exchange/src/util/test_helper_rsa.c

726 lines
21 KiB
C
Raw Normal View History

2020-11-22 18:31:33 +01:00
/*
This file is part of TALER
(C) 2020, 2021 Taler Systems SA
2020-11-22 18:31:33 +01:00
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file util/test_helper_rsa.c
* @brief Tests for RSA crypto helper
* @author Christian Grothoff
*/
#include "platform.h"
#include "taler_util.h"
/**
2021-11-17 13:03:47 +01:00
* Configuration has 1 minute duration and 5 minutes lookahead, but
* we do not get 'revocations' for expired keys. So this must be
* large enough to deal with key rotation during the runtime of
* the benchmark.
2020-11-22 18:31:33 +01:00
*/
2021-11-17 13:03:47 +01:00
#define MAX_KEYS 1024
2020-11-22 18:31:33 +01:00
/**
* How many random key revocations should we test?
*/
2020-11-23 21:10:55 +01:00
#define NUM_REVOKES 3
2020-11-22 18:31:33 +01:00
2020-11-22 22:25:49 +01:00
/**
* How many iterations of the successful signing test should we run?
*/
2020-11-23 21:10:55 +01:00
#define NUM_SIGN_TESTS 5
2020-11-22 22:25:49 +01:00
2021-11-17 13:03:47 +01:00
/**
* How many iterations of the successful signing test should we run
* during the benchmark phase?
*/
#define NUM_SIGN_PERFS 100
/**
* How many parallel clients should we use for the parallel
* benchmark? (> 500 may cause problems with the max open FD number limit).
*/
#define NUM_CORES 8
2020-11-22 18:31:33 +01:00
/**
* Number of keys currently in #keys.
*/
static unsigned int num_keys;
/**
* Keys currently managed by the helper.
*/
struct KeyData
{
/**
* Validity start point.
*/
struct GNUNET_TIME_Timestamp start_time;
2020-11-22 18:31:33 +01:00
/**
* Key expires for signing at @e start_time plus this value.
*/
struct GNUNET_TIME_Relative validity_duration;
/**
* Hash of the public key.
*/
2021-11-17 23:05:14 +01:00
struct TALER_RsaPubHashP h_rsa;
2020-11-22 18:31:33 +01:00
/**
* Full public key.
*/
struct TALER_DenominationPublicKey denom_pub;
/**
* Is this key currently valid?
*/
bool valid;
/**
* Did the test driver revoke this key?
*/
bool revoked;
};
2020-11-22 19:02:49 +01:00
/**
* Array of all the keys we got from the helper.
*/
2020-11-22 18:31:33 +01:00
static struct KeyData keys[MAX_KEYS];
2021-11-19 20:56:53 +01:00
/**
* Release memory occupied by #keys.
*/
static void
free_keys (void)
{
for (unsigned int i = 0; i<MAX_KEYS; i++)
if (keys[i].valid)
{
TALER_denom_pub_free (&keys[i].denom_pub);
2021-11-25 10:00:55 +01:00
keys[i].valid = false;
2021-11-19 20:56:53 +01:00
GNUNET_assert (num_keys > 0);
num_keys--;
}
}
2020-11-22 19:02:49 +01:00
/**
* Function called with information about available keys for signing. Usually
* only called once per key upon connect. Also called again in case a key is
* being revoked, in that case with an @a end_time of zero. Stores the keys
* status in #keys.
*
* @param cls closure, NULL
* @param section_name name of the denomination type in the configuration;
* NULL if the key has been revoked or purged
* @param start_time when does the key become available for signing;
* zero if the key has been revoked or purged
* @param validity_duration how long does the key remain available for signing;
* zero if the key has been revoked or purged
2021-11-17 23:05:14 +01:00
* @param h_rsa hash of the @a denom_pub that is available (or was purged)
2020-11-22 19:02:49 +01:00
* @param denom_pub the public key itself, NULL if the key was revoked or purged
2020-11-23 21:10:55 +01:00
* @param sm_pub public key of the security module, NULL if the key was revoked or purged
* @param sm_sig signature from the security module, NULL if the key was revoked or purged
* The signature was already verified against @a sm_pub.
