-get tests to pass

src/benchmark/taler-aggregator-benchmark.c

@@ -490,7 +490,7 @@ run (void *cls,
     struct TALER_CoinPubHash c_hash;
     struct TALER_PlanchetDetail pd;
     struct TALER_BlindedDenominationSignature bds;
-    struct TALER_PlanchetSecretsP ps;
+    struct TALER_PlanchetMasterSecretP ps;
     struct TALER_ExchangeWithdrawValues alg_values;
     struct TALER_CoinSpendPublicKeyP coin_pub;
     union TALER_DenominationBlindingKeyP bks;

src/exchange/taler-exchange-httpd_refreshes_reveal.c

@@ -264,7 +264,7 @@ check_commitment (struct RevealContext *rctx,
             = &rctx->rrcs[j].exchange_vals;
           struct TALER_PlanchetDetail pd;
           struct TALER_CoinPubHash c_hash;
-          struct TALER_PlanchetSecretsP ps;
+          struct TALER_PlanchetMasterSecretP ps;
 
           rcd->dk = &rctx->dks[j]->denom_pub;
           TALER_transfer_secret_to_planchet_secret (&ts,

src/include/taler_crypto_lib.h

@@ -462,14 +462,27 @@ struct TALER_RsaPubHashP
 };
 
 
+/**
+ * Master key material for the deriviation of
+ * private coins and blinding factors during
+ * withdraw or refresh.
+ */
+struct TALER_PlanchetMasterSecretP
+{
+
+  /**
+   * Key material.
+   */
+  uint32_t key_data[8];
+
+};
+
+
 /**
  * Master key material for the deriviation of
  * private coins and blinding factors.
  */
-// FIXME: split this struct, we should have
+struct TALER_RefreshMasterSecretP
-// a different one for the Melt/Refresh secrets
-// and the withdraw secrets!
-struct TALER_PlanchetSecretsP
 {
 
   /**
@@ -1026,7 +1039,7 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
  */
 void
 TALER_planchet_setup_coin_priv (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_PlanchetMasterSecretP *ps,
   const struct TALER_ExchangeWithdrawValues *alg_values,
   struct TALER_CoinSpendPrivateKeyP *coin_priv);
 
@@ -1039,7 +1052,7 @@ TALER_planchet_setup_coin_priv (
  */
 void
 TALER_cs_withdraw_nonce_derive (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_PlanchetMasterSecretP *ps,
   struct TALER_CsNonce *nonce);
 
 
@@ -1047,13 +1060,13 @@ TALER_cs_withdraw_nonce_derive (
  * @brief Method to derive /csr nonce
  * to be used during refresh/melt operation.
  *
- * @param coin_priv private key of the coin
+ * @param rms secret input for the refresh operation
  * @param idx index of the fresh coin
  * @param[out] nonce set to nonce included in the request to generate R_0 and R_1
  */
 void
 TALER_cs_refresh_nonce_derive (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_RefreshMasterSecretP *rms,
   uint32_t idx,
   struct TALER_CsNonce *nonce);
 
@@ -1511,34 +1524,44 @@ void
 TALER_transfer_secret_to_planchet_secret (
   const struct TALER_TransferSecretP *secret_seed,
   uint32_t coin_num_salt,
-  struct TALER_PlanchetSecretsP *ps);
+  struct TALER_PlanchetMasterSecretP *ps);
 
 
 /**
  * Derive the @a coin_num transfer private key @a tpriv from a refresh from
- * the @a ps seed of the refresh operation.  The transfer private key
+ * the @a rms seed of the refresh operation.  The transfer private key
  * derivation is based on the @a ps with a KDF salted by the @a coin_num.
  *
- * @param ps seed to use for KDF to derive transfer keys
+ * @param rms seed to use for KDF to derive transfer keys
  * @param cnc_num cut and choose number to include in KDF
  * @param[out] tpriv value to initialize
  */
 void
 TALER_planchet_secret_to_transfer_priv (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_RefreshMasterSecretP *rms,
   uint32_t cnc_num,
   struct TALER_TransferPrivateKeyP *tpriv);
 
 
 /**
- * Setup information for fresh coins to be withdrawn
+ * Setup secret seed information for fresh coins to be
- * or refreshed.
+ * withdrawn.
  *
  * @param[out] ps value to initialize
  */
 void
-TALER_planchet_setup_random (
+TALER_planchet_master_setup_random (
-  struct TALER_PlanchetSecretsP *ps);
+  struct TALER_PlanchetMasterSecretP *ps);
+
+
+/**
+ * Setup secret seed for fresh coins to be refreshed.
+ *
+ * @param[out] rms value to initialize
+ */
+void
+TALER_refresh_master_setup_random (
+  struct TALER_RefreshMasterSecretP *rms);
 
