[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: implement exchange online signin
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: implement exchange online signing key client library |
|
Date: |
Mon, 23 Nov 2020 20:30:13 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 77dbb832 implement exchange online signing key client library
77dbb832 is described below
commit 77dbb8327618ada8fd112209e54a7bf05d2958f0
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon Nov 23 20:30:10 2020 +0100
implement exchange online signing key client library
---
src/include/taler_crypto_lib.h | 144 ++++++++-
src/include/taler_signatures.h | 2 +-
src/util/Makefile.am | 1 +
src/util/crypto_helper_denom.c | 4 +-
src/util/crypto_helper_esign.c | 551 +++++++++++++++++++++++++++++++++++
src/util/taler-helper-crypto-eddsa.c | 21 +-
src/util/taler-helper-crypto-eddsa.h | 8 +-
src/util/test_helper_rsa.c | 6 +-
8 files changed, 715 insertions(+), 22 deletions(-)
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index ff742d55..d6f19f44 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -1,6 +1,6 @@
/*
This file is part of TALER
- Copyright (C) 2014-2018 Taler Systems SA
+ Copyright (C) 2014-2020 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
@@ -837,7 +837,7 @@ TALER_CRYPTO_helper_denom_connect (
* @param dh helper process connection
*/
void
-TALER_CRYPTO_helper_poll (struct TALER_CRYPTO_DenominationHelper *dh);
+TALER_CRYPTO_helper_denom_poll (struct TALER_CRYPTO_DenominationHelper *dh);
/**
@@ -898,6 +898,146 @@ TALER_CRYPTO_helper_denom_disconnect (
struct TALER_CRYPTO_DenominationHelper *dh);
+/**
+ * Handle for talking to an online key signing helper.
+ */
+struct TALER_CRYPTO_ExchangeSignHelper;
+
+/**
+ * Function called with information about available keys for signing. Usually
+ * only called once per key upon connect. Also called again in case a key is
+ * being revoked, in that case with an @a end_time of zero.
+ *
+ * @param cls closure
+ * @param start_time when does the key become available for signing;
+ * zero if the key has been revoked or purged
+ * @param validity_duration how long does the key remain available for signing;
+ * zero if the key has been revoked or purged
+ * @param exchange_pub the public key itself, NULL if the key was revoked or
purged
+ * @param sm_pub public key of the security module, NULL if the key was
revoked or purged
+ * @param sm_sig signature from the security module, NULL if the key was
revoked or purged
+ * The signature was already verified against @a sm_pub.
+ */
+typedef void
+(*TALER_CRYPTO_ExchangeKeyStatusCallback)(
+ void *cls,
+ struct GNUNET_TIME_Absolute start_time,
+ struct GNUNET_TIME_Relative validity_duration,
+ const struct TALER_ExchangePublicKeyP *exchange_pub,
+ const struct TALER_SecurityModulePublicKeyP *sm_pub,
+ const struct TALER_SecurityModuleSignatureP *sm_sig);
+
+
+/**
+ * Initiate connection to an online signing key helper.
+ *
+ * @param cfg configuration to use
+ * @param ekc function to call with key information
+ * @param ekc_cls closure for @a ekc
+ * @return NULL on error (such as bad @a cfg).
+ */
+struct TALER_CRYPTO_ExchangeSignHelper *
+TALER_CRYPTO_helper_esign_connect (
+ const struct GNUNET_CONFIGURATION_Handle *cfg,
+ TALER_CRYPTO_ExchangeKeyStatusCallback ekc,
+ void *ekc_cls);
+
+
+/**
+ * Function to call to 'poll' for updates to the available key material.
+ * Should be called whenever it is important that the key material status is
+ * current, like when handling a "/keys" request. This function basically
+ * briefly checks if there are messages from the helper announcing changes to
+ * exchange online signing keys.
+ *
+ * @param esh helper process connection
+ */
+void
+TALER_CRYPTO_helper_esign_poll (struct TALER_CRYPTO_ExchangeSignHelper *esh);
+
+
+/**
+ * Request helper @a esh to sign @a msg using the current online
+ * signing key.
