aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-11-17 20:31:08 +0100
committerChristian Grothoff <christian@grothoff.org>2021-11-17 20:31:08 +0100
commitf76888378cb6f3912a384c59d1d8a8dc1b603e28 (patch)
treea9f1aed55b04bc8a2dd7f01805b5c43a67e11c1d
parentcc74bf311d863eef3e7af5b9b59fb311af5f50d6 (diff)
-fix crypto_helper FTBFS
-rw-r--r--src/util/crypto_helper_denom.c68
-rw-r--r--src/util/secmod_common.c434
-rw-r--r--src/util/taler-exchange-secmod-rsa.c70
-rw-r--r--src/util/test_helper_rsa.c120
4 files changed, 532 insertions, 160 deletions
diff --git a/src/util/crypto_helper_denom.c b/src/util/crypto_helper_denom.c
index 6490184ef..cce5af635 100644
--- a/src/util/crypto_helper_denom.c
+++ b/src/util/crypto_helper_denom.c
@@ -238,63 +238,19 @@ TALER_CRYPTO_helper_denom_connect (
sizeof (dh->sa.sun_path) - 1);
GNUNET_free (unixpath);
dh->sock = -1;
+ /* Extract the age groups from the config, if the extension has been set,
+ * and serialize them into the age mask
+ */
+ if (GNUNET_OK !=
+ TALER_get_age_mask (cfg, &dh->age_mask))
{
- char *tmpdir;
- char *template;
-
- if (GNUNET_OK !=
- GNUNET_CONFIGURATION_get_value_filename (cfg,
- "taler-exchange-secmod-rsa",
- "CLIENT_DIR",
- &tmpdir))
- {
- GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "taler-exchange-secmod-rsa",
- "CLIENT_DIR");
- return NULL;
- }
- GNUNET_asprintf (&template,
- "%s/cli",
- tmpdir);
- /* We expect the service to create the client directory */
- if (GNUNET_OK !=
- GNUNET_DISK_directory_test (tmpdir,
- GNUNET_YES))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to read secmod client directory (%s)\n",
- tmpdir);
- GNUNET_free (dh);
- GNUNET_free (template);
- GNUNET_free (tmpdir);
- return NULL;
- }
- GNUNET_free (tmpdir);
- dh->template = template;
- if (strlen (template) >= sizeof (dh->sa.sun_path))
- {
- GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
- "PATHS",
- "TALER_RUNTIME_DIR",
- "path too long");
- TALER_CRYPTO_helper_denom_disconnect (dh);
- return NULL;
- }
-
- /* Extract the age groups from the config, if the extension has been set,
- * and serialize them into the age mask
- */
- if (GNUNET_OK !=
- TALER_get_age_mask (cfg, &dh->age_mask))
- {
- /* FIXME: maybe more specific error? */
- GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
- "extensions", /* FIXME: right section etc? */
- "age-restriction",
- "invalid age groups");
- TALER_CRYPTO_helper_denom_disconnect (dh);
- return NULL;
- }
+ /* FIXME: maybe more specific error? */
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "extensions", /* FIXME: right section etc? */
+ "age-restriction",
+ "invalid age groups");
+ TALER_CRYPTO_helper_denom_disconnect (dh);
+ return NULL;
}
TALER_CRYPTO_helper_denom_poll (dh);
return dh;
diff --git a/src/util/secmod_common.c b/src/util/secmod_common.c
index 2e73e44b1..229942c92 100644
--- a/src/util/secmod_common.c
+++ b/src/util/secmod_common.c
@@ -21,6 +21,97 @@
#include "platform.h"
#include "taler_util.h"
#include "taler_signatures.h"
+#include "secmod_common.h"
+#include <poll.h>
+#include <sys/eventfd.h>
+
+
+/**
+ * Head of DLL of clients connected to us.
+ */
+struct TES_Client *TES_clients_head;
+
+/**
+ * Tail of DLL of clients connected to us.
+ */
+struct TES_Client *TES_clients_tail;
+
+/**
+ * Lock for the client queue.
+ */
+pthread_mutex_t TES_clients_lock;
+
+/**
+ * Private key of this security module. Used to sign denomination key
+ * announcements.
