taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

finish implementing #3847

Browse Source
This commit is contained in:
Christian Grothoff 2015-09-19 16:34:27 +02:00
parent 00b697c405
commit 37a84c5af7
5 changed files with 108 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/include/taler_mintdb_lib.h
View File

@ -212,10 +212,10 @@ TALER_MINTDB_denomination_key_read (const char *filename,
* *
* @param cls closure * @param cls closure
* @param apub the auditor's public key * @param apub the auditor's public key
* @param asig the auditor's signature
* @param mpub the mint's public key (as expected by the auditor) * @param mpub the mint's public key (as expected by the auditor)
* @param dki_len length of @a dki * @param dki_len length of @a asig and @a dki arrays
* @param dki array of denomination coin data signed by the auditor * @param asigs array of the auditor's signatures over the @a dks, of length @a dki_len
* @param dki array of denomination coin data signed by the auditor, of length @a dki_len
* @return #GNUNET_OK to continue to iterate, * @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error, * #GNUNET_NO to stop iteration with no error,
* #GNUNET_SYSERR to abort iteration with error! * #GNUNET_SYSERR to abort iteration with error!
@ -223,9 +223,9 @@ TALER_MINTDB_denomination_key_read (const char *filename,
typedef int typedef int
(*TALER_MINTDB_AuditorIterator)(void *cls, (*TALER_MINTDB_AuditorIterator)(void *cls,
const struct TALER_AuditorPublicKeyP *apub, const struct TALER_AuditorPublicKeyP *apub,
const struct TALER_AuditorSignatureP *asig,
const struct TALER_MasterPublicKeyP *mpub, const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len, unsigned int dki_len,
const struct TALER_AuditorSignatureP *asigs,
const struct TALER_DenominationKeyValidityPS *dki); const struct TALER_DenominationKeyValidityPS *dki);
@ -253,16 +253,16 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,
* *
* @param filename the file where to write the auditor information to * @param filename the file where to write the auditor information to
* @param apub the auditor's public key * @param apub the auditor's public key
* @param asig the auditor's signature * @param asigs the auditor's signatures, array of length @a dki_len
* @param mpub the mint's public key (as expected by the auditor) * @param mpub the mint's public key (as expected by the auditor)
* @param dki_len length of @a dki * @param dki_len length of @a dki and @a asigs arrays
* @param dki array of denomination coin data signed by the auditor * @param dki array of denomination coin data signed by the auditor
* @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure. * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure.
*/ */
int int
TALER_MINTDB_auditor_write (const char *filename, TALER_MINTDB_auditor_write (const char *filename,
const struct TALER_AuditorPublicKeyP *apub, const struct TALER_AuditorPublicKeyP *apub,
const struct TALER_AuditorSignatureP *asig, const struct TALER_AuditorSignatureP *asigs,
const struct TALER_MasterPublicKeyP *mpub, const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len, unsigned int dki_len,
const struct TALER_DenominationKeyValidityPS *dki); const struct TALER_DenominationKeyValidityPS *dki);

10
src/mint-tools/Makefile.am
View File

@ -7,6 +7,7 @@ if USE_COVERAGE
endif endif
bin_PROGRAMS = \ bin_PROGRAMS = \
taler-auditor-sign \
taler-mint-keyup \ taler-mint-keyup \
taler-mint-keycheck \ taler-mint-keycheck \
taler-mint-reservemod \ taler-mint-reservemod \
@ -15,7 +16,6 @@ bin_PROGRAMS = \
taler_mint_keyup_SOURCES = \ taler_mint_keyup_SOURCES = \
taler-mint-keyup.c taler-mint-keyup.c
taler_mint_keyup_LDADD = \ taler_mint_keyup_LDADD = \
$(LIBGCRYPT_LIBS) \ $(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \ $(top_builddir)/src/util/libtalerutil.la \
@ -24,6 +24,14 @@ taler_mint_keyup_LDADD = \
-lgnunetutil $(XLIB) -lgnunetutil $(XLIB)
taler_mint_keyup_LDFLAGS = $(POSTGRESQL_LDFLAGS) taler_mint_keyup_LDFLAGS = $(POSTGRESQL_LDFLAGS)
taler_auditor_sign_SOURCES = \
taler-auditor-sign.c
taler_auditor_sign_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/mintdb/libtalermintdb.la \
-lgnunetutil $(XLIB)
taler_mint_sepa_SOURCES = \ taler_mint_sepa_SOURCES = \
taler-mint-sepa.c taler-mint-sepa.c