+ *
+ * This operation will block until the signature has been obtained. Should
+ * this process receive a signal (that is not ignored) while the operation is
+ * pending, the operation will fail. Note that the helper may still believe
+ * that it created the signature. Thus, signals may result in a small
+ * differences in the signature counters. Retrying in this case may work.
+ *
+ * @param esh helper process connection
+ * @param purpose message to sign (must extend beyond the purpose)
+ * @param[out] exchange_pub set to the public key used for the signature upon
success
+ * @param[out] exchange_sig set to the signature upon success
+ * @return the error code (or #TALER_EC_NONE on success)
+ */
+enum TALER_ErrorCode
+TALER_CRYPTO_helper_esign_sign_ (
+ struct TALER_CRYPTO_ExchangeSignHelper *esh,
+ const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+ struct TALER_ExchangePublicKeyP *exchange_pub,
+ struct TALER_ExchangeSignatureP *exchange_sig);
+
+
+/**
+ * Request helper @a esh to sign @a msg using the current online
+ * signing key.
+ *
+ * This operation will block until the signature has been obtained. Should
+ * this process receive a signal (that is not ignored) while the operation is
+ * pending, the operation will fail. Note that the helper may still believe
+ * that it created the signature. Thus, signals may result in a small
+ * differences in the signature counters. Retrying in this case may work.
+ *
+ * @param esh helper process connection
+ * @param ps message to sign (MUST begin with a purpose)
+ * @param[out] exchange_pub set to the public key used for the signature upon
success
+ * @param[out] exchange_sig set to the signature upon success
+ * @return the error code (or #TALER_EC_NONE on success)
+ */
+#define TALER_CRYPTO_helper_esign_sign(esh,ps,epub,esig) ( \
+ /* check size is set correctly */ \
+ GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)), \
+ /* check 'ps' begins with the purpose */ \
+ GNUNET_static_assert (((void*) (ps)) == \
+ ((void*) &(ps)->purpose)), \
+ TALER_CRYPTO_helper_esign_sign_ (esh, \
+ &(ps)->purpose, \
+ epub, \
+ esig) )
+
+
+/**
+ * Ask the helper to revoke the public key @param exchange_pub.
+ * Will cause the helper to tell all clients that the key is now unavailable,
+ * and to create a replacement key.
+ *
+ * This operation will block until the revocation request has been
+ * transmitted. Should this process receive a signal (that is not ignored)
+ * while the operation is pending, the operation may fail. If the key is
+ * unknown, this function will also appear to have succeeded. To be sure that
+ * the revocation worked, clients must watch the signing key status callback.
+ *
+ * @param esh helper to process connection
+ * @param exchange_pub the public key to revoke
+ */
+void
+TALER_CRYPTO_helper_esign_revoke (
+ struct TALER_CRYPTO_ExchangeSignHelper *esh,
+ const struct TALER_ExchangePublicKeyP *exchange_pub);
+
+
+/**
+ * Close connection to @a esh.
+ *
+ * @param[in] esh connection to close
+ */
+void
+TALER_CRYPTO_helper_esign_disconnect (
+ struct TALER_CRYPTO_ExchangeSignHelper *esh);
+
+
/* **************** /wire account offline signing **************** */
diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h
index 1b197b2c..d72dd11b 100644
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@@ -329,7 +329,7 @@ struct TALER_SigningKeyAnnouncementPS
/**
* How long is the key available after @e anchor_time?