+ */
+struct TALER_SecurityModulePrivateKeyP TES_smpriv;
+
+/**
+ * Public key of this security module.
+ */
+struct TALER_SecurityModulePublicKeyP TES_smpub;
+
+/**
+ * Our listen socket.
+ */
+static struct GNUNET_NETWORK_Handle *unix_sock;
+
+/**
+ * Path where we are listening.
+ */
+static char *unixpath;
+
+/**
+ * Task run to accept new inbound connections.
+ */
+static struct GNUNET_SCHEDULER_Task *listen_task;
+
+/**
+ * Set once we are in shutdown and workers should terminate.
+ */
+static volatile bool in_shutdown;
+
+
+enum GNUNET_GenericReturnValue
+TES_transmit (int sock,
+ const struct GNUNET_MessageHeader *hdr)
+{
+ ssize_t off = 0;
+ const void *pos = hdr;
+ uint16_t end = ntohs (hdr->size);
+
+ while (off < end)
+ {
+ ssize_t ret = send (sock,
+ pos,
+ end - off,
+ 0 /* no flags => blocking! */);
+ if ( (-1 == ret) &&
+ ( (EAGAIN == errno) ||
+ (EINTR == errno) ) )
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG,
+ "send");
+ continue;
+ }
+ if (-1 == ret)
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+ "send");
+ return GNUNET_SYSERR;
+ }
+ if (0 == ret)
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ off += ret;
+ pos += ret;
+ }
+ return GNUNET_OK;
+}
+
struct GNUNET_NETWORK_Handle *
TES_open_socket (const char *unixpath)
@@ -37,7 +128,7 @@ TES_open_socket (const char *unixpath)
old_umask = umask (S_IROTH | S_IWOTH | S_IXOTH);
sock = socket (PF_UNIX,
- SOCK_DGRAM,
+ SOCK_STREAM,
0);
if (-1 == sock)
{
@@ -80,8 +171,349 @@ TES_open_socket (const char *unixpath)
goto cleanup;
}
ret = GNUNET_NETWORK_socket_box_native (sock);
+ if (GNUNET_OK !=
+ GNUNET_NETWORK_socket_listen (ret,
+ 512))
+ {
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+ "listen",
+ unixpath);
+ GNUNET_break (GNUNET_OK ==
+ GNUNET_NETWORK_socket_close (ret));
+ ret = NULL;
+ }
}
cleanup:
(void) umask (old_umask);
return ret;
}
+
+
+/**
+ * Send a signal to all clients to notify them about a key generation change.
+ */
+void
+TES_wake_clients (void)
+{
+ uint64_t num = 1;
+
+ GNUNET_assert (0 == pthread_mutex_lock (&TES_clients_lock));
+ for (struct TES_Client *client = TES_clients_head;
+ NULL != client;
+ client = client->next)
+ {
+ GNUNET_assert (sizeof (num) ==
+ write (client->esock,
+ &num,
+ sizeof (num)));
+ }
+ GNUNET_assert (0 == pthread_mutex_unlock (&TES_clients_lock));
+}
+
+
+/**
+ * Read work request from the client.
