commit c74d84c38b6c242559b0861a772c2ffced9f077b
parent 286562c7fbea74d3d62c65973ae726d9aa4bff05
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 16 Mar 2026 01:21:05 +0100
update Anastasis to latest GNUnet API
Diffstat:
5 files changed, 117 insertions(+), 93 deletions(-)
diff --git a/src/authorization/anastasis_authorization_plugin_email.c b/src/authorization/anastasis_authorization_plugin_email.c
@@ -100,7 +100,7 @@ struct ANASTASIS_AUTHORIZATION_State
/**
* Handle to the helper process.
*/
- struct GNUNET_OS_Process *child;
+ struct GNUNET_Process *child;
/**
* Handle to wait for @e child
@@ -299,7 +299,7 @@ email_done_cb (void *cls,
as->cwh = NULL;
if (NULL != as->child)
{
- GNUNET_OS_process_destroy (as->child);
+ GNUNET_process_destroy (as->child);
as->child = NULL;
}
as->pst = type;
@@ -352,16 +352,23 @@ email_challenge (struct ANASTASIS_AUTHORIZATION_State *as,
return ANASTASIS_AUTHORIZATION_CRES_FAILED_REPLY_FAILED;
return ANASTASIS_AUTHORIZATION_CRES_FAILED;
}
- as->child = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_ERR,
- p,
- NULL,
- NULL,
+ as->child = GNUNET_process_create ();
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_process_set_options (
+ as->child,
+ GNUNET_process_option_inherit_rpipe (p,
+ STDIN_FILENO)));
+ if ( (GNUNET_OK !=
+ GNUNET_process_set_command_va (as->child,
as->ctx->auth_command,
as->ctx->auth_command,
as->email,
- NULL);
- if (NULL == as->child)
+ NULL)) ||
+ (GNUNET_OK !=
+ GNUNET_process_start (as->child)) )
{
+ GNUNET_process_destroy (as->child);
+ as->child = NULL;
GNUNET_DISK_pipe_close (p);
mres = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
@@ -516,10 +523,15 @@ email_cleanup (struct ANASTASIS_AUTHORIZATION_State *as)
}
if (NULL != as->child)
{
- (void) GNUNET_OS_process_kill (as->child,
- SIGKILL);
GNUNET_break (GNUNET_OK ==
- GNUNET_OS_process_wait (as->child));
+ GNUNET_process_kill (as->child,
+ SIGKILL));
+ GNUNET_break (GNUNET_OK ==
+ GNUNET_process_wait (as->child,
+ true,
+ NULL,
+ NULL));
+ GNUNET_process_destroy (as->child);
as->child = NULL;
}
GNUNET_free (as->msg);
diff --git a/src/authorization/anastasis_authorization_plugin_post.c b/src/authorization/anastasis_authorization_plugin_post.c
@@ -96,7 +96,7 @@ struct ANASTASIS_AUTHORIZATION_State
/**
* Handle to the helper process.
