-fixes

contrib/gana

@@ -1 +1 @@
-Subproject commit 17555514bd2866e0d45b23e4a1c198415205c8f2
+Subproject commit 8c7d9be40ba627348da3e01b91b4f1d3cc78631f

src/auditor/taler-helper-auditor-coins.c

@@ -1922,7 +1922,7 @@ check_recoup (struct CoinContext *cc,
               const struct TALER_CoinPublicInfo *coin,
               const struct TALER_DenominationPublicKey *denom_pub,
               const struct TALER_CoinSpendSignatureP *coin_sig,
-              const struct TALER_DenominationBlindingKeyP *coin_blind)
+              const union TALER_DenominationBlindingKeyP *coin_blind)
 {
   struct DenominationSummary *ds;
   enum GNUNET_DB_QueryStatus qs;
@@ -2076,7 +2076,7 @@ recoup_cb (void *cls,
            const struct TALER_CoinPublicInfo *coin,
            const struct TALER_DenominationPublicKey *denom_pub,
            const struct TALER_CoinSpendSignatureP *coin_sig,
-           const struct TALER_DenominationBlindingKeyP *coin_blind)
+           const union TALER_DenominationBlindingKeyP *coin_blind)
 {
   struct CoinContext *cc = cls;
 
@@ -2121,7 +2121,7 @@ recoup_refresh_cb (void *cls,
                    const struct TALER_CoinPublicInfo *coin,
                    const struct TALER_DenominationPublicKey *denom_pub,
                    const struct TALER_CoinSpendSignatureP *coin_sig,
-                   const struct TALER_DenominationBlindingKeyP *coin_blind)
+                   const union TALER_DenominationBlindingKeyP *coin_blind)
 {
   struct CoinContext *cc = cls;
   const struct TALER_DenominationKeyValidityPS *issue;

src/auditor/taler-helper-auditor-reserves.c

@@ -689,7 +689,7 @@ handle_recoup_by_reserve (
   const struct TALER_CoinPublicInfo *coin,
   const struct TALER_DenominationPublicKey *denom_pub,
   const struct TALER_CoinSpendSignatureP *coin_sig,
-  const struct TALER_DenominationBlindingKeyP *coin_blind)
+  const union TALER_DenominationBlindingKeyP *coin_blind)
 {
   struct ReserveContext *rc = cls;
   struct GNUNET_HashCode key;

src/exchange/taler-exchange-httpd_recoup.c

@@ -56,7 +56,7 @@ struct RecoupContext
   /**
    * Key used to blind the coin.
    */
-  const struct TALER_DenominationBlindingKeyP *coin_bks;
+  const union TALER_DenominationBlindingKeyP *coin_bks;
 
   /**
    * Signature of the coin requesting recoup.
@@ -345,7 +345,7 @@ static MHD_RESULT
 verify_and_execute_recoup (
   struct MHD_Connection *connection,
   const struct TALER_CoinPublicInfo *coin,
-  const struct TALER_DenominationBlindingKeyP *coin_bks,
+  const union TALER_DenominationBlindingKeyP *coin_bks,
   const struct TALER_CoinSpendSignatureP *coin_sig,
   int refreshed)
 {
@@ -446,9 +446,10 @@ verify_and_execute_recoup (
                        &c_hash);
   GNUNET_assert (dk->denom_pub.cipher ==
                  TALER_DENOMINATION_RSA);
+  // FIXME-RSA migration...
   if (GNUNET_YES !=
       TALER_rsa_blind (&c_hash,
-                       &coin_bks->bks,
+                       &coin_bks->rsa_bks,
                        dk->denom_pub.details.rsa_public_key,
                        &coin_ev,
                        &coin_ev_size))
@@ -517,7 +518,7 @@ TEH_handler_recoup (struct MHD_Connection *connection,
 {
   enum GNUNET_GenericReturnValue ret;
   struct TALER_CoinPublicInfo coin;
-  struct TALER_DenominationBlindingKeyP coin_bks;
+  union TALER_DenominationBlindingKeyP coin_bks;
   struct TALER_CoinSpendSignatureP coin_sig;
   int refreshed = GNUNET_NO;
   struct GNUNET_JSON_Specification spec[] = {

