[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: improve secmod for donau
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: improve secmod for donau |
|
Date: |
Mon, 15 Jan 2024 15:09:57 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new db7558bb improve secmod for donau
db7558bb is described below
commit db7558bbb41f8c01a08e1e46b01ad14d955f724b
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon Jan 15 15:09:52 2024 +0100
improve secmod for donau
---
src/exchange/taler-exchange-httpd_keys.c | 6 ++--
src/util/crypto_helper_cs.c | 2 +-
src/util/crypto_helper_esign.c | 4 +--
src/util/crypto_helper_rsa.c | 6 ++--
src/util/taler-exchange-secmod-cs.c | 48 ++++++++++++++++++++++--------
src/util/taler-exchange-secmod-eddsa.c | 43 ++++++++++++++++++---------
src/util/taler-exchange-secmod-rsa.c | 50 ++++++++++++++++++++++++--------
src/util/taler-exchange-secmod-rsa.conf | 5 +++-
src/util/test_helper_cs.c | 4 +--
src/util/test_helper_eddsa.c | 4 +--
src/util/test_helper_rsa.c | 4 +--
11 files changed, 123 insertions(+), 53 deletions(-)
diff --git a/src/exchange/taler-exchange-httpd_keys.c
b/src/exchange/taler-exchange-httpd_keys.c
index 4d6decf3..8ec11cff 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -1630,7 +1630,7 @@ setup_key_helpers (struct HelperState *hs)
= GNUNET_CONTAINER_multipeermap_create (32,
GNUNET_NO /* MUST BE NO! */);
hs->rsadh = TALER_CRYPTO_helper_rsa_connect (TEH_cfg,
- "taler",
+ "taler-exchange",
&helper_rsa_cb,
hs);
if (NULL == hs->rsadh)
@@ -1639,7 +1639,7 @@ setup_key_helpers (struct HelperState *hs)
return GNUNET_SYSERR;
}
hs->csdh = TALER_CRYPTO_helper_cs_connect (TEH_cfg,
- "taler",
+ "taler-exchange",
&helper_cs_cb,
hs);
if (NULL == hs->csdh)
@@ -1648,7 +1648,7 @@ setup_key_helpers (struct HelperState *hs)
return GNUNET_SYSERR;
}
hs->esh = TALER_CRYPTO_helper_esign_connect (TEH_cfg,
- "taler",
+ "taler-exchange",
&helper_esign_cb,
hs);
if (NULL == hs->esh)
diff --git a/src/util/crypto_helper_cs.c b/src/util/crypto_helper_cs.c
index ac41f52c..4c4a56fe 100644
--- a/src/util/crypto_helper_cs.c
+++ b/src/util/crypto_helper_cs.c
@@ -122,7 +122,7 @@ TALER_CRYPTO_helper_cs_connect (
char *secname;
GNUNET_asprintf (&secname,
- "%s-exchange-secmod-cs",
+ "%s-secmod-cs",
section);
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_filename (cfg,
diff --git a/src/util/crypto_helper_esign.c b/src/util/crypto_helper_esign.c
index 4901937f..e044d31d 100644
--- a/src/util/crypto_helper_esign.c
+++ b/src/util/crypto_helper_esign.c
@@ -118,9 +118,9 @@ TALER_CRYPTO_helper_esign_connect (
struct TALER_CRYPTO_ExchangeSignHelper *esh;
char *unixpath;
char *secname;
-
+
GNUNET_asprintf (&secname,
- "%s-exchange-secmod-eddsa",
+ "%s-secmod-eddsa",
section);
if (GNUNET_OK !=
diff --git a/src/util/crypto_helper_rsa.c b/src/util/crypto_helper_rsa.c
index d5b7ccf2..e23e12a8 100644
--- a/src/util/crypto_helper_rsa.c
+++ b/src/util/crypto_helper_rsa.c
@@ -120,9 +120,9 @@ TALER_CRYPTO_helper_rsa_connect (
struct TALER_CRYPTO_RsaDenominationHelper *dh;
char *unixpath;
char *secname;
-
+
GNUNET_asprintf (&secname,
- "%s-exchange-secmod-rsa",
+ "%s-secmod-rsa",
section);
if (GNUNET_OK !=
@@ -142,7 +142,7 @@ TALER_CRYPTO_helper_rsa_connect (
if (strlen (unixpath) >= sizeof (dh->sa.sun_path))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