 
 /**
@@ -1551,7 +1574,7 @@ TALER_planchet_setup_random (
  */
 void
 TALER_planchet_blinding_secret_create (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_PlanchetMasterSecretP *ps,
   const struct TALER_ExchangeWithdrawValues *alg_values,
   union TALER_DenominationBlindingKeyP *bks);
 

src/include/taler_exchange_service.h

@@ -1500,7 +1500,7 @@ TALER_EXCHANGE_withdraw (
   struct TALER_EXCHANGE_Handle *exchange,
   const struct TALER_EXCHANGE_DenomPublicKey *pk,
   const struct TALER_ReservePrivateKeyP *reserve_priv,
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_PlanchetMasterSecretP *ps,
   TALER_EXCHANGE_WithdrawCallback res_cb,
   void *res_cb_cls);
 
@@ -1667,7 +1667,7 @@ typedef void
  * prior to calling this function.
  *
  * @param exchange the exchange handle; the exchange must be ready to operate
- * @param ps the fresh secret that defines the refresh operation
+ * @param rms the fresh secret that defines the refresh operation
  * @param rd the refresh data specifying the characteristics of the operation
  * @param melt_cb the callback to call with the result
  * @param melt_cb_cls closure for @a melt_cb
@@ -1676,7 +1676,7 @@ typedef void
  */
 struct TALER_EXCHANGE_MeltHandle *
 TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange,
-                     const struct TALER_PlanchetSecretsP *ps,
+                     const struct TALER_RefreshMasterSecretP *rms,
                      const struct TALER_EXCHANGE_RefreshData *rd,
                      TALER_EXCHANGE_MeltCallback melt_cb,
                      void *melt_cb_cls);
@@ -1716,7 +1716,7 @@ typedef void
   const struct TALER_EXCHANGE_HttpResponse *hr,
   unsigned int num_coins,
   const struct TALER_CoinSpendPrivateKeyP *coin_privs,
-  const struct TALER_PlanchetSecretsP *psa,
+  const struct TALER_PlanchetMasterSecretP *psa,
   const struct TALER_DenominationSignature *sigs);
 
 
@@ -1736,7 +1736,7 @@ struct TALER_EXCHANGE_RefreshesRevealHandle;
  * prior to calling this function.
  *
  * @param exchange the exchange handle; the exchange must be ready to operate
- * @param ps the fresh secret that defines the refresh operation
+ * @param rms the fresh secret that defines the refresh operation
  * @param rd the refresh data that characterizes the refresh operation
  * @param num_coins number of fresh coins to be created, length of the @a exchange_vals array, must match value in @a rd
  * @param alg_values array @a num_coins of exchange values contributed to the refresh operation
@@ -1751,7 +1751,7 @@ struct TALER_EXCHANGE_RefreshesRevealHandle;
 struct TALER_EXCHANGE_RefreshesRevealHandle *
 TALER_EXCHANGE_refreshes_reveal (
   struct TALER_EXCHANGE_Handle *exchange,
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_RefreshMasterSecretP *rms,
   const struct TALER_EXCHANGE_RefreshData *rd,
   unsigned int num_coins,
   const struct TALER_ExchangeWithdrawValues *alg_values,
@@ -2186,7 +2186,7 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange,
                        const struct TALER_EXCHANGE_DenomPublicKey *pk,
                        const struct TALER_DenominationSignature *denom_sig,
                        const struct TALER_ExchangeWithdrawValues *exchange_vals,
-                       const struct TALER_PlanchetSecretsP *ps,
+                       const struct TALER_PlanchetMasterSecretP *ps,
                        TALER_EXCHANGE_RecoupResultCallback recoup_cb,
                        void *recoup_cb_cls);
 
@@ -2236,7 +2236,7 @@ typedef void
  * @param pk kind of coin to pay back
  * @param denom_sig signature over the coin by the exchange using @a pk
  * @param exchange_vals contribution from the exchange on the withdraw
- * @param rps melt secret of the refreshing operation
+ * @param rms melt secret of the refreshing operation
  * @param ps coin-specific secrets derived for this coin during the refreshing operation
  * @param idx index of the fresh coin in the refresh operation that is now being recouped
  * @param recoup_cb the callback to call when the final result for this request is available
@@ -2251,8 +2251,8 @@ TALER_EXCHANGE_recoup_refresh (
   const struct TALER_EXCHANGE_DenomPublicKey *pk,
   const struct TALER_DenominationSignature *denom_sig,
   const struct TALER_ExchangeWithdrawValues *exchange_vals,
-  const struct TALER_PlanchetSecretsP *rps,
+  const struct TALER_RefreshMasterSecretP *rms,
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_PlanchetMasterSecretP *ps,
   unsigned int idx,
   TALER_EXCHANGE_RecoupRefreshResultCallback recoup_cb,
   void *recoup_cb_cls);