*/
- struct GNUNET_TIME_RelativeNBO duration_withdraw;
+ struct GNUNET_TIME_RelativeNBO duration;
};
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index 5663c623..5840fb8a 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -62,6 +62,7 @@ libtalerutil_la_SOURCES = \
config.c \
crypto.c \
crypto_helper_denom.c \
+ crypto_helper_esign.c \
crypto_wire.c \
getopt.c \
lang.c \
diff --git a/src/util/crypto_helper_denom.c b/src/util/crypto_helper_denom.c
index a216d305..219995b5 100644
--- a/src/util/crypto_helper_denom.c
+++ b/src/util/crypto_helper_denom.c
@@ -234,7 +234,7 @@ TALER_CRYPTO_helper_denom_connect (
}
dh->template = template;
}
- TALER_CRYPTO_helper_poll (dh);
+ TALER_CRYPTO_helper_denom_poll (dh);
return dh;
}
@@ -350,7 +350,7 @@ handle_mt_purge (struct TALER_CRYPTO_DenominationHelper *dh,
void
-TALER_CRYPTO_helper_poll (struct TALER_CRYPTO_DenominationHelper *dh)
+TALER_CRYPTO_helper_denom_poll (struct TALER_CRYPTO_DenominationHelper *dh)
{
char buf[UINT16_MAX];
ssize_t ret;
diff --git a/src/util/crypto_helper_esign.c b/src/util/crypto_helper_esign.c
new file mode 100644
index 00000000..f21d013f
--- /dev/null
+++ b/src/util/crypto_helper_esign.c
@@ -0,0 +1,551 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2020 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file util/crypto_helper_esign.c
+ * @brief utility functions for running out-of-process private key operations
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_util.h"
+#include "taler_signatures.h"
+#include "taler-helper-crypto-eddsa.h"
+
+
+struct TALER_CRYPTO_ExchangeSignHelper
+{
+ /**
+ * Function to call with updates to available key material.
+ */
+ TALER_CRYPTO_ExchangeKeyStatusCallback ekc;
+
+ /**
+ * Closure for @e ekc
+ */
+ void *ekc_cls;
+
+ /**
+ * Socket address of the denomination helper process.
+ * Used to reconnect if the connection breaks.
+ */
+ struct sockaddr_un sa;
+
+ /**
+ * Socket address of this process.
+ */
+ struct sockaddr_un my_sa;
+
+ /**
+ * Template for @e my_sa.
+ */
+ char *template;
+
+ /**
+ * The UNIX domain socket, -1 if we are currently not connected.
+ */
+ int sock;
+};
+
+
+/**
+ * Disconnect from the helper process. Updates
+ * @e sock field in @a esh.
+ *
+ * @param[in,out] esh handle to tear down connection of
+ */
+static void
+do_disconnect (struct TALER_CRYPTO_ExchangeSignHelper *esh)
+{
+ GNUNET_break (0 == close (esh->sock));
+ if (0 != unlink (esh->my_sa.sun_path))
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+ "unlink",
+ esh->my_sa.sun_path);
+ esh->sock = -1;
+}
+
+
+/**
+ * Try to connect to the helper process. Updates
+ * @e sock field in @a esh.
+ *
+ * @param[in,out] esh handle to establish connection for
+ */
+static void
+try_connect (struct TALER_CRYPTO_ExchangeSignHelper *esh)
+{
+ if (-1 != esh->sock)
+ return;
+ esh->sock = socket (AF_UNIX,
+ SOCK_DGRAM,
+ 0);
+ if (-1 == esh->sock)
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+ "socket");
+ return;
+ }
+ {
+ char *tmpdir;
+
+ tmpdir = GNUNET_DISK_mktemp (esh->template);
+ if (NULL == tmpdir)
+ {
+ do_disconnect (esh);
+ return;
+ }
+ /* we use >= here because we want the sun_path to always
+ be 0-terminated */
+ if (strlen (tmpdir) >= sizeof (esh->sa.sun_path))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "PATHS",
+ "TALER_RUNTIME_DIR",
+ "path too long");
+ GNUNET_free (tmpdir);
+ do_disconnect (esh);
+ return;
+ }
+ esh->my_sa.sun_family = AF_UNIX;
+ strncpy (esh->my_sa.sun_path,
+ tmpdir,
+ sizeof (esh->sa.sun_path));
+ if (0 != unlink (tmpdir))
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+ "unlink",
+ tmpdir);
+ GNUNET_free (tmpdir);
+ }
+ if (0 != bind (esh->sock,
