taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

finish helper test cases

Browse Source
This commit is contained in:
Christian Grothoff 2020-11-23 21:10:55 +01:00
parent 77dbb83276
commit d5656ec46e
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
8 changed files with 516 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/util/Makefile.am
View File

@ -18,6 +18,7 @@ pkgcfg_DATA = \
EXTRA_DIST = \
paths.conf \
taler-config.in \
test_helper_eddsa.conf \
test_helper_rsa.conf
libexec_PROGRAMS = \
@ -89,6 +90,7 @@ AM_TESTS_ENVIRONMENT=export TALER_PREFIX=$${TALER_PREFIX:-@libdir@};export PATH=
check_PROGRAMS = \
test_amount \
test_crypto \
test_helper_eddsa \
test_helper_rsa \
test_payto \
test_url
@ -115,6 +117,12 @@ test_payto_LDADD = \
-lgnunetutil \
libtalerutil.la
test_helper_eddsa_SOURCES = \
test_helper_eddsa.c
test_helper_eddsa_LDADD = \
-lgnunetutil \
libtalerutil.la
test_helper_rsa_SOURCES = \
test_helper_rsa.c
test_helper_rsa_LDADD = \

3
src/util/crypto_helper_denom.c
View File

@ -294,6 +294,9 @@ handle_mt_avail (struct TALER_CRYPTO_DenominationHelper *dh,
}
GNUNET_CRYPTO_rsa_public_key_hash (denom_pub.rsa_public_key,
&dka.h_denom_pub);
GNUNET_CRYPTO_hash (section_name,
strlen (section_name) + 1,
&dka.h_section_name);
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_DENOMINATION_KEY,
&dka,

32
src/util/taler-helper-crypto-eddsa.c
View File

@ -179,6 +179,11 @@ struct WorkItem
*/
static struct TALER_SecurityModulePrivateKeyP smpriv;
/**
* Public key of this security module.
*/
static struct TALER_SecurityModulePublicKeyP smpub;
/**
* Head of DLL of actual keys, sorted by anchor.
*/
@ -613,7 +618,8 @@ notify_client_key_add (struct Client *client,
.header.type = htons (TALER_HELPER_EDDSA_MT_AVAIL),
.anchor_time = GNUNET_TIME_absolute_hton (key->anchor),
.duration = GNUNET_TIME_relative_hton (duration),
.exchange_pub = key->exchange_pub
.exchange_pub = key->exchange_pub,
.secm_pub = smpub
};
GNUNET_CRYPTO_eddsa_sign (&smpriv.eddsa_priv,
@ -944,6 +950,7 @@ create_key (void)
setup_key (key,
keys_tail))
{
GNUNET_break (0);
GNUNET_free (key);
GNUNET_SCHEDULER_shutdown ();
global_ret = 42;
@ -1043,8 +1050,13 @@ update_keys (void *cls)
duration),
lookahead_sign),
overlap_duration)).rel_value_us) )
GNUNET_assert (GNUNET_OK ==
create_key ());
if (GNUNET_OK !=
create_key ())
{
GNUNET_break (0);
GNUNET_SCHEDULER_shutdown ();
return;
}
/* remove expired keys */
while ( (NULL != keys_head) &&
(0 ==
@ -1281,6 +1293,17 @@ load_durations (void)
"OVERLAP_DURATION");
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (kcfg,
"taler-helper-crypto-eddsa",
"DURATION",
&duration))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"taler-helper-crypto-eddsa",
"DURATION");
return GNUNET_SYSERR;
}
GNUNET_TIME_round_rel (&overlap_duration);
if (GNUNET_OK !=
@ -1412,6 +1435,8 @@ run (void *cls,
return;
}
GNUNET_free (pfn);
GNUNET_CRYPTO_eddsa_key_get_public (&smpriv.eddsa_priv,
&smpub.eddsa_pub);
}
if (GNUNET_OK !=
@ -1507,7 +1532,6 @@ run (void *cls,
GNUNET_DISK_directory_scan (keydir,
&import_key,
NULL);
update_keys (NULL);
if (NULL == keys_head)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,

8
src/util/taler-helper-crypto-rsa.c
View File

@ -251,6 +251,11 @@ static int global_ret;
*/
static struct TALER_SecurityModulePrivateKeyP smpriv;
/**
* Public key of this security module.
*/
static struct TALER_SecurityModulePublicKeyP smpub;
/**
* Number of worker threads to use. Default (0) is to use one per CPU core
* available.
@ -735,6 +740,7 @@ notify_client_dk_add (struct Client *client,
GNUNET_CRYPTO_eddsa_sign (&smpriv.eddsa_priv,
&dka,
&an->secm_sig.eddsa_signature);
an->secm_pub = smpub;
p = (void *) &an[1];
memcpy (p,
buf,
@ -1793,6 +1799,8 @@ run (void *cls,
return;
}
GNUNET_free (pfn);
GNUNET_CRYPTO_eddsa_key_get_public (&smpriv.eddsa_priv,
&smpub.eddsa_pub);
}
if (GNUNET_OK !=

