diff --git a/contrib/gana b/contrib/gana index 05da9c93f..e5ae01eeb 160000 --- a/contrib/gana +++ b/contrib/gana @@ -1 +1 @@ -Subproject commit 05da9c93fc7fff258e54a9413d11ea72a82fe03f +Subproject commit e5ae01eeb4dedd8599473e64e098ea97fb7dadde diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index a4fde80b3..e09051049 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -24,7 +24,7 @@ #include #include "taler_util.h" - +#include "taler_error_codes.h" #include @@ -737,6 +737,123 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc, const struct TALER_CoinSpendPublicKeyP *coin_pub, const struct TALER_Amount *amount_with_fee); +/* **************** Helper-based RSA operations **************** */ + +/** + * Handle for talking to an Denomination key signing helper. + */ +struct TALER_CRYPTO_DenominationHelper; + +/** + * Function called with information about available keys for signing. Usually + * only called once per key upon connect. Also called again in case a key is + * being revoked, in that case with an @a end_time of zero. + * + * @param cls closure + * @param section_name name of the denomination type in the configuration; + * NULL if the key has been revoked or purged + * @param start_time when does the key become available for signing; + * zero if the key has been revoked or purged + * @param validity_duration how long does the key remain available for signing; + * zero if the key has been revoked or purged + * @param h_denom_pub hash of the @a denom_pub that is available (or was purged) + * @param denom_pub the public key itself, NULL if the key was revoked or purged + */ +typedef void +(*TALER_CRYPTO_DenominationKeyStatusCallback)( + void *cls, + const char *section_name, + struct GNUNET_TIME_Absolute start_time, + struct GNUNET_TIME_Relative validity_duration, + const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_DenominationPublicKey *denom_pub); + + +/** + * Initiate connection to an denomination key helper. + * + * @param cfg configuration to use + * @param dkc function to call with key information + * @param dkc_cls closure for @a dkc + * @return NULL on error (such as bad @a cfg). + */ +struct TALER_CRYPTO_DenominationHelper * +TALER_CRYPTO_helper_denom_connect ( + const struct GNUNET_CONFIGURATION_Handle *cfg, + TALER_CRYPTO_DenominationKeyStatusCallback dkc, + void *dkc_cls); + + +/** + * Function to call to 'poll' for updates to the available key material. + * Should be called whenever it is important that the key material status is + * current, like when handling a "/keys" request. This function basically + * briefly checks if there are messages from the helper announcing changes to + * denomination keys. + * + * @param dh helper process connection + */ +void +TALER_CRYPTO_helper_poll (struct TALER_CRYPTO_DenominationHelper *dh); + + +/** + * Request helper @a dh to sign @a msg using the public key corresponding to + * @a h_denom_pub. + * + * This operation will block until the signature has been obtained. Should + * this process receive a signal (that is not ignored) while the operation is + * pending, the operation will fail. Note that the helper may still believe + * that it created the signature. Thus, signals may result in a small + * differences in the signature counters. Retrying in this case may work. + * + * @param dh helper process connection + * @param h_denom_pub hash of the public key to use to sign + * @param msg message to sign + * @param msg_size number of bytes in @a msg + * @param[out] ec set to the error code (or #TALER_EC_NONE on success) + * @return signature, the value inside the structure will be NULL on failure, + * see @a ec for details about the failure + */ +struct TALER_DenominationSignature +TALER_CRYPTO_helper_denom_sign ( + struct TALER_CRYPTO_DenominationHelper *dh, + const struct GNUNET_HashCode *h_denom_pub, + const void *msg, + size_t msg_size, + enum TALER_ErrorCode *ec); + + +/** + * Ask the helper to revoke the public key associated with @param h_denom_pub. + * Will cause the helper to tell all clients that the key is now unavailable, + * and to create a replacement key. + * + * This operation will block until the revocation request has been + * transmitted. Should this process receive a signal (that is not ignored) + * while the operation is pending, the operation may fail. If the key is + * unknown, this function will also appear to have succeeded. To be sure that + * the revocation worked, clients must watch the denomination key status + * callback. + * + * @param dh helper to process connection + * @param h_denom_pub hash of the public key to revoke + */ +void +TALER_CRYPTO_helper_denom_revoke ( + struct TALER_CRYPTO_DenominationHelper *dh, + const struct GNUNET_HashCode *h_denom_pub); + + +/** + * Close connection to @a dh. + * + * @param[in] dh connection to close + */ +void +TALER_CRYPTO_helper_denom_disconnect ( + struct TALER_CRYPTO_DenominationHelper *dh); + /* **************** /wire account offline signing **************** */ diff --git a/src/util/Makefile.am b/src/util/Makefile.am index 4aef4cac7..c74fe2101 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -50,6 +50,7 @@ libtalerutil_la_SOURCES = \ amount.c \ config.c \ crypto.c \ + crypto_helper.c \ crypto_wire.c \ getopt.c \ lang.c \ diff --git a/src/util/crypto_helper.c b/src/util/crypto_helper.c new file mode 100644 index 000000000..2b0fbe468 --- /dev/null +++ b/src/util/crypto_helper.c @@ -0,0 +1,406 @@ +/* + This file is part of TALER + Copyright (C) 2020 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see +*/ +/** + * @file util/crypto_helper.c + * @brief utility functions for running out-of-process private key operations + * @author Christian Grothoff + */ +#include "platform.h" +#include "taler_util.h" +#include "taler-helper-crypto-rsa.h" + + +struct TALER_CRYPTO_DenominationHelper +{ + /** + * Function to call with updates to available key material. + */ + TALER_CRYPTO_DenominationKeyStatusCallback dkc; + + /** + * Closure for @e dkc + */ + void *dkc_cls; + + /** + * Socket address of the denomination helper process. + * Used to reconnect if the connection breaks. + */ + struct sockaddr_un sa; + + /** + * The UNIX domain socket, -1 if we are currently not connected. + */ + int sock; +}; + + +/** + * Disconnect from the helper process. Updates + * @e sock field in @a dh. + * + * @param[in,out] dh handle to tear down connection of + */ +static void +do_disconnect (struct TALER_CRYPTO_DenominationHelper *dh) +{ + GNUNET_break (0 == close (dh->sock)); + dh->sock = -1; +} + + +/** + * Try to connect to the helper process. Updates + * @e sock field in @a dh. + * + * @param[in,out] dh handle to establish connection for + */ +static void +try_connect (struct TALER_CRYPTO_DenominationHelper *dh) +{ + if (-1 != dh->sock) + return; + dh->sock = socket (AF_UNIX, + SOCK_DGRAM, + 0); + if (-1 == dh->sock) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, + "socket"); + return; + } + if (0 != connect (dh->sock, + (const struct sockaddr *) &dh->sa, + sizeof (dh->sa))) + { + if (EINPROGRESS != dh->sock) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, + "connect"); + do_disconnect (dh); + return; + } + } +} + + +struct TALER_CRYPTO_DenominationHelper * +TALER_CRYPTO_helper_denom_connect ( + const struct GNUNET_CONFIGURATION_Handle *cfg, + TALER_CRYPTO_DenominationKeyStatusCallback dkc, + void *dkc_cls) +{ + struct TALER_CRYPTO_DenominationHelper *dh; + char *unixpath; + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_filename (cfg, + "taler-helper-crypto-rsa", + "UNIXPATH", + &unixpath)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "taler-helper-crypto-rsa", + "UNIXPATH"); + return NULL; + } + if (strlen (unixpath) > sizeof (dh->sa.sun_path)) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "taler-helper-crypto-rsa", + "UNIXPATH", + "path too long"); + GNUNET_free (unixpath); + return NULL; + } + dh = GNUNET_new (struct TALER_CRYPTO_DenominationHelper); + dh->dkc = dkc; + dh->dkc_cls = dkc_cls; + strncpy (dh->sa.sun_path, + unixpath, + sizeof (dh->sa.sun_path)); + dh->sock = -1; + TALER_CRYPTO_helper_poll (dh); + return dh; +} + + +void +TALER_CRYPTO_helper_poll (struct TALER_CRYPTO_DenominationHelper *dh) +{ + char buf[UINT16_MAX]; + ssize_t ret; + const struct GNUNET_MessageHeader *hdr + = (const struct GNUNET_MessageHeader *) buf; + + try_connect (dh); + if (-1 == dh->sock) + return; /* give up */ + while (1) + { + ret = recv (dh->sock, + buf, + sizeof (buf), + MSG_DONTWAIT); + if (ret < 0) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, + "recv"); + do_disconnect (dh); + return; + } + + if ( (ret < sizeof (struct GNUNET_MessageHeader)) || + (ret != ntohs (hdr->size)) ) + { + GNUNET_break_op (0); + do_disconnect (dh); + return; + } + switch (ntohs (hdr->type)) + { + case TALER_HELPER_RSA_MT_AVAIL: + { + const struct TALER_CRYPTO_RsaKeyAvailableNotification *kan + = (const struct TALER_CRYPTO_RsaKeyAvailableNotification *) buf; + const char *section_name; + struct TALER_DenominationPublicKey denom_pub; + struct GNUNET_HashCode h_denom_pub; + + if ( (sizeof (*kan) < ret) || + (sizeof (*kan) + ntohs (kan->pub_size) + ntohs ( + kan->section_name_len)) || + ('\0' != buf[ret - 1]) ) + { + GNUNET_break_op (0); + do_disconnect (dh); + return; + } + denom_pub.rsa_public_key + = GNUNET_CRYPTO_rsa_public_key_decode (&buf[sizeof (*kan)], + ntohs (kan->pub_size)); + if (NULL == denom_pub.rsa_public_key) + { + GNUNET_break_op (0); + do_disconnect (dh); + return; + } + section_name = &buf[sizeof (*kan) + ntohs (kan->pub_size)]; + GNUNET_CRYPTO_rsa_public_key_hash (denom_pub.rsa_public_key, + &h_denom_pub); + dh->dkc (dh->dkc_cls, + section_name, + GNUNET_TIME_absolute_ntoh (kan->anchor_time), + GNUNET_TIME_relative_ntoh (kan->duration_withdraw), + &h_denom_pub, + &denom_pub); + GNUNET_CRYPTO_rsa_public_key_free (denom_pub.rsa_public_key); + } + break; + case TALER_HELPER_RSA_MT_PURGE: + { + const struct TALER_CRYPTO_RsaKeyPurgeNotification *pn + = (const struct TALER_CRYPTO_RsaKeyPurgeNotification *) buf; + + if (sizeof (*pn) != ret) + { + GNUNET_break_op (0); + do_disconnect (dh); + return; + } + + dh->dkc (dh->dkc_cls, + NULL, + GNUNET_TIME_UNIT_ZERO_ABS, + GNUNET_TIME_UNIT_ZERO, + &pn->h_denom_pub, + NULL); + } + break; + default: + GNUNET_break_op (0); + do_disconnect (dh); + return; + } + } +} + + +struct TALER_DenominationSignature +TALER_CRYPTO_helper_denom_sign ( + struct TALER_CRYPTO_DenominationHelper *dh, + const struct GNUNET_HashCode *h_denom_pub, + const void *msg, + size_t msg_size, + enum TALER_ErrorCode *ec) +{ + struct TALER_DenominationSignature ds = { NULL }; + { + char buf[sizeof (struct TALER_CRYPTO_SignRequest) + msg_size]; + struct TALER_CRYPTO_SignRequest *sr + = (struct TALER_CRYPTO_SignRequest *) buf; + ssize_t ret; + + try_connect (dh); + if (-1 == dh->sock) + { + *ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_UNAVAILABLE; + return ds; + } + sr->header.size = htons (sizeof (buf)); + sr->header.type = htons (TALER_HELPER_RSA_MT_REQ_SIGN); + sr->reserved = htonl (0); + sr->h_denom_pub = *h_denom_pub; + memcpy (&sr[1], + msg, + msg_size); + ret = send (dh->sock, + buf, + sizeof (buf), + 0); + if (ret < 0) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, + "send"); + do_disconnect (dh); + *ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_UNAVAILABLE; + return ds; + } + /* We are using SOCK_DGRAM, partial writes should not be possible */ + GNUNET_break (((size_t) ret) == sizeof (buf)); + } + + { + char buf[UINT16_MAX]; + ssize_t ret; + const struct GNUNET_MessageHeader *hdr + = (const struct GNUNET_MessageHeader *) buf; + + ret = recv (dh->sock, + buf, + sizeof (buf), + MSG_DONTWAIT); + if (ret < 0) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, + "recv"); + do_disconnect (dh); + *ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_UNAVAILABLE; + return ds; + } + if ( (ret < sizeof (struct GNUNET_MessageHeader)) || + (ret != ntohs (hdr->size)) ) + { + GNUNET_break_op (0); + do_disconnect (dh); + *ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG; + return ds; + } + switch (ntohs (hdr->type)) + { + case TALER_HELPER_RSA_MT_RES_SIGNATURE: + if (ret < sizeof (struct TALER_CRYPTO_SignResponse)) + { + GNUNET_break_op (0); + do_disconnect (dh); + *ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG; + break; + } + { + const struct TALER_CRYPTO_SignResponse *sr = + (const struct TALER_CRYPTO_SignResponse *) buf; + struct GNUNET_CRYPTO_RsaSignature *rsa_signature; + + rsa_signature = GNUNET_CRYPTO_rsa_signature_decode (&sr[1], + ret - sizeof (*sr)); + if (NULL == rsa_signature) + { + GNUNET_break_op (0); + do_disconnect (dh); + *ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG; + break; + } + *ec = TALER_EC_NONE; + ds.rsa_signature = rsa_signature; + return ds; + } + case TALER_HELPER_RSA_MT_RES_SIGN_FAILURE: + if (ret != sizeof (struct TALER_CRYPTO_SignFailure)) + { + GNUNET_break_op (0); + do_disconnect (dh); + *ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG; + break; + } + { + const struct TALER_CRYPTO_SignFailure *sf = + (const struct TALER_CRYPTO_SignFailure *) buf; + + *ec = (enum TALER_ErrorCode) ntohl (sf->ec); + break; + } + default: + GNUNET_break_op (0); + do_disconnect (dh); + *ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG; + break; + } + } + return ds; +} + + +void +TALER_CRYPTO_helper_denom_revoke ( + struct TALER_CRYPTO_DenominationHelper *dh, + const struct GNUNET_HashCode *h_denom_pub) +{ + struct TALER_CRYPTO_RevokeRequest rr = { + .header.size = htons (sizeof (rr)), + .header.type = htons (TALER_HELPER_RSA_MT_REQ_REVOKE), + .h_denom_pub = *h_denom_pub + }; + ssize_t ret; + + try_connect (dh); + if (-1 == dh->sock) + return; /* give up */ + ret = send (dh->sock, + &rr, + sizeof (rr), + 0); + if (ret < 0) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, + "send"); + do_disconnect (dh); + return; + } + /* We are using SOCK_DGRAM, partial writes should not be possible */ + GNUNET_break (((size_t) ret) == sizeof (rr)); +} + + +void +TALER_CRYPTO_helper_denom_disconnect ( + struct TALER_CRYPTO_DenominationHelper *dh) +{ + do_disconnect (dh); + GNUNET_free (dh); +} + + +/* end of crypto_helper.c */ diff --git a/src/util/taler-helper-crypto-rsa.h b/src/util/taler-helper-crypto-rsa.h index 373cd5ea8..a80c32e67 100644 --- a/src/util/taler-helper-crypto-rsa.h +++ b/src/util/taler-helper-crypto-rsa.h @@ -99,7 +99,7 @@ struct TALER_CRYPTO_RsaKeyPurgeNotification struct TALER_CRYPTO_SignRequest { /** - * Type is #TALER_HELPER_RSA_MT_SIGN. + * Type is #TALER_HELPER_RSA_MT_REQ_SIGN. */ struct GNUNET_MessageHeader header; @@ -123,7 +123,7 @@ struct TALER_CRYPTO_SignRequest struct TALER_CRYPTO_RevokeRequest { /** - * Type is #TALER_HELPER_RSA_MT_REVOKE. + * Type is #TALER_HELPER_RSA_MT_REQ_REVOKE. */ struct GNUNET_MessageHeader header;