src/exchangedb/plugin_exchangedb_postgres.c

@@ -9032,7 +9032,7 @@ recoup_serial_helper_cb (void *cls,
     struct TALER_ReservePublicKeyP reserve_pub;
     struct TALER_CoinPublicInfo coin;
     struct TALER_CoinSpendSignatureP coin_sig;
-    struct TALER_DenominationBlindingKeyP coin_blind;
+    union TALER_DenominationBlindingKeyP coin_blind;
     struct TALER_Amount amount;
     struct TALER_DenominationPublicKey denom_pub;
     struct TALER_BlindedCoinHash h_blind_ev;
@@ -9180,7 +9180,7 @@ recoup_refresh_serial_helper_cb (void *cls,
     struct TALER_CoinSpendPublicKeyP old_coin_pub;
     struct TALER_CoinPublicInfo coin;
     struct TALER_CoinSpendSignatureP coin_sig;
-    struct TALER_DenominationBlindingKeyP coin_blind;
+    union TALER_DenominationBlindingKeyP coin_blind;
     struct TALER_DenominationPublicKey denom_pub;
     struct TALER_DenominationHash old_denom_pub_hash;
     struct TALER_Amount amount;
@@ -9441,7 +9441,7 @@ postgres_insert_recoup_request (
   const struct TALER_ReservePublicKeyP *reserve_pub,
   const struct TALER_CoinPublicInfo *coin,
   const struct TALER_CoinSpendSignatureP *coin_sig,
-  const struct TALER_DenominationBlindingKeyP *coin_blind,
+  const union TALER_DenominationBlindingKeyP *coin_blind,
   const struct TALER_Amount *amount,
   const struct TALER_BlindedCoinHash *h_blind_ev,
   struct GNUNET_TIME_Absolute timestamp)
@@ -9533,7 +9533,7 @@ postgres_insert_recoup_refresh_request (
   void *cls,
   const struct TALER_CoinPublicInfo *coin,
   const struct TALER_CoinSpendSignatureP *coin_sig,
-  const struct TALER_DenominationBlindingKeyP *coin_blind,
+  const union TALER_DenominationBlindingKeyP *coin_blind,
   const struct TALER_Amount *amount,
   const struct TALER_BlindedCoinHash *h_blind_ev,
   struct GNUNET_TIME_Absolute timestamp)

src/exchangedb/test_exchangedb.c

@@ -1344,9 +1344,9 @@ recoup_cb (void *cls,
            const struct TALER_CoinPublicInfo *coin,
            const struct TALER_DenominationPublicKey *denom_pub,
            const struct TALER_CoinSpendSignatureP *coin_sig,
-           const struct TALER_DenominationBlindingKeyP *coin_blind)
+           const union TALER_DenominationBlindingKeyP *coin_blind)
 {
-  const struct TALER_DenominationBlindingKeyP *cb = cls;
+  const union TALER_DenominationBlindingKeyP *cb = cls;
 
   FAILIF (NULL == cb);
   FAILIF (0 != GNUNET_memcmp (cb,
@@ -1445,7 +1445,7 @@ run (void *cls)
   struct GNUNET_CONFIGURATION_Handle *cfg = cls;
   struct TALER_CoinSpendSignatureP coin_sig;
   struct GNUNET_TIME_Absolute deadline;
-  struct TALER_DenominationBlindingKeyP coin_blind;
+  union TALER_DenominationBlindingKeyP coin_blind;
   struct TALER_ReservePublicKeyP reserve_pub;
   struct TALER_ReservePublicKeyP reserve_pub2;
   struct DenomKeyPair *dkp;

src/include/taler_crypto_lib.h

@@ -324,13 +324,12 @@ struct TALER_CoinSpendSignatureP
 /**
  * @brief Type of blinding keys for Taler.
  */
-struct TALER_DenominationBlindingKeyP
+union TALER_DenominationBlindingKeyP
 {
-  // FIXME: RSA migration!
   /**
    * Taler uses RSA for blind signatures.
    */
-  struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
+  struct GNUNET_CRYPTO_RsaBlindingKeySecret rsa_bks;
 };
 
 
@@ -588,29 +587,6 @@ struct TALER_DenominationPublicKey
 };
 
