diff options
| -rw-r--r-- | contrib/auditor-report.tex.j2 | 35 | ||||
| -rw-r--r-- | src/auditor/taler-helper-auditor-aggregation.c | 11 | ||||
| -rw-r--r-- | src/auditor/taler-helper-auditor-coins.c | 11 | ||||
| -rwxr-xr-x | src/auditor/test-auditor.sh | 48 |
4 files changed, 60 insertions, 45 deletions
diff --git a/contrib/auditor-report.tex.j2 b/contrib/auditor-report.tex.j2 index 16b53e20..4d01f2f5 100644 --- a/contrib/auditor-report.tex.j2 +++ b/contrib/auditor-report.tex.j2 @@ -707,31 +707,23 @@ This section lists operations that the exchange performed, but for which the signatures provided are invalid. Hence the operations were invalid and the amount involved should be considered lost. -The key given is always the key for which the signature verification -step failed. This is the reserve public key for ``withdraw'' -operations, the coin public key for ``deposit'' and ``melt'' -operations, the merchant's public key for ``melt'' operations, -the (hash of the) denomination public key for -``recoup-verify'' and ``deposit-verify'' operations, and the master -public key for ``recoup-master'' operations. - -\subsubsection{For aggregations} +\subsubsection{For aggregation} -% Table generation tested by testcase #XX in test-auditor.sh +% Table generation tested by testcase #32 in test-auditor.sh {% if aggregation.bad_sig_losses|length() == 0 %} {\bf All signatures were valid.} {% else %} \begin{longtable}{l|r|r} - \multicolumn{3}{l}{ {\bf Public key} }\\ + \multicolumn{3}{l}{ {\bf Coin public key} }\\ {\bf Operation type} & Database row & {\bf Loss amount} \\ \hline \hline \endfirsthead - \multicolumn{3}{l}{ {\bf Public key} }\\ + \multicolumn{3}{l}{ {\bf Coin public key} }\\ {\bf Operation type} & Database row & {\bf Loss amount} \\ \hline \hline \endhead \hline \hline - \multicolumn{3}{l}{ {\bf Public key} }\\ + \multicolumn{3}{l}{ {\bf Coin public key} }\\ {\bf Operation type} & Database row & {\bf Loss amount} \\ \endfoot \hline @@ -741,7 +733,7 @@ public key for ``recoup-master'' operations. \label{table:bad_signature_losses} \endlastfoot {% for item in aggregation.bad_sig_losses %} - \multicolumn{3}{l}{ {\tt \small \truncate{0.9\textwidth}{ {{ item.key_pub }} } } } \\ + \multicolumn{3}{l}{ {\tt \small \truncate{0.9\textwidth}{ {{ item.coin_pub }} } } } \\ \nopagebreak {{ item.operation }} & {{ item.row }} & @@ -759,15 +751,15 @@ public key for ``recoup-master'' operations. {\bf All signatures were valid.} {% else %} \begin{longtable}{l|r|r} - \multicolumn{3}{l}{ {\bf Public key} }\\ + \multicolumn{3}{l}{ {\bf Coin public key} }\\ {\bf Operation type} & Database row & {\bf Loss amount} \\ \hline \hline \endfirsthead - \multicolumn{3}{l}{ {\bf Public key} }\\ + \multicolumn{3}{l}{ {\bf Coin public key} }\\ {\bf Operation type} & Database row & {\bf Loss amount} \\ \hline \hline \endhead \hline \hline - \multicolumn{3}{l}{ {\bf Public key} }\\ + \multicolumn{3}{l}{ {\bf Coin public key} }\\ {\bf Operation type} & Database row & {\bf Loss amount} \\ \endfoot \hline @@ -790,6 +782,13 @@ public key for ``recoup-master'' operations. % Table generation tested by testcase #7 in test-auditor.sh +The key given is always the key for which the signature verification step +failed. This is the reserve public key for ``withdraw'' operations, the coin +public key for ``recoup'' operations, and the master public key for +``recoup-master'' operations (where the master's signature on the revocation +is invalid). + + {% if reserves.bad_sig_losses|length() == 0 %} {\bf All signatures were valid.