- "taler-exchange-secmod-rsa",
+ secname,
"UNIXPATH",
"path too long");
GNUNET_free (unixpath);
diff --git a/src/util/taler-exchange-secmod-cs.c
b/src/util/taler-exchange-secmod-cs.c
index fbd5aa25..3e9ba155 100644
--- a/src/util/taler-exchange-secmod-cs.c
+++ b/src/util/taler-exchange-secmod-cs.c
@@ -341,9 +341,9 @@ static struct GNUNET_TIME_Timestamp now_tmp;
static char *keydir;
/**
- * Name of the configuration section prefix to use. Usually either "taler" or
+ * Name of the configuration section prefix to use. Usually either
"taler-exchange" or
* "donau". The actual configuration section will then be
- * "$SECTION-exchange-secmod-cs".
+ * "$SECTION-secmod-cs".
*/
static char *section;
@@ -1964,6 +1964,11 @@ parse_denomination_cfg (const struct
GNUNET_CONFIGURATION_Handle *cfg,
const char *ct,
struct Denomination *denom)
{
+ char *secname;
+
+ GNUNET_asprintf (&secname,
+ "%s-secmod-cs",
+ section);
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (cfg,
ct,
@@ -1973,6 +1978,7 @@ parse_denomination_cfg (const struct
GNUNET_CONFIGURATION_Handle *cfg,
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
ct,
"DURATION_WITHDRAW");
+ GNUNET_free (secname);
return GNUNET_SYSERR;
}
if (GNUNET_TIME_relative_cmp (overlap_duration,
@@ -1980,11 +1986,13 @@ parse_denomination_cfg (const struct
GNUNET_CONFIGURATION_Handle *cfg,
denom->duration_withdraw))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
- "taler-exchange-secmod-cs",
+ secname,
"OVERLAP_DURATION",
"Value given must be smaller than value for
DURATION_WITHDRAW!");
+ GNUNET_free (secname);
return GNUNET_SYSERR;
}
+ GNUNET_free (secname);
denom->section = GNUNET_strdup (ct);
return GNUNET_OK;
}
@@ -2099,28 +2107,36 @@ load_denominations (void *cls,
static enum GNUNET_GenericReturnValue
load_durations (const struct GNUNET_CONFIGURATION_Handle *cfg)
{
+ char *secname;
+
+ GNUNET_asprintf (&secname,
+ "%s-secmod-cs",
+ section);
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (cfg,
- "taler-exchange-secmod-cs",
+ secname,
"OVERLAP_DURATION",
&overlap_duration))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "taler-exchange-secmod-cs",
+ secname,
"OVERLAP_DURATION");
+ GNUNET_free (secname);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (cfg,
- "taler-exchange-secmod-cs",
+ secname,
"LOOKAHEAD_SIGN",
&lookahead_sign))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "taler-exchange-secmod-cs",
+ secname,
"LOOKAHEAD_SIGN");
+ GNUNET_free (secname);
return GNUNET_SYSERR;
}
+ GNUNET_free (secname);
return GNUNET_OK;
}
@@ -2180,7 +2196,7 @@ run (void *cls,
now = GNUNET_TIME_timestamp_get ();
}
GNUNET_asprintf (&secname,
- "%s-exchange-secmod-cs",
+ "%s-secmod-cs",
section);
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_filename (cfg,
@@ -2202,9 +2218,17 @@ run (void *cls,
global_ret = EXIT_NOTCONFIGURED;
return;
}
- global_ret = TES_listen_start (cfg,
- "taler-exchange-secmod-cs",
- &cb);
+ {
+ char *secname;
+
+ GNUNET_asprintf (&secname,
+ "%s-secmod-cs",
+ section);
+ global_ret = TES_listen_start (cfg,
+ secname,
+ &cb);
+ GNUNET_free (secname);
+ }
if (0 != global_ret)
return;
sem_init (&worker_sem,
@@ -2300,7 +2324,7 @@ main (int argc,
/* Restrict permissions for the key files that we create. */
(void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