src/include/taler_testing_lib.h

@@ -2443,8 +2443,8 @@ TALER_TESTING_get_trait (const struct TALER_TESTING_Trait *traits,
 #define TALER_TESTING_SIMPLE_TRAITS(op) \
   op (bank_row, const uint64_t)                                    \
   op (reserve_priv, const struct TALER_ReservePrivateKeyP) \
-  op (planchet_secret, const struct TALER_PlanchetSecretsP) \
+  op (planchet_secret, const struct TALER_PlanchetMasterSecretP) \
-  op (refresh_secret, const struct TALER_PlanchetSecretsP) \
+  op (refresh_secret, const struct TALER_RefreshMasterSecretP) \
   op (reserve_pub, const struct TALER_ReservePublicKeyP)         \
   op (merchant_priv, const struct TALER_MerchantPrivateKeyP)       \
   op (merchant_pub, const struct TALER_MerchantPublicKeyP)         \
@@ -2484,7 +2484,7 @@ TALER_TESTING_get_trait (const struct TALER_TESTING_Trait *traits,
 #define TALER_TESTING_INDEXED_TRAITS(op)                               \
   op (denom_pub, const struct TALER_EXCHANGE_DenomPublicKey)           \
   op (denom_sig, const struct TALER_DenominationSignature)             \
-  op (planchet_secrets, const struct TALER_PlanchetSecretsP)           \
+  op (planchet_secrets, const struct TALER_PlanchetMasterSecretP)           \
   op (exchange_wd_value, const struct TALER_ExchangeWithdrawValues)    \
   op (coin_priv, const struct TALER_CoinSpendPrivateKeyP)              \
   op (coin_pub, const struct TALER_CoinSpendPublicKeyP)                \

src/lib/exchange_api_link.c

@@ -113,7 +113,7 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
     GNUNET_JSON_spec_end ()
   };
   struct TALER_TransferSecretP secret;
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetMasterSecretP ps;
   struct TALER_PlanchetDetail pd;
   struct TALER_CoinPubHash c_hash;
 
@@ -175,14 +175,15 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
     // really need to change the derivation structure
     // during refresh to derive the nonces differently
     // and make /link possible!
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+    /* FIXME: we cannot get the 'rms' here, and
-                "Link using PS(%u)=%s\n",
+       if the TALER_coin_ev_hash() includes that 'nonce',
-                (unsigned int) coin_idx,
+       we are screwed on/link. */
-                TALER_B2S (&ps));
+#if FIXME_OMIT
     TALER_cs_refresh_nonce_derive (
       &ps,
       coin_idx,
       &pd.blinded_planchet.details.cs_blinded_planchet.nonce);
+#endif
     TALER_coin_ev_hash (&pd.blinded_planchet,
                         &pd.denom_pub_hash,
                         &coin_envelope_hash);

src/lib/exchange_api_melt.c

@@ -78,7 +78,7 @@ struct TALER_EXCHANGE_MeltHandle
   /**
    * The secret the entire melt operation is seeded from.
    */
-  const struct TALER_PlanchetSecretsP *ps;
+  const struct TALER_RefreshMasterSecretP *rms;
 
   /**
    * Details about the characteristics of the requested melt operation.
@@ -490,7 +490,7 @@ start_melt (struct TALER_EXCHANGE_MeltHandle *mh)
   struct TALER_DenominationHash h_denom_pub;
 
   if (GNUNET_OK !=
-      TALER_EXCHANGE_get_melt_data_ (mh->ps,
+      TALER_EXCHANGE_get_melt_data_ (mh->rms,
                                      mh->rd,
                                      mh->alg_values,
                                      &mh->md))
@@ -637,7 +637,7 @@ csr_cb (void *cls,
 
 struct TALER_EXCHANGE_MeltHandle *
 TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange,
-                     const struct TALER_PlanchetSecretsP *ps,
+                     const struct TALER_RefreshMasterSecretP *rms,
                      const struct TALER_EXCHANGE_RefreshData *rd,
                      TALER_EXCHANGE_MeltCallback melt_cb,
                      void *melt_cb_cls)
@@ -657,7 +657,7 @@ TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange,
   mh->noreveal_index = TALER_CNC_KAPPA; /* invalid value */
   mh->exchange = exchange;
   mh->rd = rd;
-  mh->ps = ps;
+  mh->rms = rms; /* FIXME: deep copy might be safer... */
   mh->melt_cb = melt_cb;
   mh->melt_cb_cls = melt_cb_cls;
   mh->alg_values = GNUNET_new_array (rd->fresh_pks_len,
@@ -683,7 +683,7 @@ TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange,
     case TALER_DENOMINATION_CS:
       wv->cipher = TALER_DENOMINATION_CS;
       nks[nks_off].pk = fresh_pk;
-      TALER_cs_refresh_nonce_derive (ps,
+      TALER_cs_refresh_nonce_derive (rms,
                                      i,
                                      &nks[nks_off].nonce);
       nks_off++;

src/lib/exchange_api_recoup.c

@@ -285,7 +285,7 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange,
                        const struct TALER_EXCHANGE_DenomPublicKey *pk,
                        const struct TALER_DenominationSignature *denom_sig,
                        const struct TALER_ExchangeWithdrawValues *exchange_vals,
-                       const struct TALER_PlanchetSecretsP *ps,
+                       const struct TALER_PlanchetMasterSecretP *ps,
                        TALER_EXCHANGE_RecoupResultCallback recoup_cb,
                        void *recoup_cb_cls)
 {

