diff options
Diffstat (limited to 'src/util/test_helper_rsa.c')
| -rw-r--r-- | src/util/test_helper_rsa.c | 706 |
1 files changed, 550 insertions, 156 deletions
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c index 7011afb22..2bc15879f 100644 --- a/src/util/test_helper_rsa.c +++ b/src/util/test_helper_rsa.c @@ -1,6 +1,6 @@ /* This file is part of TALER - (C) 2020 Taler Systems SA + (C) 2020, 2021, 2022 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -22,11 +22,12 @@ #include "taler_util.h" /** - * Configuration has 1 minute duration and 5 minutes lookahead, so - * we should never have more than 6 active keys, plus for during - * key expiration / revocation. + * Configuration has 1 minute duration and 5 minutes lookahead, but + * we do not get 'revocations' for expired keys. So this must be + * large enough to deal with key rotation during the runtime of + * the benchmark. */ -#define MAX_KEYS 7 +#define MAX_KEYS 1024 /** * How many random key revocations should we test? @@ -38,6 +39,17 @@ */ #define NUM_SIGN_TESTS 5 +/** + * How many iterations of the successful signing test should we run + * during the benchmark phase? + */ +#define NUM_SIGN_PERFS 100 + +/** + * How many parallel clients should we use for the parallel + * benchmark? (> 500 may cause problems with the max open FD number limit). + */ +#define NUM_CORES 8 /** * Number of keys currently in #keys. @@ -52,7 +64,7 @@ struct KeyData /** * Validity start point. */ - struct GNUNET_TIME_Absolute start_time; + struct GNUNET_TIME_Timestamp start_time; /** * Key expires for signing at @e start_time plus this value. @@ -62,7 +74,7 @@ struct KeyData /** * Hash of the public key. */ - struct GNUNET_HashCode h_denom_pub; + struct TALER_RsaPubHashP h_rsa; /** * Full public key. @@ -87,6 +99,23 @@ static struct KeyData keys[MAX_KEYS]; /** + * Release memory occupied by #keys. + */ +static void +free_keys (void) +{ + for (unsigned int i = 0; i<MAX_KEYS; i++) + if (keys[i].valid) + { + TALER_denom_pub_free (&keys[i].denom_pub); + keys[i].valid = false; + GNUNET_assert (num_keys > 0); + num_keys--; + } +} + + +/** * Function called with information about available keys for signing. Usually * only called once per key upon connect. Also called again in case a key is * being revoked, in that case with an @a end_time of zero. Stores the keys @@ -99,8 +128,8 @@ static struct KeyData keys[MAX_KEYS]; * zero if the key has been revoked or purged * @param validity_duration how long does the key remain available for signing; * zero if the key has been revoked or purged - * @param h_denom_pub hash of the @a denom_pub that is available (or was purged) - * @param denom_pub the public key itself, NULL if the key was revoked or purged + * @param h_rsa hash of the @a denom_pub that is available (or was purged) + * @param bs_pub the public key itself, NULL if the key was revoked or purged * @param sm_pub public key of the security module, NULL if the key was revoked or purged * @param sm_sig signature from the security module, NULL if the key was revoked or purged * The signature was already verified against @a sm_pub. @@ -108,33 +137,33 @@ static struct KeyData keys[MAX_KEYS]; static void key_cb (void *cls, const char *section_name, - struct GNUNET_TIME_Absolute start_time, + struct GNUNET_TIME_Timestamp start_time, struct GNUNET_TIME_Relative validity_duration, - const struct GNUNET_HashCode *h_denom_pub, - const struct TALER_DenominationPublicKey *denom_pub, + const struct TALER_RsaPubHashP *h_rsa, + struct GNUNET_CRYPTO_BlindSignPublicKey *bs_pub, const struct TALER_SecurityModulePublicKeyP *sm_pub, const struct