/*
This file is part of TALER
Copyright (C) 2020 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, see
*/
/**
* @file util/crypto_helper_esign.c
* @brief utility functions for running out-of-process private key operations
* @author Christian Grothoff
*/
#include "platform.h"
#include "taler_util.h"
#include "taler_signatures.h"
#include "taler-exchange-secmod-eddsa.h"
#include
struct TALER_CRYPTO_ExchangeSignHelper
{
/**
* Function to call with updates to available key material.
*/
TALER_CRYPTO_ExchangeKeyStatusCallback ekc;
/**
* Closure for @e ekc
*/
void *ekc_cls;
/**
* Socket address of the denomination helper process.
* Used to reconnect if the connection breaks.
*/
struct sockaddr_un sa;
/**
* Socket address of this process.
*/
struct sockaddr_un my_sa;
/**
* Template for @e my_sa.
*/
char *template;
/**
* The UNIX domain socket, -1 if we are currently not connected.
*/
int sock;
/**
* Have we reached the sync'ed state?
*/
bool synced;
};
/**
* Disconnect from the helper process. Updates
* @e sock field in @a esh.
*
* @param[in,out] esh handle to tear down connection of
*/
static void
do_disconnect (struct TALER_CRYPTO_ExchangeSignHelper *esh)
{
GNUNET_break (0 == close (esh->sock));
if (0 != unlink (esh->my_sa.sun_path))
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"unlink",
esh->my_sa.sun_path);
esh->sock = -1;
}
/**
* Try to connect to the helper process. Updates
* @e sock field in @a esh.
*
* @param[in,out] esh handle to establish connection for
*/
static void
try_connect (struct TALER_CRYPTO_ExchangeSignHelper *esh)
{
char *tmpdir;
if (-1 != esh->sock)
return;
esh->sock = socket (AF_UNIX,
SOCK_DGRAM,
0);
if (-1 == esh->sock)
{
GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
"socket");
return;
}
tmpdir = GNUNET_DISK_mktemp (esh->template);
if (NULL == tmpdir)
{
do_disconnect (esh);
return;
}
/* we use >= here because we want the sun_path to always
be 0-terminated */
if (strlen (tmpdir) >= sizeof (esh->sa.sun_path))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"PATHS",
"TALER_RUNTIME_DIR",
"path too long");
GNUNET_free (tmpdir);
do_disconnect (esh);
return;
}
esh->my_sa.sun_family = AF_UNIX;
strncpy (esh->my_sa.sun_path,
tmpdir,
sizeof (esh->sa.sun_path) - 1);
if (0 != unlink (tmpdir))
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"unlink",
tmpdir);
if (0 != bind (esh->sock,
(const struct sockaddr *) &esh->my_sa,
sizeof (esh->my_sa)))
{
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"bind",
tmpdir);
do_disconnect (esh);
GNUNET_free (tmpdir);
return;
}
/* Fix permissions on client UNIX domain socket,
just in case umask() is not set to enable group write */
{
char path[sizeof (esh->my_sa.sun_path) + 1];
strncpy (path,
esh->my_sa.sun_path,
sizeof (path) - 1);
path[sizeof (esh->my_sa.sun_path)] = '\0';
if (0 != chmod (path,
S_IRUSR | S_IWUSR | S_IWGRP))
{
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"chmod",
path);
}
}
GNUNET_free (tmpdir);
{
struct GNUNET_MessageHeader hdr = {
.size = htons (sizeof (hdr)),
.type = htons (TALER_HELPER_EDDSA_MT_REQ_INIT)
};
ssize_t ret;
ret = sendto (esh->sock,
&hdr,
sizeof (hdr),
0,
(const struct sockaddr *) &esh->sa,
sizeof (esh->sa));
if (ret < 0)
{
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"sendto",
esh->sa.sun_path);
do_disconnect (esh);
return;
}
/* We are using SOCK_DGRAM, partial writes should not be possible */
GNUNET_break (((size_t) ret) == sizeof (hdr));
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Successfully sent REQ_INIT\n");
}
}
struct TALER_CRYPTO_ExchangeSignHelper *
