diff options
| author | Christian Grothoff <christian@grothoff.org> | 2015-09-19 16:34:27 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2015-09-19 16:34:27 +0200 |
| commit | 37a84c5af7b466bef1d4ca4b18999e8b6ef590f2 (patch) | |
| tree | 2b71b3b6f6371decf90065bb744c49f61582882d | |
| parent | 00b697c405d3d1dfae102eb1223cb07509f680a9 (diff) | |
| download | exchange-37a84c5af7b466bef1d4ca4b18999e8b6ef590f2.tar.gz exchange-37a84c5af7b466bef1d4ca4b18999e8b6ef590f2.tar.bz2 exchange-37a84c5af7b466bef1d4ca4b18999e8b6ef590f2.zip | |
finish implementing #3847
| -rw-r--r-- | src/include/taler_mintdb_lib.h | 14 | ||||
| -rw-r--r-- | src/mint-tools/Makefile.am | 10 | ||||
| -rw-r--r-- | src/mint-tools/taler-auditor-sign.c | 82 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_keystate.c | 54 | ||||
| -rw-r--r-- | src/mintdb/mintdb_keyio.c | 25 |
5 files changed, 108 insertions, 77 deletions
diff --git a/src/include/taler_mintdb_lib.h b/src/include/taler_mintdb_lib.h index b7f28cffe..7dfef8dc5 100644 --- a/src/include/taler_mintdb_lib.h +++ b/src/include/taler_mintdb_lib.h @@ -212,10 +212,10 @@ TALER_MINTDB_denomination_key_read (const char *filename, * * @param cls closure * @param apub the auditor's public key - * @param asig the auditor's signature * @param mpub the mint's public key (as expected by the auditor) - * @param dki_len length of @a dki - * @param dki array of denomination coin data signed by the auditor + * @param dki_len length of @a asig and @a dki arrays + * @param asigs array of the auditor's signatures over the @a dks, of length @a dki_len + * @param dki array of denomination coin data signed by the auditor, of length @a dki_len * @return #GNUNET_OK to continue to iterate, * #GNUNET_NO to stop iteration with no error, * #GNUNET_SYSERR to abort iteration with error! @@ -223,9 +223,9 @@ TALER_MINTDB_denomination_key_read (const char *filename, typedef int (*TALER_MINTDB_AuditorIterator)(void *cls, const struct TALER_AuditorPublicKeyP *apub, - const struct TALER_AuditorSignatureP *asig, const struct TALER_MasterPublicKeyP *mpub, unsigned int dki_len, + const struct TALER_AuditorSignatureP *asigs, const struct TALER_DenominationKeyValidityPS *dki); @@ -253,16 +253,16 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir, * * @param filename the file where to write the auditor information to * @param apub the auditor's public key - * @param asig the auditor's signature + * @param asigs the auditor's signatures, array of length @a dki_len * @param mpub the mint's public key (as expected by the auditor) - * @param dki_len length of @a dki + * @param dki_len length of @a dki and @a asigs arrays * @param dki array of denomination coin data signed by the auditor * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure. */ int TALER_MINTDB_auditor_write (const char *filename, const struct TALER_AuditorPublicKeyP *apub, - const struct TALER_AuditorSignatureP *asig, + const struct TALER_AuditorSignatureP *asigs, const struct TALER_MasterPublicKeyP *mpub, unsigned int dki_len, const struct TALER_DenominationKeyValidityPS *dki); diff --git a/src/mint-tools/Makefile.am b/src/mint-tools/Makefile.am index a1b1302de..94b8fb391 100644 --- a/src/mint-tools/Makefile.am +++ b/src/mint-tools/Makefile.am @@ -7,6 +7,7 @@ if USE_COVERAGE endif bin_PROGRAMS = \ + taler-auditor-sign \ taler-mint-keyup \ taler-mint-keycheck \ taler-mint-reservemod \ @@ -15,7 +16,6 @@ bin_PROGRAMS = \ taler_mint_keyup_SOURCES = \ taler-mint-keyup.c - taler_mint_keyup_LDADD = \ $(LIBGCRYPT_LIBS) \ $(top_builddir)/src/util/libtalerutil.la \ @@ -24,6 +24,14 @@ taler_mint_keyup_LDADD = \ -lgnunetutil $(XLIB) taler_mint_keyup_LDFLAGS = $(POSTGRESQL_LDFLAGS) +taler_auditor_sign_SOURCES = \ + taler-auditor-sign.c +taler_auditor_sign_LDADD = \ + $(LIBGCRYPT_LIBS) \ + $(top_builddir)/src/util/libtalerutil.la \ + $(top_builddir)/src/mintdb/libtalermintdb.la \ + -lgnunetutil $(XLIB) + taler_mint_sepa_SOURCES = \ taler-mint-sepa.c diff --git