6 files changed, 66 insertions, 25 deletions

diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c b/src/exchange/taler-exchange-httpd_refreshes_reveal.c
index f9330ebe9..b1903032e 100644
--- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c
+++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c
@@ -381,7 +381,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
   {
     struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrc = &rrcs[i];
     struct GNUNET_JSON_Specification spec[] = {
-      TALER_JSON_spec_blinded_planchet (NULL,
+      TALER_JSON_spec_blinded_planchet ("bp",
                                         &rrc->blinded_planchet),
       GNUNET_JSON_spec_end ()
     };
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index dbf390ea9..8c2479b98 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -1498,6 +1498,22 @@ TALER_transfer_secret_to_planchet_secret (
 
 
 /**
+ * Derive the @a coin_num transfer private key @a tpriv from a refresh from
+ * the @a ps seed of the refresh operation.  The transfer private key
+ * derivation is based on the @a ps with a KDF salted by the @a coin_num.
+ *
+ * @param ps seed to use for KDF to derive transfer keys
+ * @param cnc_num cut and choose number to include in KDF
+ * @param[out] tpriv value to initialize
+ */
+void
+TALER_planchet_secret_to_transfer_priv (
+  const struct TALER_PlanchetSecretsP *ps,
+  uint32_t cnc_num,
+  struct TALER_TransferPrivateKeyP *tpriv);
+
+
+/**
  * Setup information for fresh coins to be withdrawn
  * or refreshed.
  *
diff --git a/src/lib/exchange_api_refresh_common.c b/src/lib/exchange_api_refresh_common.c
index 0f0032c4c..7d8f4c920 100644
--- a/src/lib/exchange_api_refresh_common.c
+++ b/src/lib/exchange_api_refresh_common.c
@@ -114,9 +114,10 @@ TALER_EXCHANGE_get_melt_data_ (
   /* build up coins */
   for (unsigned int i = 0; i<TALER_CNC_KAPPA; i++)
   {
-    // FIXME: derive!
-    GNUNET_CRYPTO_ecdhe_key_create (
-      &md->melted_coin.transfer_priv[i].ecdhe_priv);
+    TALER_planchet_secret_to_transfer_priv (
+      ps,
+      i,
+      &md->melted_coin.transfer_priv[i]);
     GNUNET_CRYPTO_ecdhe_key_get_public (
       &md->melted_coin.transfer_priv[i].ecdhe_priv,
       &rce[i].transfer_pub.ecdhe_pub);
diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c
index f936e240b..38ca93310 100644
--- a/src/lib/exchange_api_refreshes_reveal.c
+++ b/src/lib/exchange_api_refreshes_reveal.c
@@ -408,15 +408,14 @@ TALER_EXCHANGE_refreshes_reveal (
       TALER_EXCHANGE_free_melt_data_ (&md);
       return NULL;
     }
-    GNUNET_assert (0 ==
-                   json_array_append_new (coin_evs,
-                                          GNUNET_JSON_from_data (
-                                            pd.blinded_planchet.details.
-                                            rsa_blinded_planchet.blinded_msg,
-                                            pd.
-                                            blinded_planchet.details.
-                                            rsa_blinded_planchet.
-                                            blinded_msg_size)));
+    GNUNET_assert (
+      0 ==
+      json_array_append_new (
+        coin_evs,
+        GNUNET_JSON_PACK (
+          TALER_JSON_pack_blinded_planchet (
+            NULL,
+            &pd.blinded_planchet))));
     {
       struct TALER_CoinSpendSignatureP link_sig;
 
diff --git a/src/testing/testing_api_cmd_refresh.c b/src/testing/testing_api_cmd_refresh.c
index 7593a5a7a..dd70b438a 100644
--- a/src/testing/testing_api_cmd_refresh.c
+++ b/src/testing/testing_api_cmd_refresh.c
@@ -172,7 +172,7 @@ struct RefreshMeltState
    * exchange to pick any previous /rerfesh/melt operation from
    * the database.
    */
-  unsigned int double_melt;
+  bool double_melt;
 