+ (const struct sockaddr *) &esh->my_sa,
+ sizeof (esh->my_sa)))
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+ "bind");
+ do_disconnect (esh);
+ return;
+ }
+ {
+ struct GNUNET_MessageHeader hdr = {
+ .size = htons (sizeof (hdr)),
+ .type = htons (TALER_HELPER_EDDSA_MT_REQ_INIT)
+ };
+ ssize_t ret;
+
+ ret = sendto (esh->sock,
+ &hdr,
+ sizeof (hdr),
+ 0,
+ (const struct sockaddr *) &esh->sa,
+ sizeof (esh->sa));
+ if (ret < 0)
+ {
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+ "sendto",
+ esh->sa.sun_path);
+ do_disconnect (esh);
+ return;
+ }
+ /* We are using SOCK_DGRAM, partial writes should not be possible */
+ GNUNET_break (((size_t) ret) == sizeof (hdr));
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Successfully sent REQ_INIT\n");
+ }
+
+}
+
+
+struct TALER_CRYPTO_ExchangeSignHelper *
+TALER_CRYPTO_helper_esign_connect (
+ const struct GNUNET_CONFIGURATION_Handle *cfg,
+ TALER_CRYPTO_ExchangeKeyStatusCallback ekc,
+ void *ekc_cls)
+{
+ struct TALER_CRYPTO_ExchangeSignHelper *esh;
+ char *unixpath;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (cfg,
+ "taler-helper-crypto-eddsa",
+ "UNIXPATH",
+ &unixpath))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "taler-helper-crypto-eddsa",
+ "UNIXPATH");
+ return NULL;
+ }
+ /* we use >= here because we want the sun_path to always
+ be 0-terminated */
+ if (strlen (unixpath) >= sizeof (esh->sa.sun_path))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "taler-helper-crypto-eddsa",
+ "UNIXPATH",
+ "path too long");
+ GNUNET_free (unixpath);
+ return NULL;
+ }
+ esh = GNUNET_new (struct TALER_CRYPTO_ExchangeSignHelper);
+ esh->ekc = ekc;
+ esh->ekc_cls = ekc_cls;
+ esh->sa.sun_family = AF_UNIX;
+ strncpy (esh->sa.sun_path,
+ unixpath,
+ sizeof (esh->sa.sun_path));
+ esh->sock = -1;
+ {
+ char *tmpdir;
+ char *template;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (cfg,
+ "PATHS",
+ "TALER_RUNTIME_DIR",
+ &tmpdir))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_WARNING,
+ "PATHS",
+ "TALER_RUNTIME_DIR");
+ tmpdir = GNUNET_strdup ("/tmp");
+ }
+ GNUNET_asprintf (&template,
+ "%s/crypto-eddsa-client/XXXXXX",
+ tmpdir);
+ GNUNET_free (tmpdir);
+ if (GNUNET_OK !=
+ GNUNET_DISK_directory_create_for_file (template))
+ {
+ GNUNET_free (esh);
+ GNUNET_free (template);
+ return NULL;
+ }
+ esh->template = template;
+ }
+ TALER_CRYPTO_helper_esign_poll (esh);
+ return esh;
+}
+
+
+/**
+ * Handle a #TALER_HELPER_EDDSA_MT_AVAIL message from the helper.
+ *
+ * @param esh helper context
+ * @param hdr message that we received
+ * @return #GNUNET_OK on success
+ */
+static int
+handle_mt_avail (struct TALER_CRYPTO_ExchangeSignHelper *esh,
+ const struct GNUNET_MessageHeader *hdr)
+{
+ const struct TALER_CRYPTO_EddsaKeyAvailableNotification *kan
+ = (const struct TALER_CRYPTO_EddsaKeyAvailableNotification *) hdr;
+
+ if (sizeof (*kan) != ntohs (hdr->size))
+ {
+ GNUNET_break_op (0);
+ return GNUNET_SYSERR;
+ }
+ {
+ struct TALER_SigningKeyAnnouncementPS ska = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_SM_SIGNING_KEY),
+ .purpose.size = htonl (sizeof (ska)),
+ .exchange_pub = kan->exchange_pub,
+ .anchor_time = kan->anchor_time,
+ .duration = kan->duration
+ };
+
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_SIGNING_KEY,
+ &ska,
+ &kan->secm_sig.eddsa_signature,
+ &kan->secm_pub.eddsa_pub))
+ {
+ GNUNET_break_op (0);
+ return GNUNET_SYSERR;
+ }
+ esh->ekc (esh->ekc_cls,
+ GNUNET_TIME_absolute_ntoh (kan->anchor_time),
+ GNUNET_TIME_relative_ntoh (kan->duration),
+ &kan->exchange_pub,
+ &kan->secm_pub,
+ &kan->secm_sig);
+ }
+ return GNUNET_OK;
+}
+
+
+/**
+ * Handle a #TALER_HELPER_EDDSA_MT_PURGE message from the helper.