a/src/mint-tools/taler-auditor-sign.c b/src/mint-tools/taler-auditor-sign.c index 8d180790f..bd37e68de 100644 --- a/src/mint-tools/taler-auditor-sign.c +++ b/src/mint-tools/taler-auditor-sign.c @@ -50,11 +50,6 @@ static char *mint_request_file; static char *output_file; /** - * Handle to the auditor's configuration - */ -static struct GNUNET_CONFIGURATION_Handle *kcfg; - -/** * Master public key of the mint. */ static struct TALER_MasterPublicKeyP master_public_key; @@ -101,16 +96,16 @@ print_dk (const struct TALER_DenominationKeyValidityPS *dk) fprintf (stdout, "Validity start time: %s\n", - GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->start))); + GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->start))); fprintf (stdout, "Withdraw end time: %s\n", - GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_withdraw))); + GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_withdraw))); fprintf (stdout, "Deposit end time: %s\n", - GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_spend))); + GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_spend))); fprintf (stdout, "Legal dispute end time: %s\n", - GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_legal))); + GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_legal))); fprintf (stdout, "\n"); @@ -150,12 +145,12 @@ main (int argc, GNUNET_GETOPT_OPTION_END }; struct GNUNET_CRYPTO_EddsaPrivateKey *eddsa_priv; - struct TALER_AuditorSignatureP sig; + struct TALER_AuditorSignatureP *sigs; struct TALER_AuditorPublicKeyP apub; struct GNUNET_DISK_FileHandle *fh; struct TALER_DenominationKeyValidityPS *dks; unsigned int dks_len; - struct TALER_MintKeyValidityPS *ap; + struct TALER_MintKeyValidityPS kv; off_t in_size; unsigned int i; @@ -187,6 +182,7 @@ main (int argc, { fprintf (stderr, "Mint public key not given\n"); + GNUNET_free (eddsa_priv); return 1; } if (GNUNET_OK != @@ -198,12 +194,14 @@ main (int argc, fprintf (stderr, "Public key `%s' malformed\n", mint_public_key); + GNUNET_free (eddsa_priv); return 1; } if (NULL == mint_request_file) { fprintf (stderr, "Mint signing request not given\n"); + GNUNET_free (eddsa_priv); return 1; } fh = GNUNET_DISK_file_open (mint_request_file, @@ -215,6 +213,7 @@ main (int argc, "Failed to open file `%s': %s\n", mint_request_file, STRERROR (errno)); + GNUNET_free (eddsa_priv); return 1; } if (GNUNET_OK != @@ -226,6 +225,7 @@ main (int argc, mint_request_file, STRERROR (errno)); GNUNET_DISK_file_close (fh); + GNUNET_free (eddsa_priv); return 1; } if (0 != (in_size % sizeof (struct TALER_DenominationKeyValidityPS))) @@ -234,16 +234,17 @@ main (int argc, "Input file size of file `%s' is invalid\n", mint_request_file); GNUNET_DISK_file_close (fh); + GNUNET_free (eddsa_priv); return 1; } dks_len = in_size / sizeof (struct TALER_DenominationKeyValidityPS); - ap = GNUNET_malloc (sizeof (struct TALER_MintKeyValidityPS) + - in_size); - ap.purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_MINT_KEYS); - ap.purpose.size = htonl (sizeof (struct TALER_MintKeyValidityPS) + - in_size); - ap.master = master_public_key; - dks = (struct TALER_DenominationKeyValidityPS *) &ap[1]; + kv.purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_MINT_KEYS); + kv.purpose.size = htonl (sizeof (struct TALER_MintKeyValidityPS)); + kv.master = master_public_key; + dks = GNUNET_new_array (dks_len, + struct TALER_DenominationKeyValidityPS); + sigs = GNUNET_new_array (dks_len, + struct TALER_AuditorSignatureP); if (in_size != GNUNET_DISK_file_read (fh, dks, @@ -254,34 +255,51 @@ main (int argc, mint_request_file, STRERROR (errno)); GNUNET_DISK_file_close (fh); - GNUNET_free (ap); + GNUNET_free (sigs); + GNUNET_free (dks); + GNUNET_free (eddsa_priv); return 1; } GNUNET_DISK_file_close (fh); - if (verbose) + for (i=0;i<dks_len;i++) { - for (i=0;i<dks_len;i++) - print_dk (&dks[i]); + struct TALER_DenominationKeyValidityPS *dk = &dks[i]; + + if (verbose) + print_dk (dk); + kv.start = dk->start; + kv.expire_withdraw = dk->expire_withdraw; + kv.expire_spend = dk->expire_spend; + kv.expire_legal = dk->expire_legal; + kv.value = dk->value; + kv.fee_withdraw = dk->fee_withdraw; + kv.fee_deposit = dk->fee_deposit; + kv.fee_refresh = dk->fee_refresh; + kv.denom_hash = dk->denom_hash; + + /* Finally sign ... */ + GNUNET_CRYPTO_eddsa_sign (eddsa_priv, + &kv.purpose, + &sigs[i].eddsa_sig); + + } if (NULL == output_file) { fprintf (stderr, "Output file not given\n"); - GNUNET_free (ap); + GNUNET_free (dks); + GNUNET_free (sigs); + GNUNET_free (eddsa_priv); return 1; } - /* Finally sign ... */ - GNUNET_CRYPTO_eddsa_sign (eddsa_priv, - &ap->purpose, - &sig.eddsa_sig); - /* write result to disk */ if (GNUNET_OK != TALER_MINTDB_auditor_write (output_file, &apub, - &sig, + sigs, &master_public_key, dks_len, dks)) @@ -290,10 +308,12 @@ main (int argc, "Failed to write to file `%s': %s\n", output_file, STRERROR (errno)); - GNUNET_free (ap); + GNUNET_free (sigs); + GNUNET_free (dks); return 1; } - GNUNET_free (ap); + GNUNET_free (sigs); + GNUNET_free (dks); GNUNET_free (eddsa_priv); return 0; } diff --git a/src/mint/taler-mint-httpd_keystate.c b/src/mint/taler-mint-httpd_keystate.c index 608e791b7..939d57d03 100644 --- a/src/mint/taler-mint-httpd_keystate.c +++ b/src/mint/taler-mint-httpd_keystate.c @@ -417,16 +417,16 @@ reload_keys_sign_iter (void *cls, * Convert information from an auditor to a JSON object. * * @param apub the auditor's public key - * @param asig the auditor's signature - * @param dki_len length of @a dki + * @param dki_len length of @a dki and @a asigs arrays + * @param asigs the auditor's signatures * @param dki array of denomination coin data signed by the auditor * @return a JSON object describing the auditor information and signature */ static json_t * auditor_to_json (const struct TALER_AuditorPublicKeyP *apub, - const struct TALER_AuditorSignatureP *asig, unsigned int dki_len, - const struct TALER_DenominationKeyValidityPS *dki) + const struct TALER_AuditorSignatureP **asigs, + const struct TALER_DenominationKeyValidityPS **dki) { unsigned int i; json_t *ja; @@ -434,19 +434,19 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub, ja = json_array (); for (i=0;i<dki_len;i++) json_array_append_new (ja, - json_pack ("{s:o}", + json_pack ("{s:o, s:o}", "denom_pub_h", - TALER_json_from_data (&dki->denom_hash, - sizeof (struct GNUNET_HashCode)))); + TALER_json_from_data (&dki[i]->denom_hash, + sizeof (struct GNUNET_HashCode)), + "auditor_sig", + TALER_json_from_data (asigs[i], + sizeof (struct TALER_AuditorSignatureP)))); return - json_pack ("{s:o, s:o, s:o}", + json_pack ("{s:o, s:o}", "denomination_keys", ja, "auditor_pub", TALER_json_from_data (apub, - sizeof (struct TALER_AuditorPublicKeyP)), - "auditor_sig", - TALER_json_from_data (asig, - sizeof (struct TALER_AuditorSignatureP))); + sizeof (struct TALER_AuditorPublicKeyP))); } @@ -458,9 +458,9 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub, * * @param cls closure with the `struct TMH_KS_StateHandle *` * @param apub the auditor's public key - * @param asig the auditor's signature * @param mpub the mint's public key (as expected by the auditor) - * @param dki_len length of @a dki + * @param dki_len length of @a dki and @a asigs + * @param asigs array with the auditor's signatures, of length @a dki_len * @param dki array of denomination coin data signed by the auditor * @return #GNUNET_OK to continue to iterate, * #GNUNET_NO to stop iteration with no error, @@ -469,14 +469,16 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub, static int reload_auditor_iter (void *cls, const struct TALER_AuditorPublicKeyP *apub, - const struct TALER_AuditorSignatureP *asig, const struct TALER_MasterPublicKeyP *mpub, unsigned int dki_len, + const struct TALER_AuditorSignatureP *asigs, const struct TALER_DenominationKeyValidityPS *dki) { struct TMH_KS_StateHandle *ctx = cls; unsigned int i; - int found; + unsigned int keep; + const struct TALER_AuditorSignatureP *kept_asigs[dki_len]; + const