diff options
Diffstat (limited to 'src/util/test_helper_eddsa.c')
| -rw-r--r-- | src/util/test_helper_eddsa.c | 447 | 
1 files changed, 447 insertions, 0 deletions
| diff --git a/src/util/test_helper_eddsa.c b/src/util/test_helper_eddsa.c new file mode 100644 index 00000000..c2a3af74 --- /dev/null +++ b/src/util/test_helper_eddsa.c @@ -0,0 +1,447 @@ +/* +  This file is part of TALER +  (C) 2020 Taler Systems SA + +  TALER is free software; you can redistribute it and/or modify it under the +  terms of the GNU General Public License as published by the Free Software +  Foundation; either version 3, or (at your option) any later version. + +  TALER is distributed in the hope that it will be useful, but WITHOUT ANY +  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +  A PARTICULAR PURPOSE.  See the GNU General Public License for more details. + +  You should have received a copy of the GNU General Public License along with +  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file util/test_helper_eddsa.c + * @brief Tests for EDDSA crypto helper + * @author Christian Grothoff + */ +#include "platform.h" +#include "taler_util.h" +#include <gnunet/gnunet_signatures.h> + +/** + * Configuration has 1 minute duration and 5 minutes lookahead, so + * we should never have more than 6 active keys, plus for during + * key expiration / revocation. + */ +#define MAX_KEYS 7 + +/** + * How many random key revocations should we test? + */ +#define NUM_REVOKES 3 + +/** + * How many iterations of the successful signing test should we run? + */ +#define NUM_SIGN_TESTS 100 + + +/** + * Number of keys currently in #keys. + */ +static unsigned int num_keys; + +/** + * Keys currently managed by the helper. + */ +struct KeyData +{ +  /** +   * Validity start point. +   */ +  struct GNUNET_TIME_Absolute start_time; + +  /** +   * Key expires for signing at @e start_time plus this value. +   */ +  struct GNUNET_TIME_Relative validity_duration; + +  /** +   * Full public key. +   */ +  struct TALER_ExchangePublicKeyP exchange_pub; + +  /** +   * Is this key currently valid? +   */ +  bool valid; + +  /** +   * Did the test driver revoke this key? +   */ +  bool revoked; +}; + +/** + * Array of all the keys we got from the helper. + */ +static struct KeyData keys[MAX_KEYS]; + + +/** + * Function called with information about available keys for signing.  Usually + * only called once per key upon connect. Also called again in case a key is + * being revoked, in that case with an @a end_time of zero.  Stores the keys + * status in #keys. + * + * @param cls closure, NULL + * @param start_time when does the key become available for signing; + *                 zero if the key has been revoked or purged + * @param validity_duration how long does the key remain available for signing; + *                 zero if the key has been revoked or purged + * @param exchange_pub the public key itself + * @param sm_pub public key of the security module, NULL if the key was revoked or purged + * @param sm_sig signature from the security module, NULL if the key was revoked or purged + *               The signature was already verified against @a sm_pub. + */ +static void +key_cb (void *cls, +        struct GNUNET_TIME_Absolute start_time, +        struct GNUNET_TIME_Relative validity_duration, +        const struct TALER_ExchangePublicKeyP *exchange_pub, +        const struct TALER_SecurityModulePublicKeyP *sm_pub, +        const struct TALER_SecurityModuleSignatureP *sm_sig) +{ +  (void) sm_pub; +  (void) sm_sig; +  if (0 == validity_duration.rel_value_us) +  { +    bool found = false; + +    for (unsigned int i = 0; i<MAX_KEYS; i++) +      if (0 == GNUNET_memcmp (exchange_pub, +                              &keys[i].exchange_pub)) +      { +        keys[i].valid = false; +        keys[i].revoked = false; +        GNUNET_assert (num_keys > 0); +        num_keys--; +        found = true; +        break; +      } +    if (! found) +      GNUNET_log (GNUNET_ERROR_TYPE_ERROR, +                  "Error: helper announced expiration of unknown key!