TALER_SecurityModuleSignatureP *sm_sig) { + (void) cls; (void) sm_pub; (void) sm_sig; GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Key notification about key %s in `%s'\n", - GNUNET_h2s (h_denom_pub), + GNUNET_h2s (&h_rsa->hash), section_name); if (0 == validity_duration.rel_value_us) { bool found = false; - GNUNET_break (NULL == denom_pub); + GNUNET_break (NULL == bs_pub); GNUNET_break (NULL == section_name); for (unsigned int i = 0; i<MAX_KEYS; i++) - if (0 == GNUNET_memcmp (h_denom_pub, - &keys[i].h_denom_pub)) + if (0 == GNUNET_memcmp (h_rsa, + &keys[i].h_rsa)) { keys[i].valid = false; keys[i].revoked = false; - GNUNET_CRYPTO_rsa_public_key_free (keys[i].denom_pub.rsa_public_key); - keys[i].denom_pub.rsa_public_key = NULL; + TALER_denom_pub_free (&keys[i].denom_pub); GNUNET_assert (num_keys > 0); num_keys--; found = true; @@ -147,16 +176,16 @@ key_cb (void *cls, return; } - GNUNET_break (NULL != denom_pub); + GNUNET_break (NULL != bs_pub); for (unsigned int i = 0; i<MAX_KEYS; i++) if (! keys[i].valid) { keys[i].valid = true; - keys[i].h_denom_pub = *h_denom_pub; + keys[i].h_rsa = *h_rsa; keys[i].start_time = start_time; keys[i].validity_duration = validity_duration; - keys[i].denom_pub.rsa_public_key - = GNUNET_CRYPTO_rsa_public_key_dup (denom_pub->rsa_public_key); + keys[i].denom_pub.bsign_pub_key + = GNUNET_CRYPTO_bsign_pub_incref (bs_pub); num_keys++; return; } @@ -174,7 +203,7 @@ key_cb (void *cls, * @return 0 on success */ static int -test_revocation (struct TALER_CRYPTO_DenominationHelper *dh) +test_revocation (struct TALER_CRYPTO_RsaDenominationHelper *dh) { struct timespec req = { .tv_nsec = 250000000 @@ -199,12 +228,12 @@ test_revocation (struct TALER_CRYPTO_DenominationHelper *dh) keys[j].revoked = true; fprintf (stderr, "Revoking key %s ...", - GNUNET_h2s (&keys[j].h_denom_pub)); - TALER_CRYPTO_helper_denom_revoke (dh, - &keys[j].h_denom_pub); + GNUNET_h2s (&keys[j].h_rsa.hash)); + TALER_CRYPTO_helper_rsa_revoke (dh, + &keys[j].h_rsa); for (unsigned int k = 0; k<1000; k++) { - TALER_CRYPTO_helper_denom_poll (dh); + TALER_CRYPTO_helper_rsa_poll (dh); if (! keys[j].revoked) break; nanosleep (&req, NULL); @@ -215,7 +244,7 @@ test_revocation (struct TALER_CRYPTO_DenominationHelper *dh) fprintf (stderr, "\nFAILED: timeout trying to revoke key %u\n", j); - TALER_CRYPTO_helper_denom_disconnect (dh); + TALER_CRYPTO_helper_rsa_disconnect (dh); return 2; } fprintf (stderr, "\n"); @@ -233,100 +262,136 @@ test_revocation (struct TALER_CRYPTO_DenominationHelper *dh) * @return 0 on success */ static int -test_signing (struct TALER_CRYPTO_DenominationHelper *dh) +test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh) { - struct TALER_DenominationSignature ds; + struct TALER_BlindedDenominationSignature ds; enum TALER_ErrorCode ec; bool success = false; - struct GNUNET_HashCode m_hash; - struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; - + struct TALER_PlanchetMasterSecretP ps; + const struct TALER_ExchangeWithdrawValues *alg_values + = TALER_denom_ewv_rsa_singleton (); + struct TALER_AgeCommitmentHash ach; + struct TALER_CoinPubHashP c_hash; + struct TALER_CoinSpendPrivateKeyP coin_priv; + union GNUNET_CRYPTO_BlindingSecretP bks; + + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &ps, + sizeof (ps)); + TALER_planchet_setup_coin_priv (&ps, + alg_values, + &coin_priv); + TALER_planchet_blinding_secret_create (&ps, + alg_values, + &bks); GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, - &bks, - sizeof (bks)); - GNUNET_CRYPTO_hash ("Hello", - strlen ("Hello"), - &m_hash); + &ach, + sizeof(ach)); + for (unsigned int i = 