CS planchet create and withdraw create

4 files changed, 120 insertions, 52 deletions

diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 2e0674fb1..8e5df1fca 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -760,17 +760,11 @@ struct TALER_BlindedRsaPlanchet
 struct TALER_BlindedCsPlanchet
 {
   /**
-   * Withdraw or refresh nonce used for derivation
-   */
-  struct GNUNET_CRYPTO_CsNonce nonce;
-
-  /**
    * The Clause Schnorr c_0 and c_1 containing the blinded message
    */
   struct GNUNET_CRYPTO_CsC c[2];
 };
 
-
 /**
  * @brief Type including Parameters to create blinded signature
  *
@@ -800,6 +794,21 @@ struct TALER_BlindedPlanchet
   } details;
 };
 
+struct TALER_WithdrawNonce
+{
+  /**
+   * 32 bit nonce to include in withdrawals
+   */
+  struct GNUNET_CRYPTO_CsNonce nonce;
+};
+
+struct TALER_RefreshNonce
+{
+  /**
+   * 32 bit nonce to include in withdrawals
+   */
+  struct GNUNET_CRYPTO_CsNonce nonce;
+};
 
 /**
  * @brief RSA Parameters to create blinded messages
@@ -868,6 +877,11 @@ struct TALER_PlanchetDeriveCsBlindingSecrets
    * size of the secret to derive blinding secrets from
    */
   size_t secret_len;
+
+  /**
+   * public R_0 and R_1 are hashed too
+   */
+  struct GNUNET_CRYPTO_CsRPublic r_pub[2];
 };
 
 /**
@@ -938,6 +952,16 @@ struct TALER_TrackTransferDetails
 void
 TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
 
+/**
+ * @brief Method to generate withdraw nonce
+ *
+ * @param coin_priv private key of the coin
+ * @param nonce withdraw nonce included in the request to generate R_0 and R_1
+ */
+void
+TALER_cs_withdraw_nonce_derive (const struct
+                                TALER_CoinSpendPrivateKeyP *coin_priv,
+                                struct TALER_WithdrawNonce *nonce);
 
 /**
  * Create a blinding secret @a bs for @a cipher.
@@ -1397,8 +1421,7 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
  */
 void
 TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
-                             enum TALER_DenominationCipher cipher,
-                             ...);
+                             enum TALER_DenominationCipher cipher);
 
 
 /**
diff --git a/src/util/crypto.c b/src/util/crypto.c
index a8413e0f5..40c69b54a 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -167,10 +167,53 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
 
 
 void
-blinding_secret_create_va (union TALER_DenominationBlindingKeyP *bs,
-                           enum TALER_DenominationCipher cipher,
-                           va_list ap)
+cs_blinding_seed_derive (const void *secret,
+                         size_t secret_len,
+                         const struct GNUNET_CRYPTO_CsRPublic r_pub[2],
+                         struct GNUNET_CRYPTO_CsNonce *blind_seed)
 {
+  GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CRYPTO_hkdf (blind_seed,
+                                     sizeof (*blind_seed),
+                                     GCRY_MD_SHA512,
+                                     GCRY_MD_SHA256,
+                                     "bseed",
+                                     strlen ("bseed"),
+                                     secret,
+                                     secret_len,
+                                     r_pub,
+                                     sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2,
+                                     NULL,
+                                     0));
+}
+
+
+void
+TALER_cs_withdraw_nonce_derive (const struct
+                                TALER_CoinSpendPrivateKeyP *coin_priv,
+                                struct TALER_WithdrawNonce *nonce)
+{
+  GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CRYPTO_hkdf (nonce,
+                                     sizeof (*nonce),
+                                     GCRY_MD_SHA512,
+                                     GCRY_MD_SHA256,
+                                     "n",
+                                     strlen ("n"),
+                                     coin_priv,
+                                     sizeof(*coin_priv),
+                                     NULL,
+                                     0));
+}
+
+
+void
+TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
+                              enum TALER_DenominationCipher cipher,
+                              ...)
+{
+  va_list ap;
+  va_start (ap, cipher);
   switch (cipher)
   {
   case TALER_DENOMINATION_INVALID:
@@ -184,51 +227,50 @@ blinding_secret_create_va (union TALER_DenominationBlindingKeyP *bs,
     return;
   case TALER_DENOMINATION_CS:
     {
-      // TODO: nonce teil ist noch falsch. da kommt bs[2] zurück, was wir nicht speichern wollen!
-      struct TALER_PlanchetDeriveCsBlindingSecrets*seed;
-
-      seed = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *);
-
-      // GNUNET_CRYPTO_cs_blinding_secrets_derive(&seed->secret,
-      //                                          seed->secret_len,
-      //                                          &bs->nonce);
+      struct TALER_PlanchetDeriveCsBlindingSecrets *params;
+      params = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *);
+      cs_blinding_seed_derive (params->secret,
+                               params->secret_len,
+                               params->r_pub,
+                               &bs->nonce);
       return;
     }
-
   default:
     GNUNET_break (0);
   }
-
-  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
-                              bs,
-                              sizeof (*bs));
-}
-
-
-void
-TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
-                              enum TALER_DenominationCipher cipher,
-                              ...)
-{
-  va_list ap;
-  va_start (ap, cipher);
-  blinding_secret_create_va (bs, cipher, ap);
   va_end (ap);
 }
 
