export complete backup, derive planchets in withdrawal

2 files changed, 30 insertions, 11 deletions

diff --git a/packages/taler-wallet-core/src/crypto/talerCrypto.ts b/packages/taler-wallet-core/src/crypto/talerCrypto.ts
index 095957982..d28f11174 100644
--- a/packages/taler-wallet-core/src/crypto/talerCrypto.ts
+++ b/packages/taler-wallet-core/src/crypto/talerCrypto.ts
@@ -390,6 +390,25 @@ export function setupRefreshPlanchet(
   };
 }
 
+export function setupWithdrawPlanchet(
+  secretSeed: Uint8Array,
+  coinNumber: number,
+): FreshCoin {
+  const info = stringToBytes("taler-withdrawal-coin-derivation");
+  const saltArrBuf = new ArrayBuffer(4);
+  const salt = new Uint8Array(saltArrBuf);
+  const saltDataView = new DataView(saltArrBuf);
+  saltDataView.setUint32(0, coinNumber);
+  const out = kdf(64, secretSeed, salt, info);
+  const coinPriv = out.slice(0, 32);
+  const bks = out.slice(32, 64);
+  return {
+    bks,
+    coinPriv,
+    coinPub: eddsaGetPublic(coinPriv),
+  };
+}
+
 export function setupTipPlanchet(
   secretSeed: Uint8Array,
   coinNumber: number,
diff --git a/packages/taler-wallet-core/src/crypto/workers/cryptoImplementation.ts b/packages/taler-wallet-core/src/crypto/workers/cryptoImplementation.ts
index 4f553c502..fc8b53eb7 100644
--- a/packages/taler-wallet-core/src/crypto/workers/cryptoImplementation.ts
+++ b/packages/taler-wallet-core/src/crypto/workers/cryptoImplementation.ts
@@ -61,13 +61,11 @@ import {
   rsaVerify,
   setupRefreshTransferPub,
   setupTipPlanchet,
+  setupWithdrawPlanchet,
 } from "../talerCrypto";
 import { randomBytes } from "../primitives/nacl-fast";
 import { kdf } from "../primitives/kdf";
-import {
-  Timestamp,
-  timestampTruncateToSecond,
-} from "../../util/time";
+import { Timestamp, timestampTruncateToSecond } from "../../util/time";
 
 import { Logger } from "../../util/logging";
 import {
@@ -161,10 +159,12 @@ export class CryptoImplementation {
     const reservePub = decodeCrock(req.reservePub);
     const reservePriv = decodeCrock(req.reservePriv);
     const denomPub = decodeCrock(req.denomPub);
-    const coinKeyPair = createEddsaKeyPair();
-    const blindingFactor = createBlindingKeySecret();
-    const coinPubHash = hash(coinKeyPair.eddsaPub);
-    const ev = rsaBlind(coinPubHash, blindingFactor, denomPub);
+    const derivedPlanchet = setupWithdrawPlanchet(
+      decodeCrock(req.secretSeed),
+      req.coinIndex,
+    );
+    const coinPubHash = hash(derivedPlanchet.coinPub);
+    const ev = rsaBlind(coinPubHash, derivedPlanchet.bks, denomPub);
     const amountWithFee = Amounts.add(req.value, req.feeWithdraw).amount;
     const denomPubHash = hash(denomPub);
     const evHash = hash(ev);
@@ -179,10 +179,10 @@ export class CryptoImplementation {
     const sig = eddsaSign(withdrawRequest, reservePriv);
 
     const planchet: PlanchetCreationResult = {
-      blindingKey: encodeCrock(blindingFactor),
+      blindingKey: encodeCrock(derivedPlanchet.bks),
       coinEv: encodeCrock(ev),
-      coinPriv: encodeCrock(coinKeyPair.eddsaPriv),
-      coinPub: encodeCrock(coinKeyPair.eddsaPub),
+      coinPriv: encodeCrock(derivedPlanchet.coinPriv),
+      coinPub: encodeCrock(derivedPlanchet.coinPub),
       coinValue: req.value,
       denomPub: encodeCrock(denomPub),
       denomPubHash: encodeCrock(denomPubHash),