 
-/**
- * Client-side secrets for blinding.
- */
-struct TALER_BlindingSecret
-{
-
-  /**
-   * Type of the blinding secret.
-   */
-  enum TALER_DenominationCipher cipher;
-
-  union
-  {
-
-    /**
-     * Blinding key secret for RSA.
-     */
-    struct GNUNET_CRYPTO_RsaBlindingKeySecret rsa_bks;
-
-  } details;
-};
-
-
 /**
  * @brief Type of private signing keys for blind signing of coins.
  */
@@ -704,22 +680,10 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
 /**
  * Create a blinding secret @a bs for @a cipher.
  *
- * @param[out] blinding secret to initialize
+ * @param[out] bs blinding secret to initialize
- * @param cipher cipher to create blinding secret for
- */
-enum GNUNET_GenericReturnValue
-TALER_blinding_secret_create (struct TALER_BlindingSecret *bs,
-                              enum TALER_DenominationCipher cipher,
-                              ...);
-
-
-/**
- * Release memory inside of a blinding secret @a bs.
- *
- * @param[in] blinding secret to free
  */
 void
-TALER_blinding_secret_free (struct TALER_BlindingSecret *bs);
+TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs);
 
 
 /**
@@ -786,10 +750,10 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
  * @return #GNUNET_OK on success
  */
 enum GNUNET_GenericReturnValue
-TALER_denom_sig_unblind (struct TALER_DenominationSignature *denom_sig,
+TALER_denom_sig_unblind (
-                         const struct
+  struct TALER_DenominationSignature *denom_sig,
-                         TALER_BlindedDenominationSignature *bdenom_sig,
+  const struct TALER_BlindedDenominationSignature *bdenom_sig,
-                         const struct TALER_BlindingSecret *bks,
+  const union TALER_DenominationBlindingKeyP *bks,
   const struct TALER_DenominationPublicKey *denom_pub);
 
 
@@ -986,8 +950,7 @@ struct TALER_PlanchetSecretsP
   /**
    * The blinding key.
    */
-  struct TALER_DenominationBlindingKeyP blinding_key;
+  union TALER_DenominationBlindingKeyP blinding_key;
-  // FIXME: RSA migration on generation!
 
 };
 

src/include/taler_exchangedb_plugin.h

@@ -368,7 +368,7 @@ struct TALER_EXCHANGEDB_TableData
     {
       uint64_t known_coin_id;
       struct TALER_CoinSpendSignatureP coin_sig;
-      struct TALER_DenominationBlindingKeyP coin_blind;
+      union TALER_DenominationBlindingKeyP coin_blind;
       struct TALER_Amount amount;
       struct GNUNET_TIME_Absolute timestamp;
       uint64_t reserve_out_serial_id;
@@ -378,7 +378,7 @@ struct TALER_EXCHANGEDB_TableData
     {
       uint64_t known_coin_id;
       struct TALER_CoinSpendSignatureP coin_sig;
-      struct TALER_DenominationBlindingKeyP coin_blind;
+      union TALER_DenominationBlindingKeyP coin_blind;
       struct TALER_Amount amount;
       struct GNUNET_TIME_Absolute timestamp;
       uint64_t rrc_serial;
@@ -762,7 +762,7 @@ struct TALER_EXCHANGEDB_Recoup
    * Blinding factor supplied to prove to the exchange that
    * the coin came from this reserve.
    */
-  struct TALER_DenominationBlindingKeyP coin_blind;
+  union TALER_DenominationBlindingKeyP coin_blind;
 
   /**
    * Signature of the coin of type
@@ -799,7 +799,7 @@ struct TALER_EXCHANGEDB_RecoupListEntry
    * Blinding factor supplied to prove to the exchange that
    * the coin came from this reserve.
    */
-  struct TALER_DenominationBlindingKeyP coin_blind;
+  union TALER_DenominationBlindingKeyP coin_blind;
 
   /**
    * Signature of the coin of type
@@ -847,7 +847,7 @@ struct TALER_EXCHANGEDB_RecoupRefreshListEntry
    * Blinding factor supplied to prove to the exchange that
    * the coin came from this @e old_coin_pub.
    */
-  struct TALER_DenominationBlindingKeyP coin_blind;
+  union TALER_DenominationBlindingKeyP coin_blind;
 
   /**
    * Signature of the coin of type
@@ -1930,7 +1930,7 @@ typedef enum GNUNET_GenericReturnValue
   const struct TALER_CoinPublicInfo *coin,
   const struct TALER_DenominationPublicKey *denom_pub,
   const struct TALER_CoinSpendSignatureP *coin_sig,
-  const struct TALER_DenominationBlindingKeyP *coin_blind);
+  const union TALER_DenominationBlindingKeyP *coin_blind);
 
