[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: -sketch API for RSA parallel sig
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: -sketch API for RSA parallel signing |
|
Date: |
Mon, 30 May 2022 13:34:42 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 7f902c0f -sketch API for RSA parallel signing
7f902c0f is described below
commit 7f902c0fc9bc7e0832d01169e6f580ab671fbf08
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon May 30 13:34:34 2022 +0200
-sketch API for RSA parallel signing
---
contrib/gana | 2 +-
src/bank-lib/fakebank.c | 12 +++++-
src/exchange/taler-exchange-httpd_keys.c | 36 ++++++++++++------
src/exchange/taler-exchange-wirewatch.c | 18 ++++-----
src/include/taler_crypto_lib.h | 58 +++++++++++++++++++++++++----
src/util/crypto_helper_rsa.c | 24 ++++++++----
src/util/test_helper_rsa.c | 64 +++++++++++++++++++-------------
7 files changed, 150 insertions(+), 64 deletions(-)
diff --git a/contrib/gana b/contrib/gana
index 99d8d9e0..aebd5420 160000
--- a/contrib/gana
+++ b/contrib/gana
@@ -1 +1 @@
-Subproject commit 99d8d9e0336bacebab5af4ae00c3f685ffd90f60
+Subproject commit aebd5420308d7599aadb8818a82d9ffc89492334
diff --git a/src/bank-lib/fakebank.c b/src/bank-lib/fakebank.c
index 66e44e1d..624b4069 100644
--- a/src/bank-lib/fakebank.c
+++ b/src/bank-lib/fakebank.c
@@ -2010,6 +2010,11 @@ handle_debit_history (struct TALER_FAKEBANK_Handle *h,
{
GNUNET_assert (0 ==
pthread_mutex_unlock (&h->big_lock));
+ if (overflow)
+ return TALER_MHD_reply_with_ec (
+ connection,
+ TALER_EC_BANK_ANCIENT_TRANSACTION_GONE,
+ NULL);
return TALER_MHD_REPLY_JSON_PACK (
connection,
MHD_HTTP_OK,
@@ -2213,14 +2218,19 @@ handle_credit_history (struct TALER_FAKEBANK_Handle *h,
if ( (NULL == t) ||
overflow)
{
+ GNUNET_free (credit_payto);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"No transactions available, suspending request\n");
- GNUNET_free (credit_payto);
if (GNUNET_TIME_relative_is_zero (ha.lp_timeout) &&
(0 < ha.delta))
{
GNUNET_assert (0 ==
pthread_mutex_unlock (&h->big_lock));
+ if (overflow)
+ return TALER_MHD_reply_with_ec (
+ connection,
+ TALER_EC_BANK_ANCIENT_TRANSACTION_GONE,
+ NULL);
return TALER_MHD_REPLY_JSON_PACK (connection,
MHD_HTTP_OK,
GNUNET_JSON_pack_array_steal (
diff --git a/src/exchange/taler-exchange-httpd_keys.c
b/src/exchange/taler-exchange-httpd_keys.c
index 0fde1d67..a8ca76da 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -2575,12 +2575,18 @@ TEH_keys_denomination_sign_withdraw (
{
case TALER_DENOMINATION_RSA:
TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_RSA]++;
- return TALER_CRYPTO_helper_rsa_sign (
- ksh->helpers->rsadh,
- &hd->h_details.h_rsa,
- bp->details.rsa_blinded_planchet.blinded_msg,
- bp->details.rsa_blinded_planchet.blinded_msg_size,
- bs);
+ {
+ struct TALER_CRYPTO_RsaSignRequest rsr = {
+ .h_rsa = &hd->h_details.h_rsa,
+ .msg = bp->details.rsa_blinded_planchet.blinded_msg,
+ .msg_size = bp->details.rsa_blinded_planchet.blinded_msg_size
+ };
+
+ return TALER_CRYPTO_helper_rsa_sign (
+ ksh->helpers->rsadh,
+ &rsr,
+ bs);
+ }
case TALER_DENOMINATION_CS:
TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_CS]++;
return TALER_CRYPTO_helper_cs_sign_withdraw (