0; i<MAX_KEYS; i++) { if (! keys[i].valid) continue; + if (GNUNET_CRYPTO_BSA_RSA != + keys[i].denom_pub.bsign_pub_key->cipher) + continue; { - void *buf; - size_t buf_size; + struct TALER_PlanchetDetail pd; GNUNET_assert (GNUNET_YES == - TALER_rsa_blind (&m_hash, - &bks, - keys[i].denom_pub.rsa_public_key, - &buf, - &buf_size)); - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Requesting signature over %u bytes with key %s\n", - (unsigned int) buf_size, - GNUNET_h2s (&keys[i].h_denom_pub)); - ds = TALER_CRYPTO_helper_denom_sign (dh, - &keys[i].h_denom_pub, - buf, - buf_size, - &ec); - GNUNET_free (buf); + TALER_planchet_prepare (&keys[i].denom_pub, + alg_values, + &bks, + NULL, + &coin_priv, + &ach, + &c_hash, + &pd)); + { + struct TALER_CRYPTO_RsaSignRequest rsr = { + .h_rsa = &keys[i].h_rsa, + .msg = + pd.blinded_planchet.blinded_message->details.rsa_blinded_message. + blinded_msg, + .msg_size = + pd.blinded_planchet.blinded_message->details.rsa_blinded_message. + blinded_msg_size + }; + + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Requesting signature over %u bytes with key %s\n", + (unsigned int) rsr.msg_size, + GNUNET_h2s (&rsr.h_rsa->hash)); + ec = TALER_CRYPTO_helper_rsa_sign (dh, + &rsr, + &ds); + } + TALER_blinded_planchet_free (&pd.blinded_planchet); } switch (ec) { case TALER_EC_NONE: - if (GNUNET_TIME_absolute_get_remaining (keys[i].start_time).rel_value_us > - GNUNET_TIME_UNIT_SECONDS.rel_value_us) + if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_remaining ( + keys[i].start_time.abs_time), + >, + GNUNET_TIME_UNIT_SECONDS)) { /* key worked too early */ GNUNET_break (0); return 4; } - if (GNUNET_TIME_absolute_get_duration (keys[i].start_time).rel_value_us > - keys[i].validity_duration.rel_value_us) + if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_duration ( + keys[i].start_time.abs_time), + >, + keys[i].validity_duration)) { /* key worked too later */ GNUNET_break (0); return 5; } { - struct GNUNET_CRYPTO_RsaSignature *rs; + struct TALER_DenominationSignature rs; - rs = TALER_rsa_unblind (ds.rsa_signature, - &bks, - keys[i].denom_pub.rsa_public_key); - if (NULL == rs) + if (GNUNET_OK != + TALER_denom_sig_unblind (&rs, + &ds, + &bks, + &c_hash, + alg_values, + &keys[i].denom_pub)) { GNUNET_break (0); return 6; } - GNUNET_CRYPTO_rsa_signature_free (ds.rsa_signature); + TALER_blinded_denom_sig_free (&ds); if (GNUNET_OK != - GNUNET_CRYPTO_rsa_verify (&m_hash, - rs, - keys[i].denom_pub.rsa_public_key)) + TALER_denom_pub_verify (&keys[i].denom_pub, + &rs, + &c_hash)) { /* signature invalid */ GNUNET_break (0); - GNUNET_CRYPTO_rsa_signature_free (rs); + TALER_denom_sig_free (&rs); return 7; } - GNUNET_CRYPTO_rsa_signature_free (rs); + TALER_denom_sig_free (&rs); } GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Received valid signature for key %s\n", - GNUNET_h2s (&keys[i].h_denom_pub)); + GNUNET_h2s (&keys[i].h_rsa.hash)); success = true; break; case TALER_EC_EXCHANGE_DENOMINATION_HELPER_TOO_EARLY: /* This 'failure' is expected, we're testing also for the error handling! */ - if ( (0 == - GNUNET_TIME_absolute_get_remaining ( - keys[i].start_time).rel_value_us) && - (GNUNET_TIME_absolute_get_duration ( - keys[i].start_time).rel_value_us < - keys[i].validity_duration.rel_value_us) ) + if ( (GNUNET_TIME_relative_is_zero ( + GNUNET_TIME_absolute_get_remaining ( + keys[i].start_time.abs_time))) && + (GNUNET_TIME_relative_cmp ( + GNUNET_TIME_absolute_get_duration ( + keys[i].start_time.abs_time), + <, + keys[i].validity_duration)) ) { /* key should have worked! */ GNUNET_break (0); @@ -336,8 +401,226 