From 6f8fa678c1f4672165cd82ddb43ec3546d9552a9 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 21 Mar 2016 01:45:53 +0100 Subject: implementing #3987 --- src/exchangedb/exchangedb_keyio.c | 92 ++++++++++++++++++++++++++++++--------- 1 file changed, 71 insertions(+), 21 deletions(-) (limited to 'src/exchangedb') diff --git a/src/exchangedb/exchangedb_keyio.c b/src/exchangedb/exchangedb_keyio.c index 6b8ca24e3..e560e8d6b 100644 --- a/src/exchangedb/exchangedb_keyio.c +++ b/src/exchangedb/exchangedb_keyio.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014, 2015 GNUnet e.V. + Copyright (C) 2014, 2015, 2016 Inria & GNUnet e.V. TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -93,8 +93,8 @@ signkeys_iterate_dir_iter (void *cls, */ int TALER_EXCHANGEDB_signing_keys_iterate (const char *exchange_base_dir, - TALER_EXCHANGEDB_SigningKeyIterator it, - void *it_cls) + TALER_EXCHANGEDB_SigningKeyIterator it, + void *it_cls) { char *signkey_dir; struct SignkeysIterateContext skc; @@ -123,7 +123,7 @@ TALER_EXCHANGEDB_signing_keys_iterate (const char *exchange_base_dir, */ int TALER_EXCHANGEDB_denomination_key_read (const char *filename, - struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki) + struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki) { uint64_t size; size_t offset; @@ -186,7 +186,7 @@ TALER_EXCHANGEDB_denomination_key_read (const char *filename, */ int TALER_EXCHANGEDB_denomination_key_write (const char *filename, - const struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki) + const struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki) { char *priv_enc; size_t priv_enc_size; @@ -331,8 +331,8 @@ denomkeys_iterate_topdir_iter (void *cls, */ int TALER_EXCHANGEDB_denomination_keys_iterate (const char *exchange_base_dir, - TALER_EXCHANGEDB_DenominationKeyIterator it, - void *it_cls) + TALER_EXCHANGEDB_DenominationKeyIterator it, + void *it_cls) { char *dir; struct DenomkeysIterateContext dic; @@ -388,6 +388,11 @@ struct AuditorFileHeaderP */ struct TALER_MasterPublicKeyP mpub; + /** + * Number of signatures and DKI entries in this file. + */ + uint32_t dki_len; + }; GNUNET_NETWORK_STRUCT_END @@ -412,7 +417,9 @@ auditor_iter (void *cls, struct AuditorFileHeaderP *af; const struct TALER_AuditorSignatureP *sigs; const struct TALER_DenominationKeyValidityPS *dki; - unsigned int len; + const char *auditor_url; + unsigned int dki_len; + size_t url_len; int ret; if (GNUNET_OK != GNUNET_DISK_file_size (filename, @@ -425,10 +432,7 @@ auditor_iter (void *cls, filename); return GNUNET_SYSERR; } - if ( (size < sizeof (struct AuditorFileHeaderP)) || - (0 != (len = ((size - sizeof (struct AuditorFileHeaderP)) % - (sizeof (struct TALER_DenominationKeyValidityPS) + - sizeof (struct TALER_AuditorSignatureP))))) ) + if (size < sizeof (struct AuditorFileHeaderP)) { GNUNET_break (0); return GNUNET_SYSERR; @@ -445,12 +449,49 @@ auditor_iter (void *cls, GNUNET_free (af); return GNUNET_SYSERR; } + dki_len = ntohl (af->dki_len); + if (0 == dki_len) + { + GNUNET_break_op (0); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "No signed keys in %s\n", + filename); + GNUNET_free (af); + return GNUNET_SYSERR; + } + if ( (size - sizeof (struct AuditorFileHeaderP)) / dki_len < + (sizeof (struct TALER_DenominationKeyValidityPS) + + sizeof (struct TALER_AuditorSignatureP)) ) + { + GNUNET_break_op (0); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Malformed