/*
This file is part of TALER
Copyright (C) 2014 Christian Grothoff (and other contributing authors)
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, If not, see
*/
/**
* @file taler-mint-keyup.c
* @brief Update the mint's keys for coins and signatures,
* using the mint's offline master key.
* @author Florian Dold
* @author Benedikt Mueller
*/
#include
#include
#include "taler_util.h"
#include "key_io.h"
/**
* FIXME: allow user to specify (within reason).
*/
#define RSA_KEYSIZE 2048
/**
*
*/
#define HASH_CUTOFF 20
/**
* Macro to round microseconds to seconds in GNUNET_TIME_* structs.
*/
#define ROUND_TO_SECS(name,us_field) name.us_field -= name.us_field % (1000 * 1000);
GNUNET_NETWORK_STRUCT_BEGIN
/**
*
*/
struct CoinTypeNBO
{
/**
*
*/
struct GNUNET_TIME_RelativeNBO duration_spend;
/**
*
*/
struct GNUNET_TIME_RelativeNBO duration_withdraw;
/**
*
*/
struct TALER_AmountNBO value;
/**
*
*/
struct TALER_AmountNBO fee_withdraw;
/**
*
*/
struct TALER_AmountNBO fee_deposit;
/**
*
*/
struct TALER_AmountNBO fee_refresh;
};
GNUNET_NETWORK_STRUCT_END
/**
*
*/
struct CoinTypeParams
{
/**
*
*/
struct GNUNET_TIME_Relative duration_spend;
/**
*
*/
struct GNUNET_TIME_Relative duration_withdraw;
/**
*
*/
struct GNUNET_TIME_Relative duration_overlap;
/**
*
*/
struct TALER_Amount value;
/**
*
*/
struct TALER_Amount fee_withdraw;
/**
*
*/
struct TALER_Amount fee_deposit;
/**
*
*/
struct TALER_Amount fee_refresh;
/**
*
*/
struct GNUNET_TIME_Absolute anchor;
};
/**
* Filename of the master private key.
*/
static char *masterkeyfile;
/**
* Director of the mint, containing the keys.
*/
static char *mintdir;
/**
* Time to pretend when the key update is executed.
*/
static char *pretend_time_str;
/**
* Handle to the mint's configuration
*/
static struct GNUNET_CONFIGURATION_Handle *kcfg;
/**
* Time when the key update is executed. Either the actual current time, or a
* pretended time.
*/
static struct GNUNET_TIME_Absolute now;
/**
* Master private key of the mint.
*/
static struct GNUNET_CRYPTO_EddsaPrivateKey *master_priv;
/**
* Master public key of the mint.
*/
static struct GNUNET_CRYPTO_EddsaPublicKey *master_pub;
/**
* Until what time do we provide keys?
*/
static struct GNUNET_TIME_Absolute lookahead_sign_stamp;
/**
*
*
* @param section
* @param option
* @param denom
* @return
*/
static int
config_get_denom (const char *section,
const char *option,
struct TALER_Amount *denom)
{
char *str;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (kcfg,
section,
option,
&str))
return GNUNET_NO;
if (GNUNET_OK != TALER_string_to_amount (str,
denom))
return GNUNET_SYSERR;
return GNUNET_OK;
}
/**
*
*
* @return
*/
static char *
get_signkey_dir ()
{
char *dir;
GNUNET_asprintf (&dir,
"%s" DIR_SEPARATOR_STR DIR_SIGNKEYS,
mintdir);
return dir;
}
/**
*
*
* @param start
* @return
*/
static char *
get_signkey_file (struct GNUNET_TIME_Absolute start)
{
char *dir;
GNUNET_asprintf (&dir,
"%s" DIR_SEPARATOR_STR DIR_SIGNKEYS DIR_SEPARATOR_STR "%llu",
mintdir,
(unsigned long long) start.abs_value_us);
return dir;
}
/**
* Hash the data defining the coin type.
* Exclude information that may not be the same for all
* instances of the coin type (i.e. the anchor, overlap).