+ *
+ * @param esh helper context
+ * @param hdr message that we received
+ * @return #GNUNET_OK on success
+ */
+static int
+handle_mt_purge (struct TALER_CRYPTO_ExchangeSignHelper *esh,
+ const struct GNUNET_MessageHeader *hdr)
+{
+ const struct TALER_CRYPTO_EddsaKeyPurgeNotification *pn
+ = (const struct TALER_CRYPTO_EddsaKeyPurgeNotification *) hdr;
+
+ if (sizeof (*pn) != ntohs (hdr->size))
+ {
+ GNUNET_break_op (0);
+ return GNUNET_SYSERR;
+ }
+ esh->ekc (esh->ekc_cls,
+ GNUNET_TIME_UNIT_ZERO_ABS,
+ GNUNET_TIME_UNIT_ZERO,
+ &pn->exchange_pub,
+ NULL,
+ NULL);
+ return GNUNET_OK;
+}
+
+
+void
+TALER_CRYPTO_helper_esign_poll (struct TALER_CRYPTO_ExchangeSignHelper *esh)
+{
+ char buf[UINT16_MAX];
+ ssize_t ret;
+ const struct GNUNET_MessageHeader *hdr
+ = (const struct GNUNET_MessageHeader *) buf;
+
+ try_connect (esh);
+ if (-1 == esh->sock)
+ return; /* give up */
+ while (1)
+ {
+ ret = recv (esh->sock,
+ buf,
+ sizeof (buf),
+ MSG_DONTWAIT);
+ if (ret < 0)
+ {
+ if (EAGAIN == errno)
+ break;
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+ "recv");
+ do_disconnect (esh);
+ return;
+ }
+
+ if ( (ret < sizeof (struct GNUNET_MessageHeader)) ||
+ (ret != ntohs (hdr->size)) )
+ {
+ GNUNET_break_op (0);
+ do_disconnect (esh);
+ return;
+ }
+ switch (ntohs (hdr->type))
+ {
+ case TALER_HELPER_EDDSA_MT_AVAIL:
+ if (GNUNET_OK !=
+ handle_mt_avail (esh,
+ hdr))
+ {
+ GNUNET_break_op (0);
+ do_disconnect (esh);
+ return;
+ }
+ break;
+ case TALER_HELPER_EDDSA_MT_PURGE:
+ if (GNUNET_OK !=
+ handle_mt_purge (esh,
+ hdr))
+ {
+ GNUNET_break_op (0);
+ do_disconnect (esh);
+ return;
+ }
+ break;
+ default:
+ GNUNET_break_op (0);
+ do_disconnect (esh);
+ return;
+ }
+ }
+}
+
+
+enum TALER_ErrorCode
+TALER_CRYPTO_helper_esign_sign_ (
+ struct TALER_CRYPTO_ExchangeSignHelper *esh,
+ const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+ struct TALER_ExchangePublicKeyP *exchange_pub,
+ struct TALER_ExchangeSignatureP *exchange_sig)
+{
+ {
+ uint32_t purpose_size = ntohl (purpose->size);
+ char buf[sizeof (struct TALER_CRYPTO_EddsaSignRequest) + purpose_size
+ - sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)];
+ struct TALER_CRYPTO_EddsaSignRequest *sr
+ = (struct TALER_CRYPTO_EddsaSignRequest *) buf;
+ ssize_t ret;
+
+ try_connect (esh);
+ if (-1 == esh->sock)
+ return TALER_EC_EXCHANGE_SIGNKEY_HELPER_UNAVAILABLE;
+ sr->header.size = htons (sizeof (buf));
+ sr->header.type = htons (TALER_HELPER_EDDSA_MT_REQ_SIGN);
+ sr->reserved = htonl (0);
+ memcpy (&sr->purpose,
+ purpose,
+ purpose_size);
+ ret = sendto (esh->sock,
+ buf,
+ sizeof (buf),
+ 0,
+ &esh->sa,
+ sizeof (esh->sa));
+ if (ret < 0)
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+ "sendto");
+ do_disconnect (esh);
+ return TALER_EC_EXCHANGE_SIGNKEY_HELPER_UNAVAILABLE;
+ }
