diff options
author | Christian Grothoff <grothoff@gnunet.org> | 2023-10-25 22:54:20 +0200 |
---|---|---|
committer | Christian Grothoff <grothoff@gnunet.org> | 2023-10-25 22:54:20 +0200 |
commit | 82d7d87cc3946a01bfed221c7da0fb9ef2c18eb1 (patch) | |
tree | f0d3cb66869650e7dc1a5bc3a197c5f05636cf3e /src/lib | |
parent | bc74ed7c2eb54820a58cf832cb7aa83b1b331458 (diff) | |
download | exchange-82d7d87cc3946a01bfed221c7da0fb9ef2c18eb1.tar.xz |
new blind signing code builds
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/exchange_api_age_withdraw.c | 82 | ||||
-rw-r--r-- | src/lib/exchange_api_batch_withdraw.c | 35 | ||||
-rw-r--r-- | src/lib/exchange_api_csr_melt.c | 3 | ||||
-rw-r--r-- | src/lib/exchange_api_csr_withdraw.c | 9 | ||||
-rw-r--r-- | src/lib/exchange_api_handle.c | 18 | ||||
-rw-r--r-- | src/lib/exchange_api_link.c | 19 | ||||
-rw-r--r-- | src/lib/exchange_api_management_get_keys.c | 18 | ||||
-rw-r--r-- | src/lib/exchange_api_melt.c | 21 | ||||
-rw-r--r-- | src/lib/exchange_api_recoup.c | 42 | ||||
-rw-r--r-- | src/lib/exchange_api_recoup_refresh.c | 45 | ||||
-rw-r--r-- | src/lib/exchange_api_refresh_common.c | 32 | ||||
-rw-r--r-- | src/lib/exchange_api_refresh_common.h | 2 | ||||
-rw-r--r-- | src/lib/exchange_api_refreshes_reveal.c | 5 |
13 files changed, 181 insertions, 150 deletions
diff --git a/src/lib/exchange_api_age_withdraw.c b/src/lib/exchange_api_age_withdraw.c index ea9c0371e..6c6460b2b 100644 --- a/src/lib/exchange_api_age_withdraw.c +++ b/src/lib/exchange_api_age_withdraw.c @@ -67,25 +67,40 @@ struct CoinCandidate */ struct CSRClosure { - /* Points to the actual candidate in CoinData.coin_candidates, to continue - * to build its contents based on the results from /csr-withdraw */ + /** + * Points to the actual candidate in CoinData.coin_candidates, to continue + * to build its contents based on the results from /csr-withdraw + */ struct CoinCandidate *candidate; - /* The planchet to finally generate. Points to the corresponding candidate - * in CoindData.planchet_details */ + /** + * The planchet to finally generate. Points to the corresponding candidate + * in CoindData.planchet_details + */ struct TALER_PlanchetDetail *planchet; - /* Handler to the originating call to /age-withdraw, needed to either + /** + * Handler to the originating call to /age-withdraw, needed to either * cancel the running age-withdraw request (on failure of the current call * to /csr-withdraw), or to eventually perform the protocol, once all - * csr-withdraw requests have successfully finished. */ + * csr-withdraw requests have successfully finished. + */ struct TALER_EXCHANGE_AgeWithdrawHandle *age_withdraw_handle; - /* Denomination information, needed for CS coins for the - * step after /csr-withdraw */ + /** + * Session nonce. + */ + union GNUNET_CRYPTO_BlindSessionNonce nonce; + + /** + * Denomination information, needed for CS coins for the + * step after /csr-withdraw + */ const struct TALER_EXCHANGE_DenomPublicKey *denom_pub; - /* Handler for the CS R request */ + /** + * Handler for the CS R request + */ struct TALER_EXCHANGE_CsRWithdrawHandle *csr_withdraw_handle; }; @@ -663,13 +678,19 @@ copy_results ( struct TALER_EXCHANGE_AgeWithdrawResponse resp = { .hr = awbr->hr, .details = { - .ok = { .noreveal_index = awbr->details.ok.noreveal_index, - .h_commitment = awbr->details.ok.h_commitment, - .exchange_pub = awbr->details.ok.exchange_pub, - .num_coins = awh->num_coins, - .coin_details = details, - .blinded_coin_hs = blinded_coin_hs}, - }, + .ok = { + .noreveal_index = awbr->details.ok.noreveal_index, + .h_commitment = awbr->details.ok.h_commitment, + .exchange_pub = awbr->details.ok.exchange_pub, + .num_coins = awh->num_coins, + .coin_details = details, + .blinded_coin_hs = blinded_coin_hs + } + + + } + + }; for (size_t n = 0; n< awh->num_coins; n++) @@ -678,10 +699,8 @@ copy_results ( details[n].planchet = awh->coin_data[n].planchet_details[k]; blinded_coin_hs[n] = awh->coin_data[n].coin_candidates[k].blinded_coin_h; } - awh->callback (awh->callback_cls, &resp); - awh->callback = NULL; } @@ -795,8 +814,8 @@ csr_withdraw_done ( bool success = false; /* Complete the initialization of the coin with CS denomination */ can->details.alg_values = csrr->details.ok.alg_values; - GNUNET_assert (can->details.alg_values.cipher - == TALER_DENOMINATION_CS); + GNUNET_assert (can->details.alg_values.blinding_inputs->cipher + == GNUNET_CRYPTO_BSA_CS); TALER_planchet_setup_coin_priv (&can->secret, &can->details.alg_values, &can->details.coin_priv); @@ -810,6 +829,7 @@ csr_withdraw_done ( TALER_planchet_prepare (&csr->denom_pub->key, &can->details.alg_values, &can->details.blinding_key, + &csr->nonce, &can->details.coin_priv, &can->details.h_age_commitment, &can->details.h_coin_pub, @@ -912,11 +932,10 @@ prepare_coins ( TALER_age_commitment_hash (&can->details.age_commitment_proof.commitment, &can->details.h_age_commitment); - switch (input->denom_pub->key.cipher) + switch (input->denom_pub->key.bsign_pub_key->cipher) { - case TALER_DENOMINATION_RSA: + case GNUNET_CRYPTO_BSA_RSA: { - can->details.alg_values.cipher = TALER_DENOMINATION_RSA; TALER_planchet_setup_coin_priv (&can->secret, &can->details.alg_values, &can->details.coin_priv); @@ -925,8 +944,9 @@ prepare_coins ( &can->details.blinding_key); FAIL_IF (GNUNET_OK != TALER_planchet_prepare (&cd->denom_pub.key, - &can->details.alg_values, + NULL, &can->details.blinding_key, + NULL, &can->details.coin_priv, &can->details.h_age_commitment, &can->details.h_coin_pub, @@ -937,10 +957,8 @@ prepare_coins ( &can->blinded_coin_h)); break; } - case TALER_DENOMINATION_CS: + case GNUNET_CRYPTO_BSA_CS: { - can->details.alg_values.cipher = TALER_DENOMINATION_CS; - struct CSRClosure *cls = &cd->csr_cls[k]; /** * Save the handler and the denomination for the callback @@ -949,21 +967,15 @@ prepare_coins ( cls->candidate = can; cls->planchet = planchet; cls->denom_pub = &cd->denom_pub; - TALER_cs_withdraw_nonce_derive ( &can->secret, - &planchet->blinded_planchet.details.cs_blinded_planchet.nonce); - - /* Note that we only initialize the first half - of the blinded_planchet here; the