diff options
Diffstat (limited to 'src/util/taler-exchange-secmod-eddsa.c')
| -rw-r--r-- | src/util/taler-exchange-secmod-eddsa.c | 168 |
1 files changed, 101 insertions, 67 deletions
diff --git a/src/util/taler-exchange-secmod-eddsa.c b/src/util/taler-exchange-secmod-eddsa.c index 3fe9b284e..0b95447f7 100644 --- a/src/util/taler-exchange-secmod-eddsa.c +++ b/src/util/taler-exchange-secmod-eddsa.c @@ -37,7 +37,6 @@ #include "taler-exchange-secmod-eddsa.h" #include <gcrypt.h> #include <pthread.h> -#include <sys/eventfd.h> #include "taler_error_codes.h" #include "taler_signatures.h" #include "secmod_common.h" @@ -78,7 +77,7 @@ struct Key /** * Time at which this key is supposed to become valid. */ - struct GNUNET_TIME_Absolute anchor; + struct GNUNET_TIME_Timestamp anchor; /** * Generation when this key was created or revoked. @@ -124,13 +123,13 @@ static int global_ret; * Time when the key update is executed. * Either the actual current time, or a pretended time. */ -static struct GNUNET_TIME_Absolute now; +static struct GNUNET_TIME_Timestamp now; /** * The time for the key update, as passed by the user * on the command line. */ -static struct GNUNET_TIME_Absolute now_tmp; +static struct GNUNET_TIME_Timestamp now_tmp; /** * Where do we store the keys? @@ -138,6 +137,13 @@ static struct GNUNET_TIME_Absolute now_tmp; static char *keydir; /** + * Name of the configuration section prefix to use. Usually either "taler-exchange" or + * "donau". The actual configuration section will then be + * "$SECTION-secmod-eddsa". + */ +static char *section; + +/** * How much should coin creation duration overlap * with the next key? Basically, the starting time of two * keys is always #duration - #overlap_duration apart. @@ -179,7 +185,7 @@ notify_client_key_add (struct TES_Client *client, struct TALER_CRYPTO_EddsaKeyAvailableNotification an = { .header.size = htons (sizeof (an)), .header.type = htons (TALER_HELPER_EDDSA_MT_AVAIL), - .anchor_time = GNUNET_TIME_absolute_hton (key->anchor), + .anchor_time = GNUNET_TIME_timestamp_hton (key->anchor), .duration = GNUNET_TIME_relative_hton (duration), .exchange_pub = key->exchange_pub, .secm_pub = TES_smpub @@ -274,7 +280,7 @@ handle_sign_request (struct TES_Client *client, key = keys_head; while ( (NULL != key) && (GNUNET_TIME_absolute_is_past ( - GNUNET_TIME_absolute_add (key->anchor, + GNUNET_TIME_absolute_add (key->anchor.abs_time, duration))) ) { struct Key *nxt = key->next; @@ -284,9 +290,9 @@ handle_sign_request (struct TES_Client *client, GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Deleting past key %s (expired %s ago)\n", TALER_B2S (&nxt->exchange_pub), - GNUNET_STRINGS_relative_time_to_string ( + GNUNET_TIME_relative2s ( GNUNET_TIME_absolute_get_duration ( - GNUNET_TIME_absolute_add (key->anchor, + GNUNET_TIME_absolute_add (key->anchor.abs_time, duration)), GNUNET_YES)); GNUNET_CONTAINER_DLL_remove (keys_head, @@ -364,7 +370,7 @@ setup_key (struct Key *key, GNUNET_asprintf (&key->filename, "%s/%llu", keydir, - (unsigned long long) (key->anchor.abs_value_us + (unsigned long long) (key->anchor.abs_time.abs_value_us / GNUNET_TIME_UNIT_SECONDS.rel_value_us)); if (GNUNET_OK != GNUNET_DISK_fn_write (key->filename, @@ -585,11 +591,11 @@ eddsa_client_init (struct TES_Client *client) static enum GNUNET_GenericReturnValue eddsa_update_client_keys (struct TES_Client *client) { + GNUNET_assert (0 == pthread_mutex_lock (&keys_lock)); GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Updating client %p to generation %llu\n", client, (unsigned long long) key_gen); - GNUNET_assert (0 == pthread_mutex_lock (&keys_lock)); for (struct Key *key = keys_head; NULL != key; key = key->next) @@ -638,23 +644,21 @@ static enum GNUNET_GenericReturnValue create_key (void) { struct Key *key; - struct GNUNET_TIME_Absolute anchor; - struct GNUNET_TIME_Absolute now; + struct GNUNET_TIME_Timestamp anchor; - now = GNUNET_TIME_absolute_get (); - (void) GNUNET_TIME_round_abs (&now); - if (NULL == keys_tail) - { - anchor = now; - } - else + anchor = GNUNET_TIME_timestamp_get (); + if (NULL != keys_tail) { - anchor = GNUNET_TIME_absolute_add (keys_tail->anchor, - GNUNET_TIME_relative_subtract ( - duration, - overlap_duration)); - if (now.abs_value_us > anchor.abs_value_us) - anchor = now; + struct GNUNET_TIME_Absolute abs; + + abs = GNUNET_TIME_absolute_add (keys_tail->anchor.abs_time, + GNUNET_TIME_relative_subtract ( + duration, + overlap_duration)); + if (GNUNET_TIME_absolute_cmp (anchor.abs_time, + <, + abs)) + anchor = GNUNET_TIME_absolute_to_timestamp (abs); } key = GNUNET_new (struct Key); key->anchor = anchor; @@ -689,11 +693,11 @@ key_action_time (void) if (NULL == nxt) return GNUNET_TIME_UNIT_ZERO_ABS; return GNUNET_TIME_absolute_min ( - GNUNET_TIME_absolute_add (nxt->anchor, + GNUNET_TIME_absolute_add (nxt->anchor.abs_time, duration), GNUNET_TIME_absolute_subtract ( GNUNET_TIME_absolute_subtract ( - GNUNET_TIME_absolute_add (keys_tail->anchor, + GNUNET_TIME_absolute_add (keys_tail->anchor.abs_time, duration), lookahead_sign), overlap_duration)); @@ -719,7 +723,7 @@ update_keys (void *cls) GNUNET_TIME_absolute_is_past ( GNUNET_TIME_absolute_subtract ( GNUNET_TIME_absolute_subtract ( - GNUNET_TIME_absolute_add (keys_tail->anchor, + GNUNET_TIME_absolute_add (keys_tail->anchor.abs_time, duration), lookahead_sign), overlap_duration)) ) @@ -743,7 +747,7 @@ update_keys (void *cls) /* purge expired keys */ while ( (NULL != nxt) && GNUNET_TIME_absolute_is_past ( - GNUNET_TIME_absolute_add (nxt->anchor, + GNUNET_TIME_absolute_add (nxt->anchor.abs_time, duration))) { if (! wake) @@ -754,9 +758,9 @@ update_keys (void *cls) GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Purging past key %s (expired %s ago)\n", TALER_B2S (&nxt->exchange_pub), - GNUNET_STRINGS_relative_time_to_string ( + GNUNET_TIME_relative2s ( GNUNET_TIME_absolute_get_duration ( - GNUNET_TIME_absolute_add (nxt->anchor, + GNUNET_TIME_absolute_add (nxt->anchor.abs_time, duration)), GNUNET_YES)); purge_key (nxt); @@ -788,7 +792,7 @@ parse_key (const char *filename, char *anchor_s; char dummy; unsigned long long anchor_ll; - struct GNUNET_TIME_Absolute anchor; + struct GNUNET_TIME_Timestamp anchor; anchor_s = strrchr (filename, '/'); @@ -810,8 +814,10 @@ parse_key (const char *filename, filename); return GNUNET_SYSERR; } - anchor.abs_value_us = anchor_ll * GNUNET_TIME_UNIT_SECONDS.rel_value_us; - if (anchor_ll != anchor.abs_value_us / GNUNET_TIME_UNIT_SECONDS.rel_value_us) + anchor.abs_time.abs_value_us = anchor_ll + * GNUNET_TIME_UNIT_SECONDS.rel_value_us; + if (anchor_ll != anchor.abs_time.abs_value_us + / GNUNET_TIME_UNIT_SECONDS.rel_value_us) { /* Integer overflow. Bad, invalid filename. */ GNUNET_log (GNUNET_ERROR_TYPE_WARNING, @@ -827,9 +833,9 @@ parse_key (const char *filename, filename); return GNUNET_SYSERR; } - memcpy (&priv, - buf, - buf_size); + GNUNET_memcpy (&priv, + buf, + buf_size); { struct GNUNET_CRYPTO_EddsaPublicKey pub; @@ -850,7 +856,7 @@ parse_key (const char *filename, NULL != pos; pos = pos->next) { - if (pos->anchor.abs_value_us > anchor.abs_value_us) + if (GNUNET_TIME_timestamp_cmp (pos->anchor, >, anchor)) break; before = pos; } @@ -905,7 +911,7 @@ import_key (void *cls, } fd = open (filename, - O_CLOEXEC); + O_RDONLY | O_CLOEXEC); if (-1 == fd) { GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, @@ -919,6 +925,7 @@ import_key (void *cls, GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "stat", filename); + GNUNET_break (0 == close (fd)); return GNUNET_OK; } if (! S_ISREG (sbuf.st_mode)) @@ -926,6 +933,7 @@ import_key (void *cls, GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "File `%s' is not a regular file, which is not allowed for private keys!