commit 1d85d6ecac7b6e77402d4db71035d6e69d760048
parent ede1fb269b6233b43a334c5d4f8e76f4119bb234
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Wed, 20 Nov 2024 17:05:37 +0100
use new secmod library API
Diffstat:
8 files changed, 307 insertions(+), 16 deletions(-)
diff --git a/aclocal.m4 b/aclocal.m4
@@ -14,8 +14,8 @@
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.72],,
-[m4_warning([this file was generated for autoconf 2.72.
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],,
+[m4_warning([this file was generated for autoconf 2.71.
You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
diff --git a/src/json/donau_json.c b/src/json/donau_json.c
@@ -70,6 +70,7 @@ parse_donation_unit_pub (void *cls,
const char *emsg;
unsigned int eline;
+ (void) cls;
if (GNUNET_OK !=
GNUNET_JSON_parse (root,
dspec,
diff --git a/src/util/.gitignore b/src/util/.gitignore
@@ -10,3 +10,6 @@ test_helper_cs_home/
test_helper_eddsa
test_helper_eddsa_home/
test_conversion
+donau-secmod-cs
+donau-secmod-eddsa
+donau-secmod-rsa
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
@@ -38,26 +38,54 @@ libdonauutil_la_LIBADD = \
-lmicrohttpd $(XLIB) \
-lz \
-lm
+libdonauutil_la_LDFLAGS = \
+ -version-info 0:0:0 \
+ -no-undefined
EXTRA_DIST = \
$(pkgcfg_DATA) \
donau-config.in
-bin_SCRIPTS = \
- donau-config
+donau_secmod_rsa_SOURCES = \
+ donau-secmod-rsa.c
+donau_secmod_rsa_LDADD = \
+ libdonauutil.la \
+ -ltalerutil \
+ -lgnunetutil \
+ -lpthread \
+ $(LIBGCRYPT_LIBS) \
+ $(XLIB)
-edit_script = $(SED) -e 's,%libdir%,$(libdir),'g $(NULL)
+donau_secmod_cs_SOURCES = \
+ donau-secmod-cs.c
+donau_secmod_cs_LDADD = \
+ libdonauutil.la \
+ -ltalerutil \
+ -lgnunetutil \
+ -lpthread \
+ $(LIBGCRYPT_LIBS) \
+ $(XLIB)
-donau-config: donau-config.in
- rm -f $@ $@.tmp && \
- $(edit_script) $< >$@.tmp && \
- chmod a-w+x $@.tmp && \
- mv $@.tmp $@
+donau_secmod_eddsa_SOURCES = \
+ donau-secmod-eddsa.c
+donau_secmod_eddsa_LDADD = \
+ libdonauutil.la \
+ -ltalerutil \
+ -lgnunetutil \
+ -lpthread \
+ $(LIBGCRYPT_LIBS) \
+ $(XLIB)
-CLEANFILES = \
- donau-config
+bin_PROGRAMS = \
+ donau-config \
+ donau-secmod-eddsa \
+ donau-secmod-rsa \
+ donau-secmod-cs
-libdonauutil_la_LDFLAGS = \
- -version-info 0:0:0 \
- -no-undefined
+donau_config_SOURCES = \
+ donau-config.c
+donau_config_LDADD = \
+ libdonauutil.la \
+ -lgnunetutil \
+ $(XLIB)
diff --git a/src/util/donau-config.c b/src/util/donau-config.c
@@ -1,6 +1,6 @@
/*
This file is part of Taler.
- Copyright (C) 2012-2021 Taler Systems SA
+ Copyright (C) 2012-2024 Taler Systems SA
Taler is free software: you can redistribute it and/or modify it
under the terms of the GNU Affero General Public License as published
diff --git a/src/util/donau-secmod-cs.c b/src/util/donau-secmod-cs.c
@@ -0,0 +1,86 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2014-2024 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file util/donau-secmod-cs.c
+ * @brief Standalone process to perform private key CS operations
+ * @author Christian Grothoff
+ *
+ * Key design points:
+ * - EVERY thread of the exchange will have its own pair of connections to the
+ * crypto helpers. This way, every thread will also have its own /keys state
+ * and avoid the need to synchronize on those.
