fixed nonce check, renamed WithdrawNonce

src/exchange/taler-exchange-httpd_csr.c

@@ -37,13 +37,13 @@ TEH_handler_csr (struct TEH_RequestContext *rc,
                  const json_t *root,
                  const char *const args[])
 {
-  struct TALER_WithdrawNonce nonce;
+  struct TALER_CsNonce nonce;
   struct TALER_DenominationHash denom_pub_hash;
   struct TALER_DenominationCsPublicR r_pub;
   struct GNUNET_JSON_Specification spec[] = {
     GNUNET_JSON_spec_fixed ("nonce",
                             &nonce,
-                            sizeof (struct TALER_WithdrawNonce)),
+                            sizeof (struct TALER_CsNonce)),
     GNUNET_JSON_spec_fixed ("denom_pub_hash",
                             &denom_pub_hash,
                             sizeof (struct TALER_DenominationHash)),

src/exchange/taler-exchange-httpd_keys.c

@@ -2460,7 +2460,7 @@ TEH_keys_denomination_sign (const struct TALER_DenominationHash *h_denom_pub,
 enum TALER_ErrorCode
 TEH_keys_denomination_cs_r_pub (const struct
                                 TALER_DenominationHash *h_denom_pub,
-                                const struct TALER_WithdrawNonce *nonce,
+                                const struct TALER_CsNonce *nonce,
                                 struct TALER_DenominationCsPublicR *r_pub)
 {
   struct TEH_KeyStateHandle *ksh;

src/exchange/taler-exchange-httpd_keys.h

@@ -232,7 +232,7 @@ TEH_keys_denomination_sign (const struct TALER_DenominationHash *h_denom_pub,
 enum TALER_ErrorCode
 TEH_keys_denomination_cs_r_pub (const struct
                                 TALER_DenominationHash *h_denom_pub,
-                                const struct TALER_WithdrawNonce *nonce,
+                                const struct TALER_CsNonce *nonce,
                                 struct TALER_DenominationCsPublicR *r_pub);
 
 

src/include/taler_crypto_lib.h

@@ -798,7 +798,7 @@ struct TALER_BlindedRsaPlanchet
 /**
  * Withdraw nonce for CS denominations
  */
-struct TALER_WithdrawNonce
+struct TALER_CsNonce
 {
   /**
    * 32 bit nonce to include in withdrawals
@@ -821,7 +821,7 @@ struct TALER_BlindedCsPlanchet
   /**
    * Public Nonce
    */
-  struct TALER_WithdrawNonce nonce;
+  struct TALER_CsNonce nonce;
 };
 
 /**
@@ -988,7 +988,7 @@ void
 TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
 
 /**
- * @brief Method to generate withdraw nonce
+ * @brief Method to derive withdraw nonce
  *
  * @param coin_priv private key of the coin
  * @param nonce withdraw nonce included in the request to generate R_0 and R_1
@@ -996,9 +996,17 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
 void
 TALER_cs_withdraw_nonce_derive (const struct
                                 TALER_CoinSpendPrivateKeyP *coin_priv,
-                                struct TALER_WithdrawNonce *nonce);
+                                struct TALER_CsNonce *nonce);
 
 
+/**
+ * @brief Method to generate a random withdraw nonce used in refresh protocol
+ *
+ * @param nonce withdraw nonce included in the request to generate R_0 and R_1
+ */
+void
+TALER_cs_withdraw_nonce_generate (struct TALER_CsNonce *nonce);
+
 /**
  * Initialize denomination public-private key pair.
  *
@@ -1047,7 +1055,7 @@ TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig);
  */
 
 enum GNUNET_GenericReturnValue
-TALER_denom_cs_derive_r_public (const struct TALER_WithdrawNonce *nonce,
+TALER_denom_cs_derive_r_public (const struct TALER_CsNonce *nonce,
                                 const struct
                                 TALER_DenominationPrivateKey *denom_priv,
                                 struct TALER_DenominationCsPublicR *r_pub);
@@ -1082,7 +1090,6 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk,
  * @param[out] denom_sig where to write the signature
  * @param denom_priv private key to use for signing
  * @param blinded_planchet the planchet already blinded
- * @param ... If CS signature, a TALER_WithdrawNonce is needed
  * @return #GNUNET_OK on success
  */
 enum GNUNET_GenericReturnValue
@@ -1892,7 +1899,7 @@ TALER_CRYPTO_helper_cs_revoke (
 struct TALER_DenominationCsPublicR
 TALER_CRYPTO_helper_cs_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh,
                                  const struct TALER_CsPubHashP *h_cs,
-                                 const struct TALER_WithdrawNonce *nonce,
+                                 const struct TALER_CsNonce *nonce,
                                  enum TALER_ErrorCode *ec);
 