src/lib/exchange_api_recoup_refresh.c

@@ -287,8 +287,8 @@ TALER_EXCHANGE_recoup_refresh (
   const struct TALER_EXCHANGE_DenomPublicKey *pk,
   const struct TALER_DenominationSignature *denom_sig,
   const struct TALER_ExchangeWithdrawValues *exchange_vals,
-  const struct TALER_PlanchetSecretsP *rps,
+  const struct TALER_RefreshMasterSecretP *rms,
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_PlanchetMasterSecretP *ps,
   unsigned int idx,
   TALER_EXCHANGE_RecoupRefreshResultCallback recoup_cb,
   void *recoup_cb_cls)
@@ -343,7 +343,7 @@ TALER_EXCHANGE_recoup_refresh (
        it is not strictly clear that the nonce is needed. Best case would be
        to find a way to include it more 'naturally' somehow, for example with
        the variant union version of bks! */
-    TALER_cs_refresh_nonce_derive (rps,
+    TALER_cs_refresh_nonce_derive (rms,
                                    idx,
                                    &nonce);
     GNUNET_assert (

src/lib/exchange_api_refresh_common.c

@@ -44,7 +44,7 @@ TALER_EXCHANGE_free_melt_data_ (struct MeltData *md)
 
 enum GNUNET_GenericReturnValue
 TALER_EXCHANGE_get_melt_data_ (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_RefreshMasterSecretP *rms,
   const struct TALER_EXCHANGE_RefreshData *rd,
   const struct TALER_ExchangeWithdrawValues *alg_values,
   struct MeltData *md)
@@ -115,7 +115,7 @@ TALER_EXCHANGE_get_melt_data_ (
   for (unsigned int i = 0; i<TALER_CNC_KAPPA; i++)
   {
     TALER_planchet_secret_to_transfer_priv (
-      ps,
+      rms,
       i,
       &md->melted_coin.transfer_priv[i]);
     GNUNET_CRYPTO_ecdhe_key_get_public (
@@ -125,12 +125,12 @@ TALER_EXCHANGE_get_melt_data_ (
                                        &md->melted_coin.transfer_priv[i],
                                        &trans_sec[i]);
     md->fresh_coins[i] = GNUNET_new_array (rd->fresh_pks_len,
-                                           struct TALER_PlanchetSecretsP);
+                                           struct TALER_PlanchetMasterSecretP);
     rce[i].new_coins = GNUNET_new_array (rd->fresh_pks_len,
                                          struct TALER_RefreshCoinData);
     for (unsigned int j = 0; j<rd->fresh_pks_len; j++)
     {
-      struct TALER_PlanchetSecretsP *fc = &md->fresh_coins[i][j];
+      struct TALER_PlanchetMasterSecretP *fc = &md->fresh_coins[i][j];
       struct TALER_RefreshCoinData *rcd = &rce[i].new_coins[j];
       struct TALER_PlanchetDetail pd;
       struct TALER_CoinPubHash c_hash;
@@ -150,12 +150,8 @@ TALER_EXCHANGE_get_melt_data_ (
          so this computation is redundant, and here additionally
          repeated KAPPA times. Could be avoided with slightly
          more bookkeeping in the future */
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                  "Refresh using PS(%u)=%s\n",
-                  j,
-                  TALER_B2S (&ps));
       TALER_cs_refresh_nonce_derive (
-        ps,
+        rms,
         j,
         &pd.blinded_planchet.details.cs_blinded_planchet.nonce);
       if (GNUNET_OK !=

src/lib/exchange_api_refresh_common.h

@@ -112,21 +112,21 @@ struct MeltData
    * Arrays of @e num_fresh_coins with information about the fresh
    * coins to be created, for each cut-and-choose dimension.
    */
-  struct TALER_PlanchetSecretsP *fresh_coins[TALER_CNC_KAPPA];
+  struct TALER_PlanchetMasterSecretP *fresh_coins[TALER_CNC_KAPPA];
 };
 
 
 /**
  * Compute the melt data from the refresh data and secret.
  *
- * @param ps secret internals of the refresh-reveal operation
+ * @param rms secret internals of the refresh-reveal operation
  * @param rd refresh data with the characteristics of the operation
  * @param alg_values contributions from the exchange into the melt
  * @param[out] rd where to write the derived melt data
  */
 enum GNUNET_GenericReturnValue
 TALER_EXCHANGE_get_melt_data_ (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_RefreshMasterSecretP *rms,
   const struct TALER_EXCHANGE_RefreshData *rd,
   const struct TALER_ExchangeWithdrawValues *alg_values,
   struct MeltData *md);