+ * - auditor signatures and master signatures are to be kept in the exchange DB,
+ * and merged with the public keys of the helper by the exchange HTTPD!
+ * - the main loop of the helper is SINGLE-THREADED, but there are
+ * threads for crypto-workers which do the signing in parallel, one per client.
+ * - thread-safety: signing happens in parallel, thus when REMOVING private keys,
+ * we must ensure that all signers are done before we fully free() the
+ * private key. This is done by reference counting (as work is always
+ * assigned and collected by the main thread).
+ */
+#include "donau_config.h"
+#include <sys/stat.h>
+#include <taler/taler_util.h>
+#include "donau_util.h"
+
+/* LSB-style exit status codes */
+#ifndef EXIT_INVALIDARGUMENT
+/**
+ * Command-line arguments are invalid.
+ * Restarting useless.
+ */
+#define EXIT_INVALIDARGUMENT 2
+#endif
+
+/**
+ * The entry point.
+ *
+ * @param argc number of arguments in @a argv
+ * @param argv command-line arguments
+ * @return 0 on normal termination
+ */
+int
+main (int argc,
+ char **argv)
+{
+ struct TALER_SECMOD_Options opts = {
+ .max_workers = 16,
+ .section = "donau"
+ };
+ struct GNUNET_GETOPT_CommandLineOption options[] = {
+ TALER_SECMOD_OPTIONS (&opts),
+ GNUNET_GETOPT_OPTION_END
+ };
+ enum GNUNET_GenericReturnValue ret;
+
+ /* Restrict permissions for the key files that we create. */
+ (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
+ opts.global_now_tmp
+ = opts.global_now
+ = GNUNET_TIME_timestamp_get ();
+ ret = GNUNET_PROGRAM_run (DONAU_project_data (),
+ argc, argv,
+ "donau-secmod-cs",
+ "Handle private CS key operations for a Donau",
+ options,
+ &TALER_SECMOD_cs_run,
+ &opts);
+ if (GNUNET_NO == ret)
+ return EXIT_SUCCESS;
+ if (GNUNET_SYSERR == ret)
+ return EXIT_INVALIDARGUMENT;
+ return opts.global_ret;
+}
diff --git a/src/util/donau-secmod-eddsa.c b/src/util/donau-secmod-eddsa.c
@@ -0,0 +1,87 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2014-2024 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file util/donau-secmod-eddsa.c
+ * @brief Standalone process to perform private key EDDSA operations
+ * @author Christian Grothoff
+ *
+ * Key design points:
+ * - EVERY thread of the exchange will have its own pair of connections to the
+ * crypto helpers. This way, every threat will also have its own /keys state
+ * and avoid the need to synchronize on those.
+ * - auditor signatures and master signatures are to be kept in the exchange DB,
+ * and merged with the public keys of the helper by the exchange HTTPD!
+ * - the main loop of the helper is SINGLE-THREADED, but there are
+ * threads for crypto-workers which (only) do the signing in parallel,
+ * one per client.
+ * - thread-safety: signing happens in parallel, thus when REMOVING private keys,
+ * we must ensure that all signers are done before we fully free() the
+ * private key. This is done by reference counting (as work is always
+ * assigned and collected by the main thread).
+ */
+#include "donau_config.h"
+#include <sys/stat.h>
+#include <taler/taler_util.h>
+#include "donau_util.h"
+
+/* LSB-style exit status codes */
+#ifndef EXIT_INVALIDARGUMENT
+/**
+ * Command-line arguments are invalid.
+ * Restarting useless.
+ */
+#define EXIT_INVALIDARGUMENT 2
+#endif
+
+/**
+ * The entry point.