 
 /**
@@ -1960,7 +1960,7 @@ typedef enum GNUNET_GenericReturnValue
   const struct TALER_CoinPublicInfo *coin,
   const struct TALER_DenominationPublicKey *denom_pub,
   const struct TALER_CoinSpendSignatureP *coin_sig,
-  const struct TALER_DenominationBlindingKeyP *coin_blind);
+  const union TALER_DenominationBlindingKeyP *coin_blind);
 
 
 /**
@@ -2038,7 +2038,7 @@ typedef void
   uint64_t rowid,
   const struct TALER_CoinPublicInfo *coin,
   const struct TALER_CoinSpendSignatureP *coin_sig,
-  const struct TALER_DenominationBlindingKeyP *coin_blind,
+  const union TALER_DenominationBlindingKeyP *coin_blind,
   const struct TALER_BlindedCoinHash *h_blinded_ev,
   const struct TALER_Amount *amount);
 
@@ -3391,7 +3391,7 @@ struct TALER_EXCHANGEDB_Plugin
     const struct TALER_ReservePublicKeyP *reserve_pub,
     const struct TALER_CoinPublicInfo *coin,
     const struct TALER_CoinSpendSignatureP *coin_sig,
-    const struct TALER_DenominationBlindingKeyP *coin_blind,
+    const union TALER_DenominationBlindingKeyP *coin_blind,
     const struct TALER_Amount *amount,
     const struct TALER_BlindedCoinHash *h_blind_ev,
     struct GNUNET_TIME_Absolute timestamp);
@@ -3416,7 +3416,7 @@ struct TALER_EXCHANGEDB_Plugin
     void *cls,
     const struct TALER_CoinPublicInfo *coin,
     const struct TALER_CoinSpendSignatureP *coin_sig,
-    const struct TALER_DenominationBlindingKeyP *coin_blind,
+    const union TALER_DenominationBlindingKeyP *coin_blind,
     const struct TALER_Amount *amount,
     const struct TALER_BlindedCoinHash *h_blind_ev,
     struct GNUNET_TIME_Absolute timestamp);

src/include/taler_signatures.h

@@ -1506,7 +1506,7 @@ struct TALER_RecoupRequestPS
   /**
    * Blinding factor that was used to withdraw the coin.
    */
-  struct TALER_DenominationBlindingKeyP coin_blind;
+  union TALER_DenominationBlindingKeyP coin_blind;
 };
 
 

src/include/taler_testing_lib.h

@@ -2381,7 +2381,7 @@ TALER_TESTING_get_trait (const struct TALER_TESTING_Trait *traits,
   op (absolute_time, const struct GNUNET_TIME_Absolute)                \
   op (exchange_pub, const struct TALER_ExchangePublicKeyP)             \
   op (exchange_sig, const struct TALER_ExchangeSignatureP)             \
-  op (blinding_key, const struct TALER_DenominationBlindingKeyP)
+  op (blinding_key, const union TALER_DenominationBlindingKeyP)
 
 
 TALER_TESTING_SIMPLE_TRAITS (TALER_TESTING_MAKE_DECL_SIMPLE_TRAIT)

src/lib/exchange_api_link.c

@@ -129,7 +129,7 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
   sig->cipher = TALER_DENOMINATION_RSA;
   sig->details.rsa_signature
     = TALER_rsa_unblind (bsig.details.blinded_rsa_signature,
-                         &fc.blinding_key.bks,
+                         &fc.blinding_key.rsa_bks,
                          rpub.details.rsa_public_key);
   /* verify link_sig */
   {

src/testing/testing_api_cmd_recoup.c

@@ -283,7 +283,7 @@ recoup_run (void *cls,
   struct RecoupState *ps = cls;
   const struct TALER_TESTING_Command *coin_cmd;
   const struct TALER_CoinSpendPrivateKeyP *coin_priv;
-  const struct TALER_DenominationBlindingKeyP *blinding_key;
+  const union TALER_DenominationBlindingKeyP *blinding_key;
   const struct TALER_EXCHANGE_DenomPublicKey *denom_pub;
   const struct TALER_DenominationSignature *coin_sig;
   struct TALER_PlanchetSecretsP planchet;

src/testing/testing_api_cmd_refresh.c

@@ -73,7 +73,7 @@ struct TALER_TESTING_FreshCoinData
   /**
    * The blinding key (needed for recoup operations).
    */
-  struct TALER_DenominationBlindingKeyP blinding_key;
+  union TALER_DenominationBlindingKeyP blinding_key;
 
