From 7f902c0fc9bc7e0832d01169e6f580ab671fbf08 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 30 May 2022 13:34:34 +0200 Subject: -sketch API for RSA parallel signing --- contrib/gana | 2 +- src/bank-lib/fakebank.c | 12 +++++- src/exchange/taler-exchange-httpd_keys.c | 36 ++++++++++++------ src/exchange/taler-exchange-wirewatch.c | 18 ++++----- src/include/taler_crypto_lib.h | 58 +++++++++++++++++++++++++---- src/util/crypto_helper_rsa.c | 24 ++++++++---- src/util/test_helper_rsa.c | 64 +++++++++++++++++++------------- 7 files changed, 150 insertions(+), 64 deletions(-) diff --git a/contrib/gana b/contrib/gana index 99d8d9e03..aebd54203 160000 --- a/contrib/gana +++ b/contrib/gana @@ -1 +1 @@ -Subproject commit 99d8d9e0336bacebab5af4ae00c3f685ffd90f60 +Subproject commit aebd5420308d7599aadb8818a82d9ffc89492334 diff --git a/src/bank-lib/fakebank.c b/src/bank-lib/fakebank.c index 66e44e1db..624b4069a 100644 --- a/src/bank-lib/fakebank.c +++ b/src/bank-lib/fakebank.c @@ -2010,6 +2010,11 @@ handle_debit_history (struct TALER_FAKEBANK_Handle *h, { GNUNET_assert (0 == pthread_mutex_unlock (&h->big_lock)); + if (overflow) + return TALER_MHD_reply_with_ec ( + connection, + TALER_EC_BANK_ANCIENT_TRANSACTION_GONE, + NULL); return TALER_MHD_REPLY_JSON_PACK ( connection, MHD_HTTP_OK, @@ -2213,14 +2218,19 @@ handle_credit_history (struct TALER_FAKEBANK_Handle *h, if ( (NULL == t) || overflow) { + GNUNET_free (credit_payto); GNUNET_log (GNUNET_ERROR_TYPE_INFO, "No transactions available, suspending request\n"); - GNUNET_free (credit_payto); if (GNUNET_TIME_relative_is_zero (ha.lp_timeout) && (0 < ha.delta)) { GNUNET_assert (0 == pthread_mutex_unlock (&h->big_lock)); + if (overflow) + return TALER_MHD_reply_with_ec ( + connection, + TALER_EC_BANK_ANCIENT_TRANSACTION_GONE, + NULL); return TALER_MHD_REPLY_JSON_PACK (connection, MHD_HTTP_OK, GNUNET_JSON_pack_array_steal ( diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c index 0fde1d673..a8ca76da9 100644 --- a/src/exchange/taler-exchange-httpd_keys.c +++ b/src/exchange/taler-exchange-httpd_keys.c @@ -2575,12 +2575,18 @@ TEH_keys_denomination_sign_withdraw ( { case TALER_DENOMINATION_RSA: TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_RSA]++; - return TALER_CRYPTO_helper_rsa_sign ( - ksh->helpers->rsadh, - &hd->h_details.h_rsa, - bp->details.rsa_blinded_planchet.blinded_msg, - bp->details.rsa_blinded_planchet.blinded_msg_size, - bs); + { + struct TALER_CRYPTO_RsaSignRequest rsr = { + .h_rsa = &hd->h_details.h_rsa, + .msg = bp->details.rsa_blinded_planchet.blinded_msg, + .msg_size = bp->details.rsa_blinded_planchet.blinded_msg_size + }; + + return TALER_CRYPTO_helper_rsa_sign ( + ksh->helpers->rsadh, + &rsr, + bs); + } case TALER_DENOMINATION_CS: TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_CS]++; return TALER_CRYPTO_helper_cs_sign_withdraw ( @@ -2616,12 +2622,18 @@ TEH_keys_denomination_sign_melt ( { case TALER_DENOMINATION_RSA: TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_RSA]++; - return TALER_CRYPTO_helper_rsa_sign ( - ksh->helpers->rsadh, - &hd->h_details.h_rsa, - bp->details.rsa_blinded_planchet.blinded_msg, - bp->details.rsa_blinded_planchet.blinded_msg_size, - bs); + { + struct TALER_CRYPTO_RsaSignRequest rsr = { + .h_rsa = &hd->h_details.h_rsa, + .msg = bp->details.rsa_blinded_planchet.blinded_msg, + .msg_size = bp->details.rsa_blinded_planchet.blinded_msg_size + }; + + return TALER_CRYPTO_helper_rsa_sign ( + ksh->helpers->rsadh, + &rsr, + bs); + } case TALER_DENOMINATION_CS: TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_CS]++; return TALER_CRYPTO_helper_cs_sign_melt ( diff --git a/src/exchange/taler-exchange-wirewatch.c b/src/exchange/taler-exchange-wirewatch.c index 7a17239d9..342068cad 100644 --- a/src/exchange/taler-exchange-wirewatch.c +++ b/src/exchange/taler-exchange-wirewatch.c @@ -623,17 +623,15 @@ history_cb (void *cls, if (NULL == details) { wa->hh = NULL; - if (TALER_EC_NONE != ec) + if ( (TALER_EC_NONE != ec) || + (MHD_HTTP_OK != http_status) ) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Error fetching history: ec=%u, http_status=%u\n", - (unsigned int) ec, + "Error fetching history: %s (%u)\n", + TALER_ErrorCode_get_hint (ec), http_status); - } - else - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "History response complete\n"); + GNUNET_SCHEDULER_shutdown (); + return GNUNET_OK; } if (wa->started_transaction) { @@ -656,6 +654,8 @@ history_cb (void *cls, GNUNET_SCHEDULER_shutdown (); return GNUNET_OK; } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "No transactions in history response, moving on.