taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

finish implementing #3847

Browse Source
This commit is contained in:
Christian Grothoff 2015-09-19 16:34:27 +02:00
parent 00b697c405
commit 37a84c5af7
5 changed files with 108 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/include/taler_mintdb_lib.h
View File

@ -212,10 +212,10 @@ TALER_MINTDB_denomination_key_read (const char *filename,
*
* @param cls closure
* @param apub the auditor's public key
* @param asig the auditor's signature
* @param mpub the mint's public key (as expected by the auditor)
* @param dki_len length of @a dki
* @param dki array of denomination coin data signed by the auditor
* @param dki_len length of @a asig and @a dki arrays
* @param asigs array of the auditor's signatures over the @a dks, of length @a dki_len
* @param dki array of denomination coin data signed by the auditor, of length @a dki_len
* @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error,
* #GNUNET_SYSERR to abort iteration with error!
@ -223,9 +223,9 @@ TALER_MINTDB_denomination_key_read (const char *filename,
typedef int
(*TALER_MINTDB_AuditorIterator)(void *cls,
const struct TALER_AuditorPublicKeyP *apub,
const struct TALER_AuditorSignatureP *asig,
const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len,
const struct TALER_AuditorSignatureP *asigs,
const struct TALER_DenominationKeyValidityPS *dki);
@ -253,16 +253,16 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,
*
* @param filename the file where to write the auditor information to
* @param apub the auditor's public key
* @param asig the auditor's signature
* @param asigs the auditor's signatures, array of length @a dki_len
* @param mpub the mint's public key (as expected by the auditor)
* @param dki_len length of @a dki
* @param dki_len length of @a dki and @a asigs arrays
* @param dki array of denomination coin data signed by the auditor
* @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure.
*/
int
TALER_MINTDB_auditor_write (const char *filename,
const struct TALER_AuditorPublicKeyP *apub,
const struct TALER_AuditorSignatureP *asig,
const struct TALER_AuditorSignatureP *asigs,
const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len,
const struct TALER_DenominationKeyValidityPS *dki);

10
src/mint-tools/Makefile.am
View File

@ -7,6 +7,7 @@ if USE_COVERAGE
endif
bin_PROGRAMS = \
taler-auditor-sign \
taler-mint-keyup \
taler-mint-keycheck \
taler-mint-reservemod \
@ -15,7 +16,6 @@ bin_PROGRAMS = \
taler_mint_keyup_SOURCES = \
taler-mint-keyup.c
taler_mint_keyup_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
@ -24,6 +24,14 @@ taler_mint_keyup_LDADD = \
-lgnunetutil $(XLIB)
taler_mint_keyup_LDFLAGS = $(POSTGRESQL_LDFLAGS)
taler_auditor_sign_SOURCES = \
taler-auditor-sign.c
taler_auditor_sign_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/mintdb/libtalermintdb.la \
-lgnunetutil $(XLIB)
taler_mint_sepa_SOURCES = \
taler-mint-sepa.c