TALER_CRYPTO_helper_esign_connect (
const struct GNUNET_CONFIGURATION_Handle *cfg,
TALER_CRYPTO_ExchangeKeyStatusCallback ekc,
void *ekc_cls)
{
struct TALER_CRYPTO_ExchangeSignHelper *esh;
char *unixpath;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_filename (cfg,
"taler-exchange-secmod-eddsa",
"UNIXPATH",
&unixpath))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"taler-exchange-secmod-eddsa",
"UNIXPATH");
return NULL;
}
/* we use >= here because we want the sun_path to always
be 0-terminated */
if (strlen (unixpath) >= sizeof (esh->sa.sun_path))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"taler-exchange-secmod-eddsa",
"UNIXPATH",
"path too long");
GNUNET_free (unixpath);
return NULL;
}
esh = GNUNET_new (struct TALER_CRYPTO_ExchangeSignHelper);
esh->ekc = ekc;
esh->ekc_cls = ekc_cls;
esh->sa.sun_family = AF_UNIX;
strncpy (esh->sa.sun_path,
unixpath,
sizeof (esh->sa.sun_path) - 1);
GNUNET_free (unixpath);
esh->sock = -1;
{
char *tmpdir;
char *template;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_filename (cfg,
"taler-exchange-secmod-eddsa",
"CLIENT_DIR",
&tmpdir))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"taler-exchange-secmod-eddsa",
"CLIENT_DIR");
GNUNET_free (esh);
return NULL;
}
GNUNET_asprintf (&template,
"%s/cli",
tmpdir);
/* We expect the service to create the client directory */
if (GNUNET_OK !=
GNUNET_DISK_directory_test (tmpdir,
GNUNET_YES))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Unable to read secmod client directory (%s)\n",
tmpdir);
GNUNET_free (esh);
GNUNET_free (template);
GNUNET_free (tmpdir);
return NULL;
}
GNUNET_free (tmpdir);
esh->template = template;
if (strlen (template) >= sizeof (esh->sa.sun_path))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"PATHS",
"TALER_RUNTIME_DIR",
"path too long");
TALER_CRYPTO_helper_esign_disconnect (esh);
return NULL;
}
}
TALER_CRYPTO_helper_esign_poll (esh);
return esh;
}
/**
* Handle a #TALER_HELPER_EDDSA_MT_AVAIL message from the helper.
*
* @param esh helper context
* @param hdr message that we received
* @return #GNUNET_OK on success
*/
static int
handle_mt_avail (struct TALER_CRYPTO_ExchangeSignHelper *esh,
const struct GNUNET_MessageHeader *hdr)
{
const struct TALER_CRYPTO_EddsaKeyAvailableNotification *kan
= (const struct TALER_CRYPTO_EddsaKeyAvailableNotification *) hdr;
if (sizeof (*kan) != ntohs (hdr->size))
{
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
TALER_exchange_secmod_eddsa_verify (
&kan->exchange_pub,
GNUNET_TIME_absolute_ntoh (kan->anchor_time),
GNUNET_TIME_relative_ntoh (kan->duration),
&kan->secm_pub,
&kan->secm_sig))
{
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
esh->ekc (esh->ekc_cls,
GNUNET_TIME_absolute_ntoh (kan->anchor_time),
GNUNET_TIME_relative_ntoh (kan->duration),
&kan->exchange_pub,
&kan->secm_pub,
&kan->secm_sig);
return GNUNET_OK;
}
/**
* Handle a #TALER_HELPER_EDDSA_MT_PURGE message from the helper.
*
* @param esh helper context
* @param hdr message that we received
* @return #GNUNET_OK on success
*/
static int
handle_mt_purge (struct TALER_CRYPTO_ExchangeSignHelper *esh,
const struct GNUNET_MessageHeader *hdr)
{
const struct TALER_CRYPTO_EddsaKeyPurgeNotification *pn
= (const struct TALER_CRYPTO_EddsaKeyPurgeNotification *) hdr;
if (sizeof (*pn) != ntohs (hdr->size))
{
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
esh->ekc (esh->ekc_cls,
GNUNET_TIME_UNIT_ZERO_ABS,
GNUNET_TIME_UNIT_ZERO,
&pn->exchange_pub,
NULL,
NULL);
return GNUNET_OK;
}
/**
* Wait until the socket is ready to read.
