diff options
| -rw-r--r-- | src/include/taler_mintdb_lib.h | 14 | ||||
| -rw-r--r-- | src/mint-tools/Makefile.am | 10 | ||||
| -rw-r--r-- | src/mint-tools/taler-auditor-sign.c | 82 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_keystate.c | 54 | ||||
| -rw-r--r-- | src/mintdb/mintdb_keyio.c | 25 | 
5 files changed, 108 insertions, 77 deletions
| diff --git a/src/include/taler_mintdb_lib.h b/src/include/taler_mintdb_lib.h index b7f28cff..7dfef8dc 100644 --- a/src/include/taler_mintdb_lib.h +++ b/src/include/taler_mintdb_lib.h @@ -212,10 +212,10 @@ TALER_MINTDB_denomination_key_read (const char *filename,   *   * @param cls closure   * @param apub the auditor's public key - * @param asig the auditor's signature   * @param mpub the mint's public key (as expected by the auditor) - * @param dki_len length of @a dki - * @param dki array of denomination coin data signed by the auditor + * @param dki_len length of @a asig and @a dki arrays + * @param asigs array of the auditor's signatures over the @a dks, of length @a dki_len + * @param dki array of denomination coin data signed by the auditor, of length @a dki_len   * @return #GNUNET_OK to continue to iterate,   *  #GNUNET_NO to stop iteration with no error,   *  #GNUNET_SYSERR to abort iteration with error! @@ -223,9 +223,9 @@ TALER_MINTDB_denomination_key_read (const char *filename,  typedef int  (*TALER_MINTDB_AuditorIterator)(void *cls,                                  const struct TALER_AuditorPublicKeyP *apub, -                                const struct TALER_AuditorSignatureP *asig,                                  const struct TALER_MasterPublicKeyP *mpub,                                  unsigned int dki_len, +                                const struct TALER_AuditorSignatureP *asigs,                                  const struct TALER_DenominationKeyValidityPS *dki); @@ -253,16 +253,16 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,   *   * @param filename the file where to write the auditor information to   * @param apub the auditor's public key - * @param asig the auditor's signature + * @param asigs the auditor's signatures, array of length @a dki_len   * @param mpub the mint's public key (as expected by the auditor) - * @param dki_len length of @a dki + * @param dki_len length of @a dki and @a asigs arrays   * @param dki array of denomination coin data signed by the auditor   * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure.   */  int  TALER_MINTDB_auditor_write (const char *filename,                              const struct TALER_AuditorPublicKeyP *apub, -                            const struct TALER_AuditorSignatureP *asig, +                            const struct TALER_AuditorSignatureP *asigs,                              const struct TALER_MasterPublicKeyP *mpub,                              unsigned int dki_len,                              const struct TALER_DenominationKeyValidityPS *dki); diff --git a/src/mint-tools/Makefile.am b/src/mint-tools/Makefile.am index a1b1302d..94b8fb39 100644 --- a/src/mint-tools/Makefile.am +++ b/src/mint-tools/Makefile.am @@ -7,6 +7,7 @@ if USE_COVERAGE  endif  bin_PROGRAMS = \ +  taler-auditor-sign \    taler-mint-keyup \    taler-mint-keycheck \    taler-mint-reservemod \ @@ -15,7 +16,6 @@ bin_PROGRAMS = \  taler_mint_keyup_SOURCES = \    taler-mint-keyup.c -  taler_mint_keyup_LDADD = \    $(LIBGCRYPT_LIBS) \    $(top_builddir)/src/util/libtalerutil.la \ @@ -24,6 +24,14 @@ taler_mint_keyup_LDADD = \    -lgnunetutil $(XLIB)  taler_mint_keyup_LDFLAGS = $(POSTGRESQL_LDFLAGS) +taler_auditor_sign_SOURCES = \ +  taler-auditor-sign.c +taler_auditor_sign_LDADD = \ +  $(LIBGCRYPT_LIBS) \ +  $(top_builddir)/src/util/libtalerutil.la \ +  $(top_builddir)/src/mintdb/libtalermintdb.la \ +  -lgnunetutil $(XLIB) +  taler_mint_sepa_SOURCES = \    taler-mint-sepa.c diff --git a/src/mint-tools/taler-auditor-sign.c b/src/mint-tools/taler-auditor-sign.c index 8d180790..bd37e68d 100644 --- a/src/mint-tools/taler-auditor-sign.c +++ b/src/mint-tools/taler-auditor-sign.c @@ -50,11 +50,6 @@ static char *mint_request_file;  static char *output_file;  /** - * Handle to the auditor's configuration - */ -static struct GNUNET_CONFIGURATION_Handle *kcfg; - -/**   * Master public key of the mint.   */  static struct TALER_MasterPublicKeyP master_public_key; @@ -101,16 +96,16 @@ print_dk (const struct TALER_DenominationKeyValidityPS *dk)    fprintf (stdout,             "Validity start time: %s\n", -           GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->start))); +           GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->start)));    fprintf (stdout,             "Withdraw end time: %s\n", -           GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_withdraw))); +           GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_withdraw)));    fprintf (stdout,             "Deposit end time: %s\n", -           GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_spend))); +           GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_spend)));    fprintf (stdout,             "Legal dispute end time: %s\n", -           GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_legal))); +           GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_legal)));    fprintf (stdout,             "\n"); @@ -150,12 +145,12 @@ main (int argc,      GNUNET_GETOPT_OPTION_END    };    struct GNUNET_CRYPTO_EddsaPrivateKey *eddsa_priv; -  struct TALER_AuditorSignatureP sig; +  struct TALER_AuditorSignatureP *sigs;    struct TALER_AuditorPublicKeyP apub;    struct GNUNET_DISK_FileHandle *fh;    struct TALER_DenominationKeyValidityPS *dks;    unsigned int dks_len; -  struct TALER_MintKeyValidityPS *ap; +  struct TALER_MintKeyValidityPS kv;    off_t in_size;    unsigned int i; @@ -187,6 +182,7 @@ main (int argc,    {      fprintf (stderr,               "Mint public key not given\n"); +    GNUNET_free (eddsa_priv);      return 1;    }    if (GNUNET_OK != @@ -198,12 +194,14 @@ main (int argc,      fprintf (stderr,               "Public key `%s' malformed\n",               mint_public_key); +    GNUNET_free (eddsa_priv);      return 1;    }    if (NULL == mint_request_file)    {      fprintf (stderr,               "Mint signing request not given\n"); +    GNUNET_free (eddsa_priv);      return 1;    }    fh = GNUNET_DISK_file_open (mint_request_file, @@ -215,6 +213,7 @@ main (int argc,               "Failed to open file `%s': %s\n",               mint_request_file,               STRERROR (errno)); +    GNUNET_free (eddsa_priv);      return 1;    }    if (GNUNET_OK != @@ -226,6 +225,7 @@ main (int argc,               mint_request_file,               STRERROR (errno));      GNUNET_DISK_file_close (fh); +    GNUNET_free (eddsa_priv);      return 1;    }    if (0 != (in_size % sizeof (struct TALER_DenominationKeyValidityPS))) @@ -234,16 +234,17 @@ main (int argc,               "Input file size of file `%s' is invalid\n",               mint_request_file);      GNUNET_DISK_file_close (fh); +    GNUNET_free (eddsa_priv);      return 1;    }    dks_len = in_size / sizeof (struct TALER_DenominationKeyValidityPS); -  ap = GNUNET_malloc (sizeof (struct TALER_MintKeyValidityPS) + -                      in_size); -  ap.purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_MINT_KEYS); -  ap.purpose.size = htonl (sizeof (struct TALER_MintKeyValidityPS) + -                           in_size); -  ap.master = master_public_key; -  dks = (struct TALER_DenominationKeyValidityPS *) &ap[1]; +  kv.purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_MINT_KEYS); +  kv.purpose.size = htonl (sizeof (struct TALER_MintKeyValidityPS)); +  kv.master = master_public_key; +  dks = GNUNET_new_array (dks_len, +                          struct TALER_DenominationKeyValidityPS); +  sigs = GNUNET_new_array (dks_len, +                           struct TALER_AuditorSignatureP);    if (in_size !=        GNUNET_DISK_file_read (fh,                               dks, @@ -254,34 +255,51 @@ main (int argc,               mint_request_file,               STRERROR (errno));      GNUNET_DISK_file_close (fh); -    GNUNET_free (ap); +    GNUNET_free (sigs); +    GNUNET_free (dks); +    GNUNET_free (eddsa_priv);      return 1;    }    GNUNET_DISK_file_close (fh); -  if (verbose) +  for (i=0;i<dks_len;i++)    { -    for (i=0;i<dks_len;i++) -      print_dk (&dks[i]); +    struct TALER_DenominationKeyValidityPS *dk = &dks[i]; + +    if (verbose) +      print_dk (dk); +    kv.start = dk->start; +    kv.expire_withdraw = dk->expire_withdraw; +    kv.expire_spend = dk->expire_spend; +    kv.expire_legal = dk->expire_legal; +    kv.value = dk->value; +    kv.fee_withdraw = dk->fee_withdraw; +    kv.fee_deposit = dk->fee_deposit; +    kv.fee_refresh = dk->fee_refresh; +    kv.denom_hash = dk->denom_hash; + +    /* Finally sign ... */ +    GNUNET_CRYPTO_eddsa_sign (eddsa_priv, +                              &kv.purpose, +                              &sigs[i].eddsa_sig); + +    }    if (NULL == output_file)    {      fprintf (stderr,               "Output file not given\n"); -    GNUNET_free (ap); +    GNUNET_free (dks); +    GNUNET_free (sigs); +    GNUNET_free (eddsa_priv);      return 1;    } -  /* Finally sign ... */ -  GNUNET_CRYPTO_eddsa_sign (eddsa_priv, -                            &ap->purpose, -                            &sig.eddsa_sig); -    /* write result to disk */    if (GNUNET_OK !