taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add taler-helper-crypto-rsa to build system

Browse Source
This commit is contained in:
Christian Grothoff 2020-11-15 12:13:28 +01:00
parent 4f0e38ab12
commit b8e35aaed0
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
3 changed files with 139 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/util/Makefile.am
View File

@ -7,6 +7,8 @@ if USE_COVERAGE
endif endif
libexecdir = $(pkglibdir)/libexec/
pkgcfgdir = $(prefix)/share/taler/config.d/ pkgcfgdir = $(prefix)/share/taler/config.d/
pkgcfg_DATA = \ pkgcfg_DATA = \
@ -16,6 +18,9 @@ EXTRA_DIST = \
paths.conf \ paths.conf \
taler-config.in taler-config.in
libexec_PROGRAMS = \
taler-helper-crypto-rsa
bin_SCRIPTS = \ bin_SCRIPTS = \
taler-config taler-config
@ -28,6 +33,13 @@ taler-config: taler-config.in
mv $@.tmp $@ mv $@.tmp $@
taler_helper_crypto_rsa_SOURCES = \
taler-helper-crypto-rsa.c taler-helper-crypto-rsa.h
taler_helper_crypto_rsa_LDADD = \
libtalerutil.la \
-lgnunetutil \
$(LIBGCRYPT_LIBS) \
$(XLIB)
lib_LTLIBRARIES = \ lib_LTLIBRARIES = \
libtalerutil.la libtalerutil.la

248
src/util/taler-helper-crypto-rsa.c
View File

@ -214,7 +214,7 @@ static const struct GNUNET_CONFIGURATION_Handle *kcfg;
/** /**
* Where do we store the keys? * Where do we store the keys?
*/ */
static const char *keydir; static char *keydir;
/** /**
* How much should coin creation (@e duration_withdraw) duration overlap * How much should coin creation (@e duration_withdraw) duration overlap
@ -228,11 +228,6 @@ static struct GNUNET_TIME_Relative overlap_duration;
*/ */
static struct GNUNET_TIME_Relative lookahead_sign; static struct GNUNET_TIME_Relative lookahead_sign;
/**
* Until what time do we provide keys?
*/
static struct GNUNET_TIME_Absolute lookahead_sign_stamp;
/** /**
* All of our denominations, in a DLL. Sorted? * All of our denominations, in a DLL. Sorted?
*/ */
@ -303,6 +298,7 @@ static int
notify_client_dk_add (const struct Client *client, notify_client_dk_add (const struct Client *client,
const struct DenominationKey *dk) const struct DenominationKey *dk)
{ {
struct TALER_CRYPTO_RsaKeyAvailableNotification *an;
// FIXME: send msg! // FIXME: send msg!
return GNUNET_SYSERR; return GNUNET_SYSERR;
@ -317,7 +313,7 @@ notify_client_dk_add (const struct Client *client,
* @return #GNUNET_OK on success * @return #GNUNET_OK on success
*/ */
static int static int
notify_client_dk_del (const struct Client *client, notify_client_dk_del (struct Client *client,
const struct DenominationKey *dk) const struct DenominationKey *dk)
{ {
struct TALER_CRYPTO_RsaKeyPurgeNotification pn = { struct TALER_CRYPTO_RsaKeyPurgeNotification pn = {
@ -336,8 +332,8 @@ notify_client_dk_del (const struct Client *client,
GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
"send"); "send");
GNUNET_NETWORK_socket_close (client->sock); GNUNET_NETWORK_socket_close (client->sock);
GNUNET_CONTAINER_DLL_remove (client_head, GNUNET_CONTAINER_DLL_remove (clients_head,
client_tail, clients_tail,
client); client);
GNUNET_free (client); GNUNET_free (client);
