aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-09-19 16:34:27 +0200
committerChristian Grothoff <christian@grothoff.org>2015-09-19 16:34:27 +0200
commit37a84c5af7b466bef1d4ca4b18999e8b6ef590f2 (patch)
tree2b71b3b6f6371decf90065bb744c49f61582882d /src
parent00b697c405d3d1dfae102eb1223cb07509f680a9 (diff)
finish implementing #3847
Diffstat (limited to 'src')
-rw-r--r--src/include/taler_mintdb_lib.h14
-rw-r--r--src/mint-tools/Makefile.am10
-rw-r--r--src/mint-tools/taler-auditor-sign.c82
-rw-r--r--src/mint/taler-mint-httpd_keystate.c54
-rw-r--r--src/mintdb/mintdb_keyio.c25
5 files changed, 108 insertions, 77 deletions
diff --git a/src/include/taler_mintdb_lib.h b/src/include/taler_mintdb_lib.h
index b7f28cffe..7dfef8dc5 100644
--- a/src/include/taler_mintdb_lib.h
+++ b/src/include/taler_mintdb_lib.h
@@ -212,10 +212,10 @@ TALER_MINTDB_denomination_key_read (const char *filename,
*
* @param cls closure
* @param apub the auditor's public key
- * @param asig the auditor's signature
* @param mpub the mint's public key (as expected by the auditor)
- * @param dki_len length of @a dki
- * @param dki array of denomination coin data signed by the auditor
+ * @param dki_len length of @a asig and @a dki arrays
+ * @param asigs array of the auditor's signatures over the @a dks, of length @a dki_len
+ * @param dki array of denomination coin data signed by the auditor, of length @a dki_len
* @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error,
* #GNUNET_SYSERR to abort iteration with error!
@@ -223,9 +223,9 @@ TALER_MINTDB_denomination_key_read (const char *filename,
typedef int
(*TALER_MINTDB_AuditorIterator)(void *cls,
const struct TALER_AuditorPublicKeyP *apub,
- const struct TALER_AuditorSignatureP *asig,
const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len,
+ const struct TALER_AuditorSignatureP *asigs,
const struct TALER_DenominationKeyValidityPS *dki);
@@ -253,16 +253,16 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,
*
* @param filename the file where to write the auditor information to
* @param apub the auditor's public key
- * @param asig the auditor's signature
+ * @param asigs the auditor's signatures, array of length @a dki_len
* @param mpub the mint's public key (as expected by the auditor)
- * @param dki_len length of @a dki
+ * @param dki_len length of @a dki and @a asigs arrays
* @param dki array of denomination coin data signed by the auditor
* @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure.
*/
int
TALER_MINTDB_auditor_write (const char *filename,
const struct TALER_AuditorPublicKeyP *apub,
- const struct TALER_AuditorSignatureP *asig,
+ const struct TALER_AuditorSignatureP *asigs,
const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len,
const struct TALER_DenominationKeyValidityPS *dki);
diff --git a/src/mint-tools/Makefile.am b/src/mint-tools/Makefile.am
index a1b1302de..94b8fb391 100644
--- a/src/mint-tools/Makefile.am
+++ b/src/mint-tools/Makefile.am
@@ -7,6 +7,7 @@ if USE_COVERAGE
endif
bin_PROGRAMS = \
+ taler-auditor-sign \
taler-mint-keyup \
taler-mint-keycheck \
taler-mint-reservemod \
@@ -15,7 +16,6 @@ bin_PROGRAMS = \
taler_mint_keyup_SOURCES = \
taler-mint-keyup.c
-
taler_mint_keyup_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
@@ -24,6 +24,14 @@ taler_mint_keyup_LDADD = \
-lgnunetutil $(XLIB)
taler_mint_keyup_LDFLAGS = $(POSTGRESQL_LDFLAGS)
+taler_auditor_sign_SOURCES = \
+ taler-auditor-sign.c
+taler_auditor_sign_LDADD = \
+ $(LIBGCRYPT_LIBS) \
+ $(top_builddir)/src/util/libtalerutil.la \
+ $(top_builddir)/src/mintdb/libtalermintdb.la \
+ -lgnunetutil $(XLIB)
+
taler_mint_sepa_SOURCES = \
taler-mint-sepa.c
diff --git a/src/mint-tools/taler-auditor-sign.c b/src/mint-tools/taler-auditor-sign.c
index 8d180790f..bd37e68de 100644
--- a/src/mint-tools/taler-auditor-sign.c
+++ b/src/mint-tools/taler-auditor-sign.c
@@ -50,11 +50,6 @@ static char *mint_request_file;
static char *output_file;
/**
- * Handle to the auditor's configuration
- */
-static struct GNUNET_CONFIGURATION_Handle *kcfg;
-
-/**
* Master public key of the mint.