src/lib/exchange_api_refreshes_reveal.c

@@ -141,7 +141,7 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshesRevealHandle *rrh,
   }
   for (unsigned int i = 0; i<rrh->md.num_fresh_coins; i++)
   {
-    const struct TALER_PlanchetSecretsP *fc;
+    const struct TALER_PlanchetMasterSecretP *fc;
     struct TALER_DenominationPublicKey *pk;
     json_t *jsonai;
     struct TALER_BlindedDenominationSignature blind_sig;
@@ -316,7 +316,7 @@ handle_refresh_reveal_finished (void *cls,
 struct TALER_EXCHANGE_RefreshesRevealHandle *
 TALER_EXCHANGE_refreshes_reveal (
   struct TALER_EXCHANGE_Handle *exchange,
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_RefreshMasterSecretP *rms,
   const struct TALER_EXCHANGE_RefreshData *rd,
   unsigned int num_coins,
   const struct TALER_ExchangeWithdrawValues *alg_values,
@@ -354,7 +354,7 @@ TALER_EXCHANGE_refreshes_reveal (
     return NULL;
   }
   if (GNUNET_OK !=
-      TALER_EXCHANGE_get_melt_data_ (ps,
+      TALER_EXCHANGE_get_melt_data_ (rms,
                                      rd,
                                      alg_values,
                                      &md))
@@ -380,7 +380,7 @@ TALER_EXCHANGE_refreshes_reveal (
     struct TALER_DenominationHash denom_hash;
     struct TALER_PlanchetDetail pd;
     struct TALER_CoinPubHash c_hash;
-    struct TALER_PlanchetSecretsP coin_ps;
+    struct TALER_PlanchetMasterSecretP coin_ps;
     union TALER_DenominationBlindingKeyP bks;
     struct TALER_CoinSpendPrivateKeyP coin_priv;
 
@@ -400,7 +400,7 @@ TALER_EXCHANGE_refreshes_reveal (
                                            &alg_values[i],
                                            &bks);
     TALER_cs_refresh_nonce_derive (
-      ps,
+      rms,
       i,
       &pd.blinded_planchet.details.cs_blinded_planchet.nonce);
     if (GNUNET_OK !=

src/lib/exchange_api_withdraw.c

@@ -66,7 +66,7 @@ struct TALER_EXCHANGE_WithdrawHandle
   /**
    * Seed of the planchet.
    */
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetMasterSecretP ps;
 
   /**
    *  blinding secret
@@ -247,7 +247,7 @@ TALER_EXCHANGE_withdraw (
   struct TALER_EXCHANGE_Handle *exchange,
   const struct TALER_EXCHANGE_DenomPublicKey *pk,
   const struct TALER_ReservePrivateKeyP *reserve_priv,
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_PlanchetMasterSecretP *ps,
   TALER_EXCHANGE_WithdrawCallback res_cb,
   void *res_cb_cls)
 {

src/testing/test_exchange_api.c

@@ -415,6 +415,16 @@ run (void *cls,
                                            "EUR:0.08",
                                            bc.exchange_payto,
                                            bc.user43_payto),
+    /* In case of CS, one transaction above succeeded that
+       failed for RSA, hence we need to check for an extra transfer here */
+    uses_cs
+    ? TALER_TESTING_cmd_check_bank_transfer ("check_bank_transfer-98c",
+                                             ec.exchange_url,
+                                             "EUR:0.98",
+                                             bc.exchange_payto,
+                                             bc.user42_payto)
+    : TALER_TESTING_cmd_sleep ("dummy",
+                               0),
     TALER_TESTING_cmd_check_bank_empty ("check_bank_empty"),
     TALER_TESTING_cmd_track_transaction ("deposit-wtid-ok",
                                          "deposit-simple",
@@ -865,11 +875,11 @@ run (void *cls,
                               MHD_HTTP_OK,
                               "recoup-withdraw-coin-2a",
                               config_file),
-    /* Check recoup is failing for the coin with the reused coin key */
+    /* Check recoup is failing for the coin with the reused coin key
+       (fails either because of denomination conflict (RSA) or
+       double-spending (CS))*/
     TALER_TESTING_cmd_recoup ("recoup-2x",
-                              uses_cs
+                              MHD_HTTP_CONFLICT,
-                              ? MHD_HTTP_OK
-                              : MHD_HTTP_CONFLICT,
                               "withdraw-coin-1x",
                               "EUR:1"),
     TALER_TESTING_cmd_recoup ("recoup-2",

src/testing/testing_api_cmd_insert_deposit.c

@@ -201,7 +201,7 @@ insert_deposit_run (void *cls,
     struct TALER_CoinPubHash c_hash;
     struct TALER_PlanchetDetail pd;
     struct TALER_BlindedDenominationSignature bds;
-    struct TALER_PlanchetSecretsP ps;
+    struct TALER_PlanchetMasterSecretP ps;
     struct TALER_ExchangeWithdrawValues alg_values;
     union TALER_DenominationBlindingKeyP bks;
 

