-first steps towards testing age-withdraw

debian/libtalerexchange-dev.install

@@ -1,18 +1,22 @@
 # Benchmarks, only install them for the dev package.
 usr/bin/taler-aggregator-benchmark
-usr/bin/taler-exchange-benchmark
-usr/bin/taler-fakebank-run
 usr/bin/taler-bank-benchmark
+usr/bin/taler-exchange-benchmark
 usr/bin/taler-exchange-kyc-tester
+usr/bin/taler-fakebank-run
 usr/bin/taler-unified-setup.sh
 
 # Only used in test cases.  Maybe these
 # shouldn't even be installed?
-usr/bin/taler-nexus-prepare
 usr/bin/taler-bank-manage-testing
+usr/bin/taler-nexus-prepare
 
 # Man pages
 usr/share/man/man1/taler-exchange-kyc-tester*
+usr/share/man/man1/taler-aggregator-benchmark*
+usr/share/man/man1/taler-bank-benchmark*
+usr/share/man/man1/taler-exchange-benchmark*
+usr/share/man/man1/taler-unified-setup*
 
 
 # Headers
@@ -28,6 +32,4 @@ usr/lib/*/libtalertesting.so
 usr/lib/*/libtalerfakebank.so
 
 # Documentation
-usr/share/man/man1/taler-exchange-benchmark*
-usr/share/man/man1/taler-unified-setup
 usr/share/info/taler-developer-manual*

doc/Makefile.am

@@ -9,6 +9,7 @@ infoimagedir = $(infodir)/images
 man_MANS = \
   prebuilt/man/taler.conf.5            \
   prebuilt/man/taler-config.1            \
+  prebuilt/man/taler-aggregator-benchmark.1   \
   prebuilt/man/taler-auditor.1             \
   prebuilt/man/taler-auditor-dbinit.1      \
   prebuilt/man/taler-auditor-exchange.1     \
@@ -16,6 +17,7 @@ man_MANS = \
   prebuilt/man/taler-auditor-offline.1    \
   prebuilt/man/taler-auditor-sign.1       \
   prebuilt/man/taler-auditor-sync.1       \
+  prebuilt/man/taler-bank-benchmark.1   \
   prebuilt/man/taler-bank-transfer.1   \
   prebuilt/man/taler-exchange-aggregator.1 \
   prebuilt/man/taler-exchange-benchmark.1  \

doc/prebuilt

@@ -1 +1 @@
-Subproject commit 02380e2e7318c7fd75fcfe7b03d1596b56c8d505
+Subproject commit 6026efb59ef8c41e5b86e68332780d387fdaab0a

src/benchmark/benchmark-common.conf

@@ -13,7 +13,9 @@ PORT=8081
 MASTER_PUBLIC_KEY=98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG
 DB=postgres
 BASE_URL="http://localhost:8081/"
-AGGREGATOR_SHARD_SIZE=67108864
+# Only set this option if you are actually running
+# multiple aggregators!
+# AGGREGATOR_SHARD_SIZE=67108864
 WIREWATCH_IDLE_SLEEP_INTERVAL=5 ms
 
 [exchangedb-postgres]

src/benchmark/taler-exchange-benchmark.c

@@ -124,11 +124,6 @@ static unsigned int label_len;
  */
 static unsigned int label_off;
 
-/**
- * Linger around until stop is requested by the user explicitly by key stroke.
- */
-static int linger;
-
 /**
  * Performance counters.
  */
@@ -465,11 +460,6 @@ parallel_benchmark (TALER_TESTING_Main main_cb,
       }
     }
   }
-  if (GNUNET_YES == linger)
-  {
-    printf ("press ENTER to stop\n");
-    (void) getchar ();
-  }
   return result;
 }
 
@@ -491,8 +481,24 @@ main (int argc,
         &cfg_filename)),
     GNUNET_GETOPT_option_version (
       PACKAGE_VERSION " " VCS_VERSION),
+    GNUNET_GETOPT_option_flag (
+      'f',
+      "fakebank",
+      "use fakebank for the banking system",
+      &use_fakebank),
+    GNUNET_GETOPT_option_flag (
+      'F',
+      "reserves-first",
+      "should all reserves be created first, before starting normal operations",
+      &reserves_first),
     GNUNET_GETOPT_option_help (
       "Exchange benchmark"),
+    GNUNET_GETOPT_option_string (
+      'l',
+      "logfile",
+      "LF",
+      "will log to file LF",
+      &logfile),
     GNUNET_GETOPT_option_loglevel (
       &loglev),
     GNUNET_GETOPT_option_uint (
@@ -519,33 +525,12 @@ main (int argc,
       "RATE",
       "Probability of refresh per coin (0-100)",
       &refresh_rate),
-    GNUNET_GETOPT_option_string (
-      'l',
-      "logfile",
-      "LF",
-      "will log to file LF",
-      &logfile),
     GNUNET_GETOPT_option_string (
       'u',
       "exchange-account-section",
       "SECTION",
       "use exchange bank account configuration from the given SECTION",
       &exchange_bank_section),
-    GNUNET_GETOPT_option_flag (
-      'f',
-      "fakebank",
-      "use fakebank for the banking system",
-      &use_fakebank),
-    GNUNET_GETOPT_option_flag (
-      'F',
-      "reserves-first",
-      "should all reserves be created first, before starting normal operations",
-      &reserves_first),
-    GNUNET_GETOPT_option_flag (
-      'K',
-      "linger",
-      "linger around until key press",
-      &linger),
     GNUNET_GETOPT_OPTION_END
   };
   enum GNUNET_GenericReturnValue result;

src/include/taler_exchange_service.h

@@ -2670,7 +2670,7 @@ struct TALER_EXCHANGE_AgeWithdrawCoinInput
    * The master secret from which we derive all other relevant values for
    * the coin: private key, nonces (if applicable) and age restriction
    */
-  const struct TALER_PlanchetMasterSecretP secrets[TALER_CNC_KAPPA];
+  struct TALER_PlanchetMasterSecretP secrets[TALER_CNC_KAPPA];
 
