-simplify: nonce no longer hashed

src/exchange/taler-exchange-httpd_keys.c

@@ -874,7 +874,6 @@ helper_rsa_cb (
               GNUNET_STRINGS_relative_time_to_string (validity_duration,
                                                       GNUNET_NO));
   key_generation++;
-  // FIXME: wait for sync?
   TEH_resume_keys_requests (false);
   hd = GNUNET_CONTAINER_multihashmap_get (hs->rsa_keys,
                                           &h_rsa->hash);
@@ -956,7 +955,6 @@ helper_cs_cb (
               GNUNET_STRINGS_relative_time_to_string (validity_duration,
                                                       GNUNET_NO));
   key_generation++;
-  // FIXME: wait for sync?
   TEH_resume_keys_requests (false);
   hd = GNUNET_CONTAINER_multihashmap_get (hs->cs_keys,
                                           &h_cs->hash);

src/exchange/taler-exchange-httpd_recoup-refresh.c

@@ -174,7 +174,6 @@ verify_and_execute_recoup_refresh (
   const struct TALER_CoinPublicInfo *coin,
   const struct TALER_ExchangeWithdrawValues *exchange_vals,
   const union TALER_DenominationBlindingKeyP *coin_bks,
-  const struct TALER_CsNonce *nonce,
   const struct TALER_CoinSpendSignatureP *coin_sig)
 {
   struct RecoupContext pc;
@@ -264,9 +263,6 @@ verify_and_execute_recoup_refresh (
         TALER_EC_EXCHANGE_RECOUP_REFRESH_BLINDING_FAILED,
         NULL);
     }
-    if (TALER_DENOMINATION_CS == blinded_planchet.cipher)
-      blinded_planchet.details.cs_blinded_planchet.nonce
-        = *nonce;
     TALER_coin_ev_hash (&blinded_planchet,
                         &coin->denom_pub_hash,
                         &h_blind);
@@ -364,7 +360,6 @@ TEH_handler_recoup_refresh (struct MHD_Connection *connection,
   union TALER_DenominationBlindingKeyP coin_bks;
   struct TALER_CoinSpendSignatureP coin_sig;
   struct TALER_ExchangeWithdrawValues exchange_vals;
-  struct TALER_CsNonce nonce;
   struct GNUNET_JSON_Specification spec[] = {
     GNUNET_JSON_spec_fixed_auto ("denom_pub_hash",
                                  &coin.denom_pub_hash),
@@ -376,18 +371,12 @@ TEH_handler_recoup_refresh (struct MHD_Connection *connection,
                                  &coin_bks),
     GNUNET_JSON_spec_fixed_auto ("coin_sig",
                                  &coin_sig),
-    GNUNET_JSON_spec_mark_optional (
-      GNUNET_JSON_spec_fixed_auto ("cs-nonce",
-                                   &nonce)),
     GNUNET_JSON_spec_end ()
   };
 
   memset (&coin,
           0,
           sizeof (coin));
-  memset (&nonce,
-          0,
-          sizeof (nonce));
   coin.coin_pub = *coin_pub;
   ret = TALER_MHD_parse_json_data (connection,
                                    root,
@@ -403,7 +392,6 @@ TEH_handler_recoup_refresh (struct MHD_Connection *connection,
                                              &coin,
                                              &exchange_vals,
                                              &coin_bks,
-                                             &nonce,
                                              &coin_sig);
     GNUNET_JSON_parse_free (spec);
     return res;

src/exchange/taler-exchange-httpd_recoup.c

@@ -177,7 +177,6 @@ verify_and_execute_recoup (
   const struct TALER_CoinPublicInfo *coin,
   const struct TALER_ExchangeWithdrawValues *exchange_vals,
   const union TALER_DenominationBlindingKeyP *coin_bks,
-  const struct TALER_CsNonce *nonce,
   const struct TALER_CoinSpendSignatureP *coin_sig)
 {
   struct RecoupContext pc;
@@ -269,9 +268,6 @@ verify_and_execute_recoup (
         TALER_EC_EXCHANGE_RECOUP_BLINDING_FAILED,
         NULL);
     }
-    if (TALER_DENOMINATION_CS == blinded_planchet.cipher)
-      blinded_planchet.details.cs_blinded_planchet.nonce
-        = *nonce;
     if (GNUNET_OK !=
         TALER_coin_ev_hash (&blinded_planchet,
                             &coin->denom_pub_hash,
@@ -377,7 +373,6 @@ TEH_handler_recoup (struct MHD_Connection *connection,
   union TALER_DenominationBlindingKeyP coin_bks;
   struct TALER_CoinSpendSignatureP coin_sig;
   struct TALER_ExchangeWithdrawValues exchange_vals;
-  struct TALER_CsNonce nonce;
   struct GNUNET_JSON_Specification spec[] = {
     GNUNET_JSON_spec_fixed_auto ("denom_pub_hash",
                                  &coin.denom_pub_hash),
@@ -389,18 +384,12 @@ TEH_handler_recoup (struct MHD_Connection *connection,
                                  &coin_bks),
     GNUNET_JSON_spec_fixed_auto ("coin_sig",
                                  &coin_sig),
-    GNUNET_JSON_spec_mark_optional (
-      GNUNET_JSON_spec_fixed_auto ("cs-nonce",
-                                   &nonce)),
     GNUNET_JSON_spec_end ()
   };
 