@@ -2616,12 +2622,18 @@ TEH_keys_denomination_sign_melt (
{
case TALER_DENOMINATION_RSA:
TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_RSA]++;
- return TALER_CRYPTO_helper_rsa_sign (
- ksh->helpers->rsadh,
- &hd->h_details.h_rsa,
- bp->details.rsa_blinded_planchet.blinded_msg,
- bp->details.rsa_blinded_planchet.blinded_msg_size,
- bs);
+ {
+ struct TALER_CRYPTO_RsaSignRequest rsr = {
+ .h_rsa = &hd->h_details.h_rsa,
+ .msg = bp->details.rsa_blinded_planchet.blinded_msg,
+ .msg_size = bp->details.rsa_blinded_planchet.blinded_msg_size
+ };
+
+ return TALER_CRYPTO_helper_rsa_sign (
+ ksh->helpers->rsadh,
+ &rsr,
+ bs);
+ }
case TALER_DENOMINATION_CS:
TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_CS]++;
return TALER_CRYPTO_helper_cs_sign_melt (
diff --git a/src/exchange/taler-exchange-wirewatch.c
b/src/exchange/taler-exchange-wirewatch.c
index 7a17239d..342068ca 100644
--- a/src/exchange/taler-exchange-wirewatch.c
+++ b/src/exchange/taler-exchange-wirewatch.c
@@ -623,17 +623,15 @@ history_cb (void *cls,
if (NULL == details)
{
wa->hh = NULL;
- if (TALER_EC_NONE != ec)
+ if ( (TALER_EC_NONE != ec) ||
+ (MHD_HTTP_OK != http_status) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Error fetching history: ec=%u, http_status=%u\n",
- (unsigned int) ec,
+ "Error fetching history: %s (%u)\n",
+ TALER_ErrorCode_get_hint (ec),
http_status);
- }
- else
- {
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "History response complete\n");
+ GNUNET_SCHEDULER_shutdown ();
+ return GNUNET_OK;
}
if (wa->started_transaction)
{
@@ -656,6 +654,8 @@ history_cb (void *cls,
GNUNET_SCHEDULER_shutdown ();
return GNUNET_OK;
}
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "No transactions in history response, moving on.\n");
account_completed (wa);
return GNUNET_OK; /* will be ignored anyway */
}
@@ -831,7 +831,7 @@ lock_shard (void *cls)
return;
}
if (wa->shard_open)
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Shard not completed in time, will try to re-acquire\n");
/* How long we lock a shard depends on the number of
workers expected, and how long we usually took to
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 5cc28db0..c4c439af 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -2326,8 +2326,30 @@ TALER_CRYPTO_helper_rsa_poll (struct
TALER_CRYPTO_RsaDenominationHelper *dh);
/**
- * Request helper @a dh to sign @a msg using the public key corresponding to
- * @a h_denom_pub.
+ * Information needed for an RSA signature request.
+ */
+struct TALER_CRYPTO_RsaSignRequest
+{
+ /**
+ * Hash of the RSA public key.
+ */
+ const struct TALER_RsaPubHashP *h_rsa;
+
+ /**
+ * Message to be (blindly) signed.
+ */
+ const void *msg;
+
+ /**
+ * Number of bytes in @e msg.
+ */
+ size_t msg_size;
+};
+
+
+/**
+ * Request helper @a dh to sign message in @a rsr using the public key
+ * corresponding to the key in @a rsr.
*
* This operation will block until the signature has been obtained. Should
* this process receive a signal (that is not ignored) while the operation is
@@ -2336,21 +2358,41 @@ TALER_CRYPTO_helper_rsa_poll (struct
TALER_CRYPTO_RsaDenominationHelper *dh);
* differences in the signature counters. Retrying in this case may work.