2020-11-22 19:02:49 +01:00
*/
2020-11-22 18:31:33 +01:00
static void
key_cb (void *cls,
const char *section_name,
struct GNUNET_TIME_Timestamp start_time,
2020-11-22 18:31:33 +01:00
struct GNUNET_TIME_Relative validity_duration,
2021-11-17 23:05:14 +01:00
const struct TALER_RsaPubHashP *h_rsa,
2020-11-23 21:10:55 +01:00
const struct TALER_DenominationPublicKey *denom_pub,
const struct TALER_SecurityModulePublicKeyP *sm_pub,
const struct TALER_SecurityModuleSignatureP *sm_sig)
2020-11-22 18:31:33 +01:00
{
2021-11-19 20:56:53 +01:00
(void) cls;
2020-11-23 21:10:55 +01:00
(void) sm_pub;
(void) sm_sig;
2020-11-22 18:31:33 +01:00
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Key notification about key %s in `%s'\n",
2021-11-17 23:05:14 +01:00
GNUNET_h2s (&h_rsa->hash),
2020-11-22 18:31:33 +01:00
section_name);
if (0 == validity_duration.rel_value_us)
{
bool found = false;
GNUNET_break (NULL == denom_pub);
GNUNET_break (NULL == section_name);
for (unsigned int i = 0; i<MAX_KEYS; i++)
2021-11-17 23:05:14 +01:00
if (0 == GNUNET_memcmp (h_rsa,
&keys[i].h_rsa))
2020-11-22 18:31:33 +01:00
{
keys[i].valid = false;
keys[i].revoked = false;
2021-11-17 20:31:08 +01:00
TALER_denom_pub_free (&keys[i].denom_pub);
2020-11-22 18:31:33 +01:00
GNUNET_assert (num_keys > 0);
num_keys--;
found = true;
break;
}
if (! found)
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Error: helper announced expiration of unknown key!\n");
return;
}
2020-11-22 18:31:33 +01:00
GNUNET_break (NULL != denom_pub);
for (unsigned int i = 0; i<MAX_KEYS; i++)
if (! keys[i].valid)
{
keys[i].valid = true;
2021-11-17 23:05:14 +01:00
keys[i].h_rsa = *h_rsa;
2020-11-22 18:31:33 +01:00
keys[i].start_time = start_time;
keys[i].validity_duration = validity_duration;
2021-11-17 20:31:08 +01:00
TALER_denom_pub_deep_copy (&keys[i].denom_pub,
denom_pub);
2020-11-22 18:31:33 +01:00
num_keys++;
return;
}
/* too many keys! */
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Error: received %d live keys from the service!\n",
MAX_KEYS + 1);
}
/**
2020-11-22 19:02:49 +01:00
* Test key revocation logic.
*
* @param dh handle to the helper
* @return 0 on success
2020-11-22 18:31:33 +01:00
*/
static int
2021-11-17 23:05:14 +01:00
test_revocation (struct TALER_CRYPTO_RsaDenominationHelper *dh)
2020-11-22 18:31:33 +01:00
{
struct timespec req = {
.tv_nsec = 250000000
};
for (unsigned int i = 0; i<NUM_REVOKES; i++)
{
uint32_t off;
off = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
num_keys);
/* find index of key to revoke */
for (unsigned int j = 0; j < MAX_KEYS; j++)
{
if (! keys[j].valid)
continue;
if (0 != off)
{
off--;
continue;
}
keys[j].revoked = true;
fprintf (stderr,
"Revoking key %s ...",
2021-11-17 23:05:14 +01:00
GNUNET_h2s (&keys[j].h_rsa.hash));
TALER_CRYPTO_helper_rsa_revoke (dh,
&keys[j].h_rsa);
2020-11-22 22:25:49 +01:00
for (unsigned int k = 0; k<1000; k++)
2020-11-22 18:31:33 +01:00
{
2021-11-17 23:05:14 +01:00
TALER_CRYPTO_helper_rsa_poll (dh);
2020-11-22 18:31:33 +01:00
if (! keys[j].revoked)
break;
nanosleep (&req, NULL);
fprintf (stderr, ".");
}
if (keys[j].revoked)
{
fprintf (stderr,
"\nFAILED: timeout trying to revoke key %u\n",
j);
2021-11-17 23:05:14 +01:00
TALER_CRYPTO_helper_rsa_disconnect (dh);
2020-11-22 18:31:33 +01:00
return 2;
}
2020-11-22 22:25:49 +01:00
fprintf (stderr, "\n");
2020-11-22 18:31:33 +01:00
break;
}
}
2020-11-22 19:02:49 +01:00
return 0;
}
2020-11-22 18:31:33 +01:00
2020-11-22 19:02:49 +01:00
/**
* Test signing logic.
