summaryrefslogtreecommitdiff
path: root/src/util/test_helper_rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/test_helper_rsa.c')
-rw-r--r--src/util/test_helper_rsa.c259
1 files changed, 170 insertions, 89 deletions
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c
index e4c0bf6fd..97844001d 100644
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@@ -22,11 +22,12 @@
#include "taler_util.h"
/**
- * Configuration has 1 minute duration and 5 minutes lookahead, so
- * we should never have more than 6 active keys, plus for during
- * key expiration / revocation.
+ * Configuration has 1 minute duration and 5 minutes lookahead, but
+ * we do not get 'revocations' for expired keys. So this must be
+ * large enough to deal with key rotation during the runtime of
+ * the benchmark.
*/
-#define MAX_KEYS 7
+#define MAX_KEYS 1024
/**
* How many random key revocations should we test?
@@ -38,6 +39,17 @@
*/
#define NUM_SIGN_TESTS 5
+/**
+ * How many iterations of the successful signing test should we run
+ * during the benchmark phase?
+ */
+#define NUM_SIGN_PERFS 100
+
+/**
+ * How many parallel clients should we use for the parallel
+ * benchmark? (> 500 may cause problems with the max open FD number limit).
+ */
+#define NUM_CORES 8
/**
* Number of keys currently in #keys.
@@ -62,7 +74,7 @@ struct KeyData
/**
* Hash of the public key.
*/
- struct TALER_DenominationHash h_denom_pub;
+ struct GNUNET_HashCode h_denom_pub;
/**
* Full public key.
@@ -110,7 +122,7 @@ key_cb (void *cls,
const char *section_name,
struct GNUNET_TIME_Absolute start_time,
struct GNUNET_TIME_Relative validity_duration,
- const struct TALER_DenominationHash *h_denom_pub,
+ const struct GNUNET_HashCode *h_denom_pub,
const struct TALER_DenominationPublicKey *denom_pub,
const struct TALER_SecurityModulePublicKeyP *sm_pub,
const struct TALER_SecurityModuleSignatureP *sm_sig)
@@ -119,7 +131,7 @@ key_cb (void *cls,
(void) sm_sig;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Key notification about key %s in `%s'\n",
- GNUNET_h2s (&h_denom_pub->hash),
+ GNUNET_h2s (h_denom_pub),
section_name);
if (0 == validity_duration.rel_value_us)
{
@@ -133,7 +145,8 @@ key_cb (void *cls,
{
keys[i].valid = false;
keys[i].revoked = false;
- TALER_denom_pub_free (&keys[i].denom_pub);
+ GNUNET_CRYPTO_rsa_public_key_free (keys[i].denom_pub.rsa_public_key);
+ keys[i].denom_pub.rsa_public_key = NULL;
GNUNET_assert (num_keys > 0);
num_keys--;
found = true;
@@ -154,9 +167,8 @@ key_cb (void *cls,
keys[i].h_denom_pub = *h_denom_pub;
keys[i].start_time = start_time;
keys[i].validity_duration = validity_duration;
- keys[i].denom_pub = *denom_pub;
- TALER_denom_pub_deep_copy (&keys[i].denom_pub,
- denom_pub);
+ keys[i].denom_pub.rsa_public_key
+ = GNUNET_CRYPTO_rsa_public_key_dup (denom_pub->rsa_public_key);
num_keys++;
return;
}
@@ -199,7 +211,7 @@ test_revocation (struct TALER_CRYPTO_DenominationHelper *dh)
keys[j].revoked = true;
fprintf (stderr,