447
src/util/test_helper_eddsa.c Normal file
View File

@ -0,0 +1,447 @@
/*
This file is part of TALER
(C) 2020 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file util/test_helper_eddsa.c
* @brief Tests for EDDSA crypto helper
* @author Christian Grothoff
*/
#include "platform.h"
#include "taler_util.h"
#include <gnunet/gnunet_signatures.h>
/**
* Configuration has 1 minute duration and 5 minutes lookahead, so
* we should never have more than 6 active keys, plus for during
* key expiration / revocation.
*/
#define MAX_KEYS 7
/**
* How many random key revocations should we test?
*/
#define NUM_REVOKES 3
/**
* How many iterations of the successful signing test should we run?
*/
#define NUM_SIGN_TESTS 100
/**
* Number of keys currently in #keys.
*/
static unsigned int num_keys;
/**
* Keys currently managed by the helper.
*/
struct KeyData
{
/**
* Validity start point.
*/
struct GNUNET_TIME_Absolute start_time;
/**
* Key expires for signing at @e start_time plus this value.
*/
struct GNUNET_TIME_Relative validity_duration;
/**
* Full public key.
*/
struct TALER_ExchangePublicKeyP exchange_pub;
/**
* Is this key currently valid?
*/
bool valid;
/**
* Did the test driver revoke this key?
*/
bool revoked;
};
/**
* Array of all the keys we got from the helper.
*/
static struct KeyData keys[MAX_KEYS];
/**
* Function called with information about available keys for signing. Usually
* only called once per key upon connect. Also called again in case a key is
* being revoked, in that case with an @a end_time of zero. Stores the keys
* status in #keys.
*
* @param cls closure, NULL
* @param start_time when does the key become available for signing;
* zero if the key has been revoked or purged
* @param validity_duration how long does the key remain available for signing;
* zero if the key has been revoked or purged
* @param exchange_pub the public key itself
* @param sm_pub public key of the security module, NULL if the key was revoked or purged
* @param sm_sig signature from the security module, NULL if the key was revoked or purged
* The signature was already verified against @a sm_pub.
*/
static void
key_cb (void *cls,
struct GNUNET_TIME_Absolute start_time,
struct GNUNET_TIME_Relative validity_duration,
const struct TALER_ExchangePublicKeyP *exchange_pub,
const struct TALER_SecurityModulePublicKeyP *sm_pub,
const struct TALER_SecurityModuleSignatureP *sm_sig)
{
(void) sm_pub;
(void) sm_sig;
if (0 == validity_duration.rel_value_us)
{
bool found = false;
for (unsigned int i = 0; i<MAX_KEYS; i++)
if (0 == GNUNET_memcmp (exchange_pub,
&keys[i].exchange_pub))
{
keys[i].valid = false;
keys[i].revoked = false;
GNUNET_assert (num_keys > 0);
num_keys--;
found = true;
break;
}
if (! found)
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Error: helper announced expiration of unknown key!\n");
return;
}
for (unsigned int i = 0; i<MAX_KEYS; i++)
if (! keys[i].valid)
{
keys[i].valid = true;
keys[i].exchange_pub = *exchange_pub;
keys[i].start_time = start_time;
keys[i].validity_duration = validity_duration;
num_keys++;
return;
}
/* too many keys! */
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Error: received %d live keys from the service!\n",
MAX_KEYS + 1);
}
/**
* Test key revocation logic.
*
* @param esh handle to the helper
* @return 0 on success
*/
static int
test_revocation (struct TALER_CRYPTO_ExchangeSignHelper *esh)
{
struct timespec req = {
.tv_nsec = 250000000
};
for (unsigned int i = 0; i<NUM_REVOKES; i++)
{
uint32_t off;
off = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_WEAK,
num_keys);
/* find index of key to revoke */
for (unsigned int j = 0; j < MAX_KEYS; j++)
{
if (! keys[j].valid)
continue;
if (0 != off)
{
off--;
continue;
}
keys[j].revoked = true;
fprintf (stderr,
"Revoking key ...");
TALER_CRYPTO_helper_esign_revoke (esh,
&keys[j].exchange_pub);
for (unsigned int k = 0; k<1000; k++)
{
TALER_CRYPTO_helper_esign_poll (esh);
if (! keys[j].revoked)
break;
nanosleep (&req, NULL);
fprintf (stderr, ".");
}
if (keys[j].revoked)
{
fprintf (stderr,
"\nFAILED: timeout trying to revoke key %u\n",
j);
TALER_CRYPTO_helper_esign_disconnect (esh);
return 2;
}
fprintf (stderr, "\n");
break;
}
}
return 0;
}
/**
* Test signing logic.
*
* @param esh handle to the helper
* @return 0 on success
*/
static int
test_signing (struct TALER_CRYPTO_ExchangeSignHelper *esh)
{
struct GNUNET_CRYPTO_EccSignaturePurpose purpose = {
.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST),
.size = htonl (sizeof (purpose)),
};