- section = GNUNET_strdup ("taler");
+ section = GNUNET_strdup ("taler-exchange");
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
diff --git a/src/util/taler-exchange-secmod-eddsa.c
b/src/util/taler-exchange-secmod-eddsa.c
index 1be4f7b4..0b95447f 100644
--- a/src/util/taler-exchange-secmod-eddsa.c
+++ b/src/util/taler-exchange-secmod-eddsa.c
@@ -137,9 +137,9 @@ static struct GNUNET_TIME_Timestamp now_tmp;
static char *keydir;
/**
- * Name of the configuration section prefix to use. Usually either "taler" or
+ * Name of the configuration section prefix to use. Usually either
"taler-exchange" or
* "donau". The actual configuration section will then be
- * "$SECTION-exchange-secmod-cs".
+ * "$SECTION-secmod-eddsa".
*/
static char *section;
@@ -998,39 +998,48 @@ import_key (void *cls,
static enum GNUNET_GenericReturnValue
load_durations (const struct GNUNET_CONFIGURATION_Handle *cfg)
{
+ char *secname;
+
+ GNUNET_asprintf (&secname,
+ "%s-secmod-eddsa",
+ section);
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (cfg,
- "taler-exchange-secmod-eddsa",
+ secname,
"OVERLAP_DURATION",
&overlap_duration))
{
+ GNUNET_free (secname);
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "taler-exchange-secmod-eddsa",
+ secname,
"OVERLAP_DURATION");
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (cfg,
- "taler-exchange-secmod-eddsa",
+ secname,
"DURATION",
&duration))
{
+ GNUNET_free (secname);
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "taler-exchange-secmod-eddsa",
+ secname,
"DURATION");
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (cfg,
- "taler-exchange-secmod-eddsa",
+ secname,
"LOOKAHEAD_SIGN",
&lookahead_sign))
{
+ GNUNET_free (secname);
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "taler-exchange-secmod-eddsa",
+ secname,
"LOOKAHEAD_SIGN");
return GNUNET_SYSERR;
}
+ GNUNET_free (secname);
return GNUNET_OK;
}
@@ -1088,7 +1097,7 @@ run (void *cls,
now = GNUNET_TIME_timestamp_get ();
}
GNUNET_asprintf (&secname,
- "%s-exchange-secmod-eddsa",
+ "%s-secmod-eddsa",
section);
if (GNUNET_OK !=
load_durations (cfg))
@@ -1112,9 +1121,17 @@ run (void *cls,
GNUNET_free (secname);
GNUNET_SCHEDULER_add_shutdown (&do_shutdown,
NULL);
- global_ret = TES_listen_start (cfg,
- "taler-exchange-secmod-eddsa",
- &cb);
+ {
+ char *secname;
+
+ GNUNET_asprintf (&secname,
+ "%s-secmod-eddsa",
+ section);
+ global_ret = TES_listen_start (cfg,
+ secname,
+ &cb);
+ GNUNET_free (secname);
+ }
if (0 != global_ret)
return;
/* Load keys */
@@ -1175,7 +1192,7 @@ main (int argc,
/* Restrict permissions for the key files that we create. */
(void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
- section = GNUNET_strdup ("taler");
+ section = GNUNET_strdup ("taler-exchange");
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
diff --git a/src/util/taler-exchange-secmod-rsa.c
b/src/util/taler-exchange-secmod-rsa.c
index 57bf69d0..c80e2e3c 100644
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@@ -308,9 +308,9 @@ static struct GNUNET_TIME_Timestamp now_tmp;
static char *keydir;
/**
- * Name of the configuration section prefix to use. Usually either "taler" or
+ * Name of the configuration section prefix to use. Usually either
"taler-exchange" or
* "donau". The actual configuration section will then be
- * "$SECTION-exchange-secmod-cs".