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh) default: /* unexpected error */ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unexpected error %d\n", - ec); + "Unexpected error %d at %s:%u\n", + ec, + __FILE__, + __LINE__); + return 7; + } + } + if (! success) + { + /* no valid key for signing found, also bad */ + GNUNET_break (0); + return 16; + } + + /* check signing does not work if the key is unknown */ + { + struct TALER_RsaPubHashP rnd; + struct TALER_CRYPTO_RsaSignRequest rsr = { + .h_rsa = &rnd, + .msg = "Hello", + .msg_size = strlen ("Hello") + }; + + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, + &rnd, + sizeof (rnd)); + ec = TALER_CRYPTO_helper_rsa_sign (dh, + &rsr, + &ds); + if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec) + { + if (TALER_EC_NONE == ec) + TALER_blinded_denom_sig_free (&ds); + GNUNET_break (0); + return 17; + } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Signing with invalid key %s failed as desired\n", + GNUNET_h2s (&rnd.hash)); + } + return 0; +} + + +/** + * Test batch signing logic. + * + * @param dh handle to the helper + * @param batch_size how large should the batch be + * @param check_sigs also check unknown key and signatures + * @return 0 on success + */ +static int +test_batch_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh, + unsigned int batch_size, + bool check_sigs) +{ + struct TALER_BlindedDenominationSignature ds[batch_size]; + enum TALER_ErrorCode ec; + bool success = false; + struct TALER_PlanchetMasterSecretP ps[batch_size]; + const struct TALER_ExchangeWithdrawValues *alg_values; + struct TALER_AgeCommitmentHash ach[batch_size]; + struct TALER_CoinPubHashP c_hash[batch_size]; + struct TALER_CoinSpendPrivateKeyP coin_priv[batch_size]; + union GNUNET_CRYPTO_BlindingSecretP bks[batch_size]; + + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &ps, + sizeof (ps)); + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, + &ach, + sizeof(ach)); + alg_values = TALER_denom_ewv_rsa_singleton (); + for (unsigned int i = 0; i<batch_size; i++) + { + TALER_planchet_setup_coin_priv (&ps[i], + alg_values, + &coin_priv[i]); + TALER_planchet_blinding_secret_create (&ps[i], + alg_values, + &bks[i]); + } + for (unsigned int k = 0; k<MAX_KEYS; k++) + { + if (success && ! check_sigs) + break; /* only do one round */ + if (! keys[k].valid) + continue; + if (GNUNET_CRYPTO_BSA_RSA != + keys[k].denom_pub.bsign_pub_key->cipher) + continue; + { + struct TALER_PlanchetDetail pd[batch_size]; + struct TALER_CRYPTO_RsaSignRequest rsr[batch_size]; + + for (unsigned int i = 0; i<batch_size; i++) + { + GNUNET_assert (GNUNET_YES == + TALER_planchet_prepare (&keys[k].denom_pub, + alg_values, + &bks[i], + NULL, + &coin_priv[i], + &ach[i], + &c_hash[i], + &pd[i])); + rsr[i].h_rsa + = &keys[k].h_rsa; + rsr[i].msg + = pd[i].blinded_planchet.blinded_message->details.rsa_blinded_message. + blinded_msg; + rsr[i].msg_size + = pd[i].blinded_planchet.blinded_message->details.rsa_blinded_message. + blinded_msg_size; + } + ec = TALER_CRYPTO_helper_rsa_batch_sign (dh, + batch_size, + rsr, + ds); + for (unsigned int i = 0; i<batch_size; i++) + { + if (TALER_EC_NONE == ec) + GNUNET_break (GNUNET_CRYPTO_BSA_RSA == + ds[i].blinded_sig->cipher); + TALER_blinded_planchet_free (&pd[i].blinded_planchet); + } + } + switch (ec) + { + case TALER_EC_NONE: + if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_remaining ( + keys[k].start_time.abs_time), + >, + GNUNET_TIME_UNIT_SECONDS)) + { + /* key worked too early */ + GNUNET_break (0); + return 4; + } + if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_duration ( + keys[k].start_time.abs_time), + >, + keys[k].validity_duration)) + { + /* key worked too later */ + GNUNET_break (0); + return 5; + } + for (unsigned int i = 0; i<batch_size; i++) + { + struct TALER_DenominationSignature rs; + + if (check_sigs) + { + if (GNUNET_OK != + TALER_denom_sig_unblind (&rs, + &ds[i], + &bks[i], + &c_hash[i], + alg_values, + &keys[k].denom_pub)) + { + GNUNET_break (0); + return 6; + } + } + TALER_blinded_denom_sig_free (&ds[i]); + if (check_sigs) + { + if (GNUNET_OK != + TALER_denom_pub_verify (&keys[k].denom_pub, + &rs, + &c_hash[i])) + { + /* signature invalid */ + GNUNET_break (0); + TALER_denom_sig_free (&rs); + return 7; + } + TALER_denom_sig_free (&rs); + } + } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Received valid signature for key %s\n", + GNUNET_h2s (&keys[k].h_rsa.hash)); + success = true; + break; + case TALER_EC_EXCHANGE_DENOMINATION_HELPER_TOO_EARLY: + /* This 'failure' is expected, we're testing also for the + error handling! */ + for (unsigned int i = 0; i<batch_size; i++) + TALER_blinded_denom_sig_free (&ds[i]); + if ( (GNUNET_TIME_relative_is_zero ( + GNUNET_TIME_absolute_get_remaining ( + keys[k].start_time.abs_time))) && + (GNUNET_TIME_relative_cmp ( + GNUNET_TIME_absolute_get_duration ( + keys[k].start_time.abs_time), + <, + keys[k].validity_duration)) ) + { + /* key should have worked! */ + GNUNET_break (0); + return 6; + } + break; + case TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN: + for (unsigned int i = 0; i<batch_size; i++) + TALER_blinded_denom_sig_free (&ds[i]); + break; + default: + /* unexpected error */ + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unexpected error %d at %s:%u\n", + ec, + __FILE__, + __LINE__); + for (unsigned int i = 0; i<batch_size; i++) + TALER_blinded_denom_sig_free (&ds[i]); return 7; } } @@ -349,25 +632,35 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh) } /* check signing does not work if the key is unknown */ + if (check_sigs) { - struct GNUNET_HashCode rnd; + struct TALER_RsaPubHashP rnd; + struct TALER_CRYPTO_RsaSignRequest rsr = { + .h_rsa = &rnd, + .msg = "Hello", + .msg_size = strlen ("Hello") + }; GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &rnd, sizeof (rnd)); - (void) TALER_CRYPTO_helper_denom_sign (dh, - &rnd, - "Hello", - strlen ("Hello"), - &ec); + ec = TALER_CRYPTO_helper_rsa_batch_sign (dh, + 1, + &rsr, + ds); if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Signing with invalid key returned unexpected status %d\n", + ec); + if (TALER_EC_NONE == ec) + TALER_blinded_denom_sig_free (ds); GNUNET_break (0); return 17; } GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Signing with invalid key %s failed as desired\n", - GNUNET_h2s (&rnd)); + GNUNET_h2s (&rnd.hash)); } return 0; } @@ -380,72 +673,154 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh) * @return 0 on success */ static int -perf_signing (struct TALER_CRYPTO_DenominationHelper *dh) +perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh, + const char *type) { - struct TALER_DenominationSignature ds; + struct TALER_BlindedDenominationSignature ds; enum TALER_ErrorCode ec; - struct GNUNET_HashCode m_hash; - struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; struct GNUNET_TIME_Relative duration; - + struct TALER_PlanchetMasterSecretP ps; + struct TALER_CoinSpendPrivateKeyP coin_priv; + struct TALER_AgeCommitmentHash ach; + union GNUNET_CRYPTO_BlindingSecretP bks; + const struct TALER_ExchangeWithdrawValues *alg_values + = TALER_denom_ewv_rsa_singleton (); + + TALER_planchet_master_setup_random (&ps); + TALER_planchet_setup_coin_priv (&ps, + alg_values, + &coin_priv); + TALER_planchet_blinding_secret_create (&ps, + alg_values, + &bks); GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, - &bks, - sizeof (bks)); - GNUNET_CRYPTO_hash ("Hello", - strlen ("Hello"), - &m_hash); + &ach, + sizeof(ach)); duration = GNUNET_TIME_UNIT_ZERO; - for (unsigned int j = 0; j<NUM_SIGN_TESTS;) + TALER_CRYPTO_helper_rsa_poll (dh); + for (unsigned int j = 0; j<NUM_SIGN_PERFS;) { - TALER_CRYPTO_helper_denom_poll (dh); for (unsigned int i = 0; i<MAX_KEYS; i++) { if (! keys[i].valid) continue; - if (GNUNET_TIME_absolute_get_remaining (keys[i].start_time).rel_value_us > - GNUNET_TIME_UNIT_SECONDS.rel_value_us) + if (GNUNET_CRYPTO_BSA_RSA != + keys[i].denom_pub.bsign_pub_key->cipher) continue; - if (GNUNET_TIME_absolute_get_duration (keys[i].start_time).rel_value_us > - keys[i].validity_duration.rel_value_us) + if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_remaining ( + keys[i].start_time.abs_time), + >, + GNUNET_TIME_UNIT_SECONDS)) + continue; + if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_duration ( + keys[i].start_time.abs_time), + >, + keys[i].validity_duration)) continue; { - void *buf; - size_t buf_size; + struct TALER_CoinPubHashP c_hash; + struct TALER_PlanchetDetail pd; GNUNET_assert (GNUNET_YES == - TALER_rsa_blind (&m_hash, - &bks, - keys[i].denom_pub.rsa_public_key, - &buf, - &buf_size)); + TALER_planchet_prepare (&keys[i].denom_pub, + alg_values, + &bks, + NULL, + &coin_priv, + &ach, + &c_hash, + &pd)); /* use this key as long as it works */ while (1) { struct GNUNET_TIME_Absolute start = GNUNET_TIME_absolute_get (); struct GNUNET_TIME_Relative delay; - - ds = TALER_CRYPTO_helper_denom_sign (dh, - &keys[i].h_denom_pub, - buf, - buf_size, - &ec); + struct TALER_CRYPTO_RsaSignRequest rsr = { + .h_rsa = &keys[i].h_rsa, + .msg = + pd.blinded_planchet.blinded_message->details.rsa_blinded_message. + blinded_msg, + .msg_size = + pd.blinded_planchet.blinded_message->details.rsa_blinded_message. + blinded_msg_size + }; + + ec = TALER_CRYPTO_helper_rsa_sign (dh, + &rsr, + &ds); if (TALER_EC_NONE != ec) break; delay = GNUNET_TIME_absolute_get_duration (start); duration = GNUNET_TIME_relative_add (duration, delay); - GNUNET_CRYPTO_rsa_signature_free (ds.rsa_signature); + TALER_blinded_denom_sig_free (&ds); j++; - if (NUM_SIGN_TESTS == j) + if (NUM_SIGN_PERFS <= j) break; } - GNUNET_free (buf); + TALER_blinded_planchet_free (&pd.blinded_planchet); } } /* for i */ } /* for j */ fprintf (stderr, - "%u (sequential) signature operations took %s\n", - (unsigned int) NUM_SIGN_TESTS, + "%u (%s) signature operations took %s\n", + (unsigned int) NUM_SIGN_PERFS, + type, + GNUNET_STRINGS_relative_time_to_string (duration, + GNUNET_YES)); + return 0; +} + + +/** + * Parallel signing logic. + * + * @param esh handle to the helper + * @return 0 on success + */ +static int +par_signing (struct GNUNET_CONFIGURATION_Handle *cfg) +{ + struct GNUNET_TIME_Absolute start; + struct GNUNET_TIME_Relative duration; + pid_t pids[NUM_CORES]; + struct TALER_CRYPTO_RsaDenominationHelper *dh; + + start = GNUNET_TIME_absolute_get (); + for (unsigned int i = 0; i<NUM_CORES; i++) + { + pids[i] = fork (); + num_keys = 0; + GNUNET_assert (-1 != pids[i]); + if (0 == pids[i]) + { + int ret; + + dh = TALER_CRYPTO_helper_rsa_connect (cfg, + "taler-exchange", + &key_cb, + NULL); + GNUNET_assert (NULL != dh); + ret = perf_signing (dh, + "parallel"); + TALER_CRYPTO_helper_rsa_disconnect (dh); + free_keys (); + exit (ret); + } + } + for (unsigned int i = 0; i<NUM_CORES; i++) + { + int wstatus; + + GNUNET_assert (pids[i] == + waitpid (pids[i], + &wstatus, + 