From 9e910cb1b967c72faae0cdd97014a6be8641fed3 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 26 Jan 2021 21:45:37 +0100 Subject: [PATCH] implement #6724 --- src/exchange-tools/taler-auditor-offline.c | 60 +++++++++++++++- src/exchange-tools/taler-exchange-offline.c | 77 +++++++++++++++++---- 2 files changed, 122 insertions(+), 15 deletions(-) diff --git a/src/exchange-tools/taler-auditor-offline.c b/src/exchange-tools/taler-auditor-offline.c index aa9ed33ea..d3a50f991 100644 --- a/src/exchange-tools/taler-auditor-offline.c +++ b/src/exchange-tools/taler-auditor-offline.c @@ -41,6 +41,12 @@ */ #define OP_INPUT_KEYS "auditor-keys-0" +/** + * Show the offline signing key. + * The last component --by convention-- identifies the protocol version + * and should be incremented whenever the JSON format of the 'argument' changes. + */ +#define OP_SETUP "auditor-setup-0" /** * Our private key, initialized in #load_offline_key(). @@ -323,10 +329,11 @@ struct UploadHandler /** * Load the offline key (if not yet done). Triggers shutdown on failure. * + * @param do_create #GNUNET_YES if the key may be created * @return #GNUNET_OK on success */ static int -load_offline_key (void) +load_offline_key (int do_create) { static bool done; int ret; @@ -352,7 +359,7 @@ load_offline_key (void) "Auditor private key `%s' does not exist yet, creating it!\n", fn); ret = GNUNET_CRYPTO_eddsa_key_from_file (fn, - GNUNET_YES, + do_create, &auditor_priv.eddsa_priv); if (GNUNET_SYSERR == ret) { @@ -1114,7 +1121,7 @@ do_sign (char *const *args) if (NULL == keys) return; if (GNUNET_OK != - load_offline_key ()) + load_offline_key (GNUNET_NO)) { json_decref (keys); return; @@ -1162,11 +1169,58 @@ do_sign (char *const *args) } +/** + * Setup and output offline signing key. + * + * @param args the array of command-line arguments to process next + */ +static void +do_setup (char *const *args) +{ + if (GNUNET_OK != + load_offline_key (GNUNET_YES)) + { + global_ret = 1; + return; + } + if (NULL != *args) + { + output_operation (OP_SETUP, + json_pack ("{s:o}", + "auditor_pub", + GNUNET_JSON_from_data_auto (&auditor_pub))); + } + + else + { + char *pub_s; + + pub_s = GNUNET_STRINGS_data_to_string_alloc (&auditor_pub, + sizeof (auditor_pub)); + fprintf (stdout, + "%s\n", + pub_s); + GNUNET_free (pub_s); + } + if ( (NULL != *args) && + (0 == strcmp (*args, + "-")) ) + args++; + next (args); +} + + static void work (void *cls) { char *const *args = cls; struct SubCommand cmds[] = { + { + .name = "setup", + .help = + "setup auditor offline private key and show the public key", + .cb = &do_setup + }, { .name = "download", .help = diff --git a/src/exchange-tools/taler-exchange-offline.c b/src/exchange-tools/taler-exchange-offline.c index 18c8a7b18..cf59fcb59 100644 --- a/src/exchange-tools/taler-exchange-offline.c +++ b/src/exchange-tools/taler-exchange-offline.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2020 Taler Systems SA + Copyright (C) 2020, 2021 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -86,6 +86,11 @@ */ #define OP_REVOKE_SIGNKEY "exchange-revoke-signkey-0" +/** + * Show the offline signing key. + */ +#define OP_SETUP "exchange-setup" + /** * Our private key, initialized in #load_offline_key(). @@ -738,10 +743,11 @@ struct UploadHandler /** * Load the offline key (if not yet done). Triggers shutdown on failure. * + * @param do_create #GNUNET_YES if the key may be created * @return #GNUNET_OK on success */ static int -load_offline_key (void) +load_offline_key (int do_create) { static bool done; int ret; @@ -767,7 +773,7 @@ load_offline_key (void) "Exchange master private key `%s' does not exist yet, creating it!