=        TALER_MINTDB_auditor_write (output_file,                                    &apub, -                                  &sig, +                                  sigs,                                    &master_public_key,                                    dks_len,                                    dks)) @@ -290,10 +308,12 @@ main (int argc,               "Failed to write to file `%s': %s\n",               output_file,               STRERROR (errno)); -    GNUNET_free (ap); +    GNUNET_free (sigs); +    GNUNET_free (dks);      return 1;    } -  GNUNET_free (ap); +  GNUNET_free (sigs); +  GNUNET_free (dks);    GNUNET_free (eddsa_priv);    return 0;  } diff --git a/src/mint/taler-mint-httpd_keystate.c b/src/mint/taler-mint-httpd_keystate.c index 608e791b..939d57d0 100644 --- a/src/mint/taler-mint-httpd_keystate.c +++ b/src/mint/taler-mint-httpd_keystate.c @@ -417,16 +417,16 @@ reload_keys_sign_iter (void *cls,   * Convert information from an auditor to a JSON object.   *   * @param apub the auditor's public key - * @param asig the auditor's signature - * @param dki_len length of @a dki + * @param dki_len length of @a dki and @a asigs arrays + * @param asigs the auditor's signatures   * @param dki array of denomination coin data signed by the auditor   * @return a JSON object describing the auditor information and signature   */  static json_t *  auditor_to_json (const struct TALER_AuditorPublicKeyP *apub, -                 const struct TALER_AuditorSignatureP *asig,                   unsigned int dki_len, -                 const struct TALER_DenominationKeyValidityPS *dki) +                 const struct TALER_AuditorSignatureP **asigs, +                 const struct TALER_DenominationKeyValidityPS **dki)  {    unsigned int i;    json_t *ja; @@ -434,19 +434,19 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,    ja = json_array ();    for (i=0;i<dki_len;i++)      json_array_append_new (ja, -                           json_pack ("{s:o}", +                           json_pack ("{s:o, s:o}",                                        "denom_pub_h", -                                      TALER_json_from_data (&dki->denom_hash, -                                                            sizeof (struct GNUNET_HashCode)))); +                                      TALER_json_from_data (&dki[i]->denom_hash, +                                                            sizeof (struct GNUNET_HashCode)), +                                      "auditor_sig", +                                      TALER_json_from_data (asigs[i], +                                                            sizeof (struct TALER_AuditorSignatureP))));    return -    json_pack ("{s:o, s:o, s:o}", +    json_pack ("{s:o, s:o}",                 "denomination_keys", ja,                 "auditor_pub",                 TALER_json_from_data (apub, -                                     sizeof (struct TALER_AuditorPublicKeyP)), -               "auditor_sig", -               TALER_json_from_data (asig, -                                     sizeof (struct TALER_AuditorSignatureP))); +                                     sizeof (struct TALER_AuditorPublicKeyP)));  } @@ -458,9 +458,9 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,   *   * @param cls closure with the `struct TMH_KS_StateHandle *`   * @param apub the auditor's public key - * @param asig the auditor's signature   * @param mpub the mint's public key (as expected by the auditor) - * @param dki_len length of @a dki + * @param dki_len length of @a dki and @a asigs + * @param asigs array with the auditor's signatures, of length @a dki_len   * @param dki array of denomination coin data signed by the auditor   * @return #GNUNET_OK to continue to iterate,   *  #GNUNET_NO to stop iteration with no error, @@ -469,14 +469,16 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,  static int  reload_auditor_iter (void *cls,                       const struct TALER_AuditorPublicKeyP *apub, -                     const struct TALER_AuditorSignatureP *asig,                       const struct TALER_MasterPublicKeyP *mpub,                       unsigned int dki_len, +                     const struct TALER_AuditorSignatureP *asigs,                       const struct TALER_DenominationKeyValidityPS *dki)  {    struct TMH_KS_StateHandle *ctx = cls;    unsigned int i; -  int found; +  unsigned int keep; +  const struct TALER_AuditorSignatureP *kept_asigs[dki_len]; +  const struct TALER_DenominationKeyValidityPS *kept_dkis[dki_len];    /* Check if the signature is at least for this mint. */    if (0 != memcmp (&mpub->eddsa_pub, @@ -487,28 +489,26 @@ reload_auditor_iter (void *cls,                  "Auditing information provided for a different