From 87376e02eba3f5c2cf83a493446dee0c300565a4 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 25 Dec 2021 13:56:33 +0100 Subject: [PATCH] protocol v12 changes (/recoup split, signature changes) plus database sharding plus O(n^2)=>O(n) worst-case complexity reduction on coin balance checks --- contrib/gana | 2 +- ...taler-auditor-httpd_deposit-confirmation.c | 9 +- src/auditor/taler-helper-auditor-coins.c | 27 +- src/benchmark/taler-aggregator-benchmark.c | 8 +- src/exchange/Makefile.am | 1 + src/exchange/taler-exchange-httpd.c | 5 + src/exchange/taler-exchange-httpd_db.c | 317 +--- src/exchange/taler-exchange-httpd_db.h | 31 +- src/exchange/taler-exchange-httpd_deposit.c | 147 +- src/exchange/taler-exchange-httpd_keys.c | 2 +- src/exchange/taler-exchange-httpd_melt.c | 252 +-- src/exchange/taler-exchange-httpd_metrics.c | 20 +- src/exchange/taler-exchange-httpd_metrics.h | 5 +- .../taler-exchange-httpd_recoup-refresh.c | 411 ++++ .../taler-exchange-httpd_recoup-refresh.h | 46 + src/exchange/taler-exchange-httpd_recoup.c | 334 +--- .../taler-exchange-httpd_refreshes_reveal.c | 383 +--- src/exchange/taler-exchange-httpd_refund.c | 294 +-- src/exchange/taler-exchange-httpd_responses.c | 50 +- src/exchange/taler-exchange-httpd_responses.h | 6 +- src/exchange/taler-exchange-httpd_withdraw.c | 42 +- src/exchangedb/drop0001.sql | 15 +- src/exchangedb/exchange-0001.sql | 1422 ++++++++++---- src/exchangedb/irbt_callbacks.c | 8 +- src/exchangedb/lrbt_callbacks.c | 16 +- src/exchangedb/plugin_exchangedb_postgres.c | 1677 +++++++---------- src/exchangedb/test_exchangedb.c | 1161 ++++++------ src/include/taler_crypto_lib.h | 37 + src/include/taler_exchange_service.h | 80 +- src/include/taler_exchangedb_plugin.h | 372 ++-- src/include/taler_signatures.h | 5 + src/include/taler_testing_lib.h | 23 +- src/lib/Makefile.am | 1 + src/lib/exchange_api_common.c | 38 +- src/lib/exchange_api_handle.c | 2 +- src/lib/exchange_api_melt.c | 44 +- src/lib/exchange_api_recoup.c | 37 +- src/lib/exchange_api_recoup_refresh.c | 403 ++++ src/testing/Makefile.am | 1 + src/testing/test_auditor_api.c | 2 - src/testing/test_exchange_api.c | 14 +- src/testing/test_exchange_api_revocation.c | 92 +- src/testing/testing_api_cmd_insert_deposit.c | 47 +- src/testing/testing_api_cmd_recoup.c | 55 +- src/testing/testing_api_cmd_recoup_refresh.c | 373 ++++ src/testing/testing_api_cmd_refresh.c | 1 - src/util/wallet_signatures.c | 49 + 47 files changed, 4633 insertions(+), 3734 deletions(-) create mode 100644 src/exchange/taler-exchange-httpd_recoup-refresh.c create mode 100644 src/exchange/taler-exchange-httpd_recoup-refresh.h create mode 100644 src/lib/exchange_api_recoup_refresh.c create mode 100644 src/testing/testing_api_cmd_recoup_refresh.c diff --git a/contrib/gana b/contrib/gana index ce3c127a7..560c1ac1d 160000 --- a/contrib/gana +++ b/contrib/gana @@ -1 +1 @@ -Subproject commit ce3c127a788d4bc35caf8472fa9799b45f8d2133 +Subproject commit 560c1ac1d321f7da4fc43ef96858ac27b7eaa2bd diff --git a/src/auditor/taler-auditor-httpd_deposit-confirmation.c b/src/auditor/taler-auditor-httpd_deposit-confirmation.c index d2ab03705..694753c8d 100644 --- a/src/auditor/taler-auditor-httpd_deposit-confirmation.c +++ b/src/auditor/taler-auditor-httpd_deposit-confirmation.c @@ -341,9 +341,12 @@ TEAH_DEPOSIT_CONFIRMATION_init (void) void TEAH_DEPOSIT_CONFIRMATION_done (void) { - GNUNET_CONTAINER_multihashmap_destroy (cache); - cache = NULL; - GNUNET_assert (0 == pthread_mutex_destroy (&lock)); + if (NULL != cache) + { + GNUNET_CONTAINER_multihashmap_destroy (cache); + cache = NULL; + GNUNET_assert (0 == pthread_mutex_destroy (&lock)); + } } diff --git a/src/auditor/taler-helper-auditor-coins.c b/src/auditor/taler-helper-auditor-coins.c index 16d030b7f..0544edfbc 100644 --- a/src/auditor/taler-helper-auditor-coins.c +++ b/src/auditor/taler-helper-auditor-coins.c @@ -1093,19 +1093,10 @@ struct RevealContext static void reveal_data_cb (void *cls, uint32_t num_freshcoins, - const struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrcs, - unsigned int num_tprivs, - const struct TALER_TransferPrivateKeyP *tprivs, - const struct TALER_TransferPublicKeyP *tp) + const struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrcs) { struct RevealContext *rctx = cls; - /* Note: optimization using custom database accessor API could avoid - fetching these fields -- and we */ - (void) num_tprivs; - (void) tprivs; - (void) tp; - rctx->num_freshcoins = num_freshcoins; rctx->new_issues = GNUNET_new_array ( num_freshcoins, @@ -1117,9 +1108,8 @@ reveal_data_cb (void *cls, enum GNUNET_DB_QueryStatus qs; /* lookup new coin denomination key */ - qs = TALER_ARL_get_denomination_info (&rrcs[i].denom_pub, - &rctx->new_issues[i], - NULL); + qs = TALER_ARL_get_denomination_info_by_hash (&rrcs[i].h_denom_pub, + &rctx->new_issues[i]); if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) { report_row_inconsistency ("refresh_reveal", @@ -1287,13 +1277,16 @@ refresh_session_cb (void *cls, /* verify melt signature */ { - const struct TALER_DenominationHash h_denom_pub; + struct TALER_DenominationHash h_denom_pub; + struct TALER_Amount fee_refresh; TALER_denom_pub_hash (denom_pub, - &rmc.h_denom_pub); + &h_denom_pub); + TALER_amount_ntoh (&fee_refresh, + &issue->fee_refresh); if (GNUNET_OK != - TALER_wallet_melt_verify (&rmc.amount_with_fee, - &issue->fee_refresh, + TALER_wallet_melt_verify (amount_with_fee, + &fee_refresh, rc, &h_denom_pub, coin_pub, diff --git a/src/benchmark/taler-aggregator-benchmark.c b/src/benchmark/taler-aggregator-benchmark.c index a7d9cca38..411921000 100644 --- a/src/benchmark/taler-aggregator-benchmark.c +++ b/src/benchmark/taler-aggregator-benchmark.c @@ -298,6 +298,9 @@ add_deposit (const struct Merchant *m) { struct Deposit d; struct TALER_EXCHANGEDB_Deposit deposit; + uint64_t known_coin_id; + struct TALER_DenominationHash dph; + struct TALER_AgeHash agh; RANDOMIZE (&d.coin.coin_pub); d.coin.denom_pub_hash = h_denom_pub; @@ -306,7 +309,10 @@ add_deposit (const struct Merchant *m) if (0 >= plugin->ensure_coin_known (plugin->cls, - &d.coin)) + &d.coin, + &known_coin_id, + &dph, + &agh)) { GNUNET_break (0); global_ret = EXIT_FAILURE; diff --git a/src/exchange/Makefile.am b/src/exchange/Makefile.am index c20378c22..e7688f735 100644 --- a/src/exchange/Makefile.am +++ b/src/exchange/Makefile.am @@ -102,6 +102,7 @@ taler_exchange_httpd_SOURCES = \ taler-exchange-httpd_metrics.c taler-exchange-httpd_metrics.h \ taler-exchange-httpd_mhd.c taler-exchange-httpd_mhd.h \ taler-exchange-httpd_recoup.c taler-exchange-httpd_recoup.h \ + taler-exchange-httpd_recoup-refresh.c taler-exchange-httpd_recoup-refresh.h \ taler-exchange-httpd_refreshes_reveal.c taler-exchange-httpd_refreshes_reveal.h \ taler-exchange-httpd_refund.c taler-exchange-httpd_refund.h \ taler-exchange-httpd_reserves_get.c taler-exchange-httpd_reserves_get.h \ diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index 0535a54ea..526c93588 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -42,6 +42,7 @@ #include "taler-exchange-httpd_metrics.h" #include "taler-exchange-httpd_mhd.h" #include "taler-exchange-httpd_recoup.h" +#include "taler-exchange-httpd_recoup-refresh.h" #include "taler-exchange-httpd_refreshes_reveal.h" #include "taler-exchange-httpd_refund.h" #include "taler-exchange-httpd_reserves_get.h" @@ -256,6 +257,10 @@ handle_post_coins (struct TEH_RequestContext *rc, .op = "recoup", .handler = &TEH_handler_recoup }, + { + .op = "recoup-refresh", + .handler = &TEH_handler_recoup_refresh + }, { .op = "refund", .handler = &TEH_handler_refund diff --git a/src/exchange/taler-exchange-httpd_db.c b/src/exchange/taler-exchange-httpd_db.c index 388679c38..3600d7931 100644 --- a/src/exchange/taler-exchange-httpd_db.c +++ b/src/exchange/taler-exchange-httpd_db.c @@ -29,55 +29,6 @@ #include "taler-exchange-httpd_responses.h" -/** - * Send a response for a failed request. The transaction history of the given - * coin demonstrates that the @a residual value of the coin is below the @a - * requested contribution of the coin for the operation. Thus, the exchange - * refuses the operation. - * - * @param connection the connection to send the response to - * @param coin_pub public key of the coin - * @param coin_value original value of the coin - * @param tl transaction history for the coin - * @param requested how much this coin was supposed to contribute, including fee - * @param residual remaining value of the coin (after subtracting @a tl) - * @return a MHD result code - */ -static MHD_RESULT -reply_insufficient_funds ( - struct MHD_Connection *connection, - const struct TALER_CoinSpendPublicKeyP *coin_pub, - const struct TALER_Amount *coin_value, - struct TALER_EXCHANGEDB_TransactionList *tl, - const struct TALER_Amount *requested, - const struct TALER_Amount *residual) -{ - json_t *history; - - history = TEH_RESPONSE_compile_transaction_history (coin_pub, - tl); - if (NULL == history) - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_EXCHANGE_GENERIC_HISTORY_DB_ERROR_INSUFFICIENT_FUNDS, - NULL); - return TALER_MHD_REPLY_JSON_PACK ( - connection, - MHD_HTTP_CONFLICT, - TALER_JSON_pack_ec (TALER_EC_EXCHANGE_GENERIC_INSUFFICIENT_FUNDS), - GNUNET_JSON_pack_data_auto ("coin_pub", - coin_pub), - TALER_JSON_pack_amount ("original_value", - coin_value), - TALER_JSON_pack_amount ("residual_value", - residual), - TALER_JSON_pack_amount ("requested_value", - requested), - GNUNET_JSON_pack_array_steal ("history", - history)); -} - - /** * How often should we retry a transaction before giving up * (for transactions resulting in serialization/dead locks only). @@ -91,24 +42,22 @@ reply_insufficient_funds ( #define MAX_TRANSACTION_COMMIT_RETRIES 100 -/** - * Ensure coin is known in the database, and handle conflicts and errors. - * - * @param coin the coin to make known - * @param connection MHD request context - * @param[out] mhd_ret set to MHD status on error - * @return transaction status, negative on error (@a mhd_ret will be set in this case) - */ enum GNUNET_DB_QueryStatus TEH_make_coin_known (const struct TALER_CoinPublicInfo *coin, struct MHD_Connection *connection, + uint64_t *known_coin_id, MHD_RESULT *mhd_ret) { enum TALER_EXCHANGEDB_CoinKnownStatus cks; + struct TALER_DenominationHash h_denom_pub; + struct TALER_AgeHash age_hash; /* make sure coin is 'known' in database */ cks = TEH_plugin->ensure_coin_known (TEH_plugin->cls, - coin); + coin, + known_coin_id, + &h_denom_pub, + &age_hash); switch (cks) { case TALER_EXCHANGEDB_CKS_ADDED: @@ -124,250 +73,20 @@ TEH_make_coin_known (const struct TALER_CoinPublicInfo *coin, TALER_EC_GENERIC_DB_STORE_FAILED, NULL); return GNUNET_DB_STATUS_HARD_ERROR; - case TALER_EXCHANGEDB_CKS_CONFLICT: - break; - } - - { - struct TALER_EXCHANGEDB_TransactionList *tl; - enum GNUNET_DB_QueryStatus qs; - - qs = TEH_plugin->get_coin_transactions (TEH_plugin->cls, - &coin->coin_pub, - GNUNET_NO, - &tl); - if (0 > qs) - { - if (GNUNET_DB_STATUS_HARD_ERROR == qs) - *mhd_ret = TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - NULL); - return qs; - } - // FIXME: why do we even return the transaction - // history here!? This is a coin with multiple - // associated denominations, after all... - // => this is probably the wrong call, as this - // is NOT about insufficient funds! - *mhd_ret - = TEH_RESPONSE_reply_coin_insufficient_funds ( - connection, - TALER_EC_EXCHANGE_GENERIC_COIN_CONFLICTING_DENOMINATION_KEY, - &coin->coin_pub, - tl); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tl); - return GNUNET_DB_STATUS_HARD_ERROR; - } -} - - -/** - * Called when we actually know that the balance (was) insufficient. - * Re-does the check (slowly) to compute the full error message for - * the client. - * - * @param connection HTTP connection to report hard errors on - * @param coin_pub coin to analyze - * @param coin_value total value of the original coin (by denomination) - * @param op_cost cost of the current operation (for error reporting) - * @param check_recoup should we include recoup transactions in the check - * @param zombie_required additional requirement that the coin must - * be a zombie coin, or also hard failure - * @param[out] mhd_ret set to response status code, on hard error only - * @return transaction status - */ -static enum GNUNET_DB_QueryStatus -check_coin_balance (struct MHD_Connection *connection, - const struct TALER_CoinSpendPublicKeyP *coin_pub, - const struct TALER_Amount *coin_value, - const struct TALER_Amount *op_cost, - bool check_recoup, - bool zombie_required, - MHD_RESULT *mhd_ret) -{ - struct TALER_EXCHANGEDB_TransactionList *tl; - struct TALER_Amount spent; - enum GNUNET_DB_QueryStatus qs; - - /* Start with zero cost, as we already added this melt transaction - to the DB, so we will see it again during the queries below. */ - GNUNET_assert (GNUNET_OK == - TALER_amount_set_zero (TEH_currency, - &spent)); - - /* get historic transaction costs of this coin, including recoups as - we might be a zombie coin */ - qs = TEH_plugin->get_coin_transactions (TEH_plugin->cls, - coin_pub, - check_recoup, - &tl); - if (0 > qs) - { - if (GNUNET_DB_STATUS_HARD_ERROR == qs) - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "coin transaction history"); - return qs; - } - if (zombie_required) - { - /* The denomination key is only usable for a melt if this is a true - zombie coin, i.e. it was refreshed and the resulting fresh coin was - then recouped. Check that this is truly the case. */ - for (struct TALER_EXCHANGEDB_TransactionList *tp = tl; - NULL != tp; - tp = tp->next) - { - if (TALER_EXCHANGEDB_TT_OLD_COIN_RECOUP == tp->type) - { - zombie_required = false; /* clear flag: was satisfied! */ - break; - } - } - if (zombie_required) - { - /* zombie status not satisfied */ - GNUNET_break_op (0); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tl); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_EXCHANGE_MELT_COIN_EXPIRED_NO_ZOMBIE, - NULL); - return GNUNET_DB_STATUS_HARD_ERROR; - } - } - if (GNUNET_OK != - TALER_EXCHANGEDB_calculate_transaction_list_totals (tl, - &spent, - &spent)) - { - GNUNET_break (0); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tl); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_EXCHANGE_GENERIC_COIN_HISTORY_COMPUTATION_FAILED, - NULL); - return GNUNET_DB_STATUS_HARD_ERROR; - } - - /* Refuse to refresh when the coin's value is insufficient - for the cost of all transactions. */ - if (0 > TALER_amount_cmp (coin_value, - &spent)) - { - struct TALER_Amount coin_residual; - struct TALER_Amount spent_already; - - /* First subtract the melt cost from 'spent' to - compute the total amount already spent of the coin */ - GNUNET_assert (0 <= - TALER_amount_subtract (&spent_already, - &spent, - op_cost)); - /* The residual coin value is the original coin value minus - what we have spent (before the melt) */ - GNUNET_assert (0 <= - TALER_amount_subtract (&coin_residual, - coin_value, - &spent_already)); - *mhd_ret = reply_insufficient_funds ( + case TALER_EXCHANGEDB_CKS_DENOM_CONFLICT: + *mhd_ret = TEH_RESPONSE_reply_coin_insufficient_funds ( connection, - coin_pub, - coin_value, - tl, - op_cost, - &coin_residual); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tl); + TALER_EC_EXCHANGE_GENERIC_COIN_CONFLICTING_DENOMINATION_KEY, + &coin->coin_pub); + return GNUNET_DB_STATUS_HARD_ERROR; + case TALER_EXCHANGEDB_CKS_AGE_CONFLICT: + *mhd_ret = TEH_RESPONSE_reply_coin_insufficient_funds ( + connection, + TALER_EC_EXCHANGE_GENERIC_COIN_CONFLICTING_AGE_HASH, + &coin->coin_pub); return GNUNET_DB_STATUS_HARD_ERROR; } - - /* This should not happen: The coin has sufficient funds - after all!?!? */ - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tl); - return GNUNET_DB_STATUS_SUCCESS_ONE_RESULT; -} - - -enum GNUNET_DB_QueryStatus -TEH_check_coin_balance (struct MHD_Connection *connection, - const struct TALER_CoinSpendPublicKeyP *coin_pub, - const struct TALER_Amount *coin_value, - const struct TALER_Amount *op_cost, - bool check_recoup, - bool zombie_required, - MHD_RESULT *mhd_ret) -{ - bool balance_ok = false; - bool zombie_ok = false; - enum GNUNET_DB_QueryStatus qs; - - qs = TEH_plugin->do_check_coin_balance (TEH_plugin->cls, - coin_pub, - coin_value, - check_recoup, - zombie_required, - &balance_ok, - &zombie_ok); - switch (qs) - { - case GNUNET_DB_STATUS_HARD_ERROR: - *mhd_ret = TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "check_coin_balance"); - return qs; - case GNUNET_DB_STATUS_SOFT_ERROR: - return qs; - case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - GNUNET_break (0); - *mhd_ret = TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "check_coin_balance"); - return GNUNET_DB_STATUS_HARD_ERROR; - case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: - /* handled below */ - break; - } - if (! zombie_ok) - { - GNUNET_break_op (0); - *mhd_ret = TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_EXCHANGE_MELT_COIN_EXPIRED_NO_ZOMBIE, - NULL); - return GNUNET_DB_STATUS_HARD_ERROR; - } - if (balance_ok) - return qs; - /* balance is not OK, do expensive call to compute full error message */ - qs = check_coin_balance (connection, - coin_pub, - coin_value, - op_cost, - check_recoup, - zombie_required, - mhd_ret); - if (qs < 0) - return qs; /* we expected to fail (same check as before!) */ - GNUNET_break (0); /* stored procedure and individual statements - disagree, should be impossible! */ - *mhd_ret = TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_INVARIANT_FAILURE, - "stored procedure disagrees with full coin transaction history fetch"); + GNUNET_assert (0); return GNUNET_DB_STATUS_HARD_ERROR; } diff --git a/src/exchange/taler-exchange-httpd_db.h b/src/exchange/taler-exchange-httpd_db.h index 5ee3b41d5..7c954ffe1 100644 --- a/src/exchange/taler-exchange-httpd_db.h +++ b/src/exchange/taler-exchange-httpd_db.h @@ -32,44 +32,17 @@ * * @param coin the coin to make known * @param connection MHD request context + * @param[out] known_coin_id set to the unique ID for the coin in the DB * @param[out] mhd_ret set to MHD status on error * @return transaction status, negative on error (@a mhd_ret will be set in this case) */ enum GNUNET_DB_QueryStatus TEH_make_coin_known (const struct TALER_CoinPublicInfo *coin, struct MHD_Connection *connection, + uint64_t *known_coin_id, MHD_RESULT *mhd_ret); -/** - * Check that a coin has an adequate balance so that we can - * commit the current transaction. If the balance is - * insufficient for all transactions associated with the - * coin, return a hard error. - * - * We first do a "fast" check using a stored procedure, and - * only obtain the "full" data on failure (for performance). - * - * @param connection HTTP connection to report hard errors on - * @param coin_pub coin to analyze - * @param coin_value total value of the original coin (by denomination) - * @param op_cost cost of the current operation (for error reporting) - * @param check_recoup should we include recoup transactions in the check - * @param zombie_required additional requirement that the coin must - * be a zombie coin, or also hard failure - * @param[out] mhd_ret set to response status code, on hard error only - * @return transaction status - */ -enum GNUNET_DB_QueryStatus -TEH_check_coin_balance (struct MHD_Connection *connection, - const struct TALER_CoinSpendPublicKeyP *coin_pub, - const struct TALER_Amount *coin_value, - const struct TALER_Amount *op_cost, - bool check_recoup, - bool zombie_required, - MHD_RESULT *mhd_ret); - - /** * Function implementing a database transaction. Runs the transaction * logic; IF it returns a non-error code, the transaction logic MUST diff --git a/src/exchange/taler-exchange-httpd_deposit.c b/src/exchange/taler-exchange-httpd_deposit.c index 11094d11c..84741b5c3 100644 --- a/src/exchange/taler-exchange-httpd_deposit.c +++ b/src/exchange/taler-exchange-httpd_deposit.c @@ -47,6 +47,7 @@ * @param connection connection to the client * @param coin_pub public key of the coin * @param h_wire hash of wire details + * @param h_extensions hash of applicable extensions * @param h_contract_terms hash of contract details * @param exchange_timestamp exchange's timestamp * @param refund_deadline until when this deposit be refunded @@ -118,23 +119,21 @@ struct DepositContext /** * Our timestamp (when we received the request). + * Possibly updated by the transaction if the + * request is idempotent (was repeated). */ struct GNUNET_TIME_Timestamp exchange_timestamp; /** - * Calculated hash over the wire details. + * Hash of the payto URI. */ - struct TALER_MerchantWireHash h_wire; + struct TALER_PaytoHash h_payto; /** - * Value of the coin. + * Row of of the coin in the known_coins table. */ - struct TALER_Amount value; + uint64_t known_coin_id; - /** - * payto:// URI of the credited account. - */ - const char *payto_uri; }; @@ -157,15 +156,18 @@ deposit_transaction (void *cls, MHD_RESULT *mhd_ret) { struct DepositContext *dc = cls; - const struct TALER_EXCHANGEDB_Deposit *deposit = dc->deposit; - struct TALER_Amount spent; enum GNUNET_DB_QueryStatus qs; - struct TALER_Amount deposit_fee; + bool balance_ok; + bool in_conflict; - /* begin optimistically: assume this is a new deposit */ - qs = TEH_plugin->insert_deposit (TEH_plugin->cls, - dc->exchange_timestamp, - deposit); + qs = TEH_plugin->do_deposit (TEH_plugin->cls, + dc->deposit, + dc->known_coin_id, + &dc->h_payto, + false, /* FIXME-OEC: extension blocked */ + &dc->exchange_timestamp, + &balance_ok, + &in_conflict); if (qs < 0) { if (GNUNET_DB_STATUS_SOFT_ERROR == qs) @@ -174,73 +176,30 @@ deposit_transaction (void *cls, *mhd_ret = TALER_MHD_reply_with_error (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_STORE_FAILED, - NULL); + "deposit"); return qs; } - if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) + if (in_conflict) { - /* Check for idempotency: did we get this request before? */ - qs = TEH_plugin->have_deposit (TEH_plugin->cls, - deposit, - &deposit_fee, - &dc->exchange_timestamp); - if (qs < 0) - { - if (GNUNET_DB_STATUS_SOFT_ERROR == qs) - return qs; - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "have_deposit"); - return GNUNET_DB_STATUS_HARD_ERROR; - } - if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) - { - /* Conflict on insert, but record does not exist? - That makes no sense. */ - GNUNET_break (0); - return GNUNET_DB_STATUS_HARD_ERROR; - } - - { - struct TALER_Amount amount_without_fee; - - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "/deposit replay, accepting again!\n"); - GNUNET_assert (0 <= - TALER_amount_subtract (&amount_without_fee, - &deposit->amount_with_fee, - &deposit_fee)); - *mhd_ret = reply_deposit_success (connection, - &deposit->coin.coin_pub, - &dc->h_wire, - NULL /* h_extensions! */, - &deposit->h_contract_terms, - dc->exchange_timestamp, - deposit->refund_deadline, - deposit->wire_deadline, - &deposit->merchant_pub, - &amount_without_fee); - /* Note: we return "hard error" to ensure the wrapper - does not retry the transaction, and to also not generate - a "fresh" response (as we would on "success") */ - return GNUNET_DB_STATUS_HARD_ERROR; - } + TEH_plugin->rollback (TEH_plugin->cls); + *mhd_ret + = TEH_RESPONSE_reply_coin_insufficient_funds ( + connection, + TALER_EC_EXCHANGE_DEPOSIT_CONFLICTING_CONTRACT, + &dc->deposit->coin.coin_pub); + return GNUNET_DB_STATUS_HARD_ERROR; } - - /* Start with zero cost, as we already added this melt transaction - to the DB, so we will see it again during the queries below. */ - GNUNET_assert (GNUNET_OK == - TALER_amount_set_zero (TEH_currency, - &spent)); - - return TEH_check_coin_balance (connection, - &deposit->coin.coin_pub, - &dc->value, - &deposit->amount_with_fee, - false, /* no need for recoup */ - false, /* no need for zombie */ - mhd_ret); + if (! balance_ok) + { + TEH_plugin->rollback (TEH_plugin->cls); + *mhd_ret + = TEH_RESPONSE_reply_coin_insufficient_funds ( + connection, + TALER_EC_EXCHANGE_GENERIC_INSUFFICIENT_FUNDS, + &dc->deposit->coin.coin_pub); + return GNUNET_DB_STATUS_HARD_ERROR; + } + return qs; } @@ -263,9 +222,10 @@ TEH_handler_deposit (struct MHD_Connection *connection, { struct DepositContext dc; struct TALER_EXCHANGEDB_Deposit deposit; + const char *payto_uri; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_string ("merchant_payto_uri", - &dc.payto_uri), + &payto_uri), GNUNET_JSON_spec_fixed_auto ("wire_salt", &deposit.wire_salt), TALER_JSON_spec_amount ("contribution", @@ -290,6 +250,7 @@ TEH_handler_deposit (struct MHD_Connection *connection, &deposit.wire_deadline), GNUNET_JSON_spec_end () }; + struct TALER_MerchantWireHash h_wire; memset (&deposit, 0, @@ -316,7 +277,7 @@ TEH_handler_deposit (struct MHD_Connection *connection, { char *emsg; - emsg = TALER_payto_validate (dc.payto_uri); + emsg = TALER_payto_validate (payto_uri); if (NULL != emsg) { MHD_RESULT ret; @@ -331,7 +292,6 @@ TEH_handler_deposit (struct MHD_Connection *connection, return ret; } } - deposit.receiver_wire_account = (char *) dc.payto_uri; if (GNUNET_TIME_timestamp_cmp (deposit.refund_deadline, >, deposit.wire_deadline)) @@ -343,9 +303,12 @@ TEH_handler_deposit (struct MHD_Connection *connection, TALER_EC_EXCHANGE_DEPOSIT_REFUND_DEADLINE_AFTER_WIRE_DEADLINE, NULL); } - TALER_merchant_wire_signature_hash (dc.payto_uri, + deposit.receiver_wire_account = (char *) payto_uri; + TALER_payto_hash (payto_uri, + &dc.h_payto); + TALER_merchant_wire_signature_hash (payto_uri, &deposit.wire_salt, - &dc.h_wire); + &h_wire); dc.deposit = &deposit; /* new deposit */ @@ -366,42 +329,30 @@ TEH_handler_deposit (struct MHD_Connection *connection, if (GNUNET_TIME_absolute_is_past (dk->meta.expire_deposit.abs_time)) { /* This denomination is past the expiration time for deposits */ - struct GNUNET_TIME_Timestamp now; - - now = GNUNET_TIME_timestamp_get (); GNUNET_JSON_parse_free (spec); return TEH_RESPONSE_reply_expired_denom_pub_hash ( connection, &deposit.coin.denom_pub_hash, - now, TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED, "DEPOSIT"); } if (GNUNET_TIME_absolute_is_future (dk->meta.start.abs_time)) { /* This denomination is not yet valid */ - struct GNUNET_TIME_Timestamp now; - - now = GNUNET_TIME_timestamp_get (); GNUNET_JSON_parse_free (spec); return TEH_RESPONSE_reply_expired_denom_pub_hash ( connection, &deposit.coin.denom_pub_hash, - now, TALER_EC_EXCHANGE_GENERIC_DENOMINATION_VALIDITY_IN_FUTURE, "DEPOSIT"); } if (dk->recoup_possible) { - struct GNUNET_TIME_Timestamp now; - - now = GNUNET_TIME_timestamp_get (); /* This denomination has been revoked */ GNUNET_JSON_parse_free (spec); return TEH_RESPONSE_reply_expired_denom_pub_hash ( connection, &deposit.coin.denom_pub_hash, - now, TALER_EC_EXCHANGE_GENERIC_DENOMINATION_REVOKED, "DEPOSIT"); } @@ -419,7 +370,6 @@ TEH_handler_deposit (struct MHD_Connection *connection, TALER_EC_EXCHANGE_DENOMINATION_SIGNATURE_INVALID, NULL); } - dc.value = dk->meta.value; } if (0 < TALER_amount_cmp (&deposit.deposit_fee, &deposit.amount_with_fee)) @@ -435,7 +385,7 @@ TEH_handler_deposit (struct MHD_Connection *connection, if (GNUNET_OK != TALER_wallet_deposit_verify (&deposit.amount_with_fee, &deposit.deposit_fee, - &dc.h_wire, + &h_wire, &deposit.h_contract_terms, NULL /* h_extensions! */, &deposit.coin.denom_pub_hash, @@ -470,6 +420,7 @@ TEH_handler_deposit (struct MHD_Connection *connection, /* make sure coin is 'known' in database */ qs = TEH_make_coin_known (&deposit.coin, connection, + &dc.known_coin_id, &mhd_ret); /* no transaction => no serialization failures should be possible */ GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR != qs); @@ -506,7 +457,7 @@ TEH_handler_deposit (struct MHD_Connection *connection, &deposit.deposit_fee)); res = reply_deposit_success (connection, &deposit.coin.coin_pub, - &dc.h_wire, + &h_wire, NULL /* h_extensions! */, &deposit.h_contract_terms, dc.exchange_timestamp, diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c index a9cd864aa..5d7476771 100644 --- a/src/exchange/taler-exchange-httpd_keys.c +++ b/src/exchange/taler-exchange-httpd_keys.c @@ -57,7 +57,7 @@ * #TALER_PROTOCOL_CURRENT and #TALER_PROTOCOL_AGE in * exchange_api_handle.c! */ -#define EXCHANGE_PROTOCOL_VERSION "11:0:1" +#define EXCHANGE_PROTOCOL_VERSION "12:0:0" /** diff --git a/src/exchange/taler-exchange-httpd_melt.c b/src/exchange/taler-exchange-httpd_melt.c index e4b2af290..54f1385d7 100644 --- a/src/exchange/taler-exchange-httpd_melt.c +++ b/src/exchange/taler-exchange-httpd_melt.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2020 Taler Systems SA + Copyright (C) 2014-2021 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software @@ -89,6 +89,11 @@ struct MeltContext */ struct TALER_EXCHANGEDB_Refresh refresh_session; + /** + * UUID of the coin in the known_coins table. + */ + uint64_t known_coin_id; + /** * Information about the @e coin's value. */ @@ -141,15 +146,19 @@ melt_transaction (void *cls, { struct MeltContext *rmc = cls; enum GNUNET_DB_QueryStatus qs; - uint32_t noreveal_index; + bool balance_ok; /* pick challenge and persist it */ rmc->refresh_session.noreveal_index = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_STRONG, TALER_CNC_KAPPA); + if (0 > - (qs = TEH_plugin->insert_melt (TEH_plugin->cls, - &rmc->refresh_session))) + (qs = TEH_plugin->do_melt (TEH_plugin->cls, + &rmc->refresh_session, + rmc->known_coin_id, + &rmc->zombie_required, + &balance_ok))) { if (GNUNET_DB_STATUS_SOFT_ERROR != qs) { @@ -161,64 +170,43 @@ melt_transaction (void *cls, } return qs; } - if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) + GNUNET_break (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs); + if (rmc->zombie_required) { - /* Check if we already created a matching refresh_session */ - qs = TEH_plugin->get_melt_index (TEH_plugin->cls, - &rmc->refresh_session.rc, - &noreveal_index); - if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) - { - TALER_LOG_DEBUG ("Coin was previously melted, returning old reply\n"); - *mhd_ret = reply_melt_success (connection, - &rmc->refresh_session.rc, - noreveal_index); - /* Note: we return "hard error" to ensure the wrapper - does not retry the transaction, and to also not generate - a "fresh" response (as we would on "success") */ - return GNUNET_DB_STATUS_HARD_ERROR; - } - if (0 > qs) - { - if (GNUNET_DB_STATUS_HARD_ERROR == qs) - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "melt index"); - return qs; - } - if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) - { - /* Conflict on insert, but record does not exist? - That makes no sense. */ - GNUNET_break (0); - return GNUNET_DB_STATUS_HARD_ERROR; - } + GNUNET_break_op (0); + TEH_plugin->rollback (TEH_plugin->cls); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_EXCHANGE_MELT_COIN_EXPIRED_NO_ZOMBIE, + NULL); + return GNUNET_DB_STATUS_HARD_ERROR; } - return TEH_check_coin_balance (connection, - &rmc->refresh_session.coin.coin_pub, - &rmc->coin_value, - &rmc->refresh_session.amount_with_fee, - true, - rmc->zombie_required, - mhd_ret); + if (! balance_ok) + { + TEH_plugin->rollback (TEH_plugin->cls); + *mhd_ret + = TEH_RESPONSE_reply_coin_insufficient_funds ( + connection, + TALER_EC_EXCHANGE_GENERIC_INSUFFICIENT_FUNDS, + &rmc->refresh_session.coin.coin_pub); + return GNUNET_DB_STATUS_HARD_ERROR; + } + /* All good, commit, final response will be generated by caller */ + return GNUNET_DB_STATUS_SUCCESS_ONE_RESULT; } /** * Handle a "melt" request after the first parsing has - * happened. We now need to validate the coins being melted and the - * session signature and then hand things of to execute the melt - * operation. This function parses the JSON arrays and then passes - * processing on to #melt_transaction(). + * happened. Performs the database transactions. * * @param connection the MHD connection to handle * @param[in,out] rmc details about the melt request * @return MHD result code */ static MHD_RESULT -handle_melt (struct MHD_Connection *connection, - struct MeltContext *rmc) +database_melt (struct MHD_Connection *connection, + struct MeltContext *rmc) { if (GNUNET_SYSERR == TEH_plugin->preflight (TEH_plugin->cls)) @@ -230,36 +218,6 @@ handle_melt (struct MHD_Connection *connection, "preflight failure"); } - /* verify signature of coin for melt operation */ - { - struct TALER_RefreshMeltCoinAffirmationPS body = { - .purpose.size = htonl (sizeof (body)), - .