key file %s\n", + filename); + GNUNET_free (af); + return GNUNET_SYSERR; + } + url_len = size + - sizeof (struct AuditorFileHeaderP) + - dki_len * (sizeof (struct TALER_DenominationKeyValidityPS) + + sizeof (struct TALER_AuditorSignatureP)); sigs = (const struct TALER_AuditorSignatureP *) &af[1]; - dki = (const struct TALER_DenominationKeyValidityPS *) &sigs[len]; + dki = (const struct TALER_DenominationKeyValidityPS *) &sigs[dki_len]; + auditor_url = (const char *) &dki[dki_len]; + if ( (0 == url_len) || + ('\0' != auditor_url[url_len - 1]) ) + { + GNUNET_break_op (0); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Malformed key file %s\n", + filename); + GNUNET_free (af); + return GNUNET_SYSERR; + } ret = aic->it (aic->it_cls, &af->apub, + auditor_url, &af->mpub, - len, + dki_len, sigs, dki); GNUNET_free (af); @@ -473,8 +514,8 @@ auditor_iter (void *cls, */ int TALER_EXCHANGEDB_auditor_iterate (const char *exchange_base_dir, - TALER_EXCHANGEDB_AuditorIterator it, - void *it_cls) + TALER_EXCHANGEDB_AuditorIterator it, + void *it_cls) { char *dir; struct AuditorIterateContext aic; @@ -498,6 +539,7 @@ TALER_EXCHANGEDB_auditor_iterate (const char *exchange_base_dir, * * @param filename the file where to write the auditor information to * @param apub the auditor's public key + * @param auditor_url the URL of the auditor * @param asigs the auditor's signatures, array of length @a dki_len * @param mpub the exchange's public key (as expected by the auditor) * @param dki_len length of @a dki @@ -506,11 +548,12 @@ TALER_EXCHANGEDB_auditor_iterate (const char *exchange_base_dir, */ int TALER_EXCHANGEDB_auditor_write (const char *filename, - const struct TALER_AuditorPublicKeyP *apub, - const struct TALER_AuditorSignatureP *asigs, - const struct TALER_MasterPublicKeyP *mpub, - unsigned int dki_len, - const struct TALER_DenominationKeyValidityPS *dki) + const struct TALER_AuditorPublicKeyP *apub, + const char *auditor_url, + const struct TALER_AuditorSignatureP *asigs, + const struct TALER_MasterPublicKeyP *mpub, + unsigned int dki_len, + const struct TALER_DenominationKeyValidityPS *dki) { struct AuditorFileHeaderP af; struct GNUNET_DISK_FileHandle *fh; @@ -521,6 +564,7 @@ TALER_EXCHANGEDB_auditor_write (const char *filename, af.apub = *apub; af.mpub = *mpub; + af.dki_len = htonl ((uint32_t) dki_len); ret = GNUNET_SYSERR; if (NULL == (fh = GNUNET_DISK_file_open (filename, @@ -546,6 +590,12 @@ TALER_EXCHANGEDB_auditor_write (const char *filename, dki, wsize)) ret = GNUNET_OK; + wsize = strlen (auditor_url) + 1; + if (wsize == + GNUNET_DISK_file_write (fh, + auditor_url, + wsize)) + ret = GNUNET_OK; cleanup: eno = errno; if (NULL != fh) -- cgit v1.2.3 From 553d6eb23e3ac1001dd6c4e0523cddb88bc5e723 Mon Sep 17 00:00:00 2001 From: Jeff Burdges Date: Sun, 20 Mar 2016 21:30:10 +0100 Subject: API change in GNUnet crypto for Full Domain Hashing --- src/exchange/taler-exchange-httpd_db.c | 12 ++++++------ src/exchange/taler-exchange-httpd_test.c | 6 +++--- src/exchangedb/perf_taler_exchangedb_init.c | 6 +++--- src/exchangedb/test_exchangedb.c | 12 ++++++------ 4 files changed, 18 insertions(+), 18 deletions(-) (limited to 'src/exchangedb') diff --git a/src/exchange/taler-exchange-httpd_db.c b/src/exchange/taler-exchange-httpd_db.c index e96653a63..7698b92bb 100644 --- a/src/exchange/taler-exchange-httpd_db.c +++ b/src/exchange/taler-exchange-httpd_db.c @@ -453,9 +453,9 @@ execute_reserve_withdraw_transaction (struct MHD_Connection *connection, /* Balance is good, sign the coin! */ denom_sig->rsa_signature - = GNUNET_CRYPTO_rsa_sign (dki->denom_priv.rsa_private_key, - blinded_msg, - blinded_msg_len); + = GNUNET_CRYPTO_rsa_sign_blinded (dki->denom_priv.rsa_private_key, + blinded_msg, + blinded_msg_len); if (NULL == denom_sig->rsa_signature) { GNUNET_break (0); @@ -1112,9 +1112,9 @@ refresh_exchange_coin (struct MHD_Connection *connection, return ev_sig; } ev_sig.rsa_signature - = GNUNET_CRYPTO_rsa_sign (dki->denom_priv.rsa_private_key, - commit_coin->coin_ev, - commit_coin->coin_ev_size); + = GNUNET_CRYPTO_rsa_sign_blinded (dki->denom_priv.rsa_private_key, + commit_coin->coin_ev, + commit_coin->coin_ev_size); if (NULL == ev_sig.rsa_signature) { GNUNET_break (0); diff --git a/src/exchange/taler-exchange-httpd_test.c b/src/exchange/taler-exchange-httpd_test.c index 0a4181ed8..6f33fd4f6 100644 --- a/src/exchange/taler-exchange-httpd_test.c +++ b/src/exchange/taler-exchange-httpd_test.c @@ -495,9 +495,9 @@ TMH_TEST_handler_test_rsa_sign (struct TMH_RequestHandler *rh, return TMH_RESPONSE_reply_internal_error (connection, "Failed to create RSA key"); } - sig = GNUNET_CRYPTO_rsa_sign (rsa_pk, - in_ptr, - in_ptr_size); + sig = GNUNET_CRYPTO_rsa_sign_blinded (rsa_pk, + in_ptr, + in_ptr_size); if (NULL == sig) { GNUNET_break (0); diff --git a/src/exchangedb/perf_taler_exchangedb_init.c b/src/exchangedb/perf_taler_exchangedb_init.c index 2e613b3cf..2c2989bd5 100644 --- a/src/exchangedb/perf_taler_exchangedb_init.c +++ b/src/exchangedb/perf_taler_exchangedb_init.c @@ -351,9 +351,9 @@ PERF_TALER_EXCHANGEDB_coin_init ( coin->public_info.denom_pub.rsa_public_key = GNUNET_CRYPTO_rsa_public_key_dup (dki->denom_pub.rsa_public_key); coin->public_info.denom_sig.rsa_signature = - GNUNET_CRYPTO_rsa_sign (dki->denom_priv.rsa_private_key, - &coin->public_info.coin_pub, - sizeof (struct TALER_CoinSpendPublicKeyP)); + GNUNET_CRYPTO_rsa_sign_fdh (dki->denom_priv.rsa_private_key, + &coin->public_info.coin_pub, + sizeof (struct TALER_CoinSpendPublicKeyP)); GNUNET_assert (NULL != coin->public_info.denom_pub.rsa_public_key); GNUNET_assert (NULL != coin->public_info.denom_sig.rsa_signature); diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c index df1adf561..d03bad535 100644 --- a/src/exchangedb/test_exchangedb.c +++ b/src/exchangedb/test_exchangedb.c @@ -337,9 +337,9 @@ test_melting (struct TALER_EXCHANGEDB_Session *session) { RND_BLK (&melts[cnt].coin.coin_pub); melts[cnt].coin.denom_sig.rsa_signature = - GNUNET_CRYPTO_rsa_sign (dkp->priv.rsa_private_key, - &melts[cnt].coin.coin_pub, - sizeof (melts[cnt].coin.coin_pub)); + GNUNET_CRYPTO_rsa_sign_fdh (dkp->priv.rsa_private_key, + &melts[cnt].coin.coin_pub, + sizeof (melts[cnt].coin.coin_pub)); melts[cnt].coin.denom_pub = dkp->pub; RND_BLK (&melts[cnt].coin_sig); melts[cnt].session_hash = session_hash; @@ -663,9 +663,9 @@ run (void *cls, RND_BLK(&cbc.reserve_sig); cbc.denom_pub = dkp->pub; cbc.sig.rsa_signature - = GNUNET_CRYPTO_rsa_sign (dkp->priv.rsa_private_key, - &cbc.h_coin_envelope, - sizeof (cbc.h_coin_envelope)); + = GNUNET_CRYPTO_rsa_sign_fdh (dkp->priv.rsa_private_key, + &cbc.h_coin_envelope, + sizeof (cbc.h_coin_envelope)); cbc.reserve_pub = reserve_pub; cbc.amount_with_fee = value; GNUNET_assert (GNUNET_OK == -- cgit v1.2.3