*
* @param p
* @param hash
*/
static void
hash_coin_type (const struct CoinTypeParams *p,
struct GNUNET_HashCode *hash)
{
struct CoinTypeNBO p_nbo;
memset (&p_nbo,
0,
sizeof (struct CoinTypeNBO));
p_nbo.duration_spend = GNUNET_TIME_relative_hton (p->duration_spend);
p_nbo.duration_withdraw = GNUNET_TIME_relative_hton (p->duration_withdraw);
p_nbo.value = TALER_amount_hton (p->value);
p_nbo.fee_withdraw = TALER_amount_hton (p->fee_withdraw);
p_nbo.fee_deposit = TALER_amount_hton (p->fee_deposit);
p_nbo.fee_refresh = TALER_amount_hton (p->fee_refresh);
GNUNET_CRYPTO_hash (&p_nbo,
sizeof (struct CoinTypeNBO),
hash);
}
/**
*
*
* @param p
* @return
*/
static const char *
get_cointype_dir (const struct CoinTypeParams *p)
{
static char dir[4096];
struct GNUNET_HashCode hash;
char *hash_str;
char *val_str;
unsigned int i;
hash_coin_type (p, &hash);
hash_str = GNUNET_STRINGS_data_to_string_alloc (&hash,
sizeof (struct GNUNET_HashCode));
GNUNET_assert (HASH_CUTOFF <= strlen (hash_str) + 1);
GNUNET_assert (NULL != hash_str);
hash_str[HASH_CUTOFF] = 0;
val_str = TALER_amount_to_string (p->value);
for (i = 0; i < strlen (val_str); i++)
if (':' == val_str[i] || '.' == val_str[i])
val_str[i] = '_';
GNUNET_snprintf (dir,
sizeof (dir),
"%s" DIR_SEPARATOR_STR DIR_DENOMKEYS DIR_SEPARATOR_STR "%s-%s",
mintdir,
val_str,
hash_str);
GNUNET_free (hash_str);
return dir;
}
/**
*
*
* @param p
* @param start
* @return
*/
static const char *
get_cointype_file (struct CoinTypeParams *p,
struct GNUNET_TIME_Absolute start)
{
const char *dir;
static char filename[4096];
dir = get_cointype_dir (p);
GNUNET_snprintf (filename,
sizeof (filename),
"%s" DIR_SEPARATOR_STR "%llu",
dir,
(unsigned long long) start.abs_value_us);
return filename;
}
/**
* Get the latest key file from the past.
*
* @param cls closure
* @param filename complete filename (absolute path)
* @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error,
* #GNUNET_SYSERR to abort iteration with error!
*/
static int
get_anchor_iter (void *cls,
const char *filename)
{
struct GNUNET_TIME_Absolute *anchor = cls;
struct GNUNET_TIME_Absolute stamp;
const char *base;
char *end = NULL;
base = GNUNET_STRINGS_get_short_name (filename);
stamp.abs_value_us = strtol (base,
&end,
10);
if ((NULL == end) || (0 != *end))
{
fprintf(stderr,
"Ignoring unexpected file '%s'.\n",
filename);
return GNUNET_OK;
}
// TODO: check if it's actually a valid key file
if ( (stamp.abs_value_us <= now.abs_value_us) &&
( stamp.abs_value_us > anchor->abs_value_us) )
*anchor = stamp;
return GNUNET_OK;
}
/**
* Get the timestamp where the first new key should be generated.
* Relies on correctly named key files.
*
* @param dir directory with the signed stuff
* @param duration how long is one key valid?
* @param overlap what's the overlap between the keys validity period?