*
* @param dh handle to the helper
* @return 0 on success
*/
static int
2021-11-17 23:05:14 +01:00
test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh)
2020-11-22 19:02:49 +01:00
{
2021-11-17 20:31:08 +01:00
struct TALER_BlindedDenominationSignature ds;
2020-11-22 19:02:49 +01:00
enum TALER_ErrorCode ec;
bool success = false;
2022-02-11 09:36:01 +01:00
struct TALER_PlanchetMasterSecretP ps;
2022-01-16 17:02:15 +01:00
struct TALER_ExchangeWithdrawValues alg_values;
[age restriction] progress 14/n - withdraw and deposit Age restriction support for - withdraw is done and tested - deposit is done and tested TODOs: - melt/refresh/reveal - link ------ Added functions - TALER_age_restriction_commit - TALER_age_commitment_derive - TALER_age_commitment_hash - TALER_age_restriction_commitment_free_inside - Hash of age commitment passed around API boundaries Exchangedb adjustments for denominations - all prepared statements re: denominations now handle age_mask - signature parameters adjusted Hash and signature verification of /keys adjusted - Hashes of (normal) denominations and age-restricted denominations are calculated seperately - The hash of the age-restricted ones will then be added to the other hash - The total hash is signed/verified Tests for withdraw with age restriction added - TALER_EXCHANGE_DenomPublickey now carries age_mask - TALER_TESTING_cmd_withdraw_amount* takes age parameter - TALER_TESTING_find_pk takes boolean age_restricted - WithdrawState carries age_commitment and its hash - withdraw_run derives new age commitment, if applicable - Added age parameter to testing (13 as example) Various Fixes and changes - Fixes of post handler for /management/extensions - Fixes for offline tool extensions signing - Slight refactoring of extensions - Age restriction extension simplified - config is now global to extension - added global TEH_age_restriction_enabled and TEH_age_mask in taler-exchange-httpd - helper functions and macros introduced
2022-02-16 22:01:05 +01:00
struct TALER_AgeCommitmentHash ach;
struct TALER_CoinPubHashP c_hash;
2022-02-05 23:12:21 +01:00
struct TALER_CoinSpendPrivateKeyP coin_priv;
union TALER_DenominationBlindingKeyP bks;
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&ps,
sizeof (ps));
2021-11-17 20:31:08 +01:00
2022-01-16 17:02:15 +01:00
alg_values.cipher = TALER_DENOMINATION_RSA;
2022-02-05 23:12:21 +01:00
TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks);
[age restriction] progress 14/n - withdraw and deposit Age restriction support for - withdraw is done and tested - deposit is done and tested TODOs: - melt/refresh/reveal - link ------ Added functions - TALER_age_restriction_commit - TALER_age_commitment_derive - TALER_age_commitment_hash - TALER_age_restriction_commitment_free_inside - Hash of age commitment passed around API boundaries Exchangedb adjustments for denominations - all prepared statements re: denominations now handle age_mask - signature parameters adjusted Hash and signature verification of /keys adjusted - Hashes of (normal) denominations and age-restricted denominations are calculated seperately - The hash of the age-restricted ones will then be added to the other hash - The total hash is signed/verified Tests for withdraw with age restriction added - TALER_EXCHANGE_DenomPublickey now carries age_mask - TALER_TESTING_cmd_withdraw_amount* takes age parameter - TALER_TESTING_find_pk takes boolean age_restricted - WithdrawState carries age_commitment and its hash - withdraw_run derives new age commitment, if applicable - Added age parameter to testing (13 as example) Various Fixes and changes - Fixes of post handler for /management/extensions - Fixes for offline tool extensions signing - Slight refactoring of extensions - Age restriction extension simplified - config is now global to extension - added global TEH_age_restriction_enabled and TEH_age_mask in taler-exchange-httpd - helper functions and macros introduced
2022-02-16 22:01:05 +01:00
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&ach,
sizeof(ach));
2022-02-05 23:12:21 +01:00
2020-11-22 19:02:49 +01:00
for (unsigned int i = 0; i<MAX_KEYS; i++)
{
if (! keys[i].valid)
continue;
2022-01-16 17:02:15 +01:00
if (TALER_DENOMINATION_RSA != keys[i].denom_pub.cipher)
continue;
2020-11-22 22:25:49 +01:00