+ * "$SECTION-secmod-rsa".
*/
static char *section;
@@ -1261,6 +1261,7 @@ create_key (struct Denomination *denom,
struct GNUNET_TIME_Timestamp anchor;
anchor = now;
+ // FIXME: round down to multiple of 'anchor_round' value from configuration
if (NULL != denom->keys_tail)
{
struct GNUNET_TIME_Absolute abs;
@@ -1729,7 +1730,11 @@ parse_denomination_cfg (const struct
GNUNET_CONFIGURATION_Handle *cfg,
struct Denomination *denom)
{
unsigned long long rsa_keysize;
+ char *secname;
+ GNUNET_asprintf (&secname,
+ "%s-secmod-rsa",
+ section);
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (cfg,
ct,
@@ -1739,6 +1744,7 @@ parse_denomination_cfg (const struct
GNUNET_CONFIGURATION_Handle *cfg,
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
ct,
"DURATION_WITHDRAW");
+ GNUNET_free (secname);
return GNUNET_SYSERR;
}
if (GNUNET_TIME_relative_cmp (overlap_duration,
@@ -1746,9 +1752,10 @@ parse_denomination_cfg (const struct
GNUNET_CONFIGURATION_Handle *cfg,
denom->duration_withdraw))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
- "taler-exchange-secmod-rsa",
+ section,
"OVERLAP_DURATION",
"Value given must be smaller than value for
DURATION_WITHDRAW!");
+ GNUNET_free (secname);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
@@ -1760,6 +1767,7 @@ parse_denomination_cfg (const struct
GNUNET_CONFIGURATION_Handle *cfg,
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
ct,
"RSA_KEYSIZE");
+ GNUNET_free (secname);
return GNUNET_SYSERR;
}
if ( (rsa_keysize > 4 * 2048) ||
@@ -1769,8 +1777,10 @@ parse_denomination_cfg (const struct
GNUNET_CONFIGURATION_Handle *cfg,
ct,
"RSA_KEYSIZE",
"Given RSA keysize outside of permitted range
[1024,8192]\n");
+ GNUNET_free (secname);
return GNUNET_SYSERR;
}
+ GNUNET_free (secname);
denom->rsa_keysize = (unsigned int) rsa_keysize;
denom->section = GNUNET_strdup (ct);
return GNUNET_OK;
@@ -1885,28 +1895,36 @@ load_denominations (void *cls,
static enum GNUNET_GenericReturnValue
load_durations (const struct GNUNET_CONFIGURATION_Handle *cfg)
{
+ char *secname;
+
+ GNUNET_asprintf (&secname,
+ "%s-secmod-rsa",
+ section);
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (cfg,
- "taler-exchange-secmod-rsa",
+ secname,
"OVERLAP_DURATION",
&overlap_duration))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "taler-exchange-secmod-rsa",
+ secname,
"OVERLAP_DURATION");
+ GNUNET_free (secname);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (cfg,
- "taler-exchange-secmod-rsa",
+ secname,
"LOOKAHEAD_SIGN",
&lookahead_sign))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "taler-exchange-secmod-rsa",
+ secname,
"LOOKAHEAD_SIGN");
+ GNUNET_free (secname);
return GNUNET_SYSERR;
}
+ GNUNET_free (secname);
return GNUNET_OK;
}
@@ -1966,7 +1984,7 @@ run (void *cls,
now = GNUNET_TIME_timestamp_get ();
}
GNUNET_asprintf (&secname,
- "%s-exchange-secmod-rsa",
+ "%s-secmod-rsa",
section);
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_filename (cfg,
@@ -1988,9 +2006,17 @@ run (void *cls,
global_ret = EXIT_NOTCONFIGURED;
return;
}
- global_ret = TES_listen_start (cfg,
- "taler-exchange-secmod-rsa",
- &cb);
+ {
+ char *secname;
+
+ GNUNET_asprintf (&secname,
+ "%s-secmod-rsa",
+ section);
+ global_ret = TES_listen_start (cfg,
+ secname,
+ &cb);
+ GNUNET_free (secname);
+ }
if (0 != global_ret)
return;
sem_init (&worker_sem,
@@ -2087,7 +2113,7 @@ main (int argc,
/* Restrict permissions for the key files that we create. */
(void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
- section = GNUNET_strdup ("taler");
+ section = GNUNET_strdup ("taler-exchange");