* @param[out] anchor the timestamp where the first new key should be generated
*/
static void
get_anchor (const char *dir,
struct GNUNET_TIME_Relative duration,
struct GNUNET_TIME_Relative overlap,
struct GNUNET_TIME_Absolute *anchor)
{
GNUNET_assert (0 == duration.rel_value_us % 1000000);
GNUNET_assert (0 == overlap.rel_value_us % 1000000);
if (GNUNET_YES !=
GNUNET_DISK_directory_test (dir, GNUNET_YES))
{
*anchor = now;
fprintf (stderr,
"Cannot look for anchor (%s)\n",
dir);
return;
}
*anchor = GNUNET_TIME_UNIT_ZERO_ABS;
if (-1 ==
GNUNET_DISK_directory_scan (dir,
&get_anchor_iter,
anchor))
{
*anchor = now;
return;
}
if ((GNUNET_TIME_absolute_add (*anchor,
duration)).abs_value_us < now.abs_value_us)
{
// there's no good anchor, start from now
// (existing keys are too old)
*anchor = now;
}
else if (anchor->abs_value_us != now.abs_value_us)
{
// we have a good anchor
*anchor = GNUNET_TIME_absolute_add (*anchor, duration);
*anchor = GNUNET_TIME_absolute_subtract (*anchor, overlap);
}
// anchor is now the stamp where we need to create a new key
}
/**
*
*
* @param start
* @param duration
* @param pi
*/
static void
create_signkey_issue_priv (struct GNUNET_TIME_Absolute start,
struct GNUNET_TIME_Relative duration,
struct TALER_MINT_SignKeyIssuePriv *pi)
{
struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
struct TALER_MINT_SignKeyIssue *issue = &pi->issue;
priv = GNUNET_CRYPTO_eddsa_key_create ();
pi->signkey_priv = *priv;
GNUNET_free (priv);
issue->master_pub = *master_pub;
issue->start = GNUNET_TIME_absolute_hton (start);
issue->expire = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (start,
duration));
GNUNET_CRYPTO_eddsa_key_get_public (&pi->signkey_priv,
&issue->signkey_pub);
issue->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNKEY);
issue->purpose.size = htonl (sizeof (struct TALER_MINT_SignKeyIssue) -
offsetof (struct TALER_MINT_SignKeyIssue,
purpose));
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (master_priv,
&issue->purpose,
&issue->signature));
}
/**
*
*
* @param signkey_filename
* @return
*/
static int
check_signkey_valid (const char *signkey_filename)
{
// FIXME: do real checks
return GNUNET_OK;
}
/**
*
*
* @return
*/
static int
mint_keys_update_signkeys ()
{
struct GNUNET_TIME_Relative signkey_duration;
struct GNUNET_TIME_Absolute anchor;
char *signkey_dir;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (kcfg,
"mint_keys",
"signkey_duration",
&signkey_duration))
{
fprintf (stderr,
"Cannot read config value mint_keys.signkey_duration\n");
return GNUNET_SYSERR;
}
ROUND_TO_SECS (signkey_duration,
rel_value_us);
signkey_dir = get_signkey_dir ();
// make sure the directory exists
if (GNUNET_OK !=
GNUNET_DISK_directory_create (signkey_dir))
{
fprintf (stderr,
"Failed to create signing key directory\n");
return GNUNET_SYSERR;
}
get_anchor (signkey_dir,
signkey_duration,
GNUNET_TIME_UNIT_ZERO,
&anchor);
while (anchor.abs_value_us < lookahead_sign_stamp.abs_value_us)
{
char *skf;
skf = get_signkey_file (anchor);
if (GNUNET_YES !=
GNUNET_DISK_file_test (skf))
{
struct TALER_MINT_SignKeyIssuePriv signkey_issue;
ssize_t nwrite;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Generating signing key for %s.\n",
GNUNET_STRINGS_absolute_time_to_string (anchor));
create_signkey_issue_priv (anchor,
signkey_duration,
&signkey_issue);
nwrite = GNUNET_DISK_fn_write (skf,
&signkey_issue,
sizeof (struct TALER_MINT_SignKeyIssue),
GNUNET_DISK_PERM_USER_WRITE | GNUNET_DISK_PERM_USER_READ);
if (nwrite != sizeof (struct TALER_MINT_SignKeyIssue))
{
fprintf (stderr,
"Failed to write to file `%s': %s\n",
skf,
STRERROR (errno));
return GNUNET_SYSERR;
}
}
else if (GNUNET_OK != check_signkey_valid (skf))
{
return GNUNET_SYSERR;
}
anchor = GNUNET_TIME_absolute_add (anchor, signkey_duration);
}
return GNUNET_OK;
}
/**
*
*
* @param ct
* @param params
* @return
*/
static int
get_cointype_params (const char *ct,
struct CoinTypeParams *params)
{
const char *dir;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (kcfg,
"mint_denom_duration_withdraw",
