-clean up crypto

src/include/taler_crypto_lib.h

@@ -1146,10 +1146,12 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
  * Unblind blinded signature.
  *
  * @param[out] denom_sig where to write the unblinded signature
+ * @param dk denomination public key
  * @param bdenom_sig the blinded signature
  * @param bks blinding secret to use
- * @param denom_pub public key used for signing
+ * @param c_hash hash of the coin's public key for verification of the signature
  * @param alg_values algorithm specific values
+ * @param denom_pub public key used for signing
  * @return #GNUNET_OK on success
  */
 enum GNUNET_GenericReturnValue
@@ -1157,6 +1159,8 @@ TALER_denom_sig_unblind (
   struct TALER_DenominationSignature *denom_sig,
   const struct TALER_BlindedDenominationSignature *bdenom_sig,
   const union TALER_DenominationBlindingKeyP *bks,
+  const struct TALER_CoinPubHash *c_hash,
+  const struct TALER_ExchangeWithdrawValues *alg_values,
   const struct TALER_DenominationPublicKey *denom_pub);
 
 

src/util/crypto.c

@@ -398,6 +398,8 @@ TALER_planchet_to_coin (
       TALER_denom_sig_unblind (&coin->sig,
                                blind_sig,
                                bks,
+                               c_hash,
+                               alg_values,
                                dk))
   {
     GNUNET_break_op (0);

src/util/denom.c

@@ -170,6 +170,8 @@ TALER_denom_sig_unblind (
   struct TALER_DenominationSignature *denom_sig,
   const struct TALER_BlindedDenominationSignature *bdenom_sig,
   const union TALER_DenominationBlindingKeyP *bks,
+  const struct TALER_CoinPubHash *c_hash,
+  const struct TALER_ExchangeWithdrawValues *alg_values,
   const struct TALER_DenominationPublicKey *denom_pub)
 {
   if (bdenom_sig->cipher != denom_pub->cipher)
@@ -198,9 +200,21 @@ TALER_denom_sig_unblind (
   case TALER_DENOMINATION_CS:
     {
       struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
+      struct GNUNET_CRYPTO_CsC c[2];
+      struct TALER_DenominationCSPublicRPairP r_pub_blind;
 
       GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce,
                                                 bs);
+      GNUNET_CRYPTO_cs_calc_blinded_c (
+        bs,
+        alg_values->details.cs_values.r_pub_pair.r_pub,
+        &denom_pub->details.cs_public_key,
+        &c_hash->hash,
+        sizeof(struct GNUNET_HashCode),
+        c,
+        r_pub_blind.r_pub);
+      denom_sig->details.cs_signature.r_point
+        = r_pub_blind.r_pub[bdenom_sig->details.blinded_cs_answer.b];
       GNUNET_CRYPTO_cs_unblind (&bdenom_sig->details.blinded_cs_answer.s_scalar,
                                 &bs[bdenom_sig->details.blinded_cs_answer.b],
                                 &denom_sig->details.cs_signature.s_scalar);

src/util/test_helper_rsa.c

@@ -341,6 +341,8 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh)
             TALER_denom_sig_unblind (&rs,
                                      &ds,
                                      &bks,
+                                     &c_hash,
+                                     &alg_values,
                                      &keys[i].denom_pub))
         {
           GNUNET_break (0);