*/
- struct GNUNET_OS_Process *child;
+ struct GNUNET_Process *child;
/**
* Handle to wait for @e child
@@ -337,7 +337,7 @@ post_done_cb (void *cls,
as->cwh = NULL;
if (NULL != as->child)
{
- GNUNET_OS_process_destroy (as->child);
+ GNUNET_process_destroy (as->child);
as->child = NULL;
}
as->pst = type;
@@ -422,10 +422,14 @@ post_challenge (struct ANASTASIS_AUTHORIZATION_State *as,
return ANASTASIS_AUTHORIZATION_CRES_FAILED_REPLY_FAILED;
return ANASTASIS_AUTHORIZATION_CRES_FAILED;
}
- as->child = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_ERR,
- p,
- NULL,
- NULL,
+ as->child = GNUNET_process_create ();
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_process_set_options (
+ as->child,
+ GNUNET_process_option_inherit_rpipe (p,
+ STDIN_FILENO)));
+ if ( (GNUNET_OK !=
+ GNUNET_process_set_command_va (as->child,
as->ctx->auth_command,
as->ctx->auth_command,
name,
@@ -433,9 +437,12 @@ post_challenge (struct ANASTASIS_AUTHORIZATION_State *as,
city,
zip,
country,
- NULL);
- if (NULL == as->child)
+ NULL)) ||
+ (GNUNET_OK !=
+ GNUNET_process_start (as->child)) )
{
+ GNUNET_process_destroy (as->child);
+ as->child = NULL;
GNUNET_DISK_pipe_close (p);
mres = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
@@ -571,10 +578,15 @@ post_cleanup (struct ANASTASIS_AUTHORIZATION_State *as)
}
if (NULL != as->child)
{
- (void) GNUNET_OS_process_kill (as->child,
- SIGKILL);
GNUNET_break (GNUNET_OK ==
- GNUNET_OS_process_wait (as->child));
+ GNUNET_process_kill (as->child,
+ SIGKILL));
+ GNUNET_break (GNUNET_OK ==
+ GNUNET_process_wait (as->child,
+ true,
+ NULL,
+ NULL));
+ GNUNET_process_destroy (as->child);
as->child = NULL;
}
GNUNET_free (as->msg);
diff --git a/src/authorization/anastasis_authorization_plugin_sms.c b/src/authorization/anastasis_authorization_plugin_sms.c
@@ -99,7 +99,7 @@ struct ANASTASIS_AUTHORIZATION_State
/**
* Handle to the helper process.
*/
- struct GNUNET_OS_Process *child;
+ struct GNUNET_Process *child;
/**
* Handle to wait for @e child
@@ -298,7 +298,7 @@ sms_done_cb (void *cls,
as->cwh = NULL;
if (NULL != as->child)
{
- GNUNET_OS_process_destroy (as->child);
+ GNUNET_process_destroy (as->child);
as->child = NULL;
}
as->pst = type;
@@ -351,16 +351,23 @@ sms_challenge (struct ANASTASIS_AUTHORIZATION_State *as,
return ANASTASIS_AUTHORIZATION_CRES_FAILED_REPLY_FAILED;
return ANASTASIS_AUTHORIZATION_CRES_FAILED;
}
- as->child = GNUNET_OS_start_process (GNUNET_OS_INHERIT_STD_ERR,
- p,
- NULL,
- NULL,
+ as->child = GNUNET_process_create ();
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_process_set_options (
+ as->child,
+ GNUNET_process_option_inherit_rpipe (p,
+ STDIN_FILENO)));
+ if ( (GNUNET_OK !=
+ GNUNET_process_set_command_va (as->child,
as->ctx->auth_command,
as->ctx->auth_command,
as->phone_number,
- NULL);
- if (NULL == as->child)
+ NULL)) ||
+ (GNUNET_OK !=
+ GNUNET_process_start (as->child)) )
{
+ GNUNET_process_destroy (as->child);
+ as->child = NULL;
GNUNET_DISK_pipe_close (p);
mres = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
@@ -506,10 +513,15 @@ sms_cleanup (struct ANASTASIS_AUTHORIZATION_State *as)
}
if (NULL != as->child)
{
- (void) GNUNET_OS_process_kill (as->child,
- SIGKILL);
GNUNET_break (GNUNET_OK ==
- GNUNET_OS_process_wait (as->child));
+ GNUNET_process_kill (as->child,
+ SIGKILL));
+ GNUNET_break (GNUNET_OK ==
+ GNUNET_process_wait (as->child,
+ true,
+ NULL,
+ NULL));
+ GNUNET_process_destroy (as->child);
