diff options
Diffstat (limited to 'src/exchange-tools')
-rw-r--r-- | src/exchange-tools/Makefile.am | 17 | ||||
-rw-r--r-- | src/exchange-tools/taler-exchange-keycheck.c | 336 | ||||
-rwxr-xr-x | src/exchange-tools/test_taler_exchange_keyup.sh | 142 |
3 files changed, 0 insertions, 495 deletions
diff --git a/src/exchange-tools/Makefile.am b/src/exchange-tools/Makefile.am index e60963035..43954c446 100644 --- a/src/exchange-tools/Makefile.am +++ b/src/exchange-tools/Makefile.am @@ -15,7 +15,6 @@ endif bin_PROGRAMS = \ taler-auditor-offline \ taler-exchange-keyup \ - taler-exchange-keycheck \ taler-exchange-offline \ taler-exchange-wire \ taler-exchange-dbinit @@ -76,16 +75,6 @@ taler_exchange_wire_LDADD = \ $(XLIB) taler_exchange_wire_LDFLAGS = $(POSTGRESQL_LDFLAGS) -taler_exchange_keycheck_SOURCES = \ - taler-exchange-keycheck.c -taler_exchange_keycheck_LDADD = \ - $(LIBGCRYPT_LIBS) \ - $(top_builddir)/src/util/libtalerutil.la \ - $(top_builddir)/src/exchangedb/libtalerexchangedb.la \ - -lgnunetutil \ - $(XLIB) -taler_exchange_keycheck_LDFLAGS = $(POSTGRESQL_LDFLAGS) - taler_exchange_dbinit_SOURCES = \ taler-exchange-dbinit.c taler_exchange_dbinit_LDADD = \ @@ -107,12 +96,6 @@ taler_exchange_dbinit_CPPFLAGS = \ AM_TESTS_ENVIRONMENT=export TALER_PREFIX=$${TALER_PREFIX:-@libdir@};export PATH=$${TALER_PREFIX:-@prefix@}/bin:$$PATH; -check_SCRIPTS = \ - test_taler_exchange_keyup.sh - -TESTS = \ - $(check_SCRIPTS) - # Distribution EXTRA_DIST = \ diff --git a/src/exchange-tools/taler-exchange-keycheck.c b/src/exchange-tools/taler-exchange-keycheck.c deleted file mode 100644 index 917ca879f..000000000 --- a/src/exchange-tools/taler-exchange-keycheck.c +++ /dev/null @@ -1,336 +0,0 @@ -/* - This file is part of TALER - Copyright (C) 2014, 2015, 2016 Taler Systems SA - - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. - - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along with - TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> -*/ -/** - * @file taler-exchange-keycheck.c - * @brief Check exchange keys for validity. Reads the signing and denomination - * keys from the exchange directory and checks to make sure they are - * well-formed. This is purely a diagnostic tool. - * @author Florian Dold - * @author Benedikt Mueller - * @author Christian Grothoff - */ -#include <platform.h> -#include <gnunet/gnunet_util_lib.h> -#include "taler_exchangedb_lib.h" - -/** - * Exchange directory with the keys. - */ -static char *exchange_directory; - -/** - * Our configuration. - */ -static const struct GNUNET_CONFIGURATION_Handle *kcfg; - -/** - * Return value from main(). - */ -static int global_ret; - -/** - * Option -i used to print full denomination key hashes for - * denominations of certain amounts. - */ -static struct TALER_Amount print_dk_amount; - - -/** - * Function called on each signing key. - * - * @param cls closure (NULL) - * @param filename name of the file the key came from - * @param ski the sign key - * @return #GNUNET_OK to continue to iterate, - * #GNUNET_NO to stop iteration with no error, - * #GNUNET_SYSERR to abort iteration with error! - */ -static int -signkeys_iter (void *cls, - const char *filename, - const struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP *ski) -{ - (void) cls; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Iterating over key `%s' for start time %s\n", - filename, - GNUNET_STRINGS_absolute_time_to_string - (GNUNET_TIME_absolute_ntoh (ski->issue.start))); - - if (ntohl (ski->issue.purpose.size) != - (sizeof (struct TALER_ExchangeSigningKeyValidityPS))) - { - fprintf (stderr, - "Signing key `%s' has invalid purpose size\n", - filename); - return GNUNET_SYSERR; - } - if ( (0 != GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us - % 1000000) || - (0 != GNUNET_TIME_absolute_ntoh (ski->issue.expire).abs_value_us - % 1000000) || - (0 != GNUNET_TIME_absolute_ntoh (ski->issue.end).abs_value_us - % 1000000) ) - { - fprintf (stderr, - "Timestamps are not multiples of a round second\n"); - return GNUNET_SYSERR; - } - - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, - &ski->issue, - &ski->master_sig.eddsa_signature, - &ski->issue.master_public_key.eddsa_pub)) - { - fprintf (stderr, - "Signing key `%s' has invalid signature\n", - filename); - return GNUNET_SYSERR; - } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Signing key `%s' valid\n", - filename); - return GNUNET_OK; -} - - -/** - * Check signing keys. - * - * @return #GNUNET_OK if the keys are OK - * #GNUNET_NO if not - */ -static int -exchange_signkeys_check () -{ - if (0 > TALER_EXCHANGEDB_signing_keys_iterate (exchange_directory, - &signkeys_iter, - NULL)) - return GNUNET_NO; - return GNUNET_OK; -} - - -/** - * Function called on each denomination key. - * - * @param cls closure (NULL) - * @param dki the denomination key - * @param alias coin alias - * @return #GNUNET_OK to continue to iterate, - * #GNUNET_NO to stop iteration with no error, - * #GNUNET_SYSERR to abort iteration with error! - */ -static int -denomkeys_iter (void *cls, - const char *alias, - const struct - TALER_EXCHANGEDB_DenominationKey *dki) -{ - struct GNUNET_HashCode hc; - struct TALER_Amount value; - - (void) cls; - if (ntohl (dki->issue.properties.purpose.size) != - sizeof (struct TALER_DenominationKeyValidityPS)) - { - fprintf (stderr, - "Denomination key for `%s' has invalid purpose size\n", - alias); - return GNUNET_SYSERR; - } - - if ( (0 != GNUNET_TIME_absolute_ntoh ( - dki->issue.properties.start).abs_value_us % 1000000) || - (0 != GNUNET_TIME_absolute_ntoh ( - dki->issue.properties.expire_withdraw).abs_value_us % 1000000) || - (0 != GNUNET_TIME_absolute_ntoh ( - dki->issue.properties.expire_legal).abs_value_us % 1000000) || - (0 != GNUNET_TIME_absolute_ntoh ( - dki->issue.properties.expire_deposit).abs_value_us % 1000000) ) - { - fprintf (stderr, - "Timestamps are not multiples of a round second\n"); - return GNUNET_SYSERR; - } - - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify ( - TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY, - &dki->issue.properties, - &dki->issue.signature.eddsa_signature, - &dki->issue.properties.master.eddsa_pub)) - { - fprintf (stderr, - "Denomination key for `%s' has invalid signature\n", - alias); - return GNUNET_SYSERR; - } - GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub.rsa_public_key, - &hc); - if (0 != GNUNET_memcmp (&hc, - &dki->issue.properties.denom_hash)) - { - fprintf (stderr, - "Public key for `%s' does not match signature\n", - alias); - return GNUNET_SYSERR; - } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Denomination key `%s' (%s) is valid\n", - alias, - GNUNET_h2s (&hc)); - TALER_amount_ntoh (&value, - &dki->issue.properties.value); - if ( (GNUNET_OK == - TALER_amount_cmp_currency (&print_dk_amount, - &value)) && - (0 == - TALER_amount_cmp (&print_dk_amount, - &value)) ) - { - char *dh; - struct GNUNET_TIME_Absolute