diff options
Diffstat (limited to 'src/util/taler-exchange-secmod-cs.c')
-rw-r--r-- | src/util/taler-exchange-secmod-cs.c | 164 |
1 files changed, 107 insertions, 57 deletions
diff --git a/src/util/taler-exchange-secmod-cs.c b/src/util/taler-exchange-secmod-cs.c index 231a8cd87..3e9ba1558 100644 --- a/src/util/taler-exchange-secmod-cs.c +++ b/src/util/taler-exchange-secmod-cs.c @@ -269,7 +269,7 @@ struct BatchJob /** * Result with the signature. */ - struct TALER_BlindedDenominationCsSignAnswer cs_answer; + struct GNUNET_CRYPTO_CsBlindSignature cs_answer; } sign; /** @@ -285,7 +285,7 @@ struct BatchJob /** * Pair of points to return. */ - struct TALER_DenominationCSPublicRPairP rpairp; + struct GNUNET_CRYPTO_CSPublicRPairP rpairp; } rderive; @@ -341,6 +341,13 @@ static struct GNUNET_TIME_Timestamp now_tmp; static char *keydir; /** + * Name of the configuration section prefix to use. Usually either "taler-exchange" or + * "donau". The actual configuration section will then be + * "$SECTION-secmod-cs". + */ +static char *section; + +/** * How much should coin creation (@e duration_withdraw) duration overlap * with the next denomination? Basically, the starting time of two * denominations is always @e duration_withdraw - #overlap_duration apart. @@ -423,9 +430,9 @@ generate_response (struct DenominationKey *dk) &an->secm_sig); an->secm_pub = TES_smpub; p = (void *) &an[1]; - memcpy (p, - denom->section, - nlen); + GNUNET_memcpy (p, + denom->section, + nlen); dk->an = an; } @@ -433,7 +440,7 @@ generate_response (struct DenominationKey *dk) /** * Do the actual signing work. * - * @param h_cs key to sign with + * @param h_cs hash of key to sign with * @param planchet message to sign * @param for_melt true if for melting * @param[out] cs_sigp set to the CS signature @@ -441,9 +448,9 @@ generate_response (struct DenominationKey *dk) */ static enum TALER_ErrorCode do_sign (const struct TALER_CsPubHashP *h_cs, - const struct TALER_BlindedCsPlanchet *planchet, + const struct GNUNET_CRYPTO_CsBlindedMessage *planchet, bool for_melt, - struct TALER_BlindedDenominationCsSignAnswer *cs_sigp) + struct GNUNET_CRYPTO_CsBlindSignature *cs_sigp) { struct GNUNET_CRYPTO_CsRSecret r[2]; struct DenominationKey *dk; @@ -473,15 +480,14 @@ do_sign (const struct TALER_CsPubHashP *h_cs, GNUNET_assert (dk->rc < UINT_MAX); dk->rc++; GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock)); - GNUNET_CRYPTO_cs_r_derive (&planchet->nonce.nonce, + GNUNET_CRYPTO_cs_r_derive (&planchet->nonce, for_melt ? "rm" : "rw", &dk->denom_priv, r); - cs_sigp->b = GNUNET_CRYPTO_cs_sign_derive (&dk->denom_priv, - r, - planchet->c, - &planchet->nonce.nonce, - &cs_sigp->s_scalar); + GNUNET_CRYPTO_cs_sign_derive (&dk->denom_priv, + r, + planchet, + cs_sigp); GNUNET_assert (0 == pthread_mutex_lock (&keys_lock)); GNUNET_assert (dk->rc > 0); dk->rc--; @@ -543,14 +549,14 @@ fail_derive (struct TES_Client *client, */ static enum GNUNET_GenericReturnValue send_signature (struct TES_Client *client, - const struct TALER_BlindedDenominationCsSignAnswer *cs_answer) + const struct GNUNET_CRYPTO_CsBlindSignature *cs_answer) { struct TALER_CRYPTO_SignResponse sres; sres.header.size = htons (sizeof (sres)); sres.header.type = htons (TALER_HELPER_CS_MT_RES_SIGNATURE); - sres.reserved = htonl (0); - sres.cs_answer = *cs_answer; + sres.b = htonl (cs_answer->b); + sres.cs_answer = cs_answer->s_scalar; return TES_transmit (client->csock, &sres.header); } @@ -569,13 +575,13 @@ static enum GNUNET_GenericReturnValue handle_sign_request (struct TES_Client *client, const struct TALER_CRYPTO_CsSignRequestMessage *sr) { - struct TALER_BlindedDenominationCsSignAnswer cs_answer; + struct GNUNET_CRYPTO_CsBlindSignature cs_answer; struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get (); enum TALER_ErrorCode ec; enum GNUNET_GenericReturnValue ret; ec = do_sign (&sr->h_cs, - &sr->planchet, + &sr->message, (0 != ntohl (sr->for_melt)), &cs_answer); if (TALER_EC_NONE != ec) @@ -605,12 +611,12 @@ handle_sign_request (struct TES_Client *client, */ static enum TALER_ErrorCode do_derive (const struct TALER_CsPubHashP *h_cs, - const struct TALER_CsNonce *nonce, + const struct GNUNET_CRYPTO_CsSessionNonce *nonce, bool for_melt, - struct TALER_DenominationCSPublicRPairP *rpairp) + struct GNUNET_CRYPTO_CSPublicRPairP *rpairp) { struct DenominationKey *dk; - struct TALER_DenominationCSPrivateRPairP r_priv; + struct GNUNET_CRYPTO_CSPrivateRPairP r_priv; GNUNET_assert (0 == pthread_mutex_lock (&keys_lock)); dk = GNUNET_CONTAINER_multihashmap_get (keys, @@ -637,7 +643,7 @@ do_derive (const struct TALER_CsPubHashP *h_cs, GNUNET_assert (dk->rc < UINT_MAX); dk->rc++; GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock)); - GNUNET_CRYPTO_cs_r_derive (&nonce->nonce, + GNUNET_CRYPTO_cs_r_derive (nonce, for_melt ? "rm" : "rw", &dk->denom_priv, r_priv.r); @@ -662,10 +668,10 @@ do_derive (const struct TALER_CsPubHashP *h_cs, */ static enum GNUNET_GenericReturnValue send_derivation (struct TES_Client *client, - const struct TALER_DenominationCSPublicRPairP *r_pub) + const struct GNUNET_CRYPTO_CSPublicRPairP *r_pub) { struct TALER_CRYPTO_RDeriveResponse rdr = { - .header.size = htons (sizeof (struct TALER_CRYPTO_RDeriveResponse)), + .header.size = htons (sizeof (rdr)), .header.type = htons (TALER_HELPER_CS_MT_RES_RDERIVE), .r_pub = *r_pub }; @@ -776,7 +782,7 @@ worker (void *cls) = bj->details.sign.sr; bj->ec = do_sign (&sr->h_cs, - &sr->planchet, + &sr->message, (0 != ntohl (sr->for_melt)), &bj->details.sign.cs_answer); break; @@ -1093,8 +1099,9 @@ setup_key (struct DenominationKey *dk, GNUNET_CRYPTO_cs_private_key_generate (&priv); GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub); - TALER_cs_pub_hash (&pub, - &dk->h_cs); + GNUNET_CRYPTO_hash (&pub, + sizeof (pub), + &dk->h_cs.hash); GNUNET_asprintf (&dk->filename, "%s/%s/%llu", keydir, @@ -1242,7 +1249,7 @@ static enum GNUNET_GenericReturnValue handle_r_derive_request (struct TES_Client *client, const struct TALER_CRYPTO_CsRDeriveRequest *rdr) { - struct TALER_DenominationCSPublicRPairP r_pub; + struct GNUNET_CRYPTO_CSPublicRPairP r_pub; struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get (); enum TALER_ErrorCode ec; enum GNUNET_GenericReturnValue ret; @@ -1373,9 +1380,9 @@ cs_client_init (struct TES_Client *client) NULL != dk; dk = dk->next) { - memcpy (&buf[obs], - dk->an, - ntohs (dk->an->header.size)); + GNUNET_memcpy (&buf[obs], + dk->an, + ntohs (dk->an->header.size)); obs += ntohs (dk->an->header.size); } } @@ -1472,18 +1479,18 @@ cs_update_client_keys (struct TES_Client *client) .h_cs = key->h_cs }; - memcpy (&buf[obs], - &pn, - sizeof (pn)); + GNUNET_memcpy (&buf[obs], + &pn, + sizeof (pn)); GNUNET_assert (obs + sizeof (pn) > obs); obs += sizeof (pn); } else { - memcpy (&buf[obs], - key->an, - ntohs (key->an->header.size)); + GNUNET_memcpy (&buf[obs], + key->an, + ntohs (key->an->header.size)); GNUNET_assert (obs + ntohs (key->an->header.size) > obs); obs += ntohs (key->an->header.size); @@ -1773,20 +1780,19 @@ parse_key (struct Denomination *denom, return; } { - struct GNUNET_CRYPTO_CsPublicKey pub; struct DenominationKey *dk; struct DenominationKey *before; - GNUNET_CRYPTO_cs_private_key_get_public (priv, - &pub); dk = GNUNET_new (struct DenominationKey); dk->denom_priv = *priv; dk->denom = denom; dk->anchor = anchor; dk->filename = GNUNET_strdup (filename); - TALER_cs_pub_hash (&pub, - &dk->h_cs); - dk->denom_pub = pub; + GNUNET_CRYPTO_cs_private_key_get_public (priv, + &dk->denom_pub); + GNUNET_CRYPTO_hash (&dk->denom_pub, + sizeof (dk->denom_pub), + &dk->h_cs.hash); generate_response (dk); if (GNUNET_OK != GNUNET_CONTAINER_multihashmap_put ( @@ -1808,7 +1814,9 @@ parse_key (struct Denomination *denom, NULL != pos; pos = pos->next) { - if (GNUNET_TIME_timestamp_cmp (pos->anchor, >, anchor)) + if (GNUNET_TIME_timestamp_cmp (pos->anchor, + >, + anchor)) break; before = pos; } @@ -1956,6 +1964,11 @@ parse_denomination_cfg (const struct GNUNET_CONFIGURATION_Handle *cfg, const char *ct, struct Denomination *denom) { + char *secname; + + GNUNET_asprintf (&secname, + "%s-secmod-cs", + section); if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, ct, @@ -1965,6 +1978,7 @@ parse_denomination_cfg (const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, ct, "DURATION_WITHDRAW"); + GNUNET_free (secname); return GNUNET_SYSERR; } if (GNUNET_TIME_relative_cmp (overlap_duration, @@ -1972,11 +1986,13 @@ parse_denomination_cfg (const struct GNUNET_CONFIGURATION_Handle *cfg, denom->duration_withdraw)) { GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "taler-exchange-secmod-cs", + secname, "OVERLAP_DURATION", "Value given must be smaller than value for DURATION_WITHDRAW!"); + GNUNET_free (secname); return GNUNET_SYSERR; } + GNUNET_free (secname); denom->section = GNUNET_strdup (ct); return GNUNET_OK; } @@ -2091,28 +2107,36 @@ load_denominations (void *cls, static enum GNUNET_GenericReturnValue load_durations (const struct GNUNET_CONFIGURATION_Handle *cfg) { + char *secname; + + GNUNET_asprintf (&secname, + "%s-secmod-cs", + section); if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, - "taler-exchange-secmod-cs", + secname, "OVERLAP_DURATION", &overlap_duration)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "taler-exchange-secmod-cs", + secname, "OVERLAP_DURATION"); + GNUNET_free (secname); return GNUNET_SYSERR; } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, - "taler-exchange-secmod-cs", + secname, "LOOKAHEAD_SIGN", &lookahead_sign)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "taler-exchange-secmod-cs", + secname, "LOOKAHEAD_SIGN"); + GNUNET_free (secname); return GNUNET_SYSERR; } + GNUNET_free (secname); return GNUNET_OK; } @@ -2156,6 +2180,7 @@ run (void *cls, .updater = &cs_update_client_keys, .init = &cs_client_init }; + char *secname; (void) cls; (void) args; @@ -2170,27 +2195,40 @@ run (void *cls, /* get current time again, we may be timetraveling! */ now = GNUNET_TIME_timestamp_get (); } + GNUNET_asprintf (&secname, + "%s-secmod-cs", + section); if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, - "taler-exchange-secmod-cs", + secname, "KEY_DIR", &keydir)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "taler-exchange-secmod-cs", + secname, "KEY_DIR"); + GNUNET_free (secname); global_ret = EXIT_NOTCONFIGURED; return; } + GNUNET_free (secname); if (GNUNET_OK != load_durations (cfg)) { global_ret = EXIT_NOTCONFIGURED; return; } - global_ret = TES_listen_start (cfg, - "taler-exchange-secmod-cs", - &cb); + { + char *secname; + + GNUNET_asprintf (&secname, + "%s-secmod-cs", + section); + global_ret = TES_listen_start (cfg, + secname, + &cb); + GNUNET_free (secname); + } if (0 != global_ret) return; sem_init (&worker_sem, @@ -2198,7 +2236,14 @@ run (void *cls, GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); if (0 == max_workers) - max_workers = sysconf (_SC_NPROCESSORS_CONF); + { + long lret; + + lret = sysconf (_SC_NPROCESSORS_CONF); + if (lret <= 0) + lret = 1; + max_workers = (unsigned int) lret; + } for (unsigned int i = 0; i<max_workers; i++) if (GNUNET_OK != start_worker ()) @@ -2256,6 +2301,11 @@ main (int argc, char **argv) { struct GNUNET_GETOPT_CommandLineOption options[] = { + GNUNET_GETOPT_option_string ('s', + "section", + "SECTION", + "name of the configuration section prefix to use, default is 'taler'", + §ion), GNUNET_GETOPT_option_timetravel ('T', "timetravel"), GNUNET_GETOPT_option_timestamp ('t', @@ -2274,7 +2324,7 @@ main (int argc, /* Restrict permissions for the key files that we create. */ (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH); - + section = GNUNET_strdup ("taler-exchange"); /* force linker to link against libtalerutil; if we do not do this, the linker may "optimize" libtalerutil away and skip #TALER_OS_init(), which we do need */ |