commit 960ddaf6e693504769d3930002868644b9e6de4f
parent 99f8abcc556159faffab39f6dfe62c70df279aba
Author: Matyja Lukas Adam <lukas.matyja@students.bfh.ch>
Date: Tue, 2 Apr 2024 11:59:12 +0200
Merge remote-tracking branch 'refs/remotes/origin/master'
Diffstat:
3 files changed, 79 insertions(+), 181 deletions(-)
diff --git a/src/donau/donau-httpd_keys.c b/src/donau/donau-httpd_keys.c
@@ -252,11 +252,6 @@ struct HelperState
struct TALER_CRYPTO_CsDenominationHelper *csdh;
/**
- * Map from H(donation_unit_pub) to `struct DH_DonationUnitKey` entries.
- */
- struct GNUNET_CONTAINER_MultiHashMap *donation_unit;
-
- /**
* Map from H(rsa_pub) to `struct DH_DonationUnitKey` entries.
*/
struct GNUNET_CONTAINER_MultiHashMap *rsa_keys;
@@ -996,9 +991,11 @@ destroy_key_state (struct DH_KeyStateHandle *ksh,
clear_response_cache (ksh);
GNUNET_CONTAINER_multihashmap_iterate (ksh->donation_unit_map,
- &clear_donation_unit_cb, ksh);
+ &clear_donation_unit_cb,
+ ksh);
GNUNET_CONTAINER_multihashmap_destroy (ksh->donation_unit_map);
- GNUNET_CONTAINER_multipeermap_iterate (ksh->signkey_map, &clear_signkey_cb,
+ GNUNET_CONTAINER_multipeermap_iterate (ksh->signkey_map,
+ &clear_signkey_cb,
ksh);
GNUNET_CONTAINER_multipeermap_destroy (ksh->signkey_map);
@@ -1045,7 +1042,8 @@ helper_rsa_cb (
const struct TALER_SecurityModulePublicKeyP *sm_pub,
const struct TALER_SecurityModuleSignatureP *sm_sig)
{
- struct HelperState *hs = cls;
+ struct DH_KeyStateHandle *ksh = cls;
+ struct HelperState *hs = ksh->helpers;
struct DH_DonationUnitKey *hd;
struct TALER_Amount value;
enum GNUNET_DB_QueryStatus qs;
@@ -1071,15 +1069,20 @@ helper_rsa_cb (
false));
hd = GNUNET_CONTAINER_multihashmap_get (hs->rsa_keys,
&h_rsa->hash);
- // if (NULL != hd)
- // {
- // /* should be just an update (revocation!), so update existing entry */
- // hd->validity_duration = validity_duration; hd->lost = false;
- // return;
- // }
+ if (NULL != hd)
+ {
+ /* should be just an update (revocation!), so update existing entry */
+ // hd->validity_duration = validity_duration;
+ hd->lost = false;
+ return;
+ }
GNUNET_assert (NULL != sm_pub);
check_donation_unit_rsa_sm_pub (sm_pub);
+
hd = GNUNET_new (struct DH_DonationUnitKey);
+ hd->validity_year = GNUNET_TIME_time_to_year (start_time.abs_time);
+ hd->lost = false;
+ hd->value = value;
// hd->start_time = start_time;
// hd->validity_duration = validity_duration;
// hd->h_details.h_rsa = *h_rsa;
@@ -1089,12 +1092,13 @@ helper_rsa_cb (
GNUNET_CRYPTO_bsign_pub_incref (bs_pub);
DONAU_donation_unit_pub_hash (&hd->donation_unit_pub,
&hd->h_donation_unit_pub);
+
qs = DH_plugin->insert_donation_unit (
DH_plugin->cls,
&hd->h_donation_unit_pub,
&hd->donation_unit_pub,
- GNUNET_TIME_time_to_year (start_time.abs_time),
- &value);
+ hd->validity_year,
+ &hd->value);
if (qs < 0)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Failed to insert donation units\n");
@@ -1107,17 +1111,19 @@ helper_rsa_cb (
GNUNET_assert (
GNUNET_OK ==
