taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix use of struct TALER_MintSigningKeyValidityPS

Browse Source
This commit is contained in:
Christian Grothoff 2015-03-28 18:18:38 +01:00
parent bb15fdd215
commit 576545daeb
5 changed files with 52 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
contrib/mint-template/config/mint-keyup.conf
View File

@ -3,6 +3,9 @@
# how long is one signkey valid? # how long is one signkey valid?
signkey_duration = 4 weeks signkey_duration = 4 weeks
# how long are the signatures with the signkey valid?
legal_duration = 2 years
# how long do we generate denomination and signing keys # how long do we generate denomination and signing keys
# ahead of time? # ahead of time?
lookahead_sign = 32 weeks 1 day lookahead_sign = 32 weeks 1 day

13
src/mint-lib/mint_api.c
View File

@ -250,10 +250,12 @@ parse_json_signkey (struct TALER_MINT_SigningPublicKey **_sign_key,
{ {
json_t *valid_from_obj; json_t *valid_from_obj;
json_t *valid_until_obj; json_t *valid_until_obj;
json_t *valid_legal_obj;
json_t *key_obj; json_t *key_obj;
json_t *sig_obj; json_t *sig_obj;
const char *valid_from_enc; const char *valid_from_enc;
const char *valid_until_enc; const char *valid_until_enc;
const char *valid_legal_enc;
const char *key_enc; const char *key_enc;
const char *sig_enc; const char *sig_enc;
struct TALER_MINT_SigningPublicKey *sign_key; struct TALER_MINT_SigningPublicKey *sign_key;
@ -261,27 +263,35 @@ parse_json_signkey (struct TALER_MINT_SigningPublicKey **_sign_key,
struct GNUNET_CRYPTO_EddsaSignature sig; struct GNUNET_CRYPTO_EddsaSignature sig;
struct GNUNET_TIME_Absolute valid_from; struct GNUNET_TIME_Absolute valid_from;
struct GNUNET_TIME_Absolute valid_until; struct GNUNET_TIME_Absolute valid_until;
struct GNUNET_TIME_Absolute valid_legal;
EXITIF (JSON_OBJECT != json_typeof (sign_key_obj)); EXITIF (JSON_OBJECT != json_typeof (sign_key_obj));
EXITIF (NULL == (valid_from_obj = json_object_get (sign_key_obj, EXITIF (NULL == (valid_from_obj = json_object_get (sign_key_obj,
"stamp_start"))); "stamp_start")));
EXITIF (NULL == (valid_until_obj = json_object_get (sign_key_obj, EXITIF (NULL == (valid_until_obj = json_object_get (sign_key_obj,
"stamp_expire"))); "stamp_expire")));
EXITIF (NULL == (valid_legal_obj = json_object_get (sign_key_obj,
"stamp_end")));
EXITIF (NULL == (key_obj = json_object_get (sign_key_obj, "key"))); EXITIF (NULL == (key_obj = json_object_get (sign_key_obj, "key")));