*
* @param dh helper process connection
- * @param h_rsa hash of the RSA public key to use to sign
- * @param msg message to sign
- * @param msg_size number of bytes in @a msg
+ * @param rsr details about the requested signature
* @param[out] bs set to the blind signature
* @return #TALER_EC_NONE on success
*/
enum TALER_ErrorCode
TALER_CRYPTO_helper_rsa_sign (
struct TALER_CRYPTO_RsaDenominationHelper *dh,
- const struct TALER_RsaPubHashP *h_rsa,
- const void *msg,
- size_t msg_size,
+ const struct TALER_CRYPTO_RsaSignRequest *rsr,
struct TALER_BlindedDenominationSignature *bs);
+/**
+ * Request helper @a dh to batch sign messages in @a rsrs using the public key
+ * corresponding to the keys in @a rsrs.
+ *
+ * This operation will block until all the signatures have been obtained.
Should
+ * this process receive a signal (that is not ignored) while the operation is
+ * pending, the operation will fail. Note that the helper may still believe
+ * that it created the signature. Thus, signals may result in a small
+ * differences in the signature counters. Retrying in this case may work.
+ *
+ * @param dh helper process connection
+ * @param rsrs array with details about the requested signatures
+ * @param rsrs_length length of the @a rsrs array
+ * @param[out] bss array set to the blind signatures, must be of length @a
rsrs_length!
+ * @return #TALER_EC_NONE on success
+ */
+enum TALER_ErrorCode
+TALER_CRYPTO_helper_rsa_batch_sign (
+ struct TALER_CRYPTO_RsaDenominationHelper *dh,
+ const struct TALER_CRYPTO_RsaSignRequest *rsrs,
+ unsigned int rsrs_length,
+ struct TALER_BlindedDenominationSignature *bss);
+
+
/**
* Ask the helper to revoke the public key associated with @a h_denom_pub.
* Will cause the helper to tell all clients that the key is now unavailable,
diff --git a/src/util/crypto_helper_rsa.c b/src/util/crypto_helper_rsa.c
index d3f498c0..9491b07c 100644
--- a/src/util/crypto_helper_rsa.c
+++ b/src/util/crypto_helper_rsa.c
@@ -390,9 +390,7 @@ more:
enum TALER_ErrorCode
TALER_CRYPTO_helper_rsa_sign (
struct TALER_CRYPTO_RsaDenominationHelper *dh,
- const struct TALER_RsaPubHashP *h_rsa,
- const void *msg,
- size_t msg_size,
+ const struct TALER_CRYPTO_RsaSignRequest *rsr,
struct TALER_BlindedDenominationSignature *bs)
{
enum TALER_ErrorCode ec = TALER_EC_INVALID;
@@ -411,17 +409,17 @@ TALER_CRYPTO_helper_rsa_sign (
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Requesting signature\n");
{
- char buf[sizeof (struct TALER_CRYPTO_SignRequest) + msg_size];
+ char buf[sizeof (struct TALER_CRYPTO_SignRequest) + rsr->msg_size];
struct TALER_CRYPTO_SignRequest *sr
= (struct TALER_CRYPTO_SignRequest *) buf;
sr->header.size = htons (sizeof (buf));
sr->header.type = htons (TALER_HELPER_RSA_MT_REQ_SIGN);
sr->reserved = htonl (0);
- sr->h_rsa = *h_rsa;
+ sr->h_rsa = *rsr->h_rsa;
memcpy (&sr[1],
- msg,
- msg_size);
+ rsr->msg,
+ rsr->msg_size);
if (GNUNET_OK !=
TALER_crypto_helper_send_all (dh->sock,
buf,
@@ -596,6 +594,18 @@ end:
}
+enum TALER_ErrorCode
+TALER_CRYPTO_helper_rsa_batch_sign (
+ struct TALER_CRYPTO_RsaDenominationHelper *dh,
+ const struct TALER_CRYPTO_RsaSignRequest *rsrs,
+ unsigned int rsrs_length,
+ struct TALER_BlindedDenominationSignature *bss)
+{
+ GNUNET_break (0);