*/
static struct TALER_MasterPublicKeyP master_public_key;
@@ -101,16 +96,16 @@ print_dk (const struct TALER_DenominationKeyValidityPS *dk)
fprintf (stdout,
"Validity start time: %s\n",
- GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->start)));
+ GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->start)));
fprintf (stdout,
"Withdraw end time: %s\n",
- GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_withdraw)));
+ GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_withdraw)));
fprintf (stdout,
"Deposit end time: %s\n",
- GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_spend)));
+ GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_spend)));
fprintf (stdout,
"Legal dispute end time: %s\n",
- GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_legal)));
+ GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_legal)));
fprintf (stdout,
"\n");
@@ -150,12 +145,12 @@ main (int argc,
GNUNET_GETOPT_OPTION_END
};
struct GNUNET_CRYPTO_EddsaPrivateKey *eddsa_priv;
- struct TALER_AuditorSignatureP sig;
+ struct TALER_AuditorSignatureP *sigs;
struct TALER_AuditorPublicKeyP apub;
struct GNUNET_DISK_FileHandle *fh;
struct TALER_DenominationKeyValidityPS *dks;
unsigned int dks_len;
- struct TALER_MintKeyValidityPS *ap;
+ struct TALER_MintKeyValidityPS kv;
off_t in_size;
unsigned int i;
@@ -187,6 +182,7 @@ main (int argc,
{
fprintf (stderr,
"Mint public key not given\n");
+ GNUNET_free (eddsa_priv);
return 1;
}
if (GNUNET_OK !=
@@ -198,12 +194,14 @@ main (int argc,
fprintf (stderr,
"Public key `%s' malformed\n",
mint_public_key);
+ GNUNET_free (eddsa_priv);
return 1;
}
if (NULL == mint_request_file)
{
fprintf (stderr,
"Mint signing request not given\n");
+ GNUNET_free (eddsa_priv);
return 1;
}
fh = GNUNET_DISK_file_open (mint_request_file,
@@ -215,6 +213,7 @@ main (int argc,
"Failed to open file `%s': %s\n",
mint_request_file,
STRERROR (errno));
+ GNUNET_free (eddsa_priv);
return 1;
}
if (GNUNET_OK !=
@@ -226,6 +225,7 @@ main (int argc,
mint_request_file,
STRERROR (errno));
GNUNET_DISK_file_close (fh);
+ GNUNET_free (eddsa_priv);
return 1;
}
if (0 != (in_size % sizeof (struct TALER_DenominationKeyValidityPS)))
@@ -234,16 +234,17 @@ main (int argc,
"Input file size of file `%s' is invalid\n",
mint_request_file);
GNUNET_DISK_file_close (fh);
+ GNUNET_free (eddsa_priv);
return 1;
}
dks_len = in_size / sizeof (struct TALER_DenominationKeyValidityPS);
- ap = GNUNET_malloc (sizeof (struct TALER_MintKeyValidityPS) +
- in_size);
- ap.purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_MINT_KEYS);
- ap.purpose.size = htonl (sizeof (struct TALER_MintKeyValidityPS) +
- in_size);
- ap.master = master_public_key;
- dks = (struct TALER_DenominationKeyValidityPS *) &ap[1];
+ kv.purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_MINT_KEYS);
+ kv.purpose.size = htonl (sizeof (struct TALER_MintKeyValidityPS));
+ kv.master = master_public_key;
+ dks = GNUNET_new_array (dks_len,
+ struct TALER_DenominationKeyValidityPS);
+ sigs = GNUNET_new_array (dks_len,
+ struct TALER_AuditorSignatureP);
if (in_size !=
GNUNET_DISK_file_read (fh,
dks,
@@ -254,34 +255,51 @@ main (int argc,
mint_request_file,
STRERROR (errno));
GNUNET_DISK_file_close (fh);
- GNUNET_free (ap);
+ GNUNET_free (sigs);
+ GNUNET_free (dks);
+ GNUNET_free (eddsa_priv);
return 1;
}
GNUNET_DISK_file_close (fh);
- if (verbose)
+ for (i=0;i<dks_len;i++)
{
- for (i=0;i<dks_len;i++)
- print_dk (&dks[i]);
+ struct TALER_DenominationKeyValidityPS *dk = &dks[i];
+
+ if (verbose)
+ print_dk (dk);
+ kv.start = dk->start;
+ kv.expire_withdraw = dk->expire_withdraw;
+ kv.expire_spend = dk->expire_spend;
+ kv.expire_legal = dk->expire_legal;
+ kv.value = dk->value;
+ kv.fee_withdraw = dk->fee_withdraw;
+ kv.fee_deposit = dk->fee_deposit;
+ kv.fee_refresh = dk->fee_refresh;
+ kv.denom_hash = dk->denom_hash;
+