   /**
    * How often should we retry on (transient) failures?
@@ -979,7 +979,7 @@ melt_cb (void *cls,
                 GNUNET_STRINGS_relative_time_to_string (rms->total_backoff,
                                                         GNUNET_YES));
   }
-  if (GNUNET_YES == rms->double_melt)
+  if (rms->double_melt)
   {
     TALER_LOG_DEBUG ("Doubling the melt (%s)\n",
                      rms->is->commands[rms->is->ip].label);
@@ -988,7 +988,7 @@ melt_cb (void *cls,
                                     &rms->refresh_data,
                                     &melt_cb,
                                     rms);
-    rms->double_melt = GNUNET_NO;
+    rms->double_melt = false;
     return;
   }
   TALER_TESTING_interpreter_next (rms->is);
@@ -1026,9 +1026,9 @@ melt_run (void *cls,
        num_fresh_coins++)
     ;
   rms->num_fresh_coins = num_fresh_coins;
-  rms->fresh_pks = GNUNET_new_array
-                     (num_fresh_coins,
-                     struct TALER_EXCHANGE_DenomPublicKey);
+  rms->fresh_pks = GNUNET_new_array (
+    num_fresh_coins,
+    struct TALER_EXCHANGE_DenomPublicKey);
   {
     struct TALER_Amount melt_amount;
     struct TALER_Amount fresh_amount;
@@ -1088,7 +1088,8 @@ melt_run (void *cls,
         GNUNET_break (0);
         GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                     "Failed to parse amount `%s' at index %u\n",
-                    melt_fresh_amounts[i], i);
+                    melt_fresh_amounts[i],
+                    i);
         TALER_TESTING_interpreter_fail (rms->is);
         return;
       }
@@ -1154,7 +1155,8 @@ melt_cleanup (void *cls,
   {
     GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                 "Command %u (%s) did not complete\n",
-                rms->is->ip, rms->is->commands[rms->is->ip].label);
+                rms->is->ip,
+                rms->is->commands[rms->is->ip].label);
     TALER_EXCHANGE_melt_cancel (rms->rmh);
     rms->rmh = NULL;
   }
@@ -1167,8 +1169,8 @@ melt_cleanup (void *cls,
   {
     for (unsigned int i = 0; i < rms->num_fresh_coins; i++)
       TALER_denom_pub_free (&rms->fresh_pks[i].key);
+    GNUNET_free (rms->fresh_pks);
   }
-  GNUNET_free (rms->fresh_pks);
   GNUNET_free (rms->alg_values);
   GNUNET_free (rms->melt_fresh_amounts);
   GNUNET_free (rms);
@@ -1276,7 +1278,8 @@ TALER_TESTING_cmd_melt (const char *label,
   rms = GNUNET_new (struct RefreshMeltState);
   rms->coin_reference = coin_reference;
   rms->expected_response_code = expected_response_code;
-  va_start (ap, expected_response_code);
+  va_start (ap,
+            expected_response_code);
   GNUNET_assert (GNUNET_OK ==
                  parse_amounts (rms, ap));
   va_end (ap);
@@ -1306,8 +1309,9 @@ TALER_TESTING_cmd_melt_double (const char *label,
   rms = GNUNET_new (struct RefreshMeltState);
   rms->coin_reference = coin_reference;
   rms->expected_response_code = expected_response_code;
-  rms->double_melt = GNUNET_YES;
-  va_start (ap, expected_response_code);
+  rms->double_melt = true;
+  va_start (ap,
+            expected_response_code);
   GNUNET_assert (GNUNET_OK ==
                  parse_amounts (rms, ap));
   va_end (ap);
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 8e48b48d1..a32a10230 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -177,6 +177,27 @@ TALER_transfer_secret_to_planchet_secret (
 
 
 void
+TALER_planchet_secret_to_transfer_priv (
+  const struct TALER_PlanchetSecretsP *ps,
+  uint32_t cnc_num,
+  struct TALER_TransferPrivateKeyP *tpriv)
+{
+  uint32_t be_salt = htonl (cnc_num);
+
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CRYPTO_kdf (tpriv,
+                                    sizeof (*tpriv),
+                                    &be_salt,
+                                    sizeof (be_salt),
+                                    ps,
+                                    sizeof (*ps),
+                                    "taler-transfer-priv-derivation",
+                                    strlen ("taler-transfer-priv-derivation"),
+                                    NULL, 0));
+}
+
+
+void
 TALER_cs_withdraw_nonce_derive (
   const struct TALER_PlanchetSecretsP *ps,
   struct TALER_CsNonce *nonce)