82
src/mint-tools/taler-auditor-sign.c
View File

@ -49,11 +49,6 @@ static char *mint_request_file;
*/ */
static char *output_file; static char *output_file;
/**
* Handle to the auditor's configuration
*/
static struct GNUNET_CONFIGURATION_Handle *kcfg;
/** /**
* Master public key of the mint. * Master public key of the mint.
*/ */
@ -101,16 +96,16 @@ print_dk (const struct TALER_DenominationKeyValidityPS *dk)
fprintf (stdout, fprintf (stdout,
"Validity start time: %s\n", "Validity start time: %s\n",
GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->start))); GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->start)));
fprintf (stdout, fprintf (stdout,
"Withdraw end time: %s\n", "Withdraw end time: %s\n",
GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_withdraw))); GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_withdraw)));
fprintf (stdout, fprintf (stdout,
"Deposit end time: %s\n", "Deposit end time: %s\n",
GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_spend))); GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_spend)));
fprintf (stdout, fprintf (stdout,
"Legal dispute end time: %s\n", "Legal dispute end time: %s\n",
GNUNET_TIME_absolute_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_legal))); GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (dk->expire_legal)));
fprintf (stdout, fprintf (stdout,
"\n"); "\n");
@ -150,12 +145,12 @@ main (int argc,
GNUNET_GETOPT_OPTION_END GNUNET_GETOPT_OPTION_END
}; };
struct GNUNET_CRYPTO_EddsaPrivateKey *eddsa_priv; struct GNUNET_CRYPTO_EddsaPrivateKey *eddsa_priv;
struct TALER_AuditorSignatureP sig; struct TALER_AuditorSignatureP *sigs;
struct TALER_AuditorPublicKeyP apub; struct TALER_AuditorPublicKeyP apub;
struct GNUNET_DISK_FileHandle *fh; struct GNUNET_DISK_FileHandle *fh;
struct TALER_DenominationKeyValidityPS *dks; struct TALER_DenominationKeyValidityPS *dks;
unsigned int dks_len; unsigned int dks_len;
struct TALER_MintKeyValidityPS *ap; struct TALER_MintKeyValidityPS kv;
off_t in_size; off_t in_size;
unsigned int i; unsigned int i;
@ -187,6 +182,7 @@ main (int argc,
{ {
fprintf (stderr, fprintf (stderr,
"Mint public key not given\n"); "Mint public key not given\n");
GNUNET_free (eddsa_priv);
return 1; return 1;
} }
if (GNUNET_OK != if (GNUNET_OK !=
@ -198,12 +194,14 @@ main (int argc,
fprintf (stderr, fprintf (stderr,
"Public key `%s' malformed\n", "Public key `%s' malformed\n",
mint_public_key); mint_public_key);
GNUNET_free (eddsa_priv);
return 1; return 1;
} }
if (NULL == mint_request_file) if (NULL == mint_request_file)
{ {
fprintf (stderr, fprintf (stderr,
"Mint signing request not given\n"); "Mint signing request not given\n");
GNUNET_free (eddsa_priv);
return 1; return 1;
} }
fh = GNUNET_DISK_file_open (mint_request_file, fh = GNUNET_DISK_file_open (mint_request_file,
@ -215,6 +213,7 @@ main (int argc,
"Failed to open file `%s': %s\n", "Failed to open file `%s': %s\n",
mint_request_file, mint_request_file,
STRERROR (errno)); STRERROR (errno));
GNUNET_free (eddsa_priv);
return 1; return 1;
} }
if (GNUNET_OK != if (GNUNET_OK !=
@ -226,6 +225,7 @@ main (int argc,
mint_request_file, mint_request_file,
STRERROR (errno)); STRERROR (errno));
GNUNET_DISK_file_close (fh); GNUNET_DISK_file_close (fh);