struct TALER_DenominationKeyValidityPS *kept_dkis[dki_len]; /* Check if the signature is at least for this mint. */ if (0 != memcmp (&mpub->eddsa_pub, @@ -487,28 +489,26 @@ reload_auditor_iter (void *cls, "Auditing information provided for a different mint, ignored\n"); return GNUNET_OK; } - /* check if there is an overlap between the set of keys signed by - the auditor and the denomination keys that are active right now */ - found = GNUNET_NO; + /* Filter the auditor information for those for which the + keys actually match the denomination keys that are active right now */ + keep = 0; for (i=0;i<dki_len;i++) { if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (ctx->denomkey_map, &dki[i].denom_hash)) { - found = GNUNET_YES; - break; + kept_asigs[keep] = &asigs[i]; + kept_dkis[keep] = &dki[i]; + keep++; } } - if (GNUNET_NO == found) - return GNUNET_OK; /* None of the keys are relevant for us right now, - so skip this auditor signature */ /* add auditor information to our /keys response */ json_array_append_new (ctx->auditors_array, auditor_to_json (apub, - asig, - dki_len, - dki)); + keep, + kept_asigs, + kept_dkis)); return GNUNET_OK; } diff --git a/src/mintdb/mintdb_keyio.c b/src/mintdb/mintdb_keyio.c index b7cdcf506..5bfe5bb12 100644 --- a/src/mintdb/mintdb_keyio.c +++ b/src/mintdb/mintdb_keyio.c @@ -383,11 +383,6 @@ struct AuditorFileHeaderP struct TALER_AuditorPublicKeyP apub; /** - * Signature from the auditor. - */ - struct TALER_AuditorSignatureP asig; - - /** * Master public key of the mint the auditor is signing * information for. */ @@ -415,6 +410,7 @@ auditor_iter (void *cls, struct AuditorIterateContext *aic = cls; uint64_t size; struct AuditorFileHeaderP *af; + const struct TALER_AuditorSignatureP *sigs; const struct TALER_DenominationKeyValidityPS *dki; unsigned int len; int ret; @@ -431,7 +427,8 @@ auditor_iter (void *cls, } if ( (size < sizeof (struct AuditorFileHeaderP)) || (0 != (len = ((size - sizeof (struct AuditorFileHeaderP)) % - sizeof (struct TALER_DenominationKeyValidityPS)))) ) + (sizeof (struct TALER_DenominationKeyValidityPS) + + sizeof (struct TALER_AuditorSignatureP))))) ) { GNUNET_break (0); return GNUNET_SYSERR; @@ -448,12 +445,13 @@ auditor_iter (void *cls, GNUNET_free (af); return GNUNET_SYSERR; } - dki = (const struct TALER_DenominationKeyValidityPS *) &af[1]; + sigs = (const struct TALER_AuditorSignatureP *) &af[1]; + dki = (const struct TALER_DenominationKeyValidityPS *) &sigs[len]; ret = aic->it (aic->it_cls, &af->apub, - &af->asig, &af->mpub, len, + sigs, dki); GNUNET_free (af); return ret; @@ -500,7 +498,7 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir, * * @param filename the file where to write the auditor information to * @param apub the auditor's public key - * @param asig the auditor's signature + * @param asigs the auditor's signatures, array of length @a dki_len * @param mpub the mint's public key (as expected by the auditor) * @param dki_len length of @a dki * @param dki array of denomination coin data signed by the auditor @@ -509,7 +507,7 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir, int TALER_MINTDB_auditor_write (const char *filename, const struct TALER_AuditorPublicKeyP *apub, - const struct TALER_AuditorSignatureP *asig, + const struct TALER_AuditorSignatureP *asigs, const struct TALER_MasterPublicKeyP *mpub, unsigned int dki_len, const struct TALER_DenominationKeyValidityPS *dki) @@ -522,7 +520,6 @@ TALER_MINTDB_auditor_write (const char *filename, int eno; af.apub = *apub; - af.asig = *asig; af.mpub = *mpub; ret = GNUNET_SYSERR; if (NULL == (fh = GNUNET_DISK_file_open @@ -537,6 +534,12 @@ TALER_MINTDB_auditor_write (const char *filename, goto cleanup; if (wrote != wsize) goto cleanup; + wsize = dki_len * sizeof (struct TALER_AuditorSignatureP); + if (wsize == + GNUNET_DISK_file_write (fh, + asigs, + wsize)) + ret = GNUNET_OK; wsize = dki_len * sizeof (struct TALER_DenominationKeyValidityPS); if (wsize == GNUNET_DISK_file_write (fh, |