fix use of struct TALER_MintSigningKeyValidityPS
This commit is contained in:
Christian Grothoff
parent
bb15fdd215
commit
576545daeb
@ -3,6 +3,9 @@
|
||||
# how long is one signkey valid?
|
||||
signkey_duration = 4 weeks
|
||||
|
||||
# how long are the signatures with the signkey valid?
|
||||
legal_duration = 2 years
|
||||
|
||||
# how long do we generate denomination and signing keys
|
||||
# ahead of time?
|
||||
lookahead_sign = 32 weeks 1 day
|
||||
|
||||
@ -250,10 +250,12 @@ parse_json_signkey (struct TALER_MINT_SigningPublicKey **_sign_key,
|
||||
{
|
||||
json_t *valid_from_obj;
|
||||
json_t *valid_until_obj;
|
||||
json_t *valid_legal_obj;
|
||||
json_t *key_obj;
|
||||
json_t *sig_obj;
|
||||
const char *valid_from_enc;
|
||||
const char *valid_until_enc;
|
||||
const char *valid_legal_enc;
|
||||
const char *key_enc;
|
||||
const char *sig_enc;
|
||||
struct TALER_MINT_SigningPublicKey *sign_key;
|
||||
@ -261,27 +263,35 @@ parse_json_signkey (struct TALER_MINT_SigningPublicKey **_sign_key,
|
||||
struct GNUNET_CRYPTO_EddsaSignature sig;
|
||||
struct GNUNET_TIME_Absolute valid_from;
|
||||
struct GNUNET_TIME_Absolute valid_until;
|
||||
struct GNUNET_TIME_Absolute valid_legal;
|
||||
|
||||
EXITIF (JSON_OBJECT != json_typeof (sign_key_obj));
|
||||
EXITIF (NULL == (valid_from_obj = json_object_get (sign_key_obj,
|
||||
"stamp_start")));
|
||||
EXITIF (NULL == (valid_until_obj = json_object_get (sign_key_obj,
|
||||
"stamp_expire")));
|
||||
EXITIF (NULL == (valid_legal_obj = json_object_get (sign_key_obj,
|
||||
"stamp_end")));
|
||||
EXITIF (NULL == (key_obj = json_object_get (sign_key_obj, "key")));
|
||||
EXITIF (NULL == (sig_obj = json_object_get (sign_key_obj, "master_sig")));
|
||||
EXITIF (NULL == (valid_from_enc = json_string_value (valid_from_obj)));
|
||||
EXITIF (NULL == (valid_until_enc = json_string_value (valid_until_obj)));
|
||||
EXITIF (NULL == (valid_legal_enc = json_string_value (valid_legal_obj)));
|
||||
EXITIF (NULL == (key_enc = json_string_value (key_obj)));
|
||||
EXITIF (NULL == (sig_enc = json_string_value (sig_obj)));
|
||||
EXITIF (GNUNET_SYSERR == parse_timestamp (&valid_from,
|
||||
valid_from_enc));
|
||||
EXITIF (GNUNET_SYSERR == parse_timestamp (&valid_until,
|
||||
valid_until_enc));
|
||||
EXITIF (GNUNET_SYSERR == parse_timestamp (&valid_legal,
|
||||
valid_legal_enc));
|
||||
EXITIF (52 != strlen (key_enc)); /* strlen(base32(char[32])) = 52 */
|
||||
EXITIF (103 != strlen (sig_enc)); /* strlen(base32(char[64])) = 103 */
|
||||
EXITIF (GNUNET_OK != GNUNET_STRINGS_string_to_data (sig_enc, 103,
|
||||
&sig, sizeof (sig)));
|
||||
(void) memset (&sign_key_issue, 0, sizeof (sign_key_issue));
|
||||
memset (&sign_key_issue,
|
||||
0,
|
||||
sizeof (sign_key_issue));
|
||||
EXITIF (GNUNET_SYSERR ==
|
||||
GNUNET_CRYPTO_eddsa_public_key_from_string (key_enc,
|
||||
52,
|
||||
@ -293,6 +303,7 @@ parse_json_signkey (struct TALER_MINT_SigningPublicKey **_sign_key,
|
||||
sign_key_issue.master_public_key = *master_key;
|
||||
sign_key_issue.start = GNUNET_TIME_absolute_hton (valid_from);
|
||||
sign_key_issue.expire = GNUNET_TIME_absolute_hton (valid_until);
|
||||
sign_key_issue.end = GNUNET_TIME_absolute_hton (valid_legal);
|
||||
EXITIF (GNUNET_OK !=
|
||||
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
|
||||
&sign_key_issue.purpose,
|
||||
|
||||
@ -60,7 +60,8 @@ signkeys_iter (void *cls,
|
||||
|
||||
if (ntohl (ski->issue.purpose.size) !=
|
||||
(sizeof (struct TALER_MintSigningKeyValidityPS) -
|
||||
offsetof (struct TALER_MintSigningKeyValidityPS, purpose)))
|
||||
offsetof (struct TALER_MintSigningKeyValidityPS,
|
||||
purpose)))
|
||||
{
|
||||
fprintf (stderr,
|
||||
"Signing key `%s' has invalid purpose size\n",
|
||||
|
||||
@ -429,11 +429,13 @@ get_anchor (const char *dir,
|
||||
*
|
||||
* @param start start time of the validity period for the key