 };
 

src/util/crypto.c

@@ -197,7 +197,7 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
   GNUNET_assert (TALER_DENOMINATION_RSA == dk->cipher);
   if (GNUNET_YES !=
       TALER_rsa_blind (c_hash,
-                       &ps->blinding_key.bks,
+                       &ps->blinding_key.rsa_bks,
                        dk->details.rsa_public_key,
                        &pd->coin_ev,
                        &pd->coin_ev_size))
@@ -229,7 +229,7 @@ TALER_planchet_to_coin (
   sig.cipher = TALER_DENOMINATION_RSA;
   sig.details.rsa_signature
     = TALER_rsa_unblind (blind_sig->details.blinded_rsa_signature,
-                         &ps->blinding_key.bks,
+                         &ps->blinding_key.rsa_bks,
                          dk->details.rsa_public_key);
   if (GNUNET_OK !=
       TALER_denom_pub_verify (dk,

src/util/denom.c

@@ -110,17 +110,12 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
 
 
 enum GNUNET_GenericReturnValue
-TALER_denom_sig_unblind (struct TALER_DenominationSignature *denom_sig,
+TALER_denom_sig_unblind (
-                         const struct
+  struct TALER_DenominationSignature *denom_sig,
-                         TALER_BlindedDenominationSignature *bdenom_sig,
+  const struct TALER_BlindedDenominationSignature *bdenom_sig,
-                         const struct TALER_BlindingSecret *bks,
+  const union TALER_DenominationBlindingKeyP *bks,
   const struct TALER_DenominationPublicKey *denom_pub)
 {
-  if (bks->cipher != denom_pub->cipher)
-  {
-    GNUNET_break (0);
-    return GNUNET_SYSERR;
-  }
   if (bdenom_sig->cipher != denom_pub->cipher)
   {
     GNUNET_break (0);
@@ -135,7 +130,7 @@ TALER_denom_sig_unblind (struct TALER_DenominationSignature *denom_sig,
     denom_sig->details.rsa_signature
       = TALER_rsa_unblind (
           bdenom_sig->details.blinded_rsa_signature,
-          &bks->details.rsa_bks,
+          &bks->rsa_bks,
           denom_pub->details.rsa_public_key);
     if (NULL == denom_sig->details.rsa_signature)
     {
@@ -152,48 +147,12 @@ TALER_denom_sig_unblind (struct TALER_DenominationSignature *denom_sig,
 }
 
 
-enum GNUNET_GenericReturnValue
-TALER_blinding_secret_create (struct TALER_BlindingSecret *bs,
-                              enum TALER_DenominationCipher cipher,
-                              ...)
-{
-  memset (bs,
-          0,
-          sizeof (*bs));
-  switch (cipher)
-  {
-  case TALER_DENOMINATION_INVALID:
-    return GNUNET_OK;
-  case TALER_DENOMINATION_RSA:
-    bs->cipher = TALER_DENOMINATION_RSA;
-    GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
-                                &bs->details.rsa_bks,
-                                sizeof (bs->details.rsa_bks));
-    return GNUNET_OK;
-  // TODO: add case for Clause-Schnorr
-  default:
-    GNUNET_break (0);
-  }
-  return GNUNET_SYSERR;
-}
-
-
 void
-TALER_blinding_secret_free (struct TALER_BlindingSecret *bs)
+TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs)
 {
-  switch (bs->cipher)
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
-  {
+                              bs,
-  case TALER_DENOMINATION_INVALID:
-    return;
-  case TALER_DENOMINATION_RSA:
-    memset (bs,
-            0,
                               sizeof (*bs));
-    return;
-  // TODO: add case for Clause-Schnorr
-  default:
-    GNUNET_break (0);
-  }
 }
 
 

src/util/test_helper_rsa.c

@@ -288,7 +288,7 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
         if (GNUNET_OK !=
             TALER_denom_sig_unblind (&rs,
                                      &ds,
-                                     &ps.blinding_key.bks,
+                                     &ps.blinding_key,
                                      &keys[i].denom_pub))
         {
           GNUNET_break (0);