From 3526c44a38195aaea2ab48a220728df175ab9429 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 6 May 2016 18:33:02 +0200 Subject: refactor code to write signing keys in same module where we read them --- src/exchange-tools/taler-exchange-keyup.c | 43 +++------------------- src/exchangedb/exchangedb_keyio.c | 57 +++++++++++++++++++++++++++++ src/exchangedb/test_exchangedb_keyio.c | 59 ++++++++++++++++++++++++++++--- src/include/taler_exchangedb_lib.h | 13 +++++++ 4 files changed, 129 insertions(+), 43 deletions(-) (limited to 'src') diff --git a/src/exchange-tools/taler-exchange-keyup.c b/src/exchange-tools/taler-exchange-keyup.c index 706cb252e..4f8a604ea 100644 --- a/src/exchange-tools/taler-exchange-keyup.c +++ b/src/exchange-tools/taler-exchange-keyup.c @@ -220,29 +220,6 @@ static struct GNUNET_TIME_Absolute lookahead_sign_stamp; static int global_ret; - -/** - * Obtain the name of the directory we use to store signing - * keys created at time @a start. - * - * @param start time at which we create the signing key - * @return name of the directory we should use, basically "$EXCHANGEDIR/$TIME/"; - * (valid until next call to this function) - */ -static const char * -get_signkey_file (struct GNUNET_TIME_Absolute start) -{ - static char dir[4096]; - - GNUNET_snprintf (dir, - sizeof (dir), - "%s" DIR_SEPARATOR_STR TALER_EXCHANGEDB_DIR_SIGNING_KEYS DIR_SEPARATOR_STR "%llu", - exchange_directory, - (unsigned long long) start.abs_value_us); - return dir; -} - - /** * Hash the data defining the coin type. Exclude information that may * not be the same for all instances of the coin type (i.e. the @@ -556,16 +533,11 @@ exchange_keys_update_signkeys () while (anchor.abs_value_us < lookahead_sign_stamp.abs_value_us) { - const char *skf; struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP signkey_issue; - ssize_t nwrite; struct GNUNET_TIME_Absolute end; - skf = get_signkey_file (anchor); end = GNUNET_TIME_absolute_add (anchor, legal_duration); - GNUNET_break (GNUNET_YES != - GNUNET_DISK_file_test (skf)); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Generating signing key for %s.\n", GNUNET_STRINGS_absolute_time_to_string (anchor)); @@ -573,18 +545,11 @@ exchange_keys_update_signkeys () signkey_duration, end, &signkey_issue); - nwrite = GNUNET_DISK_fn_write (skf, - &signkey_issue, - sizeof (struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP), - GNUNET_DISK_PERM_USER_WRITE | GNUNET_DISK_PERM_USER_READ); - if (sizeof (struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP) != nwrite) - { - fprintf (stderr, - "Failed to write to file `%s': %s\n", - skf, - STRERROR (errno)); + if (GNUNET_OK != + TALER_EXCHANGEDB_signing_key_write (exchange_directory, + anchor, + &signkey_issue)) return GNUNET_SYSERR; - } anchor = GNUNET_TIME_absolute_add (anchor, signkey_duration); } diff --git a/src/exchangedb/exchangedb_keyio.c b/src/exchangedb/exchangedb_keyio.c index 5f29cb0d8..773fc9284 100644 --- a/src/exchangedb/exchangedb_keyio.c +++ b/src/exchangedb/exchangedb_keyio.c @@ -113,6 +113,63 @@ TALER_EXCHANGEDB_signing_keys_iterate (const char *exchange_base_dir, } +/** + * Obtain the name of the directory we use to store signing + * keys created at time @a start. + * + * @param start time at which we create the signing key + * @return name of the directory we should use, basically "$EXCHANGEDIR/$TIME/"; + * (valid until next call to this function) + */ +static char * +get_signkey_file (const char *exchange_directory, + struct GNUNET_TIME_Absolute start) +{ + char *dir; + + GNUNET_asprintf (&dir, + "%s" DIR_SEPARATOR_STR TALER_EXCHANGEDB_DIR_SIGNING_KEYS DIR_SEPARATOR_STR "%llu", + exchange_directory, + (unsigned long long) start.abs_value_us); + return dir; +} + + +/** + * Exports a signing key to the given file. + * + * @param exchange_base_dir base directory for the keys + * @param start start time of the validity for the key + * @param ski the signing key + * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure. + */ +int +TALER_EXCHANGEDB_signing_key_write (const char *exchange_base_dir, + struct GNUNET_TIME_Absolute start, + const struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP *ski) +{ + char *skf; + ssize_t nwrite; + + skf = get_signkey_file (exchange_base_dir, + start); + nwrite = GNUNET_DISK_fn_write (skf, + ski, + sizeof (struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP), + GNUNET_DISK_PERM_USER_WRITE | GNUNET_DISK_PERM_USER_READ); + if (sizeof (struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP) != nwrite) + { + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, + "write", + skf); + GNUNET_free (skf); + return GNUNET_SYSERR; + } + GNUNET_free (skf); + return GNUNET_OK; +} + + /** * Import a denomination key from the given file. * diff --git a/src/exchangedb/test_exchangedb_keyio.c b/src/exchangedb/test_exchangedb_keyio.c index 2485da8ae..ab68f9cc2 100644 --- a/src/exchangedb/test_exchangedb_keyio.c +++ b/src/exchangedb/test_exchangedb_keyio.c @@ -14,8 +14,8 @@ TALER; see the file COPYING. If not, If not, see */ /** - * @file exchange/test_exchange_common.c - * @brief test cases for some functions in exchange/exchange_common.c + * @file exchangedb/test_exchangedb_keyio.c + * @brief test cases for some functions in exchangedb/exchangedb_keyio.c * @author Sree Harsha Totakura */ #include "platform.h" @@ -31,6 +31,47 @@ if (cond) { GNUNET_break (0); goto EXITIF_exit; } \ } while (0) +/** + * @brief Iterator called on denomination key. + * + * @param cls closure with expected DKI + * @param dki the denomination key + * @param alias coin alias + * @return #GNUNET_OK to continue to iterate, + * #GNUNET_NO to stop iteration with no error, + * #GNUNET_SYSERR to abort iteration with error! + */ +static int +dki_iter (void *cls, + const char *alias, + const struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki) +{ + const struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *exp = cls; + + if (0 != memcmp (&exp->issue, + &dki->issue, + sizeof (struct TALER_EXCHANGEDB_DenominationKeyInformationP))) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + if (0 != + GNUNET_CRYPTO_rsa_private_key_cmp (exp->denom_priv.rsa_private_key, + dki->denom_priv.rsa_private_key)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + if (0 != + GNUNET_CRYPTO_rsa_public_key_cmp (exp->denom_pub.rsa_public_key, + dki->denom_pub.rsa_public_key)) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + int main (int argc, @@ -59,8 +100,18 @@ main (int argc, enc_size = GNUNET_CRYPTO_rsa_private_key_encode (dki.denom_priv.rsa_private_key, &enc); EXITIF (NULL == (tmpfile = GNUNET_DISK_mktemp ("test_exchange_common"))); - EXITIF (GNUNET_OK != TALER_EXCHANGEDB_denomination_key_write (tmpfile, &dki)); - EXITIF (GNUNET_OK != TALER_EXCHANGEDB_denomination_key_read (tmpfile, &dki_read)); + EXITIF (GNUNET_OK != + TALER_EXCHANGEDB_denomination_key_write (tmpfile, + &dki)); + EXITIF (GNUNET_OK != + TALER_EXCHANGEDB_denomination_key_read (tmpfile, + &dki_read)); + EXITIF (1 != + TALER_EXCHANGEDB_denomination_keys_iterate (tmpfile, + &dki_iter, + &dki)); + + enc_read_size = GNUNET_CRYPTO_rsa_private_key_encode (dki_read.denom_priv.rsa_private_key, &enc_read); EXITIF (enc_size != enc_read_size); diff --git a/src/include/taler_exchangedb_lib.h b/src/include/taler_exchangedb_lib.h index 1f6445212..fd2149229 100644 --- a/src/include/taler_exchangedb_lib.h +++ b/src/include/taler_exchangedb_lib.h @@ -141,6 +141,19 @@ TALER_EXCHANGEDB_signing_keys_iterate (const char *exchange_base_dir, void *it_cls); +/** + * Exports a signing key to the given file. + * + * @param exchange_base_dir base directory for the keys + * @param start start time of the validity for the key + * @param ski the signing key + * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure. + */ +int +TALER_EXCHANGEDB_signing_key_write (const char *exchange_base_dir, + struct GNUNET_TIME_Absolute start, + const struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP *ski); + /** * @brief Iterator over denomination keys. -- cgit v1.2.3