ct,
¶ms->duration_withdraw))
{
fprintf (stderr,
"Withdraw duration not given for coin type '%s'\n",
ct);
return GNUNET_SYSERR;
}
ROUND_TO_SECS (params->duration_withdraw,
rel_value_us);
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (kcfg,
"mint_denom_duration_spend",
ct,
¶ms->duration_spend))
{
fprintf (stderr,
"Spend duration not given for coin type '%s'\n",
ct);
return GNUNET_SYSERR;
}
ROUND_TO_SECS (params->duration_spend, rel_value_us);
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (kcfg,
"mint_denom_duration_overlap",
ct,
¶ms->duration_overlap))
{
fprintf (stderr,
"Overlap duration not given for coin type '%s'\n",
ct);
return GNUNET_SYSERR;
}
ROUND_TO_SECS (params->duration_overlap,
rel_value_us);
if (GNUNET_OK !=
config_get_denom ("mint_denom_value",
ct,
¶ms->value))
{
fprintf (stderr,
"Value not given for coin type '%s'\n",
ct);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
config_get_denom ("mint_denom_fee_withdraw",
ct,
¶ms->fee_withdraw))
{
fprintf (stderr,
"Withdraw fee not given for coin type '%s'\n",
ct);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
config_get_denom ("mint_denom_fee_deposit",
ct,
¶ms->fee_deposit))
{
fprintf (stderr,
"Deposit fee not given for coin type '%s'\n",
ct);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
config_get_denom ("mint_denom_fee_refresh",
ct,
¶ms->fee_refresh))
{
fprintf (stderr,
"Deposit fee not given for coin type '%s'\n",
ct);
return GNUNET_SYSERR;
}
dir = get_cointype_dir (params);
get_anchor (dir, params->duration_spend, params->duration_overlap, ¶ms->anchor);
return GNUNET_OK;
}
/**
*
*
* @param params
* @param dki
*/
static void
create_denomkey_issue (struct CoinTypeParams *params,
struct TALER_MINT_DenomKeyIssuePriv *dki)
{
GNUNET_assert (NULL != (dki->denom_priv = GNUNET_CRYPTO_rsa_private_key_create (RSA_KEYSIZE)));
dki->denom_pub = GNUNET_CRYPTO_rsa_private_key_get_public (dki->denom_priv);
GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub,
&dki->issue.denom_hash);
dki->issue.master = *master_pub;
dki->issue.start = GNUNET_TIME_absolute_hton (params->anchor);
dki->issue.expire_withdraw =
GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (params->anchor,
params->duration_withdraw));
dki->issue.expire_spend =
GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (params->anchor,
params->duration_spend));
dki->issue.value = TALER_amount_hton (params->value);
dki->issue.fee_withdraw = TALER_amount_hton (params->fee_withdraw);
dki->issue.fee_deposit = TALER_amount_hton (params->fee_deposit);
dki->issue.fee_refresh = TALER_amount_hton (params->fee_refresh);
dki->issue.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_DENOM);
dki->issue.purpose.size = htonl (sizeof (struct TALER_MINT_DenomKeyIssuePriv) -
offsetof (struct TALER_MINT_DenomKeyIssuePriv,
issue.purpose));
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (master_priv,
&dki->issue.purpose,
&dki->issue.signature));
}
/**
*
*
* @param filename
* @param params
* @return
*/
static int
check_cointype_valid (const char *filename,
struct CoinTypeParams *params)
{
// FIXME: add real checks
return GNUNET_OK;
}
/**
*
*
* @param coin_alias
* @return
*/
static int
mint_keys_update_cointype (const char *coin_alias)
{
struct CoinTypeParams p;
const char *cointype_dir;
if (GNUNET_OK != get_cointype_params (coin_alias, &p))
return GNUNET_SYSERR;
cointype_dir = get_cointype_dir (&p);
if (GNUNET_OK != GNUNET_DISK_directory_create (cointype_dir))
return GNUNET_SYSERR;
while (p.anchor.abs_value_us < lookahead_sign_stamp.abs_value_us)
{
const char *dkf;
dkf = get_cointype_file (&p, p.anchor);
if (GNUNET_YES != GNUNET_DISK_file_test (dkf))
{
struct TALER_MINT_DenomKeyIssuePriv denomkey_issue;
int ret;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Generating denomination key for type '%s', start %s at %s\n",
coin_alias,
GNUNET_STRINGS_absolute_time_to_string (p.anchor),
dkf);
create_denomkey_issue (&p,
&denomkey_issue);
ret = TALER_MINT_write_denom_key (dkf,
&denomkey_issue);
GNUNET_CRYPTO_rsa_private_key_free (denomkey_issue.denom_priv);