+ /* We are using SOCK_DGRAM, partial writes should not be possible */
+ GNUNET_break (((size_t) ret) == sizeof (buf));
+ }
+
+ while (1)
+ {
+ char buf[UINT16_MAX];
+ ssize_t ret;
+ const struct GNUNET_MessageHeader *hdr
+ = (const struct GNUNET_MessageHeader *) buf;
+
+ ret = recv (esh->sock,
+ buf,
+ sizeof (buf),
+ 0);
+ if (ret < 0)
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+ "recv");
+ do_disconnect (esh);
+ return TALER_EC_EXCHANGE_SIGNKEY_HELPER_UNAVAILABLE;
+ }
+ if ( (ret < sizeof (struct GNUNET_MessageHeader)) ||
+ (ret != ntohs (hdr->size)) )
+ {
+ GNUNET_break_op (0);
+ do_disconnect (esh);
+ return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
+ }
+ switch (ntohs (hdr->type))
+ {
+ case TALER_HELPER_EDDSA_MT_RES_SIGNATURE:
+ if (ret != sizeof (struct TALER_CRYPTO_EddsaSignResponse))
+ {
+ GNUNET_break_op (0);
+ do_disconnect (esh);
+ return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
+ }
+ {
+ const struct TALER_CRYPTO_EddsaSignResponse *sr =
+ (const struct TALER_CRYPTO_EddsaSignResponse *) buf;
+ *exchange_sig = sr->exchange_sig;
+ *exchange_pub = sr->exchange_pub;
+ return TALER_EC_NONE;
+ }
+ case TALER_HELPER_EDDSA_MT_RES_SIGN_FAILURE:
+ if (ret != sizeof (struct TALER_CRYPTO_EddsaSignFailure))
+ {
+ GNUNET_break_op (0);
+ do_disconnect (esh);
+ return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
+ }
+ {
+ const struct TALER_CRYPTO_EddsaSignFailure *sf =
+ (const struct TALER_CRYPTO_EddsaSignFailure *) buf;
+
+ return (enum TALER_ErrorCode) ntohl (sf->ec);
+ }
+ case TALER_HELPER_EDDSA_MT_AVAIL:
+ if (GNUNET_OK !=
+ handle_mt_avail (esh,
+ hdr))
+ {
+ GNUNET_break_op (0);
+ do_disconnect (esh);
+ return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
+ }
+ break; /* while(1) loop ensures we recvfrom() again */
+ case TALER_HELPER_EDDSA_MT_PURGE:
+ if (GNUNET_OK !=
+ handle_mt_purge (esh,
+ hdr))
+ {
+ GNUNET_break_op (0);
+ do_disconnect (esh);
+ return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
+ }
+ break; /* while(1) loop ensures we recvfrom() again */
+ default:
+ GNUNET_break_op (0);
+ do_disconnect (esh);
+ return TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
+ }
+ }
+}
+
+
+void
+TALER_CRYPTO_helper_esign_revoke (
+ struct TALER_CRYPTO_ExchangeSignHelper *esh,
+ const struct TALER_ExchangePublicKeyP *exchange_pub)
+{
+ struct TALER_CRYPTO_EddsaRevokeRequest rr = {
+ .header.size = htons (sizeof (rr)),
+ .header.type = htons (TALER_HELPER_EDDSA_MT_REQ_REVOKE),
+ .exchange_pub = *exchange_pub
+ };
+ ssize_t ret;
+
+ try_connect (esh);
+ if (-1 == esh->sock)
+ return; /* give up */
+ ret = sendto (esh->sock,
+ &rr,
+ sizeof (rr),
+ 0,
+ (const struct sockaddr *) &esh->sa,
+ sizeof (esh->sa));
+ if (ret < 0)
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
