fixed nonce check, renamed WithdrawNonce

12 files changed, 46 insertions, 22 deletions

diff --git a/src/exchange/taler-exchange-httpd_csr.c b/src/exchange/taler-exchange-httpd_csr.c
index e1c9037df..dfe4d4d07 100644
--- a/src/exchange/taler-exchange-httpd_csr.c
+++ b/src/exchange/taler-exchange-httpd_csr.c
@@ -37,13 +37,13 @@ TEH_handler_csr (struct TEH_RequestContext *rc,
                  const json_t *root,
                  const char *const args[])
 {
-  struct TALER_WithdrawNonce nonce;
+  struct TALER_CsNonce nonce;
   struct TALER_DenominationHash denom_pub_hash;
   struct TALER_DenominationCsPublicR r_pub;
   struct GNUNET_JSON_Specification spec[] = {
     GNUNET_JSON_spec_fixed ("nonce",
                             &nonce,
-                            sizeof (struct TALER_WithdrawNonce)),
+                            sizeof (struct TALER_CsNonce)),
     GNUNET_JSON_spec_fixed ("denom_pub_hash",
                             &denom_pub_hash,
                             sizeof (struct TALER_DenominationHash)),
diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c
index 39c5b760f..2e1d71824 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -2460,7 +2460,7 @@ TEH_keys_denomination_sign (const struct TALER_DenominationHash *h_denom_pub,
 enum TALER_ErrorCode
 TEH_keys_denomination_cs_r_pub (const struct
                                 TALER_DenominationHash *h_denom_pub,
-                                const struct TALER_WithdrawNonce *nonce,
+                                const struct TALER_CsNonce *nonce,
                                 struct TALER_DenominationCsPublicR *r_pub)
 {
   struct TEH_KeyStateHandle *ksh;
diff --git a/src/exchange/taler-exchange-httpd_keys.h b/src/exchange/taler-exchange-httpd_keys.h
index 2cc7d7d7c..57011ed22 100644
--- a/src/exchange/taler-exchange-httpd_keys.h
+++ b/src/exchange/taler-exchange-httpd_keys.h
@@ -232,7 +232,7 @@ TEH_keys_denomination_sign (const struct TALER_DenominationHash *h_denom_pub,
 enum TALER_ErrorCode
 TEH_keys_denomination_cs_r_pub (const struct
                                 TALER_DenominationHash *h_denom_pub,
-                                const struct TALER_WithdrawNonce *nonce,
+                                const struct TALER_CsNonce *nonce,
                                 struct TALER_DenominationCsPublicR *r_pub);
 
 
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 870e2a990..9870572b3 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -798,7 +798,7 @@ struct TALER_BlindedRsaPlanchet
 /**
  * Withdraw nonce for CS denominations
  */
-struct TALER_WithdrawNonce
+struct TALER_CsNonce
 {
   /**
    * 32 bit nonce to include in withdrawals
@@ -821,7 +821,7 @@ struct TALER_BlindedCsPlanchet
   /**
    * Public Nonce
    */
-  struct TALER_WithdrawNonce nonce;
+  struct TALER_CsNonce nonce;
 };
 
 /**
@@ -988,7 +988,7 @@ void
 TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
 
 /**
- * @brief Method to generate withdraw nonce
+ * @brief Method to derive withdraw nonce
  *
  * @param coin_priv private key of the coin
  * @param nonce withdraw nonce included in the request to generate R_0 and R_1
@@ -996,10 +996,18 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
 void
 TALER_cs_withdraw_nonce_derive (const struct
                                 TALER_CoinSpendPrivateKeyP *coin_priv,
-                                struct TALER_WithdrawNonce *nonce);
+                                struct TALER_CsNonce *nonce);
 