start; - - start = GNUNET_TIME_absolute_ntoh (dki->issue.properties.start); - dh = GNUNET_STRINGS_data_to_string_alloc (&dki->issue.properties.denom_hash, - sizeof (struct GNUNET_HashCode)); - /* output start time first for easy numeric sorting, then - the denomination hash, and finally the human-readable start time */ - printf ("%020llu %s %s\n", - (unsigned long long) start.abs_value_us, - dh, - GNUNET_STRINGS_absolute_time_to_string (start)); - GNUNET_free (dh); - } - return GNUNET_OK; -} - - -/** - * Check denomination keys. - * - * @return #GNUNET_OK if the keys are OK - * #GNUNET_NO if not - */ -static int -exchange_denomkeys_check () -{ - struct TALER_MasterPublicKeyP master_public_key_from_cfg; - - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_data (kcfg, - "exchange", - "master_public_key", - &master_public_key_from_cfg, - sizeof (struct - GNUNET_CRYPTO_EddsaPublicKey))) - { - GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "exchange", - "master_public_key"); - return GNUNET_NO; - } - if (0 > TALER_EXCHANGEDB_denomination_keys_iterate (exchange_directory, - &denomkeys_iter, - NULL)) - return GNUNET_NO; - return GNUNET_OK; -} - - -/** - * Main function that will be run. - * - * @param cls closure - * @param args remaining command-line arguments - * @param cfgfile name of the configuration file used (for saving, can be NULL!) - * @param cfg configuration - */ -static void -run (void *cls, - char *const *args, - const char *cfgfile, - const struct GNUNET_CONFIGURATION_Handle *cfg) -{ - (void) cls; - (void) args; - (void) cfgfile; - kcfg = cfg; - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_filename (kcfg, - "exchange", - "KEYDIR", - &exchange_directory)) - { - GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "exchange", - "KEYDIR"); - global_ret = 1; - return; - } - - if ( (GNUNET_OK != exchange_signkeys_check ()) || - (GNUNET_OK != exchange_denomkeys_check ()) ) - { - global_ret = 1; - return; - } -} - - -/** - * The main function of the keyup tool - * - * @param argc number of arguments from the command line - * @param argv command line arguments - * @return 0 ok, 1 on error - */ -int -main (int argc, - char *const *argv) -{ - const struct GNUNET_GETOPT_CommandLineOption options[] = { - TALER_getopt_get_amount ('i', - "denomination-info-hash", - "AMOUNT", - "print full denomination hashes of all denominations with the given AMOUNT value", - &print_dk_amount), - GNUNET_GETOPT_OPTION_END - }; - - /* force linker to link against libtalerutil; if we do - not do this, the linker may "optimize" libtalerutil - away and skip #TALER_OS_init(), which we do need */ - (void) TALER_project_data_default (); - GNUNET_assert (GNUNET_OK == - GNUNET_log_setup ("taler-exchange-keycheck", - "WARNING", - NULL)); - if (GNUNET_OK != - GNUNET_PROGRAM_run (argc, argv, - "taler-exchange-keycheck", - "Check keys of the exchange for validity", - options, - &run, NULL)) - return 1; - return global_ret; - -} - - -/* end of taler-exchange-keycheck.c */ diff --git a/src/exchange-tools/test_taler_exchange_keyup.sh b/src/exchange-tools/test_taler_exchange_keyup.sh deleted file mode 100755 index 26f7fe131..000000000 --- a/src/exchange-tools/test_taler_exchange_keyup.sh +++ /dev/null @@ -1,142 +0,0 @@ -#!