\n", fn); ret = GNUNET_CRYPTO_eddsa_key_from_file (fn, - GNUNET_YES, + do_create, &master_priv.eddsa_priv); if (GNUNET_SYSERR == ret) { @@ -1828,7 +1834,7 @@ do_revoke_denomination_key (char *const *args) return; } if (GNUNET_OK != - load_offline_key ()) + load_offline_key (GNUNET_NO)) return; TALER_exchange_offline_denomination_revoke_sign (&h_denom_pub, &master_priv, @@ -1877,7 +1883,7 @@ do_revoke_signkey (char *const *args) return; } if (GNUNET_OK != - load_offline_key ()) + load_offline_key (GNUNET_NO)) return; TALER_exchange_offline_signkey_revoke_sign (&exchange_pub, &master_priv, @@ -1941,7 +1947,7 @@ do_add_auditor (char *const *args) return; } if (GNUNET_OK != - load_offline_key ()) + load_offline_key (GNUNET_NO)) return; now = GNUNET_TIME_absolute_get (); (void) GNUNET_TIME_round_abs (&now); @@ -2002,7 +2008,7 @@ do_del_auditor (char *const *args) return; } if (GNUNET_OK != - load_offline_key ()) + load_offline_key (GNUNET_NO)) return; now = GNUNET_TIME_absolute_get (); (void) GNUNET_TIME_round_abs (&now); @@ -2053,7 +2059,7 @@ do_add_wire (char *const *args) return; } if (GNUNET_OK != - load_offline_key ()) + load_offline_key (GNUNET_NO)) return; now = GNUNET_TIME_absolute_get (); (void) GNUNET_TIME_round_abs (&now); @@ -2123,7 +2129,7 @@ do_del_wire (char *const *args) return; } if (GNUNET_OK != - load_offline_key ()) + load_offline_key (GNUNET_NO)) return; now = GNUNET_TIME_absolute_get (); (void) GNUNET_TIME_round_abs (&now); @@ -2197,7 +2203,7 @@ do_set_wire_fee (char *const *args) args[0])) year = GNUNET_TIME_get_current_year (); if (GNUNET_OK != - load_offline_key ()) + load_offline_key (GNUNET_NO)) return; start_time = GNUNET_TIME_year_to_time (year); end_time = GNUNET_TIME_year_to_time (year + 1); @@ -2801,7 +2807,7 @@ do_show (char *const *args) if (NULL == keys) return; if (GNUNET_OK != - load_offline_key ()) + load_offline_key (GNUNET_NO)) return; if (GNUNET_OK != GNUNET_JSON_parse (keys, @@ -3125,7 +3131,7 @@ do_sign (char *const *args) if (NULL == keys) return; if (GNUNET_OK != - load_offline_key ()) + load_offline_key (GNUNET_NO)) { json_decref (keys); return; @@ -3208,11 +3214,58 @@ do_sign (char *const *args) } +/** + * Setup and output offline signing key. + * + * @param args the array of command-line arguments to process next + */ +static void +do_setup (char *const *args) +{ + if (GNUNET_OK != + load_offline_key (GNUNET_YES)) + { + global_ret = 1; + return; + } + if (NULL != *args) + { + output_operation (OP_SETUP, + json_pack ("{s:o}", + "exchange_offline_pub", + GNUNET_JSON_from_data_auto (&master_pub))); + } + + else + { + char *pub_s; + + pub_s = GNUNET_STRINGS_data_to_string_alloc (&master_pub, + sizeof (master_pub)); + fprintf (stdout, + "%s\n", + pub_s); + GNUNET_free (pub_s); + } + if ( (NULL != *args) && + (0 == strcmp (*args, + "-")) ) + args++; + next (args); +} + + static void work (void *cls) { char *const *args = cls; struct SubCommand cmds[] = { + { + .name = "setup", + .help = + "initialize offline key signing material and display public offline key", + .cb = &do_setup + }, { .name = "download", .help =