 
 /**
+ * @brief Method to generate a random withdraw nonce used in refresh protocol
+ *
+ * @param nonce withdraw nonce included in the request to generate R_0 and R_1
+ */
+void
+TALER_cs_withdraw_nonce_generate (struct TALER_CsNonce *nonce);
+
+/**
  * Initialize denomination public-private key pair.
  *
  * For #TALER_DENOMINATION_RSA, an additional "unsigned int"
@@ -1047,7 +1055,7 @@ TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig);
  */
 
 enum GNUNET_GenericReturnValue
-TALER_denom_cs_derive_r_public (const struct TALER_WithdrawNonce *nonce,
+TALER_denom_cs_derive_r_public (const struct TALER_CsNonce *nonce,
                                 const struct
                                 TALER_DenominationPrivateKey *denom_priv,
                                 struct TALER_DenominationCsPublicR *r_pub);
@@ -1082,7 +1090,6 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk,
  * @param[out] denom_sig where to write the signature
  * @param denom_priv private key to use for signing
  * @param blinded_planchet the planchet already blinded
- * @param ... If CS signature, a TALER_WithdrawNonce is needed
  * @return #GNUNET_OK on success
  */
 enum GNUNET_GenericReturnValue
@@ -1892,7 +1899,7 @@ TALER_CRYPTO_helper_cs_revoke (
 struct TALER_DenominationCsPublicR
 TALER_CRYPTO_helper_cs_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh,
                                  const struct TALER_CsPubHashP *h_cs,
-                                 const struct TALER_WithdrawNonce *nonce,
+                                 const struct TALER_CsNonce *nonce,
                                  enum TALER_ErrorCode *ec);
 
 
diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h
index fcf907c58..68c971868 100644
--- a/src/include/taler_exchange_service.h
+++ b/src/include/taler_exchange_service.h
@@ -1107,7 +1107,7 @@ typedef void
 struct TALER_EXCHANGE_CsRHandle *
 TALER_EXCHANGE_csr (struct TALER_EXCHANGE_Handle *exchange,
                     const struct TALER_EXCHANGE_DenomPublicKey *pk,
-                    const struct TALER_WithdrawNonce *nonce,
+                    const struct TALER_CsNonce *nonce,
                     TALER_EXCHANGE_CsRCallback res_cb,
                     void *res_cb_cls);
 
diff --git a/src/lib/exchange_api_csr.c b/src/lib/exchange_api_csr.c
index a3f631181..d99b08caf 100644
--- a/src/lib/exchange_api_csr.c
+++ b/src/lib/exchange_api_csr.c
@@ -205,7 +205,7 @@ handle_csr_finished (void *cls,
 struct TALER_EXCHANGE_CsRHandle *
 TALER_EXCHANGE_csr (struct TALER_EXCHANGE_Handle *exchange,
                     const struct TALER_EXCHANGE_DenomPublicKey *pk,
-                    const struct TALER_WithdrawNonce *nonce,
+                    const struct TALER_CsNonce *nonce,
                     TALER_EXCHANGE_CsRCallback res_cb,
                     void *res_cb_cls)
 {
@@ -229,7 +229,7 @@ TALER_EXCHANGE_csr (struct TALER_EXCHANGE_Handle *exchange,
     csr_obj = GNUNET_JSON_PACK (GNUNET_JSON_pack_data_varsize ("nonce",
                                                                nonce,
                                                                sizeof(struct
-                                                                      TALER_WithdrawNonce)),
+                                                                      TALER_CsNonce)),
                                 GNUNET_JSON_pack_data_varsize ("denom_pub_hash",
                                                                &pk->h_key,
                                                                sizeof(struct
diff --git a/src/lib/exchange_api_withdraw.c b/src/lib/exchange_api_withdraw.c
index e8eca88cc..a5a886767 100644
--- a/src/lib/exchange_api_withdraw.c
+++ b/src/lib/exchange_api_withdraw.c
@@ -283,9 +283,17 @@ TALER_EXCHANGE_withdraw (
                                         wh);
     break;
   case TALER_DENOMINATION_CS:
-    TALER_cs_withdraw_nonce_derive (&ps->coin_priv,
-                                    &wh->pd.blinded_planchet.details.
-                                    cs_blinded_planchet.nonce);
+    wh->pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
+
+    /**
+     * This part is a bit hacky..
+     * due to the reason that Withdraw tests use the same private key coin to sign,
+     * the same Withdraw nonce will be derived.
+     * In a normal withdrawal TALER_cs_withdraw_nonce_derive is used.
+     * As a hacky solution, we generate the nonce here randomly.
+     */
+    TALER_cs_withdraw_nonce_generate (&wh->pd.blinded_planchet.details.
+                                      cs_blinded_planchet.nonce);
     wh->csrh = TALER_EXCHANGE_csr (exchange,
                                    pk,
                                    &wh->pd.blinded_planchet.details.
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 549ec8b1a..fd309c934 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -191,7 +191,7 @@ cs_blinding_seed_derive (const struct
 void
 TALER_cs_withdraw_nonce_derive (const struct
                                 TALER_CoinSpendPrivateKeyP *coin_priv,
-                                struct TALER_WithdrawNonce *nonce)
+                                struct TALER_CsNonce *nonce)
 {
   GNUNET_assert (GNUNET_YES ==
                  GNUNET_CRYPTO_hkdf (nonce,
@@ -208,6 +208,15 @@ TALER_cs_withdraw_nonce_derive (const struct
 