82
src/mint-tools/taler-auditor-sign.c
View File

@ -49,11 +49,6 @@ static char *mint_request_file;
*/
static char *output_file;
/**
* Handle to the auditor's configuration
*/
static struct GNUNET_CONFIGURATION_Handle *kcfg;
/**
* Master public key of the mint.
*/
@ -101,16 +96,16 @@ print_dk (const struct TALER_DenominationKeyValidityPS *dk)
fprintf (stdout,
"Validity start time: %s\n",
GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->start)));
GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->start)));
fprintf (stdout,
"Withdraw end time: %s\n",
GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_withdraw)));
GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_withdraw)));
fprintf (stdout,
"Deposit end time: %s\n",
GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_spend)));
GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_spend)));
fprintf (stdout,
"Legal dispute end time: %s\n",
GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_legal)));
GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_legal)));
fprintf (stdout,
"\n");
@ -150,12 +145,12 @@ main (int argc,
GNUNET_GETOPT_OPTION_END
};
struct GNUNET_CRYPTO_EddsaPrivateKey *eddsa_priv;
struct TALER_AuditorSignatureP sig;
struct TALER_AuditorSignatureP *sigs;
struct TALER_AuditorPublicKeyP apub;
struct GNUNET_DISK_FileHandle *fh;
struct TALER_DenominationKeyValidityPS *dks;
unsigned int dks_len;
struct TALER_MintKeyValidityPS *ap;
struct TALER_MintKeyValidityPS kv;
off_t in_size;
unsigned int i;
@ -187,6 +182,7 @@ main (int argc,
{
fprintf (stderr,
"Mint public key not given\n");
GNUNET_free (eddsa_priv);
return 1;
}
if (GNUNET_OK !=
@ -198,12 +194,14 @@ main (int argc,
fprintf (stderr,
"Public key `%s' malformed\n",
mint_public_key);
GNUNET_free (eddsa_priv);
return 1;
}
if (NULL == mint_request_file)
{
fprintf (stderr,
"Mint signing request not given\n");
GNUNET_free (eddsa_priv);
return 1;
}
fh = GNUNET_DISK_file_open (mint_request_file,
@ -215,6 +213,7 @@ main (int argc,
"Failed to open file `%s': %s\n",
mint_request_file,
STRERROR (errno));
GNUNET_free (eddsa_priv);
return 1;
}
if (GNUNET_OK !=
@ -226,6 +225,7 @@ main (int argc,
mint_request_file,
STRERROR (errno));
GNUNET_DISK_file_close (fh);
GNUNET_free (eddsa_priv);
return 1;
}
if (0 != (in_size % sizeof (struct TALER_DenominationKeyValidityPS)))
@ -234,16 +234,17 @@ main (int argc,
"Input file size of file `%s' is invalid\n",
mint_request_file);
GNUNET_DISK_file_close (fh);
GNUNET_free (eddsa_priv);
return 1;
}
dks_len = in_size / sizeof (struct TALER_DenominationKeyValidityPS);
ap = GNUNET_malloc (sizeof (struct TALER_MintKeyValidityPS) +
in_size);
ap.purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_MINT_KEYS);
ap.purpose.size = htonl (sizeof (struct TALER_MintKeyValidityPS) +
in_size);
ap.master = master_public_key;
dks = (struct TALER_DenominationKeyValidityPS *) &ap[1];
kv.purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_MINT_KEYS);
kv.purpose.size = htonl (sizeof (struct TALER_MintKeyValidityPS));
kv.master = master_public_key;
dks = GNUNET_new_array (dks_len,
struct TALER_DenominationKeyValidityPS);
sigs = GNUNET_new_array (dks_len,
struct TALER_AuditorSignatureP);
if (in_size !=
GNUNET_DISK_file_read (fh,
dks,
@ -254,34 +255,51 @@ main (int argc,
mint_request_file,
STRERROR (errno));
GNUNET_DISK_file_close (fh);
GNUNET_free (ap);
GNUNET_free (sigs);
GNUNET_free (dks);
GNUNET_free (eddsa_priv);
return 1;
}
GNUNET_DISK_file_close (fh);
if (verbose)
for (i=0;i<dks_len;i++)
{
for (i=0;i<dks_len;i++)
print_dk (&dks[i]);
struct TALER_DenominationKeyValidityPS *dk = &dks[i];
if (verbose)
print_dk (dk);
kv.start = dk->start;
kv.expire_withdraw = dk->expire_withdraw;
kv.expire_spend = dk->expire_spend;
kv.expire_legal = dk->expire_legal;
kv.value = dk->value;
kv.fee_withdraw = dk->fee_withdraw;
kv.fee_deposit = dk->fee_deposit;
kv.fee_refresh = dk->fee_refresh;
kv.denom_hash = dk->denom_hash;
/* Finally sign ... */
GNUNET_CRYPTO_eddsa_sign (eddsa_priv,
&kv.purpose,
&sigs[i].eddsa_sig);
}
if (NULL == output_file)
{
fprintf (stderr,
"Output file not given\n");
GNUNET_free (ap);
GNUNET_free (dks);
GNUNET_free (sigs);
GNUNET_free (eddsa_priv);
return 1;
}
/* Finally sign ... */
GNUNET_CRYPTO_eddsa_sign (eddsa_priv,
&ap->purpose,
&sig.eddsa_sig);
/* write result to disk */
if (GNUNET_OK !=
TALER_MINTDB_auditor_write (output_file,
&apub,
&sig,
sigs,
&master_public_key,
dks_len,
dks))
@ -290,10 +308,12 @@ main (int argc,
"Failed to write to file `%s': %s\n",
output_file,
STRERROR (errno));
GNUNET_free (ap);
GNUNET_free (sigs);
GNUNET_free (dks);
return 1;
}
GNUNET_free (ap);
GNUNET_free (sigs);
GNUNET_free (dks);
GNUNET_free (eddsa_priv);
return 0;
}