return GNUNET_SYSERR; return GNUNET_SYSERR;
@ -372,10 +368,10 @@ accept_job (void *cls)
GNUNET_CONTAINER_DLL_insert (clients_head, GNUNET_CONTAINER_DLL_insert (clients_head,
clients_tail, clients_tail,
client); client);
client->task = GNUNET_SCHEDULER_add_read (GNUNET_TIME_UNIT_FOREVER_REL, client->task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
sock, sock,
&read_job, &read_job,
client); client);
for (struct Denomination *denom = denom_head; for (struct Denomination *denom = denom_head;
NULL != denom; NULL != denom;
denom = denom->next) denom = denom->next)
@ -397,10 +393,10 @@ accept_job (void *cls)
break; break;
} }
} }
accept_task = GNUNET_SCHEDULER_add_read (GNUNET_TIME_UNIT_FOREVER_REL, accept_task = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
lsock, lsock,
&accept_job, &accept_job,
NULL); NULL);
} }
@ -423,11 +419,11 @@ create_key (struct Denomination *denom)
if (NULL == denom->keys_tail) if (NULL == denom->keys_tail)
{ {
anchor = GNUNET_TIME_absolute_get (); anchor = GNUNET_TIME_absolute_get ();
(void) GNUNET_TIME_absolute_round (&anchor); (void) GNUNET_TIME_round_abs (&anchor);
} }
else else
{ {
anchor = GNUNET_TIME_absolute_add (denom->keys_tail.anchor, anchor = GNUNET_TIME_absolute_add (denom->keys_tail->anchor,
GNUNET_TIME_relative_subtract ( GNUNET_TIME_relative_subtract (
denom->duration_withdraw, denom->duration_withdraw,
overlap_duration)); overlap_duration));
@ -447,22 +443,23 @@ create_key (struct Denomination *denom)
GNUNET_CRYPTO_rsa_private_key_free (priv); GNUNET_CRYPTO_rsa_private_key_free (priv);
GNUNET_SCHEDULER_shutdown (); GNUNET_SCHEDULER_shutdown ();
global_ret = 41; global_ret = 41;
return; return GNUNET_SYSERR;
} }
buf_size = GNUNET_CRYPTO_rsa_private_key_encode (priv, buf_size = GNUNET_CRYPTO_rsa_private_key_encode (priv,
&buf); &buf);
dk = GNUNET_new (struct DenominationKey); dk = GNUNET_new (struct DenominationKey);
dk->denom = denom; dk->denom = denom;
dk->anchor = anchor; dk->anchor = anchor;
dk->denom_priv.rsa_priv = priv; dk->denom_priv.rsa_private_key = priv;
GNUNET_CRYPTO_rsa_public_key_hash (pub, GNUNET_CRYPTO_rsa_public_key_hash (pub,
&dk->h_pub); &dk->h_pub);
dk->denom_pub.rsa_pub = pub; dk->denom_pub.rsa_public_key = pub;
GNUNET_asprintf (&dk->filename, GNUNET_asprintf (&dk->filename,
"%s/%s/%llu", "%s/%s/%llu",
keydir, keydir,
denom->section, denom->section,
anchor.abs_value_us / GNUNET_TIME_UNIT_SECONDS.rel_value_us); (unsigned long long) (anchor.abs_value_us
/ GNUNET_TIME_UNIT_SECONDS.rel_value_us));
if (buf_size != if (buf_size !=
GNUNET_DISK_fn_write (dk->filename, GNUNET_DISK_fn_write (dk->filename,
buf, buf,
@ -496,10 +493,10 @@ create_key (struct Denomination *denom)
GNUNET_free (dk); GNUNET_free (dk);
GNUNET_SCHEDULER_shutdown (); GNUNET_SCHEDULER_shutdown ();
global_ret = 43; global_ret = 43;
return; return GNUNET_SYSERR;
} }
GNUNET_CONTAINER_DLL_insert_tail (denom_keys_head, GNUNET_CONTAINER_DLL_insert_tail (denom->keys_head,
denom_keys_tail, denom->keys_tail,
dk); dk);
{ {
struct Client *nxt; struct Client *nxt;
@ -518,6 +515,7 @@ create_key (struct Denomination *denom)