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_MELT), - .rc = rmc->refresh_session.rc, - .h_denom_pub = rmc->refresh_session.coin.denom_pub_hash, - .coin_pub = rmc->refresh_session.coin.coin_pub - }; - - TALER_amount_hton (&body.amount_with_fee, - &rmc->refresh_session.amount_with_fee); - TALER_amount_hton (&body.melt_fee, - &rmc->coin_refresh_fee); - - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify ( - TALER_SIGNATURE_WALLET_COIN_MELT, - &body, - &rmc->refresh_session.coin_sig.eddsa_signature, - &rmc->refresh_session.coin.coin_pub.eddsa_pub)) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_MELT_COIN_SIGNATURE_INVALID, - NULL); - } - } - /* first, make sure coin is known */ if (! rmc->coin_is_dirty) { @@ -268,6 +226,7 @@ handle_melt (struct MHD_Connection *connection, qs = TEH_make_coin_known (&rmc->refresh_session.coin, connection, + &rmc->known_coin_id, &mhd_ret); /* no transaction => no serialization failures should be possible */ GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR != qs); @@ -305,8 +264,8 @@ handle_melt (struct MHD_Connection *connection, * @return MHD status code */ static MHD_RESULT -check_for_denomination_key (struct MHD_Connection *connection, - struct MeltContext *rmc) +check_melt_valid (struct MHD_Connection *connection, + struct MeltContext *rmc) { /* Baseline: check if deposits/refreshs are generally simply still allowed for this denomination */ @@ -321,30 +280,64 @@ check_for_denomination_key (struct MHD_Connection *connection, return mret; if (GNUNET_TIME_absolute_is_past (dk->meta.expire_legal.abs_time)) { - struct GNUNET_TIME_Timestamp now; - - now = GNUNET_TIME_timestamp_get (); /* Way too late now, even zombies have expired */ return TEH_RESPONSE_reply_expired_denom_pub_hash ( connection, &rmc->refresh_session.coin.denom_pub_hash, - now, TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED, "MELT"); } if (GNUNET_TIME_absolute_is_future (dk->meta.start.abs_time)) { - struct GNUNET_TIME_Timestamp now; - - now = GNUNET_TIME_timestamp_get (); /* This denomination is not yet valid */ return TEH_RESPONSE_reply_expired_denom_pub_hash ( connection, &rmc->refresh_session.coin.denom_pub_hash, - now, TALER_EC_EXCHANGE_GENERIC_DENOMINATION_VALIDITY_IN_FUTURE, "MELT"); } + + rmc->coin_refresh_fee = dk->meta.fee_refresh; + rmc->coin_value = dk->meta.value; + /* sanity-check that "total melt amount > melt fee" */ + if (0 < + TALER_amount_cmp (&rmc->coin_refresh_fee, + &rmc->refresh_session.amount_with_fee)) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_EXCHANGE_MELT_FEES_EXCEED_CONTRIBUTION, + NULL); + } + + if (GNUNET_OK != + TALER_test_coin_valid (&rmc->refresh_session.coin, + &dk->denom_pub)) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_DENOMINATION_SIGNATURE_INVALID, + NULL); + } + + /* verify signature of coin for melt operation */ + if (GNUNET_OK != + TALER_wallet_melt_verify (&rmc->refresh_session.amount_with_fee, + &rmc->coin_refresh_fee, + &rmc->refresh_session.rc, + &rmc->refresh_session.coin.denom_pub_hash, + &rmc->refresh_session.coin.coin_pub, + &rmc->refresh_session.coin_sig)) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_MELT_COIN_SIGNATURE_INVALID, + NULL); + } + if (GNUNET_TIME_absolute_is_past (dk->meta.expire_deposit.abs_time)) { /* We are past deposit expiration time, but maybe this is a zombie? */ @@ -357,6 +350,7 @@ check_for_denomination_key (struct MHD_Connection *connection, qs = TEH_plugin->get_coin_denomination ( TEH_plugin->cls, &rmc->refresh_session.coin.coin_pub, + &rmc->known_coin_id, &denom_hash); if (0 > qs) { @@ -369,14 +363,10 @@ check_for_denomination_key (struct MHD_Connection *connection, } if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs) { - struct GNUNET_TIME_Timestamp now; - - now = GNUNET_TIME_timestamp_get (); /* We never saw this coin before, so _this_ justification is not OK */ return TEH_RESPONSE_reply_expired_denom_pub_hash ( connection, &rmc->refresh_session.coin.denom_pub_hash, - now, TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED, "MELT"); } @@ -389,67 +379,25 @@ check_for_denomination_key (struct MHD_Connection *connection, &rmc->refresh_session.coin.denom_pub_hash)) { GNUNET_break_op (0); - // => this is probably the wrong call, as this - // is NOT about insufficient funds! - // (see also taler-exchange-httpd_db.c for an equivalent issue) - return TEH_RESPONSE_reply_coin_insufficient_funds ( + return TALER_MHD_reply_with_ec ( connection, TALER_EC_EXCHANGE_GENERIC_COIN_CONFLICTING_DENOMINATION_KEY, - &rmc->refresh_session.coin.coin_pub, - NULL); + TALER_B2S (&denom_hash)); } rmc->zombie_required = true; /* check later that zombie is satisfied */ } - rmc->coin_refresh_fee = dk->meta.fee_refresh; - rmc->coin_value = dk->meta.value; - /* check coin is actually properly signed */ - if (GNUNET_OK != - TALER_test_coin_valid (&rmc->refresh_session.coin, - &dk->denom_pub)) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_DENOMINATION_SIGNATURE_INVALID, - NULL); - } - - /* sanity-check that "total melt amount > melt fee" */ - if (0 < - TALER_amount_cmp (&rmc->coin_refresh_fee, - &rmc->refresh_session.amount_with_fee)) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_EXCHANGE_MELT_FEES_EXCEED_CONTRIBUTION, - NULL); - } - return handle_melt (connection, - rmc); + return database_melt (connection, + rmc); } -/** - * Handle a "/coins/$COIN_PUB/melt" request. Parses the request into the JSON - * components and then hands things of to #check_for_denomination_key() to - * validate the melted coins, the signature and execute the melt using - * handle_melt(). - - * @param connection the MHD connection to handle - * @param coin_pub public key of the coin - * @param root uploaded JSON data - * @return MHD result code - */ MHD_RESULT TEH_handler_melt (struct MHD_Connection *connection, const struct TALER_CoinSpendPublicKeyP *coin_pub, const json_t *root) { struct MeltContext rmc; - enum GNUNET_GenericReturnValue ret; - MHD_RESULT res; struct GNUNET_JSON_Specification spec[] = { TALER_JSON_spec_denom_sig ("denom_sig", &rmc.refresh_session.coin.denom_sig), @@ -469,16 +417,24 @@ TEH_handler_melt (struct MHD_Connection *connection, 0, sizeof (rmc)); rmc.refresh_session.coin.coin_pub = *coin_pub; - ret = TALER_MHD_parse_json_data (connection, - root, - spec); - if (GNUNET_OK != ret) - return (GNUNET_SYSERR == ret) ? MHD_NO : MHD_YES; - res = check_for_denomination_key (connection, - &rmc); - GNUNET_JSON_parse_free (spec); - return res; + { + enum GNUNET_GenericReturnValue ret; + ret = TALER_MHD_parse_json_data (connection, + root, + spec); + if (GNUNET_OK != ret) + return (GNUNET_SYSERR == ret) ? MHD_NO : MHD_YES; + } + + { + MHD_RESULT res; + + res = check_melt_valid (connection, + &rmc); + GNUNET_JSON_parse_free (spec); + return res; + } } diff --git a/src/exchange/taler-exchange-httpd_metrics.c b/src/exchange/taler-exchange-httpd_metrics.c index 2ea889ff0..8c8cd343a 100644 --- a/src/exchange/taler-exchange-httpd_metrics.c +++ b/src/exchange/taler-exchange-httpd_metrics.c @@ -51,18 +51,12 @@ TEH_handler_metrics (struct TEH_RequestContext *rc, "taler_exchange_serialization_failures{type=\"%s\"} %llu\n" "taler_exchange_serialization_failures{type=\"%s\"} %llu\n" "taler_exchange_serialization_failures{type=\"%s\"} %llu\n" - "taler_exchange_serialization_failures{type=\"%s\"} %llu\n" - "taler_exchange_serialization_failures{type=\"%s\"} %llu\n" - "taler_exchange_serialization_failures{type=\"%s\"} %llu\n" "# HELP taler_exchange_received_requests " " number of received requests by type\n" "# TYPE taler_exchange_received_requests counter\n" "taler_exchange_received_requests{type=\"%s\"} %llu\n" "taler_exchange_received_requests{type=\"%s\"} %llu\n" "taler_exchange_received_requests{type=\"%s\"} %llu\n" - "taler_exchange_received_requests{type=\"%s\"} %llu\n" - "taler_exchange_received_requests{type=\"%s\"} %llu\n" - "taler_exchange_received_requests{type=\"%s\"} %llu\n" "taler_exchange_received_requests{type=\"%s\"} %llu\n", "other", TEH_METRICS_num_conflict[TEH_MT_OTHER], @@ -72,12 +66,6 @@ TEH_handler_metrics (struct TEH_RequestContext *rc, TEH_METRICS_num_conflict[TEH_MT_WITHDRAW], "melt", TEH_METRICS_num_conflict[TEH_MT_MELT], - "reveal-precheck", - TEH_METRICS_num_conflict[TEH_MT_REVEAL_PRECHECK], - "reveal", - TEH_METRICS_num_conflict[TEH_MT_REVEAL], - "reveal-persist", - TEH_METRICS_num_conflict[TEH_MT_REVEAL_PERSIST], "other", TEH_METRICS_num_requests[TEH_MT_OTHER], "deposit", @@ -85,13 +73,7 @@ TEH_handler_metrics (struct TEH_RequestContext *rc, "withdraw", TEH_METRICS_num_requests[TEH_MT_WITHDRAW], "melt", - TEH_METRICS_num_requests[TEH_MT_MELT], - "reveal-precheck", - TEH_METRICS_num_requests[TEH_MT_REVEAL_PRECHECK], - "reveal", - TEH_METRICS_num_requests[TEH_MT_REVEAL], - "reveal-persist", - TEH_METRICS_num_requests[TEH_MT_REVEAL_PERSIST]); + TEH_METRICS_num_requests[TEH_MT_MELT]); resp = MHD_create_response_from_buffer (strlen (reply), reply, MHD_RESPMEM_MUST_FREE); diff --git a/src/exchange/taler-exchange-httpd_metrics.h b/src/exchange/taler-exchange-httpd_metrics.h index 39e463169..55e5372a7 100644 --- a/src/exchange/taler-exchange-httpd_metrics.h +++ b/src/exchange/taler-exchange-httpd_metrics.h @@ -35,10 +35,7 @@ enum TEH_MetricType TEH_MT_DEPOSIT = 1, TEH_MT_WITHDRAW = 2, TEH_MT_MELT = 3, - TEH_MT_REVEAL_PRECHECK = 4, - TEH_MT_REVEAL = 5, - TEH_MT_REVEAL_PERSIST = 6, - TEH_MT_COUNT = 7 /* MUST BE LAST! */ + TEH_MT_COUNT = 4 /* MUST BE LAST! */ }; diff --git a/src/exchange/taler-exchange-httpd_recoup-refresh.c b/src/exchange/taler-exchange-httpd_recoup-refresh.c new file mode 100644 index 000000000..acadc999e --- /dev/null +++ b/src/exchange/taler-exchange-httpd_recoup-refresh.c @@ -0,0 +1,411 @@ +/* + This file is part of TALER + Copyright (C) 2017-2021 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see +*/ +/** + * @file taler-exchange-httpd_recoup-refresh.c + * @brief Handle /recoup-refresh requests; parses the POST and JSON and + * verifies the coin signature before handing things off + * to the database. + * @author Christian Grothoff + */ +#include "platform.h" +#include +#include +#include +#include +#include +#include "taler_json_lib.h" +#include "taler_mhd_lib.h" +#include "taler-exchange-httpd_db.h" +#include "taler-exchange-httpd_recoup-refresh.h" +#include "taler-exchange-httpd_responses.h" +#include "taler-exchange-httpd_keys.h" +#include "taler_exchangedb_lib.h" + + +/** + * Closure for #recoup_refresh_transaction(). + */ +struct RecoupContext +{ + + /** + * Set by #recoup_transaction() to the old coin that will + * receive the recoup. + */ + struct TALER_CoinSpendPublicKeyP old_coin_pub; + + /** + * Details about the coin. + */ + const struct TALER_CoinPublicInfo *coin; + + /** + * Key used to blind the coin. + */ + const union TALER_DenominationBlindingKeyP *coin_bks; + + /** + * Signature of the coin requesting recoup. + */ + const struct TALER_CoinSpendSignatureP *coin_sig; + + /** + * The amount requested to be recouped. + */ + const struct TALER_Amount *requested_amount; + + /** + * Unique ID of the coin in the known_coins table. + */ + uint64_t known_coin_id; + + /** + * Unique ID of the refresh reveal context of the melt for the new coin. + */ + uint64_t rrc_serial; + + /** + * Set by #recoup_transaction to the timestamp when the recoup + * was accepted. + */ + struct GNUNET_TIME_Timestamp now; + +}; + + +/** + * Execute a "recoup-refresh". The validity of the coin and signature have + * already been checked. The database must now check that the coin is not + * (double) spent, and execute the transaction. + * + * IF it returns a non-error code, the transaction logic MUST + * NOT queue a MHD response. IF it returns an hard error, the + * transaction logic MUST queue a MHD response and set @a mhd_ret. IF + * it returns the soft error code, the function MAY be called again to + * retry and MUST not queue a MHD response. + * + * @param cls the `struct RecoupContext *` + * @param connection MHD request which triggered the transaction + * @param[out] mhd_ret set to MHD response status for @a connection, + * if transaction failed (!) + * @return transaction status code + */ +static enum GNUNET_DB_QueryStatus +recoup_refresh_transaction (void *cls, + struct MHD_Connection *connection, + MHD_RESULT *mhd_ret) +{ + struct RecoupContext *pc = cls; + enum GNUNET_DB_QueryStatus qs; + bool recoup_ok; + bool internal_failure; + + /* Finally, store new refund data */ + pc->now = GNUNET_TIME_timestamp_get (); + qs = TEH_plugin->do_recoup_refresh (TEH_plugin->cls, + &pc->old_coin_pub, + pc->rrc_serial, + pc->requested_amount, + pc->coin_bks, + &pc->coin->coin_pub, + pc->known_coin_id, + pc->coin_sig, + &pc->now, + &recoup_ok, + &internal_failure); + if (0 > qs) + { + if (GNUNET_DB_STATUS_HARD_ERROR == qs) + *mhd_ret = TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "do_recoup_refresh"); + return qs; + } + + if (internal_failure) + { + GNUNET_break (0); + *mhd_ret = TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_INVARIANT_FAILURE, + "coin transaction history"); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if (! recoup_ok) + { + *mhd_ret = TEH_RESPONSE_reply_coin_insufficient_funds ( + connection, + TALER_EC_EXCHANGE_GENERIC_INSUFFICIENT_FUNDS, + &pc->coin->coin_pub); + return GNUNET_DB_STATUS_HARD_ERROR; + } + return qs; +} + + +/** + * We have parsed the JSON information about the recoup request. Do + * some basic sanity checks (especially that the signature on the + * request and coin is valid) and then execute the recoup operation. + * Note that we need the DB to check the fee structure, so this is not + * done here but during the recoup_transaction(). + * + * @param connection the MHD connection to handle + * @param coin information about the coin + * @param coin_bks blinding data of the