54
src/mint/taler-mint-httpd_keystate.c
View File

@ -417,16 +417,16 @@ reload_keys_sign_iter (void *cls,
* Convert information from an auditor to a JSON object.
*
* @param apub the auditor's public key
* @param asig the auditor's signature
* @param dki_len length of @a dki
* @param dki_len length of @a dki and @a asigs arrays
* @param asigs the auditor's signatures
* @param dki array of denomination coin data signed by the auditor
* @return a JSON object describing the auditor information and signature
*/
static json_t *
auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
const struct TALER_AuditorSignatureP *asig,
unsigned int dki_len,
const struct TALER_DenominationKeyValidityPS *dki)
const struct TALER_AuditorSignatureP **asigs,
const struct TALER_DenominationKeyValidityPS **dki)
{
unsigned int i;
json_t *ja;
@ -434,19 +434,19 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
ja = json_array ();
for (i=0;i<dki_len;i++)
json_array_append_new (ja,
json_pack ("{s:o}",
json_pack ("{s:o, s:o}",
"denom_pub_h",
TALER_json_from_data (&dki->denom_hash,
sizeof (struct GNUNET_HashCode))));
TALER_json_from_data (&dki[i]->denom_hash,
sizeof (struct GNUNET_HashCode)),
"auditor_sig",
TALER_json_from_data (asigs[i],
sizeof (struct TALER_AuditorSignatureP))));
return
json_pack ("{s:o, s:o, s:o}",
json_pack ("{s:o, s:o}",
"denomination_keys", ja,
"auditor_pub",
TALER_json_from_data (apub,
sizeof (struct TALER_AuditorPublicKeyP)),
"auditor_sig",
TALER_json_from_data (asig,
sizeof (struct TALER_AuditorSignatureP)));
sizeof (struct TALER_AuditorPublicKeyP)));
}
@ -458,9 +458,9 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
*
* @param cls closure with the `struct TMH_KS_StateHandle *`
* @param apub the auditor's public key
* @param asig the auditor's signature
* @param mpub the mint's public key (as expected by the auditor)
* @param dki_len length of @a dki
* @param dki_len length of @a dki and @a asigs
* @param asigs array with the auditor's signatures, of length @a dki_len
* @param dki array of denomination coin data signed by the auditor
* @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error,
@ -469,14 +469,16 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
static int
reload_auditor_iter (void *cls,
const struct TALER_AuditorPublicKeyP *apub,
const struct TALER_AuditorSignatureP *asig,
const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len,
const struct TALER_AuditorSignatureP *asigs,
const struct TALER_DenominationKeyValidityPS *dki)
{
struct TMH_KS_StateHandle *ctx = cls;
unsigned int i;
int found;
unsigned int keep;
const struct TALER_AuditorSignatureP *kept_asigs[dki_len];
const struct TALER_DenominationKeyValidityPS *kept_dkis[dki_len];
/* Check if the signature is at least for this mint. */
if (0 != memcmp (&mpub->eddsa_pub,
@ -487,28 +489,26 @@ reload_auditor_iter (void *cls,
"Auditing information provided for a different mint, ignored\n");
return GNUNET_OK;
}
/* check if there is an overlap between the set of keys signed by
the auditor and the denomination keys that are active right now */
found = GNUNET_NO;
/* Filter the auditor information for those for which the
keys actually match the denomination keys that are active right now */
keep = 0;
for (i=0;i<dki_len;i++)
{
if (GNUNET_YES ==
GNUNET_CONTAINER_multihashmap_contains (ctx->denomkey_map,
&dki[i].denom_hash))
{
found = GNUNET_YES;
break;
kept_asigs[keep] = &asigs[i];
kept_dkis[keep] = &dki[i];
keep++;
}
}
if (GNUNET_NO == found)
return GNUNET_OK; /* None of the keys are relevant for us right now,
so skip this auditor signature */
/* add auditor information to our /keys response */
json_array_append_new (ctx->auditors_array,
auditor_to_json (apub,
asig,
dki_len,
dki));
keep,
kept_asigs,
kept_dkis));
return GNUNET_OK;
}