   /**
    * The denomination of the coin.  Must support age restriction, i.e
@@ -2679,6 +2679,42 @@ struct TALER_EXCHANGE_AgeWithdrawCoinInput
   const struct TALER_EXCHANGE_DenomPublicKey *denom_pub;
 };
 
+
+/**
+ * All the details about a coin that are generated during age-withdrawal and
+ * that may be needed for future operations on the coin.
+ */
+struct TALER_EXCHANGE_AgeWithdrawCoinPrivateDetails
+{
+  /**
+   * Private key of the coin.
+   */
+  struct TALER_CoinSpendPrivateKeyP coin_priv;
+
+  /**
+   * Value used to blind the key for the signature.
+   * Needed for recoup operations.
+   */
+  union TALER_DenominationBlindingKeyP blinding_key;
+
+  /**
+   * The age commitment, proof for the coin, derived from the
+   * Master secret and maximum age in the originating request
+   */
+  struct TALER_AgeCommitmentProof age_commitment_proof;
+
+  /**
+   * The hash of the age commitment
+   */
+  struct TALER_AgeCommitmentHash h_age_commitment;
+
+  /**
+   * Values contributed from the exchange during the
+   * withdraw protocol.
+   */
+  struct TALER_ExchangeWithdrawValues alg_values;
+};
+
 /**
  * @brief A handle to a /reserves/$RESERVE_PUB/age-withdraw request
  */
@@ -2705,39 +2741,38 @@ struct TALER_EXCHANGE_AgeWithdrawResponse
     struct
     {
       /**
-       * Index that should not be revealed during the age-withdraw reveal phase.
+       * Index that should not be revealed during the age-withdraw reveal
-       * The struct TALER_PlanchetMasterSecretP * from the request
+       * phase.
-       * with this index are the ones to keep.
        */
       uint8_t noreveal_index;
 
       /**
-       * The commitment of the call to /age-withdraw
+       * The commitment of the age-withdraw request, needed for the
+       * subsequent call to /age-withdraw/$ACH/reveal
        */
       struct TALER_AgeWithdrawCommitmentHashP h_commitment;
 
       /**
-       * The algorithm specific values (for CS) need for the coins that were
+       * The number of elements in @e coins, each referring to
-       * retrieved from /csr-withdraw.
+       * TALER_CNC_KAPPA elements
        */
-      struct TALER_ExchangeWithdrawValues *alg_values;
+      size_t num_coins;
 
       /**
-       * Number of elements in @e alg_values, same as number coin candidates.from
+       * The computed details of the non-revealed @e num_coins coins to keep.
-       * the request.
        */
-      size_t num_alg_values;
+      const struct TALER_EXCHANGE_AgeWithdrawCoinPrivateDetails *coins;
 
       /**
-       * Signature of the exchange over the origina TALER_AgeWithdrawRequestPS
+       * The array of blinded hashes of the non-revealed
+       * (kappa - 1)*@e num_coins coins, needed for the reveal step;
        */
-      struct TALER_ExchangeSignatureP exchange_sig;
+      const struct TALER_BlindedCoinHashP *blinded_coin_hs;
 
       /**
-       * Key used by the exchange for @e exchange_sig
+       * Key used by the exchange to sign the response.
        */
       struct TALER_ExchangePublicKeyP exchange_pub;
-
     } ok;
   } details;
 };
@@ -2809,7 +2844,6 @@ struct TALER_EXCHANGE_AgeWithdrawBlindedInput
    * Blinded Planchets
    */
   struct TALER_PlanchetDetail planchet_details[TALER_CNC_KAPPA];
-
 };
 
 /**
@@ -2840,19 +2874,16 @@ struct TALER_EXCHANGE_AgeWithdrawBlindedResponse
       uint8_t noreveal_index;
 
       /**
-       * The commitment of the call to /age-withdraw
+       * The commitment of the call to age-withdraw, needed for the subsequent
+       * call to /age-withdraw/$ACH/reveal.
        */
       struct TALER_AgeWithdrawCommitmentHashP h_commitment;
 
       /**
-       * Signature of the exchange over the origina TALER_AgeWithdrawRequestPS
+       * Key used by the exchange to sign the response.
-       */
-      struct TALER_ExchangeSignatureP exchange_sig;
-
-      /**
-       * Key used by the exchange for @e exchange_sig
        */
       struct TALER_ExchangePublicKeyP exchange_pub;
+
     } ok;
   } details;
 
@@ -2964,12 +2995,12 @@ struct TALER_EXCHANGE_AgeWithdrawRevealResponse
       unsigned int num_coins;
 