GNUNET_CONTAINER_multihashmap_put (
- hs->donation_unit,
+ ksh->donation_unit_map,
&hd->h_donation_unit_pub.hash,
hd,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+
// GNUNET_assert (
// GNUNET_OK ==
// GNUNET_CONTAINER_multihashmap_put (
// hs->rsa_keys,
- // &hd->h_details.h_rsa.hash,
+ // &hd->h_donation_unit_pub.h_rsa.hash,
// hd,
// GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+
key_generation++;
DH_resume_keys_requests (false);
}
@@ -1149,7 +1155,8 @@ helper_cs_cb (
const struct TALER_SecurityModulePublicKeyP *sm_pub,
const struct TALER_SecurityModuleSignatureP *sm_sig)
{
- struct HelperState *hs = cls;
+ struct DH_KeyStateHandle *ksh = cls;
+ struct HelperState *hs = ksh->helpers;
struct DH_DonationUnitKey *hd;
struct TALER_Amount value;
enum GNUNET_DB_QueryStatus qs;
@@ -1177,15 +1184,19 @@ helper_cs_cb (
hd = GNUNET_CONTAINER_multihashmap_get (hs->cs_keys,
&h_cs->hash);
- // if (NULL != hd)
- // {
- // /* should be just an update (revocation!), so update existing entry */
- // hd->validity_duration = validity_duration;
- // return;
- // }
+ if (NULL != hd)
+ {
+ /* should be just an update (revocation!), so update existing entry */
+ hd->lost = false;
+ return;
+ }
GNUNET_assert (NULL != sm_pub);
check_donation_unit_cs_sm_pub (sm_pub);
+
hd = GNUNET_new (struct DH_DonationUnitKey);
+ hd->validity_year = GNUNET_TIME_time_to_year (start_time.abs_time);
+ hd->lost = false;
+ hd->value = value;
// hd->start_time = start_time;
// hd->validity_duration = validity_duration;
// hd->h_details.h_cs = *h_cs;
@@ -1194,12 +1205,13 @@ helper_cs_cb (
= GNUNET_CRYPTO_bsign_pub_incref (bs_pub);
DONAU_donation_unit_pub_hash (&hd->donation_unit_pub,
&hd->h_donation_unit_pub);
+
qs = DH_plugin->insert_donation_unit (
DH_plugin->cls,
&hd->h_donation_unit_pub,
&hd->donation_unit_pub,
- GNUNET_TIME_time_to_year (start_time.abs_time),
- &value);
+ hd->validity_year,
+ &hd->value);
if (qs < 0)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Failed to insert donation units\n");
@@ -1212,17 +1224,19 @@ helper_cs_cb (
GNUNET_assert (
GNUNET_OK ==
GNUNET_CONTAINER_multihashmap_put (
- hs->donation_unit,
+ ksh->donation_unit_map,
&hd->h_donation_unit_pub.hash,
hd,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+
// GNUNET_assert (
// GNUNET_OK ==
// GNUNET_CONTAINER_multihashmap_put (
// hs->cs_keys,
- // &hd->h_details.h_cs.hash,
+ // &hd->h_donation_unit_pub.h_cs.hash,
// hd,
// GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+
key_generation++;
DH_resume_keys_requests (false);
}
@@ -1252,7 +1266,8 @@ helper_esign_cb (
const struct TALER_SecurityModulePublicKeyP *sm_pub,
const struct TALER_SecurityModuleSignatureP *sm_sig)
{
- struct HelperState *hs = cls;
+ struct DH_KeyStateHandle *ksh = cls;
+ struct HelperState *hs = ksh->helpers;
struct SigningKey *hsk;
struct GNUNET_PeerIdentity pid;
/* need to "cast" because secmod works with TALER_ExchangePublicKeyP */
@@ -1306,7 +1321,7 @@ helper_esign_cb (
}
if (qs < 0)
{
- // ...