} }
} }
} }
return GNUNET_OK;
} }
@ -594,7 +592,7 @@ purge_key (struct DenominationKey *dk)
dk->purge = true; dk->purge = true;
return; return;
} }
GNUNET_CRYPTO_rsa_private_key_free (dk->denom_priv.rsa_priv); GNUNET_CRYPTO_rsa_private_key_free (dk->denom_priv.rsa_private_key);
GNUNET_free (dk); GNUNET_free (dk);
} }
@ -610,15 +608,15 @@ static void
update_keys (struct Denomination *denom) update_keys (struct Denomination *denom)
{ {
/* create new denomination keys */ /* create new denomination keys */
while ( (NULL == denom->denom_tail) || while ( (NULL == denom->keys_tail) ||
(0 == (0 ==
GNUNET_TIME_absolute_get_remaining GNUNET_TIME_absolute_get_remaining (
GNUNET_TIME_absolute_subtract (
GNUNET_TIME_absolute_subtract ( GNUNET_TIME_absolute_subtract (
GNUNET_TIME_absolute_add (denom->keys_tail->anchor, GNUNET_TIME_absolute_subtract (
denom->duration_withdraw), GNUNET_TIME_absolute_add (denom->keys_tail->anchor,
lookahead_sign), denom->duration_withdraw),
overlap_duration)) ) lookahead_sign),
overlap_duration)).rel_value_us) )
if (GNUNET_OK != if (GNUNET_OK !=
create_key (denom)) create_key (denom))
{ {
@ -628,12 +626,12 @@ update_keys (struct Denomination *denom)
return; return;
} }
/* remove expired denomination keys */ /* remove expired denomination keys */
while ( (NULL != denom->denom_head) && while ( (NULL != denom->keys_head) &&
(0 == (0 ==
GNUNET_TIME_absolute_get_remaining GNUNET_TIME_absolute_get_remaining
(GNUNET_TIME_absolute_add (denom->denom_head.anchor, (GNUNET_TIME_absolute_add (denom->keys_head->anchor,
denom->duration_withdraw))) ) denom->duration_withdraw)).rel_value_us) )
purge_key (denom->denom_head); purge_key (denom->keys_head);
/* Update position of 'denom' in #denom_head DLL: sort by action time */ /* Update position of 'denom' in #denom_head DLL: sort by action time */
{ {
@ -677,9 +675,9 @@ update_denominations (void *cls)
denom = denom_head; denom = denom_head;
update_keys (denom); update_keys (denom);
} while (denom != denom_head); } while (denom != denom_head);
keygen_task = GNUNET_SCHEDULER_add_at (TIME, keygen_task = GNUNET_SCHEDULER_add_at (denomination_action_time (denom),
&update_denominations, &update_denominations,
denomination_action_time (denom)); NULL);
} }
@ -723,8 +721,8 @@ parse_key (struct Denomination *denom,
filename); filename);
return; return;
} }
anchor.abs_time_us = anchor_ll * GNUNET_TIME_UNIT_SECONDS.rel_value_us; anchor.abs_value_us = anchor_ll * GNUNET_TIME_UNIT_SECONDS.rel_value_us;
if (anchor_ll != anchor.abs_time_us / GNUNET_TIME_UNIT_SECONDS.rel_value_us) if (anchor_ll != anchor.abs_value_us / GNUNET_TIME_UNIT_SECONDS.rel_value_us)
{ {
/* Integer overflow. Bad, invalid filename. */ /* Integer overflow. Bad, invalid filename. */
GNUNET_log (GNUNET_ERROR_TYPE_WARNING, GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
@ -756,13 +754,13 @@ parse_key (struct Denomination *denom,
return; return;
} }
dk = GNUNET_new (struct DenominationKey); dk = GNUNET_new (struct DenominationKey);
dk->denom_priv.rsa_priv = priv; dk->denom_priv.rsa_private_key = priv;