\n"); + +    return; +  } +  for (unsigned int i = 0; i<MAX_KEYS; i++) +    if (! keys[i].valid) +    { +      keys[i].valid = true; +      keys[i].exchange_pub = *exchange_pub; +      keys[i].start_time = start_time; +      keys[i].validity_duration = validity_duration; +      num_keys++; +      return; +    } +  /* too many keys! */ +  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, +              "Error: received %d live keys from the service!\n", +              MAX_KEYS + 1); +} + + +/** + * Test key revocation logic. + * + * @param esh handle to the helper + * @return 0 on success + */ +static int +test_revocation (struct TALER_CRYPTO_ExchangeSignHelper *esh) +{ +  struct timespec req = { +    .tv_nsec = 250000000 +  }; + +  for (unsigned int i = 0; i<NUM_REVOKES; i++) +  { +    uint32_t off; + +    off = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK, +                                    num_keys); +    /* find index of key to revoke */ +    for (unsigned int j = 0; j < MAX_KEYS; j++) +    { +      if (! keys[j].valid) +        continue; +      if (0 != off) +      { +        off--; +        continue; +      } +      keys[j].revoked = true; +      fprintf (stderr, +               "Revoking key ..."); +      TALER_CRYPTO_helper_esign_revoke (esh, +                                        &keys[j].exchange_pub); +      for (unsigned int k = 0; k<1000; k++) +      { +        TALER_CRYPTO_helper_esign_poll (esh); +        if (! keys[j].revoked) +          break; +        nanosleep (&req, NULL); +        fprintf (stderr, "."); +      } +      if (keys[j].revoked) +      { +        fprintf (stderr, +                 "\nFAILED: timeout trying to revoke key %u\n", +                 j); +        TALER_CRYPTO_helper_esign_disconnect (esh); +        return 2; +      } +      fprintf (stderr, "\n"); +      break; +    } +  } +  return 0; +} + + +/** + * Test signing logic. + * + * @param esh handle to the helper + * @return 0 on success + */ +static int +test_signing (struct TALER_CRYPTO_ExchangeSignHelper *esh) +{ +  struct GNUNET_CRYPTO_EccSignaturePurpose purpose = { +    .purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST), +    .size = htonl (sizeof (purpose)), +  }; + +  for (unsigned int i = 0; i<2; i++) +  { +    struct TALER_ExchangePublicKeyP exchange_pub; +    struct TALER_ExchangeSignatureP exchange_sig; +    enum TALER_ErrorCode ec; + +    ec = TALER_CRYPTO_helper_esign_sign_ (esh, +                                          &purpose, +                                          &exchange_pub, +                                          &exchange_sig); +    switch (ec) +    { +    case TALER_EC_NONE: +      if (GNUNET_OK != +          GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, +                                       &purpose, +                                       &exchange_sig.eddsa_signature, +                                       &exchange_pub.eddsa_pub)) +      { +        /* signature invalid */ +        GNUNET_break (0); +        return 17; +      } +      GNUNET_log (GNUNET_ERROR_TYPE_INFO, +                  "Received valid signature\n"); +      break; +    default: +      /* unexpected error */ +      GNUNET_break (0); +      return 7; +    } +  } +  return 0; +} + + +/** + * Benchmark signing logic. + * + * @param esh handle to the helper + * @return 0 on success + */ +static int +perf_signing (struct TALER_CRYPTO_ExchangeSignHelper *esh) +{ +  struct GNUNET_CRYPTO_EccSignaturePurpose purpose = { +    .purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST), +    .size = htonl (sizeof (purpose)), +  }; +  struct GNUNET_TIME_Relative duration; + +  duration = GNUNET_TIME_UNIT_ZERO; +  for (unsigned int j = 0; j<NUM_SIGN_TESTS;) +  { +    struct GNUNET_TIME_Relative delay; +    struct TALER_ExchangePublicKeyP exchange_pub; +    struct TALER_ExchangeSignatureP exchange_sig; +    enum TALER_ErrorCode ec; +    struct GNUNET_TIME_Absolute start; + +    TALER_CRYPTO_helper_esign_poll (esh); +    start = GNUNET_TIME_absolute_get (); +    ec = TALER_CRYPTO_helper_esign_sign_ (esh, +                                          &purpose, +                                          &exchange_pub, +                                          &exchange_sig); +    if (TALER_EC_NONE != ec) +    { +      GNUNET_break (0); +      return 42; +    } +    delay = GNUNET_TIME_absolute_get_duration (start); +    duration = GNUNET_TIME_relative_add (duration, +                                         