EXITIF (NULL == (sig_obj = json_object_get (sign_key_obj, "master_sig"))); EXITIF (NULL == (sig_obj = json_object_get (sign_key_obj, "master_sig")));
EXITIF (NULL == (valid_from_enc = json_string_value (valid_from_obj))); EXITIF (NULL == (valid_from_enc = json_string_value (valid_from_obj)));
EXITIF (NULL == (valid_until_enc = json_string_value (valid_until_obj))); EXITIF (NULL == (valid_until_enc = json_string_value (valid_until_obj)));
EXITIF (NULL == (valid_legal_enc = json_string_value (valid_legal_obj)));
EXITIF (NULL == (key_enc = json_string_value (key_obj))); EXITIF (NULL == (key_enc = json_string_value (key_obj)));
EXITIF (NULL == (sig_enc = json_string_value (sig_obj))); EXITIF (NULL == (sig_enc = json_string_value (sig_obj)));
EXITIF (GNUNET_SYSERR == parse_timestamp (&valid_from, EXITIF (GNUNET_SYSERR == parse_timestamp (&valid_from,
valid_from_enc)); valid_from_enc));
EXITIF (GNUNET_SYSERR == parse_timestamp (&valid_until, EXITIF (GNUNET_SYSERR == parse_timestamp (&valid_until,
valid_until_enc)); valid_until_enc));
EXITIF (GNUNET_SYSERR == parse_timestamp (&valid_legal,
valid_legal_enc));
EXITIF (52 != strlen (key_enc)); /* strlen(base32(char[32])) = 52 */ EXITIF (52 != strlen (key_enc)); /* strlen(base32(char[32])) = 52 */
EXITIF (103 != strlen (sig_enc)); /* strlen(base32(char[64])) = 103 */ EXITIF (103 != strlen (sig_enc)); /* strlen(base32(char[64])) = 103 */
EXITIF (GNUNET_OK != GNUNET_STRINGS_string_to_data (sig_enc, 103, EXITIF (GNUNET_OK != GNUNET_STRINGS_string_to_data (sig_enc, 103,
&sig, sizeof (sig))); &sig, sizeof (sig)));
(void) memset (&sign_key_issue, 0, sizeof (sign_key_issue)); memset (&sign_key_issue,
0,
sizeof (sign_key_issue));
EXITIF (GNUNET_SYSERR == EXITIF (GNUNET_SYSERR ==
GNUNET_CRYPTO_eddsa_public_key_from_string (key_enc, GNUNET_CRYPTO_eddsa_public_key_from_string (key_enc,
52, 52,
@ -293,6 +303,7 @@ parse_json_signkey (struct TALER_MINT_SigningPublicKey **_sign_key,
sign_key_issue.master_public_key = *master_key; sign_key_issue.master_public_key = *master_key;
sign_key_issue.start = GNUNET_TIME_absolute_hton (valid_from); sign_key_issue.start = GNUNET_TIME_absolute_hton (valid_from);
sign_key_issue.expire = GNUNET_TIME_absolute_hton (valid_until); sign_key_issue.expire = GNUNET_TIME_absolute_hton (valid_until);
sign_key_issue.end = GNUNET_TIME_absolute_hton (valid_legal);
EXITIF (GNUNET_OK != EXITIF (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
&sign_key_issue.purpose, &sign_key_issue.purpose,