src/testing/testing_api_cmd_recoup.c

@@ -239,7 +239,7 @@ recoup_run (void *cls,
   const struct TALER_CoinSpendPrivateKeyP *coin_priv;
   const struct TALER_EXCHANGE_DenomPublicKey *denom_pub;
   const struct TALER_DenominationSignature *coin_sig;
-  const struct TALER_PlanchetSecretsP *planchet;
+  const struct TALER_PlanchetMasterSecretP *planchet;
   char *cref;
   unsigned int idx;
   const struct TALER_ExchangeWithdrawValues *ewv;

src/testing/testing_api_cmd_refresh.c

@@ -130,7 +130,7 @@ struct RefreshMeltState
   /**
    * Entropy seed for the refresh-melt operation.
    */
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_RefreshMasterSecretP rms;
 
   /**
    * Private key of the dirty coin being melted.
@@ -218,7 +218,7 @@ struct RefreshRevealState
    * Array of @e num_fresh_coins planchet secrets derived
    * from the transfer secret per fresh coin.
    */
-  struct TALER_PlanchetSecretsP *psa;
+  struct TALER_PlanchetMasterSecretP *psa;
 
   /**
    * Interpreter state.
@@ -361,7 +361,7 @@ reveal_cb (void *cls,
            const struct TALER_EXCHANGE_HttpResponse *hr,
            unsigned int num_coins,
            const struct TALER_CoinSpendPrivateKeyP *coin_privs,
-           const struct TALER_PlanchetSecretsP *psa,
+           const struct TALER_PlanchetMasterSecretP *psa,
            const struct TALER_DenominationSignature *sigs)
 {
   struct RefreshRevealState *rrs = cls;
@@ -423,7 +423,7 @@ reveal_cb (void *cls,
   case MHD_HTTP_OK:
     rrs->psa = GNUNET_memdup (psa,
                               num_coins
-                              * sizeof (struct TALER_PlanchetSecretsP));
+                              * sizeof (struct TALER_PlanchetMasterSecretP));
     rrs->fresh_coins = GNUNET_new_array (num_coins,
                                          struct TALER_TESTING_FreshCoinData);
     for (unsigned int i = 0; i<num_coins; i++)
@@ -501,7 +501,7 @@ refresh_reveal_run (void *cls,
   // FIXME: use trait for 'rms'!
   rms = melt_cmd->cls;
   rrs->rrh = TALER_EXCHANGE_refreshes_reveal (is->exchange,
-                                              &rms->ps,
+                                              &rms->rms,
                                               &rms->refresh_data,
                                               rms->num_fresh_coins,
                                               rms->alg_values,
@@ -1008,7 +1008,7 @@ melt_cb (void *cls,
     TALER_LOG_DEBUG ("Doubling the melt (%s)\n",
                      rms->is->commands[rms->is->ip].label);
     rms->rmh = TALER_EXCHANGE_melt (rms->is->exchange,
-                                    &rms->ps,
+                                    &rms->rms,
                                     &rms->refresh_data,
                                     &melt_cb,
                                     rms);
@@ -1044,7 +1044,7 @@ melt_run (void *cls,
     melt_fresh_amounts = default_melt_fresh_amounts;
   rms->is = is;
   rms->noreveal_index = UINT16_MAX;
-  TALER_planchet_setup_random (&rms->ps);
+  TALER_refresh_master_setup_random (&rms->rms);
   for (num_fresh_coins = 0;
        NULL != melt_fresh_amounts[num_fresh_coins];
        num_fresh_coins++)
@@ -1145,7 +1145,7 @@ melt_run (void *cls,
     rms->refresh_data.fresh_pks = rms->fresh_pks;
     rms->refresh_data.fresh_pks_len = num_fresh_coins;
     rms->rmh = TALER_EXCHANGE_melt (is->exchange,
-                                    &rms->ps,
+                                    &rms->rms,
                                     &rms->refresh_data,
                                     &melt_cb,
                                     rms);
@@ -1233,7 +1233,7 @@ melt_traits (void *cls,
                                              &rms->bks[index]),
       TALER_TESTING_make_trait_exchange_wd_value (index,
                                                   &rms->alg_values[index]),
-      TALER_TESTING_make_trait_refresh_secret (&rms->ps),
+      TALER_TESTING_make_trait_refresh_secret (&rms->rms),
       TALER_TESTING_trait_end ()
     };
 

src/testing/testing_api_cmd_withdraw.c

@@ -129,7 +129,7 @@ struct WithdrawState
   /**
    * Private key material of the coin, set by the interpreter.
    */
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetMasterSecretP ps;
 
