exchange/src/exchange-tools/taler-exchange-keycheck.c

248 lines
7.4 KiB
C
Raw Normal View History

2015-01-08 18:37:20 +01:00
/*
This file is part of TALER
2016-01-19 14:39:00 +01:00
Copyright (C) 2014, 2015 GNUnet e.V.
2015-01-08 18:37:20 +01:00
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/>
*/
/**
2016-03-01 15:35:04 +01:00
* @file taler-exchange-keycheck.c
* @brief Check exchange keys for validity. Reads the signing and denomination
* keys from the exchange directory and checks to make sure they are
* well-formed. This is purely a diagnostic tool.
2015-01-08 18:37:20 +01:00
* @author Florian Dold
* @author Benedikt Mueller
* @author Christian Grothoff
2015-01-08 18:37:20 +01:00
*/
#include <platform.h>
#include <gnunet/gnunet_util_lib.h>
2016-03-01 15:35:04 +01:00
#include "taler_exchangedb_lib.h"
2015-01-08 18:37:20 +01:00
/**
2016-03-01 15:35:04 +01:00
* Exchange directory with the keys.
*/
2016-03-01 15:35:04 +01:00
static char *exchange_directory;
/**
* Our configuration.
*/
2015-01-08 18:37:20 +01:00
static struct GNUNET_CONFIGURATION_Handle *kcfg;
/**
* Function called on each signing key.
*
* @param cls closure (NULL)
* @param filename name of the file the key came from
* @param ski the sign key
* @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error,
* #GNUNET_SYSERR to abort iteration with error!
*/
2015-01-08 18:37:20 +01:00
static int
signkeys_iter (void *cls,
const char *filename,
2016-03-01 15:35:04 +01:00
const struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP *ski)
2015-01-08 18:37:20 +01:00
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Iterating over key `%s' for start time %s\n",
filename,
GNUNET_STRINGS_absolute_time_to_string
(GNUNET_TIME_absolute_ntoh (ski->issue.start)));
2015-01-08 18:37:20 +01:00
if (ntohl (ski->issue.purpose.size) !=
2016-03-01 15:35:04 +01:00
(sizeof (struct TALER_ExchangeSigningKeyValidityPS) -
offsetof (struct TALER_ExchangeSigningKeyValidityPS,
purpose)))
2015-01-08 18:37:20 +01:00
{
fprintf (stderr,
"Signing key `%s' has invalid purpose size\n",
filename);
2015-01-08 18:37:20 +01:00
return GNUNET_SYSERR;
}
2015-06-20 22:22:59 +02:00
if ( (0 != GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us % 1000000) ||
(0 != GNUNET_TIME_absolute_ntoh (ski->issue.expire).abs_value_us % 1000000) ||
(0 != GNUNET_TIME_absolute_ntoh (ski->issue.end).abs_value_us % 1000000) )
{
fprintf (stderr,
"Timestamps are not multiples of a round second\n");
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
&ski->issue.purpose,
2015-03-22 22:14:30 +01:00
&ski->issue.signature.eddsa_signature,
&ski->issue.master_public_key.eddsa_pub))
2015-01-08 18:37:20 +01:00
{
fprintf (stderr,
"Signing key `%s' has invalid signature\n",
filename);
2015-01-08 18:37:20 +01:00
return GNUNET_SYSERR;
}
printf ("Signing key `%s' valid\n",
filename);
2015-01-08 18:37:20 +01:00
return GNUNET_OK;
}
/**
* Check signing keys.
*
* @return #GNUNET_OK if the keys are OK
* #GNUNET_NO if not
*/
2015-01-08 18:37:20 +01:00
static int
2016-03-01 15:35:04 +01:00
exchange_signkeys_check ()
2015-01-08 18:37:20 +01:00
{
2016-03-01 15:35:04 +01:00
if (0 > TALER_EXCHANGEDB_signing_keys_iterate (exchange_directory,
&signkeys_iter,
NULL))
2015-01-08 18:37:20 +01:00
return GNUNET_NO;
return GNUNET_OK;
}
/**
* Function called on each denomination key.
*
* @param cls closure (NULL)
* @param dki the denomination key
* @param alias coin alias
* @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error,
* #GNUNET_SYSERR to abort iteration with error!