*
* @param esh helper to wait for
* @return false on timeout (after 1s)
*/
static bool
await_read_ready (struct TALER_CRYPTO_ExchangeSignHelper *esh)
{
/* wait for reply with 1s timeout */
struct pollfd pfd = {
.fd = esh->sock,
.events = POLLIN
};
sigset_t sigmask;
struct timespec ts = {
.tv_sec = 1
};
int ret;
GNUNET_assert (0 == sigemptyset (&sigmask));
GNUNET_assert (0 == sigaddset (&sigmask, SIGTERM));
GNUNET_assert (0 == sigaddset (&sigmask, SIGHUP));
ret = ppoll (&pfd,
1,
&ts,
&sigmask);
if ( (-1 == ret) &&
(EINTR != errno) )
GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
"ppoll");
return (0 < ret);
}
void
TALER_CRYPTO_helper_esign_poll (struct TALER_CRYPTO_ExchangeSignHelper *esh)
{
char buf[UINT16_MAX];
ssize_t ret;
unsigned int retry_limit = 3;
const struct GNUNET_MessageHeader *hdr
= (const struct GNUNET_MessageHeader *) buf;
int flag = MSG_DONTWAIT;
try_connect (esh);
if (-1 == esh->sock)
return; /* give up */
while (1)
{
ret = recv (esh->sock,
buf,
sizeof (buf),
flag);
if (ret < 0)
{
if (EAGAIN == errno)
{
GNUNET_assert (0 != flag);
if (esh->synced)
break;
if (! await_read_ready (esh))
{
/* timeout AND not synced => full reconnect */
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Restarting connection to EdDSA helper, did not come up properly\n");
do_disconnect (esh);
if (0 == retry_limit)
return; /* give up */
try_connect (esh);
if (-1 == esh->sock)
return; /* give up */
retry_limit--;
flag = MSG_DONTWAIT;
}
else
{
flag = 0; /* syscall must be non-blocking this time */
}
continue; /* try again */
}
GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
"recv");
do_disconnect (esh);
return;
}
flag = MSG_DONTWAIT;
if ( (ret < sizeof (struct GNUNET_MessageHeader)) ||
(ret != ntohs (hdr->size)) )
{
GNUNET_break_op (0);
do_disconnect (esh);
return;
}
switch (ntohs (hdr->type))
{
case TALER_HELPER_EDDSA_MT_AVAIL:
if (GNUNET_OK !=
handle_mt_avail (esh,
hdr))
{
GNUNET_break_op (0);
do_disconnect (esh);
return;
}
break;
case TALER_HELPER_EDDSA_MT_PURGE:
if (GNUNET_OK !=
handle_mt_purge (esh,
hdr))
{
GNUNET_break_op (0);
do_disconnect (esh);
return;
}
break;
case TALER_HELPER_EDDSA_SYNCED:
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Now synchronized with EdDSA helper\n");
esh->synced = true;
break;
default:
GNUNET_break_op (0);
do_disconnect (esh);
return;
}
}
}
enum TALER_ErrorCode
TALER_CRYPTO_helper_esign_sign_ (
struct TALER_CRYPTO_ExchangeSignHelper *esh,
const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct TALER_ExchangePublicKeyP *exchange_pub,
struct TALER_ExchangeSignatureP *exchange_sig)
{
{
uint32_t purpose_size = ntohl (purpose->size);
char buf[sizeof (struct TALER_CRYPTO_EddsaSignRequest) + purpose_size
- sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)];
struct TALER_CRYPTO_EddsaSignRequest *sr
= (struct TALER_CRYPTO_EddsaSignRequest *) buf;
ssize_t ret;
try_connect (esh);
if (-1 == esh->sock)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Failed to connect to helper\n");
return TALER_EC_EXCHANGE_SIGNKEY_HELPER_UNAVAILABLE;
}
sr->header.size = htons (sizeof (buf));
sr->header.type = htons (TALER_HELPER_EDDSA_MT_REQ_SIGN);
sr->reserved = htonl (0);
memcpy (&sr->purpose,
purpose,
purpose_size);
ret = sendto (esh->sock,
buf,
sizeof (buf),
0,
(const struct sockaddr *) &esh->sa,
sizeof (esh->sa));