   memset (&coin,
           0,
           sizeof (coin));
-  memset (&nonce,
-          0,
-          sizeof (nonce));
   coin.coin_pub = *coin_pub;
   ret = TALER_MHD_parse_json_data (connection,
                                    root,
@@ -419,7 +408,6 @@ TEH_handler_recoup (struct MHD_Connection *connection,
                                      &coin,
                                      &exchange_vals,
                                      &coin_bks,
-                                     &nonce,
                                      &coin_sig);
     GNUNET_JSON_parse_free (spec);
     return res;

src/exchangedb/test_exchangedb.c

@@ -1352,7 +1352,7 @@ run (void *cls)
   struct TALER_DenominationPublicKey *new_denom_pubs = NULL;
   uint64_t reserve_out_serial_id;
   uint64_t melt_serial_id;
-  struct TALER_PlanchetSecretsP ps;
+  struct TALER_PlanchetMasterSecretP ps;
   union TALER_DenominationBlindingKeyP bks;
   struct TALER_ExchangeWithdrawValues alg_values = {
     /* RSA is simpler, and for the DB there is no real difference between

src/lib/exchange_api_link.c

@@ -169,21 +169,6 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
 
     GNUNET_CRYPTO_eddsa_key_get_public (&lh->coin_priv.eddsa_priv,
                                         &old_coin_pub.eddsa_pub);
-    // FIXME-NEXT: this is probably the wrong 'ps'!
-    // However, the 'right' PS is not something the
-    // exchange could even give us. So probably we
-    // really need to change the derivation structure
-    // during refresh to derive the nonces differently
-    // and make /link possible!
-    /* FIXME: we cannot get the 'rms' here, and
-       if the TALER_coin_ev_hash() includes that 'nonce',
-       we are screwed on/link. */
-#if FIXME_OMIT
-    TALER_cs_refresh_nonce_derive (
-      &ps,
-      coin_idx,
-      &pd.blinded_planchet.details.cs_blinded_planchet.nonce);
-#endif
     TALER_coin_ev_hash (&pd.blinded_planchet,
                         &pd.denom_pub_hash,
                         &coin_envelope_hash);

src/lib/exchange_api_recoup.c

@@ -329,25 +329,6 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange,
                                 &coin_sig),
     GNUNET_JSON_pack_data_auto ("coin_blind_key_secret",
                                 &bks));
-  if (TALER_DENOMINATION_CS == denom_sig->cipher)
-  {
-    struct TALER_CsNonce nonce;
-
-    // FIXME: add this to the spec!
-    /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash()
-       it is not strictly clear that the nonce is needed. Best case would be
-       to find a way to include it more 'naturally' somehow, for example with
-       the variant union version of bks! */
-    TALER_cs_withdraw_nonce_derive (ps,
-                                    &nonce);
-    GNUNET_assert (
-      0 ==
-      json_object_set_new (recoup_obj,
-                           "cs-nonce",
-                           GNUNET_JSON_from_data_auto (
-                             &nonce)));
-  }
-
   {
     char pub_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2];
     char *end;

src/lib/exchange_api_recoup_refresh.c

@@ -333,27 +333,6 @@ TALER_EXCHANGE_recoup_refresh (
                                 &coin_sig),
     GNUNET_JSON_pack_data_auto ("coin_blind_key_secret",
                                 &bks));
-
-  if (TALER_DENOMINATION_CS == denom_sig->cipher)
-  {
-    struct TALER_CsNonce nonce;
-
-    // FIXME: add this to the spec!
-    /* NOTE: this is not elegant, and as per the note in TALER_coin_ev_hash()
-       it is not strictly clear that the nonce is needed. Best case would be
-       to find a way to include it more 'naturally' somehow, for example with
-       the variant union version of bks! */
-    TALER_cs_refresh_nonce_derive (rms,
-                                   idx,
-                                   &nonce);
-    GNUNET_assert (
-      0 ==
-      json_object_set_new (recoup_obj,
-                           "cs-nonce",
-                           GNUNET_JSON_from_data_auto (
-                             &nonce)));
-  }
-
   {
     char pub_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2];
     char *end;

src/util/crypto.c

@@ -518,26 +518,8 @@ TALER_coin_ev_hash (const struct TALER_BlindedPlanchet *blinded_planchet,
       blinded_planchet->details.rsa_blinded_planchet.blinded_msg_size);
     break;
   case TALER_DENOMINATION_CS:
-    /* NOTE: it is not obvious that we need to hash the
+    // FIXME: simplifies once 'nonce' is removed
-       nonce here; if we omit this, we could skip sending
+    // from TALER_BlindedCsPlanchet!
-       the nonce in the /recoup protocol. OTOH, there is
-       certainly no further harm (beyond the extra
-       bytes send on /recoup) from including it.
-       ****
-       UPDATE: hashing 'nonce' here kills link, as
-       link does not HAVE the 'rms' to derive the nonce
-       from! (see FIXME_OMIT in exchange_api_link.c)
-       ***
-       => either figure elegant way to resolve this,
-       or omit hashing nonce and ALSO skip sending
-       nonce in /recoup!
-    */
-#if FIXME_OMIT
-    GNUNET_CRYPTO_hash_context_read (
-      hash_context,
-      &blinded_planchet->details.cs_blinded_planchet.nonce,
-      sizeof (blinded_planchet->details.cs_blinded_planchet.nonce));
-#endif
     GNUNET_CRYPTO_hash_context_read (
       hash_context,
       &blinded_planchet->details.cs_blinded_planchet.c[0],