25
src/mintdb/mintdb_keyio.c
View File

@ -382,11 +382,6 @@ struct AuditorFileHeaderP
*/
struct TALER_AuditorPublicKeyP apub;
/**
* Signature from the auditor.
*/
struct TALER_AuditorSignatureP asig;
/**
* Master public key of the mint the auditor is signing
* information for.
@ -415,6 +410,7 @@ auditor_iter (void *cls,
struct AuditorIterateContext *aic = cls;
uint64_t size;
struct AuditorFileHeaderP *af;
const struct TALER_AuditorSignatureP *sigs;
const struct TALER_DenominationKeyValidityPS *dki;
unsigned int len;
int ret;
@ -431,7 +427,8 @@ auditor_iter (void *cls,
}
if ( (size < sizeof (struct AuditorFileHeaderP)) ||
(0 != (len = ((size - sizeof (struct AuditorFileHeaderP)) %
sizeof (struct TALER_DenominationKeyValidityPS)))) )
(sizeof (struct TALER_DenominationKeyValidityPS) +
sizeof (struct TALER_AuditorSignatureP))))) )
{
GNUNET_break (0);
return GNUNET_SYSERR;
@ -448,12 +445,13 @@ auditor_iter (void *cls,
GNUNET_free (af);
return GNUNET_SYSERR;
}
dki = (const struct TALER_DenominationKeyValidityPS *) &af[1];
sigs = (const struct TALER_AuditorSignatureP *) &af[1];
dki = (const struct TALER_DenominationKeyValidityPS *) &sigs[len];
ret = aic->it (aic->it_cls,
&af->apub,
&af->asig,
&af->mpub,
len,
sigs,
dki);
GNUNET_free (af);
return ret;
@ -500,7 +498,7 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,
*
* @param filename the file where to write the auditor information to
* @param apub the auditor's public key
* @param asig the auditor's signature
* @param asigs the auditor's signatures, array of length @a dki_len
* @param mpub the mint's public key (as expected by the auditor)
* @param dki_len length of @a dki
* @param dki array of denomination coin data signed by the auditor
@ -509,7 +507,7 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,
int
TALER_MINTDB_auditor_write (const char *filename,
const struct TALER_AuditorPublicKeyP *apub,
const struct TALER_AuditorSignatureP *asig,
const struct TALER_AuditorSignatureP *asigs,
const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len,
const struct TALER_DenominationKeyValidityPS *dki)
@ -522,7 +520,6 @@ TALER_MINTDB_auditor_write (const char *filename,
int eno;
af.apub = *apub;
af.asig = *asig;
af.mpub = *mpub;
ret = GNUNET_SYSERR;
if (NULL == (fh = GNUNET_DISK_file_open
@ -537,6 +534,12 @@ TALER_MINTDB_auditor_write (const char *filename,
goto cleanup;
if (wrote != wsize)
goto cleanup;
wsize = dki_len * sizeof (struct TALER_AuditorSignatureP);
if (wsize ==
GNUNET_DISK_file_write (fh,
asigs,
wsize))
ret = GNUNET_OK;
wsize = dki_len * sizeof (struct TALER_DenominationKeyValidityPS);
if (wsize ==
GNUNET_DISK_file_write (fh,