\n", filename); + GNUNET_break (0 == close (fd)); return GNUNET_OK; } if (0 != (sbuf.st_mode & (S_IWUSR | S_IRWXG | S_IRWXO))) @@ -990,42 +998,48 @@ import_key (void *cls, static enum GNUNET_GenericReturnValue load_durations (const struct GNUNET_CONFIGURATION_Handle *cfg) { + char *secname; + + GNUNET_asprintf (&secname, + "%s-secmod-eddsa", + section); if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, - "taler-exchange-secmod-eddsa", + secname, "OVERLAP_DURATION", &overlap_duration)) { + GNUNET_free (secname); GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "taler-exchange-secmod-eddsa", + secname, "OVERLAP_DURATION"); return GNUNET_SYSERR; } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, - "taler-exchange-secmod-eddsa", + secname, "DURATION", &duration)) { + GNUNET_free (secname); GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "taler-exchange-secmod-eddsa", + secname, "DURATION"); return GNUNET_SYSERR; } - GNUNET_TIME_round_rel (&overlap_duration); - if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, - "taler-exchange-secmod-eddsa", + secname, "LOOKAHEAD_SIGN", &lookahead_sign)) { + GNUNET_free (secname); GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "taler-exchange-secmod-eddsa", + secname, "LOOKAHEAD_SIGN"); return GNUNET_SYSERR; } - GNUNET_TIME_round_rel (&lookahead_sign); + GNUNET_free (secname); return GNUNET_OK; } @@ -1067,11 +1081,12 @@ run (void *cls, .updater = eddsa_update_client_keys, .init = eddsa_client_init }; + char *secname; (void) cls; (void) args; (void) cfgfile; - if (now.abs_value_us != now_tmp.abs_value_us) + if (GNUNET_TIME_timestamp_cmp (now, !=, now_tmp)) { /* The user gave "--now", use it! */ now = now_tmp; @@ -1079,9 +1094,11 @@ run (void *cls, else { /* get current time again, we may be timetraveling! */ - now = GNUNET_TIME_absolute_get (); + now = GNUNET_TIME_timestamp_get (); } - GNUNET_TIME_round_abs (&now); + GNUNET_asprintf (&secname, + "%s-secmod-eddsa", + section); if (GNUNET_OK != load_durations (cfg)) { @@ -1090,21 +1107,31 @@ run (void *cls, } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, - "taler-exchange-secmod-eddsa", + secname, "KEY_DIR", &keydir)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "taler-exchange-secmod-eddsa", + secname, "KEY_DIR"); + GNUNET_free (secname); global_ret = EXIT_NOTCONFIGURED; return; } + GNUNET_free (secname); GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); - global_ret = TES_listen_start (cfg, - "taler-exchange-secmod-eddsa", - &cb); + { + char *secname; + + GNUNET_asprintf (&secname, + "%s-secmod-eddsa", + section); + global_ret = TES_listen_start (cfg, + secname, + &cb); + GNUNET_free (secname); + } if (0 != global_ret) return; /* Load keys */ @@ -1114,12 +1141,13 @@ run (void *cls, &import_key, NULL); if ( (NULL != keys_head) && - (GNUNET_TIME_absolute_is_future (keys_head->anchor)) ) + (GNUNET_TIME_absolute_is_future (keys_head->anchor.abs_time)) ) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Existing anchor is in %s the future. Refusing to start\n", - GNUNET_STRINGS_relative_time_to_string ( - GNUNET_TIME_absolute_get_remaining (keys_head->anchor), + GNUNET_TIME_relative2s ( + GNUNET_TIME_absolute_get_remaining ( + keys_head->anchor.abs_time), GNUNET_YES)); global_ret = EXIT_FAILURE; GNUNET_SCHEDULER_shutdown (); @@ -1146,26 +1174,32 @@ main (int argc, char **argv) { struct GNUNET_GETOPT_CommandLineOption options[] = { + GNUNET_GETOPT_option_string ('s', + "section", + "SECTION", + "name of the configuration section prefix to use, default is 'taler'", + §ion), GNUNET_GETOPT_option_timetravel ('T', "timetravel"), - GNUNET_GETOPT_option_absolute_time ('t', - "time", - "TIMESTAMP", - "pretend it is a different time for the update", - &now_tmp), + GNUNET_GETOPT_option_timestamp ('t', + "time", + "TIMESTAMP", + "pretend it is a different time for the update", + &now_tmp), GNUNET_GETOPT_OPTION_END }; enum GNUNET_GenericReturnValue ret; /* Restrict permissions for the key files that we create. */ (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH); - + section = GNUNET_strdup ("taler-exchange"); /* force linker to link against libtalerutil; if we do not do this, the linker may "optimize" libtalerutil away and skip #TALER_OS_init(), which we do need */ TALER_OS_init (); - now = now_tmp = GNUNET_TIME_absolute_get (); - ret = GNUNET_PROGRAM_run (argc, argv, + now_tmp = now = GNUNET_TIME_timestamp_get (); + ret = GNUNET_PROGRAM_run (argc, + argv, "taler-exchange-secmod-eddsa", "Handle private EDDSA key operations for a Taler exchange", options, |