delay); +    j++; +  } /* for j */ +  fprintf (stderr, +           "%u (sequential) signature operations took %s\n", +           (unsigned int) NUM_SIGN_TESTS, +           GNUNET_STRINGS_relative_time_to_string (duration, +                                                   GNUNET_YES)); +  return 0; +} + + +/** + * Main entry point into the test logic with the helper already running. + */ +static int +run_test (void) +{ +  struct GNUNET_CONFIGURATION_Handle *cfg; +  struct TALER_CRYPTO_ExchangeSignHelper *esh; +  struct timespec req = { +    .tv_nsec = 250000000 +  }; +  int ret; + +  cfg = GNUNET_CONFIGURATION_create (); +  if (GNUNET_OK != +      GNUNET_CONFIGURATION_load (cfg, +                                 "test_helper_eddsa.conf")) +  { +    GNUNET_break (0); +    return 77; +  } +  esh = TALER_CRYPTO_helper_esign_connect (cfg, +                                           &key_cb, +                                           NULL); +  GNUNET_CONFIGURATION_destroy (cfg); +  if (NULL == esh) +  { +    GNUNET_break (0); +    return 1; +  } +  /* wait for helper to start and give us keys */ +  fprintf (stderr, "Waiting for helper to start "); +  for (unsigned int i = 0; i<1000; i++) +  { +    TALER_CRYPTO_helper_esign_poll (esh); +    if (0 != num_keys) +      break; +    nanosleep (&req, NULL); +    fprintf (stderr, "."); +  } +  if (0 == num_keys) +  { +    fprintf (stderr, +             "\nFAILED: timeout trying to connect to helper\n"); +    TALER_CRYPTO_helper_esign_disconnect (esh); +    return 1; +  } +  fprintf (stderr, +           "\nOK: Helper ready (%u keys)\n", +           num_keys); + +  ret = 0; +  if (0 == ret) +    ret = test_revocation (esh); +  if (0 == ret) +    ret = test_signing (esh); +  if (0 == ret) +    ret = perf_signing (esh); +  TALER_CRYPTO_helper_esign_disconnect (esh); +  /* clean up our state */ +  for (unsigned int i = 0; i<MAX_KEYS; i++) +    if (keys[i].valid) +    { +      keys[i].valid = false; +      GNUNET_assert (num_keys > 0); +      num_keys--; +    } +  return ret; +} + + +int +main (int argc, +      const char *const argv[]) +{ +  struct GNUNET_OS_Process *helper; +  char *libexec_dir; +  char *binary_name; +  int ret; +  enum GNUNET_OS_ProcessStatusType type; +  unsigned long code; + +  (void) argc; +  (void) argv; +  GNUNET_log_setup ("test-helper-eddsa", +                    "WARNING", +                    NULL); +  GNUNET_OS_init (TALER_project_data_default ()); +  libexec_dir = GNUNET_OS_installation_get_path (GNUNET_OS_IPK_LIBEXECDIR); +  GNUNET_asprintf (&binary_name, +                   "%s/%s", +                   libexec_dir, +                   "taler-helper-crypto-eddsa"); +  GNUNET_free (libexec_dir); +  helper = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_ERR, +                                    NULL, NULL, NULL, +                                    binary_name, +                                    binary_name, +                                    "-c", +                                    "test_helper_eddsa.conf", +                                    "-L", +                                    "WARNING", +                                    NULL); +  if (NULL == helper) +  { +    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, +                              "exec", +                              binary_name); +    GNUNET_free (binary_name); +    return 77; +  } +  GNUNET_free (binary_name); +  ret = run_test (); + +  GNUNET_OS_process_kill (helper, +                          SIGTERM); +  if (GNUNET_OK != +      GNUNET_OS_process_wait_status (helper, +                                     &type, +                                     &code)) +  { +    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, +                "Helper process did not die voluntarily, killing hard\n"); +    GNUNET_OS_process_kill (helper, +                            SIGKILL); +    ret = 4; +  } +  else if ( (GNUNET_OS_PROCESS_EXITED != type) || +            (0 != code) ) +  { +    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, +                "Helper died with unexpected status %d/%d\n", +                (int) type, +                (int) code); +    ret = 5; +  } +  GNUNET_OS_process_destroy (helper); +  return ret; +} + + +/* end of test_helper_eddsa.c */ | 