3
src/mint-tools/taler-mint-keycheck.c
View File

@ -60,7 +60,8 @@ signkeys_iter (void *cls,
if (ntohl (ski->issue.purpose.size) != if (ntohl (ski->issue.purpose.size) !=
(sizeof (struct TALER_MintSigningKeyValidityPS) - (sizeof (struct TALER_MintSigningKeyValidityPS) -
offsetof (struct TALER_MintSigningKeyValidityPS, purpose))) offsetof (struct TALER_MintSigningKeyValidityPS,
purpose)))
{ {
fprintf (stderr, fprintf (stderr,
"Signing key `%s' has invalid purpose size\n", "Signing key `%s' has invalid purpose size\n",

27
src/mint-tools/taler-mint-keyup.c
View File

@ -429,11 +429,13 @@ get_anchor (const char *dir,
* *
* @param start start time of the validity period for the key * @param start start time of the validity period for the key
* @param duration how long should the key be valid * @param duration how long should the key be valid
* @param end when do all signatures by this key expire
* @param[out] pi set to the signing key information * @param[out] pi set to the signing key information
*/ */
static void static void
create_signkey_issue_priv (struct GNUNET_TIME_Absolute start, create_signkey_issue_priv (struct GNUNET_TIME_Absolute start,
struct GNUNET_TIME_Relative duration, struct GNUNET_TIME_Relative duration,
struct GNUNET_TIME_Absolute end,
struct TALER_MINTDB_PrivateSigningKeyInformationP *pi) struct TALER_MINTDB_PrivateSigningKeyInformationP *pi)
{ {
struct GNUNET_CRYPTO_EddsaPrivateKey *priv; struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
@ -446,6 +448,7 @@ create_signkey_issue_priv (struct GNUNET_TIME_Absolute start,
issue->start = GNUNET_TIME_absolute_hton (start); issue->start = GNUNET_TIME_absolute_hton (start);
issue->expire = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (start, issue->expire = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (start,
duration)); duration));
issue->end = GNUNET_TIME_absolute_hton (end);
GNUNET_CRYPTO_eddsa_key_get_public (&pi->signkey_priv.eddsa_priv, GNUNET_CRYPTO_eddsa_key_get_public (&pi->signkey_priv.eddsa_priv,
&issue->signkey_pub.eddsa_pub); &issue->signkey_pub.eddsa_pub);
issue->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY); issue->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY);
@ -470,6 +473,7 @@ static int
mint_keys_update_signkeys () mint_keys_update_signkeys ()
{ {
struct GNUNET_TIME_Relative signkey_duration; struct GNUNET_TIME_Relative signkey_duration;
struct GNUNET_TIME_Relative legal_duration;
struct GNUNET_TIME_Absolute anchor; struct GNUNET_TIME_Absolute anchor;
char *signkey_dir; char *signkey_dir;
@ -484,6 +488,25 @@ mint_keys_update_signkeys ()
"signkey_duration"); "signkey_duration");
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (kcfg,
"mint_keys",
"legal_duration",
&legal_duration))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"mint_keys",
"legal_duration");
return GNUNET_SYSERR;
}
if (signkey_duration.rel_value_us < legal_duration.rel_value_us)
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"mint_keys",
"legal_duration",
"must be longer than signkey_duration");
return GNUNET_SYSERR;
}
ROUND_TO_SECS (signkey_duration, ROUND_TO_SECS (signkey_duration,
rel_value_us); rel_value_us);
GNUNET_asprintf (&signkey_dir, GNUNET_asprintf (&signkey_dir,
@ -508,8 +531,11 @@ mint_keys_update_signkeys ()
const char *skf; const char *skf;
struct TALER_MINTDB_PrivateSigningKeyInformationP signkey_issue; struct TALER_MINTDB_PrivateSigningKeyInformationP signkey_issue;
ssize_t nwrite; ssize_t nwrite;
struct GNUNET_TIME_Absolute end;
skf = get_signkey_file (anchor); skf = get_signkey_file (anchor);
end = GNUNET_TIME_absolute_add (anchor,
legal_duration);
GNUNET_break (GNUNET_YES != GNUNET_break (GNUNET_YES !=
GNUNET_DISK_file_test (skf)); GNUNET_DISK_file_test (skf));
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@ -517,6 +543,7 @@ mint_keys_update_signkeys ()
GNUNET_STRINGS_absolute_time_to_string (anchor)); GNUNET_STRINGS_absolute_time_to_string (anchor));
create_signkey_issue_priv (anchor, create_signkey_issue_priv (anchor,
signkey_duration, signkey_duration,
end,
&signkey_issue); &signkey_issue);
nwrite = GNUNET_DISK_fn_write (skf, nwrite = GNUNET_DISK_fn_write (skf,
&signkey_issue, &signkey_issue,

11
src/mint/taler-mint-httpd_keystate.c
View File

@ -250,17 +250,22 @@ static json_t *
sign_key_issue_to_json (const struct TALER_MintSigningKeyValidityPS *ski) sign_key_issue_to_json (const struct TALER_MintSigningKeyValidityPS *ski)
{ {
return return
json_pack ("{s:o, s:o, s:o, s:o}", json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o}",
"stamp_start", "stamp_start",
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->start)), TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->start)),
"stamp_expire", "stamp_expire",
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->expire)), TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->expire)),
"stamp_end",
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->end)),
"master_pub",
TALER_json_from_data (&ski->master_public_key,
sizeof (struct TALER_MasterPublicKeyP)),
"master_sig", "master_sig",
TALER_json_from_data (&ski->signature, TALER_json_from_data (&ski->signature,
sizeof (struct GNUNET_CRYPTO_EddsaSignature)), sizeof (struct TALER_MasterSignatureP)),
"key", "key",
TALER_json_from_data (&ski->signkey_pub, TALER_json_from_data (&ski->signkey_pub,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey))); sizeof (struct TALER_MintPublicKeyP)));
} }