for (unsigned int i = 0; i<2; i++)
{
struct TALER_ExchangePublicKeyP exchange_pub;
struct TALER_ExchangeSignatureP exchange_sig;
enum TALER_ErrorCode ec;
ec = TALER_CRYPTO_helper_esign_sign_ (esh,
&purpose,
&exchange_pub,
&exchange_sig);
switch (ec)
{
case TALER_EC_NONE:
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
&purpose,
&exchange_sig.eddsa_signature,
&exchange_pub.eddsa_pub))
{
/* signature invalid */
GNUNET_break (0);
return 17;
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Received valid signature\n");
break;
default:
/* unexpected error */
GNUNET_break (0);
return 7;
}
}
return 0;
}
/**
* Benchmark signing logic.
*
* @param esh handle to the helper
* @return 0 on success
*/
static int
perf_signing (struct TALER_CRYPTO_ExchangeSignHelper *esh)
{
struct GNUNET_CRYPTO_EccSignaturePurpose purpose = {
.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST),
.size = htonl (sizeof (purpose)),
};
struct GNUNET_TIME_Relative duration;
duration = GNUNET_TIME_UNIT_ZERO;
for (unsigned int j = 0; j<NUM_SIGN_TESTS;)
{
struct GNUNET_TIME_Relative delay;
struct TALER_ExchangePublicKeyP exchange_pub;
struct TALER_ExchangeSignatureP exchange_sig;
enum TALER_ErrorCode ec;
struct GNUNET_TIME_Absolute start;
TALER_CRYPTO_helper_esign_poll (esh);
start = GNUNET_TIME_absolute_get ();
ec = TALER_CRYPTO_helper_esign_sign_ (esh,
&purpose,
&exchange_pub,
&exchange_sig);
if (TALER_EC_NONE != ec)
{
GNUNET_break (0);
return 42;
}
delay = GNUNET_TIME_absolute_get_duration (start);
duration = GNUNET_TIME_relative_add (duration,
delay);
j++;
} /* for j */
fprintf (stderr,
"%u (sequential) signature operations took %s\n",
(unsigned int) NUM_SIGN_TESTS,
GNUNET_STRINGS_relative_time_to_string (duration,
GNUNET_YES));
return 0;
}
/**
* Main entry point into the test logic with the helper already running.
*/
static int
run_test (void)
{
struct GNUNET_CONFIGURATION_Handle *cfg;
struct TALER_CRYPTO_ExchangeSignHelper *esh;
struct timespec req = {
.tv_nsec = 250000000
};
int ret;
cfg = GNUNET_CONFIGURATION_create ();
if (GNUNET_OK !=
GNUNET_CONFIGURATION_load (cfg,
"test_helper_eddsa.conf"))
{
GNUNET_break (0);
return 77;
}
esh = TALER_CRYPTO_helper_esign_connect (cfg,
&key_cb,
NULL);
GNUNET_CONFIGURATION_destroy (cfg);
if (NULL == esh)
{
GNUNET_break (0);
return 1;
}
/* wait for helper to start and give us keys */
fprintf (stderr, "Waiting for helper to start ");
for (unsigned int i = 0; i<1000; i++)
{
TALER_CRYPTO_helper_esign_poll (esh);
if (0 != num_keys)
break;
nanosleep (&req, NULL);
fprintf (stderr, ".");
}
if (0 == num_keys)
{
fprintf (stderr,
"\nFAILED: timeout trying to connect to helper\n");
TALER_CRYPTO_helper_esign_disconnect (esh);
return 1;
}
fprintf (stderr,
"\nOK: Helper ready (%u keys)\n",
num_keys);
ret = 0;
if (0 == ret)
ret = test_revocation (esh);
if (0 == ret)
ret = test_signing (esh);
if (0 == ret)
ret = perf_signing (esh);
TALER_CRYPTO_helper_esign_disconnect (esh);
/* clean up our state */
for (unsigned int i = 0; i<MAX_KEYS; i++)
if (keys[i].valid)
{
keys[i].valid = false;
GNUNET_assert (num_keys > 0);
num_keys--;
}
return ret;
}
int
main (int argc,
const char *const argv[])
{
struct GNUNET_OS_Process *helper;
char *libexec_dir;
char *binary_name;
int ret;
enum GNUNET_OS_ProcessStatusType type;
unsigned long code;
(void) argc;
(void) argv;
GNUNET_log_setup ("test-helper-eddsa",
"WARNING",
NULL);
GNUNET_OS_init (TALER_project_data_default ());
libexec_dir = GNUNET_OS_installation_get_path (GNUNET_OS_IPK_LIBEXECDIR);
GNUNET_asprintf (&binary_name,
"%s/%s",
libexec_dir,
"taler-helper-crypto-eddsa");
GNUNET_free (libexec_dir);
helper = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_ERR,
NULL, NULL, NULL,
binary_name,
binary_name,
"-c",
"test_helper_eddsa.conf",
"-L",
"WARNING",
NULL);
if (NULL == helper)
{
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
"exec",
binary_name);
GNUNET_free (binary_name);
return 77;
}
GNUNET_free (binary_name);
ret = run_test ();
GNUNET_OS_process_kill (helper,
SIGTERM);
if (GNUNET_OK !=
GNUNET_OS_process_wait_status (helper,
&type,
&code))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Helper process did not die voluntarily, killing hard\n");
GNUNET_OS_process_kill (helper,
SIGKILL);
ret = 4;
}
else if ( (GNUNET_OS_PROCESS_EXITED != type) ||
(0 != code) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Helper died with unexpected status %d/%d\n",
(int) type,
(int) code);
ret = 5;
}
GNUNET_OS_process_destroy (helper);
return ret;
}
/* end of test_helper_eddsa.c */