+ // FIXME
}
GNUNET_assert (
GNUNET_OK ==
@@ -1327,11 +1342,10 @@ helper_esign_cb (
* @return #GNUNET_OK on success
*/
static enum GNUNET_GenericReturnValue
-setup_key_helpers (struct HelperState *hs)
+setup_key_helpers (struct DH_KeyStateHandle *ksh)
{
- hs->donation_unit
- = GNUNET_CONTAINER_multihashmap_create (1024,
- GNUNET_YES);
+ struct HelperState *hs = ksh->helpers;
+
hs->rsa_keys
= GNUNET_CONTAINER_multihashmap_create (1024,
GNUNET_YES);
@@ -1344,7 +1358,7 @@ setup_key_helpers (struct HelperState *hs)
hs->rsadh = TALER_CRYPTO_helper_rsa_connect (DH_cfg,
"donau",
&helper_rsa_cb,
- hs);
+ ksh);
if (NULL == hs->rsadh)
{
destroy_key_helpers (hs);
@@ -1353,7 +1367,7 @@ setup_key_helpers (struct HelperState *hs)
hs->csdh = TALER_CRYPTO_helper_cs_connect (DH_cfg,
"donau",
&helper_cs_cb,
- hs);
+ ksh);
if (NULL == hs->csdh)
{
destroy_key_helpers (hs);
@@ -1362,7 +1376,7 @@ setup_key_helpers (struct HelperState *hs)
hs->esh = TALER_CRYPTO_helper_esign_connect (DH_cfg,
"donau",
&helper_esign_cb,
- hs);
+ ksh);
if (NULL == hs->esh)
{
destroy_key_helpers (hs);
@@ -1389,37 +1403,10 @@ donation_unit_info_cb (
{
struct DH_KeyStateHandle *ksh = cls;
struct DH_DonationUnitKey *dk;
-//
-// if (GNUNET_OK !=
-// TALER_donau_offline_donation_unit_validity_verify (
-// h_donation_unit_pub,
-// meta->start,
-// meta->expire_withdraw,
-// meta->expire_deposit,
-// meta->expire_legal,
-// &meta->value,
-// &meta->fees,
-// &TEH_master_public_key,
-// master_sig))
-// {
-// GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-// "Database has donation_unit with invalid signature. Skipping entry. Did the donau offline public key change?\n");
-// return;
-// }
-
- GNUNET_assert (GNUNET_CRYPTO_BSA_INVALID !=
- donation_unit_pub->bsign_pub_key->cipher);
-
- // if (GNUNET_TIME_absolute_is_zero (meta->start.abs_time) ||
- // GNUNET_TIME_absolute_is_zero (meta->expire_withdraw.abs_time) ||
- // GNUNET_TIME_absolute_is_zero (meta->expire_deposit.abs_time) ||
- // GNUNET_TIME_absolute_is_zero (meta->expire_legal.abs_time) )
- // {
- // GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- // "Database contains invalid donation_unit key %s\n",
- // GNUNET_h2s (&h_donation_unit_pub->hash));
- // return;
- // }
+
+ // GNUNET_assert (GNUNET_CRYPTO_BSA_INVALID !=
+ // donation_unit_pub->bsign_pub_key->cipher);
+
dk = GNUNET_new (struct DH_DonationUnitKey);
DONAU_donation_unit_pub_deep_copy (&dk->donation_unit_pub,
donation_unit_pub);
@@ -1482,14 +1469,20 @@ build_key_state (struct HelperState *hs)
enum GNUNET_DB_QueryStatus qs;
ksh = GNUNET_new (struct DH_KeyStateHandle);
+
ksh->signature_expires = GNUNET_TIME_UNIT_FOREVER_TS;
ksh->reload_time = GNUNET_TIME_timestamp_get ();
/* We must use the key_generation from when we STARTED the process! */
ksh->key_generation = key_generation;
+ ksh->donation_unit_map = GNUNET_CONTAINER_multihashmap_create (1024,
+ true);
+ ksh->signkey_map = GNUNET_CONTAINER_multipeermap_create (32,
+ false /* MUST be false! */
+ );
if (NULL == hs)
{
ksh->helpers = GNUNET_new (struct HelperState);
- if (GNUNET_OK != setup_key_helpers (ksh->helpers))
+ if (GNUNET_OK != setup_key_helpers (ksh))
{
GNUNET_free (ksh->helpers);
GNUNET_assert (NULL == ksh->keys_reply);
@@ -1501,11 +1494,6 @@ build_key_state (struct HelperState *hs)
{
ksh->helpers = hs;
}
- ksh->donation_unit_map = GNUNET_CONTAINER_multihashmap_create (1024,
- true);
- ksh->signkey_map = GNUNET_CONTAINER_multipeermap_create (32,
- false /* MUST be false! */
- );
/* NOTE: fetches master-signed signkeys, but ALSO those that were revoked! */
GNUNET_break (GNUNET_OK ==
@@ -1708,7 +1696,7 @@ DH_handler_keys (struct DH_RequestContext *rc,
GNUNET_assert (NULL != kbc.donation_units);
GNUNET_assert (NULL != kbc.signkeys);
GNUNET_assert (NULL != DH_currency);
- GNUNET_CONTAINER_multihashmap_iterate (ksh->helpers->donation_unit,
+ GNUNET_CONTAINER_multihashmap_iterate (ksh->donation_unit_map,
&insert_donation_unit_cb,
&kbc);
GNUNET_CONTAINER_multipeermap_iterate (ksh->helpers->esign_keys,
diff --git a/src/donau/donau-httpd_keys.h b/src/donau/donau-httpd_keys.h
@@ -71,90 +71,12 @@ struct DH_DonationUnitKey
*/
struct TALER_Amount value;
-};
-
-/**
- * Information needed to create a blind signature.
- */
-// struct DH_CoinSignData
-// {
-/**
- * Hash of key to sign with.