   /**
    * Reserve history entry that corresponds to this operation.
@@ -407,11 +407,11 @@ withdraw_run (void *cls,
                                 &ws->reserve_pub);
   if (NULL == ws->reuse_coin_key_ref)
   {
-    TALER_planchet_setup_random (&ws->ps);
+    TALER_planchet_master_setup_random (&ws->ps);
   }
   else
   {
-    const struct TALER_PlanchetSecretsP *ps;
+    const struct TALER_PlanchetMasterSecretP *ps;
     const struct TALER_TESTING_Command *cref;
     char *cstr;
     unsigned int index;

src/util/crypto.c

@@ -146,8 +146,8 @@ TALER_link_recover_transfer_secret (
 
 
 void
-TALER_planchet_setup_random (
+TALER_planchet_master_setup_random (
-  struct TALER_PlanchetSecretsP *ps)
+  struct TALER_PlanchetMasterSecretP *ps)
 {
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
                               ps,
@@ -155,11 +155,21 @@ TALER_planchet_setup_random (
 }
 
 
+void
+TALER_refresh_master_setup_random (
+  struct TALER_RefreshMasterSecretP *rms)
+{
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+                              rms,
+                              sizeof (*rms));
+}
+
+
 void
 TALER_transfer_secret_to_planchet_secret (
   const struct TALER_TransferSecretP *secret_seed,
   uint32_t coin_num_salt,
-  struct TALER_PlanchetSecretsP *ps)
+  struct TALER_PlanchetMasterSecretP *ps)
 {
   uint32_t be_salt = htonl (coin_num_salt);
 
@@ -178,7 +188,7 @@ TALER_transfer_secret_to_planchet_secret (
 
 void
 TALER_planchet_secret_to_transfer_priv (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_RefreshMasterSecretP *rms,
   uint32_t cnc_num,
   struct TALER_TransferPrivateKeyP *tpriv)
 {
@@ -189,8 +199,8 @@ TALER_planchet_secret_to_transfer_priv (
                                     sizeof (*tpriv),
                                     &be_salt,
                                     sizeof (be_salt),
-                                    ps,
+                                    rms,
-                                    sizeof (*ps),
+                                    sizeof (*rms),
                                     "taler-transfer-priv-derivation",
                                     strlen ("taler-transfer-priv-derivation"),
                                     NULL, 0));
@@ -199,7 +209,7 @@ TALER_planchet_secret_to_transfer_priv (
 
 void
 TALER_cs_withdraw_nonce_derive (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_PlanchetMasterSecretP *ps,
   struct TALER_CsNonce *nonce)
 {
   GNUNET_assert (GNUNET_YES ==
@@ -216,7 +226,7 @@ TALER_cs_withdraw_nonce_derive (
 
 void
 TALER_cs_refresh_nonce_derive (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_RefreshMasterSecretP *rms,
   uint32_t coin_num_salt,
   struct TALER_CsNonce *nonce)
 {
@@ -229,8 +239,8 @@ TALER_cs_refresh_nonce_derive (
                                     sizeof (be_salt),
                                     "refresh-n", // FIXME: value used in spec?
                                     strlen ("refresh-n"),
-                                    ps,
+                                    rms,
-                                    sizeof(*ps),
+                                    sizeof(*rms),
                                     NULL,
                                     0));
 }
@@ -238,7 +248,7 @@ TALER_cs_refresh_nonce_derive (
 
 void
 TALER_planchet_blinding_secret_create (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_PlanchetMasterSecretP *ps,
   const struct TALER_ExchangeWithdrawValues *alg_values,
   union TALER_DenominationBlindingKeyP *bks)
 {
@@ -280,7 +290,7 @@ TALER_planchet_blinding_secret_create (
 // FIXME: move to denom.c?
 void
 TALER_planchet_setup_coin_priv (
-  const struct TALER_PlanchetSecretsP *ps,
+  const struct TALER_PlanchetMasterSecretP *ps,
   const struct TALER_ExchangeWithdrawValues *alg_values,
   struct TALER_CoinSpendPrivateKeyP *coin_priv)
 {
@@ -305,8 +315,8 @@ TALER_planchet_setup_coin_priv (
                                       strlen ("coin"),
                                       ps,
                                       sizeof(*ps),
-                                      &alg_values->details,    /* Could be null on RSA case*/
+                                      &alg_values->details.cs_values,
-                                      sizeof(alg_values->details),
+                                      sizeof(alg_values->details.cs_values),
                                       NULL,
                                       0));
     break;
@@ -512,11 +522,22 @@ TALER_coin_ev_hash (const struct TALER_BlindedPlanchet *blinded_planchet,
        nonce here; if we omit this, we could skip sending
        the nonce in the /recoup protocol. OTOH, there is
        certainly no further harm (beyond the extra
-       bytes send on /recoup) from including it. */
+       bytes send on /recoup) from including it.
+       ****
+       UPDATE: hashing 'nonce' here kills link, as
+       link does not HAVE the 'rms' to derive the nonce
+       from! (see FIXME_OMIT in exchange_api_link.c)
+       ***
+       => either figure elegant way to resolve this,
+       or omit hashing nonce and ALSO skip sending
+       nonce in /recoup!
+    */
+#if FIXME_OMIT
     GNUNET_CRYPTO_hash_context_read (
       hash_context,
       &blinded_planchet->details.cs_blinded_planchet.nonce,
       sizeof (blinded_planchet->details.cs_blinded_planchet.nonce));
+#endif
     GNUNET_CRYPTO_hash_context_read (
       hash_context,
       &blinded_planchet->details.cs_blinded_planchet.c[0],

