +213,11 @@ TALER_EXCHANGE_get_melt_data_ (
pah = &ach;
}
- if (TALER_DENOMINATION_CS == alg_values[j].cipher)
- pd.blinded_planchet.details.cs_blinded_planchet.nonce = nonces[j];
-
if (GNUNET_OK !=
TALER_planchet_prepare (&fcd->fresh_pk,
&alg_values[j],
bks,
+ &nonces[j],
coin_priv,
pah,
&c_hash,
diff --git a/src/lib/exchange_api_refresh_common.h b/src/lib/exchange_api_refresh_common.h
index 0cb80f17e..f596e1e90 100644
--- a/src/lib/exchange_api_refresh_common.h
+++ b/src/lib/exchange_api_refresh_common.h
@@ -109,7 +109,7 @@ struct FreshCoinData
* Blinding key secrets for the coins, depending on the
* cut-and-choose.
*/
- union TALER_DenominationBlindingKeyP bks[TALER_CNC_KAPPA];
+ union GNUNET_CRYPTO_BlindingSecretP bks[TALER_CNC_KAPPA];
};
diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c
index 220682992..a4ea47763 100644
--- a/src/lib/exchange_api_refreshes_reveal.c
+++ b/src/lib/exchange_api_refreshes_reveal.c
@@ -138,7 +138,7 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshesRevealHandle *rrh,
GNUNET_JSON_spec_end ()
};
struct TALER_FreshCoin coin;
- union TALER_DenominationBlindingKeyP bks;
+ union GNUNET_CRYPTO_BlindingSecretP bks;
const struct TALER_AgeCommitmentHash *pah = NULL;
rci->ps = fcd->ps[rrh->noreveal_index];
@@ -360,7 +360,8 @@ TALER_EXCHANGE_refreshes_reveal (
const struct TALER_RefreshCoinData *rcd = &md.rcd[noreveal_index][i];
struct TALER_DenominationHashP denom_hash;
- if (TALER_DENOMINATION_CS == md.fcds[i].fresh_pk.cipher)
+ if (GNUNET_CRYPTO_BSA_CS ==
+ md.fcds[i].fresh_pk.bsign_pub_key->cipher)
send_rms = true;
TALER_denom_pub_hash (&md.fcds[i].fresh_pk,
&denom_hash);
generated by cgit v1.2.3 (git 2.26.2) at 2024-07-07 20:13:34 +0000