+ "sendto");
+ do_disconnect (esh);
+ return;
+ }
+ /* We are using SOCK_DGRAM, partial writes should not be possible */
+ GNUNET_break (((size_t) ret) == sizeof (rr));
+}
+
+
+void
+TALER_CRYPTO_helper_esign_disconnect (
+ struct TALER_CRYPTO_ExchangeSignHelper *esh)
+{
+ do_disconnect (esh);
+ GNUNET_free (esh->template);
+ GNUNET_free (esh);
+}
+
+
+/* end of crypto_helper_esign.c */
diff --git a/src/util/taler-helper-crypto-eddsa.c
b/src/util/taler-helper-crypto-eddsa.c
index a20ffd79..58460447 100644
--- a/src/util/taler-helper-crypto-eddsa.c
+++ b/src/util/taler-helper-crypto-eddsa.c
@@ -495,7 +495,7 @@ handle_done (void *cls)
GNUNET_assert (0 == pthread_mutex_unlock (&done_lock));
if (TALER_EC_NONE != wi->ec)
{
- struct TALER_CRYPTO_SignFailure sf = {
+ struct TALER_CRYPTO_EddsaSignFailure sf = {
.header.size = htons (sizeof (sf)),
.header.type = htons (TALER_HELPER_EDDSA_MT_RES_SIGN_FAILURE),
.ec = htonl (wi->ec)
@@ -509,7 +509,7 @@ handle_done (void *cls)
}
else
{
- struct TALER_CRYPTO_SignResponse sr = {
+ struct TALER_CRYPTO_EddsaSignResponse sr = {
.header.size = htons (sizeof (sr)),
.header.type = htons (TALER_HELPER_EDDSA_MT_RES_SIGNATURE),
.exchange_pub = wi->key->exchange_pub,
@@ -548,7 +548,7 @@ handle_done (void *cls)
static void
handle_sign_request (const struct sockaddr_un *addr,
socklen_t addr_size,
- const struct TALER_CRYPTO_SignRequest *sr)
+ const struct TALER_CRYPTO_EddsaSignRequest *sr)
{
const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose = &sr->purpose;
struct WorkItem *wi;
@@ -557,7 +557,7 @@ handle_sign_request (const struct sockaddr_un *addr,
if (purpose_size != htonl (purpose->size))
{
- struct TALER_CRYPTO_SignFailure sf = {
+ struct TALER_CRYPTO_EddsaSignFailure sf = {
.header.size = htons (sizeof (sr)),
.header.type = htons (TALER_HELPER_EDDSA_MT_RES_SIGN_FAILURE),
.ec = htonl (TALER_EC_GENERIC_PARAMETER_MALFORMED)
@@ -606,7 +606,7 @@ notify_client_key_add (struct Client *client,
.purpose.size = htonl (sizeof (ska)),
.exchange_pub = key->exchange_pub,
.anchor_time = GNUNET_TIME_absolute_hton (key->anchor),
- .duration_withdraw = GNUNET_TIME_relative_hton (duration)
+ .duration = GNUNET_TIME_relative_hton (duration)
};
struct TALER_CRYPTO_EddsaKeyAvailableNotification an = {
.header.size = htons (sizeof (an)),
@@ -743,7 +743,7 @@ setup_key (struct Key *key,
static void
handle_revoke_request (const struct sockaddr_un *addr,
socklen_t addr_size,
- const struct TALER_CRYPTO_RevokeRequest *rr)
+ const struct TALER_CRYPTO_EddsaRevokeRequest *rr)
{
struct Key *key;
struct Key *nkey;
@@ -884,24 +884,25 @@ read_job (void *cls)
}
break;
case TALER_HELPER_EDDSA_MT_REQ_SIGN:
- if (ntohs (hdr->size) <= sizeof (struct TALER_CRYPTO_SignRequest))
+ if (ntohs (hdr->size) < sizeof (struct TALER_CRYPTO_EddsaSignRequest))