       /**
-       * Array of @e num_coins values about the coins obtained via the reveal
+       * Array of @e num_coins blinded denomination signatures, giving each
-       * operation.  The array give these coins in the same order (and should
+       * coin its value and validity. The array give these coins in the same
-       * have the same length) in which the original age-withdraw request
+       * order (and should have the same length) in which the original
-       * specified the respective denomination keys.
+       * age-withdraw request specified the respective denomination keys.
        */
-      const struct TALER_EXCHANGE_RevealedCoinInfo *revealed_coins;
+      const struct TALER_BlindedDenominationSignature *denom_sigs;
 
     } ok;
   } details;
@@ -2994,10 +3025,8 @@ typedef void
  * @param exchange_url The base url of the exchange
  * @param num_coins The number of elements in @e coin_inputs and @e alg_values
  * @param coin_inputs The input for the coins to withdraw, same as in the previous call to /age-withdraw
- * @param alg_values The algorithm specific parameters per coin, from the result to the previous call to /age-withdraw
  * @param noreveal_index The index into each of the kappa coin candidates, that should not be revealed to the exchange
  * @param h_commitment The commmitment from the previous call to /age-withdraw
- * @param max_age maximum age, as used in the to /age-withdraw
  * @param res_cb A callback for the result, maybe NULL
  * @param res_cb_cls A closure for @e res_cb, maybe NULL
  * @return a handle for this request; NULL if the argument was invalid.
@@ -3010,10 +3039,8 @@ TALER_EXCHANGE_age_withdraw_reveal (
   size_t num_coins,
   const struct TALER_EXCHANGE_AgeWithdrawCoinInput coin_inputs[static
                                                                num_coins],
-  const struct TALER_ExchangeWithdrawValues alg_values[static num_coins],
   uint8_t noreveal_index,
   const struct TALER_AgeWithdrawCommitmentHashP *h_commitment,
-  uint8_t max_age,
   TALER_EXCHANGE_AgeWithdrawRevealCallback res_cb,
   void *res_cb_cls);
 
@@ -3034,7 +3061,8 @@ TALER_EXCHANGE_age_withdraw_reveal_cancel (
 /**
  * Information needed to melt (partially spent) coins to obtain fresh coins
  * that are unlinkable to the original coin(s).  Note that melting more than
- * one coin in a single request will make those coins linkable, so we only melt one coin at a time.
+ * one coin in a single request will make those coins linkable, so we only melt
+ * one coin at a time.
  */
 struct TALER_EXCHANGE_RefreshData
 {

src/include/taler_testing_lib.h

@@ -943,6 +943,20 @@ TALER_TESTING_cmd_exec_wirewatch (const char *label,
                                   const char *config_filename);
 
 
+/**
+ * Make a "wirewatch" CMD.
+ *
+ * @param label command label.
+ * @param config_filename configuration filename.
+ * @param account section to run wirewatch against
+ * @return the command.
+ */
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_exec_wirewatch2 (const char *label,
+                                   const char *config_filename,
+                                   const char *account_section);
+
+
 /**
  * Request URL via "wget".
  *

src/lib/exchange_api_age_withdraw.c

@@ -47,30 +47,9 @@ struct CoinCandidate
   struct TALER_PlanchetMasterSecretP secret;
 
   /**
-   * Age commitment for the coin candidates, calculated from the @e ps and a
+   * The details derived form the master secrets
-   * given maximum age
    */
-  struct TALER_AgeCommitmentProof age_commitment_proof;
+  struct TALER_EXCHANGE_AgeWithdrawCoinPrivateDetails details;
-
-  /**
-   * Age commitment for the coin.
-   */
-  struct TALER_AgeCommitmentHash h_age_commitment;
-
-  /**
-   *  blinding secret
-   */
-  union TALER_DenominationBlindingKeyP blinding_key;
-
-  /**
-   * Private key of the coin we are withdrawing.
-   */
-  struct TALER_CoinSpendPrivateKeyP coin_priv;
-
-  /**
-   * Values of the @cipher selected
-   */
-  struct TALER_ExchangeWithdrawValues alg_values;
 
   /**
    * Hash of the public key of the coin we are signing.
@@ -340,11 +319,12 @@ reserve_age_withdraw_ok (
     .hr.http_status = MHD_HTTP_OK,
     .details.ok.h_commitment = awbh->h_commitment
   };
+  struct TALER_ExchangeSignatureP exchange_sig;
   struct GNUNET_JSON_Specification spec[] = {
     GNUNET_JSON_spec_uint8 ("noreaveal_index",
                             &response.details.ok.noreveal_index),
     GNUNET_JSON_spec_fixed_auto ("exchange_sig",
-                                 &response.details.ok.exchange_sig),
+                                 &exchange_sig),
     GNUNET_JSON_spec_fixed_auto ("exchange_pub",
                                  &response.details.ok.exchange_pub)
   };
@@ -363,7 +343,7 @@ reserve_age_withdraw_ok (
         &awbh->h_commitment,
         response.details.ok.noreveal_index,
         &response.details.ok.exchange_pub,
-        &response.details.ok.exchange_sig))
+        &exchange_sig))
   {
     GNUNET_break_op (0);
     return GNUNET_SYSERR;
@@ -785,21 +765,25 @@ copy_results (
 {
   struct TALER_EXCHANGE_AgeWithdrawHandle *awh = cls;
   uint8_t idx =  awbr->details.ok.noreveal_index;
-  struct TALER_ExchangeWithdrawValues alg_values[awh->num_coins];
+  struct TALER_EXCHANGE_AgeWithdrawCoinPrivateDetails coins[awh->num_coins];
+  struct TALER_BlindedCoinHashP blinded_coin_hs[awh->num_coins];
   struct TALER_EXCHANGE_AgeWithdrawResponse resp = {
     .hr = awbr->hr,
     .details = {
       .ok = { .noreveal_index = awbr->details.ok.noreveal_index,
               .h_commitment = awbr->details.ok.h_commitment,
               .exchange_pub = awbr->details.ok.exchange_pub,
-              .exchange_sig = awbr->details.ok.exchange_sig,
+              .num_coins = awh->num_coins,
-              .num_alg_values = awh->num_coins,
+              .coins = coins,
-              .alg_values = alg_values},
+              .blinded_coin_hs = blinded_coin_hs},
     },
   };
 