\n"); account_completed (wa); return GNUNET_OK; /* will be ignored anyway */ } @@ -831,7 +831,7 @@ lock_shard (void *cls) return; } if (wa->shard_open) - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Shard not completed in time, will try to re-acquire\n"); /* How long we lock a shard depends on the number of workers expected, and how long we usually took to diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 5cc28db01..c4c439af1 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -2326,8 +2326,30 @@ TALER_CRYPTO_helper_rsa_poll (struct TALER_CRYPTO_RsaDenominationHelper *dh); /** - * Request helper @a dh to sign @a msg using the public key corresponding to - * @a h_denom_pub. + * Information needed for an RSA signature request. + */ +struct TALER_CRYPTO_RsaSignRequest +{ + /** + * Hash of the RSA public key. + */ + const struct TALER_RsaPubHashP *h_rsa; + + /** + * Message to be (blindly) signed. + */ + const void *msg; + + /** + * Number of bytes in @e msg. + */ + size_t msg_size; +}; + + +/** + * Request helper @a dh to sign message in @a rsr using the public key + * corresponding to the key in @a rsr. * * This operation will block until the signature has been obtained. Should * this process receive a signal (that is not ignored) while the operation is @@ -2336,21 +2358,41 @@ TALER_CRYPTO_helper_rsa_poll (struct TALER_CRYPTO_RsaDenominationHelper *dh); * differences in the signature counters. Retrying in this case may work. * * @param dh helper process connection - * @param h_rsa hash of the RSA public key to use to sign - * @param msg message to sign - * @param msg_size number of bytes in @a msg + * @param rsr details about the requested signature * @param[out] bs set to the blind signature * @return #TALER_EC_NONE on success */ enum TALER_ErrorCode TALER_CRYPTO_helper_rsa_sign ( struct TALER_CRYPTO_RsaDenominationHelper *dh, - const struct TALER_RsaPubHashP *h_rsa, - const void *msg, - size_t msg_size, + const struct TALER_CRYPTO_RsaSignRequest *rsr, struct TALER_BlindedDenominationSignature *bs); +/** + * Request helper @a dh to batch sign messages in @a rsrs using the public key + * corresponding to the keys in @a rsrs. + * + * This operation will block until all the signatures have been obtained. Should + * this process receive a signal (that is not ignored) while the operation is + * pending, the operation will fail. Note that the helper may still believe + * that it created the signature. Thus, signals may result in a small + * differences in the signature counters. Retrying in this case may work. + * + * @param dh helper process connection + * @param rsrs array with details about the requested signatures + * @param rsrs_length length of the @a rsrs array + * @param[out] bss array set to the blind signatures, must be of length @a rsrs_length! + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TALER_CRYPTO_helper_rsa_batch_sign ( + struct TALER_CRYPTO_RsaDenominationHelper *dh, + const struct TALER_CRYPTO_RsaSignRequest *rsrs, + unsigned int rsrs_length, + struct TALER_BlindedDenominationSignature *bss); + + /** * Ask the helper to revoke the public key associated with @a h_denom_pub. * Will cause the helper to tell all clients that the key is now unavailable, diff --git a/src/util/crypto_helper_rsa.c b/src/util/crypto_helper_rsa.c index d3f498c07..9491b07c9 100644 --- a/src/util/crypto_helper_rsa.c +++ b/src/util/crypto_helper_rsa.c @@ -390,9 +390,7 @@ more: enum TALER_ErrorCode TALER_CRYPTO_helper_rsa_sign ( struct TALER_CRYPTO_RsaDenominationHelper *dh, - const struct TALER_RsaPubHashP *h_rsa, - const void *msg, - size_t msg_size, + const struct TALER_CRYPTO_RsaSignRequest *rsr, struct TALER_BlindedDenominationSignature *bs) { enum TALER_ErrorCode ec = TALER_EC_INVALID; @@ -411,17 +409,17 @@ TALER_CRYPTO_helper_rsa_sign ( GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Requesting signature\n"); { - char buf[sizeof (struct TALER_CRYPTO_SignRequest) + msg_size]; + char buf[sizeof (struct TALER_CRYPTO_SignRequest) + rsr->msg_size]; struct TALER_CRYPTO_SignRequest *sr = (struct TALER_CRYPTO_SignRequest *) buf; sr->header.size = htons (sizeof (buf)); sr->header.type = htons (TALER_HELPER_RSA_MT_REQ_SIGN); sr->reserved = htonl (0); - sr->h_rsa = *h_rsa; + sr->h_rsa = *rsr->h_rsa; memcpy (&sr[1], - msg, - msg_size); + rsr->msg, + rsr->msg_size); if (GNUNET_OK != TALER_crypto_helper_send_all (dh->sock, buf, @@ -596,6 +594,18 @@ end: } +enum TALER_ErrorCode +TALER_CRYPTO_helper_rsa_batch_sign ( + struct TALER_CRYPTO_RsaDenominationHelper *dh, + const struct TALER_CRYPTO_RsaSignRequest *rsrs, + unsigned int rsrs_length, + struct TALER_BlindedDenominationSignature *bss) +{ + GNUNET_break (0); + return -1; /* FIXME: NOT IMPLEMENTED! */ +} + + void TALER_CRYPTO_helper_rsa_revoke ( struct TALER_CRYPTO_RsaDenominationHelper *dh, diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c index eaf43622a..3f3eafddb 100644 --- a/src/util/test_helper_rsa.c +++ b/src/util/test_helper_rsa.c @@ -292,8 +292,9 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh) if (TALER_DENOMINATION_RSA != keys[i].denom_pub.cipher) continue; { - struct TALER_PlanchetDetail pd; - pd.blinded_planchet.cipher = TALER_DENOMINATION_RSA; + struct TALER_PlanchetDetail pd = { + .blinded_planchet.cipher = TALER_DENOMINATION_RSA + }; GNUNET_assert (GNUNET_YES == TALER_planchet_prepare (&keys[i].denom_pub, @@ -303,19 +304,23 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh) &ach, &c_hash, &pd)); - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Requesting signature over %u bytes with key %s\n", - (unsigned - int) pd.blinded_planchet.details.rsa_blinded_planchet. - blinded_msg_size, - GNUNET_h2s (&keys[i].h_rsa.hash)); - ec = TALER_CRYPTO_helper_rsa_sign (dh, - &keys[i].h_rsa, - pd.blinded_planchet.details. - rsa_blinded_planchet.blinded_msg, - pd.blinded_planchet.details. - rsa_blinded_planchet.blinded_msg_size, - &ds); + { + struct TALER_CRYPTO_RsaSignRequest rsr = { + .h_rsa = &keys[i].h_rsa, + .msg = + pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg, + .msg_size = + pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size + }; + + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Requesting signature over %u bytes with key %s\n", + (unsigned int) rsr.msg_size, + GNUNET_h2s (&rsr.h_rsa->hash)); + ec = TALER_CRYPTO_helper_rsa_sign (dh, + &rsr, + &ds); + } TALER_blinded_planchet_free (&pd.blinded_planchet); } switch (ec) @@ -391,8 +396,10 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh) default: /* unexpected error */ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unexpected error %d\n", - ec); + "Unexpected error %d at %s:%u\n", + ec, + __FILE__, + __LINE__); return 7; } } @@ -406,14 +413,17 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh) /* check signing does not work if the key is unknown */ { struct TALER_RsaPubHashP rnd; + struct TALER_CRYPTO_RsaSignRequest rsr = { + .h_rsa = &rnd, + .msg = "Hello", + .msg_size = strlen ("Hello") + }; GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &rnd, sizeof (rnd)); ec = TALER_CRYPTO_helper_rsa_sign (dh, - &rnd, - "Hello", - strlen ("Hello"), + &rsr, &ds); if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec) { @@ -493,14 +503,16 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh, { struct GNUNET_TIME_Absolute start = GNUNET_TIME_absolute_get (); struct GNUNET_TIME_Relative delay; + struct TALER_CRYPTO_RsaSignRequest rsr = { + .h_rsa = &keys[i].h_rsa, + .msg = + pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg, + .msg_size = + pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size + }; ec = TALER_CRYPTO_helper_rsa_sign (dh, - &keys[i].h_rsa, - pd.blinded_planchet.details. - rsa_blinded_planchet.blinded_msg, - pd.blinded_planchet.details. - rsa_blinded_planchet. - blinded_msg_size, + &rsr, &ds); if (TALER_EC_NONE != ec) break; -- cgit v1.2.3