From bd77bcb52dcad4b761f3db0acaa6b71b112a31c2 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Mon, 14 Feb 2022 23:02:25 +0100
Subject: -towards fixing the protocol

---
 src/lib/exchange_api_recoup_refresh.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'src/lib/exchange_api_recoup_refresh.c')

diff --git a/src/lib/exchange_api_recoup_refresh.c b/src/lib/exchange_api_recoup_refresh.c
index 9133e5942..02e994155 100644
--- a/src/lib/exchange_api_recoup_refresh.c
+++ b/src/lib/exchange_api_recoup_refresh.c
@@ -332,6 +332,27 @@ TALER_EXCHANGE_recoup_refresh (
                                 &coin_sig),
     GNUNET_JSON_pack_data_auto ("coin_blind_key_secret",
                                 &bks));
+
+  if (TALER_DENOMINATION_CS == denom_sig->cipher)
+  {
+    struct TALER_CsNonce nonce;
+
+    // FIXME: add this to the spec!
+    /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash()
+       it is not strictly clear that the nonce is needed. Best case would be
+       to find a way to include it more 'naturally' somehow, for example with
+       the variant union version of bks! */
+    TALER_cs_refresh_nonce_derive (rms,
+                                   idx,
+                                   &nonce);
+    GNUNET_assert (
+      0 ==
+      json_object_set_new (recoup_obj,
+                           "cs_nonce",
+                           GNUNET_JSON_from_data_auto (
+                             &nonce)));
+  }
+
   {
     char pub_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2];
     char *end;
-- 
cgit v1.2.3