GNUNET_free (eddsa_priv);
return 1; return 1;
} }
if (0 != (in_size % sizeof (struct TALER_DenominationKeyValidityPS))) if (0 != (in_size % sizeof (struct TALER_DenominationKeyValidityPS)))
@ -234,16 +234,17 @@ main (int argc,
"Input file size of file `%s' is invalid\n", "Input file size of file `%s' is invalid\n",
mint_request_file); mint_request_file);
GNUNET_DISK_file_close (fh); GNUNET_DISK_file_close (fh);
GNUNET_free (eddsa_priv);
return 1; return 1;
} }
dks_len = in_size / sizeof (struct TALER_DenominationKeyValidityPS); dks_len = in_size / sizeof (struct TALER_DenominationKeyValidityPS);
ap = GNUNET_malloc (sizeof (struct TALER_MintKeyValidityPS) + kv.purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_MINT_KEYS);
in_size); kv.purpose.size = htonl (sizeof (struct TALER_MintKeyValidityPS));
ap.purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_MINT_KEYS); kv.master = master_public_key;
ap.purpose.size = htonl (sizeof (struct TALER_MintKeyValidityPS) + dks = GNUNET_new_array (dks_len,
in_size); struct TALER_DenominationKeyValidityPS);
ap.master = master_public_key; sigs = GNUNET_new_array (dks_len,
dks = (struct TALER_DenominationKeyValidityPS *) &ap[1]; struct TALER_AuditorSignatureP);
if (in_size != if (in_size !=
GNUNET_DISK_file_read (fh, GNUNET_DISK_file_read (fh,
dks, dks,
@ -254,34 +255,51 @@ main (int argc,
mint_request_file, mint_request_file,
STRERROR (errno)); STRERROR (errno));
GNUNET_DISK_file_close (fh); GNUNET_DISK_file_close (fh);
GNUNET_free (ap); GNUNET_free (sigs);
GNUNET_free (dks);
GNUNET_free (eddsa_priv);
return 1; return 1;
} }
GNUNET_DISK_file_close (fh); GNUNET_DISK_file_close (fh);
if (verbose)
{
for (i=0;i<dks_len;i++) for (i=0;i<dks_len;i++)
print_dk (&dks[i]); {
struct TALER_DenominationKeyValidityPS *dk = &dks[i];
if (verbose)
print_dk (dk);
kv.start = dk->start;
kv.expire_withdraw = dk->expire_withdraw;
kv.expire_spend = dk->expire_spend;
kv.expire_legal = dk->expire_legal;
kv.value = dk->value;
kv.fee_withdraw = dk->fee_withdraw;
kv.fee_deposit = dk->fee_deposit;
kv.fee_refresh = dk->fee_refresh;
kv.denom_hash = dk->denom_hash;
/* Finally sign ... */
GNUNET_CRYPTO_eddsa_sign (eddsa_priv,
&kv.purpose,
&sigs[i].eddsa_sig);
} }
if (NULL == output_file) if (NULL == output_file)
{ {
fprintf (stderr, fprintf (stderr,
"Output file not given\n"); "Output file not given\n");
GNUNET_free (ap); GNUNET_free (dks);
GNUNET_free (sigs);
GNUNET_free (eddsa_priv);
return 1; return 1;
} }
/* Finally sign ... */
GNUNET_CRYPTO_eddsa_sign (eddsa_priv,
&ap->purpose,
&sig.eddsa_sig);
/* write result to disk */ /* write result to disk */
if (GNUNET_OK != if (GNUNET_OK !=
TALER_MINTDB_auditor_write (output_file, TALER_MINTDB_auditor_write (output_file,
&apub, &apub,
&sig, sigs,
&master_public_key, &master_public_key,
dks_len, dks_len,
dks)) dks))
@ -290,10 +308,12 @@ main (int argc,
"Failed to write to file `%s': %s\n", "Failed to write to file `%s': %s\n",
output_file, output_file,
STRERROR (errno)); STRERROR (errno));
GNUNET_free (ap); GNUNET_free (sigs);
GNUNET_free (dks);
return 1; return 1;
} }
GNUNET_free (ap); GNUNET_free (sigs);
GNUNET_free (dks);
GNUNET_free (eddsa_priv); GNUNET_free (eddsa_priv);
return 0; return 0;
} }