+ *
+ * @param cls a `struct TES_Client *`
+ * @param dispatch function to call with work requests received
+ * @return #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+TES_read_work (void *cls,
+ TES_MessageDispatch dispatch)
+{
+ struct TES_Client *client = cls;
+ char *buf = client->iobuf;
+ ssize_t buf_size;
+ size_t off = 0;
+ uint16_t msize;
+ const struct GNUNET_MessageHeader *hdr;
+
+ do
+ {
+ buf_size = recv (client->csock,
+ &buf[off],
+ sizeof (client->iobuf) - off,
+ 0);
+ if (-1 == buf_size)
+ {
+ if ( (0 == off) &&
+ (EAGAIN == errno) )
+ return GNUNET_NO;
+ if ( (EINTR == errno) ||
+ (EAGAIN == errno) )
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_DEBUG,
+ "recv");
+ continue;
+ }
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+ "recv");
+ return GNUNET_SYSERR;
+ }
+ if (0 == buf_size)
+ {
+ /* regular disconnect? */
+ GNUNET_break_op (0 == off);
+ return GNUNET_SYSERR;
+ }
+ off += buf_size;
+ if (off < sizeof (struct GNUNET_MessageHeader))
+ continue;
+ hdr = (const struct GNUNET_MessageHeader *) buf;
+ msize = ntohs (hdr->size);
+ } while (off < msize);
+
+ if (off > msize)
+ {
+ GNUNET_break_op (0);
+ return GNUNET_SYSERR;
+ }
+ return dispatch (client,
+ hdr);
+}
+
+
+bool
+TES_await_ready (struct TES_Client *client)
+{
+ /* wait for reply with 1s timeout */
+ struct pollfd pfds[] = {
+ {
+ .fd = client->csock,
+ .events = POLLIN
+ },
+ {
+ .fd = client->esock,
+ .events = POLLIN
+ },
+ };
+ int ret;
+
+ ret = poll (pfds,
+ 2,
+ -1);
+ if ( (-1 == ret) &&
+ (EINTR != errno) )
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
+ "poll");
+ for (int i = 0; i<2; i++)
+ {
+ if ( (pfds[i].fd == client->esock) &&
+ (POLLIN == pfds[i].revents) )
+ {
+ uint64_t num;
+
+ GNUNET_assert (sizeof (num) ==
+ read (client->esock,
+ &num,
+ sizeof (num)));
+ return true;
+ }
+ }
+ return false;
+}
+
+
+void
+TES_free_client (struct TES_Client *client)
+{
+ GNUNET_assert (0 == pthread_mutex_lock (&TES_clients_lock));
+ GNUNET_CONTAINER_DLL_remove (TES_clients_head,
+ TES_clients_tail,
+ client);
+ GNUNET_assert (0 == pthread_mutex_unlock (&TES_clients_lock));
+ GNUNET_break (0 == close (client->csock));
+ GNUNET_break (0 == close (client->esock));
+ pthread_detach (client->worker);
+ GNUNET_free (client);
+}
+
+
+/**
+ * Main function of a worker thread that signs.
+ *
+ * @param cls the client we are working on
+ * @return NULL
+ */
+static void *
+sign_worker (void *cls)
+{
+ struct TES_Client *client = cls;
+
+ if (GNUNET_OK !=
+ client->cb.init (client))
+ {
+ GNUNET_break (0);
+ TES_free_client (client);
+ return NULL;
+ }
+ while (! in_shutdown)
+ {
+ if (TES_await_ready (client))
+ {
+ if (GNUNET_OK !=
+ client->cb.updater (client))
+ break;
+ }
+ if (GNUNET_SYSERR ==
+ TES_read_work (client,
+ client->cb.dispatch))
+ break;
+ }
+ TES_free_client (client);
+ return NULL;
+}
+
+
+/**
+ * Task that listens for incoming clients.
+ *
+ * @param cls a `struct TES_Callbacks`
+ */
+static void
+listen_job (void *cls)
+{
+ const struct TES_Callbacks *cb = cls;
+ int s;
+ int e;
+ struct sockaddr_storage sa;
+ socklen_t sa_len = sizeof (sa);
+
+ listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
+ unix_sock,
+ &listen_job,
+ cls);
+ s = accept (GNUNET_NETWORK_get_fd (unix_sock),
+ (struct sockaddr *) &sa,