other part - will be done after the /csr-withdraw request! */ - planchet->blinded_planchet.cipher = TALER_DENOMINATION_CS; + &cls->nonce.cs_nonce); cls->csr_withdraw_handle = TALER_EXCHANGE_csr_withdraw ( awh->curl_ctx, awh->exchange_url, &cd->denom_pub, - &planchet->blinded_planchet.details.cs_blinded_planchet.nonce, + &cls->nonce.cs_nonce, &csr_withdraw_done, cls); FAIL_IF (NULL == cls->csr_withdraw_handle); diff --git a/src/lib/exchange_api_batch_withdraw.c b/src/lib/exchange_api_batch_withdraw.c index a1fcccce4..d17a00f1b 100644 --- a/src/lib/exchange_api_batch_withdraw.c +++ b/src/lib/exchange_api_batch_withdraw.c @@ -54,9 +54,14 @@ struct CoinData const struct TALER_AgeCommitmentHash *ach; /** - * blinding secret + * blinding secret */ - union TALER_DenominationBlindingKeyP bks; + union GNUNET_CRYPTO_BlindingSecretP bks; + + /** + * Session nonce. + */ + union GNUNET_CRYPTO_BlindSessionNonce nonce; /** * Private key of the coin we are withdrawing. @@ -79,7 +84,7 @@ struct CoinData struct TALER_CoinPubHashP c_hash; /** - * Handler for the CS R request (only used for TALER_DENOMINATION_CS denominations) + * Handler for the CS R request (only used for GNUNET_CRYPTO_BSA_CS denominations) */ struct TALER_EXCHANGE_CsRWithdrawHandle *csrh; @@ -295,7 +300,8 @@ withdraw_cs_stage_two_callback ( }; cd->csrh = NULL; - GNUNET_assert (TALER_DENOMINATION_CS == cd->pk.key.cipher); + GNUNET_assert (GNUNET_CRYPTO_BSA_CS == + cd->pk.key.bsign_pub_key->cipher); switch (csrr->hr.http_status) { case MHD_HTTP_OK: @@ -306,12 +312,11 @@ withdraw_cs_stage_two_callback ( TALER_planchet_blinding_secret_create (&cd->ps, &cd->alg_values, &cd->bks); - /* This initializes the 2nd half of the - wh->pd.blinded_planchet! */ if (GNUNET_OK != TALER_planchet_prepare (&cd->pk.key, &cd->alg_values, &cd->bks, + &cd->nonce, &cd->priv, cd->ach, &cd->c_hash, @@ -367,11 +372,10 @@ TALER_EXCHANGE_batch_withdraw ( cd->pk = *wci->pk; TALER_denom_pub_deep_copy (&cd->pk.key, &wci->pk->key); - switch (wci->pk->key.cipher) + switch (wci->pk->key.bsign_pub_key->cipher) { - case TALER_DENOMINATION_RSA: + case GNUNET_CRYPTO_BSA_RSA: { - cd->alg_values.cipher = TALER_DENOMINATION_RSA; TALER_planchet_setup_coin_priv (&cd->ps, &cd->alg_values, &cd->priv); @@ -380,8 +384,9 @@ TALER_EXCHANGE_batch_withdraw ( &cd->bks); if (GNUNET_OK != TALER_planchet_prepare (&cd->pk.key, - &cd->alg_values, + NULL, &cd->bks, + NULL, &cd->priv, cd->ach, &cd->c_hash, @@ -393,20 +398,16 @@ TALER_EXCHANGE_batch_withdraw ( } break; } - case TALER_DENOMINATION_CS: + case GNUNET_CRYPTO_BSA_CS: { TALER_cs_withdraw_nonce_derive ( &cd->ps, - &cd->pd.blinded_planchet.details.cs_blinded_planchet.nonce); - /* Note that we only initialize the first half - of the blinded_planchet here; the other part - will be done after the /csr-withdraw request! */ - cd->pd.blinded_planchet.cipher = TALER_DENOMINATION_CS; + &cd->nonce.cs_nonce); cd->csrh = TALER_EXCHANGE_csr_withdraw ( curl_ctx, exchange_url, &cd->pk, - &cd->pd.blinded_planchet.details.cs_blinded_planchet.nonce, + &cd->nonce.cs_nonce, &withdraw_cs_stage_two_callback, cd); if (NULL == cd->csrh) diff --git a/src/lib/exchange_api_csr_melt.c b/src/lib/exchange_api_csr_melt.c index f59995af3..f5887bd60 100644 --- a/src/lib/exchange_api_csr_melt.c +++ b/src/lib/exchange_api_csr_melt.c @@ -234,7 +234,8 @@ TALER_EXCHANGE_csr_melt ( return NULL; } for (unsigned int i = 0; i<nks_len; i++) - if (TALER_DENOMINATION_CS != nks[i].pk->key.cipher) + if (GNUNET_CRYPTO_BSA_CS != + nks[i].pk->key.bsign_pub_key->cipher) { GNUNET_break (0); return NULL; diff --git a/src/lib/exchange_api_csr_withdraw.c b/src/lib/exchange_api_csr_withdraw.c index 4c1d83a9a..fa2b0dc85 100644 --- a/src/lib/exchange_api_csr_withdraw.c +++ b/src/lib/exchange_api_csr_withdraw.c @@ -203,13 +203,14 @@ TALER_EXCHANGE_csr_withdraw ( struct GNUNET_CURL_Context *curl_ctx, const char *exchange_url, const struct TALER_EXCHANGE_DenomPublicKey *pk, - const struct TALER_CsNonce *nonce, + const struct GNUNET_CRYPTO_CsSessionNonce *nonce, TALER_EXCHANGE_CsRWithdrawCallback res_cb, void *res_cb_cls) { struct TALER_EXCHANGE_CsRWithdrawHandle *csrh; - if (TALER_DENOMINATION_CS != pk->key.cipher) + if (GNUNET_CRYPTO_BSA_CS != + pk->key.bsign_pub_key->cipher) { GNUNET_break (0); return NULL; @@ -233,10 +234,10 @@ TALER_EXCHANGE_csr_withdraw ( req = GNUNET_JSON_PACK ( GNUNET_JSON_pack_data_varsize ("nonce", nonce, - sizeof(struct TALER_CsNonce)), + sizeof(*nonce)), GNUNET_JSON_pack_data_varsize ("denom_pub_hash", &pk->h_key, - sizeof(struct TALER_DenominationHashP))); + sizeof(pk->h_key))); GNUNET_assert (NULL != req); eh = TALER_EXCHANGE_curl_easy_get_ (csrh->url); if ( (NULL == eh) || diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c index 50a1a9ce9..24d1590cc 100644 --- a/src/lib/exchange_api_handle.c +++ b/src/lib/exchange_api_handle.c @@ -458,7 +458,7 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key, static enum GNUNET_GenericReturnValue parse_json_denomkey_partially ( struct TALER_EXCHANGE_DenomPublicKey *denom_key, - enum TALER_DenominationCipher cipher, + enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, bool check_sigs, const json_t *denom_key_obj, struct TALER_MasterPublicKeyP *master_key, @@ -1111,7 +1111,6 @@ decode_keys_json (const json_t *resp_obj, denomination. Required to make the validity check inside parse_json_denomkey_partially pass */ struct TALER_EXCHANGE_DenomPublicKey dk = { - .key.cipher = group.cipher, .value = group.value, .fees = group.fees, .key.age_mask = group.age_mask @@ -1978,10 +1977,10 @@ add_grp (void *cls, (void) key; switch (gd->meta.cipher) { - case TALER_DENOMINATION_RSA: + case GNUNET_CRYPTO_BSA_RSA: cipher = age_restricted ? "RSA+age_restricted" : "RSA"; break; - case TALER_DENOMINATION_CS: + case GNUNET_CRYPTO_BSA_CS: cipher = age_restricted ? "CS+age_restricted" : "CS"; break; default: @@ -2125,7 +2124,6 @@ TALER_EXCHANGE_keys_to_json (const struct TALER_EXCHANGE_Keys *kd) { const struct TALER_EXCHANGE_DenomPublicKey *dk = &kd->denom_keys[i]; struct TALER_DenominationGroup meta = { - .cipher = dk->key.cipher, .value = dk->value, .fees = dk->fees, .age_mask = dk->key.age_mask @@ -2159,18 +2157,18 @@ TALER_EXCHANGE_keys_to_json (const struct TALER_EXCHANGE_Keys *kd) } switch (meta.cipher) { - case TALER_DENOMINATION_RSA: + case GNUNET_CRYPTO_BSA_RSA: key_spec = GNUNET_JSON_pack_rsa_public_key ( "rsa_pub", - dk->key.details.rsa_public_key); + dk->key.bsign_pub_key->details.rsa_public_key); break; - case TALER_DENOMINATION_CS: + case GNUNET_CRYPTO_BSA_CS: key_spec = GNUNET_JSON_pack_data_varsize ( "cs_pub", - &dk->key.details.cs_public_key, - sizeof (dk->key.details.cs_public_key)); + &dk->key.bsign_pub_key->details.cs_public_key, + sizeof (dk->key.bsign_pub_key->details.cs_public_key)); break; default: GNUNET_assert (false); diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c index f408b87d0..2d56ec915 100644 --- a/src/lib/exchange_api_link.c +++ b/src/lib/exchange_api_link.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2015-2021 Taler Systems SA + Copyright (C) 2015-2023 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -89,9 +89,9 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, struct TALER_BlindedDenominationSignature bsig; struct TALER_DenominationPublicKey rpub; struct TALER_CoinSpendSignatureP link_sig; - union TALER_DenominationBlindingKeyP bks; + union GNUNET_CRYPTO_BlindingSecretP bks; struct TALER_ExchangeWithdrawValues alg_values; - struct TALER_CsNonce nonce; + union GNUNET_CRYPTO_BlindSessionNonce nonce; bool no_nonce; uint32_t coin_idx; struct GNUNET_JSON_Specification spec[] = { @@ -163,6 +163,9 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, &rpub, &alg_values, &bks, + no_nonce + ? NULL + : &nonce, &lci->coin_priv, pah, &c_hash, @@ -172,16 +175,6 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, GNUNET_JSON_parse_free (spec); return GNUNET_SYSERR; } - if (TALER_DENOMINATION_CS == alg_values.cipher) - { - if (no_nonce) - { - GNUNET_break_op (0); - GNUNET_JSON_parse_free (spec); - return GNUNET_SYSERR; - } - pd.blinded_planchet.details.cs_blinded_planchet.nonce = nonce; - } /* extract coin and signature */ if (GNUNET_OK != TALER_denom_sig_unblind (&lci->sig, diff --git a/src/lib/exchange_api_management_get_keys.c b/src/lib/exchange_api_management_get_keys.c index 03339c663..b88ddc205 100644 --- a/src/lib/exchange_api_management_get_keys.c +++ b/src/lib/exchange_api_management_get_keys.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2015-2020 Taler Systems SA + Copyright (C) 2015-2023 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -228,14 +228,15 @@ handle_ok (struct TALER_EXCHANGE_ManagementGetKeysHandle *gh, TALER_denom_pub_hash (&denom_key->key, &h_denom_pub); - switch (denom_key->key.cipher) + switch (denom_key->key.bsign_pub_key->cipher) { - case TALER_DENOMINATION_RSA: + case GNUNET_CRYPTO_BSA_RSA: { struct TALER_RsaPubHashP h_rsa; - TALER_rsa_pub_hash (denom_key->key.details.rsa_public_key, - &h_rsa); + TALER_rsa_pub_hash ( + denom_key->key.bsign_pub_key->details.rsa_public_key, + &h_rsa); if (GNUNET_OK != TALER_exchange_secmod_rsa_verify (&h_rsa, section_name, @@ -250,12 +251,13 @@ handle_ok (struct