"Revoking key %s ...",
- GNUNET_h2s (&keys[j].h_denom_pub.hash));
+ GNUNET_h2s (&keys[j].h_denom_pub));
TALER_CRYPTO_helper_denom_revoke (dh,
&keys[j].h_denom_pub);
for (unsigned int k = 0; k<1000; k++)
@@ -235,35 +247,42 @@ test_revocation (struct TALER_CRYPTO_DenominationHelper *dh)
static int
test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
{
- struct TALER_BlindedDenominationSignature ds;
+ struct TALER_DenominationSignature ds;
enum TALER_ErrorCode ec;
bool success = false;
- struct TALER_PlanchetSecretsP ps;
- struct TALER_CoinPubHash c_hash;
-
- TALER_planchet_setup_random (&ps);
+ struct GNUNET_HashCode m_hash;
+ struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
+
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+ &bks,
+ sizeof (bks));
+ GNUNET_CRYPTO_hash ("Hello",
+ strlen ("Hello"),
+ &m_hash);
for (unsigned int i = 0; i<MAX_KEYS; i++)
{
if (! keys[i].valid)
continue;
{
- struct TALER_PlanchetDetail pd;
+ void *buf;
+ size_t buf_size;
GNUNET_assert (GNUNET_YES ==
- TALER_planchet_prepare (&keys[i].denom_pub,
- &ps,
- &c_hash,
- &pd));
+ TALER_rsa_blind (&m_hash,
+ &bks,
+ keys[i].denom_pub.rsa_public_key,
+ &buf,
+ &buf_size));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Requesting signature over %u bytes with key %s\n",
- (unsigned int) pd.coin_ev_size,
- GNUNET_h2s (&keys[i].h_denom_pub.hash));
+ (unsigned int) buf_size,
+ GNUNET_h2s (&keys[i].h_denom_pub));
ds = TALER_CRYPTO_helper_denom_sign (dh,
&keys[i].h_denom_pub,
- pd.coin_ev,
- pd.coin_ev_size,
+ buf,
+ buf_size,
&ec);
- GNUNET_free (pd.coin_ev);
+ GNUNET_free (buf);
}
switch (ec)
{
@@ -283,33 +302,32 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
return 5;
}
{
- struct TALER_DenominationSignature rs;
+ struct GNUNET_CRYPTO_RsaSignature *rs;
- if (GNUNET_OK !=
- TALER_denom_sig_unblind (&rs,
- &ds,
- &ps.blinding_key,
- &keys[i].denom_pub))
+ rs = TALER_rsa_unblind (ds.rsa_signature,
+ &bks,
+ keys[i].denom_pub.rsa_public_key);
+ if (NULL == rs)
{
GNUNET_break (0);
return 6;
}
- TALER_blinded_denom_sig_free (&ds);
+ GNUNET_CRYPTO_rsa_signature_free (ds.rsa_signature);
if (GNUNET_OK !=
- TALER_denom_pub_verify (&keys[i].denom_pub,
- &rs,
- &c_hash))
+ GNUNET_CRYPTO_rsa_verify (&m_hash,
+ rs,
+ keys[i].denom_pub.rsa_public_key))
{
/* signature invalid */
GNUNET_break (0);
- TALER_denom_sig_free (&rs);
+ GNUNET_CRYPTO_rsa_signature_free (rs);
return 7;
}
- TALER_denom_sig_free (&rs);
+ GNUNET_CRYPTO_rsa_signature_free (rs);
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Received valid signature for key %s\n",
- GNUNET_h2s (&keys[i].h_denom_pub.hash));
+ GNUNET_h2s (&keys[i].h_denom_pub));
success = true;
break;
case TALER_EC_EXCHANGE_DENOMINATION_HELPER_TOO_EARLY:
@@ -344,24 +362,27 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
/* check signing does not work if the key is unknown */
{
- struct TALER_DenominationHash rnd;
+ struct GNUNET_HashCode rnd;
+ struct TALER_DenominationSignature ds;