   for (size_t n = 0; n< awh->num_coins; n++)
-    alg_values[n] = awh->coin_data[n].coin_candidates[idx].alg_values;
+  {
+    coins[n] = awh->coin_data[n].coin_candidates[idx].details;
+    blinded_coin_hs[n] = awh->coin_data[n].coin_candidates[idx].blinded_coin_h;
+  }
 
   awh->callback (awh->callback_cls,
                  &resp);
@@ -915,22 +899,22 @@ csr_withdraw_done (
     {
       bool success = false;
       /* Complete the initialization of the coin with CS denomination */
-      can->alg_values = csrr->details.ok.alg_values;
+      can->details.alg_values = csrr->details.ok.alg_values;
       TALER_planchet_setup_coin_priv (&can->secret,
-                                      &can->alg_values,
+                                      &can->details.alg_values,
-                                      &can->coin_priv);
+                                      &can->details.coin_priv);
       TALER_planchet_blinding_secret_create (&can->secret,
-                                             &can->alg_values,
+                                             &can->details.alg_values,
-                                             &can->blinding_key);
+                                             &can->details.blinding_key);
       /* This initializes the 2nd half of the
          can->planchet_detail.blinded_planchet! */
       do {
         if (GNUNET_OK !=
             TALER_planchet_prepare (&csr->denom_pub->key,
-                                    &can->alg_values,
+                                    &can->details.alg_values,
-                                    &can->blinding_key,
+                                    &can->details.blinding_key,
-                                    &can->coin_priv,
+                                    &can->details.coin_priv,
-                                    &can->h_age_commitment,
+                                    &can->details.h_age_commitment,
                                     &can->h_coin_pub,
                                     planchet))
         {
@@ -1029,28 +1013,28 @@ prepare_coins (
                  &can->secret,
                  &input->denom_pub->key.age_mask,
                  awh->max_age,
-                 &can->age_commitment_proof));
+                 &can->details.age_commitment_proof));
 
-      TALER_age_commitment_hash (&can->age_commitment_proof.commitment,
+      TALER_age_commitment_hash (&can->details.age_commitment_proof.commitment,
-                                 &can->h_age_commitment);
+                                 &can->details.h_age_commitment);
 
       switch (input->denom_pub->key.cipher)
       {
       case TALER_DENOMINATION_RSA:
         {
-          can->alg_values.cipher = TALER_DENOMINATION_RSA;
+          can->details.alg_values.cipher = TALER_DENOMINATION_RSA;
           TALER_planchet_setup_coin_priv (&can->secret,
-                                          &can->alg_values,
+                                          &can->details.alg_values,
-                                          &can->coin_priv);
+                                          &can->details.coin_priv);
           TALER_planchet_blinding_secret_create (&can->secret,
-                                                 &can->alg_values,
+                                                 &can->details.alg_values,
-                                                 &can->blinding_key);
+                                                 &can->details.blinding_key);
           FAIL_IF (GNUNET_OK !=
                    TALER_planchet_prepare (&cd->denom_pub.key,
-                                           &can->alg_values,
+                                           &can->details.alg_values,
-                                           &can->blinding_key,
+                                           &can->details.blinding_key,
-                                           &can->coin_priv,
+                                           &can->details.coin_priv,
-                                           &can->h_age_commitment,
+                                           &can->details.h_age_commitment,
                                            &can->h_coin_pub,
                                            planchet));
           FAIL_IF (GNUNET_OK !=

src/lib/exchange_api_age_withdraw_reveal.c

@@ -47,19 +47,12 @@ struct TALER_EXCHANGE_AgeWithdrawRevealHandle
   /* The age-withdraw commitment */
   struct TALER_AgeWithdrawCommitmentHashP h_commitment;
 
-  /* The maximum age */
-  uint8_t max_age;
-
   /* Number of coins */
   size_t num_coins;
 
   /* The @e num_coins * kappa coin secrets from the age-withdraw commitment */
   const struct TALER_EXCHANGE_AgeWithdrawCoinInput *coins_input;
 
-  /* The @e num_coins algorithm- and coin-specific parameters from the
-   * previous call to /age-withdraw. */
-  const struct TALER_ExchangeWithdrawValues *alg_values;
-
   /* The url for the reveal request */
   const char *request_url;
 
