From 5d2157a8f6edeaf124e26561ed50c458af9df00d Mon Sep 17 00:00:00 2001
From: Gian Demarmels <gian@demarmels.org>
Date: Thu, 23 Dec 2021 10:58:03 +0100
Subject: sign_blinded implementation

---
 src/include/taler_crypto_lib.h |  3 ++-
 src/util/crypto.c              |  6 +++---
 src/util/denom.c               | 29 +++++++++++++++++++++++++++--
 src/util/test_crypto.c         | 20 +++++++++++++++++---
 4 files changed, 49 insertions(+), 9 deletions(-)

diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 4a6c02423..3684c751c 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -1077,7 +1077,8 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk,
 enum GNUNET_GenericReturnValue
 TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
                           const struct TALER_DenominationPrivateKey *denom_priv,
-                          const struct TALER_BlindedPlanchet *blinded_planchet);
+                          const struct TALER_BlindedPlanchet *blinded_planchet,
+                          ...);
 
 
 /**
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 9dd32d320..dd2cbfce2 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -212,8 +212,6 @@ TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
                               enum TALER_DenominationCipher cipher,
                               ...)
 {
-  va_list ap;
-  va_start (ap, cipher);
   switch (cipher)
   {
   case TALER_DENOMINATION_INVALID:
@@ -227,6 +225,8 @@ TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
     return;
   case TALER_DENOMINATION_CS:
     {
+      va_list ap;
+      va_start (ap, cipher);
       struct TALER_CoinSpendPrivateKeyP *coin_priv;
       struct TALER_DenominationCsPublicR *r_pub;
       coin_priv = va_arg (ap, struct TALER_CoinSpendPrivateKeyP *);
@@ -235,12 +235,12 @@ TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
       cs_blinding_seed_derive (coin_priv,
                                r_pub->r_pub,
                                &bs->nonce);
+      va_end (ap);
       return;
     }
   default:
     GNUNET_break (0);
   }
-  va_end (ap);
 }
 
 
diff --git a/src/util/denom.c b/src/util/denom.c
index 6de6084e7..ab0e94ced 100644
--- a/src/util/denom.c
+++ b/src/util/denom.c
@@ -125,7 +125,8 @@ TALER_denom_cs_derive_r_public (const struct TALER_WithdrawNonce *nonce,
 enum GNUNET_GenericReturnValue
 TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
                           const struct TALER_DenominationPrivateKey *denom_priv,
-                          const struct TALER_BlindedPlanchet *blinded_planchet)
+                          const struct TALER_BlindedPlanchet *blinded_planchet,
+                          ...)
 {
   memset (denom_sig,
           0,
@@ -148,7 +149,31 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
     }
     denom_sig->cipher = TALER_DENOMINATION_RSA;
     return GNUNET_OK;
-  // TODO: add case for Clause-Schnorr
+  case TALER_DENOMINATION_CS:
+    {
+      va_list ap;
+      va_start (ap, blinded_planchet);
+      struct TALER_WithdrawNonce *nonce;
+      nonce = va_arg (ap, struct TALER_WithdrawNonce *);
+
+      struct GNUNET_CRYPTO_CsRSecret r[2];
+      GNUNET_CRYPTO_cs_r_derive (&nonce->nonce,
+                                 &denom_priv->details.cs_private_key,
+                                 r);
+
+      denom_sig->details.blinded_cs_answer.b =
+        GNUNET_CRYPTO_cs_sign_derive (&denom_priv->details.cs_private_key,
+                                      r,
+                                      blinded_planchet->details.
+                                      cs_blinded_planchet.c,
+                                      &nonce->nonce,
+                                      &denom_sig->details.blinded_cs_answer.
+                                      s_scalar);
+
+      denom_sig->cipher = TALER_DENOMINATION_CS;
+      va_end (ap);
+    }
+    return GNUNET_OK;
   default:
     GNUNET_break (0);
   }
diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c
index 142dc31b6..b15e65745 100644
--- a/src/util/test_crypto.c
+++ b/src/util/test_crypto.c
@@ -148,9 +148,10 @@ test_planchets_cs (void)
   struct TALER_CoinPubHash c_hash;
   struct TALER_WithdrawNonce nonce;
   struct TALER_DenominationCsPublicR r_pub;
+  struct TALER_DenominationCsPublicR r_pub_blind;
   struct TALER_DenominationCsPrivateR priv_r;
-  // struct TALER_BlindedDenominationSignature blind_sig;
-  // struct TALER_FreshCoin coin;
+  struct TALER_BlindedDenominationSignature blind_sig;
+  struct TALER_FreshCoin coin;
 
   GNUNET_assert (GNUNET_OK ==
                  TALER_denom_priv_create (&dk_priv,
@@ -175,12 +176,25 @@ test_planchets_cs (void)
                                          &pd,
                                          &nonce,
                                          &r_pub));
+  // TODO: Remove r_secret if not needed
   GNUNET_assert (GNUNET_OK ==
                  TALER_denom_cs_derive_r_secret (&nonce,
                                                  &dk_priv,
                                                  &priv_r));
+  GNUNET_assert (GNUNET_OK ==
+                 TALER_denom_sign_blinded (&blind_sig,
+                                           &dk_priv,
+                                           &pd.blinded_planchet,
+                                           &nonce));
+
+  // GNUNET_assert (GNUNET_OK ==
+  //                TALER_planchet_to_coin (&dk_pub,
+  //                                        &blind_sig,
+  //                                        &ps,
+  //                                        &c_hash,
+  //                                        &coin));
 
-  // TALER_blinded_denom_sig_free (&blind_sig);
+  TALER_blinded_denom_sig_free (&blind_sig);
   // TALER_denom_sig_free (&coin.sig);
   TALER_denom_priv_free (&dk_priv);
   TALER_denom_pub_free (&dk_pub);
-- 
cgit v1.2.3