54
src/mint/taler-mint-httpd_keystate.c
View File

@ -417,16 +417,16 @@ reload_keys_sign_iter (void *cls,
* Convert information from an auditor to a JSON object. * Convert information from an auditor to a JSON object.
* *
* @param apub the auditor's public key * @param apub the auditor's public key
* @param asig the auditor's signature * @param dki_len length of @a dki and @a asigs arrays
* @param dki_len length of @a dki * @param asigs the auditor's signatures
* @param dki array of denomination coin data signed by the auditor * @param dki array of denomination coin data signed by the auditor
* @return a JSON object describing the auditor information and signature * @return a JSON object describing the auditor information and signature
*/ */
static json_t * static json_t *
auditor_to_json (const struct TALER_AuditorPublicKeyP *apub, auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
const struct TALER_AuditorSignatureP *asig,
unsigned int dki_len, unsigned int dki_len,
const struct TALER_DenominationKeyValidityPS *dki) const struct TALER_AuditorSignatureP **asigs,
const struct TALER_DenominationKeyValidityPS **dki)
{ {
unsigned int i; unsigned int i;
json_t *ja; json_t *ja;
@ -434,19 +434,19 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
ja = json_array (); ja = json_array ();
for (i=0;i<dki_len;i++) for (i=0;i<dki_len;i++)
json_array_append_new (ja, json_array_append_new (ja,
json_pack ("{s:o}", json_pack ("{s:o, s:o}",
"denom_pub_h", "denom_pub_h",
TALER_json_from_data (&dki->denom_hash, TALER_json_from_data (&dki[i]->denom_hash,
sizeof (struct GNUNET_HashCode)))); sizeof (struct GNUNET_HashCode)),
"auditor_sig",
TALER_json_from_data (asigs[i],
sizeof (struct TALER_AuditorSignatureP))));
return return
json_pack ("{s:o, s:o, s:o}", json_pack ("{s:o, s:o}",
"denomination_keys", ja, "denomination_keys", ja,
"auditor_pub", "auditor_pub",
TALER_json_from_data (apub, TALER_json_from_data (apub,
sizeof (struct TALER_AuditorPublicKeyP)), sizeof (struct TALER_AuditorPublicKeyP)));
"auditor_sig",
TALER_json_from_data (asig,
sizeof (struct TALER_AuditorSignatureP)));
} }
@ -458,9 +458,9 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
* *
* @param cls closure with the `struct TMH_KS_StateHandle *` * @param cls closure with the `struct TMH_KS_StateHandle *`
* @param apub the auditor's public key * @param apub the auditor's public key
* @param asig the auditor's signature
* @param mpub the mint's public key (as expected by the auditor) * @param mpub the mint's public key (as expected by the auditor)
* @param dki_len length of @a dki * @param dki_len length of @a dki and @a asigs
* @param asigs array with the auditor's signatures, of length @a dki_len
* @param dki array of denomination coin data signed by the auditor * @param dki array of denomination coin data signed by the auditor
* @return #GNUNET_OK to continue to iterate, * @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error, * #GNUNET_NO to stop iteration with no error,
@ -469,14 +469,16 @@ auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
static int static int
reload_auditor_iter (void *cls, reload_auditor_iter (void *cls,
const struct TALER_AuditorPublicKeyP *apub, const struct TALER_AuditorPublicKeyP *apub,
const struct TALER_AuditorSignatureP *asig,
const struct TALER_MasterPublicKeyP *mpub, const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len, unsigned int dki_len,
const struct TALER_AuditorSignatureP *asigs,
const struct TALER_DenominationKeyValidityPS *dki) const struct TALER_DenominationKeyValidityPS *dki)
{ {
struct TMH_KS_StateHandle *ctx = cls; struct TMH_KS_StateHandle *ctx = cls;
unsigned int i; unsigned int i;
int found; unsigned int keep;
const struct TALER_AuditorSignatureP *kept_asigs[dki_len];
const struct TALER_DenominationKeyValidityPS *kept_dkis[dki_len];
/* Check if the signature is at least for this mint. */ /* Check if the signature is at least for this mint. */
if (0 != memcmp (&mpub->eddsa_pub, if (0 != memcmp (&mpub->eddsa_pub,
@ -487,28 +489,26 @@ reload_auditor_iter (void *cls,
"Auditing information provided for a different mint, ignored\n"); "Auditing information provided for a different mint, ignored\n");
return GNUNET_OK; return GNUNET_OK;
} }
/* check if there is an overlap between the set of keys signed by /* Filter the auditor information for those for which the
the auditor and the denomination keys that are active right now */ keys actually match the denomination keys that are active right now */
found = GNUNET_NO; keep = 0;
for (i=0;i<dki_len;i++) for (i=0;i<dki_len;i++)
{ {
if (GNUNET_YES == if (GNUNET_YES ==
GNUNET_CONTAINER_multihashmap_contains (ctx->denomkey_map, GNUNET_CONTAINER_multihashmap_contains (ctx->denomkey_map,
&dki[i].denom_hash)) &dki[i].denom_hash))
{ {
found = GNUNET_YES; kept_asigs[keep] = &asigs[i];
break; kept_dkis[keep] = &dki[i];
keep++;
} }
} }
if (GNUNET_NO == found)
return GNUNET_OK; /* None of the keys are relevant for us right now,
so skip this auditor signature */
/* add auditor information to our /keys response */ /* add auditor information to our /keys response */
json_array_append_new (ctx->auditors_array, json_array_append_new (ctx->auditors_array,
auditor_to_json (apub, auditor_to_json (apub,
asig, keep,
dki_len, kept_asigs,
dki)); kept_dkis));
return GNUNET_OK; return GNUNET_OK;
} }