+ /* Finally sign ... */
+ GNUNET_CRYPTO_eddsa_sign (eddsa_priv,
+ &kv.purpose,
+ &sigs[i].eddsa_sig);
+
+
}
if (NULL == output_file)
{
fprintf (stderr,
"Output file not given\n");
- GNUNET_free (ap);
+ GNUNET_free (dks);
+ GNUNET_free (sigs);
+ GNUNET_free (eddsa_priv);
return 1;
}
- /* Finally sign ... */
- GNUNET_CRYPTO_eddsa_sign (eddsa_priv,
- &ap->purpose,
- &sig.eddsa_sig);
-
/* write result to disk */
if (GNUNET_OK !=
TALER_MINTDB_auditor_write (output_file,
&apub,
- &sig,
+ sigs,
&master_public_key,
dks_len,
dks))
@@ -290,10 +308,12 @@ main (int argc,
"Failed to write to file `%s': %s\n",
output_file,
STRERROR (errno));
- GNUNET_free (ap);
+ GNUNET_free (sigs);
+ GNUNET_free (dks);
return 1;
}
- GNUNET_free (ap);
+ GNUNET_free (sigs);
+ GNUNET_free (dks);
GNUNET_free (eddsa_priv);
return 0;
}
diff --git a/src/mint/taler-mint-httpd_keystate.c b/src/mint/taler-mint-httpd_keystate.c
index 608e791b7..939d57d03 100644
--- a/src/mint/taler-mint-httpd_keystate.c
+++ b/src/mint/taler-mint-httpd_keystate.c
@@ -417,16 +417,16 @@ reload_keys_sign_iter (void *cls,
* Convert information from an auditor to a JSON object.
*
* @param apub the auditor's public key
- * @param asig the auditor's signature
- * @param dki_len length of @a dki
+ * @param dki_len length of @a dki and @a asigs arrays
+ * @param asigs the auditor's signatures
* @param dki array of denomination coin data signed by the auditor
* @return a JSON object describing the auditor information and signature
*/
static json_t *
auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
- const struct TALER_AuditorSignatureP *asig,
unsigned int dki_len,
- const struct TALER_DenominationKeyValidityPS *dki)
+ const struct TALER_AuditorSignatureP **asigs,
+ const struct TALER_DenominationKeyValidityPS **dki)
{
unsigned int i;
json_t *ja;
@@ -434,19 +434,19 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
ja = json_array ();
for (i=0;i<dki_len;i++)
json_array_append_new (ja,
- json_pack ("{s:o}",
+ json_pack ("{s:o, s:o}",
"denom_pub_h",
- TALER_json_from_data (&dki->denom_hash,
- sizeof (struct GNUNET_HashCode))));
+ TALER_json_from_data (&dki[i]->denom_hash,
+ sizeof (struct GNUNET_HashCode)),
+ "auditor_sig",
+ TALER_json_from_data (asigs[i],
+ sizeof (struct TALER_AuditorSignatureP))));
return
- json_pack ("{s:o, s:o, s:o}",
+ json_pack ("{s:o, s:o}",
"denomination_keys", ja,
"auditor_pub",
TALER_json_from_data (apub,
- sizeof (struct TALER_AuditorPublicKeyP)),
- "auditor_sig",
- TALER_json_from_data (asig,
- sizeof (struct TALER_AuditorSignatureP)));
+ sizeof (struct TALER_AuditorPublicKeyP)));
}
@@ -458,9 +458,9 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
*
* @param cls closure with the `struct TMH_KS_StateHandle *`
* @param apub the auditor's public key
- * @param asig the auditor's signature
* @param mpub the mint's public key (as expected by the auditor)
- * @param dki_len length of @a dki
+ * @param dki_len length of @a dki and @a asigs
+ * @param asigs array with the auditor's signatures, of length @a dki_len
* @param dki array of denomination coin data signed by the auditor
* @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error,
@@ -469,14 +469,16 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
static int
reload_auditor_iter (void *cls,
const struct TALER_AuditorPublicKeyP *apub,
- const struct TALER_AuditorSignatureP *asig,
const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len,
+ const struct TALER_AuditorSignatureP *asigs,
const struct TALER_DenominationKeyValidityPS *dki)
{
struct TMH_KS_StateHandle *ctx = cls;
unsigned int i;
- int found;
+ unsigned int keep;
+ const struct TALER_AuditorSignatureP *kept_asigs[dki_len];
+ const struct TALER_DenominationKeyValidityPS *kept_dkis[dki_len];
/* Check if the signature is at least for this mint. */
if (0 != memcmp (&mpub->eddsa_pub,