|
||||
* @param duration how long should the key be valid
|
||||
* @param end when do all signatures by this key expire
|
||||
* @param[out] pi set to the signing key information
|
||||
*/
|
||||
static void
|
||||
create_signkey_issue_priv (struct GNUNET_TIME_Absolute start,
|
||||
struct GNUNET_TIME_Relative duration,
|
||||
struct GNUNET_TIME_Absolute end,
|
||||
struct TALER_MINTDB_PrivateSigningKeyInformationP *pi)
|
||||
{
|
||||
struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
|
||||
@ -446,6 +448,7 @@ create_signkey_issue_priv (struct GNUNET_TIME_Absolute start,
|
||||
issue->start = GNUNET_TIME_absolute_hton (start);
|
||||
issue->expire = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (start,
|
||||
duration));
|
||||
issue->end = GNUNET_TIME_absolute_hton (end);
|
||||
GNUNET_CRYPTO_eddsa_key_get_public (&pi->signkey_priv.eddsa_priv,
|
||||
&issue->signkey_pub.eddsa_pub);
|
||||
issue->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY);
|
||||
@ -470,6 +473,7 @@ static int
|
||||
mint_keys_update_signkeys ()
|
||||
{
|
||||
struct GNUNET_TIME_Relative signkey_duration;
|
||||
struct GNUNET_TIME_Relative legal_duration;
|
||||
struct GNUNET_TIME_Absolute anchor;
|
||||
char *signkey_dir;
|
||||
|
||||
@ -484,6 +488,25 @@ mint_keys_update_signkeys ()
|
||||
"signkey_duration");
|
||||
return GNUNET_SYSERR;
|
||||
}
|
||||
if (GNUNET_OK !=
|
||||
GNUNET_CONFIGURATION_get_value_time (kcfg,
|
||||
"mint_keys",
|
||||
"legal_duration",
|
||||
&legal_duration))
|
||||
{
|
||||
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
|
||||
"mint_keys",
|
||||
"legal_duration");
|
||||
return GNUNET_SYSERR;
|
||||
}
|
||||
if (signkey_duration.rel_value_us < legal_duration.rel_value_us)
|
||||
{
|
||||
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
|
||||
"mint_keys",
|
||||
"legal_duration",
|
||||
"must be longer than signkey_duration");
|
||||
return GNUNET_SYSERR;
|
||||
}
|
||||
ROUND_TO_SECS (signkey_duration,
|
||||
rel_value_us);
|
||||
GNUNET_asprintf (&signkey_dir,
|
||||
@ -508,8 +531,11 @@ mint_keys_update_signkeys ()
|
||||
const char *skf;
|
||||
struct TALER_MINTDB_PrivateSigningKeyInformationP signkey_issue;
|
||||
ssize_t nwrite;
|
||||
struct GNUNET_TIME_Absolute end;
|
||||
|
||||
skf = get_signkey_file (anchor);
|
||||
end = GNUNET_TIME_absolute_add (anchor,
|
||||
legal_duration);
|
||||
GNUNET_break (GNUNET_YES !=
|
||||
GNUNET_DISK_file_test (skf));
|
||||
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
|
||||
@ -517,6 +543,7 @@ mint_keys_update_signkeys ()
|
||||
GNUNET_STRINGS_absolute_time_to_string (anchor));
|
||||
create_signkey_issue_priv (anchor,
|
||||
signkey_duration,
|
||||
end,
|
||||
&signkey_issue);
|
||||
nwrite = GNUNET_DISK_fn_write (skf,
|
||||
&signkey_issue,
|
||||
|
||||
@ -250,17 +250,22 @@ static json_t *
|
||||
sign_key_issue_to_json (const struct TALER_MintSigningKeyValidityPS *ski)
|
||||
{
|
||||
return
|
||||
json_pack ("{s:o, s:o, s:o, s:o}",
|
||||
json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o}",
|
||||
"stamp_start",
|
||||
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->start)),
|
||||
"stamp_expire",
|
||||
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->expire)),
|
||||
"stamp_end",
|
||||
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->end)),
|
||||
"master_pub",
|
||||
TALER_json_from_data (&ski->master_public_key,
|
||||
sizeof (struct TALER_MasterPublicKeyP)),
|
||||
"master_sig",
|
||||
TALER_json_from_data (&ski->signature,
|
||||
sizeof (struct GNUNET_CRYPTO_EddsaSignature)),
|
||||
sizeof (struct TALER_MasterSignatureP)),
|
||||
"key",
|
||||
TALER_json_from_data (&ski->signkey_pub,
|
||||
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)));
|
||||
sizeof (struct TALER_MintPublicKeyP)));
|
||||
}
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user