8
src/util/test_helper_eddsa.conf Normal file
View File

@ -0,0 +1,8 @@
[taler-helper-crypto-eddsa]
LOOKAHEAD_SIGN = 5 minutes
OVERLAP_DURATION = 1 s
DURATION = 1 minute
KEY_DIR = ${TALER_RUNTIME_DIR}/test_helper_eddsa/
UNIXPATH = ${TALER_RUNTIME_DIR}test_helper_eddsa.unix
SM_PRIV_KEY = ${TALER_DATA_HOME}/taler-helper-crypto-eddsa/.private-key

14
src/util/test_helper_rsa.c
View File

@ -31,12 +31,12 @@
/**
* How many random key revocations should we test?
*/
#define NUM_REVOKES 10
#define NUM_REVOKES 3
/**
* How many iterations of the successful signing test should we run?
*/
#define NUM_SIGN_TESTS 100
#define NUM_SIGN_TESTS 5
/**
@ -101,6 +101,9 @@ static struct KeyData keys[MAX_KEYS];
* zero if the key has been revoked or purged
* @param h_denom_pub hash of the @a denom_pub that is available (or was purged)
* @param denom_pub the public key itself, NULL if the key was revoked or purged
* @param sm_pub public key of the security module, NULL if the key was revoked or purged
* @param sm_sig signature from the security module, NULL if the key was revoked or purged
* The signature was already verified against @a sm_pub.
*/
static void
key_cb (void *cls,
@ -108,8 +111,12 @@ key_cb (void *cls,
struct GNUNET_TIME_Absolute start_time,
struct GNUNET_TIME_Relative validity_duration,
const struct GNUNET_HashCode *h_denom_pub,
const struct TALER_DenominationPublicKey *denom_pub)
const struct TALER_DenominationPublicKey *denom_pub,
const struct TALER_SecurityModulePublicKeyP *sm_pub,
const struct TALER_SecurityModuleSignatureP *sm_sig)
{
(void) sm_pub;
(void) sm_sig;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Key notification about key %s in `%s'\n",
GNUNET_h2s (h_denom_pub),
@ -373,7 +380,6 @@ perf_signing (struct TALER_CRYPTO_DenominationHelper *dh)
{
struct TALER_DenominationSignature ds;
enum TALER_ErrorCode ec;
bool success = false;
struct GNUNET_HashCode m_hash;
struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
struct GNUNET_TIME_Relative duration;

8
src/util/test_helper_rsa.conf
View File

@ -1,10 +1,10 @@
[coin_1]
duration_withdraw = 1 minute
rsa_keysize = 2048
DURATION_WITHDRAW = 1 minute
RSA_KEYSIZE = 2048
[taler-helper-crypto-rsa]
lookahead_sign = 5 minutes
overlap_duration = 1 s
LOOKAHEAD_SIGN = 5 minutes
OVERLAP_DURATION = 1 s
KEY_DIR = ${TALER_RUNTIME_DIR}/test_helper_rsa/
UNIXPATH = ${TALER_RUNTIME_DIR}test_helper_rsa.unix