{
GNUNET_break_op (0);
return;
}
handle_sign_request (&addr,
addr_size,
- (const struct TALER_CRYPTO_SignRequest *) buf);
+ (const struct TALER_CRYPTO_EddsaSignRequest *) buf);
break;
case TALER_HELPER_EDDSA_MT_REQ_REVOKE:
- if (ntohs (hdr->size) != sizeof (struct TALER_CRYPTO_RevokeRequest))
+ if (ntohs (hdr->size) != sizeof (struct TALER_CRYPTO_EddsaRevokeRequest))
{
GNUNET_break_op (0);
return;
}
handle_revoke_request (&addr,
addr_size,
- (const struct TALER_CRYPTO_RevokeRequest *) buf);
+ (const struct
+ TALER_CRYPTO_EddsaRevokeRequest *) buf);
break;
default:
GNUNET_break_op (0);
diff --git a/src/util/taler-helper-crypto-eddsa.h
b/src/util/taler-helper-crypto-eddsa.h
index fe6ca405..7c014e45 100644
--- a/src/util/taler-helper-crypto-eddsa.h
+++ b/src/util/taler-helper-crypto-eddsa.h
@@ -103,7 +103,7 @@ struct TALER_CRYPTO_EddsaKeyPurgeNotification
/**
* Message sent if a signature is requested.
*/
-struct TALER_CRYPTO_SignRequest
+struct TALER_CRYPTO_EddsaSignRequest
{
/**
* Type is #TALER_HELPER_EDDSA_MT_REQ_SIGN.
@@ -127,7 +127,7 @@ struct TALER_CRYPTO_SignRequest
/**
* Message sent if a key was revoked.
*/
-struct TALER_CRYPTO_RevokeRequest
+struct TALER_CRYPTO_EddsaRevokeRequest
{
/**
* Type is #TALER_HELPER_EDDSA_MT_REQ_REVOKE.
@@ -150,7 +150,7 @@ struct TALER_CRYPTO_RevokeRequest
/**
* Message sent if a signature was successfully computed.
*/
-struct TALER_CRYPTO_SignResponse
+struct TALER_CRYPTO_EddsaSignResponse
{
/**
* Type is #TALER_HELPER_EDDSA_MT_RES_SIGNATURE.
@@ -178,7 +178,7 @@ struct TALER_CRYPTO_SignResponse
/**
* Message sent if signing failed.
*/
-struct TALER_CRYPTO_SignFailure
+struct TALER_CRYPTO_EddsaSignFailure
{
/**
* Type is #TALER_HELPER_EDDSA_MT_RES_SIGN_FAILURE.
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c
index 2b6c850f..3c7ae443 100644
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@@ -196,7 +196,7 @@ test_revocation (struct TALER_CRYPTO_DenominationHelper *dh)
&keys[j].h_denom_pub);
for (unsigned int k = 0; k<1000; k++)
{
- TALER_CRYPTO_helper_poll (dh);
+ TALER_CRYPTO_helper_denom_poll (dh);
if (! keys[j].revoked)
break;
nanosleep (&req, NULL);
@@ -387,7 +387,7 @@ perf_signing (struct TALER_CRYPTO_DenominationHelper *dh)
duration = GNUNET_TIME_UNIT_ZERO;
for (unsigned int j = 0; j<NUM_SIGN_TESTS;)
{
- TALER_CRYPTO_helper_poll (dh);
+ TALER_CRYPTO_helper_denom_poll (dh);
for (unsigned int i = 0; i<MAX_KEYS; i++)
{
if (! keys[i].valid)
@@ -476,7 +476,7 @@ run_test (void)
fprintf (stderr, "Waiting for helper to start ");
for (unsigned int i = 0; i<1000; i++)
{
- TALER_CRYPTO_helper_poll (dh);
+ TALER_CRYPTO_helper_denom_poll (dh);
if (0 != num_keys)
break;
nanosleep (&req, NULL);
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: implement exchange online signing key client library,
gnunet <=