dk->denomination = denom; dk->denom = denom;
dk->anchor = anchor; dk->anchor = anchor;
dk->filename = GNUNET_strdup (filename); dk->filename = GNUNET_strdup (filename);
GNUNET_CRYPTO_rsa_public_key_hash (pub, GNUNET_CRYPTO_rsa_public_key_hash (pub,
&dk->h_pub); &dk->h_pub);
dk->denom_pub.rsa_pub = pub; dk->denom_pub.rsa_public_key = pub;
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CONTAINER_multihashmap_put ( GNUNET_CONTAINER_multihashmap_put (
keys, keys,
@ -809,7 +807,6 @@ import_key (void *cls,
struct Denomination *denom = cls; struct Denomination *denom = cls;
struct GNUNET_DISK_FileHandle *fh; struct GNUNET_DISK_FileHandle *fh;
struct GNUNET_DISK_MapHandle *map; struct GNUNET_DISK_MapHandle *map;
off_t fsize;
void *ptr; void *ptr;
int fd; int fd;
struct stat sbuf; struct stat sbuf;
@ -820,9 +817,9 @@ import_key (void *cls,
if (0 != lstat (filename, if (0 != lstat (filename,
&lsbuf)) &lsbuf))
{ {
GNUNET_log_strerror_filename (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"lstat", "lstat",
filename); filename);
return GNUNET_OK; return GNUNET_OK;
} }
if (! S_ISREG (lsbuf.st_mode)) if (! S_ISREG (lsbuf.st_mode))
@ -838,17 +835,17 @@ import_key (void *cls,
O_CLOEXEC); O_CLOEXEC);
if (-1 == fd) if (-1 == fd)
{ {
GNUNET_log_strerror_filename (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"open", "open",
filename); filename);
return GNUNET_OK; return GNUNET_OK;
} }
if (0 != fstat (fd, if (0 != fstat (fd,
&sbuf)) &sbuf))
{ {
GNUNET_log_strerror_filename (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"stat", "stat",
filename); filename);
return GNUNET_OK; return GNUNET_OK;
} }
if (! S_ISREG (sbuf.st_mode)) if (! S_ISREG (sbuf.st_mode))
@ -865,9 +862,9 @@ import_key (void *cls,
fchmod (fd, fchmod (fd,
S_IRUSR)) S_IRUSR))
{ {
GNUNET_log_strerror_filename (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"fchmod", "fchmod",
filename); filename);
/* refuse to use key if file has wrong permissions */ /* refuse to use key if file has wrong permissions */
GNUNET_break (0 == close (fd)); GNUNET_break (0 == close (fd));
return GNUNET_OK; return GNUNET_OK;
@ -876,9 +873,9 @@ import_key (void *cls,
fh = GNUNET_DISK_get_handle_from_int_fd (fd); fh = GNUNET_DISK_get_handle_from_int_fd (fd);
if (NULL == fh) if (NULL == fh)
{ {
GNUNET_log_strerror_filename (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"open", "open",
filename); filename);
GNUNET_break (0 == close (fd)); GNUNET_break (0 == close (fd));
return GNUNET_OK; return GNUNET_OK;
} }
@ -896,9 +893,9 @@ import_key (void *cls,
(size_t) sbuf.st_size); (size_t) sbuf.st_size);
if (NULL == ptr) if (NULL == ptr)
{ {
GNUNET_log_strerror_filename (GNUNET_ERROR_TYPE_WARNING, GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"mmap", "mmap",
filename); filename);
GNUNET_DISK_file_close (fh); GNUNET_DISK_file_close (fh);
return GNUNET_OK; return GNUNET_OK;
} }
@ -912,6 +909,67 @@ import_key (void *cls,
} }
/**
* Parse configuration for denomination type parameters. Also determines
* our anchor by looking at the existing denominations of the same type.