+ &sa_len);
+ if (-1 == s)
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+ "accept");
+ return;
+ }
+ e = eventfd (0,
+ EFD_CLOEXEC);
+ if (-1 == e)
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+ "eventfd");
+ GNUNET_break (0 == close (s));
+ return;
+ }
+ {
+ struct TES_Client *client;
+
+ client = GNUNET_new (struct TES_Client);
+ client->cb = *cb;
+ client->csock = s;
+ client->esock = e;
+ GNUNET_assert (0 == pthread_mutex_lock (&TES_clients_lock));
+ GNUNET_CONTAINER_DLL_insert (TES_clients_head,
+ TES_clients_tail,
+ client);
+ GNUNET_assert (0 == pthread_mutex_unlock (&TES_clients_lock));
+ if (0 !=
+ pthread_create (&client->worker,
+ NULL,
+ &sign_worker,
+ client))
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+ "pthread_create");
+ TES_free_client (client);
+ }
+ }
+}
+
+
+int
+TES_listen_start (const struct GNUNET_CONFIGURATION_Handle *cfg,
+ const char *section,
+ const struct TES_Callbacks *cb)
+{
+ {
+ char *pfn;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (cfg,
+ section,
+ "SM_PRIV_KEY",
+ &pfn))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ section,
+ "SM_PRIV_KEY");
+ return EXIT_NOTCONFIGURED;
+ }
+ if (GNUNET_SYSERR ==
+ GNUNET_CRYPTO_eddsa_key_from_file (pfn,
+ GNUNET_YES,
+ &TES_smpriv.eddsa_priv))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ section,
+ "SM_PRIV_KEY",
+ "Could not use file to persist private key");
+ GNUNET_free (pfn);
+ return EXIT_NOPERMISSION;
+ }
+ GNUNET_free (pfn);
+ GNUNET_CRYPTO_eddsa_key_get_public (&TES_smpriv.eddsa_priv,
+ &TES_smpub.eddsa_pub);
+ }
+
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (cfg,
+ section,
+ "UNIXPATH",
+ &unixpath))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ section,
+ "UNIXPATH");
+ return EXIT_NOTCONFIGURED;
+ }
+ GNUNET_assert (NULL != unixpath);
+ unix_sock = TES_open_socket (unixpath);
+ if (NULL == unix_sock)
+ {
+ GNUNET_free (unixpath);
+ GNUNET_break (0);
+ return EXIT_NOPERMISSION;
+ }
+ /* start job to accept incoming requests on 'sock' */
+ listen_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
+ unix_sock,
+ &listen_job,
+ (void *) cb);
+ return 0;
+}
+
+
+void
+TES_listen_stop (void)
+{
+ if (NULL != listen_task)
+ {
+ GNUNET_SCHEDULER_cancel (listen_task);
+ listen_task = NULL;
+ }
+ if (NULL != unix_sock)
+ {
+ GNUNET_break (GNUNET_OK ==
+ GNUNET_NETWORK_socket_close (unix_sock));
+ unix_sock = NULL;
+ }
+ if (0 != unlink (unixpath))
+ {
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+ "unlink",
+ unixpath);
+ }
+ GNUNET_free (unixpath);
+ in_shutdown = true;
+ TES_wake_clients ();
+}
diff --git a/src/util/taler-exchange-secmod-rsa.c b/src/util/taler-exchange-secmod-rsa.c
index 1884ca98c..7133a661b 100644
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@@ -78,17 +78,17 @@ struct DenominationKey
/**
* The private key of the denomination.
*/
- struct TALER_DenominationPrivateKey denom_priv;
+ struct GNUNET_CRYPTO_RsaPrivateKey *denom_priv;
/**
* The public key of the denomination.
*/
- struct TALER_DenominationPublicKey denom_pub;
+ struct GNUNET_CRYPTO_RsaPublicKey *denom_pub;
/**
* Hash of this denomination's public key.
*/
- struct GNUNET_HashCode h_denom_pub;
+ struct TALER_DenominationHash h_denom_pub;
/**
* Time at which this key is supposed to become valid.