 

src/include/taler_exchange_service.h

@@ -1107,7 +1107,7 @@ typedef void
 struct TALER_EXCHANGE_CsRHandle *
 TALER_EXCHANGE_csr (struct TALER_EXCHANGE_Handle *exchange,
                     const struct TALER_EXCHANGE_DenomPublicKey *pk,
-                    const struct TALER_WithdrawNonce *nonce,
+                    const struct TALER_CsNonce *nonce,
                     TALER_EXCHANGE_CsRCallback res_cb,
                     void *res_cb_cls);
 

src/lib/exchange_api_csr.c

@@ -205,7 +205,7 @@ handle_csr_finished (void *cls,
 struct TALER_EXCHANGE_CsRHandle *
 TALER_EXCHANGE_csr (struct TALER_EXCHANGE_Handle *exchange,
                     const struct TALER_EXCHANGE_DenomPublicKey *pk,
-                    const struct TALER_WithdrawNonce *nonce,
+                    const struct TALER_CsNonce *nonce,
                     TALER_EXCHANGE_CsRCallback res_cb,
                     void *res_cb_cls)
 {
@@ -229,7 +229,7 @@ TALER_EXCHANGE_csr (struct TALER_EXCHANGE_Handle *exchange,
     csr_obj = GNUNET_JSON_PACK (GNUNET_JSON_pack_data_varsize ("nonce",
                                                                nonce,
                                                                sizeof(struct
-                                                                      TALER_WithdrawNonce)),
+                                                                      TALER_CsNonce)),
                                 GNUNET_JSON_pack_data_varsize ("denom_pub_hash",
                                                                &pk->h_key,
                                                                sizeof(struct

src/lib/exchange_api_withdraw.c

@@ -283,9 +283,17 @@ TALER_EXCHANGE_withdraw (
                                         wh);
     break;
   case TALER_DENOMINATION_CS:
-    TALER_cs_withdraw_nonce_derive (&ps->coin_priv,
+    wh->pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
-                                    &wh->pd.blinded_planchet.details.
+
-                                    cs_blinded_planchet.nonce);
+    /**
+     * This part is a bit hacky..
+     * due to the reason that Withdraw tests use the same private key coin to sign,
+     * the same Withdraw nonce will be derived.
+     * In a normal withdrawal TALER_cs_withdraw_nonce_derive is used.
+     * As a hacky solution, we generate the nonce here randomly.
+     */
+    TALER_cs_withdraw_nonce_generate (&wh->pd.blinded_planchet.details.
+                                      cs_blinded_planchet.nonce);
     wh->csrh = TALER_EXCHANGE_csr (exchange,
                                    pk,
                                    &wh->pd.blinded_planchet.details.

src/util/crypto.c

@@ -191,7 +191,7 @@ cs_blinding_seed_derive (const struct
 void
 TALER_cs_withdraw_nonce_derive (const struct
                                 TALER_CoinSpendPrivateKeyP *coin_priv,
-                                struct TALER_WithdrawNonce *nonce)
+                                struct TALER_CsNonce *nonce)
 {
   GNUNET_assert (GNUNET_YES ==
                  GNUNET_CRYPTO_hkdf (nonce,
@@ -207,6 +207,15 @@ TALER_cs_withdraw_nonce_derive (const struct
 }
 
 
+void
+TALER_cs_withdraw_nonce_generate (struct TALER_CsNonce *nonce)
+{
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+                              nonce,
+                              sizeof (*nonce));
+}
+
+
 void
 TALER_planchet_blinding_secret_create (struct TALER_PlanchetSecretsP *ps,
                                        const struct

src/util/crypto_helper_cs.c

@@ -610,7 +610,7 @@ TALER_CRYPTO_helper_cs_revoke (
 struct TALER_DenominationCsPublicR
 TALER_CRYPTO_helper_cs_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh,
                                  const struct TALER_CsPubHashP *h_cs,
-                                 const struct TALER_WithdrawNonce *nonce,
+                                 const struct TALER_CsNonce *nonce,
                                  enum TALER_ErrorCode *ec)
 {
   struct TALER_DenominationCsPublicR r_pub;

src/util/denom.c

@@ -83,7 +83,7 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv,
 
 
 enum GNUNET_GenericReturnValue
-TALER_denom_cs_derive_r_public (const struct TALER_WithdrawNonce *nonce,
+TALER_denom_cs_derive_r_public (const struct TALER_CsNonce *nonce,
                                 const struct
                                 TALER_DenominationPrivateKey *denom_priv,
                                 struct TALER_DenominationCsPublicR *r_pub)

src/util/taler-exchange-secmod-cs.h

@@ -162,7 +162,7 @@ struct TALER_CRYPTO_CsRDeriveRequest
   /**
    * Withdraw nonce to derive R from
    */
-  struct TALER_WithdrawNonce nonce;
+  struct TALER_CsNonce nonce;
 };
 
 /**

src/util/test_helper_cs.c

@@ -371,7 +371,7 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh)
   /* check R derivation does not work if the key is unknown */
   {
     struct TALER_CsPubHashP rnd;
-    struct TALER_WithdrawNonce nonce;
+    struct TALER_CsNonce nonce;
 
     GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
                                 &rnd,