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&rnd,
sizeof (rnd));
- (void) TALER_CRYPTO_helper_denom_sign (dh,
- &rnd,
- "Hello",
- strlen ("Hello"),
- &ec);
+ ds = TALER_CRYPTO_helper_denom_sign (dh,
+ &rnd,
+ "Hello",
+ strlen ("Hello"),
+ &ec);
if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec)
{
+ if (TALER_EC_NONE == ec)
+ GNUNET_CRYPTO_rsa_signature_free (ds.rsa_signature);
GNUNET_break (0);
return 17;
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Signing with invalid key %s failed as desired\n",
- GNUNET_h2s (&rnd.hash));
+ GNUNET_h2s (&rnd));
}
return 0;
}
@@ -374,18 +395,25 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
* @return 0 on success
*/
static int
-perf_signing (struct TALER_CRYPTO_DenominationHelper *dh)
+perf_signing (struct TALER_CRYPTO_DenominationHelper *dh,
+ const char *type)
{
- struct TALER_BlindedDenominationSignature ds;
+ struct TALER_DenominationSignature ds;
enum TALER_ErrorCode ec;
+ struct GNUNET_HashCode m_hash;
+ struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
struct GNUNET_TIME_Relative duration;
- struct TALER_PlanchetSecretsP ps;
- TALER_planchet_setup_random (&ps);
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+ &bks,
+ sizeof (bks));
+ GNUNET_CRYPTO_hash ("Hello",
+ strlen ("Hello"),
+ &m_hash);
duration = GNUNET_TIME_UNIT_ZERO;
- for (unsigned int j = 0; j<NUM_SIGN_TESTS;)
+ TALER_CRYPTO_helper_denom_poll (dh);
+ for (unsigned int j = 0; j<NUM_SIGN_PERFS;)
{
- TALER_CRYPTO_helper_denom_poll (dh);
for (unsigned int i = 0; i<MAX_KEYS; i++)
{
if (! keys[i].valid)
@@ -397,14 +425,15 @@ perf_signing (struct TALER_CRYPTO_DenominationHelper *dh)
keys[i].validity_duration.rel_value_us)
continue;
{
- struct TALER_CoinPubHash c_hash;
- struct TALER_PlanchetDetail pd;
+ void *buf;
+ size_t buf_size;
GNUNET_assert (GNUNET_YES ==
- TALER_planchet_prepare (&keys[i].denom_pub,
- &ps,
- &c_hash,
- &pd));
+ TALER_rsa_blind (&m_hash,
+ &bks,
+ keys[i].denom_pub.rsa_public_key,
+ &buf,
+ &buf_size));
/* use this key as long as it works */
while (1)
{
@@ -413,26 +442,83 @@ perf_signing (struct TALER_CRYPTO_DenominationHelper *dh)
ds = TALER_CRYPTO_helper_denom_sign (dh,
&keys[i].h_denom_pub,
- pd.coin_ev,
- pd.coin_ev_size,
+ buf,
+ buf_size,
&ec);
if (TALER_EC_NONE != ec)
break;
delay = GNUNET_TIME_absolute_get_duration (start);
duration = GNUNET_TIME_relative_add (duration,
delay);
- TALER_blinded_denom_sig_free (&ds);
+ GNUNET_CRYPTO_rsa_signature_free (ds.rsa_signature);
j++;
- if (NUM_SIGN_TESTS == j)
+ if (NUM_SIGN_PERFS <= j)
break;
}
- GNUNET_free (pd.coin_ev);
+ GNUNET_free (buf);
}
} /* for i */
} /* for j */
fprintf (stderr,
- "%u (sequential) signature operations took %s\n",
- (unsigned int) NUM_SIGN_TESTS,
+ "%u (%s) signature operations took %s\n",
+ (unsigned int) NUM_SIGN_PERFS,
+ type,
+ GNUNET_STRINGS_relative_time_to_string (duration,
+ GNUNET_YES));
+ return 0;
+}
+
+
+/**
+ * Parallel signing logic.
