aboutsummaryrefslogtreecommitdiff
path: root/src/util/test_helper_rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/test_helper_rsa.c')
-rw-r--r--src/util/test_helper_rsa.c236
1 files changed, 194 insertions, 42 deletions
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c
index 4cb4a5f18..14b3c4a56 100644
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@@ -75,9 +75,28 @@ struct KeyData
bool revoked;
};
+/**
+ * Array of all the keys we got from the helper.
+ */
static struct KeyData keys[MAX_KEYS];
+/**
+ * Function called with information about available keys for signing. Usually
+ * only called once per key upon connect. Also called again in case a key is
+ * being revoked, in that case with an @a end_time of zero. Stores the keys
+ * status in #keys.
+ *
+ * @param cls closure, NULL
+ * @param section_name name of the denomination type in the configuration;
+ * NULL if the key has been revoked or purged
+ * @param start_time when does the key become available for signing;
+ * zero if the key has been revoked or purged
+ * @param validity_duration how long does the key remain available for signing;
+ * zero if the key has been revoked or purged
+ * @param h_denom_pub hash of the @a denom_pub that is available (or was purged)
+ * @param denom_pub the public key itself, NULL if the key was revoked or purged
+ */
static void
key_cb (void *cls,
const char *section_name,
@@ -136,54 +155,18 @@ key_cb (void *cls,
/**
- * Main entry point into the test logic with the helper already running.
+ * Test key revocation logic.
+ *
+ * @param dh handle to the helper
+ * @return 0 on success
*/
static int
-run_test (void)
+test_revocation (struct TALER_CRYPTO_DenominationHelper *dh)
{
- struct GNUNET_CONFIGURATION_Handle *cfg;
- struct TALER_CRYPTO_DenominationHelper *dh;
struct timespec req = {
.tv_nsec = 250000000
};
- cfg = GNUNET_CONFIGURATION_create ();
- if (GNUNET_OK !=
- GNUNET_CONFIGURATION_load (cfg,
- "test_helper_rsa.conf"))
- {
- GNUNET_break (0);
- return 77;
- }
- dh = TALER_CRYPTO_helper_denom_connect (cfg,
- &key_cb,
- NULL);
- GNUNET_CONFIGURATION_destroy (cfg);
- if (NULL == dh)
- {
- GNUNET_break (0);
- return 1;
- }
- /* wait for helper to start and give us keys */
- fprintf (stderr, "Waiting for helper to start ");
- for (unsigned int i = 0; i<80; i++)
- {
- TALER_CRYPTO_helper_poll (dh);
- if (0 != num_keys)
- break;
- nanosleep (&req, NULL);
- fprintf (stderr, ".");
- }
- if (0 == num_keys)
- {
- fprintf (stderr,
- "\nFAILED: timeout trying to connect to helper\n");
- TALER_CRYPTO_helper_denom_disconnect (dh);
- return 1;
- }
- fprintf (stderr,
- "\nOK: Helper ready (%u keys)\n",
- num_keys);
for (unsigned int i = 0; i<NUM_REVOKES; i++)
{
uint32_t off;
@@ -225,8 +208,177 @@ run_test (void)
break;
}
}
+ return 0;
+}
+/**
+ * Test signing logic.
