diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 89aa6ba81..244333735 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -1146,10 +1146,12 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, * Unblind blinded signature. * * @param[out] denom_sig where to write the unblinded signature + * @param dk denomination public key * @param bdenom_sig the blinded signature * @param bks blinding secret to use - * @param denom_pub public key used for signing + * @param c_hash hash of the coin's public key for verification of the signature * @param alg_values algorithm specific values + * @param denom_pub public key used for signing * @return #GNUNET_OK on success */ enum GNUNET_GenericReturnValue @@ -1157,6 +1159,8 @@ TALER_denom_sig_unblind ( struct TALER_DenominationSignature *denom_sig, const struct TALER_BlindedDenominationSignature *bdenom_sig, const union TALER_DenominationBlindingKeyP *bks, + const struct TALER_CoinPubHash *c_hash, + const struct TALER_ExchangeWithdrawValues *alg_values, const struct TALER_DenominationPublicKey *denom_pub); diff --git a/src/util/crypto.c b/src/util/crypto.c index b80cb53cd..5a7dbfeee 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -398,6 +398,8 @@ TALER_planchet_to_coin ( TALER_denom_sig_unblind (&coin->sig, blind_sig, bks, + c_hash, + alg_values, dk)) { GNUNET_break_op (0); diff --git a/src/util/denom.c b/src/util/denom.c index 4382a9df3..b0982c008 100644 --- a/src/util/denom.c +++ b/src/util/denom.c @@ -170,6 +170,8 @@ TALER_denom_sig_unblind ( struct TALER_DenominationSignature *denom_sig, const struct TALER_BlindedDenominationSignature *bdenom_sig, const union TALER_DenominationBlindingKeyP *bks, + const struct TALER_CoinPubHash *c_hash, + const struct TALER_ExchangeWithdrawValues *alg_values, const struct TALER_DenominationPublicKey *denom_pub) { if (bdenom_sig->cipher != denom_pub->cipher) @@ -198,9 +200,21 @@ TALER_denom_sig_unblind ( case TALER_DENOMINATION_CS: { struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; + struct GNUNET_CRYPTO_CsC c[2]; + struct TALER_DenominationCSPublicRPairP r_pub_blind; GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, bs); + GNUNET_CRYPTO_cs_calc_blinded_c ( + bs, + alg_values->details.cs_values.r_pub_pair.r_pub, + &denom_pub->details.cs_public_key, + &c_hash->hash, + sizeof(struct GNUNET_HashCode), + c, + r_pub_blind.r_pub); + denom_sig->details.cs_signature.r_point + = r_pub_blind.r_pub[bdenom_sig->details.blinded_cs_answer.b]; GNUNET_CRYPTO_cs_unblind (&bdenom_sig->details.blinded_cs_answer.s_scalar, &bs[bdenom_sig->details.blinded_cs_answer.b], &denom_sig->details.cs_signature.s_scalar); diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c index f51861d41..f3a52576f 100644 --- a/src/util/test_helper_rsa.c +++ b/src/util/test_helper_rsa.c @@ -341,6 +341,8 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh) TALER_denom_sig_unblind (&rs, &ds, &bks, + &c_hash, + &alg_values, &keys[i].denom_pub)) { GNUNET_break (0);