Line data    Source code

       1             : /*
       2             :   This file is part of TALER
       3             :   Copyright (C) 2014-2024 Taler Systems SA
       4             : 
       5             :   TALER is free software; you can redistribute it and/or modify it under the
       6             :   terms of the GNU General Public License as published by the Free Software
       7             :   Foundation; either version 3, or (at your option) any later version.
       8             : 
       9             :   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
      10             :   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
      11             :   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
      12             : 
      13             :   You should have received a copy of the GNU General Public License along with
      14             :   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
      15             : */
      16             : /**
      17             :  * @file util/taler-exchange-secmod-eddsa.c
      18             :  * @brief Standalone process to perform private key EDDSA operations
      19             :  * @author Christian Grothoff
      20             :  *
      21             :  * Key design points:
      22             :  * - EVERY thread of the exchange will have its own pair of connections to the
      23             :  *   crypto helpers.  This way, every threat will also have its own /keys state
      24             :  *   and avoid the need to synchronize on those.
      25             :  * - auditor signatures and master signatures are to be kept in the exchange DB,
      26             :  *   and merged with the public keys of the helper by the exchange HTTPD!
      27             :  * - the main loop of the helper is SINGLE-THREADED, but there are
      28             :  *   threads for crypto-workers which (only) do the signing in parallel,
      29             :  *   one per client.
      30             :  * - thread-safety: signing happens in parallel, thus when REMOVING private keys,
      31             :  *   we must ensure that all signers are done before we fully free() the
      32             :  *   private key. This is done by reference counting (as work is always
      33             :  *   assigned and collected by the main thread).
      34             :  */
      35             : #include "platform.h"
      36             : #include "taler_util.h"
      37             : 
      38             : 
      39             : /**
      40             :  * The entry point.
      41             :  *
      42             :  * @param argc number of arguments in @a argv
      43             :  * @param argv command-line arguments
      44             :  * @return 0 on normal termination
      45             :  */
      46             : int
      47          20 : main (int argc,
      48             :       char **argv)
      49             : {
      50          20 :   struct TALER_SECMOD_Options opts = {
      51             :     .max_workers = 16,
      52             :     .section = "taler-exchange"
      53             :   };
      54          20 :   struct GNUNET_GETOPT_CommandLineOption options[] = {
      55          20 :     TALER_SECMOD_OPTIONS (&opts),
      56             :     GNUNET_GETOPT_OPTION_END
      57             :   };
      58             :   enum GNUNET_GenericReturnValue ret;
      59             : 
      60             :   /* Restrict permissions for the key files that we create. */
      61          20 :   (void) umask (S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
      62             :   opts.global_now_tmp
      63          20 :     = opts.global_now = GNUNET_TIME_timestamp_get ();
      64          20 :   ret = GNUNET_PROGRAM_run (TALER_EXCHANGE_project_data (),
      65             :                             argc,
      66             :                             argv,
      67             :                             "taler-exchange-secmod-eddsa",
      68             :                             "Handle private EDDSA key operations for a Taler exchange",
      69             :                             options,
      70             :                             &TALER_SECMOD_eddsa_run,
      71             :                             &opts);
      72          20 :   if (GNUNET_NO == ret)
      73           0 :     return EXIT_SUCCESS;
      74          20 :   if (GNUNET_SYSERR == ret)
      75           0 :     return EXIT_INVALIDARGUMENT;
      76          20 :   return opts.global_ret;
      77             : }