if (GNUNET_OK != ret)
{
fprintf (stderr,
"Failed to write to file `%s'\n",
dkf);
return GNUNET_SYSERR;
}
}
else if (GNUNET_OK != check_cointype_valid (dkf, &p))
{
return GNUNET_SYSERR;
}
p.anchor = GNUNET_TIME_absolute_add (p.anchor, p.duration_spend);
p.anchor = GNUNET_TIME_absolute_subtract (p.anchor, p.duration_overlap);
}
return GNUNET_OK;
}
/**
*
*
* @return
*/
static int
mint_keys_update_denomkeys ()
{
char *coin_types;
char *ct;
char *tok_ctx;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (kcfg,
"mint_keys",
"coin_types",
&coin_types))
{
fprintf (stderr,
"mint_keys.coin_types not in configuration\n");
return GNUNET_SYSERR;
}
for (ct = strtok_r (coin_types, " ", &tok_ctx);
ct != NULL;
ct = strtok_r (NULL, " ", &tok_ctx))
{
if (GNUNET_OK != mint_keys_update_cointype (ct))
{
GNUNET_free (coin_types);
return GNUNET_SYSERR;
}
}
GNUNET_free (coin_types);
return GNUNET_OK;
}
/**
*
* @return
*/
static int
mint_keys_update ()
{
int ret;
struct GNUNET_TIME_Relative lookahead_sign;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (kcfg,
"mint_keys",
"lookahead_sign",
&lookahead_sign))
{
fprintf (stderr,
"mint_keys.lookahead_sign not found\n");
return GNUNET_SYSERR;
}
if (0 == lookahead_sign.rel_value_us)
{
fprintf (stderr,
"mint_keys.lookahead_sign must not be zero\n");
return GNUNET_SYSERR;
}
ROUND_TO_SECS (lookahead_sign,
rel_value_us);
lookahead_sign_stamp = GNUNET_TIME_absolute_add (now,
lookahead_sign);
ret = mint_keys_update_signkeys ();
if (GNUNET_OK != ret)
return GNUNET_SYSERR;
return mint_keys_update_denomkeys ();
}
/**
* The main function of the keyup tool
*
* @param argc number of arguments from the command line
* @param argv command line arguments
* @return 0 ok, 1 on error
*/
int
main (int argc, char *const *argv)
{
static const struct GNUNET_GETOPT_CommandLineOption options[] = {
GNUNET_GETOPT_OPTION_HELP ("gnunet-mint-keyup OPTIONS"),
{'m', "master-key", "FILE",
"master key file (private key)", 1,
&GNUNET_GETOPT_set_filename, &masterkeyfile},
{'d', "mint-dir", "DIR",
"mint directory with keys to update", 1,
&GNUNET_GETOPT_set_filename, &mintdir},
{'t', "time", "TIMESTAMP",
"pretend it is a different time for the update", 0,
&GNUNET_GETOPT_set_string, &pretend_time_str},
GNUNET_GETOPT_OPTION_END
};
GNUNET_assert (GNUNET_OK ==
GNUNET_log_setup ("taler-mint-keyup",
"WARNING",
NULL));
if (GNUNET_GETOPT_run ("taler-mint-keyup",
options,
argc, argv) < 0)
return 1;
if (NULL == mintdir)
{
fprintf (stderr,
"mint directory not given\n");
return 1;
}
if (NULL != pretend_time_str)
{
if (GNUNET_OK !=
GNUNET_STRINGS_fancy_time_to_absolute (pretend_time_str,
&now))
{
fprintf (stderr,
"timestamp invalid\n");
return 1;
}
}
else
{
now = GNUNET_TIME_absolute_get ();
}
ROUND_TO_SECS (now, abs_value_us);
kcfg = TALER_config_load (mintdir);
if (NULL == kcfg)
{
fprintf (stderr,
"Failed to load mint configuration\n");
return 1;
}
if (NULL == masterkeyfile)
{
fprintf (stderr,
"master key file not given\n");
return 1;
}
master_priv = GNUNET_CRYPTO_eddsa_key_create_from_file (masterkeyfile);
if (NULL == master_priv)
{
fprintf (stderr,
"Failed to initialize master key from file `%s'\n",
masterkeyfile);
return 1;
}
master_pub = GNUNET_new (struct GNUNET_CRYPTO_EddsaPublicKey);
GNUNET_CRYPTO_eddsa_key_get_public (master_priv,
master_pub);
// check if key from file matches the one from the configuration
{
struct GNUNET_CRYPTO_EddsaPublicKey master_pub_from_cfg;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_data (kcfg,
"mint",
"master_pub",
&master_pub_from_cfg,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)))
{
fprintf (stderr,
"Master public key missing in configuration (mint.master_pub)\n");
return 1;
}
if (0 !=
memcmp (master_pub,
&master_pub_from_cfg,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)))
{
fprintf (stderr,
"Mismatch between key from mint configuration and master private key file from command line.\n");
return 1;
}
}
if (GNUNET_OK != mint_keys_update ())
return 1;
return 0;
}
/* end of taler-mint-keyup.c */