coin (to be checked) + * @param coin_sig signature of the coin + * @param requested_amount requested amount to be recouped + * @return MHD result code + */ +static MHD_RESULT +verify_and_execute_recoup_refresh ( + struct MHD_Connection *connection, + const struct TALER_CoinPublicInfo *coin, + const union TALER_DenominationBlindingKeyP *coin_bks, + const struct TALER_CoinSpendSignatureP *coin_sig, + const struct TALER_Amount *requested_amount) +{ + struct RecoupContext pc; + const struct TEH_DenominationKey *dk; + MHD_RESULT mret; + struct TALER_BlindedCoinHash h_blind; + + /* check denomination exists and is in recoup mode */ + dk = TEH_keys_denomination_by_hash (&coin->denom_pub_hash, + connection, + &mret); + if (NULL == dk) + return mret; + if (GNUNET_TIME_absolute_is_past (dk->meta.expire_deposit.abs_time)) + { + /* This denomination is past the expiration time for recoup */ + return TEH_RESPONSE_reply_expired_denom_pub_hash ( + connection, + &coin->denom_pub_hash, + TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED, + "RECOUP-REFRESH"); + } + if (GNUNET_TIME_absolute_is_future (dk->meta.start.abs_time)) + { + /* This denomination is not yet valid */ + return TEH_RESPONSE_reply_expired_denom_pub_hash ( + connection, + &coin->denom_pub_hash, + TALER_EC_EXCHANGE_GENERIC_DENOMINATION_VALIDITY_IN_FUTURE, + "RECOUP-REFRESH"); + } + if (! dk->recoup_possible) + { + /* This denomination is not eligible for recoup */ + return TEH_RESPONSE_reply_expired_denom_pub_hash ( + connection, + &coin->denom_pub_hash, + TALER_EC_EXCHANGE_RECOUP_REFRESH_NOT_ELIGIBLE, + "RECOUP-REFRESH"); + } + + /* check denomination signature */ + if (GNUNET_YES != + TALER_test_coin_valid (coin, + &dk->denom_pub)) + { + TALER_LOG_WARNING ("Invalid coin passed for recoup\n"); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_DENOMINATION_SIGNATURE_INVALID, + NULL); + } + + /* check recoup request signature */ + if (GNUNET_OK != + TALER_wallet_recoup_refresh_verify (&coin->denom_pub_hash, + coin_bks, + requested_amount, + &coin->coin_pub, + coin_sig)) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_RECOUP_REFRESH_SIGNATURE_INVALID, + NULL); + } + + { + void *coin_ev; + size_t coin_ev_size; + struct TALER_CoinPubHash c_hash; + + if (GNUNET_OK != + TALER_denom_blind (&dk->denom_pub, + coin_bks, + NULL, /* FIXME-Oec: TALER_AgeHash * */ + &coin->coin_pub, + &c_hash, + &coin_ev, + &coin_ev_size)) + { + GNUNET_break (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_EXCHANGE_RECOUP_REFRESH_BLINDING_FAILED, + NULL); + } + TALER_coin_ev_hash (coin_ev, + coin_ev_size, + &h_blind); + GNUNET_free (coin_ev); + } + + pc.coin_sig = coin_sig; + pc.coin_bks = coin_bks; + pc.coin = coin; + pc.requested_amount = requested_amount; + + { + MHD_RESULT mhd_ret = MHD_NO; + enum GNUNET_DB_QueryStatus qs; + + /* make sure coin is 'known' in database */ + qs = TEH_make_coin_known (coin, + connection, + &pc.known_coin_id, + &mhd_ret); + /* no transaction => no serialization failures should be possible */ + GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR != qs); + if (qs < 0) + return mhd_ret; + } + + { + enum GNUNET_DB_QueryStatus qs; + + qs = TEH_plugin->get_old_coin_by_h_blind (TEH_plugin->cls, + &h_blind, + &pc.old_coin_pub, + &pc.rrc_serial); + if (0 > qs) + { + GNUNET_break (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "get_old_coin_by_h_blind"); + } + if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) + { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Recoup-refresh requested for unknown envelope %s\n", + GNUNET_h2s (&h_blind.hash)); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_NOT_FOUND, + TALER_EC_EXCHANGE_RECOUP_REFRESH_MELT_NOT_FOUND, + NULL); + } + } + + /* Perform actual recoup transaction */ + { + MHD_RESULT mhd_ret; + + if (GNUNET_OK != + TEH_DB_run_transaction (connection, + "run recoup-refresh", + TEH_MT_OTHER, + &mhd_ret, + &recoup_refresh_transaction, + &pc)) + return mhd_ret; + } + /* Recoup succeeded, return result */ + return TALER_MHD_REPLY_JSON_PACK (connection, + MHD_HTTP_OK, + GNUNET_JSON_pack_data_auto ( + "old_coin_pub", + &pc.old_coin_pub)); +} + + +/** + * Handle a "/coins/$COIN_PUB/recoup-refresh" request. Parses the JSON, and, if + * successful, passes the JSON data to #verify_and_execute_recoup_refresh() to further + * check the details of the operation specified. If everything checks out, + * this will ultimately lead to the refund being executed, or rejected. + * + * @param connection the MHD connection to handle + * @param coin_pub public key of the coin + * @param root uploaded JSON data + * @return MHD result code + */ +MHD_RESULT +TEH_handler_recoup_refresh (struct MHD_Connection *connection, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const json_t *root) +{ + enum GNUNET_GenericReturnValue ret; + struct TALER_CoinPublicInfo coin; + union TALER_DenominationBlindingKeyP coin_bks; + struct TALER_CoinSpendSignatureP coin_sig; + struct TALER_Amount amount; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_fixed_auto ("denom_pub_hash", + &coin.denom_pub_hash), + TALER_JSON_spec_denom_sig ("denom_sig", + &coin.denom_sig), + GNUNET_JSON_spec_fixed_auto ("coin_blind_key_secret", + &coin_bks), + GNUNET_JSON_spec_fixed_auto ("coin_sig", + &coin_sig), + TALER_JSON_spec_amount ("amount", + TEH_currency, + &amount), + GNUNET_JSON_spec_end () + }; + + memset (&coin, + 0, + sizeof (coin)); + coin.coin_pub = *coin_pub; + ret = TALER_MHD_parse_json_data (connection, + root, + spec); + if (GNUNET_SYSERR == ret) + return MHD_NO; /* hard failure */ + if (GNUNET_NO == ret) + return MHD_YES; /* failure */ + { + MHD_RESULT res; + + res = verify_and_execute_recoup_refresh (connection, + &coin, + &coin_bks, + &coin_sig, + &amount); + GNUNET_JSON_parse_free (spec); + return res; + } +} + + +/* end of taler-exchange-httpd_recoup-refresh.c */ diff --git a/src/exchange/taler-exchange-httpd_recoup-refresh.h b/src/exchange/taler-exchange-httpd_recoup-refresh.h new file mode 100644 index 000000000..25c12fac3 --- /dev/null +++ b/src/exchange/taler-exchange-httpd_recoup-refresh.h @@ -0,0 +1,46 @@ +/* + This file is part of TALER + Copyright (C) 2017, 2021 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see +*/ +/** + * @file taler-exchange-httpd_recoup_refresh.h + * @brief Handle /recoup-refresh requests + * @author Christian Grothoff + */ +#ifndef TALER_EXCHANGE_HTTPD_RECOUP_REFRESH_H +#define TALER_EXCHANGE_HTTPD_RECOUP_REFRESH_H + +#include +#include +#include "taler-exchange-httpd.h" + + +/** + * Handle a "/coins/$COIN_PUB/recoup-refresh" request. Parses the JSON, and, if + * successful, passes the JSON data to #verify_and_execute_recoup_refresh() to further + * check the details of the operation specified. If everything checks out, + * this will ultimately lead to the refund being executed, or rejected. + * + * @param connection the MHD connection to handle + * @param coin_pub public key of the coin + * @param root uploaded JSON data + * @return MHD result code + */ +MHD_RESULT +TEH_handler_recoup_refresh (struct MHD_Connection *connection, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const json_t *root); + + +#endif diff --git a/src/exchange/taler-exchange-httpd_recoup.c b/src/exchange/taler-exchange-httpd_recoup.c index 58495e530..28e81f9ec 100644 --- a/src/exchange/taler-exchange-httpd_recoup.c +++ b/src/exchange/taler-exchange-httpd_recoup.c @@ -45,9 +45,10 @@ struct RecoupContext struct TALER_BlindedCoinHash h_blind; /** - * Full value of the coin. + * Set by #recoup_transaction() to the reserve that will + * receive the recoup, if #refreshed is #GNUNET_NO. */ - struct TALER_Amount value; + struct TALER_ReservePublicKeyP reserve_pub; /** * Details about the coin. @@ -65,29 +66,19 @@ struct RecoupContext const struct TALER_CoinSpendSignatureP *coin_sig; /** - * Where does the value of the recouped coin go? Which member - * of the union is valid depends on @e refreshed. + * The amount requested to be recouped. */ - union - { - /** - * Set by #recoup_transaction() to the reserve that will - * receive the recoup, if #refreshed is #GNUNET_NO. - */ - struct TALER_ReservePublicKeyP reserve_pub; - - /** - * Set by #recoup_transaction() to the old coin that will - * receive the recoup, if #refreshed is #GNUNET_YES. - */ - struct TALER_CoinSpendPublicKeyP old_coin_pub; - } target; + const struct TALER_Amount *requested_amount; /** - * Set by #recoup_transaction() to the amount that will be paid back + * Unique ID of the withdraw operation in the reserves_out table. */ - struct TALER_Amount amount; - const struct TALER_Amount *requested_amount; + uint64_t reserve_out_serial_id; + + /** + * Unique ID of the coin in the known_coins table. + */ + uint64_t known_coin_id; /** * Set by #recoup_transaction to the timestamp when the recoup @@ -95,15 +86,9 @@ struct RecoupContext */ struct GNUNET_TIME_Timestamp now; - /** - * true if the client claims the coin originated from a refresh. - */ - bool refreshed; - }; -// FIXME: this code should be simplified by using TEH_check_coin_balance() /** * Execute a "recoup". The validity of the coin and signature have * already been checked. The database must now check that the coin is @@ -127,159 +112,53 @@ recoup_transaction (void *cls, MHD_RESULT *mhd_ret) { struct RecoupContext *pc = cls; - struct TALER_EXCHANGEDB_TransactionList *tl; - struct TALER_Amount spent; - struct TALER_Amount recouped; enum GNUNET_DB_QueryStatus qs; - bool existing_recoup_found; + bool recoup_ok; + bool internal_failure; - /* Check whether a recoup is allowed, and if so, to which - reserve / account the money should go */ - - /* Calculate remaining balance, including recoups already applied. */ - qs = TEH_plugin->get_coin_transactions (TEH_plugin->cls, - &pc->coin->coin_pub, - GNUNET_YES, - &tl); - if (0 > qs) - { - if (GNUNET_DB_STATUS_HARD_ERROR == qs) - { - GNUNET_break (0); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "coin transaction list"); - } - return qs; - } - - GNUNET_assert (GNUNET_OK == - TALER_amount_set_zero (pc->value.currency, - &spent)); - GNUNET_assert (GNUNET_OK == - TALER_amount_set_zero (pc->value.currency, - &recouped)); - /* Check if this coin has been recouped already at least once */ - existing_recoup_found = false; - for (struct TALER_EXCHANGEDB_TransactionList *pos = tl; - NULL != pos; - pos = pos->next) - { - if ( (TALER_EXCHANGEDB_TT_RECOUP == pos->type) || - (TALER_EXCHANGEDB_TT_RECOUP_REFRESH == pos->type) ) - { - existing_recoup_found = true; - break; - } - } - if (GNUNET_OK != - TALER_EXCHANGEDB_calculate_transaction_list_totals (tl, - &spent, - &spent)) - { - GNUNET_break (0); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tl); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_INVARIANT_FAILURE, - "coin transaction history"); - return GNUNET_DB_STATUS_HARD_ERROR; - } - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Recoup: calculated spent %s\n", - TALER_amount2s (&spent)); - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Recoup: coin value %s\n", - TALER_amount2s (&pc->value)); - if (0 > - TALER_amount_subtract (&pc->amount, - &pc->value, - &spent)) - { - GNUNET_break (0); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tl); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_EXCHANGE_RECOUP_COIN_BALANCE_NEGATIVE, - NULL); - return GNUNET_DB_STATUS_HARD_ERROR; - } - if (TALER_amount_is_zero (&pc->amount)) - { - /* Recoup has no effect: coin fully spent! */ - enum GNUNET_DB_QueryStatus ret; - - TEH_plugin->rollback (TEH_plugin->cls); - if (GNUNET_NO == existing_recoup_found) - { - /* Refuse: insufficient funds for recoup */ - *mhd_ret = TEH_RESPONSE_reply_coin_insufficient_funds (connection, - TALER_EC_EXCHANGE_RECOUP_COIN_BALANCE_ZERO, - &pc->coin->coin_pub, - tl); - ret = GNUNET_DB_STATUS_HARD_ERROR; - } - else - { - /* We didn't add any new recoup transaction, but there was at least - one recoup before, so we give a success response (idempotency!) */ - ret = GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; - } - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tl); - return ret; - } - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tl); + /* Finally, store new refund data */ pc->now = GNUNET_TIME_timestamp_get (); - if (0 != TALER_amount_cmp (&pc->amount, - pc->requested_amount)) - { - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_CONFLICT, - TALER_EC_EXCHANGE_GENERIC_INSUFFICIENT_FUNDS, - TALER_amount2s (&pc->amount)); - return GNUNET_DB_STATUS_HARD_ERROR; - } - - /* add coin to list of wire transfers for recoup */ - if (pc->refreshed) - { - qs = TEH_plugin->insert_recoup_refresh_request (TEH_plugin->cls, - pc->coin, - pc->coin_sig, - pc->coin_bks, - &pc->amount, - &pc->h_blind, - pc->now); - } - else - { - qs = TEH_plugin->insert_recoup_request (TEH_plugin->cls, - &pc->target.reserve_pub, - pc->coin, - pc->coin_sig, - pc->coin_bks, - &pc->amount, - &pc->h_blind, - pc->now); - } + qs = TEH_plugin->do_recoup (TEH_plugin->cls, + &pc->reserve_pub, + pc->reserve_out_serial_id, + pc->requested_amount, + pc->coin_bks, + &pc->coin->coin_pub, + pc->known_coin_id, + pc->coin_sig, + &pc->now, + &recoup_ok, + &internal_failure); if (0 > qs) { if (GNUNET_DB_STATUS_HARD_ERROR == qs) - { - TALER_LOG_WARNING ("Failed to store recoup information in database\n"); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_STORE_FAILED, - "recoup request"); - } + *mhd_ret = TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "do_recoup"); return qs; } - return GNUNET_DB_STATUS_SUCCESS_ONE_RESULT; + + if (internal_failure) + { + GNUNET_break (0); + *mhd_ret = TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_INVARIANT_FAILURE, + "do_recoup"); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if (! recoup_ok) + { + *mhd_ret = TEH_RESPONSE_reply_coin_insufficient_funds ( + connection, + TALER_EC_EXCHANGE_GENERIC_INSUFFICIENT_FUNDS, + &pc->coin->coin_pub); + return GNUNET_DB_STATUS_HARD_ERROR; + } + return qs; } @@ -295,7 +174,6 @@ recoup_transaction (void *cls, * @param coin_bks blinding data of the coin (to be checked) * @param coin_sig signature of the coin * @param requested_amount requested amount to be recouped - * @param refreshed true if the coin was refreshed * @return MHD result code */ static MHD_RESULT @@ -304,12 +182,10 @@ verify_and_execute_recoup ( const struct TALER_CoinPublicInfo *coin, const union TALER_DenominationBlindingKeyP *coin_bks, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_Amount *requested_amount, - bool refreshed) + const struct TALER_Amount *requested_amount) { struct RecoupContext pc; const struct TEH_DenominationKey *dk; - struct TALER_CoinPubHash c_hash; MHD_RESULT mret; /* check denomination exists and is in recoup mode */ @@ -324,7 +200,6 @@ verify_and_execute_recoup ( return TEH_RESPONSE_reply_expired_denom_pub_hash ( connection, &coin->denom_pub_hash, - GNUNET_TIME_timestamp_get (), TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED, "RECOUP"); } @@ -334,7 +209,6 @@ verify_and_execute_recoup ( return TEH_RESPONSE_reply_expired_denom_pub_hash ( connection, &coin->denom_pub_hash, - GNUNET_TIME_timestamp_get (), TALER_EC_EXCHANGE_GENERIC_DENOMINATION_VALIDITY_IN_FUTURE, "RECOUP"); } @@ -344,23 +218,21 @@ verify_and_execute_recoup ( return TEH_RESPONSE_reply_expired_denom_pub_hash ( connection, &coin->denom_pub_hash, - GNUNET_TIME_timestamp_get (), TALER_EC_EXCHANGE_RECOUP_NOT_ELIGIBLE, "RECOUP"); } - pc.value = dk->meta.value; - /* check denomination signature */ if (GNUNET_YES != TALER_test_coin_valid (coin, &dk->denom_pub)) { - TALER_LOG_WARNING ("Invalid coin passed for recoup\n"); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_DENOMINATION_SIGNATURE_INVALID, - NULL); + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_DENOMINATION_SIGNATURE_INVALID, + NULL); } /* check recoup request signature */ @@ -372,15 +244,17 @@ verify_and_execute_recoup ( coin_sig)) { GNUNET_break_op (0); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_RECOUP_SIGNATURE_INVALID, - NULL); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_RECOUP_SIGNATURE_INVALID, + NULL); } { void *coin_ev; size_t coin_ev_size; + struct TALER_CoinPubHash c_hash; if (GNUNET_OK != TALER_denom_blind (&dk->denom_pub, @@ -392,10 +266,11 @@ verify_and_execute_recoup ( &coin_ev_size)) { GNUNET_break (0); - return TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_EXCHANGE_RECOUP_BLINDING_FAILED, - NULL); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_EXCHANGE_RECOUP_BLINDING_FAILED, + NULL); } TALER_coin_ev_hash (coin_ev, coin_ev_size, @@ -406,7 +281,6 @@ verify_and_execute_recoup ( pc.coin_sig = coin_sig; pc.coin_bks = coin_bks; pc.coin = coin; - pc.refreshed = refreshed; pc.requested_amount = requested_amount; { @@ -416,6 +290,7 @@ verify_and_execute_recoup ( /* make sure coin is 'known' in database */ qs = TEH_make_coin_known (coin, connection, + &pc.known_coin_id, &mhd_ret); /* no transaction => no serialization failures should be possible */ GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR != qs); @@ -426,35 +301,18 @@ verify_and_execute_recoup ( { enum GNUNET_DB_QueryStatus qs; - if (pc.refreshed) + qs = TEH_plugin->get_reserve_by_h_blind (TEH_plugin->cls, + &pc.h_blind, + &pc.reserve_pub, + &pc.reserve_out_serial_id); + if (0 > qs) { - qs = TEH_plugin->get_old_coin_by_h_blind (TEH_plugin->cls, - &pc.h_blind, - &pc.target.old_coin_pub); - if (0 > qs) - { - GNUNET_break (0); - return TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "old coin by h_blind"); - } - } - else - { - qs = TEH_plugin->get_reserve_by_h_blind (TEH_plugin->cls, - &pc.h_blind, - &pc.target.reserve_pub); - if (0 > qs) - { - GNUNET_break (0); - return TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "reserve by h_blind"); - } + GNUNET_break (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "get_reserve_by_h_blind"); } if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) { @@ -483,21 +341,11 @@ verify_and_execute_recoup ( return mhd_ret; } /* Recoup succeeded, return result */ - return (refreshed) - ? TALER_MHD_REPLY_JSON_PACK (connection, - MHD_HTTP_OK, - GNUNET_JSON_pack_data_auto ( - "old_coin_pub", - &pc.target.old_coin_pub), - GNUNET_JSON_pack_bool ("refreshed", - true)) - : TALER_MHD_REPLY_JSON_PACK (connection, - MHD_HTTP_OK, - GNUNET_JSON_pack_data_auto ( - "reserve_pub", - &pc.target.reserve_pub), - GNUNET_JSON_pack_bool ("refreshed", - false)); + return TALER_MHD_REPLY_JSON_PACK (connection, + MHD_HTTP_OK, + GNUNET_JSON_pack_data_auto ( + "reserve_pub", + &pc.reserve_pub)); } @@ -522,7 +370,6 @@ TEH_handler_recoup (struct MHD_Connection *connection, union TALER_DenominationBlindingKeyP coin_bks; struct TALER_CoinSpendSignatureP coin_sig; struct TALER_Amount amount; - bool refreshed = false; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_fixed_auto ("denom_pub_hash", &coin.denom_pub_hash), @@ -535,12 +382,12 @@ TEH_handler_recoup (struct MHD_Connection *connection, TALER_JSON_spec_amount ("amount", TEH_currency, &amount), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_bool ("refreshed", - &refreshed)), GNUNET_JSON_spec_end () }; + memset (&coin, + 0, + sizeof (coin)); coin.coin_pub = *coin_pub; ret = TALER_MHD_parse_json_data (connection, root, @@ -556,8 +403,7 @@ TEH_handler_recoup (struct MHD_Connection *connection, &coin, &coin_bks, &coin_sig, - &amount, - refreshed); + &amount); GNUNET_JSON_parse_free (spec); return res; } diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c b/src/exchange/taler-exchange-httpd_refreshes_reveal.c index 36362a234..1cd28048b 100644 --- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c +++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c @@ -36,13 +36,6 @@ */ #define MAX_FRESH_COINS 256 -/** - * How often do we at most retry the reveal transaction sequence? - * Twice should really suffice in all cases (as the possible conflict - * cannot happen more than once). - */ -#define MAX_REVEAL_RETRIES 2 - /** * Send a response for "/refreshes/$RCH/reveal". @@ -53,10 +46,10 @@ * @return a MHD result code */ static MHD_RESULT -reply_refreshes_reveal_success (struct MHD_Connection *connection, - unsigned int num_freshcoins, - const struct - TALER_BlindedDenominationSignature *sigs) +reply_refreshes_reveal_success ( + struct MHD_Connection *connection, + unsigned int num_freshcoins, + const struct TALER_BlindedDenominationSignature *sigs) { json_t *list; @@ -120,158 +113,35 @@ struct RevealContext */ const struct TALER_RefreshCoinData *rcds; - /** - * Signatures over the link data (of type - * #TALER_SIGNATURE_WALLET_COIN_LINK) - */ - const struct TALER_CoinSpendSignatureP *link_sigs; - - /** - * Envelopes with the signatures to be returned. Initially NULL. - */ - struct TALER_BlindedDenominationSignature *ev_sigs; - /** * Size of the @e dks, @e rcds and @e ev_sigs arrays (if non-NULL). */ unsigned int num_fresh_coins; - /** - * Result from preflight checks. #GNUNET_NO for no result, - * #GNUNET_YES if preflight found previous successful operation, - * #GNUNET_SYSERR if prefight check failed hard (and generated - * an MHD response already). - */ - int preflight_ok; - }; /** - * Function called with information about a refresh order we already - * persisted. Stores the result in @a cls so we don't do the calculation - * again. - * - * @param cls closure with a `struct RevealContext` - * @param num_freshcoins size of the @a rrcs array - * @param rrcs array of @a num_freshcoins information about coins to be created - * @param num_tprivs number of entries in @a tprivs, should be #TALER_CNC_KAPPA - 1 - * @param tprivs array of @e num_tprivs transfer private keys - * @param tp transfer public key information - */ -static void -check_exists_cb (void *cls, - uint32_t num_freshcoins, - const struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrcs, - unsigned int num_tprivs, - const struct TALER_TransferPrivateKeyP *tprivs, - const struct TALER_TransferPublicKeyP *tp) -{ - struct RevealContext *rctx = cls; - - if (0 == num_freshcoins) - { - GNUNET_break (0); - return; - } - /* This should be a database invariant for us */ - GNUNET_break (TALER_CNC_KAPPA - 1 == num_tprivs); - /* Given that the $RCH value matched, we don't actually need to check these - values (we checked before). However, if a client repeats a request with - invalid values the 2nd time, that's a protocol violation we should at least - log (but it's safe to ignore it). */ - GNUNET_break_op (0 == - GNUNET_memcmp (tp, - &rctx->gamma_tp)); - GNUNET_break_op (0 == - memcmp (tprivs, - &rctx->transfer_privs, - sizeof (struct TALER_TransferPrivateKeyP) - * num_tprivs)); - /* We usually sign early (optimistic!), but in case we change that *and* - we do find the operation in the database, we could use this: */ - if (NULL == rctx->ev_sigs) - { - rctx->ev_sigs = GNUNET_new_array (num_freshcoins, - struct TALER_BlindedDenominationSignature); - for (unsigned int i = 0; iev_sigs[i], - &rrcs[i].coin_sig); - } -} - - -/** - * Check if the "/refreshes/$RCH/reveal" request was already successful - * before. If so, just return the old result. - * - * @param cls closure of type `struct RevealContext` - * @param connection MHD request which triggered the transaction - * @param[out] mhd_ret set to MHD response status for @a connection, - * if transaction failed (!) - * @return transaction status - */ -static enum GNUNET_DB_QueryStatus -refreshes_reveal_preflight (void *cls, - struct MHD_Connection *connection, - MHD_RESULT *mhd_ret) -{ - struct RevealContext *rctx = cls; - enum GNUNET_DB_QueryStatus qs; - - /* Try to see if we already have given an answer before. */ - qs = TEH_plugin->get_refresh_reveal (TEH_plugin->cls, - &rctx->rc, - &check_exists_cb, - rctx); - switch (qs) - { - case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - return qs; /* continue normal execution */ - case GNUNET_DB_STATUS_SOFT_ERROR: - return qs; - case GNUNET_DB_STATUS_HARD_ERROR: - GNUNET_break (qs); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - "refresh reveal"); - rctx->preflight_ok = GNUNET_SYSERR; - return GNUNET_DB_STATUS_HARD_ERROR; - case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: - default: - /* Hossa, already found our reply! */ - GNUNET_assert (NULL != rctx->ev_sigs); - rctx->preflight_ok = GNUNET_YES; - return qs; - } -} - - -/** - * Execute a "/refreshes/$RCH/reveal". The client is revealing to us the + * Check client's revelation against the original commitment. + * The client is revealing to us the * transfer keys for @a #TALER_CNC_KAPPA-1 sets of coins. Verify that the * revealed transfer keys would allow linkage to the blinded coins. * - * IF it returns a non-error code, the transaction logic MUST - * NOT queue a MHD response. IF it returns an hard error, the - * transaction logic MUST queue a MHD response and set @a mhd_ret. IF - * it returns the soft error code, the function MAY be called again to - * retry and MUST not queue a MHD response. + * IF it returns #GNUNET_OK, the transaction logic MUST + * NOT queue a MHD response. IF it returns an error, the + * transaction logic MUST queue a MHD response and set @a mhd_ret. * - * @param cls closure of type `struct RevealContext` + * @param rctx our operation context * @param connection MHD request which triggered the transaction * @param[out] mhd_ret set to MHD response status for @a connection, * if transaction failed (!) - * @return transaction status + * @return #GNUNET_OK if commitment was OK */ -static enum GNUNET_DB_QueryStatus -refreshes_reveal_transaction (void *cls, - struct MHD_Connection *connection, - MHD_RESULT *mhd_ret) +static enum GNUNET_GenericReturnValue +check_commitment (struct RevealContext *rctx, + struct MHD_Connection *connection, + MHD_RESULT *mhd_ret) { - struct RevealContext *rctx = cls; - /* Verify commitment */ { /* Note that the contents of rcs[melt.session.noreveal_index] @@ -363,7 +233,7 @@ refreshes_reveal_transaction (void *cls, TALER_EC_EXCHANGE_REFRESHES_REVEAL_COMMITMENT_VIOLATION), GNUNET_JSON_pack_data_auto ("rc_expected", &rc_expected)); - return GNUNET_DB_STATUS_HARD_ERROR; + return GNUNET_SYSERR; } } /* end of checking "rc_expected" */ @@ -390,7 +260,7 @@ refreshes_reveal_transaction (void *cls, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_EXCHANGE_REFRESHES_REVEAL_COST_CALCULATION_OVERFLOW, NULL); - return GNUNET_DB_STATUS_HARD_ERROR; + return GNUNET_SYSERR; } } if (0 < TALER_amount_cmp (&refresh_cost, @@ -401,60 +271,10 @@ refreshes_reveal_transaction (void *cls, MHD_HTTP_BAD_REQUEST, TALER_EC_EXCHANGE_REFRESHES_REVEAL_AMOUNT_INSUFFICIENT, NULL); - return GNUNET_DB_STATUS_HARD_ERROR; + return GNUNET_SYSERR; } } - return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; -} - - -/** - * Persist result of a "/refreshes/$RCH/reveal" operation. - * - * @param cls closure of type `struct RevealContext` - * @param connection MHD request which triggered the transaction - * @param[out] mhd_ret set to MHD response status for @a connection, - * if transaction failed (!) - * @return transaction status - */ -static enum GNUNET_DB_QueryStatus -refreshes_reveal_persist (void *cls, - struct MHD_Connection *connection, - MHD_RESULT *mhd_ret) -{ - struct RevealContext *rctx = cls; - enum GNUNET_DB_QueryStatus qs; - - /* Persist operation result in DB */ - { - struct TALER_EXCHANGEDB_RefreshRevealedCoin rrcs[rctx->num_fresh_coins]; - - for (unsigned int i = 0; inum_fresh_coins; i++) - { - struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrc = &rrcs[i]; - - rrc->denom_pub = rctx->dks[i]->denom_pub; - rrc->orig_coin_link_sig = rctx->link_sigs[i]; - rrc->coin_ev = rctx->rcds[i].coin_ev; - rrc->coin_ev_size = rctx->rcds[i].coin_ev_size; - rrc->coin_sig = rctx->ev_sigs[i]; - } - qs = TEH_plugin->insert_refresh_reveal (TEH_plugin->cls, - &rctx->rc, - rctx->num_fresh_coins, - rrcs, - TALER_CNC_KAPPA - 1, - rctx->transfer_privs, - &rctx->gamma_tp); - } - if (GNUNET_DB_STATUS_HARD_ERROR == qs) - { - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_STORE_FAILED, - "refresh_reveal"); - } - return qs; + return GNUNET_OK; } @@ -481,9 +301,18 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, struct TALER_DenominationHash dk_h[num_fresh_coins]; struct TALER_RefreshCoinData rcds[num_fresh_coins]; struct TALER_CoinSpendSignatureP link_sigs[num_fresh_coins]; - enum GNUNET_GenericReturnValue res; + struct TALER_BlindedDenominationSignature ev_sigs[num_fresh_coins]; MHD_RESULT ret; struct TEH_KeyStateHandle *ksh; + uint64_t melt_serial_id; + + rctx->num_fresh_coins = num_fresh_coins; + memset (dks, 0, sizeof (dks)); + memset (rcds, 0, sizeof (rcds)); + memset (link_sigs, 0, sizeof (link_sigs)); + memset (ev_sigs, 0, sizeof (ev_sigs)); + rctx->dks = dks; + rctx->rcds = rcds; ksh = TEH_keys_get_state (); if (NULL == ksh) @@ -501,7 +330,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, &dk_h[i]), GNUNET_JSON_spec_end () }; - MHD_RESULT mret; + enum GNUNET_GenericReturnValue res; res = TALER_MHD_parse_json_array (connection, new_denoms_h_json, @@ -509,15 +338,13 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, i, -1); if (GNUNET_OK != res) - { return (GNUNET_NO == res) ? MHD_YES : MHD_NO; - } dks[i] = TEH_keys_denomination_by_hash2 (ksh, &dk_h[i], connection, - &mret); + &ret); if (NULL == dks[i]) - return mret; + return ret; if (GNUNET_TIME_absolute_is_past (dks[i]->meta.expire_withdraw.abs_time)) { @@ -525,7 +352,6 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, return TEH_RESPONSE_reply_expired_denom_pub_hash ( connection, &dk_h[i], - GNUNET_TIME_timestamp_get (), TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED, "REVEAL"); } @@ -535,7 +361,6 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, return TEH_RESPONSE_reply_expired_denom_pub_hash ( connection, &dk_h[i], - GNUNET_TIME_timestamp_get (), TALER_EC_EXCHANGE_GENERIC_DENOMINATION_VALIDITY_IN_FUTURE, "REVEAL"); } @@ -560,6 +385,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, &rcd->coin_ev_size), GNUNET_JSON_spec_end () }; + enum GNUNET_GenericReturnValue res; res = TALER_MHD_parse_json_array (connection, coin_evs, @@ -582,7 +408,8 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != (qs = TEH_plugin->get_melt (TEH_plugin->cls, &rctx->rc, - &rctx->melt))) + &rctx->melt, + &melt_serial_id))) { switch (qs) { @@ -609,8 +436,6 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, } goto cleanup; } - /* Obtain basic information about the refresh operation and what - gamma we committed to. */ if (rctx->melt.session.noreveal_index >= TALER_CNC_KAPPA) { GNUNET_break (0); @@ -625,9 +450,11 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, for (unsigned int i = 0; inum_fresh_coins = num_fresh_coins; - rctx->rcds = rcds; - rctx->dks = dks; - rctx->link_sigs = link_sigs; + if (GNUNET_OK != + check_commitment (rctx, + connection, + &ret)) + goto cleanup; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Optimistically creating %u signatures\n", + "Creating %u signatures\n", (unsigned int) rctx->num_fresh_coins); /* sign _early_ (optimistic!) to keep out of transaction scope! */ - rctx->ev_sigs = GNUNET_new_array (rctx->num_fresh_coins, - struct TALER_BlindedDenominationSignature); - // FIXME: this is sequential, modify logic to enable parallel signing! for (unsigned int i = 0; inum_fresh_coins; i++) { enum TALER_ErrorCode ec = TALER_EC_NONE; - rctx->ev_sigs[i] + ev_sigs[i] = TEH_keys_denomination_sign ( &dk_h[i], - rctx->rcds[i].coin_ev, - rctx->rcds[i].coin_ev_size, + rcds[i].coin_ev, + rcds[i].coin_ev_size, &ec); if (TALER_EC_NONE != ec) { @@ -687,81 +513,50 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection, goto cleanup; } } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Signatures ready, starting DB interaction\n"); - /* We try the three transactions a few times, as theoretically - the pre-check might be satisfied by a concurrent transaction - voiding our final commit due to uniqueness violation; naturally, - on hard errors we exit immediately */ - for (unsigned int retries = 0; retries < MAX_REVEAL_RETRIES; retries++) + /* Persist operation result in DB */ { - /* do transactional work */ - rctx->preflight_ok = GNUNET_NO; - if ( (GNUNET_OK == - TEH_DB_run_transaction (connection, - "reveal pre-check", - TEH_MT_REVEAL_PRECHECK, - &ret, - &refreshes_reveal_preflight, - rctx)) && - (GNUNET_YES == rctx->preflight_ok) ) + struct TALER_EXCHANGEDB_RefreshRevealedCoin rrcs[rctx->num_fresh_coins]; + enum GNUNET_DB_QueryStatus qs; + + for (unsigned int i = 0; inum_fresh_coins; i++) { - /* Generate final (positive) response */ - GNUNET_assert (NULL != rctx->ev_sigs); - ret = reply_refreshes_reveal_success (connection, - num_fresh_coins, - rctx->ev_sigs); - GNUNET_break (MHD_NO != ret); - goto cleanup; /* aka 'break' */ + struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrc = &rrcs[i]; + + rrc->h_denom_pub = dk_h[i]; + rrc->orig_coin_link_sig = link_sigs[i]; + rrc->coin_ev = rcds[i].coin_ev; + rrc->coin_ev_size = rcds[i].coin_ev_size; + rrc->coin_sig = ev_sigs[i]; } - if (GNUNET_SYSERR == rctx->preflight_ok) + qs = TEH_plugin->insert_refresh_reveal (TEH_plugin->cls, + melt_serial_id, + num_fresh_coins, + rrcs, + TALER_CNC_KAPPA - 1, + rctx->transfer_privs, + &rctx->gamma_tp); + if (0 > qs) { GNUNET_break (0); - goto cleanup; /* aka 'break' */ + ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_STORE_FAILED, + "insert_refresh_reveal"); + goto cleanup; } - if (GNUNET_OK != - TEH_DB_run_transaction (connection, - "run reveal", - TEH_MT_REVEAL, - &ret, - &refreshes_reveal_transaction, - rctx)) - { - /* reveal failed, too bad */ - GNUNET_break_op (0); - goto cleanup; /* aka 'break' */ - } - if (GNUNET_OK == - TEH_DB_run_transaction (connection, - "persist reveal", - TEH_MT_REVEAL_PERSIST, - &ret, - &refreshes_reveal_persist, - rctx)) - { - /* Generate final (positive) response */ - GNUNET_assert (NULL != rctx->ev_sigs); - ret = reply_refreshes_reveal_success (connection, - num_fresh_coins, - rctx->ev_sigs); - break; - } - /* If we get here, the final transaction failed, possibly - due to a conflict between the pre-flight and us persisting - the result, so we go again. */ - } /* end for (retries...) */ + } + /* Generate final (positive) response */ + ret = reply_refreshes_reveal_success (connection, + num_fresh_coins, + ev_sigs); cleanup: GNUNET_break (MHD_NO != ret); /* free resources */ - if (NULL != rctx->ev_sigs) - { - for (unsigned int i = 0; iev_sigs[i]); - GNUNET_free (rctx->ev_sigs); - rctx->ev_sigs = NULL; /* just to be safe... */ - } + for (unsigned int i = 0; itransfer_privs[i]), + GNUNET_JSON_spec_fixed_auto (NULL, + &rctx->transfer_privs[i]), GNUNET_JSON_spec_end () }; enum GNUNET_GenericReturnValue res; @@ -861,11 +657,16 @@ TEH_handler_reveal (struct TEH_RequestContext *rc, json_t *new_denoms_h; struct RevealContext rctx; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_fixed_auto ("transfer_pub", &rctx.gamma_tp), - GNUNET_JSON_spec_json ("transfer_privs", &transfer_privs), - GNUNET_JSON_spec_json ("link_sigs", &link_sigs), - GNUNET_JSON_spec_json ("coin_evs", &coin_evs), - GNUNET_JSON_spec_json ("new_denoms_h", &new_denoms_h), + GNUNET_JSON_spec_fixed_auto ("transfer_pub", + &rctx.gamma_tp), + GNUNET_JSON_spec_json ("transfer_privs", + &transfer_privs), + GNUNET_JSON_spec_json ("link_sigs", + &link_sigs), + GNUNET_JSON_spec_json ("coin_evs", + &coin_evs), + GNUNET_JSON_spec_json ("new_denoms_h", + &new_denoms_h), GNUNET_JSON_spec_end () }; diff --git a/src/exchange/taler-exchange-httpd_refund.c b/src/exchange/taler-exchange-httpd_refund.c index a1ef50a32..a3b066280 100644 --- a/src/exchange/taler-exchange-httpd_refund.c +++ b/src/exchange/taler-exchange-httpd_refund.c @@ -81,6 +81,28 @@ reply_refund_success (struct MHD_Connection *connection, } +/** + * Closure for refund_transaction(). + */ +struct RefundContext +{ + /** + * Details about the deposit operation. + */ + const struct TALER_EXCHANGEDB_Refund *refund; + + /** + * Deposit fee of the coin. + */ + struct TALER_Amount deposit_fee; + + /** + * Unique ID of the coin in known_coins. + */ + uint64_t known_coin_id; +}; + + /** * Execute a "/refund" transaction. Returns a confirmation that the * refund was successful, or a failure if we are not aware of a @@ -103,255 +125,67 @@ refund_transaction (void *cls, struct MHD_Connection *connection, MHD_RESULT *mhd_ret) { - const struct TALER_EXCHANGEDB_Refund *refund = cls; - struct TALER_EXCHANGEDB_TransactionList *tl; /* head of original list */ - struct TALER_EXCHANGEDB_TransactionList *tlx; /* head of sublist that applies to merchant and contract */ - struct TALER_EXCHANGEDB_TransactionList *tln; /* next element, during iteration */ - struct TALER_EXCHANGEDB_TransactionList *tlp; /* previous element in 'tl' list, during iteration */ + struct RefundContext *rctx = cls; + const struct TALER_EXCHANGEDB_Refund *refund = rctx->refund; enum GNUNET_DB_QueryStatus qs; - bool deposit_found; /* deposit_total initialized? */ - bool refund_found; /* refund_total initialized? */ - struct TALER_Amount deposit_total; - struct TALER_Amount refund_total; + bool not_found; + bool refund_ok; + bool conflict; + bool gone; - tl = NULL; - qs = TEH_plugin->get_coin_transactions (TEH_plugin->cls, - &refund->coin.coin_pub, - GNUNET_NO, - &tl); + /* Finally, store new refund data */ + qs = TEH_plugin->do_refund (TEH_plugin->cls, + refund, + &rctx->deposit_fee, + rctx->known_coin_id, + ¬_found, + &refund_ok, + &gone, + &conflict); if (0 > qs) { if (GNUNET_DB_STATUS_HARD_ERROR == qs) *mhd_ret = TALER_MHD_reply_with_error (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_FETCH_FAILED, - "coin transactions"); + "do refund"); return qs; } - deposit_found = false; - refund_found = false; - tlx = NULL; /* relevant subset of transactions */ - tln = NULL; - tlp = NULL; - for (struct TALER_EXCHANGEDB_TransactionList *tli = tl; - NULL != tli; - tli = tln) + + if (gone) { - tln = tli->next; - switch (tli->type) - { - case TALER_EXCHANGEDB_TT_DEPOSIT: - { - const struct TALER_EXCHANGEDB_DepositListEntry *dep; - - dep = tli->details.deposit; - if ( (0 == GNUNET_memcmp (&dep->merchant_pub, - &refund->details.merchant_pub)) && - (0 == GNUNET_memcmp (&dep->h_contract_terms, - &refund->details.h_contract_terms)) ) - { - /* check if we already send the money for this /deposit */ - if (dep->done) - { - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tlx); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tln); - /* money was already transferred to merchant, can no longer refund */ - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_GONE, - TALER_EC_EXCHANGE_REFUND_MERCHANT_ALREADY_PAID, - NULL); - return GNUNET_DB_STATUS_HARD_ERROR; - } - - /* deposit applies and was not yet wired; add to total (it is NOT - the case that multiple deposits of the same coin for the same - contract are really allowed (see UNIQUE constraint on 'deposits' - table), but in case this changes we tolerate it with this code - anyway). */// - if (deposit_found) - { - GNUNET_assert (0 <= - TALER_amount_add (&deposit_total, - &deposit_total, - &dep->amount_with_fee)); - } - else - { - deposit_total = dep->amount_with_fee; - deposit_found = true; - } - /* move 'tli' from 'tl' to 'tlx' list */ - if (NULL == tlp) - tl = tln; - else - tlp->next = tln; - tli->next = tlx; - tlx = tli; - break; - } - else - { - tlp = tli; - } - break; - } - case TALER_EXCHANGEDB_TT_MELT: - /* Melts cannot be refunded, ignore here */ - break; - case TALER_EXCHANGEDB_TT_REFUND: - { - const struct TALER_EXCHANGEDB_RefundListEntry *ref; - - ref = tli->details.refund; - if ( (0 != GNUNET_memcmp (&ref->merchant_pub, - &refund->details.merchant_pub)) || - (0 != GNUNET_memcmp (&ref->h_contract_terms, - &refund->details.h_contract_terms)) ) - { - tlp = tli; - break; /* refund does not apply to our transaction */ - } - /* Check if existing refund request matches in everything but the amount */ - if ( (ref->rtransaction_id == - refund->details.rtransaction_id) && - (0 != TALER_amount_cmp (&ref->refund_amount, - &refund->details.refund_amount)) ) - { - /* Generate precondition failed response, with ONLY the conflicting entry */ - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tlx); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tln); - tli->next = NULL; - *mhd_ret = TALER_MHD_REPLY_JSON_PACK ( - connection, - MHD_HTTP_PRECONDITION_FAILED, - TALER_JSON_pack_amount ("detail", - &ref->refund_amount), - TALER_JSON_pack_ec (TALER_EC_EXCHANGE_REFUND_INCONSISTENT_AMOUNT), - GNUNET_JSON_pack_array_steal ("history", - TEH_RESPONSE_compile_transaction_history ( - &refund->coin.coin_pub, - tli))); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tli); - return GNUNET_DB_STATUS_HARD_ERROR; - } - /* Check if existing refund request matches in everything including the amount */ - if ( (ref->rtransaction_id == - refund->details.rtransaction_id) && - (0 == TALER_amount_cmp (&ref->refund_amount, - &refund->details.refund_amount)) ) - { - /* we can blanketly approve, as this request is identical to one - we saw before */ - *mhd_ret = reply_refund_success (connection, - &refund->coin.coin_pub, - ref); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tlx); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tl); - /* we still abort the transaction, as there is nothing to be - committed! */ - return GNUNET_DB_STATUS_HARD_ERROR; - } - - /* We have another refund, that relates, add to total */ - if (refund_found) - { - GNUNET_assert (0 <= - TALER_amount_add (&refund_total, - &refund_total, - &ref->refund_amount)); - } - else - { - refund_total = ref->refund_amount; - refund_found = true; - } - /* move 'tli' from 'tl' to 'tlx' list */ - if (NULL == tlp) - tl = tln; - else - tlp->next = tln; - tli->next = tlx; - tlx = tli; - break; - } - case TALER_EXCHANGEDB_TT_OLD_COIN_RECOUP: - /* Recoups cannot be refunded, ignore here */ - break; - case TALER_EXCHANGEDB_TT_RECOUP: - /* Recoups cannot be refunded, ignore here */ - break; - case TALER_EXCHANGEDB_TT_RECOUP_REFRESH: - /* Recoups cannot be refunded, ignore here */ - break; - } + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_GONE, + TALER_EC_EXCHANGE_REFUND_MERCHANT_ALREADY_PAID, + NULL); + return GNUNET_DB_STATUS_HARD_ERROR; } - /* no need for 'tl' anymore, everything we may still care about is in tlx now */ - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tl); - /* handle if deposit was NOT found */ - if (! deposit_found) + if (conflict) + { + TEH_plugin->rollback (TEH_plugin->cls); + *mhd_ret = TEH_RESPONSE_reply_coin_insufficient_funds ( + connection, + TALER_EC_EXCHANGE_REFUND_INCONSISTENT_AMOUNT, + &refund->coin.coin_pub); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if (not_found) { - TALER_LOG_WARNING ("Deposit to /refund was not found\n"); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tlx); *mhd_ret = TALER_MHD_reply_with_error (connection, MHD_HTTP_NOT_FOUND, TALER_EC_EXCHANGE_REFUND_DEPOSIT_NOT_FOUND, NULL); return GNUNET_DB_STATUS_HARD_ERROR; } - - /* check total refund amount is sufficiently low */ - if (refund_found) - GNUNET_break (0 <= - TALER_amount_add (&refund_total, - &refund_total, - &refund->details.refund_amount)); - else - refund_total = refund->details.refund_amount; - - if (1 == TALER_amount_cmp (&refund_total, - &deposit_total) ) + if (! refund_ok) { - *mhd_ret = TALER_MHD_REPLY_JSON_PACK ( + TEH_plugin->rollback (TEH_plugin->cls); + *mhd_ret = TEH_RESPONSE_reply_coin_insufficient_funds ( connection, - MHD_HTTP_CONFLICT, - GNUNET_JSON_pack_string ("detail", - "total amount refunded exceeds total amount deposited for this coin"), - TALER_JSON_pack_ec ( - TALER_EC_EXCHANGE_REFUND_CONFLICT_DEPOSIT_INSUFFICIENT), - GNUNET_JSON_pack_array_steal ("history", - TEH_RESPONSE_compile_transaction_history ( - &refund->coin.coin_pub, - tlx))); - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tlx); + TALER_EC_EXCHANGE_REFUND_CONFLICT_DEPOSIT_INSUFFICIENT, + &refund->coin.coin_pub); return GNUNET_DB_STATUS_HARD_ERROR; } - TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, - tlx); - - - /* Finally, store new refund data */ - qs = TEH_plugin->insert_refund (TEH_plugin->cls, - refund); - if (GNUNET_DB_STATUS_HARD_ERROR == qs) - { - TALER_LOG_WARNING ("Failed to store /refund information in database\n"); - *mhd_ret = TALER_MHD_reply_with_error (connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_STORE_FAILED, - "refund"); - return qs; - } - /* Success or soft failure */ return qs; } @@ -371,7 +205,11 @@ verify_and_execute_refund (struct MHD_Connection *connection, struct TALER_EXCHANGEDB_Refund *refund) { struct TALER_DenominationHash denom_hash; + struct RefundContext rctx = { + .refund = refund + }; + // FIXME: move to libtalerutil! { struct TALER_RefundRequestPS rr = { .purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_REFUND), @@ -404,6 +242,7 @@ verify_and_execute_refund (struct MHD_Connection *connection, qs = TEH_plugin->get_coin_denomination (TEH_plugin->cls, &refund->coin.coin_pub, + &rctx.known_coin_id, &denom_hash); if (0 > qs) { @@ -438,6 +277,7 @@ verify_and_execute_refund (struct MHD_Connection *connection, return mret; } refund->details.refund_fee = dk->meta.fee_refund; + rctx.deposit_fee = dk->meta.fee_deposit; } /* Finally run the actual transaction logic */ @@ -450,7 +290,7 @@ verify_and_execute_refund (struct MHD_Connection *connection, TEH_MT_OTHER, &mhd_ret, &refund_transaction, - (void *) refund)) + &rctx)) { return mhd_ret; } diff --git a/src/exchange/taler-exchange-httpd_responses.c b/src/exchange/taler-exchange-httpd_responses.c index 8c24efc9d..5739e6709 100644 --- a/src/exchange/taler-exchange-httpd_responses.c +++ b/src/exchange/taler-exchange-httpd_responses.c @@ -122,25 +122,15 @@ TEH_RESPONSE_compile_transaction_history ( { const struct TALER_EXCHANGEDB_MeltListEntry *melt = pos->details.melt; - struct TALER_RefreshMeltCoinAffirmationPS ms = { - .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_MELT), - .purpose.size = htonl (sizeof (ms)), - .rc = melt->rc, - .h_denom_pub = melt->h_denom_pub, - .coin_pub = *coin_pub - }; - TALER_amount_hton (&ms.amount_with_fee, - &melt->amount_with_fee); - TALER_amount_hton (&ms.melt_fee, - &melt->melt_fee); #if ENABLE_SANITY_CHECKS - /* internal sanity check before we hand out a bogus sig... */ if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_MELT, - &ms, - &melt->coin_sig.eddsa_signature, - &coin_pub->eddsa_pub)) + TALER_wallet_melt_verify (&melt->amount_with_fee, + &melt->melt_fee, + &melt->rc, + &melt->h_denom_pub, + coin_pub, + &melt->coin_sig)) { GNUNET_break (0); json_decref (history); @@ -175,6 +165,7 @@ TEH_RESPONSE_compile_transaction_history ( const struct TALER_EXCHANGEDB_RefundListEntry *refund = pos->details.refund; struct TALER_Amount value; + // FIXME: move to libtalerutil! struct TALER_RefundRequestPS rr = { .purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_REFUND), .purpose.size = htonl (sizeof (rr)), @@ -461,13 +452,14 @@ MHD_RESULT TEH_RESPONSE_reply_expired_denom_pub_hash ( struct MHD_Connection *connection, const struct TALER_DenominationHash *dph, - struct GNUNET_TIME_Timestamp now, enum TALER_ErrorCode ec, const char *oper) { struct TALER_ExchangePublicKeyP epub; struct TALER_ExchangeSignatureP esig; enum TALER_ErrorCode ecr; + struct GNUNET_TIME_Timestamp now + = GNUNET_TIME_timestamp_get (); struct TALER_DenominationExpiredAffirmationPS dua = { .purpose.size = htonl (sizeof (dua)), .purpose.purpose = htonl ( @@ -525,13 +517,31 @@ MHD_RESULT TEH_RESPONSE_reply_coin_insufficient_funds ( struct MHD_Connection *connection, enum TALER_ErrorCode ec, - const struct TALER_CoinSpendPublicKeyP *coin_pub, - const struct TALER_EXCHANGEDB_TransactionList *tl) + const struct TALER_CoinSpendPublicKeyP *coin_pub) { + struct TALER_EXCHANGEDB_TransactionList *tl; + enum GNUNET_DB_QueryStatus qs; json_t *history; + // FIXME: maybe start read-committed transaction here? + // => check all callers (that they aborted already!) + qs = TEH_plugin->get_coin_transactions (TEH_plugin->cls, + coin_pub, + GNUNET_NO, + &tl); + if (0 > qs) + { + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + NULL); + } + history = TEH_RESPONSE_compile_transaction_history (coin_pub, tl); + TEH_plugin->free_coin_transaction_list (TEH_plugin->cls, + tl); if (NULL == history) { GNUNET_break (0); @@ -542,7 +552,7 @@ TEH_RESPONSE_reply_coin_insufficient_funds ( } return TALER_MHD_REPLY_JSON_PACK ( connection, - MHD_HTTP_CONFLICT, + TALER_ErrorCode_get_http_status_safe (ec), TALER_JSON_pack_ec (ec), GNUNET_JSON_pack_array_steal ("history", history)); diff --git a/src/exchange/taler-exchange-httpd_responses.h b/src/exchange/taler-exchange-httpd_responses.h index e15901120..db2286ffa 100644 --- a/src/exchange/taler-exchange-httpd_responses.h +++ b/src/exchange/taler-exchange-httpd_responses.h @@ -67,7 +67,6 @@ TEH_RESPONSE_reply_unknown_denom_pub_hash ( * * @param connection connection to the client * @param dph denomination public key hash - * @param now timestamp to use * @param ec error code to use * @param oper name of the operation that is not allowed at this time * @return MHD result code @@ -76,7 +75,6 @@ MHD_RESULT TEH_RESPONSE_reply_expired_denom_pub_hash ( struct MHD_Connection *connection, const struct TALER_DenominationHash *dph, - struct GNUNET_TIME_Timestamp now, enum TALER_ErrorCode ec, const char *oper); @@ -90,15 +88,13 @@ TEH_RESPONSE_reply_expired_denom_pub_hash ( * @param connection connection to the client * @param ec error code to return * @param coin_pub public key of the coin - * @param tl transaction list to use to build reply * @return MHD result code */ MHD_RESULT TEH_RESPONSE_reply_coin_insufficient_funds ( struct MHD_Connection *connection, enum TALER_ErrorCode ec, - const struct TALER_CoinSpendPublicKeyP *coin_pub, - const struct TALER_EXCHANGEDB_TransactionList *tl); + const struct TALER_CoinSpendPublicKeyP *coin_pub); /** diff --git a/src/exchange/taler-exchange-httpd_withdraw.c b/src/exchange/taler-exchange-httpd_withdraw.c index dfd10b5e4..2e53803a9 100644 --- a/src/exchange/taler-exchange-httpd_withdraw.c +++ b/src/exchange/taler-exchange-httpd_withdraw.c @@ -94,7 +94,7 @@ struct WithdrawContext /** * Blinded planchet. */ - char *blinded_msg; + void *blinded_msg; /** * Number of bytes in @e blinded_msg. @@ -141,6 +141,7 @@ withdraw_transaction (void *cls, bool found = false; bool balance_ok = false; struct GNUNET_TIME_Timestamp now; + uint64_t ruuid; now = GNUNET_TIME_timestamp_get (); wc->collectable.reserve_pub = wc->wsrd.reserve_pub; @@ -150,7 +151,8 @@ withdraw_transaction (void *cls, now, &found, &balance_ok, - &wc->kyc); + &wc->kyc, + &ruuid); if (0 > qs) { if (GNUNET_DB_STATUS_HARD_ERROR == qs) @@ -174,6 +176,7 @@ withdraw_transaction (void *cls, struct TALER_Amount balance; TEH_plugin->rollback (TEH_plugin->cls); + // FIXME: maybe start read-committed here? if (GNUNET_OK != TEH_plugin->start (TEH_plugin->cls, "get_reserve_history on insufficient balance")) @@ -232,7 +235,7 @@ withdraw_transaction (void *cls, qs2 = TEH_plugin->do_withdraw_limit_check ( TEH_plugin->cls, - &wc->collectable.reserve_pub, + ruuid, GNUNET_TIME_absolute_subtract (now.abs_time, TEH_kyc_config.withdraw_period), &TEH_kyc_config.withdraw_limit, @@ -249,6 +252,7 @@ withdraw_transaction (void *cls, } if (! below_limit) { + TEH_plugin->rollback (TEH_plugin->cls); *mhd_ret = TALER_MHD_REPLY_JSON_PACK ( connection, MHD_HTTP_ACCEPTED, @@ -313,7 +317,7 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, struct WithdrawContext wc; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_varsize ("coin_ev", - (void **) &wc.blinded_msg, + &wc.blinded_msg, &wc.blinded_msg_len), GNUNET_JSON_spec_fixed_auto ("reserve_sig", &wc.collectable.reserve_sig), @@ -398,7 +402,6 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, return TEH_RESPONSE_reply_expired_denom_pub_hash ( rc->connection, &wc.collectable.denom_pub_hash, - GNUNET_TIME_timestamp_get (), TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED, "WITHDRAW"); } @@ -413,7 +416,6 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, return TEH_RESPONSE_reply_expired_denom_pub_hash ( rc->connection, &wc.collectable.denom_pub_hash, - GNUNET_TIME_timestamp_get (), TALER_EC_EXCHANGE_GENERIC_DENOMINATION_VALIDITY_IN_FUTURE, "WITHDRAW"); } @@ -428,7 +430,6 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, return TEH_RESPONSE_reply_expired_denom_pub_hash ( rc->connection, &wc.collectable.denom_pub_hash, - GNUNET_TIME_timestamp_get (), TALER_EC_EXCHANGE_GENERIC_DENOMINATION_REVOKED, "WITHDRAW"); } @@ -437,22 +438,21 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, } } + if (0 > + TALER_amount_add (&wc.collectable.amount_with_fee, + &dk->meta.value, + &dk->meta.fee_withdraw)) { - if (0 > - TALER_amount_add (&wc.collectable.amount_with_fee, - &dk->meta.value, - &dk->meta.fee_withdraw)) - { - GNUNET_JSON_parse_free (spec); - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_EXCHANGE_WITHDRAW_AMOUNT_FEE_OVERFLOW, - NULL); - } - TALER_amount_hton (&wc.wsrd.amount_with_fee, - &wc.collectable.amount_with_fee); + GNUNET_JSON_parse_free (spec); + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_EXCHANGE_WITHDRAW_AMOUNT_FEE_OVERFLOW, + NULL); } + TALER_amount_hton (&wc.wsrd.amount_with_fee, + &wc.collectable.amount_with_fee); + // FIXME: move this logic into libtalerutil! /* verify signature! */ wc.wsrd.purpose.size = htonl (sizeof (wc.wsrd)); @@ -495,7 +495,7 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, NULL); } - /* run transaction and sign (if not optimistically signed before) */ + /* run transaction */ { MHD_RESULT mhd_ret; diff --git a/src/exchangedb/drop0001.sql b/src/exchangedb/drop0001.sql index 3dcbb81fa..f28a6b77e 100644 --- a/src/exchangedb/drop0001.sql +++ b/src/exchangedb/drop0001.sql @@ -54,10 +54,21 @@ DROP TABLE IF EXISTS reserves CASCADE; DROP TABLE IF EXISTS denomination_revocations CASCADE; DROP TABLE IF EXISTS denominations CASCADE; -DROP FUNCTION IF EXISTS exchange_do_withdraw(bigint,integer,bytea,bytea,bytea,bytea,bytea,bigint,bigint) ; +DROP FUNCTION IF EXISTS exchange_do_withdraw(bigint,int,bytea,bytea,bytea,bytea,bytea,bigint,bigint) ; -DROP FUNCTION IF EXISTS exchange_do_withdraw_limit_check(bigint,bigint,bigint,int) ; +DROP FUNCTION IF EXISTS exchange_do_withdraw_limit_check(bytea,bigint,bigint,int) ; +DROP FUNCTION IF EXISTS exchange_do_deposit; + +DROP FUNCTION IF EXISTS exchange_do_melt; + +DROP FUNCTION IF EXISTS exchange_do_refund; + +DROP FUNCTION IF EXISTS exchange_do_recoup_to_coin; + +DROP FUNCTION IF EXISTS exchange_do_recoup_to_reserve; + +-- FIXME: drop other stored functions! -- And we're out of here... COMMIT; diff --git a/src/exchangedb/exchange-0001.sql b/src/exchangedb/exchange-0001.sql index 1c532d425..33b300bc4 100644 --- a/src/exchangedb/exchange-0001.sql +++ b/src/exchangedb/exchange-0001.sql @@ -52,7 +52,7 @@ COMMENT ON COLUMN denominations.age_restrictions COMMENT ON COLUMN denominations.denominations_serial IS 'needed for exchange-auditor replication logic'; -CREATE INDEX IF NOT EXISTS denominations_expire_legal_index +CREATE INDEX IF NOT EXISTS denominations_by_expire_legal_index ON denominations (expire_legal); @@ -67,13 +67,13 @@ COMMENT ON TABLE denomination_revocations CREATE TABLE IF NOT EXISTS wire_targets -(wire_target_serial_id BIGSERIAL UNIQUE -,h_payto BYTEA NOT NULL CHECK (LENGTH(h_payto)=64) -,payto_uri VARCHAR NOT NULL -,kyc_ok BOOLEAN NOT NULL DEFAULT (FALSE) -,external_id VARCHAR -,PRIMARY KEY (h_payto) -); + (wire_target_serial_id BIGSERIAL -- UNIQUE + ,h_payto BYTEA PRIMARY KEY CHECK (LENGTH(h_payto)=64) + ,payto_uri VARCHAR NOT NULL + ,kyc_ok BOOLEAN NOT NULL DEFAULT (FALSE) + ,external_id VARCHAR + ) + PARTITION BY HASH (h_payto); COMMENT ON TABLE wire_targets IS 'All senders and recipients of money via the exchange'; COMMENT ON COLUMN wire_targets.payto_uri @@ -84,7 +84,9 @@ COMMENT ON COLUMN wire_targets.kyc_ok IS 'true if the KYC check was passed successfully'; COMMENT ON COLUMN wire_targets.external_id IS 'Name of the user that was used for OAuth 2.0-based legitimization'; - +CREATE TABLE IF NOT EXISTS wire_targets_default + PARTITION OF wire_targets + FOR VALUES WITH (MODULUS 1, REMAINDER 0); CREATE TABLE IF NOT EXISTS reserves (reserve_uuid BIGSERIAL @@ -95,122 +97,134 @@ CREATE TABLE IF NOT EXISTS reserves ,gc_date INT8 NOT NULL ) PARTITION BY HASH (reserve_pub); - COMMENT ON TABLE reserves IS 'Summarizes the balance of a reserve. Updated when new funds are added or withdrawn.'; +COMMENT ON COLUMN reserves.reserve_pub + IS 'EdDSA public key of the reserve. Knowledge of the private key implies ownership over the balance.'; +COMMENT ON COLUMN reserves.current_balance_val + IS 'Current balance remaining with the reserve'; COMMENT ON COLUMN reserves.expiration_date IS 'Used to trigger closing of reserves that have not been drained after some time'; COMMENT ON COLUMN reserves.gc_date IS 'Used to forget all information about a reserve during garbage collection'; +CREATE TABLE IF NOT EXISTS reserves_default + PARTITION OF reserves + FOR VALUES WITH (MODULUS 1, REMAINDER 0); -CREATE TABLE reserves_0 PARTITION OF reserves FOR VALUES WITH (MODULUS 8, REMAINDER 0); -CREATE TABLE reserves_1 PARTITION OF reserves FOR VALUES WITH (MODULUS 8, REMAINDER 1); -CREATE TABLE reserves_2 PARTITION OF reserves FOR VALUES WITH (MODULUS 8, REMAINDER 2); -CREATE TABLE reserves_3 PARTITION OF reserves FOR VALUES WITH (MODULUS 8, REMAINDER 3); -CREATE TABLE reserves_4 PARTITION OF reserves FOR VALUES WITH (MODULUS 8, REMAINDER 4); -CREATE TABLE reserves_5 PARTITION OF reserves FOR VALUES WITH (MODULUS 8, REMAINDER 5); -CREATE TABLE reserves_6 PARTITION OF reserves FOR VALUES WITH (MODULUS 8, REMAINDER 6); -CREATE TABLE reserves_7 PARTITION OF reserves FOR VALUES WITH (MODULUS 8, REMAINDER 7); - - - -CREATE INDEX IF NOT EXISTS reserves_expiration_index +CREATE INDEX IF NOT EXISTS reserves_by_expiration_index ON reserves (expiration_date ,current_balance_val ,current_balance_frac ); -COMMENT ON INDEX reserves_expiration_index +COMMENT ON INDEX reserves_by_expiration_index IS 'used in get_expired_reserves'; - -CREATE INDEX IF NOT EXISTS reserves_gc_index +CREATE INDEX IF NOT EXISTS reserves_by_reserve_uuid_index + ON reserves + (reserve_uuid); +CREATE INDEX IF NOT EXISTS reserves_by_gc_date_index ON reserves (gc_date); -COMMENT ON INDEX reserves_gc_index +COMMENT ON INDEX reserves_by_gc_date_index IS 'for reserve garbage collection'; CREATE TABLE IF NOT EXISTS reserves_in - (reserve_in_serial_id BIGSERIAL UNIQUE - ,reserve_pub BYTEA NOT NULL REFERENCES reserves (reserve_pub) ON DELETE CASCADE + (reserve_in_serial_id BIGSERIAL -- UNIQUE + ,reserve_pub BYTEA PRIMARY KEY REFERENCES reserves (reserve_pub) ON DELETE CASCADE ,wire_reference INT8 NOT NULL ,credit_val INT8 NOT NULL ,credit_frac INT4 NOT NULL - ,wire_source_serial_id INT8 NOT NULL REFERENCES wire_targets (wire_target_serial_id) + ,wire_source_serial_id INT8 NOT NULL -- REFERENCES wire_targets (wire_target_serial_id) ,exchange_account_section TEXT NOT NULL ,execution_date INT8 NOT NULL - ,PRIMARY KEY (reserve_pub, wire_reference) - ); + ) + PARTITION BY HASH (reserve_pub); COMMENT ON TABLE reserves_in IS 'list of transfers of funds into the reserves, one per incoming wire transfer'; COMMENT ON COLUMN reserves_in.wire_source_serial_id IS 'Identifies the debited bank account and KYC status'; -CREATE INDEX IF NOT EXISTS reserves_in_execution_index +COMMENT ON COLUMN reserves_in.reserve_pub + IS 'Public key of the reserve. Private key signifies ownership of the remaining balance.'; +COMMENT ON COLUMN reserves_in.credit_val + IS 'Amount that was transferred into the reserve'; +CREATE TABLE IF NOT EXISTS reserves_in_default + PARTITION OF reserves_in + FOR VALUES WITH (MODULUS 1, REMAINDER 0); + +CREATE INDEX IF NOT EXISTS reserves_in_by_reserve_in_serial_id_index + ON reserves_in + (reserve_in_serial_id); +CREATE INDEX IF NOT EXISTS reserves_in_by_exchange_account_section_execution_date_index ON reserves_in (exchange_account_section ,execution_date ); -CREATE INDEX IF NOT EXISTS reserves_in_exchange_account_serial +CREATE INDEX IF NOT EXISTS reserves_in_by_exchange_account_reserve_in_serial_id_index ON reserves_in (exchange_account_section, reserve_in_serial_id DESC ); - CREATE TABLE IF NOT EXISTS reserves_close - (close_uuid BIGSERIAL PRIMARY KEY + (close_uuid BIGSERIAL -- UNIQUE / PRIMARY KEY ,reserve_pub BYTEA NOT NULL REFERENCES reserves (reserve_pub) ON DELETE CASCADE ,execution_date INT8 NOT NULL ,wtid BYTEA NOT NULL CHECK (LENGTH(wtid)=32) - ,wire_target_serial_id INT8 NOT NULL REFERENCES wire_targets (wire_target_serial_id) + ,wire_target_serial_id INT8 NOT NULL -- REFERENCES wire_targets (wire_target_serial_id) ,amount_val INT8 NOT NULL ,amount_frac INT4 NOT NULL ,closing_fee_val INT8 NOT NULL - ,closing_fee_frac INT4 NOT NULL); + ,closing_fee_frac INT4 NOT NULL) + PARTITION BY HASH (reserve_pub); COMMENT ON TABLE reserves_close IS 'wire transfers executed by the reserve to close reserves'; COMMENT ON COLUMN reserves_close.wire_target_serial_id IS 'Identifies the credited bank account (and KYC status). Note that closing does not depend on KYC.'; +CREATE TABLE IF NOT EXISTS reserves_close_default + PARTITION OF reserves_close + FOR VALUES WITH (MODULUS 1, REMAINDER 0); -CREATE INDEX IF NOT EXISTS reserves_close_by_uuid +CREATE INDEX IF NOT EXISTS reserves_close_by_close_uuid_index + ON reserves_close + (close_uuid); +CREATE INDEX IF NOT EXISTS reserves_close_by_reserve_pub_index ON reserves_close (reserve_pub); CREATE TABLE IF