@@ -245,7 +245,7 @@ notify_client_dk_add (struct TES_Client *client,
void *p;
size_t tlen;
- buf_len = GNUNET_CRYPTO_rsa_public_key_encode (dk->denom_pub.rsa_public_key,
+ buf_len = GNUNET_CRYPTO_rsa_public_key_encode (dk->denom_pub,
&buf);
GNUNET_assert (buf_len < UINT16_MAX);
GNUNET_assert (nlen < UINT16_MAX);
@@ -258,12 +258,12 @@ notify_client_dk_add (struct TES_Client *client,
an->section_name_len = htons ((uint16_t) nlen);
an->anchor_time = GNUNET_TIME_absolute_hton (dk->anchor);
an->duration_withdraw = GNUNET_TIME_relative_hton (denom->duration_withdraw);
- TALER_exchange_secmod_rsa_sign (&dk->h_denom_pub,
- denom->section,
- dk->anchor,
- denom->duration_withdraw,
- &TES_smpriv,
- &an->secm_sig);
+ TALER_exchange_secmod_denom_sign (&dk->h_denom_pub,
+ denom->section,
+ dk->anchor,
+ denom->duration_withdraw,
+ &TES_smpriv,
+ &an->secm_sig);
an->secm_pub = TES_smpub;
p = (void *) &an[1];
memcpy (p,
@@ -275,7 +275,7 @@ notify_client_dk_add (struct TES_Client *client,
nlen);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Sending RSA denomination key %s (%s)\n",
- GNUNET_h2s (&dk->h_denom_pub),
+ GNUNET_h2s (&dk->h_denom_pub.hash),
denom->section);
if (GNUNET_OK !=
TES_transmit (client->csock,
@@ -311,7 +311,7 @@ notify_client_dk_del (struct TES_Client *client,
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Sending RSA denomination expiration %s\n",
- GNUNET_h2s (&dk->h_denom_pub));
+ GNUNET_h2s (&dk->h_denom_pub.hash));
if (GNUNET_OK !=
TES_transmit (client->csock,
&pn.header))
@@ -345,7 +345,7 @@ handle_sign_request (struct TES_Client *client,
GNUNET_assert (0 == pthread_mutex_lock (&keys_lock));
dk = GNUNET_CONTAINER_multihashmap_get (keys,
- &sr->h_denom_pub);
+ &sr->h_denom_pub.hash);
if (NULL == dk)
{
struct TALER_CRYPTO_SignFailure sf = {
@@ -357,7 +357,7 @@ handle_sign_request (struct TES_Client *client,
GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Signing request failed, denomination key %s unknown\n",
- GNUNET_h2s (&sr->h_denom_pub));
+ GNUNET_h2s (&sr->h_denom_pub.hash));
return TES_transmit (client->csock,
&sf.header);
}
@@ -374,7 +374,7 @@ handle_sign_request (struct TES_Client *client,
GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Signing request failed, denomination key %s is not yet valid\n",
- GNUNET_h2s (&sr->h_denom_pub));
+ GNUNET_h2s (&sr->h_denom_pub.hash));
return TES_transmit (client->csock,
&sf.header);
}
@@ -382,12 +382,12 @@ handle_sign_request (struct TES_Client *client,
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Received request to sign over %u bytes with key %s\n",
(unsigned int) blinded_msg_size,
- GNUNET_h2s (&sr->h_denom_pub));
+ GNUNET_h2s (&sr->h_denom_pub.hash));
GNUNET_assert (dk->rc < UINT_MAX);
dk->rc++;
GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock));
rsa_signature
- = GNUNET_CRYPTO_rsa_sign_blinded (dk->denom_priv.rsa_private_key,
+ = GNUNET_CRYPTO_rsa_sign_blinded (dk->denom_priv,
blinded_msg,
blinded_msg_size);
GNUNET_assert (0 == pthread_mutex_lock (&keys_lock));
@@ -471,7 +471,7 @@ setup_key (struct DenominationKey *dk,
buf_size = GNUNET_CRYPTO_rsa_private_key_encode (priv,
&buf);
GNUNET_CRYPTO_rsa_public_key_hash (pub,
- &dk->h_denom_pub);
+ &dk->h_denom_pub.hash);
GNUNET_asprintf (&dk->filename,
"%s/%s/%llu",
keydir,
@@ -495,24 +495,24 @@ setup_key (struct DenominationKey *dk,