@@ -81,82 +74,6 @@ struct TALER_EXCHANGE_AgeWithdrawRevealHandle
 };
 
 
-static enum GNUNET_GenericReturnValue
-reveal_coin (
-  const struct TALER_PlanchetMasterSecretP *secret,
-  const struct TALER_DenominationPublicKey *denom_pub,
-  const struct TALER_ExchangeWithdrawValues *alg_values,
-  const struct TALER_BlindedDenominationSignature *blind_sig,
-  uint8_t max_age,
-  struct TALER_EXCHANGE_RevealedCoinInfo *revealed_coin)
-{
-  enum GNUNET_GenericReturnValue ret = GNUNET_SYSERR;
-
-#define BREAK_ON_FAILURE(call) \
-  do { \
-    if (GNUNET_OK != (call)) { GNUNET_break (0); break; } \
-  } while(0)
-
-  do {
-    struct TALER_CoinPubHashP h_coin_pub;
-    struct TALER_PlanchetDetail planchet_detail;
-    const struct TALER_AgeCommitmentHash *hac = NULL;
-    struct TALER_FreshCoin fresh_coin;
-
-    TALER_planchet_setup_coin_priv (secret,
-                                    alg_values,
-                                    &revealed_coin->coin_priv);
-
-    TALER_planchet_blinding_secret_create (secret,
-                                           alg_values,
-                                           &revealed_coin->bks);
-
-    revealed_coin->age_commitment_proof = NULL;
-    if (0 < max_age)
-    {
-      BREAK_ON_FAILURE (
-        TALER_age_restriction_from_secret (
-          secret,
-          &denom_pub->age_mask,
-          max_age,
-          revealed_coin->age_commitment_proof));
-
-      TALER_age_commitment_hash (
-        &revealed_coin->age_commitment_proof->commitment,
-        &revealed_coin->h_age_commitment);
-
-      hac = &revealed_coin->h_age_commitment;
-    }
-
-    BREAK_ON_FAILURE (
-      TALER_planchet_prepare (denom_pub,
-                              alg_values,
-                              &revealed_coin->bks,
-                              &revealed_coin->coin_priv,
-                              hac,
-                              &h_coin_pub,
-                              &planchet_detail));
-
-    BREAK_ON_FAILURE (
-      TALER_planchet_to_coin (denom_pub,
-                              blind_sig,
-                              &revealed_coin->bks,
-                              &revealed_coin->coin_priv,
-                              &revealed_coin->h_age_commitment,
-                              &h_coin_pub,
-                              alg_values,
-                              &fresh_coin));
-
-    /* success */
-    revealed_coin->sig = fresh_coin.sig;
-    ret = GNUNET_OK;
-  } while(0);
-
-  return ret;
-#undef BREAK_ON_FAILURE
-}
-
-
 /**
  * We got a 200 OK response for the /age-withdraw/$ACH/reveal operation.
  * Extract the signed blindedcoins and return it to the caller.
@@ -197,16 +114,14 @@ age_withdraw_reveal_ok (
   }
 
   {
-    struct TALER_EXCHANGE_RevealedCoinInfo revealed_coins[awrh->num_coins];
+    struct TALER_BlindedDenominationSignature denom_sigs[awrh->num_coins];
 
     /* Reconstruct the coins and unblind the signatures */
     for (size_t n = 0; n < awrh->num_coins; n++)
     {
-      enum GNUNET_GenericReturnValue ret;
-      struct TALER_BlindedDenominationSignature blinded_sig;
       json_t *j_sig = json_array_get (j_sigs, n);
       struct GNUNET_JSON_Specification spec[] = {
-        GNUNET_JSON_spec_fixed_auto ("", &blinded_sig),
+        GNUNET_JSON_spec_fixed_auto ("", &denom_sigs[n]),
         GNUNET_JSON_spec_end ()
       };
 
@@ -218,19 +133,10 @@ age_withdraw_reveal_ok (
         GNUNET_break_op (0);
         return GNUNET_SYSERR;
       }
-      ret = reveal_coin (&awrh->coins_input[n].secrets[awrh->noreveal_index],
-                         &awrh->coins_input[n].denom_pub->key,
-                         &awrh->alg_values[n],
-                         &blinded_sig,
-                         awrh->max_age,
-                         &revealed_coins[n]);
-
-      if (GNUNET_OK != ret)
-        return ret;
     }
 
     response.details.ok.num_coins = awrh->num_coins;
-    response.details.ok.revealed_coins = revealed_coins;
+    response.details.ok.denom_sigs = denom_sigs;
     awrh->callback (awrh->callback_cls,
                     &response);
     /* Make sure the callback isn't called again */
@@ -510,24 +416,19 @@ TALER_EXCHANGE_age_withdraw_reveal (
   size_t num_coins,
   const struct TALER_EXCHANGE_AgeWithdrawCoinInput coins_input[static
                                                                num_coins],
-  const struct TALER_ExchangeWithdrawValues alg_values[static num_coins],
   uint8_t noreveal_index,
   const struct TALER_AgeWithdrawCommitmentHashP *h_commitment,
-  uint8_t max_age,
   TALER_EXCHANGE_AgeWithdrawRevealCallback reveal_cb,
   void *reveal_cb_cls)
 {
   struct TALER_EXCHANGE_AgeWithdrawRevealHandle *awrh =
     GNUNET_new (struct TALER_EXCHANGE_AgeWithdrawRevealHandle);
   awrh->noreveal_index = noreveal_index;
-  awrh->callback = reveal_cb;
-  awrh->callback_cls = reveal_cb_cls;
   awrh->h_commitment = *h_commitment;
   awrh->num_coins = num_coins;
   awrh->coins_input = coins_input;
-  awrh->alg_values = alg_values;
+  awrh->callback = reveal_cb;
-  awrh->max_age = max_age;
+  awrh->callback_cls = reveal_cb_cls;
-
 