{
2021-11-17 20:31:08 +01:00
struct TALER_PlanchetDetail pd;
pd.blinded_planchet.cipher = TALER_DENOMINATION_RSA;
2020-11-22 22:25:49 +01:00
GNUNET_assert (GNUNET_YES ==
2021-11-17 20:31:08 +01:00
TALER_planchet_prepare (&keys[i].denom_pub,
2022-01-16 17:02:15 +01:00
&alg_values,
2022-02-05 23:12:21 +01:00
&bks,
&coin_priv,
[age restriction] progress 14/n - withdraw and deposit Age restriction support for - withdraw is done and tested - deposit is done and tested TODOs: - melt/refresh/reveal - link ------ Added functions - TALER_age_restriction_commit - TALER_age_commitment_derive - TALER_age_commitment_hash - TALER_age_restriction_commitment_free_inside - Hash of age commitment passed around API boundaries Exchangedb adjustments for denominations - all prepared statements re: denominations now handle age_mask - signature parameters adjusted Hash and signature verification of /keys adjusted - Hashes of (normal) denominations and age-restricted denominations are calculated seperately - The hash of the age-restricted ones will then be added to the other hash - The total hash is signed/verified Tests for withdraw with age restriction added - TALER_EXCHANGE_DenomPublickey now carries age_mask - TALER_TESTING_cmd_withdraw_amount* takes age parameter - TALER_TESTING_find_pk takes boolean age_restricted - WithdrawState carries age_commitment and its hash - withdraw_run derives new age commitment, if applicable - Added age parameter to testing (13 as example) Various Fixes and changes - Fixes of post handler for /management/extensions - Fixes for offline tool extensions signing - Slight refactoring of extensions - Age restriction extension simplified - config is now global to extension - added global TEH_age_restriction_enabled and TEH_age_mask in taler-exchange-httpd - helper functions and macros introduced
2022-02-16 22:01:05 +01:00
&ach,
2021-11-17 20:31:08 +01:00
&c_hash,
&pd));
2020-11-22 22:25:49 +01:00
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Requesting signature over %u bytes with key %s\n",
(unsigned
int) pd.blinded_planchet.details.rsa_blinded_planchet.
blinded_msg_size,
2021-11-17 23:05:14 +01:00
GNUNET_h2s (&keys[i].h_rsa.hash));
2022-02-12 11:42:25 +01:00
ec = TALER_CRYPTO_helper_rsa_sign (dh,
2021-11-17 23:05:14 +01:00
&keys[i].h_rsa,
pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg,
pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg_size,
2022-02-12 11:42:25 +01:00
&ds);
2022-01-16 17:02:15 +01:00
TALER_blinded_planchet_free (&pd.blinded_planchet);
2020-11-22 22:25:49 +01:00
}
2020-11-22 19:02:49 +01:00
switch (ec)
{
case TALER_EC_NONE:
if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_remaining (
keys[i].start_time.abs_time),
>,
GNUNET_TIME_UNIT_SECONDS))
2020-11-22 19:02:49 +01:00
{
/* key worked too early */
GNUNET_break (0);
return 4;
}
if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_duration (
keys[i].start_time.abs_time),
>,
keys[i].validity_duration))
2020-11-22 19:02:49 +01:00
{
/* key worked too later */
GNUNET_break (0);
return 5;
}
{
2021-11-17 20:31:08 +01:00
struct TALER_DenominationSignature rs;
2021-11-17 20:31:08 +01:00
if (GNUNET_OK !=
TALER_denom_sig_unblind (&rs,
&ds,
2022-02-05 23:12:21 +01:00
&bks,
2022-02-09 10:49:10 +01:00
&c_hash,
&alg_values,
2021-11-17 20:31:08 +01:00
&keys[i].denom_pub))
2020-11-22 22:25:49 +01:00
{
GNUNET_break (0);
return 6;
}
2021-11-17 20:31:08 +01:00
TALER_blinded_denom_sig_free (&ds);
2020-11-22 22:25:49 +01:00
if (GNUNET_OK !=
2021-11-17 20:31:08 +01:00
TALER_denom_pub_verify (&keys[i].denom_pub,
&rs,
&c_hash))
2020-11-22 22:25:49 +01:00
{
/* signature invalid */
GNUNET_break (0);
2021-11-17 20:31:08 +01:00
TALER_denom_sig_free (&rs);
2020-11-22 22:25:49 +01:00
return 7;
}
2021-11-17 20:31:08 +01:00
TALER_denom_sig_free (&rs);
2020-11-22 19:02:49 +01:00
}
2020-11-22 22:25:49 +01:00
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Received valid signature for key %s\n",
2021-11-17 23:05:14 +01:00
GNUNET_h2s (&keys[i].h_rsa.hash));
2020-11-22 19:02:49 +01:00
success = true;
break;
2020-11-22 22:25:49 +01:00
case TALER_EC_EXCHANGE_DENOMINATION_HELPER_TOO_EARLY:
/* This 'failure' is expected, we're testing also for the
error handling! */
if ( (GNUNET_TIME_relative_is_zero (
GNUNET_TIME_absolute_get_remaining (