GNUNET_free (buf);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Setup fresh private key %s at %s in `%s' (generation #%llu)\n",
- GNUNET_h2s (&dk->h_denom_pub),
+ GNUNET_h2s (&dk->h_denom_pub.hash),
GNUNET_STRINGS_absolute_time_to_string (dk->anchor),
dk->filename,
(unsigned long long) key_gen);
- dk->denom_priv.rsa_private_key = priv;
- dk->denom_pub.rsa_public_key = pub;
+ dk->denom_priv = priv;
+ dk->denom_pub = pub;
dk->key_gen = key_gen;
if (GNUNET_OK !=
GNUNET_CONTAINER_multihashmap_put (
keys,
- &dk->h_denom_pub,
+ &dk->h_denom_pub.hash,
dk,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Duplicate private key created! Terminating.\n");
- GNUNET_CRYPTO_rsa_private_key_free (dk->denom_priv.rsa_private_key);
- GNUNET_CRYPTO_rsa_public_key_free (dk->denom_pub.rsa_public_key);
+ GNUNET_CRYPTO_rsa_private_key_free (dk->denom_priv);
+ GNUNET_CRYPTO_rsa_public_key_free (dk->denom_pub);
GNUNET_free (dk->filename);
GNUNET_free (dk);
return GNUNET_SYSERR;
@@ -563,13 +563,13 @@ handle_revoke_request (struct TES_Client *client,
GNUNET_assert (0 == pthread_mutex_lock (&keys_lock));
dk = GNUNET_CONTAINER_multihashmap_get (keys,
- &rr->h_denom_pub);
+ &rr->h_denom_pub.hash);
if (NULL == dk)
{
GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock));
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Revocation request ignored, denomination key %s unknown\n",
- GNUNET_h2s (&rr->h_denom_pub));
+ GNUNET_h2s (&rr->h_denom_pub.hash));
return GNUNET_OK;
}
@@ -877,7 +877,7 @@ update_keys (struct Denomination *denom,
GNUNET_assert (GNUNET_OK ==
GNUNET_CONTAINER_multihashmap_remove (
keys,
- &key->h_denom_pub,
+ &key->h_denom_pub.hash,
key));
if ( (! key->purge) &&
(0 != unlink (key->filename)) )
@@ -885,8 +885,8 @@ update_keys (struct Denomination *denom,
"unlink",
key->filename);
GNUNET_free (key->filename);
- GNUNET_CRYPTO_rsa_private_key_free (key->denom_priv.rsa_private_key);
- GNUNET_CRYPTO_rsa_public_key_free (key->denom_pub.rsa_public_key);
+ GNUNET_CRYPTO_rsa_private_key_free (key->denom_priv);
+ GNUNET_CRYPTO_rsa_public_key_free (key->denom_pub);
GNUNET_free (key);
key = nxt;
}
@@ -1025,23 +1025,23 @@ parse_key (struct Denomination *denom,
return;
}
dk = GNUNET_new (struct DenominationKey);
- dk->denom_priv.rsa_private_key = priv;
+ dk->denom_priv = priv;
dk->denom = denom;
dk->anchor = anchor;
dk->filename = GNUNET_strdup (filename);
GNUNET_CRYPTO_rsa_public_key_hash (pub,
- &dk->h_denom_pub);
- dk->denom_pub.rsa_public_key = pub;
+ &dk->h_denom_pub.hash);
+ dk->denom_pub = pub;
if (GNUNET_OK !=
GNUNET_CONTAINER_multihashmap_put (
keys,
- &dk->h_denom_pub,
+ &dk->h_denom_pub.hash,
dk,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Duplicate private key %s detected in file `%s'. Skipping.\n",
- GNUNET_h2s (&dk->h_denom_pub),
+ GNUNET_h2s (&dk->h_denom_pub.hash),
filename);
GNUNET_CRYPTO_rsa_private_key_free (priv);
GNUNET_CRYPTO_rsa_public_key_free (pub);
@@ -1063,7 +1063,7 @@ parse_key (struct Denomination *denom,
dk);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Imported key %s from `%s'\n",
- GNUNET_h2s (&dk->h_denom_pub),
+ GNUNET_h2s (&dk->h_denom_pub.hash),
filename);
}
}
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c
index 97844001d..7d2d3151e 100644
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@@ -74,7 +74,7 @@ struct KeyData
/**
* Hash of the public key.
*/
- struct GNUNET_HashCode h_denom_pub;
+ struct TALER_DenominationHash h_denom_pub;
/**
* Full public key.
