From 57d1f08dbca256f5fe16d57b29bfa523dec8f6c4 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Thu, 8 Jan 2015 18:37:20 +0100
Subject: -initial import for mint

---
 src/mint/taler-mint-keycheck.c | 169 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 169 insertions(+)
 create mode 100644 src/mint/taler-mint-keycheck.c

(limited to 'src/mint/taler-mint-keycheck.c')

diff --git a/src/mint/taler-mint-keycheck.c b/src/mint/taler-mint-keycheck.c
new file mode 100644
index 000000000..c6186859c
--- /dev/null
+++ b/src/mint/taler-mint-keycheck.c
@@ -0,0 +1,169 @@
+/*
+  This file is part of TALER
+  (C) 2014 Christian Grothoff (and other contributing authors)
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU General Public License as published by the Free Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along with
+  TALER; see the file COPYING.  If not, If not, see <http://www.gnu.org/licenses/>
+*/
+
+/**
+ * @file taler-mint-keycheck.c
+ * @brief Check mint keys for validity.
+ * @author Florian Dold
+ * @author Benedikt Mueller
+ */
+
+#include <platform.h>
+#include <gnunet/gnunet_util_lib.h>
+#include "mint.h"
+#include "taler_signatures.h"
+
+
+static char *mintdir;
+static struct GNUNET_CONFIGURATION_Handle *kcfg;
+
+
+static int
+signkeys_iter (void *cls, const struct TALER_MINT_SignKeyIssue *ski)
+{
+  struct GNUNET_TIME_Absolute start;
+
+  printf ("iterating over key for start time %s\n",
+          GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (ski->start)));
+
+  start = GNUNET_TIME_absolute_ntoh (ski->start);
+
+  if (ntohl (ski->purpose.size) !=
+      (sizeof (struct TALER_MINT_SignKeyIssue) - offsetof (struct TALER_MINT_SignKeyIssue, purpose)))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signkey with start %s has invalid purpose field (timestamp: %llu)\n",
+                GNUNET_STRINGS_absolute_time_to_string (start),
+                (long long) start.abs_value_us);
+    return GNUNET_SYSERR;
+  }
+
+
+  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNKEY,
+                                               &ski->purpose,
+                                               &ski->signature,
+                                               &ski->master_pub))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signkey with start %s has invalid signature (timestamp: %llu)\n",
+                GNUNET_STRINGS_absolute_time_to_string (start),
+                (long long) start.abs_value_us);
+    return GNUNET_SYSERR;
+  }
+  printf ("key valid\n");
+  return GNUNET_OK;
+}
+
+
+static int
+mint_signkeys_check ()
+{
+  if (0 > TALER_MINT_signkeys_iterate (mintdir, signkeys_iter, NULL))
+    return GNUNET_NO;
+  return GNUNET_OK;
+}
+
+
+static int denomkeys_iter (void *cls,
+                           const char *alias,
+                           const struct TALER_MINT_DenomKeyIssue *dki)
+{
+  struct GNUNET_TIME_Absolute start;
+
+  start = GNUNET_TIME_absolute_ntoh (dki->start);
+
+  if (ntohl (dki->purpose.size) !=
+      (sizeof (struct TALER_MINT_DenomKeyIssue) - offsetof (struct TALER_MINT_DenomKeyIssue, purpose)))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Denomkey for '%s' with start %s has invalid purpose field (timestamp: %llu)\n",
+                alias,
+                GNUNET_STRINGS_absolute_time_to_string (start),
+                (long long) start.abs_value_us);
+    return GNUNET_SYSERR;
+  }
+
+  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_DENOM,
+                                               &dki->purpose,
+                                               &dki->signature,
+                                               &dki->master))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Denomkey for '%s'with start %s has invalid signature (timestamp: %llu)\n",
+                alias,
+                GNUNET_STRINGS_absolute_time_to_string (start),
+                (long long) start.abs_value_us);
+    return GNUNET_SYSERR;
+  }
+  printf ("denom key valid\n");
+
+  return GNUNET_OK;
+}
+
+
+static int
+mint_denomkeys_check ()
+{
+  if (0 > TALER_MINT_denomkeys_iterate (mintdir, denomkeys_iter, NULL))
+    return GNUNET_NO;
+  return GNUNET_OK;
+}
+
+
+static int
+mint_keys_check (void)
+{
+  if (GNUNET_OK != mint_signkeys_check ())
+    return GNUNET_NO;
+  return mint_denomkeys_check ();
+}
+
+
+/**
+ * The main function of the keyup tool
+ *
+ * @param argc number of arguments from the command line
+ * @param argv command line arguments
+ * @return 0 ok, 1 on error
+ */
+int
+main (int argc, char *const *argv)
+{
+  static const struct GNUNET_GETOPT_CommandLineOption options[] = {
+    GNUNET_GETOPT_OPTION_HELP ("gnunet-mint-keyup OPTIONS"),
+    {'d', "mint-dir", "DIR",
+     "mint directory with keys to update", 1,
+     &GNUNET_GETOPT_set_filename, &mintdir},
+    GNUNET_GETOPT_OPTION_END
+  };
+
+  GNUNET_assert (GNUNET_OK == GNUNET_log_setup ("taler-mint-keycheck", "WARNING", NULL));
+
+  if (GNUNET_GETOPT_run ("taler-mint-keyup", options, argc, argv) < 0) 
+    return 1;
+  if (NULL == mintdir)
+  {
+    fprintf (stderr, "mint directory not given\n"); 
+    return 1;
+  }
+
+  kcfg = TALER_MINT_config_load (mintdir);
+  if (NULL == kcfg)
+  {
+    fprintf (stderr, "can't load mint configuration\n");
+    return 1;
+  }
+  if (GNUNET_OK != mint_keys_check ())
+    return 1;
+  return 0;
+}
+
-- 
cgit v1.2.3