TALER_EXCHANGE_ManagementGetKeysHandle *gh, } } break; - case TALER_DENOMINATION_CS: + case GNUNET_CRYPTO_BSA_CS: { struct TALER_CsPubHashP h_cs; - TALER_cs_pub_hash (&denom_key->key.details.cs_public_key, - &h_cs); + TALER_cs_pub_hash ( + &denom_key->key.bsign_pub_key->details.cs_public_key, + &h_cs); if (GNUNET_OK != TALER_exchange_secmod_cs_verify (&h_cs, section_name, diff --git a/src/lib/exchange_api_melt.c b/src/lib/exchange_api_melt.c index ba4241dab..906772767 100644 --- a/src/lib/exchange_api_melt.c +++ b/src/lib/exchange_api_melt.c @@ -460,18 +460,16 @@ csr_cb (void *cls, &mh->rd->fresh_pks[i]; struct TALER_ExchangeWithdrawValues *wv = &mh->mbds[i].alg_value; - switch (fresh_pk->key.cipher) + switch (fresh_pk->key.bsign_pub_key->cipher) { - case TALER_DENOMINATION_INVALID: + case GNUNET_CRYPTO_BSA_INVALID: GNUNET_break (0); fail_mh (mh, TALER_EC_GENERIC_CLIENT_INTERNAL_ERROR); return; - case TALER_DENOMINATION_RSA: - GNUNET_assert (TALER_DENOMINATION_RSA == wv->cipher); + case GNUNET_CRYPTO_BSA_RSA: break; - case TALER_DENOMINATION_CS: - GNUNET_assert (TALER_DENOMINATION_CS == wv->cipher); + case GNUNET_CRYPTO_BSA_CS: *wv = csrr->details.ok.alg_values[nks_off]; nks_off++; break; @@ -521,20 +519,17 @@ TALER_EXCHANGE_melt ( for (unsigned int i = 0; i<rd->fresh_pks_len; i++) { const struct TALER_EXCHANGE_DenomPublicKey *fresh_pk = &rd->fresh_pks[i]; - struct TALER_ExchangeWithdrawValues *wv = &mh->mbds[i].alg_value; - switch (fresh_pk->key.cipher) + switch (fresh_pk->key.bsign_pub_key->cipher) { - case TALER_DENOMINATION_INVALID: + case GNUNET_CRYPTO_BSA_INVALID: GNUNET_break (0); GNUNET_free (mh->mbds); GNUNET_free (mh); return NULL; - case TALER_DENOMINATION_RSA: - wv->cipher = TALER_DENOMINATION_RSA; + case GNUNET_CRYPTO_BSA_RSA: break; - case TALER_DENOMINATION_CS: - wv->cipher = TALER_DENOMINATION_CS; + case GNUNET_CRYPTO_BSA_CS: nks[nks_off].pk = fresh_pk; nks[nks_off].cnc_num = nks_off; nks_off++; diff --git a/src/lib/exchange_api_recoup.c b/src/lib/exchange_api_recoup.c index cfd265f04..56499f381 100644 --- a/src/lib/exchange_api_recoup.c +++ b/src/lib/exchange_api_recoup.c @@ -245,7 +245,7 @@ TALER_EXCHANGE_recoup ( CURL *eh; char arg_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2 + 32]; struct TALER_CoinSpendPrivateKeyP coin_priv; - union TALER_DenominationBlindingKeyP bks; + union GNUNET_CRYPTO_BlindingSecretP bks; ph = GNUNET_new (struct TALER_EXCHANGE_RecoupHandle); TALER_planchet_setup_coin_priv (ps, @@ -273,22 +273,32 @@ TALER_EXCHANGE_recoup ( &ph->coin_sig), GNUNET_JSON_pack_data_auto ("coin_blind_key_secret", &bks)); - if (TALER_DENOMINATION_CS == denom_sig->cipher) + switch (denom_sig->unblinded_sig->cipher) { - struct TALER_CsNonce nonce; - - /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash() - it is not strictly clear that the nonce is needed. Best case would be - to find a way to include it more 'naturally' somehow, for example with - the variant union version of bks! */ - TALER_cs_withdraw_nonce_derive (ps, - &nonce); - GNUNET_assert ( - 0 == - json_object_set_new (recoup_obj, - "cs_nonce", - GNUNET_JSON_from_data_auto ( - &nonce))); + case GNUNET_CRYPTO_BSA_INVALID: + json_decref (recoup_obj); + GNUNET_break (0); + GNUNET_free (ph); + return NULL; + case GNUNET_CRYPTO_BSA_RSA: + break; + case GNUNET_CRYPTO_BSA_CS: + { + union GNUNET_CRYPTO_BlindSessionNonce nonce; + + /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash() + it is not strictly clear that the nonce is needed. Best case would be + to find a way to include it more 'naturally' somehow, for example with + the variant union version of bks! */ + TALER_cs_withdraw_nonce_derive (ps, + &nonce.cs_nonce); + GNUNET_assert ( + 0 == + json_object_set_new (recoup_obj, + "cs_nonce", + GNUNET_JSON_from_data_auto ( + &nonce))); + } } { diff --git a/src/lib/exchange_api_recoup_refresh.c b/src/lib/exchange_api_recoup_refresh.c index 0bcd44dec..0c2e21cbf 100644 --- a/src/lib/exchange_api_recoup_refresh.c +++ b/src/lib/exchange_api_recoup_refresh.c @@ -235,7 +235,7 @@ TALER_EXCHANGE_recoup_refresh ( CURL *eh; char arg_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2 + 32]; struct TALER_CoinSpendPrivateKeyP coin_priv; - union TALER_DenominationBlindingKeyP bks; + union GNUNET_CRYPTO_BlindingSecretP bks; GNUNET_assert (NULL != recoup_cb); ph = GNUNET_new (struct TALER_EXCHANGE_RecoupRefreshHandle); @@ -271,23 +271,34 @@ TALER_EXCHANGE_recoup_refresh ( GNUNET_JSON_pack_data_auto ("coin_blind_key_secret", &bks)); - if (TALER_DENOMINATION_CS == denom_sig->cipher) + switch (denom_sig->unblinded_sig->cipher) { - struct TALER_CsNonce nonce; - - /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash() - it is not strictly clear that the nonce is needed. Best case would be - to find a way to include it more 'naturally' somehow, for example with - the variant union version of bks! */ - TALER_cs_refresh_nonce_derive (rms, - idx, - &nonce); - GNUNET_assert ( - 0 == - json_object_set_new (recoup_obj, - "cs_nonce", - GNUNET_JSON_from_data_auto ( - &nonce))); + case GNUNET_CRYPTO_BSA_INVALID: + json_decref (recoup_obj); + GNUNET_break (0); + GNUNET_free (ph); + return NULL; + case GNUNET_CRYPTO_BSA_RSA: + break; + case GNUNET_CRYPTO_BSA_CS: + { + union GNUNET_CRYPTO_BlindSessionNonce nonce; + + /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash() + it is not strictly clear that the nonce is needed. Best case would be + to find a way to include it more 'naturally' somehow, for example with + the variant union version of bks! */ + TALER_cs_refresh_nonce_derive (rms, + idx, + &nonce.cs_nonce); + GNUNET_assert ( + 0 == + json_object_set_new (recoup_obj, + "cs_nonce", + GNUNET_JSON_from_data_auto ( + &nonce))); + } + break; } { diff --git a/src/lib/exchange_api_refresh_common.c b/src/lib/exchange_api_refresh_common.c index 0a6665b55..57011a6b4 100644 --- a/src/lib/exchange_api_refresh_common.c +++ b/src/lib/exchange_api_refresh_common.c @@ -68,7 +68,7 @@ TALER_EXCHANGE_get_melt_data_ ( { struct TALER_Amount total; struct TALER_CoinSpendPublicKeyP coin_pub; - struct TALER_CsNonce nonces[rd->fresh_pks_len]; + union