keys[i].start_time.abs_time))) &&
(GNUNET_TIME_relative_cmp (
GNUNET_TIME_absolute_get_duration (
keys[i].start_time.abs_time),
<,
keys[i].validity_duration)) )
2020-11-22 19:02:49 +01:00
{
/* key should have worked! */
GNUNET_break (0);
return 6;
}
break;
default:
/* unexpected error */
2021-01-28 21:23:16 +01:00
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Unexpected error %d\n",
ec);
2020-11-22 19:02:49 +01:00
return 7;
}
}
if (! success)
{
/* no valid key for signing found, also bad */
GNUNET_break (0);
return 16;
}
/* check signing does not work if the key is unknown */
{
2021-11-17 23:05:14 +01:00
struct TALER_RsaPubHashP rnd;
2020-11-22 19:02:49 +01:00
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&rnd,
sizeof (rnd));
2022-02-12 11:42:25 +01:00
ec = TALER_CRYPTO_helper_rsa_sign (dh,
2021-11-17 23:05:14 +01:00
&rnd,
"Hello",
strlen ("Hello"),
2022-02-12 11:42:25 +01:00
&ds);
2020-11-22 19:02:49 +01:00
if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec)
{
2021-11-17 13:03:47 +01:00
if (TALER_EC_NONE == ec)
2021-11-17 20:31:08 +01:00
TALER_blinded_denom_sig_free (&ds);
2020-11-22 19:02:49 +01:00
GNUNET_break (0);
return 17;
}
2020-11-22 22:25:49 +01:00
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Signing with invalid key %s failed as desired\n",
2021-11-17 20:31:08 +01:00
GNUNET_h2s (&rnd.hash));
2020-11-22 19:02:49 +01:00
}
return 0;
}
2020-11-22 22:25:49 +01:00
/**
* Benchmark signing logic.
*
* @param dh handle to the helper
* @return 0 on success
*/
static int
2021-11-17 23:05:14 +01:00
perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh,
2021-11-17 13:03:47 +01:00
const char *type)
2020-11-22 22:25:49 +01:00
{
2021-11-17 20:31:08 +01:00
struct TALER_BlindedDenominationSignature ds;
2020-11-22 22:25:49 +01:00
enum TALER_ErrorCode ec;
struct GNUNET_TIME_Relative duration;
2022-02-11 09:36:01 +01:00
struct TALER_PlanchetMasterSecretP ps;
2022-02-05 23:12:21 +01:00
struct TALER_CoinSpendPrivateKeyP coin_priv;
[age restriction] progress 14/n - withdraw and deposit Age restriction support for - withdraw is done and tested - deposit is done and tested TODOs: - melt/refresh/reveal - link ------ Added functions - TALER_age_restriction_commit - TALER_age_commitment_derive - TALER_age_commitment_hash - TALER_age_restriction_commitment_free_inside - Hash of age commitment passed around API boundaries Exchangedb adjustments for denominations - all prepared statements re: denominations now handle age_mask - signature parameters adjusted Hash and signature verification of /keys adjusted - Hashes of (normal) denominations and age-restricted denominations are calculated seperately - The hash of the age-restricted ones will then be added to the other hash - The total hash is signed/verified Tests for withdraw with age restriction added - TALER_EXCHANGE_DenomPublickey now carries age_mask - TALER_TESTING_cmd_withdraw_amount* takes age parameter - TALER_TESTING_find_pk takes boolean age_restricted - WithdrawState carries age_commitment and its hash - withdraw_run derives new age commitment, if applicable - Added age parameter to testing (13 as example) Various Fixes and changes - Fixes of post handler for /management/extensions - Fixes for offline tool extensions signing - Slight refactoring of extensions - Age restriction extension simplified - config is now global to extension - added global TEH_age_restriction_enabled and TEH_age_mask in taler-exchange-httpd - helper functions and macros introduced
2022-02-16 22:01:05 +01:00
struct TALER_AgeCommitmentHash ach;
2022-02-05 23:12:21 +01:00
union TALER_DenominationBlindingKeyP bks;
2022-01-16 17:02:15 +01:00
struct TALER_ExchangeWithdrawValues alg_values;
2020-11-22 22:25:49 +01:00
2022-02-11 09:36:01 +01:00
TALER_planchet_master_setup_random (&ps);
2022-01-16 17:02:15 +01:00
alg_values.cipher = TALER_DENOMINATION_RSA;
2022-02-05 23:12:21 +01:00
TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv);
TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks);
