exchange/src/mint/taler-mint-keycheck.c

175 lines
5.1 KiB
C
Raw Normal View History

2015-01-08 18:37:20 +01:00
/*
This file is part of TALER
Copyright (C) 2014 Christian Grothoff (and other contributing authors)
2015-01-08 18:37:20 +01:00
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler-mint-keycheck.c
* @brief Check mint keys for validity.
* @author Florian Dold
* @author Benedikt Mueller
*/
#include <platform.h>
#include <gnunet/gnunet_util_lib.h>
#include "taler_signatures.h"
#include "key_io.h"
2015-01-08 18:37:20 +01:00
static char *mintdir;
static struct GNUNET_CONFIGURATION_Handle *kcfg;
static int
signkeys_iter (void *cls, const struct TALER_MINT_SignKeyIssuePriv *ski)
2015-01-08 18:37:20 +01:00
{
struct GNUNET_TIME_Absolute start;
printf ("iterating over key for start time %s\n",
GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (ski->issue.start)));
2015-01-08 18:37:20 +01:00
start = GNUNET_TIME_absolute_ntoh (ski->issue.start);
2015-01-08 18:37:20 +01:00
if (ntohl (ski->issue.purpose.size) !=
2015-01-08 18:37:20 +01:00
(sizeof (struct TALER_MINT_SignKeyIssue) - offsetof (struct TALER_MINT_SignKeyIssue, purpose)))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Signkey with start %s has invalid purpose field (timestamp: %llu)\n",
2015-01-08 18:37:20 +01:00
GNUNET_STRINGS_absolute_time_to_string (start),
(long long) start.abs_value_us);
return GNUNET_SYSERR;
}
if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNKEY,
&ski->issue.purpose,
&ski->issue.signature,
&ski->issue.master_pub))
2015-01-08 18:37:20 +01:00
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signkey with start %s has invalid signature (timestamp: %llu)\n",
GNUNET_STRINGS_absolute_time_to_string (start),
(long long) start.abs_value_us);
return GNUNET_SYSERR;
}
/* FIXME: what about private key matching the public key? */
2015-01-08 18:37:20 +01:00
printf ("key valid\n");
return GNUNET_OK;
}
static int
mint_signkeys_check ()
{
if (0 > TALER_MINT_signkeys_iterate (mintdir, signkeys_iter, NULL))
return GNUNET_NO;
return GNUNET_OK;
}
static int
denomkeys_iter (void *cls,
const char *alias,
const struct TALER_MINT_DenomKeyIssuePriv *dki)
2015-01-08 18:37:20 +01:00
{
struct GNUNET_TIME_Absolute start;
start = GNUNET_TIME_absolute_ntoh (dki->issue.start);
2015-01-08 18:37:20 +01:00
if (ntohl (dki->issue.purpose.size) !=
(sizeof (struct TALER_MINT_DenomKeyIssuePriv) - offsetof (struct TALER_MINT_DenomKeyIssuePriv, issue.purpose)))
2015-01-08 18:37:20 +01:00
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Denomkey for '%s' with start %s has invalid purpose field (timestamp: %llu)\n",
alias,
GNUNET_STRINGS_absolute_time_to_string (start),
(long long) start.abs_value_us);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_DENOM,
&dki->issue.purpose,
&dki->issue.signature,
&dki->issue.master))
2015-01-08 18:37:20 +01:00
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Denomkey for '%s'with start %s has invalid signature (timestamp: %llu)\n",
2015-01-08 18:37:20 +01:00
alias,
GNUNET_STRINGS_absolute_time_to_string (start),
(long long) start.abs_value_us);
return GNUNET_SYSERR;
}
printf ("denom key valid\n");
return GNUNET_OK;
}
static int
mint_denomkeys_check ()
{
if (0 > TALER_MINT_denomkeys_iterate (mintdir,
&denomkeys_iter, NULL))
2015-01-08 18:37:20 +01:00
return GNUNET_NO;
return GNUNET_OK;
}
static int
mint_keys_check (void)
{
if (GNUNET_OK != mint_signkeys_check ())
return GNUNET_NO;
return mint_denomkeys_check ();
}
/**
* The main function of the keyup tool
*
* @param argc number of arguments from the command line
* @param argv command line arguments
* @return 0 ok, 1 on error
*/
int
main (int argc, char *const *argv)
{
static const struct GNUNET_GETOPT_CommandLineOption options[] = {
GNUNET_GETOPT_OPTION_HELP ("gnunet-mint-keyup OPTIONS"),
{'d', "mint-dir", "DIR",
"mint directory with keys to update", 1,
&GNUNET_GETOPT_set_filename, &mintdir},
GNUNET_GETOPT_OPTION_END
};
GNUNET_assert (GNUNET_OK == GNUNET_log_setup ("taler-mint-keycheck", "WARNING", NULL));
if (GNUNET_GETOPT_run ("taler-mint-keyup", options, argc, argv) < 0)
2015-01-08 18:37:20 +01:00
return 1;
if (NULL == mintdir)
{
fprintf (stderr, "mint directory not given\n");
2015-01-08 18:37:20 +01:00
return 1;
}
kcfg = TALER_config_load (mintdir);
2015-01-08 18:37:20 +01:00
if (NULL == kcfg)
{
fprintf (stderr, "can't load mint configuration\n");
return 1;
}
if (GNUNET_OK != mint_keys_check ())
return 1;
return 0;
}