diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-11-23 21:10:55 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-11-23 21:10:55 +0100 |
commit | d5656ec46e47d49d16b21b5cbc1c34caf5ea4b83 (patch) | |
tree | d2c6cecb321e6468ba4ce97f51f4cfddda1769c7 /src/util/test_helper_eddsa.c | |
parent | 77dbb8327618ada8fd112209e54a7bf05d2958f0 (diff) | |
download | exchange-d5656ec46e47d49d16b21b5cbc1c34caf5ea4b83.tar.xz |
finish helper test cases
Diffstat (limited to 'src/util/test_helper_eddsa.c')
-rw-r--r-- | src/util/test_helper_eddsa.c | 447 |
1 files changed, 447 insertions, 0 deletions
diff --git a/src/util/test_helper_eddsa.c b/src/util/test_helper_eddsa.c new file mode 100644 index 000000000..c2a3af744 --- /dev/null +++ b/src/util/test_helper_eddsa.c @@ -0,0 +1,447 @@ +/* + This file is part of TALER + (C) 2020 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file util/test_helper_eddsa.c + * @brief Tests for EDDSA crypto helper + * @author Christian Grothoff + */ +#include "platform.h" +#include "taler_util.h" +#include <gnunet/gnunet_signatures.h> + +/** + * Configuration has 1 minute duration and 5 minutes lookahead, so + * we should never have more than 6 active keys, plus for during + * key expiration / revocation. + */ +#define MAX_KEYS 7 + +/** + * How many random key revocations should we test? + */ +#define NUM_REVOKES 3 + +/** + * How many iterations of the successful signing test should we run? + */ +#define NUM_SIGN_TESTS 100 + + +/** + * Number of keys currently in #keys. + */ +static unsigned int num_keys; + +/** + * Keys currently managed by the helper. + */ +struct KeyData +{ + /** + * Validity start point. + */ + struct GNUNET_TIME_Absolute start_time; + + /** + * Key expires for signing at @e start_time plus this value. + */ + struct GNUNET_TIME_Relative validity_duration; + + /** + * Full public key. + */ + struct TALER_ExchangePublicKeyP exchange_pub; + + /** + * Is this key currently valid? + */ + bool valid; + + /** + * Did the test driver revoke this key? + */ + bool revoked; +}; + +/** + * Array of all the keys we got from the helper. + */ +static struct KeyData keys[MAX_KEYS]; + + +/** + * Function called with information about available keys for signing. Usually + * only called once per key upon connect. Also called again in case a key is + * being revoked, in that case with an @a end_time of zero. Stores the keys + * status in #keys. + * + * @param cls closure, NULL + * @param start_time when does the key become available for signing; + * zero if the key has been revoked or purged + * @param validity_duration how long does the key remain available for signing; + * zero if the key has been revoked or purged + * @param exchange_pub the public key itself + * @param sm_pub public key of the security module, NULL if the key was revoked or purged + * @param sm_sig signature from the security module, NULL if the key was revoked or purged + * The signature was already verified against @a sm_pub. + */ +static void +key_cb (void *cls, + struct GNUNET_TIME_Absolute start_time, + struct GNUNET_TIME_Relative validity_duration, + const struct TALER_ExchangePublicKeyP *exchange_pub, + const struct TALER_SecurityModulePublicKeyP *sm_pub, + const struct TALER_SecurityModuleSignatureP *sm_sig) +{ + (void) sm_pub; + (void) sm_sig; + if (0 == validity_duration.rel_value_us) + { + bool found = false; + + for (unsigned int i = 0; i<MAX_KEYS; i++) + if (0 == GNUNET_memcmp (exchange_pub, + &keys[i].exchange_pub)) + { + keys[i].valid = false; + keys[i].revoked = false; + GNUNET_assert (num_keys > 0); + num_keys--; + found = true; + break; + } + if (! found) + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Error: helper announced expiration of unknown key!