 
 void
+TALER_cs_withdraw_nonce_generate (struct TALER_CsNonce *nonce)
+{
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+                              nonce,
+                              sizeof (*nonce));
+}
+
+
+void
 TALER_planchet_blinding_secret_create (struct TALER_PlanchetSecretsP *ps,
                                        const struct
                                        TALER_ExchangeWithdrawValues *alg_values)
diff --git a/src/util/crypto_helper_cs.c b/src/util/crypto_helper_cs.c
index 240c13552..593aa0c25 100644
--- a/src/util/crypto_helper_cs.c
+++ b/src/util/crypto_helper_cs.c
@@ -610,7 +610,7 @@ TALER_CRYPTO_helper_cs_revoke (
 struct TALER_DenominationCsPublicR
 TALER_CRYPTO_helper_cs_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh,
                                  const struct TALER_CsPubHashP *h_cs,
-                                 const struct TALER_WithdrawNonce *nonce,
+                                 const struct TALER_CsNonce *nonce,
                                  enum TALER_ErrorCode *ec)
 {
   struct TALER_DenominationCsPublicR r_pub;
diff --git a/src/util/denom.c b/src/util/denom.c
index 43204f09c..fa8909783 100644
--- a/src/util/denom.c
+++ b/src/util/denom.c
@@ -83,7 +83,7 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv,
 
 
 enum GNUNET_GenericReturnValue
-TALER_denom_cs_derive_r_public (const struct TALER_WithdrawNonce *nonce,
+TALER_denom_cs_derive_r_public (const struct TALER_CsNonce *nonce,
                                 const struct
                                 TALER_DenominationPrivateKey *denom_priv,
                                 struct TALER_DenominationCsPublicR *r_pub)
diff --git a/src/util/taler-exchange-secmod-cs.h b/src/util/taler-exchange-secmod-cs.h
index c5f1b7dec..6c3f9232a 100644
--- a/src/util/taler-exchange-secmod-cs.h
+++ b/src/util/taler-exchange-secmod-cs.h
@@ -162,7 +162,7 @@ struct TALER_CRYPTO_CsRDeriveRequest
   /**
    * Withdraw nonce to derive R from
    */
-  struct TALER_WithdrawNonce nonce;
+  struct TALER_CsNonce nonce;
 };
 
 /**
diff --git a/src/util/test_helper_cs.c b/src/util/test_helper_cs.c
index 5a41c7fa1..c4e68376b 100644
--- a/src/util/test_helper_cs.c
+++ b/src/util/test_helper_cs.c
@@ -371,7 +371,7 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh)
   /* check R derivation does not work if the key is unknown */
   {
     struct TALER_CsPubHashP rnd;
-    struct TALER_WithdrawNonce nonce;
+    struct TALER_CsNonce nonce;
 
     GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
                                 &rnd,