From 576545daebd608f24cbbeec627169d5274e6ddd3 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 28 Mar 2015 18:18:38 +0100 Subject: fix use of struct TALER_MintSigningKeyValidityPS --- src/mint-tools/taler-mint-keycheck.c | 3 ++- src/mint-tools/taler-mint-keyup.c | 27 +++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) (limited to 'src/mint-tools') diff --git a/src/mint-tools/taler-mint-keycheck.c b/src/mint-tools/taler-mint-keycheck.c index 06b544afa..41c3cba8f 100644 --- a/src/mint-tools/taler-mint-keycheck.c +++ b/src/mint-tools/taler-mint-keycheck.c @@ -60,7 +60,8 @@ signkeys_iter (void *cls, if (ntohl (ski->issue.purpose.size) != (sizeof (struct TALER_MintSigningKeyValidityPS) - - offsetof (struct TALER_MintSigningKeyValidityPS, purpose))) + offsetof (struct TALER_MintSigningKeyValidityPS, + purpose))) { fprintf (stderr, "Signing key `%s' has invalid purpose size\n", diff --git a/src/mint-tools/taler-mint-keyup.c b/src/mint-tools/taler-mint-keyup.c index cbeae646b..5cea08c55 100644 --- a/src/mint-tools/taler-mint-keyup.c +++ b/src/mint-tools/taler-mint-keyup.c @@ -429,11 +429,13 @@ get_anchor (const char *dir, * * @param start start time of the validity period for the key * @param duration how long should the key be valid + * @param end when do all signatures by this key expire * @param[out] pi set to the signing key information */ static void create_signkey_issue_priv (struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration, + struct GNUNET_TIME_Absolute end, struct TALER_MINTDB_PrivateSigningKeyInformationP *pi) { struct GNUNET_CRYPTO_EddsaPrivateKey *priv; @@ -446,6 +448,7 @@ create_signkey_issue_priv (struct GNUNET_TIME_Absolute start, issue->start = GNUNET_TIME_absolute_hton (start); issue->expire = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (start, duration)); + issue->end = GNUNET_TIME_absolute_hton (end); GNUNET_CRYPTO_eddsa_key_get_public (&pi->signkey_priv.eddsa_priv, &issue->signkey_pub.eddsa_pub); issue->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY); @@ -470,6 +473,7 @@ static int mint_keys_update_signkeys () { struct GNUNET_TIME_Relative signkey_duration; + struct GNUNET_TIME_Relative legal_duration; struct GNUNET_TIME_Absolute anchor; char *signkey_dir; @@ -484,6 +488,25 @@ mint_keys_update_signkeys () "signkey_duration"); return GNUNET_SYSERR; } + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_time (kcfg, + "mint_keys", + "legal_duration", + &legal_duration)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "mint_keys", + "legal_duration"); + return GNUNET_SYSERR; + } + if (signkey_duration.rel_value_us < legal_duration.rel_value_us) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "mint_keys", + "legal_duration", + "must be longer than signkey_duration"); + return GNUNET_SYSERR; + } ROUND_TO_SECS (signkey_duration, rel_value_us); GNUNET_asprintf (&signkey_dir, @@ -508,8 +531,11 @@ mint_keys_update_signkeys () const char *skf; struct TALER_MINTDB_PrivateSigningKeyInformationP signkey_issue; ssize_t nwrite; + struct GNUNET_TIME_Absolute end; skf = get_signkey_file (anchor); + end = GNUNET_TIME_absolute_add (anchor, + legal_duration); GNUNET_break (GNUNET_YES != GNUNET_DISK_file_test (skf)); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, @@ -517,6 +543,7 @@ mint_keys_update_signkeys () GNUNET_STRINGS_absolute_time_to_string (anchor)); create_signkey_issue_priv (anchor, signkey_duration, + end, &signkey_issue); nwrite = GNUNET_DISK_fn_write (skf, &signkey_issue, -- cgit v1.2.3