\n"); + + return; + } + for (unsigned int i = 0; i<MAX_KEYS; i++) + if (! keys[i].valid) + { + keys[i].valid = true; + keys[i].exchange_pub = *exchange_pub; + keys[i].start_time = start_time; + keys[i].validity_duration = validity_duration; + num_keys++; + return; + } + /* too many keys! */ + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Error: received %d live keys from the service!\n", + MAX_KEYS + 1); +} + + +/** + * Test key revocation logic. + * + * @param esh handle to the helper + * @return 0 on success + */ +static int +test_revocation (struct TALER_CRYPTO_ExchangeSignHelper *esh) +{ + struct timespec req = { + .tv_nsec = 250000000 + }; + + for (unsigned int i = 0; i<NUM_REVOKES; i++) + { + uint32_t off; + + off = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, + num_keys); + /* find index of key to revoke */ + for (unsigned int j = 0; j < MAX_KEYS; j++) + { + if (! keys[j].valid) + continue; + if (0 != off) + { + off--; + continue; + } + keys[j].revoked = true; + fprintf (stderr, + "Revoking key ..."); + TALER_CRYPTO_helper_esign_revoke (esh, + &keys[j].exchange_pub); + for (unsigned int k = 0; k<1000; k++) + { + TALER_CRYPTO_helper_esign_poll (esh); + if (! keys[j].revoked) + break; + nanosleep (&req, NULL); + fprintf (stderr, "."); + } + if (keys[j].revoked) + { + fprintf (stderr, + "\nFAILED: timeout trying to revoke key %u\n", + j); + TALER_CRYPTO_helper_esign_disconnect (esh); + return 2; + } + fprintf (stderr, "\n"); + break; + } + } + return 0; +} + + +/** + * Test signing logic. + * + * @param esh handle to the helper + * @return 0 on success + */ +static int +test_signing (struct TALER_CRYPTO_ExchangeSignHelper *esh) +{ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose = { + .purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST), + .size = htonl (sizeof (purpose)), + }; + + for (unsigned int i = 0; i<2; i++) + { + struct TALER_ExchangePublicKeyP exchange_pub; + struct TALER_ExchangeSignatureP exchange_sig; + enum TALER_ErrorCode ec; + + ec = TALER_CRYPTO_helper_esign_sign_ (esh, + &purpose, + &exchange_pub, + &exchange_sig); + switch (ec) + { + case TALER_EC_NONE: + if (GNUNET_OK != + GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, + &purpose, + &exchange_sig.eddsa_signature, + &exchange_pub.eddsa_pub)) + { + /* signature invalid */ + GNUNET_break (0); + return 17; + } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Received valid signature\n"); + break; + default: + /* unexpected error */ + GNUNET_break (0); + return 7; + } + } + return 0; +} + + +/** + * Benchmark signing logic. + * + * @param esh handle to the helper + * @return 0 on success + */ +static int +perf_signing (struct TALER_CRYPTO_ExchangeSignHelper *esh) +{ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose = { + .purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST), + .size = htonl (sizeof (purpose)), + }; + struct GNUNET_TIME_Relative duration; + + duration = GNUNET_TIME_UNIT_ZERO; + for (unsigned int j = 0; j<NUM_SIGN_TESTS;) + { + struct GNUNET_TIME_Relative delay; + struct TALER_ExchangePublicKeyP exchange_pub; + struct TALER_ExchangeSignatureP exchange_sig; + enum TALER_ErrorCode ec; + struct GNUNET_TIME_Absolute start; + + TALER_CRYPTO_helper_esign_poll (esh); + start = GNUNET_TIME_absolute_get (); + ec = TALER_CRYPTO_helper_esign_sign_ (esh, + &purpose, + &exchange_pub, + &exchange_sig); + if (TALER_EC_NONE != ec) + { + GNUNET_break (0); + return 42; + } + delay = GNUNET_TIME_absolute_get_duration (start); + duration = GNUNET_TIME_relative_add (duration, + delay); + j++; + } /* for j */ + fprintf (stderr, + "%u (sequential) signature operations took %s\n", + (unsigned int) NUM_SIGN_TESTS, + GNUNET_STRINGS_relative_time_to_string (duration, + GNUNET_YES)); + return 0; +} + + +/** + * Main entry point into the test logic with the helper already running. + */ +static int +run_test (void) +{ + struct GNUNET_CONFIGURATION_Handle *cfg; + struct TALER_CRYPTO_ExchangeSignHelper *esh; + struct timespec req = { + .tv_nsec = 250000000 + }; + int ret; + + cfg = GNUNET_CONFIGURATION_create (); + if (GNUNET_OK != + GNUNET_CONFIGURATION_load (cfg, + "test_helper_eddsa.conf")) + { + GNUNET_break (0); + return 77; + } + esh = TALER_CRYPTO_helper_esign_connect (cfg, + &key_cb, + NULL); + GNUNET_CONFIGURATION_destroy (cfg); + if (NULL == esh) + { + GNUNET_break (0); + return 1; + } + /* wait for helper to start and give us keys */ + fprintf (stderr, "Waiting for helper to start "); + for (unsigned int i = 0; i<1000; i++) + { + TALER_CRYPTO_helper_esign_poll (esh); + if (0 != num_keys) + break; + nanosleep (&req, NULL); + fprintf (stderr, "."); + } + if (0 == num_keys) + { + fprintf (stderr, + "\nFAILED: timeout trying to connect to helper\n"); + TALER_CRYPTO_helper_esign_disconnect (esh); + return 1; + } + fprintf (stderr, + "\nOK: Helper ready (%u keys)\n", + num_keys); + + ret = 0; + if (0 == ret) + ret = test_revocation (esh); + if (0 == ret) + ret = test_signing (esh); + if (0 == ret) + ret = perf_signing (esh); + TALER_CRYPTO_helper_esign_disconnect (esh); + /* clean up our state */ + for (unsigned int i = 0; i<MAX_KEYS; i++) + if (keys[i].valid) + { + keys[i].valid = false; + GNUNET_assert (num_keys > 0); + num_keys--; + } + return ret; +} + + +int +main (int argc, + const char *const argv[]) +{ + struct GNUNET_OS_Process *helper; + char *libexec_dir; + char *binary_name; + int ret; + enum GNUNET_OS_ProcessStatusType type; + unsigned long code; + + (void) argc; + (void) argv; + GNUNET_log_setup ("test-helper-eddsa", + "WARNING", + NULL); + GNUNET_OS_init (TALER_project_data_default ()); + libexec_dir = GNUNET_OS_installation_get_path (GNUNET_OS_IPK_LIBEXECDIR); + GNUNET_asprintf (&binary_name, + "%s/%s", + libexec_dir, + "taler-helper-crypto-eddsa"); + GNUNET_free (libexec_dir); + helper = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_ERR, + NULL, NULL, NULL, + binary_name, + binary_name, + "-c", + "test_helper_eddsa.conf", + "-L", + "WARNING", + NULL); + if (NULL == helper) + { + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, + "exec", + binary_name); + GNUNET_free (binary_name); + return 77; + } + GNUNET_free (binary_name); + ret = run_test (); + + GNUNET_OS_process_kill (helper, + SIGTERM); + if (GNUNET_OK != + GNUNET_OS_process_wait_status (helper, + &type, + &code)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Helper process did not die voluntarily, killing hard\n"); + GNUNET_OS_process_kill (helper, + SIGKILL); + ret = 4; + } + else if ( (GNUNET_OS_PROCESS_EXITED != type) || + (0 != code) ) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Helper died with unexpected status %d/%d\n", + (int) type, + (int) code); + ret = 5; + } + GNUNET_OS_process_destroy (helper); + return ret; +} + + +/* end of test_helper_eddsa.c */ |