+ return -1; /* FIXME: NOT IMPLEMENTED! */
+}
+
+
void
TALER_CRYPTO_helper_rsa_revoke (
struct TALER_CRYPTO_RsaDenominationHelper *dh,
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c
index eaf43622..3f3eafdd 100644
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@@ -292,8 +292,9 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh)
if (TALER_DENOMINATION_RSA != keys[i].denom_pub.cipher)
continue;
{
- struct TALER_PlanchetDetail pd;
- pd.blinded_planchet.cipher = TALER_DENOMINATION_RSA;
+ struct TALER_PlanchetDetail pd = {
+ .blinded_planchet.cipher = TALER_DENOMINATION_RSA
+ };
GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[i].denom_pub,
@@ -303,19 +304,23 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper
*dh)
&ach,
&c_hash,
&pd));
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Requesting signature over %u bytes with key %s\n",
- (unsigned
- int) pd.blinded_planchet.details.rsa_blinded_planchet.
- blinded_msg_size,
- GNUNET_h2s (&keys[i].h_rsa.hash));
- ec = TALER_CRYPTO_helper_rsa_sign (dh,
- &keys[i].h_rsa,
- pd.blinded_planchet.details.
- rsa_blinded_planchet.blinded_msg,
- pd.blinded_planchet.details.
- rsa_blinded_planchet.blinded_msg_size,
- &ds);
+ {
+ struct TALER_CRYPTO_RsaSignRequest rsr = {
+ .h_rsa = &keys[i].h_rsa,
+ .msg =
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg,
+ .msg_size =
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size
+ };
+
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Requesting signature over %u bytes with key %s\n",
+ (unsigned int) rsr.msg_size,
+ GNUNET_h2s (&rsr.h_rsa->hash));
+ ec = TALER_CRYPTO_helper_rsa_sign (dh,
+ &rsr,
+ &ds);
+ }
TALER_blinded_planchet_free (&pd.blinded_planchet);
}
switch (ec)
@@ -391,8 +396,10 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper
*dh)
default:
/* unexpected error */
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unexpected error %d\n",
- ec);
+ "Unexpected error %d at %s:%u\n",
+ ec,
+ __FILE__,
+ __LINE__);
return 7;
}
}
@@ -406,14 +413,17 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper
*dh)
/* check signing does not work if the key is unknown */
{
struct TALER_RsaPubHashP rnd;
+ struct TALER_CRYPTO_RsaSignRequest rsr = {
+ .h_rsa = &rnd,
+ .msg = "Hello",
+ .msg_size = strlen ("Hello")
+ };
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&rnd,
sizeof (rnd));
ec = TALER_CRYPTO_helper_rsa_sign (dh,
- &rnd,
- "Hello",
- strlen ("Hello"),
+ &rsr,
&ds);
if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec)
{
@@ -493,14 +503,16 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper
*dh,
{
struct GNUNET_TIME_Absolute start = GNUNET_TIME_absolute_get ();
struct GNUNET_TIME_Relative delay;
+ struct TALER_CRYPTO_RsaSignRequest rsr = {
+ .h_rsa = &keys[i].h_rsa,
+ .msg =
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg,
+ .msg_size =
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size
+ };
ec = TALER_CRYPTO_helper_rsa_sign (dh,
- &keys[i].h_rsa,
- pd.blinded_planchet.details.
- rsa_blinded_planchet.blinded_msg,
- pd.blinded_planchet.details.
- rsa_blinded_planchet.
- blinded_msg_size,
+ &rsr,
&ds);
if (TALER_EC_NONE != ec)
break;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: -sketch API for RSA parallel signing,
gnunet <=