@@ -487,28 +489,26 @@ reload_auditor_iter (void *cls,
"Auditing information provided for a different mint, ignored\n");
return GNUNET_OK;
}
- /* check if there is an overlap between the set of keys signed by
- the auditor and the denomination keys that are active right now */
- found = GNUNET_NO;
+ /* Filter the auditor information for those for which the
+ keys actually match the denomination keys that are active right now */
+ keep = 0;
for (i=0;i<dki_len;i++)
{
if (GNUNET_YES ==
GNUNET_CONTAINER_multihashmap_contains (ctx->denomkey_map,
&dki[i].denom_hash))
{
- found = GNUNET_YES;
- break;
+ kept_asigs[keep] = &asigs[i];
+ kept_dkis[keep] = &dki[i];
+ keep++;
}
}
- if (GNUNET_NO == found)
- return GNUNET_OK; /* None of the keys are relevant for us right now,
- so skip this auditor signature */
/* add auditor information to our /keys response */
json_array_append_new (ctx->auditors_array,
auditor_to_json (apub,
- asig,
- dki_len,
- dki));
+ keep,
+ kept_asigs,
+ kept_dkis));
return GNUNET_OK;
}
diff --git a/src/mintdb/mintdb_keyio.c b/src/mintdb/mintdb_keyio.c
index b7cdcf506..5bfe5bb12 100644
--- a/src/mintdb/mintdb_keyio.c
+++ b/src/mintdb/mintdb_keyio.c
@@ -383,11 +383,6 @@ struct AuditorFileHeaderP
struct TALER_AuditorPublicKeyP apub;
/**
- * Signature from the auditor.
- */
- struct TALER_AuditorSignatureP asig;
-
- /**
* Master public key of the mint the auditor is signing
* information for.
*/
@@ -415,6 +410,7 @@ auditor_iter (void *cls,
struct AuditorIterateContext *aic = cls;
uint64_t size;
struct AuditorFileHeaderP *af;
+ const struct TALER_AuditorSignatureP *sigs;
const struct TALER_DenominationKeyValidityPS *dki;
unsigned int len;
int ret;
@@ -431,7 +427,8 @@ auditor_iter (void *cls,
}
if ( (size < sizeof (struct AuditorFileHeaderP)) ||
(0 != (len = ((size - sizeof (struct AuditorFileHeaderP)) %
- sizeof (struct TALER_DenominationKeyValidityPS)))) )
+ (sizeof (struct TALER_DenominationKeyValidityPS) +
+ sizeof (struct TALER_AuditorSignatureP))))) )
{
GNUNET_break (0);
return GNUNET_SYSERR;
@@ -448,12 +445,13 @@ auditor_iter (void *cls,
GNUNET_free (af);
return GNUNET_SYSERR;
}
- dki = (const struct TALER_DenominationKeyValidityPS *) &af[1];
+ sigs = (const struct TALER_AuditorSignatureP *) &af[1];
+ dki = (const struct TALER_DenominationKeyValidityPS *) &sigs[len];
ret = aic->it (aic->it_cls,
&af->apub,
- &af->asig,
&af->mpub,
len,
+ sigs,
dki);
GNUNET_free (af);
return ret;
@@ -500,7 +498,7 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,
*
* @param filename the file where to write the auditor information to
* @param apub the auditor's public key
- * @param asig the auditor's signature
+ * @param asigs the auditor's signatures, array of length @a dki_len
* @param mpub the mint's public key (as expected by the auditor)
* @param dki_len length of @a dki
* @param dki array of denomination coin data signed by the auditor
@@ -509,7 +507,7 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,
int
TALER_MINTDB_auditor_write (const char *filename,
const struct TALER_AuditorPublicKeyP *apub,
- const struct TALER_AuditorSignatureP *asig,
+ const struct TALER_AuditorSignatureP *asigs,
const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len,
const struct TALER_DenominationKeyValidityPS *dki)
@@ -522,7 +520,6 @@ TALER_MINTDB_auditor_write (const char *filename,
int eno;
af.apub = *apub;
- af.asig = *asig;
af.mpub = *mpub;
ret = GNUNET_SYSERR;
if (NULL == (fh = GNUNET_DISK_file_open
@@ -537,6 +534,12 @@ TALER_MINTDB_auditor_write (const char *filename,
goto cleanup;
if (wrote != wsize)
goto cleanup;
+ wsize = dki_len * sizeof (struct TALER_AuditorSignatureP);
+ if (wsize ==
+ GNUNET_DISK_file_write (fh,
+ asigs,
+ wsize))
+ ret = GNUNET_OK;
wsize = dki_len * sizeof (struct TALER_DenominationKeyValidityPS);
if (wsize ==
GNUNET_DISK_file_write (fh,