if (ret < 0)
{
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"sendto",
esh->sa.sun_path);
do_disconnect (esh);
return TALER_EC_EXCHANGE_SIGNKEY_HELPER_UNAVAILABLE;
}
/* We are using SOCK_DGRAM, partial writes should not be possible */
GNUNET_break (((size_t) ret) == sizeof (buf));
}
while (1)
{
char buf[UINT16_MAX];
ssize_t ret;
const struct GNUNET_MessageHeader *hdr
= (const struct GNUNET_MessageHeader *) buf;
if (! await_read_ready (esh))
{
do_disconnect (esh);
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Timeout waiting for helper\n");
return TALER_EC_GENERIC_TIMEOUT;
}
ret = recv (esh->sock,
buf,
sizeof (buf),
0);
if (ret < 0)
{
GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
"recv");
do_disconnect (esh);
return TALER_EC_EXCHANGE_SIGNKEY_HELPER_UNAVAILABLE;
}
if ( (ret < sizeof (struct GNUNET_MessageHeader)) ||
(ret != ntohs (hdr->size)) )
{
GNUNET_break_op (0);
do_disconnect (esh);
return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
}
switch (ntohs (hdr->type))
{
case TALER_HELPER_EDDSA_MT_RES_SIGNATURE:
if (ret != sizeof (struct TALER_CRYPTO_EddsaSignResponse))
{
GNUNET_break_op (0);
do_disconnect (esh);
return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
}
{
const struct TALER_CRYPTO_EddsaSignResponse *sr =
(const struct TALER_CRYPTO_EddsaSignResponse *) buf;
*exchange_sig = sr->exchange_sig;
*exchange_pub = sr->exchange_pub;
return TALER_EC_NONE;
}
case TALER_HELPER_EDDSA_MT_RES_SIGN_FAILURE:
if (ret != sizeof (struct TALER_CRYPTO_EddsaSignFailure))
{
GNUNET_break_op (0);
do_disconnect (esh);
return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
}
{
const struct TALER_CRYPTO_EddsaSignFailure *sf =
(const struct TALER_CRYPTO_EddsaSignFailure *) buf;
return (enum TALER_ErrorCode) ntohl (sf->ec);
}
case TALER_HELPER_EDDSA_MT_AVAIL:
if (GNUNET_OK !=
handle_mt_avail (esh,
hdr))
{
GNUNET_break_op (0);
do_disconnect (esh);
return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
}
break; /* while(1) loop ensures we recvfrom() again */
case TALER_HELPER_EDDSA_MT_PURGE:
if (GNUNET_OK !=
handle_mt_purge (esh,
hdr))
{
GNUNET_break_op (0);
do_disconnect (esh);
return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
}
break; /* while(1) loop ensures we recvfrom() again */
default:
GNUNET_break_op (0);
do_disconnect (esh);
return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
}
}
}
void
TALER_CRYPTO_helper_esign_revoke (
struct TALER_CRYPTO_ExchangeSignHelper *esh,
const struct TALER_ExchangePublicKeyP *exchange_pub)
{
struct TALER_CRYPTO_EddsaRevokeRequest rr = {
.header.size = htons (sizeof (rr)),
.header.type = htons (TALER_HELPER_EDDSA_MT_REQ_REVOKE),
.exchange_pub = *exchange_pub
};
ssize_t ret;
try_connect (esh);
if (-1 == esh->sock)
return; /* give up */
ret = sendto (esh->sock,
&rr,
sizeof (rr),
0,
(const struct sockaddr *) &esh->sa,
sizeof (esh->sa));
if (ret < 0)
{
GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
"sendto");
do_disconnect (esh);
return;
}
/* We are using SOCK_DGRAM, partial writes should not be possible */
GNUNET_break (((size_t) ret) == sizeof (rr));
}
void
TALER_CRYPTO_helper_esign_disconnect (
struct TALER_CRYPTO_ExchangeSignHelper *esh)
{
if (-1 != esh->sock)
do_disconnect (esh);
GNUNET_free (esh->template);
GNUNET_free (esh);
}
/* end of crypto_helper_esign.c */