+ *
+ * @param argc number of arguments in @a argv
+ * @param argv command-line arguments
+ * @return 0 on normal termination
+ */
+int
+main (int argc,
+ char **argv)
+{
+ struct TALER_SECMOD_Options opts = {
+ .max_workers = 16,
+ .section = "donau"
+ };
+ struct GNUNET_GETOPT_CommandLineOption options[] = {
+ TALER_SECMOD_OPTIONS (&opts),
+ GNUNET_GETOPT_OPTION_END
+ };
+ enum GNUNET_GenericReturnValue ret;
+
+ /* Restrict permissions for the key files that we create. */
+ (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
+ opts.global_now_tmp
+ = opts.global_now = GNUNET_TIME_timestamp_get ();
+ ret = GNUNET_PROGRAM_run (DONAU_project_data (),
+ argc,
+ argv,
+ "donau-secmod-eddsa",
+ "Handle private EDDSA key operations for a Donau",
+ options,
+ &TALER_SECMOD_eddsa_run,
+ &opts);
+ if (GNUNET_NO == ret)
+ return EXIT_SUCCESS;
+ if (GNUNET_SYSERR == ret)
+ return EXIT_INVALIDARGUMENT;
+ return opts.global_ret;
+}
diff --git a/src/util/donau-secmod-rsa.c b/src/util/donau-secmod-rsa.c
@@ -0,0 +1,86 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2014-2024 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file util/donau-secmod-rsa.c
+ * @brief Standalone process to perform private key RSA operations
+ * @author Christian Grothoff
+ *
+ * Key design points:
+ * - EVERY thread of the exchange will have its own pair of connections to the
+ * crypto helpers. This way, every thread will also have its own /keys state
+ * and avoid the need to synchronize on those.
+ * - auditor signatures and master signatures are to be kept in the exchange DB,
+ * and merged with the public keys of the helper by the exchange HTTPD!
+ * - the main loop of the helper is SINGLE-THREADED, but there are
+ * threads for crypto-workers which do the signing in parallel, one per client.
+ * - thread-safety: signing happens in parallel, thus when REMOVING private keys,
+ * we must ensure that all signers are done before we fully free() the
+ * private key. This is done by reference counting (as work is always
+ * assigned and collected by the main thread).
+ */
+#include "donau_config.h"
+#include <sys/stat.h>
+#include <taler/taler_util.h>
+#include "donau_util.h"
+
+/* LSB-style exit status codes */
+#ifndef EXIT_INVALIDARGUMENT
+/**
+ * Command-line arguments are invalid.
+ * Restarting useless.
+ */
+#define EXIT_INVALIDARGUMENT 2
+#endif
+
+/**
+ * The entry point.
+ *
+ * @param argc number of arguments in @a argv
+ * @param argv command-line arguments
+ * @return 0 on normal termination
+ */
+int
+main (int argc,
+ char **argv)
+{
+ struct TALER_SECMOD_Options opts = {
+ .max_workers = 16,
+ .section = "donau"
+ };
+ struct GNUNET_GETOPT_CommandLineOption options[] = {
+ TALER_SECMOD_OPTIONS (&opts),
+ GNUNET_GETOPT_OPTION_END
+ };
+ enum GNUNET_GenericReturnValue ret;
+
+ /* Restrict permissions for the key files that we create. */
+ (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
+ opts.global_now_tmp
+ = opts.global_now
+ = GNUNET_TIME_timestamp_get ();
+ ret = GNUNET_PROGRAM_run (DONAU_project_data (),
+ argc, argv,
+ "taler-exchange-secmod-rsa",
+ "Handle private RSA key operations for a Donau",
+ options,
+ &TALER_SECMOD_rsa_run,
+ &opts);
+ if (GNUNET_NO == ret)
+ return EXIT_SUCCESS;
+ if (GNUNET_SYSERR == ret)
+ return EXIT_INVALIDARGUMENT;
+ return opts.global_ret;
+}