   if (GNUNET_OK !=
       prepare_url (exchange_url,

src/lib/notizen.md

@@ -0,0 +1,236 @@
+# Notes re: planchets and blinding
+
+## `TALER_denom_blind()`
+
+```
+Blind coin for blind signing with @a dk using blinding secret @a coin_bks.
+```
+
+- `@param[out] c_hash resulting hashed coin`
+- `@param[out] blinded_planchet planchet data to initialize`
+
+## `TALER_planchet_prepare()`
+
+Prepare a planchet for withdrawal.  Creates and blinds a coin.
+
+- calls `TALER_denom_blind()!`
+- `@param[out] c_hash set to the hash of the public key of the coin (needed later)`
+- `@param[out] pd set to the planchet detail for TALER_MERCHANT_tip_pickup() and other withdraw operations, pd->blinded_planchet.cipher will be set to cipher from @a dk`
+
+
+## `TALER_coin_ev_hash`
+
+Compute the hash of a blinded coin.
+
+- `@param blinded_planchet blinded planchet`
+- `@param denom_hash hash of the denomination publick key`
+- `@param[out] bch where to write the hash, type struct TALER_BlindedCoinHashP`
+
+**Where is this called!?**
+
+```
+taler-exchange-httpd_refreshes_reveal.c
+605:    TALER_coin_ev_hash (&rrc->blinded_planchet,
+
+taler-exchange-httpd_recoup.c
+290:        TALER_coin_ev_hash (&blinded_planchet,
+
+taler-exchange-httpd_withdraw.c
+581:      TALER_coin_ev_hash (&wc.blinded_planchet,
+
+taler-exchange-httpd_age-withdraw_reveal.c
+350:    ret = TALER_coin_ev_hash (&detail.blinded_planchet,
+
+taler-exchange-httpd_recoup-refresh.c
+284:    TALER_coin_ev_hash (&blinded_planchet,
+
+taler-exchange-httpd_age-withdraw.c
+279:      ret = TALER_coin_ev_hash (&awc->coin_evs[c],
+884:    TALER_coin_ev_hash (&awc->coin_evs[i],
+
+taler-exchange-httpd_batch-withdraw.c
+832:        TALER_coin_ev_hash (&pc->blinded_planchet,
+```
+
+
+## `TALER_coin_pub_hash`
+
+Compute the hash of a coin.
+
+- `@param coin_pub public key of the coin`
+- `@param age_commitment_hash hash of the age commitment vector. NULL, if no age commitment was set`
+- `@param[out] coin_h where to write the hash`
+
+**Where is this called!?**
+
+### In `lib/crypto.c`, function `TALER_test_coin_valid`.
+
+```
+Check if a coin is valid; that is, whether the denomination key
+exists, is not expired, and the signature is correct.
+
+@param coin_public_info the coin public info to check for validity
+@param denom_pub denomination key, must match @a coin_public_info's `denom_pub_hash`
+@return #GNUNET_YES if the coin is valid,
+        #GNUNET_NO if it is invalid
+        #GNUNET_SYSERR if an internal error occurred
+```
+
+It then calls `TALER_denom_pub_verify` on the result of `TALER_coin_pub_hash` and the signature
+
+
+### In `util/denom.c`, function `TALER_denom_blind`
+
+## `TALER_EXCHANGE_batch_withdraw` vs `TALER_EXCHANGE_batch_withdraw2`
+
+### `TALER_EXCHANGE_batch_withdraw`
+
+```
+/**
+ * Withdraw multiple coins from the exchange using a /reserves/$RESERVE_PUB/batch-withdraw
+ * request.  This API is typically used by a wallet to withdraw many coins from a
+ * reserve.
+ *
+ * Note that to ensure that no money is lost in case of hardware
+ * failures, the caller must have committed (most of) the arguments to
+ * disk before calling, and be ready to repeat the request with the
+ * same arguments in case of failures.
+ *
+ * @param curl_ctx The curl context to use
+ * @param exchange_url The base-URL of the exchange
+ * @param keys The /keys material from the exchange
+ * @param reserve_priv private key of the reserve to withdraw from
+ * @param wci_length number of entries in @a wcis
+ * @param wcis inputs that determine the planchets
+ * @param res_cb the callback to call when the final result for this request is available
+ * @param res_cb_cls closure for @a res_cb
+ * @return NULL
+ *         if the inputs are invalid (i.e. denomination key not with this exchange).
+ *         In this case, the callback is not called.
+ */
+struct TALER_EXCHANGE_BatchWithdrawHandle *
+TALER_EXCHANGE_batch_withdraw (
+  struct GNUNET_CURL_Context *curl_ctx,
+  const char *exchange_url,
+  const struct TALER_EXCHANGE_Keys *keys,
+  const struct TALER_ReservePrivateKeyP *reserve_priv,
+  unsigned int wci_length,
+  const struct TALER_EXCHANGE_WithdrawCoinInput wcis[static wci_length],
+  TALER_EXCHANGE_BatchWithdrawCallback res_cb,
+  void *res_cb_cls);
+```
+
+### `TALER_EXCHANGE_batch_withdraw2`
+
+```
+/**
+ * Withdraw a coin from the exchange using a /reserves/$RESERVE_PUB/batch-withdraw
+ * request.  This API is typically used by a merchant to withdraw a tip
+ * where the blinding factor is unknown to the merchant.
+ *
+ * Note that to ensure that no money is lost in case of hardware
+ * failures, the caller must have committed (most of) the arguments to
+ * disk before calling, and be ready to repeat the request with the
+ * same arguments in case of failures.
+ *
+ * @param curl_ctx The curl context to use
+ * @param exchange_url The base-URL of the exchange
+ * @param keys The /keys material from the exchange
+ * @param pds array of planchet details of the planchet to withdraw
+ * @param pds_length number of entries in the @a pds array
+ * @param reserve_priv private key of the reserve to withdraw from
+ * @param res_cb the callback to call when the final result for this request is available
+ * @param res_cb_cls closure for @a res_cb
+ * @return NULL
+ *         if the inputs are invalid (i.e. denomination key not with this exchange).
+ *         In this case, the callback is not called.
+ */
+struct TALER_EXCHANGE_BatchWithdraw2Handle *
+TALER_EXCHANGE_batch_withdraw2 (
+  struct GNUNET_CURL_Context *curl_ctx,
+  const char *exchange_url,
+  const struct TALER_EXCHANGE_Keys *keys,
+  const struct TALER_ReservePrivateKeyP *reserve_priv,
+  unsigned int pds_length,
+  const struct TALER_PlanchetDetail pds[static pds_length],
+  TALER_EXCHANGE_BatchWithdraw2Callback res_cb,
+  void *res_cb_cls);
+```
+
+### Differences
+
+| batch_withdraw                     | batch_withdraw2        |
+|------------------------------------|------------------------|
+| `TALER_EXCHANGE_WithdrawCoinInput` | `TALER_PlanchetDetail` |
+
+
+```
+struct TALER_EXCHANGE_WithdrawCoinInput
+{
+  /**
+   * Denomination of the coin.
+   */
+  const struct TALER_EXCHANGE_DenomPublicKey *pk;
+
+  /**
+   * Master key material for the coin.
+   */
+  const struct TALER_PlanchetMasterSecretP *ps;
+
+  /**
+   * Age commitment for the coin.
+   */
+  const struct TALER_AgeCommitmentHash *ach;
+
+};
+```
+
+
+```
+struct TALER_PlanchetDetail
+{
+  /**
+   * Hash of the denomination public key.
+   */
+  struct TALER_DenominationHashP denom_pub_hash;
+
+  /**
+   * The blinded planchet
+   */
+  struct TALER_BlindedPlanchet {
+      /**
+       * Type of the sign blinded message
+       */
+      enum TALER_DenominationCipher cipher;
+
+      /**
+       * Details, depending on @e cipher.
+       */
+      union
+      {
+        /**
+         * If we use #TALER_DENOMINATION_CS in @a cipher.
+         */
+        struct TALER_BlindedCsPlanchet cs_blinded_planchet;
+
+        /**
+         * If we use #TALER_DENOMINATION_RSA in @a cipher.
+         */
+        struct TALER_BlindedRsaPlanchet rsa_blinded_planchet;
+
+      } details;
+  } blinded_planchet;
+};
+
+```
+
+
+
+## TODOs
+
+### Update documentation
+
+- [x] batch-withdraw needs error code for AgeRestrictionRequired
+- [x] withdraw needs error code for AgeRestrictionRequired
+
+