25
src/mintdb/mintdb_keyio.c
View File

@ -382,11 +382,6 @@ struct AuditorFileHeaderP
*/ */
struct TALER_AuditorPublicKeyP apub; struct TALER_AuditorPublicKeyP apub;
/**
* Signature from the auditor.
*/
struct TALER_AuditorSignatureP asig;
/** /**
* Master public key of the mint the auditor is signing * Master public key of the mint the auditor is signing
* information for. * information for.
@ -415,6 +410,7 @@ auditor_iter (void *cls,
struct AuditorIterateContext *aic = cls; struct AuditorIterateContext *aic = cls;
uint64_t size; uint64_t size;
struct AuditorFileHeaderP *af; struct AuditorFileHeaderP *af;
const struct TALER_AuditorSignatureP *sigs;
const struct TALER_DenominationKeyValidityPS *dki; const struct TALER_DenominationKeyValidityPS *dki;
unsigned int len; unsigned int len;
int ret; int ret;
@ -431,7 +427,8 @@ auditor_iter (void *cls,
} }
if ( (size < sizeof (struct AuditorFileHeaderP)) || if ( (size < sizeof (struct AuditorFileHeaderP)) ||
(0 != (len = ((size - sizeof (struct AuditorFileHeaderP)) % (0 != (len = ((size - sizeof (struct AuditorFileHeaderP)) %
sizeof (struct TALER_DenominationKeyValidityPS)))) ) (sizeof (struct TALER_DenominationKeyValidityPS) +
sizeof (struct TALER_AuditorSignatureP))))) )
{ {
GNUNET_break (0); GNUNET_break (0);
return GNUNET_SYSERR; return GNUNET_SYSERR;
@ -448,12 +445,13 @@ auditor_iter (void *cls,
GNUNET_free (af); GNUNET_free (af);
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
dki = (const struct TALER_DenominationKeyValidityPS *) &af[1]; sigs = (const struct TALER_AuditorSignatureP *) &af[1];
dki = (const struct TALER_DenominationKeyValidityPS *) &sigs[len];
ret = aic->it (aic->it_cls, ret = aic->it (aic->it_cls,
&af->apub, &af->apub,
&af->asig,
&af->mpub, &af->mpub,
len, len,
sigs,
dki); dki);
GNUNET_free (af); GNUNET_free (af);
return ret; return ret;
@ -500,7 +498,7 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,
* *
* @param filename the file where to write the auditor information to * @param filename the file where to write the auditor information to
* @param apub the auditor's public key * @param apub the auditor's public key
* @param asig the auditor's signature * @param asigs the auditor's signatures, array of length @a dki_len
* @param mpub the mint's public key (as expected by the auditor) * @param mpub the mint's public key (as expected by the auditor)
* @param dki_len length of @a dki * @param dki_len length of @a dki
* @param dki array of denomination coin data signed by the auditor * @param dki array of denomination coin data signed by the auditor
@ -509,7 +507,7 @@ TALER_MINTDB_auditor_iterate (const char *mint_base_dir,
int int
TALER_MINTDB_auditor_write (const char *filename, TALER_MINTDB_auditor_write (const char *filename,
const struct TALER_AuditorPublicKeyP *apub, const struct TALER_AuditorPublicKeyP *apub,
const struct TALER_AuditorSignatureP *asig, const struct TALER_AuditorSignatureP *asigs,
const struct TALER_MasterPublicKeyP *mpub, const struct TALER_MasterPublicKeyP *mpub,
unsigned int dki_len, unsigned int dki_len,
const struct TALER_DenominationKeyValidityPS *dki) const struct TALER_DenominationKeyValidityPS *dki)
@ -522,7 +520,6 @@ TALER_MINTDB_auditor_write (const char *filename,
int eno; int eno;
af.apub = *apub; af.apub = *apub;
af.asig = *asig;
af.mpub = *mpub; af.mpub = *mpub;
ret = GNUNET_SYSERR; ret = GNUNET_SYSERR;
if (NULL == (fh = GNUNET_DISK_file_open if (NULL == (fh = GNUNET_DISK_file_open
@ -537,6 +534,12 @@ TALER_MINTDB_auditor_write (const char *filename,
goto cleanup; goto cleanup;
if (wrote != wsize) if (wrote != wsize)
goto cleanup; goto cleanup;
wsize = dki_len * sizeof (struct TALER_AuditorSignatureP);
if (wsize ==
GNUNET_DISK_file_write (fh,
asigs,
wsize))
ret = GNUNET_OK;
wsize = dki_len * sizeof (struct TALER_DenominationKeyValidityPS); wsize = dki_len * sizeof (struct TALER_DenominationKeyValidityPS);
if (wsize == if (wsize ==
GNUNET_DISK_file_write (fh, GNUNET_DISK_file_write (fh,