*/
static int
denomkeys_iter (void *cls,
const char *alias,
2016-03-01 15:35:04 +01:00
const struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki)
2015-01-08 18:37:20 +01:00
{
struct GNUNET_HashCode hc;
2015-01-08 18:37:20 +01:00
if (ntohl (dki->issue.properties.purpose.size) !=
sizeof (struct TALER_DenominationKeyValidityPS))
2015-01-08 18:37:20 +01:00
{
fprintf (stderr,
"Denomination key for `%s' has invalid purpose size\n",
alias);
2015-01-08 18:37:20 +01:00
return GNUNET_SYSERR;
}
if ( (0 != GNUNET_TIME_absolute_ntoh (dki->issue.properties.start).abs_value_us % 1000000) ||
(0 != GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_withdraw).abs_value_us % 1000000) ||
(0 != GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_legal).abs_value_us % 1000000) ||
(0 != GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_spend).abs_value_us % 1000000) )
2015-06-20 22:22:59 +02:00
{
fprintf (stderr,
"Timestamps are not multiples of a round second\n");
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY,
&dki->issue.properties.purpose,
2015-03-22 22:14:30 +01:00
&dki->issue.signature.eddsa_signature,
&dki->issue.properties.master.eddsa_pub))
2015-01-08 18:37:20 +01:00
{
fprintf (stderr,
"Denomination key for `%s' has invalid signature\n",
alias);
2015-01-08 18:37:20 +01:00
return GNUNET_SYSERR;
}
2015-03-22 22:14:30 +01:00
GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub.rsa_public_key,
&hc);
if (0 != memcmp (&hc,
&dki->issue.properties.denom_hash,
sizeof (struct GNUNET_HashCode)))
{
fprintf (stderr,
"Public key for `%s' does not match signature\n",
alias);
return GNUNET_SYSERR;
}
printf ("Denomination key `%s' is valid\n",
alias);
2015-01-08 18:37:20 +01:00
return GNUNET_OK;
}
/**
* Check denomination keys.
*
* @return #GNUNET_OK if the keys are OK
* #GNUNET_NO if not
*/
2015-01-08 18:37:20 +01:00
static int
2016-03-01 15:35:04 +01:00
exchange_denomkeys_check ()
2015-01-08 18:37:20 +01:00
{
2016-03-01 15:35:04 +01:00
if (0 > TALER_EXCHANGEDB_denomination_keys_iterate (exchange_directory,
2015-06-19 11:24:34 +02:00
&denomkeys_iter,
NULL))
2015-01-08 18:37:20 +01:00
return GNUNET_NO;
return GNUNET_OK;
}
/**
* The main function of the keyup tool
*
* @param argc number of arguments from the command line
* @param argv command line arguments
* @return 0 ok, 1 on error
*/
int
main (int argc, char *const *argv)
{
static const struct GNUNET_GETOPT_CommandLineOption options[] = {
2016-03-01 15:35:04 +01:00
GNUNET_GETOPT_OPTION_HELP ("gnunet-exchange-keycheck OPTIONS"),
{'d', "directory", "DIRECTORY",
2016-03-01 15:35:04 +01:00
"exchange directory with keys to check", 1,
&GNUNET_GETOPT_set_filename, &exchange_directory},
2015-01-08 18:37:20 +01:00
GNUNET_GETOPT_OPTION_END
};
GNUNET_assert (GNUNET_OK ==
2016-03-01 15:35:04 +01:00
GNUNET_log_setup ("taler-exchange-keycheck",
"WARNING",
NULL));
2015-01-08 18:37:20 +01:00
2016-03-01 15:35:04 +01:00
if (GNUNET_GETOPT_run ("taler-exchange-keycheck",
options,
argc, argv) < 0)
2015-01-08 18:37:20 +01:00
return 1;
2016-03-01 15:35:04 +01:00
if (NULL == exchange_directory)
2015-01-08 18:37:20 +01:00
{
fprintf (stderr,
2016-03-01 15:35:04 +01:00
"Exchange directory not given\n");
2015-01-08 18:37:20 +01:00
return 1;
}
2016-03-01 15:35:04 +01:00
kcfg = TALER_config_load (exchange_directory);
2015-01-08 18:37:20 +01:00
if (NULL == kcfg)
{
fprintf (stderr,
2016-03-01 15:35:04 +01:00
"Failed to load exchange configuration\n");
2015-01-08 18:37:20 +01:00
return 1;
}
2016-03-01 15:35:04 +01:00
if ( (GNUNET_OK != exchange_signkeys_check ()) ||
(GNUNET_OK != exchange_denomkeys_check ()) )
{
GNUNET_CONFIGURATION_destroy (kcfg);
2015-01-08 18:37:20 +01:00
return 1;
}
GNUNET_CONFIGURATION_destroy (kcfg);
2015-01-08 18:37:20 +01:00
return 0;
}
2016-03-01 15:35:04 +01:00
/* end of taler-exchange-keycheck.c */