src/testing/Makefile.am

@@ -40,6 +40,7 @@ libtalertesting_la_LDFLAGS = \
   -version-info 0:0:0 \
   -no-undefined
 libtalertesting_la_SOURCES = \
+  testing_api_cmd_age_withdraw.c \
   testing_api_cmd_auditor_add_denom_sig.c \
   testing_api_cmd_auditor_add.c \
   testing_api_cmd_auditor_del.c \

src/testing/testing_api_cmd_age_withdraw.c

@@ -30,6 +30,18 @@
 #include "taler_extensions.h"
 #include "taler_testing_lib.h"
 
+/*
+ * The input and state of coin
+ */
+struct CoinState
+{
+  struct TALER_RefreshMasterSecretP secret;
+
+  struct TALER_EXCHANGE_AgeWithdrawCoinPrivateDetails details;
+
+  struct TALER_Amount amount;
+};
+
 /**
  * State for a "age withdraw" CMD:
  */
@@ -55,6 +67,12 @@ struct AgeWithdrawState
    * Number of coins to withdraw
    */
   size_t num_coins;
+
+  /**
+   * The input for the coins
+   */
+  struct CoinState *coins;
+
 };
 
 
@@ -75,6 +93,8 @@ TALER_TESTING_cmd_age_withdraw (const char *label,
   aws->reserve_reference = reserve_reference;
   aws->expected_response_code = expected_response_code;
 