} {% else %} @@ -1140,7 +1139,7 @@ with respect to what wire fee it charges at what time. This section describes issues found that do not have a clear financial impact. -\subsubsection{For aggregations} +\subsubsection{For aggregation} % Table generation tested by testcase #15/#25 in test-auditor.sh diff --git a/src/auditor/taler-helper-auditor-aggregation.c b/src/auditor/taler-helper-auditor-aggregation.c index a26cf5dc..e0fe1e2c 100644 --- a/src/auditor/taler-helper-auditor-aggregation.c +++ b/src/auditor/taler-helper-auditor-aggregation.c @@ -845,6 +845,9 @@ wire_transfer_information_cb ( wcc->qs = qs; return; } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Testing coin `%s' for validity\n", + TALER_B2S (&coin.coin_pub)); if (GNUNET_OK != TALER_test_coin_valid (&coin, denom_pub)) @@ -854,8 +857,8 @@ wire_transfer_information_cb ( "operation", "wire", "row", (json_int_t) rowid, "loss", TALER_JSON_from_amount (coin_value), - "key_pub", GNUNET_JSON_from_data_auto ( - &issue->denom_hash))); + "coin_pub", GNUNET_JSON_from_data_auto ( + &coin.coin_pub))); GNUNET_assert (GNUNET_OK == TALER_amount_add (&total_bad_sig_loss, &total_bad_sig_loss, @@ -1490,10 +1493,10 @@ run (void *cls, "total_wire_out_delta_minus", TALER_JSON_from_amount ( &total_wire_out_delta_minus), - /* Tested in test-auditor.sh #28 */ + /* Tested in test-auditor.sh #28/32 */ "bad_sig_losses", report_bad_sig_losses, - /* Tested in test-auditor.sh #28 */ + /* Tested in test-auditor.sh #28/32 */ "total_bad_sig_loss", TALER_JSON_from_amount (&total_bad_sig_loss), /* block #2 */ diff --git a/src/auditor/taler-helper-auditor-coins.c b/src/auditor/taler-helper-auditor-coins.c index b292da8b..8cf8ce5b 100644 --- a/src/auditor/taler-helper-auditor-coins.c +++ b/src/auditor/taler-helper-auditor-coins.c @@ -31,14 +31,11 @@ #include "report-lib.h" /** - * How many coin histories do we keep in RAM at any given point in - * time? Used bound memory consumption of the auditor. Larger values - * reduce database accesses. - * - * Set to a VERY low value here for testing. Practical values may be - * in the millions. + * How many coin histories do we keep in RAM at any given point in time? + * Expect a few kB per coin history to be used. Used bound memory consumption + * of the auditor. Larger values reduce database accesses. */ -#define MAX_COIN_HISTORIES 4 +#define MAX_COIN_HISTORIES (16 * 1024 * 1024) /** * Use a 1 day grace period to deal with clocks not being perfectly synchronized. diff --git a/src/auditor/test-auditor.sh b/src/auditor/test-auditor.sh index c32cab44..b1be12d2 100755 --- a/src/auditor/test-auditor.sh +++ b/src/auditor/test-auditor.sh @@ -9,7 +9,7 @@ set -eu # Set of numbers for all the testcases. # When adding new tests, increase the last number: -ALL_TESTS=`seq 0 31` +ALL_TESTS=`seq 0 32` # $TESTS determines which tests we should run. # This construction is used to make it easy to @@ -60,7 +60,6 @@ function pre_audit () { exit_skip "Failed to launch bank" fi echo " DONE" - if test ${1:-no} = "aggregator" then echo -n "Running exchange aggregator ..." @@ -1595,6 +1594,7 @@ then run_audit aggregator + echo -n "Testing inconsistency detection... " ROW=`jq -e .bad_sig_losses[0].row < test-audit-aggregation.json` if test $ROW != "1" then @@ -1624,6 +1624,7 @@ then exit_fail "Wrong total bad sig loss, got $LOSS" fi + echo "OK" # cannot easily undo aggregator, hence full reload full_reload @@ -1643,6 +1644,7 @@ echo "UPDATE auditor_denominations SET fee_withdraw_frac=5000000 WHERE coin_val= run_audit +echo -n "Testing inconsistency detection... " AMOUNT=`jq -r .total_balance_summary_delta_plus < test-audit-reserves.json` if test "x$AMOUNT" == "xTESTKUDOS:0" then @@ -1654,7 +1656,7 @@ if test "x$PROFIT" != "x-1" then exit_fail "Reported wrong profitability: $PROFIT" fi - +echo "OK" # Undo echo "UPDATE auditor_denominations SET fee_withdraw_frac=2000000 WHERE coin_val=1;" | psql -Aqt $DB @@ -1669,7 +1671,7 @@ echo "===========30: melt fee inconsistency =================" echo "UPDATE auditor_denominations SET fee_refresh_frac=5000000 WHERE coin_val=10;" | psql -Aqt $DB run_audit - +echo -n "Testing inconsistency detection... " AMOUNT=`jq -r .bad_sig_losses[0].loss < test-audit-coins.json` if test "x$AMOUNT" == "xTESTKUDOS:0" then @@ -1683,7 +1685,7 @@ then fi jq -e .emergencies[0] < test-audit-coins.json > /dev/null && exit_fail "Unexpected emergency detected in ordinary run" - +echo "OK" # Undo echo "UPDATE auditor_denominations SET fee_refresh_frac=3000000 WHERE coin_val=1;" | psql -Aqt $DB @@ -1705,8 +1707,8 @@ then echo "UPDATE auditor_denominations SET fee_deposit_frac=5000000 WHERE coin_val=8;" | psql -Aqt $DB - run_audit aggregation - + run_audit aggregator + echo -n "Testing inconsistency detection... " AMOUNT=`jq -r .total_bad_sig_loss < test-audit-coins.json` if test "x$AMOUNT" == "xTESTKUDOS:0" then @@ -1714,11 +1716,12 @@ then fi OP=`jq -r .bad_sig_losses[0].operation < test-audit-coins.json` - if test "x$OP" == "xdeposit" + if test "x$OP" != "xdeposit" then exit_fail "Reported wrong operation: $OP" fi + echo "OK" # Undo echo "UPDATE auditor_denominations SET fee_deposit_frac=2000000 WHERE coin_val=8;" | psql -Aqt $DB @@ -1744,16 +1747,30 @@ then echo "===========32: known_coins signature wrong w. aggregation=================" # Modify denom_sig, so it is wrong - OLD_SIG=`echo 'SELECT denom_sig FROM known_coins LIMIT 1;' | psql $DB -Aqt` - COIN_PUB=`echo "SELECT coin_pub FROM known_coins WHERE denom_sig='$OLD_SIG';" | psql $DB -Aqt` - echo "UPDATE known_coins SET denom_sig='\x287369672d76616c200a2028727361200a2020287320233542383731423743393036444643303442424430453039353246413642464132463537303139374131313437353746324632323332394644443146324643333445393939413336363430334233413133324444464239413833353833464536354442374335434445304441453035374438363336434541423834463843323843344446304144363030343430413038353435363039373833434431333239393736423642433437313041324632414132414435413833303432434346314139464635394244434346374436323238344143354544364131373739463430353032323241373838423837363535453434423145443831364244353638303232413123290a2020290a20290b' WHERE coin_pub='$COIN_PUB'" | psql -Aqt $DB + OLD_SIG=`echo 'SELECT denom_sig FROM known_coins LIMIT 1;' | psql $DB -At` + COIN_PUB=`echo "SELECT coin_pub FROM known_coins WHERE denom_sig='$OLD_SIG';" | psql $DB -At` + echo "UPDATE known_coins SET denom_sig='\x287369672d76616c200a2028727361200a2020287320233542383731423743393036444643303442424430453039353246413642464132463537303139374131313437353746324632323332394644443146324643333445393939413336363430334233413133324444464239413833353833464536354442374335434445304441453035374438363336434541423834463843323843344446304144363030343430413038353435363039373833434431333239393736423642433437313041324632414132414435413833303432434346314139464635394244434346374436323238344143354544364131373739463430353032323241373838423837363535453434423145443831364244353638303232413123290a2020290a20290b' WHERE coin_pub='$COIN_PUB'" | psql -At $DB + + run_audit aggregator + echo -n "Testing inconsistency detection... " - run_audit aggregation + AMOUNT=`jq -r .total_bad_sig_loss < test-audit-aggregation.json` + if test "x$AMOUNT" == "xTESTKUDOS:0" + then + exit_fail "Reported total amount wrong: $AMOUNT" + fi + + OP=`jq -r .bad_sig_losses[0].operation < test-audit-aggregation.json` + if test "x$OP" != "xwire" + then + exit_fail "Reported wrong operation: $OP" + fi # FIXME: test incomplete... # BIG Q: why is wire_out empty? => aggregation test does not actually # find WTIDs to check, and thus doesn't detect the bad signature! + echo "OK" # Cannot undo aggregation, do full reload full_reload @@ -1802,10 +1819,9 @@ check_with_database() break fi done - # echo "Cleanup (disabled, leaving database $DB behind)" - dropdb $DB - rm -r $WIRE_FEE_DIR - rm -f test-audit.log test-wire-audit.log + echo "Cleanup (disabled, leaving database $DB behind)" +# dropdb $DB +# rm -r $WIRE_FEE_DIR } |