mint, ignored\n");      return GNUNET_OK;    } -  /* check if there is an overlap between the set of keys signed by -     the auditor and the denomination keys that are active right now */ -  found = GNUNET_NO; +  /* Filter the auditor information for those for which the +     keys actually match the denomination keys that are active right now */ +  keep = 0;    for (i=0;i<dki_len;i++)    {      if (GNUNET_YES ==          GNUNET_CONTAINER_multihashmap_contains (ctx->denomkey_map,                                                  &dki[i].denom_hash))      { -      found = GNUNET_YES; -      break; +      kept_asigs[keep] = &asigs[i]; +      kept_dkis[keep] = &dki[i]; +      keep++;      }    } -  if (GNUNET_NO == found) -    return GNUNET_OK; /* None of the keys are relevant for us right now, -                         so skip this auditor signature */    /* add auditor information to our /keys response */    json_array_append_new (ctx->auditors_array,                           auditor_to_json (apub, -                                          asig, -                                          dki_len, -                                          dki)); +                                          keep, +                                          kept_asigs, +                                          kept_dkis));    return GNUNET_OK;  } diff --git a/src/mintdb/mintdb_keyio.c b/src/mintdb/mintdb_keyio.c index b7cdcf50..5bfe5bb1 100644 --- a/src/mintdb/mintdb_keyio.c +++ b/src/mintdb/mintdb_keyio.c @@ -383,11 +383,6 @@ struct AuditorFileHeaderP    struct TALER_AuditorPublicKeyP apub;    /** -   * Signature from the auditor. -   */ -  struct TALER_AuditorSignatureP asig; - -  /**     * Master public key of the mint the auditor is signing     * information for.     */ @@ -415,6 +410,7 @@ auditor_iter (void *cls,    struct AuditorIterateContext *aic = cls;    uint64_t size;    struct AuditorFileHeaderP *af; +  const struct TALER_AuditorSignatureP *sigs;    const struct TALER_DenominationKeyValidityPS *dki;    unsigned int len;    int ret; @@ -431,7 +427,8 @@ auditor_iter (void *cls,    }    if ( (size < sizeof (struct AuditorFileHeaderP)) ||         (0 != (len = ((size - sizeof (struct AuditorFileHeaderP)) % -                     sizeof (struct TALER_DenominationKeyValidityPS)))) ) +                     (sizeof (struct TALER_DenominationKeyValidityPS) + +                      sizeof (struct TALER_AuditorSignatureP))))) )    {      GNUNET_break (0);      return GNUNET_SYSERR; @@ -448,12 +445,13 @@ auditor_iter (void *cls,      GNUNET_free (af);      return GNUNET_SYSERR;    } -  dki = (const struct TALER_DenominationKeyValidityPS *) &af[1]; +  sigs = (const struct TALER_AuditorSignatureP *) &af[1]; +  dki = (const struct TALER_DenominationKeyValidityPS *) &sigs[len];    ret = aic->it (aic->it_cls,                   &af->apub, -                 &af->asig,                   &af->mpub,                   len, +                 sigs,                   dki);    GNUNET_free (af);    return ret; @@ -500,7 +498,7 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,   *   * @param filename the file where to write the auditor information to   * @param apub the auditor's public key - * @param asig the auditor's signature + * @param asigs the auditor's signatures, array of length @a dki_len   * @param mpub the mint's public key (as expected by the auditor)   * @param dki_len length of @a dki   * @param dki array of denomination coin data signed by the auditor @@ -509,7 +507,7 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,  int  TALER_MINTDB_auditor_write (const char *filename,                              const struct TALER_AuditorPublicKeyP *apub, -                            const struct TALER_AuditorSignatureP *asig, +                            const struct TALER_AuditorSignatureP *asigs,                              const struct TALER_MasterPublicKeyP *mpub,                              unsigned int dki_len,                              const struct TALER_DenominationKeyValidityPS *dki) @@ -522,7 +520,6 @@ TALER_MINTDB_auditor_write (const char *filename,    int eno;    af.apub = *apub; -  af.asig = *asig;    af.mpub = *mpub;    ret = GNUNET_SYSERR;    if (NULL == (fh = GNUNET_DISK_file_open @@ -537,6 +534,12 @@ TALER_MINTDB_auditor_write (const char *filename,      goto cleanup;    if (wrote != wsize)      goto cleanup; +  wsize = dki_len * sizeof (struct TALER_AuditorSignatureP); +  if (wsize == +      GNUNET_DISK_file_write (fh, +                              asigs, +                              wsize)) +    ret = GNUNET_OK;    wsize = dki_len * sizeof (struct TALER_DenominationKeyValidityPS);    if (wsize ==        GNUNET_DISK_file_write (fh, | 