+// TODO[oec]: check max_age!?
+
   cnt = 1;
   va_start (ap, amount);
   while (NULL != (va_arg (ap, const char *)))
@@ -84,19 +104,14 @@ TALER_TESTING_cmd_age_withdraw (const char *label,
                                  struct CoinState);
   va_end (ap);
   va_start (ap, amount);
-  for (unsigned int i = 0; i<ws->num_coins; i++)
+  for (unsigned int i = 0; i<aws->num_coins; i++)
   {
-    struct CoinState *cs = &ws->coins[i];
+    struct CoinState *cs = &aws->coins[i];
-
+    if (0 < max_age)
-    if (0 < age)
     {
-      struct TALER_AgeCommitmentProof *acp;
-      struct TALER_AgeCommitmentHash *hac;
       struct GNUNET_HashCode seed;
       struct TALER_AgeMask mask;
 
-      acp = GNUNET_new (struct TALER_AgeCommitmentProof);
-      hac = GNUNET_new (struct TALER_AgeCommitmentHash);
       mask = TALER_extensions_get_age_restriction_mask ();
       GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
                                   &seed,
@@ -105,21 +120,19 @@ TALER_TESTING_cmd_age_withdraw (const char *label,
       if (GNUNET_OK !=
           TALER_age_restriction_commit (
             &mask,
-            age,
+            max_age,
             &seed,
-            acp))
+            &cs->details.age_commitment_proof))
       {
         GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                     "Failed to generate age commitment for age %d at %s\n",
-                    age,
+                    max_age,
                     label);
         GNUNET_assert (0);
       }
 
-      TALER_age_commitment_hash (&acp->commitment,
+      TALER_age_commitment_hash (&cs->details.age_commitment_proof.commitment,
-                                 hac);
+                                 &cs->details.h_age_commitment);
-      cs->age_commitment_proof = acp;
-      cs->h_age_commitment = hac;
     }
 
     if (GNUNET_OK !=
@@ -140,11 +153,11 @@ TALER_TESTING_cmd_age_withdraw (const char *label,
 
   {
     struct TALER_TESTING_Command cmd = {
-      .cls = ws,
+      .cls = aws,
       .label = label,
-      .run = &age_withdraw_run,
+      .run = NULL, // &age_withdraw_run,
-      .cleanup = &age_withdraw_cleanup,
+      .cleanup = NULL, // &age_withdraw_cleanup,
-      .traits = &age_withdraw_traits
+      .traits = NULL, // &age_withdraw_traits
     };
 
     return cmd;

src/testing/testing_api_cmd_exec_aggregator.c

@@ -72,7 +72,6 @@ aggregator_run (void *cls,
                                "taler-exchange-aggregator",
                                "taler-exchange-aggregator",
                                "-c", as->config_filename,
-                               "-L", "INFO",
                                "-t", /* exit when done */
                                (as->kyc_on)
                                ? NULL

src/testing/testing_api_cmd_exec_transfer.c

@@ -67,7 +67,6 @@ transfer_run (void *cls,
                                "taler-exchange-transfer",
                                "taler-exchange-transfer",
                                "-c", as->config_filename,
-                               "-L", "INFO",
                                "-S", "1",
                                "-w", "0",
                                "-t", /* exit when done */

src/testing/testing_api_cmd_exec_wirewatch.c

@@ -1,6 +1,6 @@
 /*
   This file is part of TALER
-  Copyright (C) 2018 Taler Systems SA
+  Copyright (C) 2018, 2023 Taler Systems SA
 
   TALER is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as
@@ -43,6 +43,11 @@ struct WirewatchState
    * Configuration file used by the wirewatcher.
    */
   const char *config_filename;
+
+  /**
+   * Account section to be used by the wirewatcher.
+   */
+  const char *account_section;
 };
 
 
@@ -70,7 +75,10 @@ wirewatch_run (void *cls,
                                "-S", "1",
                                "-w", "0",
                                "-t", /* exit when done */
-                               "-L", "DEBUG",
+                               (NULL == ws->account_section)
+                               ? NULL
+                               : "-a",
+                               ws->account_section,
                                NULL);
   if (NULL == ws->wirewatch_proc)
   {
@@ -138,14 +146,15 @@ wirewatch_traits (void *cls,
 
 
 struct TALER_TESTING_Command
-TALER_TESTING_cmd_exec_wirewatch (const char *label,
+TALER_TESTING_cmd_exec_wirewatch2 (const char *label,
-                                  const char *config_filename)
+                                   const char *config_filename,
+                                   const char *account_section)
 {
   struct WirewatchState *ws;
 
   ws = GNUNET_new (struct WirewatchState);
   ws->config_filename = config_filename;
-
+  ws->account_section = account_section;
   {
     struct TALER_TESTING_Command cmd = {
       .cls = ws,
@@ -160,4 +169,14 @@ TALER_TESTING_cmd_exec_wirewatch (const char *label,
 }
 
 
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_exec_wirewatch (const char *label,
+                                  const char *config_filename)
+{
+  return TALER_TESTING_cmd_exec_wirewatch2 (label,
+                                            config_filename,
+                                            NULL);
+}
+
+
 /* end of testing_api_cmd_exec_wirewatch.c */