/bin/bash -# -# This file is part of TALER -# Copyright (C) 2015-2020 Taler Systems SA -# -# TALER is free software; you can redistribute it and/or modify it under the -# terms of the GNU Affero General Public License as published by the Free Software -# Foundation; either version 3, or (at your option) any later version. -# -# TALER is distributed in the hope that it will be useful, but WITHOUT ANY -# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR -# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License along with -# TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/> -# -# -# This script uses 'curl' to POST various ill-formed requests to the -# taler-exchange-httpd. Basically, the goal is to make sure that the -# HTTP server survives (and produces the 'correct' error code). -# -# -# Clear environment from variables that override config. -unset XDG_DATA_HOME -unset XDG_CONFIG_HOME -# - - -# Exit, with status code "skip" (no 'real' failure) -function exit_skip() { - echo $1 - exit 77 -} - -# test required commands exist -echo -n "Testing for jq ..." -jq -h > /dev/null || exit_skip "jq required" -echo " OK" - -CONF="-c test_taler_exchange_httpd.conf" - -echo -n "Launching exchange ..." -PREFIX= -# Uncomment this line to run with valgrind... -# PREFIX="valgrind --leak-check=yes --track-fds=yes --error-exitcode=1 --log-file=valgrind.%p" - -# Setup database -taler-exchange-dbinit $CONF &> /dev/null -# Setup keys. -taler-exchange-keyup $CONF &> /dev/null || exit 1 -# Setup wire accounts. -taler-exchange-wire $CONF > /dev/null || exit 1 -# Run Exchange HTTPD (in background) -$PREFIX taler-exchange-httpd $CONF 2> test-exchange.log & - -# Give HTTP time to start - -for n in `seq 1 100` -do - echo -n "." - sleep 0.1 - OK=1 - wget http://localhost:8081/ -o /dev/null -O /dev/null >/dev/null && break - OK=0 -done -if [ 1 != $OK ] -then - echo "Failed to launch exchange" - kill -TERM $! - wait $! - echo Process status: $? - exit 77 -fi -echo " DONE" - -# Finally run test... -echo -n "Running tests ... " - -# Revoke active denomination key -REVOKE_DENOM_HASH=`taler-exchange-keycheck $CONF -i EUR:1 | sort | head -n1 | awk '{print $2}'` -REVOKE_DENOM_TIME=`taler-exchange-keycheck $CONF -i EUR:1 | sort | head -n1 | awk '{print $1}'` - -taler-exchange-keyup $CONF -r "$REVOKE_DENOM_HASH" -k 1024 - -# check revocation file exists -RDIR=`taler-config $CONF -f -s exchange -o REVOCATION_DIR` -if [ -f "$RDIR"/$REVOKE_DENOM_HASH.rev ] -then - echo -n "REV-OK " -else - echo -n "REV-FAIL ($RDIR) " - RET=1 -fi - -# Check we now have two keys for that timestamp -CNT=`taler-exchange-keycheck $CONF -i EUR:1 | awk '{print $1}' | grep -- "$REVOKE_DENOM_TIME" | wc -l` - -if [ x2 != x${CNT} ] -then - echo -n "CNT-FAIL (${CNT}) " - RET=1 -else - echo -n "CNT-OK " -fi - -# Reload keys (and revocation data) at the exchange -kill -SIGUSR1 $! - -# Give exchange chance to parse and reload keys -sleep 5 - -# Download (updated) keys -wget http://localhost:8081/keys -O keys.json -o /dev/null >/dev/null - -RK=`jq -er .recoup[0].h_denom_pub < keys.json` -if [ x$RK != x$REVOKE_DENOM_HASH ] -then - echo -n "KEYS-FAIL ($RK vs $REVOKE_DENOM_HASH)" - RET=1 -else - echo -n "KEYS-OK" -fi - -echo " DONE" -# $! is the last backgrounded process, hence the exchange -kill -TERM $! -wait $! -if [ 0 != $? ] -then - RET=4 -fi - -echo "Final cleanup" -# Can't leave revocations around, would mess up next test run -rm -r "$RDIR" -# Also cleaning up live keys, as otherwise we have two for the revoked denomination type next time -KDIR=`taler-config $CONF -f -s exchange -o KEYDIR` -rm -r "$KDIR" -# Clean up our temporary file -rm keys.json - -exit $RET |