src/util/test_crypto.c

@@ -42,8 +42,8 @@ test_high_level (void)
   union TALER_DenominationBlindingKeyP bks2;
   struct TALER_CoinSpendPrivateKeyP coin_priv1;
   struct TALER_CoinSpendPrivateKeyP coin_priv2;
-  struct TALER_PlanchetSecretsP ps1;
+  struct TALER_PlanchetMasterSecretP ps1;
-  struct TALER_PlanchetSecretsP ps2;
+  struct TALER_PlanchetMasterSecretP ps2;
   struct TALER_ExchangeWithdrawValues alg1;
   struct TALER_ExchangeWithdrawValues alg2;
 
@@ -110,7 +110,7 @@ test_high_level (void)
 static int
 test_planchets_rsa (void)
 {
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetMasterSecretP ps;
   struct TALER_CoinSpendPrivateKeyP coin_priv;
   union TALER_DenominationBlindingKeyP bks;
   struct TALER_DenominationPrivateKey dk_priv;
@@ -184,7 +184,7 @@ test_planchets_rsa (void)
 static int
 test_planchets_cs (void)
 {
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetMasterSecretP ps;
   struct TALER_CoinSpendPrivateKeyP coin_priv;
   union TALER_DenominationBlindingKeyP bks;
   struct TALER_DenominationPrivateKey dk_priv;

src/util/test_helper_cs.c

@@ -266,20 +266,20 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh)
 {
   enum TALER_ErrorCode ec;
   bool success = false;
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetMasterSecretP ps;
   struct TALER_CoinSpendPrivateKeyP coin_priv;
   union TALER_DenominationBlindingKeyP bks;
   struct TALER_CoinPubHash c_hash;
   struct TALER_ExchangeWithdrawValues alg_values;
 
-  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+  TALER_planchet_master_setup_random (&ps);
-                              &ps,
-                              sizeof (ps));
-
   alg_values.cipher = TALER_DENOMINATION_CS;
-  TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
+  TALER_planchet_setup_coin_priv (&ps,
-  TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks);
+                                  &alg_values,
-
+                                  &coin_priv);
+  TALER_planchet_blinding_secret_create (&ps,
+                                         &alg_values,
+                                         &bks);
   for (unsigned int i = 0; i<MAX_KEYS; i++)
   {
     struct TALER_PlanchetDetail pd;
@@ -417,16 +417,13 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
   struct TALER_BlindedDenominationSignature ds;
   enum TALER_ErrorCode ec;
   bool success = false;
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetMasterSecretP ps;
   struct TALER_CoinSpendPrivateKeyP coin_priv;
   union TALER_DenominationBlindingKeyP bks;
   struct TALER_CoinPubHash c_hash;
   struct TALER_ExchangeWithdrawValues alg_values;
 
-  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+  TALER_planchet_master_setup_random (&ps);
-                              &ps,
-                              sizeof (ps));
-
   alg_values.cipher = TALER_DENOMINATION_CS;
   TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
   TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks);
@@ -593,15 +590,12 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh,
   struct TALER_BlindedDenominationSignature ds;
   enum TALER_ErrorCode ec;
   struct GNUNET_TIME_Relative duration;
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetMasterSecretP ps;
   struct TALER_CoinSpendPrivateKeyP coin_priv;
   union TALER_DenominationBlindingKeyP bks;
   struct TALER_ExchangeWithdrawValues alg_values;
 
-
+  TALER_planchet_master_setup_random (&ps);
-  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
-                              &ps,
-                              sizeof (ps));
   alg_values.cipher = TALER_DENOMINATION_CS;
   TALER_planchet_setup_coin_priv (&ps,
                                   &alg_values,

src/util/test_helper_rsa.c

@@ -267,7 +267,7 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh)
   struct TALER_BlindedDenominationSignature ds;
   enum TALER_ErrorCode ec;
   bool success = false;
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetMasterSecretP ps;
   struct TALER_ExchangeWithdrawValues alg_values;
   struct TALER_CoinPubHash c_hash;
   struct TALER_CoinSpendPrivateKeyP coin_priv;
@@ -438,15 +438,12 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh,
   struct TALER_BlindedDenominationSignature ds;
   enum TALER_ErrorCode ec;
   struct GNUNET_TIME_Relative duration;
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetMasterSecretP ps;
   struct TALER_CoinSpendPrivateKeyP coin_priv;
   union TALER_DenominationBlindingKeyP bks;
   struct TALER_ExchangeWithdrawValues alg_values;
 
-  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+  TALER_planchet_master_setup_random (&ps);
-                              &ps,
-                              sizeof (ps));
-
   alg_values.cipher = TALER_DENOMINATION_RSA;
   TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
   TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks);