enable test 32

2020-03-27 12:30:31 +01:00 · 2020-03-27 12:30:31 +01:00 · 31746d8128
commit 31746d8128
parent 13bbcef87b
4 changed files with 60 additions and 45 deletions
--- a/contrib/auditor-report.tex.j2
+++ b/contrib/auditor-report.tex.j2
@ -707,31 +707,23 @@ This section lists operations that the exchange performed, but for
 which the signatures provided are invalid. Hence the operations were
 invalid and the amount involved should be considered lost.

-The key given is always the key for which the signature verification
-step failed. This is the reserve public key for ``withdraw''
-operations, the coin public key for ``deposit'' and ``melt''
-operations, the merchant's public key for ``melt'' operations,
-the (hash of the) denomination public key for
-``recoup-verify'' and ``deposit-verify'' operations, and the master
-public key for ``recoup-master'' operations.
+\subsubsection{For aggregation}

-\subsubsection{For aggregations}
-
-% Table generation tested by testcase #XX in test-auditor.sh
+% Table generation tested by testcase #32 in test-auditor.sh

 {% if aggregation.bad_sig_losses|length() == 0 %}
  {\bf All signatures were valid.}
 {% else %}
  \begin{longtable}{l|r|r}
-  \multicolumn{3}{l}{ {\bf Public key} }\\
+  \multicolumn{3}{l}{ {\bf Coin public key} }\\
  {\bf Operation type} & Database row & {\bf Loss amount} \\
  \hline \hline
 \endfirsthead
-  \multicolumn{3}{l}{ {\bf Public key} }\\
+  \multicolumn{3}{l}{ {\bf Coin public key} }\\
  {\bf Operation type} & Database row & {\bf Loss amount} \\ \hline \hline
 \endhead
  \hline \hline
-  \multicolumn{3}{l}{ {\bf Public key} }\\
+  \multicolumn{3}{l}{ {\bf Coin public key} }\\
  {\bf Operation type} & Database row & {\bf Loss amount} \\
 \endfoot
  \hline
@ -741,7 +733,7 @@ public key for ``recoup-master'' operations.
  \label{table:bad_signature_losses}
 \endlastfoot
 {% for item in aggregation.bad_sig_losses %}
-  \multicolumn{3}{l}{ {\tt \small \truncate{0.9\textwidth}{ {{ item.key_pub }} } } } \\
+  \multicolumn{3}{l}{ {\tt \small \truncate{0.9\textwidth}{ {{ item.coin_pub }} } } } \\
 \nopagebreak
  {{ item.operation }} &
  {{ item.row }} &
@ -759,15 +751,15 @@ public key for ``recoup-master'' operations.
  {\bf All signatures were valid.}
 {% else %}
  \begin{longtable}{l|r|r}
-  \multicolumn{3}{l}{ {\bf Public key} }\\
+  \multicolumn{3}{l}{ {\bf Coin public key} }\\
  {\bf Operation type} & Database row & {\bf Loss amount} \\
  \hline \hline
 \endfirsthead
-  \multicolumn{3}{l}{ {\bf Public key} }\\
+  \multicolumn{3}{l}{ {\bf Coin public key} }\\
  {\bf Operation type} & Database row & {\bf Loss amount} \\ \hline \hline
 \endhead
  \hline \hline
-  \multicolumn{3}{l}{ {\bf Public key} }\\
+  \multicolumn{3}{l}{ {\bf Coin public key} }\\
  {\bf Operation type} & Database row & {\bf Loss amount} \\
 \endfoot
  \hline
@ -790,6 +782,13 @@ public key for ``recoup-master'' operations.

 % Table generation tested by testcase #7 in test-auditor.sh

+The key given is always the key for which the signature verification step
+failed. This is the reserve public key for ``withdraw'' operations, the coin
+public key for ``recoup'' operations, and the master public key for
+``recoup-master'' operations (where the master's signature on the revocation
+is invalid).
+
+
 {% if reserves.bad_sig_losses|length() == 0 %}
  {\bf All signatures were valid.}
 {% else %}
@ -1140,7 +1139,7 @@ with respect to what wire fee it charges at what time.
 This section describes issues found that do not have a clear financial
 impact.

-\subsubsection{For aggregations}
+\subsubsection{For aggregation}

 % Table generation tested by testcase #15/#25 in test-auditor.sh

--- a/src/auditor/taler-helper-auditor-aggregation.c
+++ b/src/auditor/taler-helper-auditor-aggregation.c
@ -845,6 +845,9 @@ wire_transfer_information_cb (
      wcc->qs = qs;
    return;
  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Testing coin `%s' for validity\n",
+              TALER_B2S (&coin.coin_pub));
  if (GNUNET_OK !=
      TALER_test_coin_valid (&coin,
                             denom_pub))
@ -854,8 +857,8 @@ wire_transfer_information_cb (
                                 "operation", "wire",
                                 "row", (json_int_t) rowid,
                                 "loss", TALER_JSON_from_amount (coin_value),
-                                 "key_pub", GNUNET_JSON_from_data_auto (
-                                   &issue->denom_hash)));
+                                 "coin_pub", GNUNET_JSON_from_data_auto (
+                                   &coin.coin_pub)));
    GNUNET_assert (GNUNET_OK ==
                   TALER_amount_add (&total_bad_sig_loss,
                                     &total_bad_sig_loss,
@ -1490,10 +1493,10 @@ run (void *cls,
                      "total_wire_out_delta_minus",
                      TALER_JSON_from_amount (
                        &total_wire_out_delta_minus),
-                      /* Tested in test-auditor.sh #28 */
+                      /* Tested in test-auditor.sh #28/32 */
                      "bad_sig_losses",
                      report_bad_sig_losses,
-                      /* Tested in test-auditor.sh #28 */
+                      /* Tested in test-auditor.sh #28/32 */
                      "total_bad_sig_loss",
                      TALER_JSON_from_amount (&total_bad_sig_loss),
                      /* block #2 */
--- a/src/auditor/taler-helper-auditor-coins.c
+++ b/src/auditor/taler-helper-auditor-coins.c
@ -31,14 +31,11 @@
 #include "report-lib.h"

 /**
- * How many coin histories do we keep in RAM at any given point in
- * time? Used bound memory consumption of the auditor. Larger values
- * reduce database accesses.
- *
- * Set to a VERY low value here for testing. Practical values may be
- * in the millions.
+ * How many coin histories do we keep in RAM at any given point in time?
+ * Expect a few kB per coin history to be used. Used bound memory consumption
+ * of the auditor. Larger values reduce database accesses.
 */
-#define MAX_COIN_HISTORIES 4
+#define MAX_COIN_HISTORIES (16 * 1024 * 1024)

 /**
 * Use a 1 day grace period to deal with clocks not being perfectly synchronized.
--- a/src/auditor/test-auditor.sh
+++ b/src/auditor/test-auditor.sh
@ -9,7 +9,7 @@ set -eu

 # Set of numbers for all the testcases.
 # When adding new tests, increase the last number:
-ALL_TESTS=`seq 0 31`
+ALL_TESTS=`seq 0 32`

 # $TESTS determines which tests we should run.
 # This construction is used to make it easy to
@ -60,7 +60,6 @@ function pre_audit () {
        exit_skip "Failed to launch bank"
    fi
    echo " DONE"
-
    if test ${1:-no} = "aggregator"
    then
        echo -n "Running exchange aggregator ..."
@ -1595,6 +1594,7 @@ then

    run_audit aggregator

+    echo -n "Testing inconsistency detection... "
    ROW=`jq -e .bad_sig_losses[0].row < test-audit-aggregation.json`
    if test $ROW != "1"
    then
@ -1624,6 +1624,7 @@ then
        exit_fail "Wrong total bad sig loss, got $LOSS"
    fi

+    echo "OK"
    # cannot easily undo aggregator, hence full reload
    full_reload

@ -1643,6 +1644,7 @@ echo "UPDATE auditor_denominations SET fee_withdraw_frac=5000000 WHERE coin_val=

 run_audit

+echo -n "Testing inconsistency detection... "
 AMOUNT=`jq -r .total_balance_summary_delta_plus < test-audit-reserves.json`
 if test "x$AMOUNT" == "xTESTKUDOS:0"
 then
@ -1654,7 +1656,7 @@ if test "x$PROFIT" != "x-1"
 then
    exit_fail "Reported wrong profitability: $PROFIT"
 fi
-
+echo "OK"
 # Undo
 echo "UPDATE auditor_denominations SET fee_withdraw_frac=2000000 WHERE coin_val=1;" | psql -Aqt $DB

@ -1669,7 +1671,7 @@ echo "===========30: melt fee inconsistency ================="
 echo "UPDATE auditor_denominations SET fee_refresh_frac=5000000 WHERE coin_val=10;" | psql -Aqt $DB

 run_audit
-
+echo -n "Testing inconsistency detection... "
 AMOUNT=`jq -r .bad_sig_losses[0].loss < test-audit-coins.json`
 if test "x$AMOUNT" == "xTESTKUDOS:0"
 then
@ -1683,7 +1685,7 @@ then
 fi

 jq -e .emergencies[0] < test-audit-coins.json > /dev/null && exit_fail "Unexpected emergency detected in ordinary run"
-
+echo "OK"
 # Undo
 echo "UPDATE auditor_denominations SET fee_refresh_frac=3000000 WHERE coin_val=1;" | psql -Aqt $DB

@ -1705,8 +1707,8 @@ then

    echo "UPDATE auditor_denominations SET fee_deposit_frac=5000000 WHERE coin_val=8;" | psql -Aqt $DB

-    run_audit aggregation
-
+    run_audit aggregator
+    echo -n "Testing inconsistency detection... "
    AMOUNT=`jq -r .total_bad_sig_loss < test-audit-coins.json`
    if test "x$AMOUNT" == "xTESTKUDOS:0"
    then
@ -1714,11 +1716,12 @@ then
    fi

    OP=`jq -r .bad_sig_losses[0].operation < test-audit-coins.json`
-    if test "x$OP" == "xdeposit"
+    if test "x$OP" != "xdeposit"
    then
        exit_fail "Reported wrong operation: $OP"
    fi

+    echo "OK"
    # Undo
    echo "UPDATE auditor_denominations SET fee_deposit_frac=2000000 WHERE coin_val=8;" | psql -Aqt $DB

@ -1744,16 +1747,30 @@ then

    echo "===========32: known_coins signature wrong w. aggregation================="
    # Modify denom_sig, so it is wrong
-    OLD_SIG=`echo 'SELECT denom_sig FROM known_coins LIMIT 1;' | psql $DB -Aqt`
-    COIN_PUB=`echo "SELECT coin_pub FROM known_coins WHERE denom_sig='$OLD_SIG';"  | psql $DB -Aqt`
-    echo "UPDATE known_coins SET denom_sig='\x287369672d76616c200a2028727361200a2020287320233542383731423743393036444643303442424430453039353246413642464132463537303139374131313437353746324632323332394644443146324643333445393939413336363430334233413133324444464239413833353833464536354442374335434445304441453035374438363336434541423834463843323843344446304144363030343430413038353435363039373833434431333239393736423642433437313041324632414132414435413833303432434346314139464635394244434346374436323238344143354544364131373739463430353032323241373838423837363535453434423145443831364244353638303232413123290a2020290a20290b' WHERE coin_pub='$COIN_PUB'" | psql -Aqt $DB
+    OLD_SIG=`echo 'SELECT denom_sig FROM known_coins LIMIT 1;' | psql $DB -At`
+    COIN_PUB=`echo "SELECT coin_pub FROM known_coins WHERE denom_sig='$OLD_SIG';"  | psql $DB -At`
+    echo "UPDATE known_coins SET denom_sig='\x287369672d76616c200a2028727361200a2020287320233542383731423743393036444643303442424430453039353246413642464132463537303139374131313437353746324632323332394644443146324643333445393939413336363430334233413133324444464239413833353833464536354442374335434445304441453035374438363336434541423834463843323843344446304144363030343430413038353435363039373833434431333239393736423642433437313041324632414132414435413833303432434346314139464635394244434346374436323238344143354544364131373739463430353032323241373838423837363535453434423145443831364244353638303232413123290a2020290a20290b' WHERE coin_pub='$COIN_PUB'" | psql -At $DB

-    run_audit aggregation
+    run_audit aggregator
+    echo -n "Testing inconsistency detection... "
+
+    AMOUNT=`jq -r .total_bad_sig_loss < test-audit-aggregation.json`
+    if test "x$AMOUNT" == "xTESTKUDOS:0"
+    then
+        exit_fail "Reported total amount wrong: $AMOUNT"
+    fi
+
+    OP=`jq -r .bad_sig_losses[0].operation < test-audit-aggregation.json`
+    if test "x$OP" != "xwire"
+    then
+        exit_fail "Reported wrong operation: $OP"
+    fi

    # FIXME: test incomplete...
    # BIG Q: why is wire_out empty? => aggregation test does not actually
    # find WTIDs to check, and thus doesn't detect the bad signature!

+    echo "OK"
    # Cannot undo aggregation, do full reload
    full_reload

@ -1802,10 +1819,9 @@ check_with_database()
            break
        fi
    done
-    # echo "Cleanup (disabled, leaving database $DB behind)"
-    dropdb $DB
-    rm -r $WIRE_FEE_DIR
-    rm -f test-audit.log test-wire-audit.log
+    echo "Cleanup (disabled, leaving database $DB behind)"
+#    dropdb $DB
+#    rm -r $WIRE_FEE_DIR
 }