- */
-// const struct TALER_DenominationHashP *h_denom_pub;
-
-/**
- * Blinded planchet to sign over.
+ /**
+ * Did we lose the private keys?
*/
-// const struct TALER_BlindedPlanchet *bp;
-// };
-
-
-// /**
-// * Request to sign @a csds.
-// *
-// * @param csds array with data to blindly sign (and keys to sign with)
-// * @param csds_length length of @a csds array
-// * @param for_melt true if this is for a melt operation
-// * @param[out] bss array set to the blind signature on success; must be of length @a csds_length
-// * @return #TALER_EC_NONE on success
-// */
-// enum TALER_ErrorCode
-// TEH_keys_denomination_batch_sign (
-// unsigned int csds_length,
-// const struct TEH_CoinSignData csds[static csds_length],
-// bool for_melt,
-// struct TALER_BlindedDenominationSignature bss[static csds_length]);
-
-
-// /**
-// * Information needed to derive the CS r_pub.
-// */
-// struct TEH_CsDeriveData
-// {
-// /**
-// * Hash of key to sign with.
-// */
-// const struct TALER_DenominationHashP *h_denom_pub;
-
-// /**
-// * Nonce to use.
-// */
-// const struct GNUNET_CRYPTO_CsSessionNonce *nonce;
-// };
-
-
-// /**
-// * Request to derive CS @a r_pub using the denomination and nonce from @a cdd.
-// *
-// * @param cdd data to compute @a r_pub from
-// * @param for_melt true if this is for a melt operation
-// * @param[out] r_pub where to write the result
-// * @return #TALER_EC_NONE on success
-// */
-// enum TALER_ErrorCode
-// TEH_keys_denomination_cs_r_pub (
-// const struct TEH_CsDeriveData *cdd,
-// bool for_melt,
-// struct GNUNET_CRYPTO_CSPublicRPairP *r_pub);
-
-// /**
-// * Request to derive a bunch of CS @a r_pubs using the
-// * denominations and nonces from @a cdds.
-// *
-// * @param cdds array to compute @a r_pubs from
-// * @param cdds_length length of the @a cdds array
-// * @param for_melt true if this is for a melt operation
-// * @param[out] r_pubs array where to write the result; must be of length @a cdds_length
-// * @return #TALER_EC_NONE on success
-// */
-// enum TALER_ErrorCode
-// TEH_keys_denomination_cs_batch_r_pub (
-// unsigned int cdds_length,
-// const struct TEH_CsDeriveData cdds[static cdds_length],
-// bool for_melt,
-// struct GNUNET_CRYPTO_CSPublicRPairP r_pubs[static cdds_length]);
+ bool lost;
+};
/**
* Fully clean up keys subsystem.
diff --git a/src/donaudb/pg_iterate_donation_units.c b/src/donaudb/pg_iterate_donation_units.c
@@ -46,11 +46,6 @@ struct IterateDonationUnitsContext
*/
struct PostgresClosure *pg;
- /**
- * Flag set to #GNUNET_OK as long as everything is fine.
- */
- enum GNUNET_DB_QueryStatus qs;
-
};
/**
@@ -93,18 +88,15 @@ iterate_donation_units_cb (void *cls,
i))
{
GNUNET_break (0);
- ctx->qs = GNUNET_DB_STATUS_HARD_ERROR;
return;
}
- ctx->qs = i + 1;
- if (GNUNET_OK !=
- ctx->cb (ctx->cb_cls,
- &h_donation_unit_pub,
- &donation_unit_pub,
- validity_year,
- &value))
- break;
+ ctx->cb (ctx->cb_cls,
+ &h_donation_unit_pub,
+ &donation_unit_pub,
+ validity_year,
+ &value);
+ GNUNET_PQ_cleanup_result (rs);
}
}
@@ -123,7 +115,6 @@ DH_PG_iterate_donation_units (void *cls,
.cb_cls = cb_cls,
.pg = pg
};
- enum GNUNET_DB_QueryStatus qs;
PREPARE (pg,
"iterate_donation_units",
@@ -133,12 +124,9 @@ DH_PG_iterate_donation_units (void *cls,
",validity_year"
",value"
" FROM donation_units");
- qs = GNUNET_PQ_eval_prepared_multi_select (pg->conn,
- "iterate_donation_units",
- params,
- &iterate_donation_units_cb,
- &ctx);
- if (qs <= 0)
- return qs;
- return ctx.qs;
+ return GNUNET_PQ_eval_prepared_multi_select (pg->conn,
+ "iterate_donation_units",
+ params,
+ &iterate_donation_units_cb,
+ &ctx);
}
