-towards fixing the protocol

author: Christian Grothoff <christian@grothoff.org> 2022-02-14 23:02:25 +0100
committer: Christian Grothoff <christian@grothoff.org> 2022-02-14 23:02:25 +0100
commit: bd77bcb52dcad4b761f3db0acaa6b71b112a31c2 (patch)
tree: f519ebc30bf0917d9f2e91667a20beac71284586 /src/lib
parent: f4f40a31efd3028dec36c0b84a49617926b5f9c3 (diff)
download: exchange-bd77bcb52dcad4b761f3db0acaa6b71b112a31c2.tar.gz
exchange-bd77bcb52dcad4b761f3db0acaa6b71b112a31c2.tar.bz2
exchange-bd77bcb52dcad4b761f3db0acaa6b71b112a31c2.zip
3 files changed, 57 insertions, 0 deletions
diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c
index 6ebb72271..a44ccdcea 100644
--- a/src/lib/exchange_api_link.c
+++ b/src/lib/exchange_api_link.c
@@ -92,6 +92,7 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
   struct TALER_CoinSpendSignatureP link_sig;
   union TALER_DenominationBlindingKeyP bks;
   struct TALER_ExchangeWithdrawValues alg_values;
+  struct TALER_CsNonce nonce;
   uint32_t coin_idx;
   struct GNUNET_JSON_Specification spec[] = {
     TALER_JSON_spec_denom_pub ("denom_pub",
@@ -104,6 +105,9 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
                                  &link_sig),
     GNUNET_JSON_spec_uint32 ("coin_idx",
                              &coin_idx),
+    GNUNET_JSON_spec_mark_optional (
+      GNUNET_JSON_spec_fixed_auto ("cs_nonce",
+                                   &nonce)),
     GNUNET_JSON_spec_end ()
   };
   struct TALER_TransferSecretP secret;
@@ -111,6 +115,9 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
   struct TALER_CoinPubHash c_hash;
 
   /* parse reply */
+  memset (&nonce,
+          0,
+          sizeof (nonce));
   if (GNUNET_OK !=
       GNUNET_JSON_parse (json,
                          spec,
@@ -143,6 +150,16 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
     GNUNET_JSON_parse_free (spec);
     return GNUNET_SYSERR;
   }
+  if (TALER_DENOMINATION_CS == alg_values.cipher)
+  {
+    if (GNUNET_is_zero (&nonce))
+    {
+      GNUNET_break_op (0);
+      GNUNET_JSON_parse_free (spec);
+      return GNUNET_SYSERR;
+    }
+    pd.blinded_planchet.details.cs_blinded_planchet.nonce = nonce;
+  }
   /* extract coin and signature */
   if (GNUNET_OK !=
       TALER_denom_sig_unblind (&lci->sig,
diff --git a/src/lib/exchange_api_recoup.c b/src/lib/exchange_api_recoup.c
index a4ad0ccee..9b7201cd0 100644
--- a/src/lib/exchange_api_recoup.c
+++ b/src/lib/exchange_api_recoup.c
@@ -328,6 +328,25 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange,
                                 &coin_sig),
     GNUNET_JSON_pack_data_auto ("coin_blind_key_secret",
                                 &bks));
+  if (TALER_DENOMINATION_CS == denom_sig->cipher)
+  {
+    struct TALER_CsNonce nonce;
+
+    // FIXME: add this to the spec!
+    /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash()
+       it is not strictly clear that the nonce is needed. Best case would be
+       to find a way to include it more 'naturally' somehow, for example with
+       the variant union version of bks! */
+    TALER_cs_withdraw_nonce_derive (ps,
+                                    &nonce);
+    GNUNET_assert (
+      0 ==
+      json_object_set_new (recoup_obj,
+                           "cs_nonce",
+                           GNUNET_JSON_from_data_auto (
+                             &nonce)));
+  }
+
   {
     char pub_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2];
     char *end;
diff --git a/src/lib/exchange_api_recoup_refresh.c b/src/lib/exchange_api_recoup_refresh.c
index 9133e5942..02e994155 100644
--- a/src/lib/exchange_api_recoup_refresh.c
+++ b/src/lib/exchange_api_recoup_refresh.c
@@ -332,6 +332,27 @@ TALER_EXCHANGE_recoup_refresh (
                                 &coin_sig),
     GNUNET_JSON_pack_data_auto ("coin_blind_key_secret",
                                 &bks));
+
+  if (TALER_DENOMINATION_CS == denom_sig->cipher)
+  {
+    struct TALER_CsNonce nonce;
+
+    // FIXME: add this to the spec!
+    /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash()
+       it is not strictly clear that the nonce is needed. Best case would be
+       to find a way to include it more 'naturally' somehow, for example with
+       the variant union version of bks! */
+    TALER_cs_refresh_nonce_derive (rms,
+                                   idx,
+                                   &nonce);
+    GNUNET_assert (
+      0 ==
+      json_object_set_new (recoup_obj,
+                           "cs_nonce",
+                           GNUNET_JSON_from_data_auto (
+                             &nonce)));
+  }
+
   {
     char pub_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2];
     char *end;
author	Christian Grothoff <christian@grothoff.org>	2022-02-14 23:02:25 +0100
committer	Christian Grothoff <christian@grothoff.org>	2022-02-14 23:02:25 +0100
commit	bd77bcb52dcad4b761f3db0acaa6b71b112a31c2 (patch)
tree	f519ebc30bf0917d9f2e91667a20beac71284586 /src/lib
parent	f4f40a31efd3028dec36c0b84a49617926b5f9c3 (diff)
download	exchange-bd77bcb52dcad4b761f3db0acaa6b71b112a31c2.tar.gz exchange-bd77bcb52dcad4b761f3db0acaa6b71b112a31c2.tar.bz2 exchange-bd77bcb52dcad4b761f3db0acaa6b71b112a31c2.zip