@@ -122,7 +122,7 @@ key_cb (void *cls,
const char *section_name,
struct GNUNET_TIME_Absolute start_time,
struct GNUNET_TIME_Relative validity_duration,
- const struct GNUNET_HashCode *h_denom_pub,
+ const struct TALER_DenominationHash *h_denom_pub,
const struct TALER_DenominationPublicKey *denom_pub,
const struct TALER_SecurityModulePublicKeyP *sm_pub,
const struct TALER_SecurityModuleSignatureP *sm_sig)
@@ -131,7 +131,7 @@ key_cb (void *cls,
(void) sm_sig;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Key notification about key %s in `%s'\n",
- GNUNET_h2s (h_denom_pub),
+ GNUNET_h2s (&h_denom_pub->hash),
section_name);
if (0 == validity_duration.rel_value_us)
{
@@ -145,8 +145,7 @@ key_cb (void *cls,
{
keys[i].valid = false;
keys[i].revoked = false;
- GNUNET_CRYPTO_rsa_public_key_free (keys[i].denom_pub.rsa_public_key);
- keys[i].denom_pub.rsa_public_key = NULL;
+ TALER_denom_pub_free (&keys[i].denom_pub);
GNUNET_assert (num_keys > 0);
num_keys--;
found = true;
@@ -167,8 +166,8 @@ key_cb (void *cls,
keys[i].h_denom_pub = *h_denom_pub;
keys[i].start_time = start_time;
keys[i].validity_duration = validity_duration;
- keys[i].denom_pub.rsa_public_key
- = GNUNET_CRYPTO_rsa_public_key_dup (denom_pub->rsa_public_key);
+ TALER_denom_pub_deep_copy (&keys[i].denom_pub,
+ denom_pub);
num_keys++;
return;
}
@@ -211,7 +210,7 @@ test_revocation (struct TALER_CRYPTO_DenominationHelper *dh)
keys[j].revoked = true;
fprintf (stderr,
"Revoking key %s ...",
- GNUNET_h2s (&keys[j].h_denom_pub));
+ GNUNET_h2s (&keys[j].h_denom_pub.hash));
TALER_CRYPTO_helper_denom_revoke (dh,
&keys[j].h_denom_pub);
for (unsigned int k = 0; k<1000; k++)
@@ -247,42 +246,35 @@ test_revocation (struct TALER_CRYPTO_DenominationHelper *dh)
static int
test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
{
- struct TALER_DenominationSignature ds;
+ struct TALER_BlindedDenominationSignature ds;
enum TALER_ErrorCode ec;
bool success = false;
- struct GNUNET_HashCode m_hash;
- struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
-
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &bks,
- sizeof (bks));
- GNUNET_CRYPTO_hash ("Hello",
- strlen ("Hello"),
- &m_hash);
+ struct TALER_PlanchetSecretsP ps;
+ struct TALER_CoinPubHash c_hash;
+
+ TALER_planchet_setup_random (&ps);
for (unsigned int i = 0; i<MAX_KEYS; i++)
{
if (! keys[i].valid)
continue;
{
- void *buf;
- size_t buf_size;
+ struct TALER_PlanchetDetail pd;
GNUNET_assert (GNUNET_YES ==
- TALER_rsa_blind (&m_hash,
- &bks,
- keys[i].denom_pub.rsa_public_key,
- &buf,
- &buf_size));
+ TALER_planchet_prepare (&keys[i].denom_pub,
+ &ps,
+ &c_hash,
+ &pd));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Requesting signature over %u bytes with key %s\n",
- (unsigned int) buf_size,
- GNUNET_h2s (&keys[i].h_denom_pub));
+ (unsigned int) pd.coin_ev_size,
+ GNUNET_h2s (&keys[i].h_denom_pub.hash));
ds = TALER_CRYPTO_helper_denom_sign (dh,
&keys[i].h_denom_pub,
- buf,
- buf_size,
+ pd.coin_ev,
+ pd.coin_ev_size,
&ec);
- GNUNET_free (buf);
+ GNUNET_free (pd.coin_ev);
}
switch (ec)
{
@@ -302,32 +294,33 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
return 5;
}
{
- struct GNUNET_CRYPTO_RsaSignature *rs;
+ struct TALER_DenominationSignature rs;
- rs = TALER_rsa_unblind (ds.rsa_signature,
- &bks,
- keys[i].denom_pub.rsa_public_key);
- if (NULL == rs)
+ if (GNUNET_OK !=
+ TALER_denom_sig_unblind (&rs,
+ &ds,
+ &ps.blinding_key,
+ &keys[i].denom_pub))
{