[age restriction] progress 14/n - withdraw and deposit Age restriction support for - withdraw is done and tested - deposit is done and tested TODOs: - melt/refresh/reveal - link ------ Added functions - TALER_age_restriction_commit - TALER_age_commitment_derive - TALER_age_commitment_hash - TALER_age_restriction_commitment_free_inside - Hash of age commitment passed around API boundaries Exchangedb adjustments for denominations - all prepared statements re: denominations now handle age_mask - signature parameters adjusted Hash and signature verification of /keys adjusted - Hashes of (normal) denominations and age-restricted denominations are calculated seperately - The hash of the age-restricted ones will then be added to the other hash - The total hash is signed/verified Tests for withdraw with age restriction added - TALER_EXCHANGE_DenomPublickey now carries age_mask - TALER_TESTING_cmd_withdraw_amount* takes age parameter - TALER_TESTING_find_pk takes boolean age_restricted - WithdrawState carries age_commitment and its hash - withdraw_run derives new age commitment, if applicable - Added age parameter to testing (13 as example) Various Fixes and changes - Fixes of post handler for /management/extensions - Fixes for offline tool extensions signing - Slight refactoring of extensions - Age restriction extension simplified - config is now global to extension - added global TEH_age_restriction_enabled and TEH_age_mask in taler-exchange-httpd - helper functions and macros introduced
2022-02-16 22:01:05 +01:00
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&ach,
sizeof(ach));
2020-11-22 22:25:49 +01:00
duration = GNUNET_TIME_UNIT_ZERO;
2021-11-17 23:05:14 +01:00
TALER_CRYPTO_helper_rsa_poll (dh);
2021-11-17 13:03:47 +01:00
for (unsigned int j = 0; j<NUM_SIGN_PERFS;)
2020-11-22 22:25:49 +01:00
{
for (unsigned int i = 0; i<MAX_KEYS; i++)
{
if (! keys[i].valid)
continue;
2022-01-16 17:02:15 +01:00
if (TALER_DENOMINATION_RSA != keys[i].denom_pub.cipher)
continue;
if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_remaining (
keys[i].start_time.abs_time),
>,
GNUNET_TIME_UNIT_SECONDS))
2020-11-22 22:25:49 +01:00
continue;
if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_duration (
keys[i].start_time.abs_time),
>,
keys[i].validity_duration))
2020-11-22 22:25:49 +01:00
continue;
{
struct TALER_CoinPubHashP c_hash;
2021-11-17 20:31:08 +01:00
struct TALER_PlanchetDetail pd;
2020-11-22 22:25:49 +01:00
GNUNET_assert (GNUNET_YES ==
2021-11-17 20:31:08 +01:00
TALER_planchet_prepare (&keys[i].denom_pub,
2022-01-16 17:02:15 +01:00
&alg_values,
2022-02-05 23:12:21 +01:00
&bks,
&coin_priv,
[age restriction] progress 14/n - withdraw and deposit Age restriction support for - withdraw is done and tested - deposit is done and tested TODOs: - melt/refresh/reveal - link ------ Added functions - TALER_age_restriction_commit - TALER_age_commitment_derive - TALER_age_commitment_hash - TALER_age_restriction_commitment_free_inside - Hash of age commitment passed around API boundaries Exchangedb adjustments for denominations - all prepared statements re: denominations now handle age_mask - signature parameters adjusted Hash and signature verification of /keys adjusted - Hashes of (normal) denominations and age-restricted denominations are calculated seperately - The hash of the age-restricted ones will then be added to the other hash - The total hash is signed/verified Tests for withdraw with age restriction added - TALER_EXCHANGE_DenomPublickey now carries age_mask - TALER_TESTING_cmd_withdraw_amount* takes age parameter - TALER_TESTING_find_pk takes boolean age_restricted - WithdrawState carries age_commitment and its hash - withdraw_run derives new age commitment, if applicable - Added age parameter to testing (13 as example) Various Fixes and changes - Fixes of post handler for /management/extensions - Fixes for offline tool extensions signing - Slight refactoring of extensions - Age restriction extension simplified - config is now global to extension - added global TEH_age_restriction_enabled and TEH_age_mask in taler-exchange-httpd - helper functions and macros introduced
2022-02-16 22:01:05 +01:00
&ach,
2021-11-17 20:31:08 +01:00
&c_hash,
&pd));
2020-11-22 22:25:49 +01:00
/* use this key as long as it works */
while (1)
{
struct GNUNET_TIME_Absolute start = GNUNET_TIME_absolute_get ();
struct GNUNET_TIME_Relative delay;
2022-02-12 11:42:25 +01:00
ec = TALER_CRYPTO_helper_rsa_sign (dh,
2021-11-17 23:05:14 +01:00
&keys[i].h_rsa,
pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg,
pd.blinded_planchet.details.