+ *
+ * @param esh handle to the helper
+ * @return 0 on success
+ */
+static int
+par_signing (struct GNUNET_CONFIGURATION_Handle *cfg)
+{
+ struct GNUNET_TIME_Absolute start;
+ struct GNUNET_TIME_Relative duration;
+ pid_t pids[NUM_CORES];
+ struct TALER_CRYPTO_DenominationHelper *dh;
+
+ start = GNUNET_TIME_absolute_get ();
+ for (unsigned int i = 0; i<NUM_CORES; i++)
+ {
+ pids[i] = fork ();
+ memset (keys,
+ 0,
+ sizeof (keys));
+ num_keys = 0;
+ GNUNET_assert (-1 != pids[i]);
+ if (0 == pids[i])
+ {
+ int ret;
+
+ dh = TALER_CRYPTO_helper_denom_connect (cfg,
+ &key_cb,
+ NULL);
+ GNUNET_assert (NULL != dh);
+ ret = perf_signing (dh,
+ "parallel");
+ TALER_CRYPTO_helper_denom_disconnect (dh);
+ exit (ret);
+ }
+ }
+ for (unsigned int i = 0; i<NUM_CORES; i++)
+ {
+ int wstatus;
+
+ GNUNET_assert (pids[i] ==
+ waitpid (pids[i],
+ &wstatus,
+ 0));
+ }
+ duration = GNUNET_TIME_absolute_get_duration (start);
+ fprintf (stderr,
+ "%u (parallel) signature operations took %s (total real time)\n",
+ (unsigned int) NUM_SIGN_PERFS * NUM_CORES,
GNUNET_STRINGS_relative_time_to_string (duration,
GNUNET_YES));
return 0;
@@ -461,62 +547,57 @@ run_test (void)
return 77;
}
- fprintf (stderr, "Waiting for helper client directory to become available ");
- for (unsigned int i = 0; i<1000; i++)
+ fprintf (stderr, "Waiting for helper to start ... ");
+ for (unsigned int i = 0; i<100; i++)
{
+ nanosleep (&req,
+ NULL);
dh = TALER_CRYPTO_helper_denom_connect (cfg,
&key_cb,
NULL);
if (NULL != dh)
break;
- nanosleep (&req, NULL);
fprintf (stderr, ".");
}
- GNUNET_CONFIGURATION_destroy (cfg);
if (NULL == dh)
{
- GNUNET_break (0);
+ fprintf (stderr,
+ "\nFAILED: timeout trying to connect to helper\n");
+ GNUNET_CONFIGURATION_destroy (cfg);
return 1;
}
- fprintf (stderr, " done.\n");
-
- /* wait for helper to start and give us keys */
- fprintf (stderr, "Waiting for helper to start ");
- for (unsigned int i = 0; i<1000; i++)
- {
- TALER_CRYPTO_helper_denom_poll (dh);
- if (0 != num_keys)
- break;
- nanosleep (&req, NULL);
- fprintf (stderr, ".");
- }
if (0 == num_keys)
{
fprintf (stderr,
"\nFAILED: timeout trying to connect to helper\n");
TALER_CRYPTO_helper_denom_disconnect (dh);
+ GNUNET_CONFIGURATION_destroy (cfg);
return 1;
}
fprintf (stderr,
- "\nOK: Helper ready (%u keys)\n",
+ " Done (%u keys)\n",
num_keys);
-
ret = 0;
if (0 == ret)
ret = test_revocation (dh);
if (0 == ret)
ret = test_signing (dh);
if (0 == ret)
- ret = perf_signing (dh);
+ ret = perf_signing (dh,
+ "sequential");
TALER_CRYPTO_helper_denom_disconnect (dh);
+ if (0 == ret)
+ ret = par_signing (cfg);
/* clean up our state */
for (unsigned int i = 0; i<MAX_KEYS; i++)
if (keys[i].valid)
{
- TALER_denom_pub_free (&keys[i].denom_pub);
+ GNUNET_CRYPTO_rsa_public_key_free (keys[i].denom_pub.rsa_public_key);
+ keys[i].denom_pub.rsa_public_key = NULL;
GNUNET_assert (num_keys > 0);
num_keys--;
}
+ GNUNET_CONFIGURATION_destroy (cfg);
return ret;
}
@@ -535,7 +616,7 @@ main (int argc,
(void) argc;
(void) argv;
GNUNET_log_setup ("test-helper-rsa",
- "INFO",
+ "WARNING",
NULL);
GNUNET_OS_init (TALER_project_data_default ());
libexec_dir = GNUNET_OS_installation_get_path (GNUNET_OS_IPK_BINDIR);
@@ -551,7 +632,7 @@ main (int argc,
"-c",
"test_helper_rsa.conf",
"-L",
- "INFO",
+ "WARNING",
NULL);
if (NULL == helper)
{
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 03:51:51 +0000