GNUNET_break (0);
return 6;
}
- GNUNET_CRYPTO_rsa_signature_free (ds.rsa_signature);
+ TALER_blinded_denom_sig_free (&ds);
if (GNUNET_OK !=
- GNUNET_CRYPTO_rsa_verify (&m_hash,
- rs,
- keys[i].denom_pub.rsa_public_key))
+ TALER_denom_pub_verify (&keys[i].denom_pub,
+ &rs,
+ &c_hash))
{
/* signature invalid */
GNUNET_break (0);
- GNUNET_CRYPTO_rsa_signature_free (rs);
+ TALER_denom_sig_free (&rs);
return 7;
}
- GNUNET_CRYPTO_rsa_signature_free (rs);
+ TALER_denom_sig_free (&rs);
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Received valid signature for key %s\n",
- GNUNET_h2s (&keys[i].h_denom_pub));
+ GNUNET_h2s (&keys[i].h_denom_pub.hash));
success = true;
break;
case TALER_EC_EXCHANGE_DENOMINATION_HELPER_TOO_EARLY:
@@ -362,8 +355,7 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
/* check signing does not work if the key is unknown */
{
- struct GNUNET_HashCode rnd;
- struct TALER_DenominationSignature ds;
+ struct TALER_DenominationHash rnd;
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&rnd,
@@ -376,13 +368,13 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec)
{
if (TALER_EC_NONE == ec)
- GNUNET_CRYPTO_rsa_signature_free (ds.rsa_signature);
+ TALER_blinded_denom_sig_free (&ds);
GNUNET_break (0);
return 17;
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Signing with invalid key %s failed as desired\n",
- GNUNET_h2s (&rnd));
+ GNUNET_h2s (&rnd.hash));
}
return 0;
}
@@ -398,18 +390,12 @@ static int
perf_signing (struct TALER_CRYPTO_DenominationHelper *dh,
const char *type)
{
- struct TALER_DenominationSignature ds;
+ struct TALER_BlindedDenominationSignature ds;
enum TALER_ErrorCode ec;
- struct GNUNET_HashCode m_hash;
- struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
struct GNUNET_TIME_Relative duration;
+ struct TALER_PlanchetSecretsP ps;
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
- &bks,
- sizeof (bks));
- GNUNET_CRYPTO_hash ("Hello",
- strlen ("Hello"),
- &m_hash);
+ TALER_planchet_setup_random (&ps);
duration = GNUNET_TIME_UNIT_ZERO;
TALER_CRYPTO_helper_denom_poll (dh);
for (unsigned int j = 0; j<NUM_SIGN_PERFS;)
@@ -425,15 +411,14 @@ perf_signing (struct TALER_CRYPTO_DenominationHelper *dh,
keys[i].validity_duration.rel_value_us)
continue;
{
- void *buf;
- size_t buf_size;
+ struct TALER_CoinPubHash c_hash;
+ struct TALER_PlanchetDetail pd;
GNUNET_assert (GNUNET_YES ==
- TALER_rsa_blind (&m_hash,
- &bks,
- keys[i].denom_pub.rsa_public_key,
- &buf,
- &buf_size));
+ TALER_planchet_prepare (&keys[i].denom_pub,
+ &ps,
+ &c_hash,
+ &pd));
/* use this key as long as it works */
while (1)
{
@@ -442,20 +427,20 @@ perf_signing (struct TALER_CRYPTO_DenominationHelper *dh,
ds = TALER_CRYPTO_helper_denom_sign (dh,
&keys[i].h_denom_pub,
- buf,
- buf_size,
+ pd.coin_ev,
+ pd.coin_ev_size,
&ec);
if (TALER_EC_NONE != ec)
break;
delay = GNUNET_TIME_absolute_get_duration (start);
duration = GNUNET_TIME_relative_add (duration,
delay);
- GNUNET_CRYPTO_rsa_signature_free (ds.rsa_signature);
+ TALER_blinded_denom_sig_free (&ds);
j++;
if (NUM_SIGN_PERFS <= j)
break;
}
- GNUNET_free (buf);
+ GNUNET_free (pd.coin_ev);
}
} /* for i */
} /* for j */
@@ -592,8 +577,7 @@ run_test (void)
for (unsigned int i = 0; i<MAX_KEYS; i++)
if (keys[i].valid)
{
- GNUNET_CRYPTO_rsa_public_key_free (keys[i].denom_pub.rsa_public_key);
- keys[i].denom_pub.rsa_public_key = NULL;
+ TALER_denom_pub_free (&keys[i].denom_pub);
GNUNET_assert (num_keys > 0);
num_keys--;
}