GNUNET_CRYPTO_BlindSessionNonce nonces[rd->fresh_pks_len]; bool uses_cs = false; GNUNET_CRYPTO_eddsa_key_get_public (&rd->melt_priv.eddsa_priv, @@ -99,19 +99,27 @@ TALER_EXCHANGE_get_melt_data_ ( { struct FreshCoinData *fcd = &md->fcds[j]; - if (alg_values[j].cipher != rd->fresh_pks[j].key.cipher) + switch (fcd->fresh_pk.bsign_pub_key->cipher) { + case GNUNET_CRYPTO_BSA_INVALID: GNUNET_break (0); TALER_EXCHANGE_free_melt_data_ (md); return GNUNET_SYSERR; - } - if (TALER_DENOMINATION_CS == alg_values[j].cipher) - { + case GNUNET_CRYPTO_BSA_RSA: + break; + case GNUNET_CRYPTO_BSA_CS: + if (alg_values[j].blinding_inputs->cipher != + fcd->fresh_pk.bsign_pub_key->cipher) + { + GNUNET_break (0); + TALER_EXCHANGE_free_melt_data_ (md); + return GNUNET_SYSERR; + } uses_cs = true; - TALER_cs_refresh_nonce_derive ( - rms, - j, - &nonces[j]); + TALER_cs_refresh_nonce_derive (rms, + j, + &nonces[j].cs_nonce); + break; } TALER_denom_pub_deep_copy (&fcd->fresh_pk, &rd->fresh_pks[j].key); @@ -170,7 +178,7 @@ TALER_EXCHANGE_get_melt_data_ ( struct TALER_CoinSpendPrivateKeyP *coin_priv = &fcd->coin_priv; struct TALER_PlanchetMasterSecretP *ps = &fcd->ps[i]; struct TALER_RefreshCoinData *rcd = &md->rcd[i][j]; - union TALER_DenominationBlindingKeyP *bks = &fcd->bks[i]; + union GNUNET_CRYPTO_BlindingSecretP *bks = &fcd->bks[i]; struct TALER_PlanchetDetail pd; struct TALER_CoinPubHashP c_hash; struct TALER_AgeCommitmentHash ach; @@ -205,13 +213,11 @@ TALER_EXCHANGE_get_melt_data_ ( pah = &ach; } - if (TALER_DENOMINATION_CS == alg_values[j].cipher) - pd.blinded_planchet.details.cs_blinded_planchet.nonce = nonces[j]; - if (GNUNET_OK != TALER_planchet_prepare (&fcd->fresh_pk, &alg_values[j], bks, + &nonces[j], coin_priv, pah, &c_hash, diff --git a/src/lib/exchange_api_refresh_common.h b/src/lib/exchange_api_refresh_common.h index 0cb80f17e..f596e1e90 100644 --- a/src/lib/exchange_api_refresh_common.h +++ b/src/lib/exchange_api_refresh_common.h @@ -109,7 +109,7 @@ struct FreshCoinData * Blinding key secrets for the coins, depending on the * cut-and-choose. */ - union TALER_DenominationBlindingKeyP bks[TALER_CNC_KAPPA]; + union GNUNET_CRYPTO_BlindingSecretP bks[TALER_CNC_KAPPA]; }; diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c index 220682992..a4ea47763 100644 --- a/src/lib/exchange_api_refreshes_reveal.c +++ b/src/lib/exchange_api_refreshes_reveal.c @@ -138,7 +138,7 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshesRevealHandle *rrh, GNUNET_JSON_spec_end () }; struct TALER_FreshCoin coin; - union TALER_DenominationBlindingKeyP bks; + union GNUNET_CRYPTO_BlindingSecretP bks; const struct TALER_AgeCommitmentHash *pah = NULL; rci->ps = fcd->ps[rrh->noreveal_index]; @@ -360,7 +360,8 @@ TALER_EXCHANGE_refreshes_reveal ( const struct TALER_RefreshCoinData *rcd = &md.rcd[noreveal_index][i]; struct TALER_DenominationHashP denom_hash; - if (TALER_DENOMINATION_CS == md.fcds[i].fresh_pk.cipher) + if (GNUNET_CRYPTO_BSA_CS == + md.fcds[i].fresh_pk.bsign_pub_key->cipher) send_rms = true; TALER_denom_pub_hash (&md.fcds[i].fresh_pk, &denom_hash); |