as->child = NULL;
}
GNUNET_free (as->msg);
diff --git a/src/backend/anastasis-httpd.c b/src/backend/anastasis-httpd.c
@@ -770,14 +770,13 @@ run (void *cls,
return;
}
GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (&AH_provider_salt,
- sizeof (AH_provider_salt),
- "anastasis-provider-salt",
- strlen ("anastasis-provider-salt"),
- provider_salt,
- strlen (provider_salt),
- NULL,
- 0));
+ GNUNET_CRYPTO_hkdf_gnunet (&AH_provider_salt,
+ sizeof (AH_provider_salt),
+ "anastasis-provider-salt",
+ strlen ("anastasis-provider-salt")
+ ,
+ provider_salt,
+ strlen (provider_salt)));
GNUNET_free (provider_salt);
}
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
@@ -62,7 +62,7 @@ ANASTASIS_CRYPTO_secure_answer_hash (
strlen (answer),
&pow);
GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (
+ GNUNET_CRYPTO_hkdf_gnunet (
result,
sizeof (*result),
/* salt / XTS */
@@ -71,11 +71,8 @@ ANASTASIS_CRYPTO_secure_answer_hash (
/* skm */
&pow,
sizeof (pow),
- /* info chunks */
- "anastasis-secure-question-hashing",
- strlen ("anastasis-secure-question-hashing"),
- NULL,
- 0));
+ GNUNET_CRYPTO_kdf_arg_string (
+ "anastasis-secure-question-hashing")));
}
@@ -96,22 +93,20 @@ derive_key (const void *key_material,
struct ANASTASIS_CRYPTO_SymKeyP *key)
{
GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (key,
- sizeof (*key),
- /* salt / XTS */
- nonce,
- sizeof (*nonce),
- /* ikm */
- key_material,
- key_m_len,
- /* info chunks */
- /* The "salt" passed here is actually not something random,
- but a protocol-specific identifier string. Thus
- we pass it as a context info to the HKDF */
- salt,
- strlen (salt),
- NULL,
- 0));
+ GNUNET_CRYPTO_hkdf_gnunet (
+ key,
+ sizeof (*key),
+ /* salt / XTS */
+ nonce,
+ sizeof (*nonce),
+ /* ikm */
+ key_material,
+ key_m_len,
+ /* info chunks */
+ /* The "salt" passed here is actually not something random,
+ but a protocol-specific identifier string. Thus
+ we pass it as a context info to the HKDF */
+ GNUNET_CRYPTO_kdf_arg_auto (salt)));
}
@@ -240,24 +235,18 @@ ANASTASIS_CRYPTO_account_private_key_derive (
struct ANASTASIS_CRYPTO_AccountPrivateKeyP *priv_key)
{
/* priv_key = ver_secret */
- if (GNUNET_YES !=
- GNUNET_CRYPTO_kdf (&priv_key->priv,
- sizeof (priv_key->priv),
- /* salt / XTS */
- NULL,
- 0,
- /* ikm */
- id,
- sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP),
- /* context chunks */
- "ver",
- strlen ("ver"),
- NULL,
- 0))
- {
- GNUNET_break (0);
- return;
- }
+ GNUNET_assert (GNUNET_YES !=
+ GNUNET_CRYPTO_hkdf_gnunet (
+ &priv_key->priv,
+ sizeof (priv_key->priv),
+ /* salt / XTS */
+ NULL,
+ 0,
+ /* ikm */
+ id,
+ sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP),
+ /* context chunks */
+ GNUNET_CRYPTO_kdf_arg_string ("ver")));
}
@@ -439,18 +428,18 @@ ANASTASIS_CRYPTO_policy_key_derive (
struct ANASTASIS_CRYPTO_PolicyKeyP *policy_key)
{
GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_kdf (policy_key,
- sizeof (*policy_key),
- /* salt / XTS */
- salt,
- sizeof (*salt),
- /* ikm */
- key_shares,
- keyshare_length * sizeof (*key_shares),
- /* info chunks */
- "anastasis-policy-key-derive",
- strlen ("anastasis-policy-key-derive"),
- NULL, 0));
+ GNUNET_CRYPTO_hkdf_gnunet (
+ policy_key,
+ sizeof (*policy_key),
+ /* salt / XTS */
+ salt,
+ sizeof (*salt),
+ /* ikm */
+ key_shares,
+ keyshare_length * sizeof (*key_shares),
+ /* info chunks */
+ GNUNET_CRYPTO_kdf_arg_string (
+ "anastasis-policy-key-derive")));
}