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
diff --git a/src/util/taler-exchange-secmod-rsa.conf
b/src/util/taler-exchange-secmod-rsa.conf
index 7b16ad11..978c4025 100644
--- a/src/util/taler-exchange-secmod-rsa.conf
+++ b/src/util/taler-exchange-secmod-rsa.conf
@@ -5,7 +5,7 @@
# wallets picking one key and then due to network latency
# another key being valid. The DURATION_WITHDRAW period
# must be longer than this value.
-OVERLAP_DURATION = 5 m
+OVERLAP_DURATION = 0 m
# Where do we store the generated private keys.
KEY_DIR = ${TALER_DATA_HOME}exchange-secmod-rsa/keys
@@ -21,3 +21,6 @@ SM_PRIV_KEY =
${TALER_DATA_HOME}exchange-secmod-rsa/secmod-private-key
# For how long into the future do we pre-generate keys?
LOOKAHEAD_SIGN = 1 year
+
+# Round down anchor key start date to multiples of this time.
+ANCHOR_ROUND = 1 ms
\ No newline at end of file
diff --git a/src/util/test_helper_cs.c b/src/util/test_helper_cs.c
index 07e9907b..93562e45 100644
--- a/src/util/test_helper_cs.c
+++ b/src/util/test_helper_cs.c
@@ -970,7 +970,7 @@ par_signing (struct GNUNET_CONFIGURATION_Handle *cfg)
int ret;
dh = TALER_CRYPTO_helper_cs_connect (cfg,
- "taler",
+ "taler-exchange",
&key_cb,
NULL);
GNUNET_assert (NULL != dh);
@@ -1028,7 +1028,7 @@ run_test (void)
nanosleep (&req,
NULL);
dh = TALER_CRYPTO_helper_cs_connect (cfg,
- "taler",
+ "taler-exchange",
&key_cb,
NULL);
if (NULL != dh)
diff --git a/src/util/test_helper_eddsa.c b/src/util/test_helper_eddsa.c
index 4f1f9589..0119e427 100644
--- a/src/util/test_helper_eddsa.c
+++ b/src/util/test_helper_eddsa.c
@@ -365,7 +365,7 @@ par_signing (struct GNUNET_CONFIGURATION_Handle *cfg)
int ret;
esh = TALER_CRYPTO_helper_esign_connect (cfg,
- "taler",
+ "taler-exchange",
&key_cb,
NULL);
if (NULL == esh)
@@ -428,7 +428,7 @@ run_test (void)
nanosleep (&req,
NULL);
esh = TALER_CRYPTO_helper_esign_connect (cfg,
- "taler",
+ "taler-exchange",
&key_cb,
NULL);
if (NULL != esh)
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c
index 2ea16633..2bc15879 100644
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@@ -797,7 +797,7 @@ par_signing (struct GNUNET_CONFIGURATION_Handle *cfg)
int ret;
dh = TALER_CRYPTO_helper_rsa_connect (cfg,
- "taler",
+ "taler-exchange",
&key_cb,
NULL);
GNUNET_assert (NULL != dh);
@@ -856,7 +856,7 @@ run_test (void)
nanosleep (&req,
NULL);
dh = TALER_CRYPTO_helper_rsa_connect (cfg,
- "taler",
+ "taler-exchange",
&key_cb,
NULL);
if (NULL != dh)
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: improve secmod for donau,
gnunet <=