rsa_blinded_planchet.
blinded_msg_size,
2022-02-12 11:42:25 +01:00
&ds);
2020-11-22 22:25:49 +01:00
if (TALER_EC_NONE != ec)
break;
delay = GNUNET_TIME_absolute_get_duration (start);
duration = GNUNET_TIME_relative_add (duration,
delay);
2021-11-17 20:31:08 +01:00
TALER_blinded_denom_sig_free (&ds);
2020-11-22 22:25:49 +01:00
j++;
2021-11-17 13:03:47 +01:00
if (NUM_SIGN_PERFS <= j)
2020-11-22 22:25:49 +01:00
break;
}
2022-01-16 17:02:15 +01:00
TALER_blinded_planchet_free (&pd.blinded_planchet);
2020-11-22 22:25:49 +01:00
}
} /* for i */
} /* for j */
fprintf (stderr,
2021-11-17 13:03:47 +01:00
"%u (%s) signature operations took %s\n",
(unsigned int) NUM_SIGN_PERFS,
type,
GNUNET_STRINGS_relative_time_to_string (duration,
GNUNET_YES));
return 0;
}
/**
* Parallel signing logic.
*
* @param esh handle to the helper
* @return 0 on success
*/
static int
par_signing (struct GNUNET_CONFIGURATION_Handle *cfg)
{
struct GNUNET_TIME_Absolute start;
struct GNUNET_TIME_Relative duration;
pid_t pids[NUM_CORES];
2021-11-17 23:05:14 +01:00
struct TALER_CRYPTO_RsaDenominationHelper *dh;
2021-11-17 13:03:47 +01:00
start = GNUNET_TIME_absolute_get ();
for (unsigned int i = 0; i<NUM_CORES; i++)
{
pids[i] = fork ();
num_keys = 0;
GNUNET_assert (-1 != pids[i]);
if (0 == pids[i])
{
int ret;
2021-11-17 23:05:14 +01:00
dh = TALER_CRYPTO_helper_rsa_connect (cfg,
&key_cb,
NULL);
2021-11-17 13:03:47 +01:00
GNUNET_assert (NULL != dh);
ret = perf_signing (dh,
"parallel");
2021-11-17 23:05:14 +01:00
TALER_CRYPTO_helper_rsa_disconnect (dh);
2021-11-19 20:56:53 +01:00
free_keys ();
2021-11-17 13:03:47 +01:00
exit (ret);
}
}
for (unsigned int i = 0; i<NUM_CORES; i++)
{
int wstatus;
GNUNET_assert (pids[i] ==
waitpid (pids[i],
&wstatus,
0));
}
duration = GNUNET_TIME_absolute_get_duration (start);
fprintf (stderr,
"%u (parallel) signature operations took %s (total real time)\n",
(unsigned int) NUM_SIGN_PERFS * NUM_CORES,
2020-11-22 22:25:49 +01:00
GNUNET_STRINGS_relative_time_to_string (duration,
GNUNET_YES));
return 0;
}
2020-11-22 19:02:49 +01:00
/**
* Main entry point into the test logic with the helper already running.