 
+/**
+ * @brief setup a random planchet
+ * In Case of RSA planchet, the bks gets set
+ * In Case of Schnorr this will be set in future
+ */
 void
 TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
-                             enum TALER_DenominationCipher cipher,
-                             ...)
+                             enum TALER_DenominationCipher cipher)
 {
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
                               &ps->coin_priv,
                               sizeof (struct TALER_CoinSpendPrivateKeyP));
-  va_list ap;
-  va_start (ap, cipher);
-  blinding_secret_create_va (&ps->blinding_key, cipher, ap);
-  va_end (ap);
+  switch (cipher)
+  {
+  case TALER_DENOMINATION_INVALID:
+    GNUNET_break (0);
+    return;
+  case TALER_DENOMINATION_RSA:
+    GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+                                &ps->blinding_key.rsa_bks,
+                                sizeof (struct
+                                        GNUNET_CRYPTO_RsaBlindingKeySecret));
+    return;
+  case TALER_DENOMINATION_CS:
+    // Will be set in a later stage for Clause Blind Schnorr Scheme
+    return;
+  default:
+    GNUNET_break (0);
+  }
 }
 
 
diff --git a/src/util/denom.c b/src/util/denom.c
index bcfa3efab..6ff92e894 100644
--- a/src/util/denom.c
+++ b/src/util/denom.c
@@ -199,7 +199,10 @@ TALER_denom_pub_hash (const struct TALER_DenominationPublicKey *denom_pub,
       GNUNET_free (buf);
     }
     break;
-  // TODO: add case for Clause-Schnorr
+  case TALER_DENOMINATION_CS:
+    GNUNET_CRYPTO_hash_context_read (hc,
+                                     &denom_pub->details.cs_public_key,
+                                     sizeof(denom_pub->details.cs_public_key));
   default:
     GNUNET_assert (0);
   }
@@ -237,11 +240,6 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk,
                    struct TALER_CoinPubHash *c_hash,
                    struct TALER_BlindedPlanchet *blinded_planchet)
 {
-  // if (dk->cipher != blinded_planchet->cipher)
-  // {
-  //   GNUNET_break (0);
-  //   return GNUNET_SYSERR;
-  // }
   blinded_planchet->cipher = dk->cipher;
   TALER_coin_pub_hash (coin_pub,
                        age_commitment_hash,
diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c
index 12f9e64c0..a91536bf7 100644
--- a/src/util/test_crypto.c
+++ b/src/util/test_crypto.c
@@ -141,13 +141,14 @@ test_planchets_rsa (void)
 static int
 test_planchets_cs (void)
 {
-  // struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetSecretsP ps;
   struct TALER_DenominationPrivateKey dk_priv;
   struct TALER_DenominationPublicKey dk_pub;
-  // struct TALER_PlanchetDetail pd;
+  struct TALER_PlanchetDetail pd;
+  struct TALER_CoinPubHash c_hash;
+  struct TALER_WithdrawNonce nonce;
   // struct TALER_BlindedDenominationSignature blind_sig;
   // struct TALER_FreshCoin coin;
-  // struct TALER_CoinPubHash c_hash;
   // struct TALER_PlanchetDeriveCsBlindingSecrets seed;
 
   GNUNET_assert (GNUNET_OK ==
@@ -158,8 +159,12 @@ test_planchets_cs (void)
   // seed.secret = "test secret";
   // seed.secret_len = strlen ("test secret");
 
-  // TODO: Probably need to adjust GNUNET CS implementation for the CSNonce creation and afterwards adjust the derive function
-  // TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS, &seed);
+  TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS);
+  TALER_cs_withdraw_nonce_derive (&ps.coin_priv, &nonce);
+
+  // NEXT: Implement to create withdraw nonce
+  // Implement to get R_0 and R_1
+  // Implement to genrate b-seed from it and calculate c then§
 
   // GNUNET_assert (GNUNET_OK ==
   //                TALER_planchet_prepare (&dk_pub,