+ *
+ * @param dh handle to the helper
+ * @return 0 on success
+ */
+static int
+test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
+{
+ struct TALER_DenominationSignature ds;
+ enum TALER_ErrorCode ec;
+ bool success = false;
+ struct GNUNET_HashCode m_hash;
+
+ GNUNET_CRYPTO_hash ("Hello",
+ strlen ("Hello"),
+ &m_hash);
+ for (unsigned int i = 0; i<MAX_KEYS; i++)
+ {
+ if (! keys[i].valid)
+ continue;
+ ds = TALER_CRYPTO_helper_denom_sign (dh,
+ &keys[i].h_denom_pub,
+ &m_hash,
+ sizeof (m_hash),
+ &ec);
+ switch (ec)
+ {
+ case TALER_EC_NONE:
+ if (GNUNET_TIME_absolute_get_remaining (keys[i].start_time).rel_value_us >
+ GNUNET_TIME_UNIT_SECONDS.rel_value_us)
+ {
+ /* key worked too early */
+ GNUNET_break (0);
+ return 4;
+ }
+ if (GNUNET_TIME_absolute_get_duration (keys[i].start_time).rel_value_us >
+ keys[i].validity_duration.rel_value_us)
+ {
+ /* key worked too later */
+ GNUNET_break (0);
+ return 5;
+ }
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_rsa_verify (&m_hash,
+ ds.rsa_signature,
+ keys[i].denom_pub.rsa_public_key))
+ {
+ /* signature invalid */
+ GNUNET_break (0);
+ GNUNET_CRYPTO_rsa_signature_free (ds.rsa_signature);
+ return 6;
+ }
+ GNUNET_CRYPTO_rsa_signature_free (ds.rsa_signature);
+ success = true;
+ break;
+#if FIXME
+ case TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_INVALID:
+ if ( (0 ==
+ GNUNET_TIME_absolute_get_remaining (
+ keys[i].start_time).rel_value_us) &&
+ (GNUNET_TIME_absolute_get_duration (
+ keys[i].start_time).rel_value_us <
+ keys[i].validity_duration.rel_value_us) )
+ {
+ /* key should have worked! */
+ GNUNET_break (0);
+ return 6;
+ }
+ break;
+#endif
+ default:
+ /* unexpected error */
+ GNUNET_break (0);
+ return 7;
+ }
+ }
+ if (! success)
+ {
+ /* no valid key for signing found, also bad */
+ GNUNET_break (0);
+ return 16;
+ }
+
+ /* check signing does not work if the key is unknown */
+ {
+ struct GNUNET_HashCode rnd;
+
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
+ &rnd,
+ sizeof (rnd));
+ (void) TALER_CRYPTO_helper_denom_sign (dh,
+ &rnd,
+ "Hello",
+ strlen ("Hello"),
+ &ec);
+ if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec)
+ {
+ GNUNET_break (0);
+ return 17;
+ }
+ }
+ return 0;
+}
+
+
+/**
+ * Main entry point into the test logic with the helper already running.
+ */
+static int
+run_test (void)
+{
+ struct GNUNET_CONFIGURATION_Handle *cfg;
+ struct TALER_CRYPTO_DenominationHelper *dh;
+ struct timespec req = {
+ .tv_nsec = 250000000
+ };
+ int ret;
+
+ cfg = GNUNET_CONFIGURATION_create ();
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_load (cfg,
+ "test_helper_rsa.conf"))
+ {
+ GNUNET_break (0);
+ return 77;
+ }
+ dh = TALER_CRYPTO_helper_denom_connect (cfg,
+ &key_cb,
+ NULL);
+ GNUNET_CONFIGURATION_destroy (cfg);
+ if (NULL == dh)
+ {
+ GNUNET_break (0);
+ return 1;
+ }
+ /* wait for helper to start and give us keys */
+ fprintf (stderr, "Waiting for helper to start ");
+ for (unsigned int i = 0; i<80; i++)
+ {
+ TALER_CRYPTO_helper_poll (dh);
+ if (0 != num_keys)
+ break;
+ nanosleep (&req, NULL);
+ fprintf (stderr, ".");
+ }
+ if (0 == num_keys)
+ {
+ fprintf (stderr,
+ "\nFAILED: timeout trying to connect to helper\n");
+ TALER_CRYPTO_helper_denom_disconnect (dh);
+ return 1;
+ }
+ fprintf (stderr,
+ "\nOK: Helper ready (%u keys)\n",
+ num_keys);
+
+ ret = 0;
+#if 1
+ if (0 == ret)
+ ret = test_revocation (dh);
+#endif
+#if 0
+ if (0 == ret)
+ ret = test_signing (dh);
+#endif
+
TALER_CRYPTO_helper_denom_disconnect (dh);
/* clean up our state */
for (unsigned int i = 0; i<MAX_KEYS; i++)
@@ -237,7 +389,7 @@ run_test (void)
GNUNET_assert (num_keys > 0);
num_keys--;
}
- return 0;
+ return ret;
}