*
* @param ct section in the configuration file giving the denomination type parameters
* @param[out] denom set to the denomination parameters from the configuration
* @return #GNUNET_OK on success, #GNUNET_SYSERR if the configuration is invalid
*/
static int
parse_denomination_cfg (const char *ct,
struct Denomination *denom)
{
unsigned long long rsa_keysize;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (kcfg,
ct,
"DURATION_WITHDRAW",
&denom->duration_withdraw))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
ct,
"DURATION_WITHDRAW");
return GNUNET_SYSERR;
}
GNUNET_TIME_round_rel (&denom->duration_withdraw);
if (overlap_duration.rel_value_us >=
denom->duration_withdraw.rel_value_us)
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchangedb",
"OVERLAP_DURATION",
"Value given must be smaller than value for DURATION_WITHDRAW!");
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_number (kcfg,
ct,
"RSA_KEYSIZE",
&rsa_keysize))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
ct,
"RSA_KEYSIZE");
return GNUNET_SYSERR;
}
if ( (rsa_keysize > 4 * 2048) ||
(rsa_keysize < 1024) )
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchangedb",
"RSA_KEYSIZE",
"Given RSA keysize outside of permitted range [1024,8192]\n");
return GNUNET_SYSERR;
}
denom->rsa_keysize = (unsigned int) rsa_keysize;
denom->section = GNUNET_strdup (ct);
return GNUNET_OK;
}
/** /**
* Generate new denomination signing keys for the denomination type of the given @a * Generate new denomination signing keys for the denomination type of the given @a
* denomination_alias. * denomination_alias.
@ -996,68 +1054,6 @@ load_durations (void)
} }
/**
* Parse configuration for denomination type parameters. Also determines
* our anchor by looking at the existing denominations of the same type.
*
* @param ct section in the configuration file giving the denomination type parameters
* @param[out] denom set to the denomination parameters from the configuration
* @return #GNUNET_OK on success, #GNUNET_SYSERR if the configuration is invalid
*/
static int
parse_denomination_cfg (const char *ct,
struct Denomination *denom)
{
const char *dir;
unsigned long long rsa_keysize;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (kcfg,
ct,
"DURATION_WITHDRAW",
&denom->duration_withdraw))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
ct,
"DURATION_WITHDRAW");
return GNUNET_SYSERR;
}
GNUNET_TIME_round_rel (&denom->duration_withdraw);
if (duration_overlap.rel_value_us >=
denom->duration_withdraw.rel_value_us)
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchangedb",
"DURATION_OVERLAP",
"Value given for DURATION_OVERLAP must be smaller than value for DURATION_WITHDRAW!");
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_number (kcfg,
ct,
"RSA_KEYSIZE",
&rsa_keysize))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
ct,
"RSA_KEYSIZE");
return GNUNET_SYSERR;
}
if ( (rsa_keysize > 4 * 2048) ||
(rsa_keysize < 1024) )
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchangedb",
"RSA_KEYSIZE",
"Given RSA keysize outside of permitted range [1024,8192]\n");
return GNUNET_SYSERR;
}
denom->rsa_keysize = (unsigned int) rsa_keysize;
denom->section = GNUNET_strdup (ct);
return GNUNET_OK;
}
/** /**
* Function run on shutdown. Stops the various jobs (nicely). * Function run on shutdown. Stops the various jobs (nicely).
* *

7
src/util/taler-helper-crypto-rsa.h
View File

@ -21,6 +21,9 @@
#ifndef TALER_HELPER_CRYPTO_RSA_H #ifndef TALER_HELPER_CRYPTO_RSA_H
#define TALER_HELPER_CRYPTO_RSA_H #define TALER_HELPER_CRYPTO_RSA_H
#define TALER_HELPER_RSA_MT_PURGE 1
#define TALER_HELPER_RSA_MT_AVAIL 2
GNUNET_NETWORK_STRUCT_BEGIN GNUNET_NETWORK_STRUCT_BEGIN
/** /**
@ -29,7 +32,7 @@ GNUNET_NETWORK_STRUCT_BEGIN
struct TALER_CRYPTO_RsaKeyAvailableNotification struct TALER_CRYPTO_RsaKeyAvailableNotification
{ {
/** /**
* Type is PURGE. * Type is #TALER_HELPER_RSA_MT_AVAIL
*/ */
struct GNUNET_MessageHeader header; struct GNUNET_MessageHeader header;
@ -67,7 +70,7 @@ struct TALER_CRYPTO_RsaKeyAvailableNotification
struct TALER_CRYPTO_RsaKeyPurgeNotification struct TALER_CRYPTO_RsaKeyPurgeNotification
{ {
/** /**
* Type is PURGE. * Type is #TALER_HELPER_RSA_MT_PURGE.
*/ */
struct GNUNET_MessageHeader header; struct GNUNET_MessageHeader header;