0)); + } + duration = GNUNET_TIME_absolute_get_duration (start); + fprintf (stderr, + "%u (parallel) signature operations took %s (total real time)\n", + (unsigned int) NUM_SIGN_PERFS * NUM_CORES, GNUNET_STRINGS_relative_time_to_string (duration, GNUNET_YES)); return 0; @@ -459,7 +834,7 @@ static int run_test (void) { struct GNUNET_CONFIGURATION_Handle *cfg; - struct TALER_CRYPTO_DenominationHelper *dh; + struct TALER_CRYPTO_RsaDenominationHelper *dh; struct timespec req = { .tv_nsec = 250000000 }; @@ -474,63 +849,80 @@ run_test (void) return 77; } - fprintf (stderr, "Waiting for helper client directory to become available "); - for (unsigned int i = 0; i<1000; i++) + fprintf (stderr, + "Waiting for helper to start ... "); + for (unsigned int i = 0; i<100; i++) { - dh = TALER_CRYPTO_helper_denom_connect (cfg, - &key_cb, - NULL); + nanosleep (&req, + NULL); + dh = TALER_CRYPTO_helper_rsa_connect (cfg, + "taler-exchange", + &key_cb, + NULL); if (NULL != dh) break; - nanosleep (&req, NULL); fprintf (stderr, "."); } - GNUNET_CONFIGURATION_destroy (cfg); if (NULL == dh) { - GNUNET_break (0); + fprintf (stderr, + "\nFAILED: timeout trying to connect to helper\n"); + GNUNET_CONFIGURATION_destroy (cfg); return 1; } - fprintf (stderr, " done.\n"); - - /* wait for helper to start and give us keys */ - fprintf (stderr, "Waiting for helper to start "); - for (unsigned int i = 0; i<1000; i++) - { - TALER_CRYPTO_helper_denom_poll (dh); - if (0 != num_keys) - break; - nanosleep (&req, NULL); - fprintf (stderr, "."); - } if (0 == num_keys) { fprintf (stderr, "\nFAILED: timeout trying to connect to helper\n"); - TALER_CRYPTO_helper_denom_disconnect (dh); + TALER_CRYPTO_helper_rsa_disconnect (dh); + GNUNET_CONFIGURATION_destroy (cfg); return 1; } fprintf (stderr, - "\nOK: Helper ready (%u keys)\n", + " Done (%u keys)\n", num_keys); - ret = 0; if (0 == ret) ret = test_revocation (dh); if (0 == ret) ret = test_signing (dh); if (0 == ret) - ret = perf_signing (dh); - TALER_CRYPTO_helper_denom_disconnect (dh); + ret = test_batch_signing (dh, + 2, + true); + if (0 == ret) + ret = test_batch_signing (dh, + 256, + true); + for (unsigned int i = 0; i<5; i++) + { + static unsigned int batches[] = { 1, 4, 16, 64, 256 }; + unsigned int batch_size = batches[i]; + struct GNUNET_TIME_Absolute start; + struct GNUNET_TIME_Relative duration; + + start = GNUNET_TIME_absolute_get (); + if (0 != ret) + break; + ret = test_batch_signing (dh, + batch_size, + false); + duration = GNUNET_TIME_absolute_get_duration (start); + fprintf (stderr, + "%4u (batch) signature operations took %s (total real time)\n", + (unsigned int) batch_size, + GNUNET_STRINGS_relative_time_to_string (duration, + GNUNET_YES)); + } + if (0 == ret) + ret = perf_signing (dh, + "sequential"); + TALER_CRYPTO_helper_rsa_disconnect (dh); + free_keys (); + if (0 == ret) + ret = par_signing (cfg); /* clean up our state */ - for (unsigned int i = 0; i<MAX_KEYS; i++) - if (keys[i].valid) - { - GNUNET_CRYPTO_rsa_public_key_free (keys[i].denom_pub.rsa_public_key); - keys[i].denom_pub.rsa_public_key = NULL; - GNUNET_assert (num_keys > 0); - num_keys--; - } + GNUNET_CONFIGURATION_destroy (cfg); return ret; } @@ -548,8 +940,10 @@ main (int argc, (void) argc; (void) argv; + unsetenv ("XDG_DATA_HOME"); + unsetenv ("XDG_CONFIG_HOME"); GNUNET_log_setup ("test-helper-rsa", - "INFO", + "WARNING", NULL); GNUNET_OS_init (TALER_project_data_default ()); libexec_dir = GNUNET_OS_installation_get_path (GNUNET_OS_IPK_BINDIR); @@ -565,7 +959,7 @@ main (int argc, "-c", "test_helper_rsa.conf", "-L", - "INFO", + "WARNING", NULL); if (NULL == helper) { |