*/
static int
run_test (void)
{
struct GNUNET_CONFIGURATION_Handle *cfg;
2021-11-17 23:05:14 +01:00
struct TALER_CRYPTO_RsaDenominationHelper *dh;
2020-11-22 19:02:49 +01:00
struct timespec req = {
.tv_nsec = 250000000
};
int ret;
cfg = GNUNET_CONFIGURATION_create ();
if (GNUNET_OK !=
GNUNET_CONFIGURATION_load (cfg,
"test_helper_rsa.conf"))
{
GNUNET_break (0);
return 77;
}
2021-11-17 13:03:47 +01:00
fprintf (stderr, "Waiting for helper to start ... ");
for (unsigned int i = 0; i<100; i++)
{
2021-11-17 13:03:47 +01:00
nanosleep (&req,
NULL);
2021-11-17 23:05:14 +01:00
dh = TALER_CRYPTO_helper_rsa_connect (cfg,
&key_cb,
NULL);
if (NULL != dh)
break;
fprintf (stderr, ".");
}
2020-11-22 19:02:49 +01:00
if (NULL == dh)
{
2021-11-17 13:03:47 +01:00
fprintf (stderr,
"\nFAILED: timeout trying to connect to helper\n");
GNUNET_CONFIGURATION_destroy (cfg);
2020-11-22 19:02:49 +01:00
return 1;
}
if (0 == num_keys)
{
fprintf (stderr,
"\nFAILED: timeout trying to connect to helper\n");
2021-11-17 23:05:14 +01:00
TALER_CRYPTO_helper_rsa_disconnect (dh);
2021-11-17 13:03:47 +01:00
GNUNET_CONFIGURATION_destroy (cfg);
2020-11-22 19:02:49 +01:00
return 1;
}
fprintf (stderr,
2021-11-17 13:03:47 +01:00
" Done (%u keys)\n",
2020-11-22 19:02:49 +01:00
num_keys);
ret = 0;
if (0 == ret)
ret = test_revocation (dh);
if (0 == ret)
ret = test_signing (dh);
2020-11-22 22:25:49 +01:00
if (0 == ret)
2021-11-17 13:03:47 +01:00
ret = perf_signing (dh,
"sequential");
2021-11-17 23:05:14 +01:00
TALER_CRYPTO_helper_rsa_disconnect (dh);
2021-11-19 20:56:53 +01:00
free_keys ();
2021-11-17 13:03:47 +01:00
if (0 == ret)
ret = par_signing (cfg);
2020-11-22 18:31:33 +01:00
/* clean up our state */
2021-11-17 13:03:47 +01:00
GNUNET_CONFIGURATION_destroy (cfg);
2020-11-22 19:02:49 +01:00
return ret;
2020-11-22 18:31:33 +01:00
}
int
main (int argc,
const char *const argv[])
{
struct GNUNET_OS_Process *helper;
char *libexec_dir;
char *binary_name;
int ret;
enum GNUNET_OS_ProcessStatusType type;
unsigned long code;
(void) argc;
(void) argv;
2021-12-08 12:42:22 +01:00
unsetenv ("XDG_DATA_HOME");
unsetenv ("XDG_CONFIG_HOME");
2020-11-22 18:31:33 +01:00
GNUNET_log_setup ("test-helper-rsa",
2021-11-17 13:03:47 +01:00
"WARNING",
2020-11-22 18:31:33 +01:00
NULL);
GNUNET_OS_init (TALER_project_data_default ());
2020-12-31 22:31:32 +01:00
libexec_dir = GNUNET_OS_installation_get_path (GNUNET_OS_IPK_BINDIR);
2020-11-22 18:31:33 +01:00
GNUNET_asprintf (&binary_name,
"%s/%s",
libexec_dir,
"taler-exchange-secmod-rsa");
2020-11-22 18:31:33 +01:00
GNUNET_free (libexec_dir);
helper = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_ERR,
NULL, NULL, NULL,
binary_name,
binary_name,
"-c",
"test_helper_rsa.conf",
"-L",
2021-11-17 13:03:47 +01:00
"WARNING",
2020-11-22 18:31:33 +01:00
NULL);
if (NULL == helper)
{
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
"exec",
binary_name);
GNUNET_free (binary_name);
return 77;
}
GNUNET_free (binary_name);
ret = run_test ();
GNUNET_OS_process_kill (helper,
SIGTERM);
if (GNUNET_OK !=
GNUNET_OS_process_wait_status (helper,
&type,
&code))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Helper process did not die voluntarily, killing hard\n");
GNUNET_OS_process_kill (helper,
SIGKILL);
ret = 4;
}
else if ( (GNUNET_OS_PROCESS_EXITED != type) ||
(0 != code) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Helper died with unexpected status %d/%d\n",
(int) type,
(int) code);
ret = 5;
}
GNUNET_OS_process_destroy (helper);
return ret;
}
/* end of test_helper_rsa.c */