NOT EXISTS reserves_out - (reserve_out_serial_id BIGSERIAL UNIQUE + (reserve_out_serial_id BIGSERIAL -- UNIQUE ,h_blind_ev BYTEA PRIMARY KEY CHECK (LENGTH(h_blind_ev)=64) ,denominations_serial INT8 NOT NULL REFERENCES denominations (denominations_serial) ,denom_sig BYTEA NOT NULL - ,reserve_pub BYTEA NOT NULL REFERENCES reserves (reserve_pub) ON DELETE CASCADE + ,reserve_uuid INT8 NOT NULL -- REFERENCES reserves (reserve_uuid) ON DELETE CASCADE ,reserve_sig BYTEA NOT NULL CHECK (LENGTH(reserve_sig)=64) ,execution_date INT8 NOT NULL ,amount_with_fee_val INT8 NOT NULL ,amount_with_fee_frac INT4 NOT NULL - ); + ) + PARTITION BY HASH (h_blind_ev); COMMENT ON TABLE reserves_out IS 'Withdraw operations performed on reserves.'; COMMENT ON COLUMN reserves_out.h_blind_ev IS 'Hash of the blinded coin, used as primary key here so that broken clients that use a non-random coin or blinding factor fail to withdraw (otherwise they would fail on deposit when the coin is not unique there).'; COMMENT ON COLUMN reserves_out.denominations_serial IS 'We do not CASCADE ON DELETE here, we may keep the denomination data alive'; +CREATE TABLE IF NOT EXISTS reserves_out_default + PARTITION OF reserves_out + FOR VALUES WITH (MODULUS 1, REMAINDER 0); -CREATE INDEX IF NOT EXISTS reserves_out_reserve_pub_index +CREATE INDEX IF NOT EXISTS reserves_out_by_reserve_out_serial_id_index ON reserves_out - (reserve_pub); -COMMENT ON INDEX reserves_out_reserve_pub_index - IS 'for get_reserves_out'; + (reserve_out_serial_id); +CREATE INDEX IF NOT EXISTS reserves_out_by_reserve_uuid_and_execution_date_index + ON reserves_out + (reserve_uuid, execution_date); +COMMENT ON INDEX reserves_out_by_reserve_uuid_and_execution_date_index + IS 'for get_reserves_out and exchange_do_withdraw_limit_check'; -CREATE INDEX IF NOT EXISTS reserves_out_execution_date - ON reserves_out - (execution_date); - -CREATE INDEX IF NOT EXISTS reserves_out_for_get_withdraw_info - ON reserves_out - (denominations_serial - ,h_blind_ev - ); CREATE TABLE IF NOT EXISTS auditors (auditor_uuid BIGSERIAL UNIQUE @@ -297,67 +311,78 @@ COMMENT ON COLUMN extensions.config CREATE TABLE IF NOT EXISTS known_coins - (known_coin_id BIGSERIAL UNIQUE + (known_coin_id BIGSERIAL -- UNIQUE + ,denominations_serial INT8 NOT NULL REFERENCES denominations (denominations_serial) ON DELETE CASCADE ,coin_pub BYTEA NOT NULL PRIMARY KEY CHECK (LENGTH(coin_pub)=32) ,age_hash BYTEA CHECK (LENGTH(age_hash)=32) - ,denominations_serial INT8 NOT NULL REFERENCES denominations (denominations_serial) ON DELETE CASCADE ,denom_sig BYTEA NOT NULL - ); + ,remaining_val INT8 NOT NULL + ,remaining_frac INT4 NOT NULL + ) + PARTITION BY HASH (coin_pub); -- FIXME: or include denominations_serial? or multi-level partitioning? COMMENT ON TABLE known_coins IS 'information about coins and their signatures, so we do not have to store the signatures more than once if a coin is involved in multiple operations'; +COMMENT ON COLUMN known_coins.denominations_serial + IS 'Denomination of the coin, determines the value of the original coin and applicable fees for coin-specific operations.'; COMMENT ON COLUMN known_coins.coin_pub IS 'EdDSA public key of the coin'; +COMMENT ON COLUMN known_coins.remaining_val + IS 'Value of the coin that remains to be spent'; COMMENT ON COLUMN known_coins.age_hash IS 'Optional hash for age restrictions as per DD 24 (active if denom_type has the respective bit set)'; COMMENT ON COLUMN known_coins.denom_sig IS 'This is the signature of the exchange that affirms that the coin is a valid coin. The specific signature type depends on denom_type of the denomination.'; +CREATE TABLE IF NOT EXISTS known_coins_default + PARTITION OF known_coins + FOR VALUES WITH (MODULUS 1, REMAINDER 0); -CREATE INDEX IF NOT EXISTS known_coins_by_denomination +CREATE INDEX IF NOT EXISTS known_coins_by_known_coin_id_index ON known_coins - (denominations_serial); -CREATE INDEX IF NOT EXISTS known_coins_by_hashed_coin_pub - ON known_coins - USING HASH (coin_pub); + (known_coin_id); CREATE TABLE IF NOT EXISTS refresh_commitments - (melt_serial_id BIGSERIAL UNIQUE + (melt_serial_id BIGSERIAL -- UNIQUE ,rc BYTEA PRIMARY KEY CHECK (LENGTH(rc)=64) - ,old_known_coin_id INT8 NOT NULL REFERENCES known_coins (known_coin_id) ON DELETE CASCADE + ,old_coin_pub BYTEA NOT NULL REFERENCES known_coins (coin_pub) ON DELETE CASCADE ,old_coin_sig BYTEA NOT NULL CHECK(LENGTH(old_coin_sig)=64) ,amount_with_fee_val INT8 NOT NULL ,amount_with_fee_frac INT4 NOT NULL ,noreveal_index INT4 NOT NULL - ); + ) + PARTITION BY HASH (rc); COMMENT ON TABLE refresh_commitments IS 'Commitments made when melting coins and the gamma value chosen by the exchange.'; COMMENT ON COLUMN refresh_commitments.noreveal_index IS 'The gamma value chosen by the exchange in the cut-and-choose protocol'; COMMENT ON COLUMN refresh_commitments.rc IS 'Commitment made by the client, hash over the various client inputs in the cut-and-choose protocol'; -COMMENT ON COLUMN refresh_commitments.old_known_coin_id +COMMENT ON COLUMN refresh_commitments.old_coin_pub IS 'Coin being melted in the refresh process.'; +CREATE TABLE IF NOT EXISTS refresh_commitments_default + PARTITION OF refresh_commitments + FOR VALUES WITH (MODULUS 1, REMAINDER 0); -CREATE INDEX IF NOT EXISTS refresh_commitments_old_coin_id_index +CREATE INDEX IF NOT EXISTS refresh_commitments_by_melt_serial_id_index ON refresh_commitments - (old_known_coin_id); -CREATE INDEX IF NOT EXISTS known_coins_by_hashed_rc + (melt_serial_id); +CREATE INDEX IF NOT EXISTS refresh_commitments_by_old_coin_pub_index ON refresh_commitments - USING HASH (rc); + (old_coin_pub); CREATE TABLE IF NOT EXISTS refresh_revealed_coins - (rrc_serial BIGSERIAL UNIQUE - ,melt_serial_id INT8 NOT NULL REFERENCES refresh_commitments (melt_serial_id) ON DELETE CASCADE + (rrc_serial BIGSERIAL -- UNIQUE + ,melt_serial_id INT8 NOT NULL -- REFERENCES refresh_commitments (melt_serial_id) ON DELETE CASCADE ,freshcoin_index INT4 NOT NULL ,link_sig BYTEA NOT NULL CHECK(LENGTH(link_sig)=64) ,denominations_serial INT8 NOT NULL REFERENCES denominations (denominations_serial) ON DELETE CASCADE - ,coin_ev BYTEA UNIQUE NOT NULL - ,h_coin_ev BYTEA NOT NULL CHECK(LENGTH(h_coin_ev)=64) + ,coin_ev BYTEA NOT NULL -- UNIQUE + ,h_coin_ev BYTEA NOT NULL CHECK(LENGTH(h_coin_ev)=64) -- UNIQUE ,ev_sig BYTEA NOT NULL - ,PRIMARY KEY (melt_serial_id, freshcoin_index) - ,UNIQUE (h_coin_ev) - ); + -- ,PRIMARY KEY (melt_serial_id, freshcoin_index) -- done per shard + ) + PARTITION BY HASH (melt_serial_id); COMMENT ON TABLE refresh_revealed_coins IS 'Revelations about the new coins that are to be created during a melting session.'; COMMENT ON COLUMN refresh_revealed_coins.rrc_serial @@ -372,18 +397,28 @@ COMMENT ON COLUMN refresh_revealed_coins.h_coin_ev IS 'hash of the envelope of the new coin to be signed (for lookups)'; COMMENT ON COLUMN refresh_revealed_coins.ev_sig IS 'exchange signature over the envelope'; +CREATE TABLE IF NOT EXISTS refresh_revealed_coins_default + PARTITION OF refresh_revealed_coins + FOR VALUES WITH (MODULUS 1, REMAINDER 0); +-- We do require this primary key on each shard! +ALTER TABLE refresh_revealed_coins_default + ADD PRIMARY KEY (melt_serial_id, freshcoin_index); -CREATE INDEX IF NOT EXISTS refresh_revealed_coins_denominations_index +CREATE INDEX IF NOT EXISTS refresh_revealed_coins_by_rrc_serial_index ON refresh_revealed_coins - (denominations_serial); + (rrc_serial); +CREATE INDEX IF NOT EXISTS refresh_revealed_coins_by_melt_serial_id_index + ON refresh_revealed_coins + (melt_serial_id); CREATE TABLE IF NOT EXISTS refresh_transfer_keys - (rtc_serial BIGSERIAL UNIQUE - ,melt_serial_id INT8 PRIMARY KEY REFERENCES refresh_commitments (melt_serial_id) ON DELETE CASCADE + (rtc_serial BIGSERIAL -- UNIQUE + ,melt_serial_id INT8 PRIMARY KEY -- REFERENCES refresh_commitments (melt_serial_id) ON DELETE CASCADE ,transfer_pub BYTEA NOT NULL CHECK(LENGTH(transfer_pub)=32) ,transfer_privs BYTEA NOT NULL - ); + ) + PARTITION BY HASH (melt_serial_id); COMMENT ON TABLE refresh_transfer_keys IS 'Transfer keys of a refresh operation (the data revealed to the exchange).'; COMMENT ON COLUMN refresh_transfer_keys.rtc_serial @@ -394,14 +429,14 @@ COMMENT ON COLUMN refresh_transfer_keys.transfer_pub IS 'transfer public key for the gamma index'; COMMENT ON COLUMN refresh_transfer_keys.transfer_privs IS 'array of TALER_CNC_KAPPA - 1 transfer private keys that have been revealed, with the gamma entry being skipped'; +CREATE TABLE IF NOT EXISTS refresh_transfer_keys_default + PARTITION OF refresh_transfer_keys + FOR VALUES WITH (MODULUS 1, REMAINDER 0); -CREATE INDEX IF NOT EXISTS refresh_transfer_keys_coin_tpub +CREATE INDEX IF NOT EXISTS refresh_transfer_keys_by_rtc_serial_index ON refresh_transfer_keys - (melt_serial_id - ,transfer_pub - ); -COMMENT ON INDEX refresh_transfer_keys_coin_tpub - IS 'for get_link (unsure if this helps or hurts for performance as there should be very few transfer public keys per rc, but at least in theory this helps the ORDER BY clause)'; + (rtc_serial); + CREATE TABLE IF NOT EXISTS extension_details (extension_details_serial_id BIGSERIAL PRIMARY KEY @@ -413,9 +448,9 @@ COMMENT ON COLUMN extension_details.extension_options CREATE TABLE IF NOT EXISTS deposits - (deposit_serial_id BIGSERIAL PRIMARY KEY + (deposit_serial_id BIGSERIAL -- PRIMARY KEY ,shard INT8 NOT NULL - ,known_coin_id INT8 NOT NULL REFERENCES known_coins (known_coin_id) ON DELETE CASCADE + ,known_coin_id INT8 NOT NULL -- REFERENCES known_coins (known_coin_id) ON DELETE CASCADE ,amount_with_fee_val INT8 NOT NULL ,amount_with_fee_frac INT4 NOT NULL ,wallet_timestamp INT8 NOT NULL @@ -426,19 +461,25 @@ CREATE TABLE IF NOT EXISTS deposits ,h_contract_terms BYTEA NOT NULL CHECK (LENGTH(h_contract_terms)=64) ,coin_sig BYTEA NOT NULL CHECK (LENGTH(coin_sig)=64) ,wire_salt BYTEA NOT NULL CHECK (LENGTH(wire_salt)=16) - ,wire_target_serial_id INT8 NOT NULL REFERENCES wire_targets (wire_target_serial_id) + ,wire_target_serial_id INT8 NOT NULL -- REFERENCES wire_targets (wire_target_serial_id) ,tiny BOOLEAN NOT NULL DEFAULT FALSE ,done BOOLEAN NOT NULL DEFAULT FALSE ,extension_blocked BOOLEAN NOT NULL DEFAULT FALSE - ,extension_details_serial_id INT8 REFERENCES extension_details (extension_details_serial_id) - ,UNIQUE (known_coin_id, merchant_pub, h_contract_terms) - ); + ,extension_details_serial_id INT8 REFERENCES extension_details (extension_details_serial_id) ON DELETE CASCADE + ,UNIQUE (shard, known_coin_id, merchant_pub, h_contract_terms) + ) + PARTITION BY HASH (shard); +CREATE TABLE IF NOT EXISTS deposits_default + PARTITION OF deposits + FOR VALUES WITH (MODULUS 1, REMAINDER 0); + COMMENT ON TABLE deposits IS 'Deposits we have received and for which we need to make (aggregate) wire transfers (and manage refunds).'; COMMENT ON COLUMN deposits.shard IS 'Used for load sharding. Should be set based on h_payto and merchant_pub. 64-bit value because we need an *unsigned* 32-bit value.'; COMMENT ON COLUMN deposits.wire_target_serial_id - IS 'Identifies the target bank account and KYC status';COMMENT ON COLUMN deposits.wire_salt + IS 'Identifies the target bank account and KYC status'; +COMMENT ON COLUMN deposits.wire_salt IS 'Salt used when hashing the payto://-URI to get the h_wire'; COMMENT ON COLUMN deposits.done IS 'Set to TRUE once we have included this deposit in some aggregate wire transfer to the merchant'; @@ -449,15 +490,12 @@ COMMENT ON COLUMN deposits.extension_details_serial_id COMMENT ON COLUMN deposits.tiny IS 'Set to TRUE if we decided that the amount is too small to ever trigger a wire transfer by itself (requires real aggregation)'; -CREATE INDEX IF NOT EXISTS deposits_coin_pub_merchant_contract_index +-- FIXME: check if we can ALWAYS include the shard in the WHERE clauses, +-- thereby resulting in a much better use of the index: we could do (shard,deposit_serial_id)! +CREATE INDEX IF NOT EXISTS deposits_deposit_by_serial_id_index ON deposits - (known_coin_id - ,merchant_pub - ,h_contract_terms - ); -COMMENT ON INDEX deposits_coin_pub_merchant_contract_index - IS 'for get_deposit_for_wtid and test_deposit_done'; -CREATE INDEX IF NOT EXISTS deposits_get_ready_index + (deposit_serial_id); +CREATE INDEX IF NOT EXISTS deposits_for_get_ready_index ON deposits (shard ASC ,done @@ -465,9 +503,11 @@ CREATE INDEX IF NOT EXISTS deposits_get_ready_index ,tiny ,wire_deadline ASC ); -COMMENT ON INDEX deposits_coin_pub_merchant_contract_index +COMMENT ON INDEX deposits_for_get_ready_index IS 'for deposits_get_ready'; -CREATE INDEX IF NOT EXISTS deposits_iterate_matching_index +-- FIXME: check if we can ALWAYS include the shard in the WHERE clauses, +-- thereby resulting in a much better use of the index: we could do (shard,merchant_pub, ...)! +CREATE INDEX IF NOT EXISTS deposits_for_iterate_matching_index ON deposits (merchant_pub ,wire_target_serial_id @@ -475,57 +515,87 @@ CREATE INDEX IF NOT EXISTS deposits_iterate_matching_index ,extension_blocked ,refund_deadline ASC ); -COMMENT ON INDEX deposits_iterate_matching_index +COMMENT ON INDEX deposits_for_iterate_matching_index IS 'for deposits_iterate_matching'; CREATE TABLE IF NOT EXISTS refunds - (refund_serial_id BIGSERIAL UNIQUE - ,deposit_serial_id INT8 NOT NULL REFERENCES deposits (deposit_serial_id) ON DELETE CASCADE + (refund_serial_id BIGSERIAL -- UNIQUE + ,deposit_serial_id INT8 NOT NULL -- REFERENCES deposits (deposit_serial_id) ON DELETE CASCADE ,merchant_sig BYTEA NOT NULL CHECK(LENGTH(merchant_sig)=64) ,rtransaction_id INT8 NOT NULL ,amount_with_fee_val INT8 NOT NULL ,amount_with_fee_frac INT4 NOT NULL - ,PRIMARY KEY (deposit_serial_id, rtransaction_id) - ); + -- ,PRIMARY KEY (deposit_serial_id, rtransaction_id) -- done per shard! + ) + PARTITION BY HASH (deposit_serial_id); COMMENT ON TABLE refunds IS 'Data on coins that were refunded. Technically, refunds always apply against specific deposit operations involving a coin. The combination of coin_pub, merchant_pub, h_contract_terms and rtransaction_id MUST be unique, and we usually select by coin_pub so that one goes first.'; COMMENT ON COLUMN refunds.deposit_serial_id IS 'Identifies ONLY the merchant_pub, h_contract_terms and known_coin_id. Multiple deposits may match a refund, this only identifies one of them.'; COMMENT ON COLUMN refunds.rtransaction_id IS 'used by the merchant to make refunds unique in case the same coin for the same deposit gets a subsequent (higher) refund'; +CREATE TABLE IF NOT EXISTS refunds_default + PARTITION OF refunds + FOR VALUES WITH (MODULUS 1, REMAINDER 0); +ALTER TABLE refunds_default + ADD PRIMARY KEY (deposit_serial_id, rtransaction_id); + +CREATE INDEX IF NOT EXISTS refunds_by_refund_serial_id_index + ON refunds + (refund_serial_id); CREATE TABLE IF NOT EXISTS wire_out - (wireout_uuid BIGSERIAL PRIMARY KEY + (wireout_uuid BIGSERIAL -- PRIMARY KEY ,execution_date INT8 NOT NULL ,wtid_raw BYTEA UNIQUE NOT NULL CHECK (LENGTH(wtid_raw)=32) - ,wire_target_serial_id INT8 NOT NULL REFERENCES wire_targets (wire_target_serial_id) + ,wire_target_serial_id INT8 NOT NULL -- REFERENCES wire_targets (wire_target_serial_id) ,exchange_account_section TEXT NOT NULL ,amount_val INT8 NOT NULL ,amount_frac INT4 NOT NULL - ); + ) + PARTITION BY HASH (wtid_raw); COMMENT ON TABLE wire_out IS 'wire transfers the exchange has executed'; COMMENT ON COLUMN wire_out.exchange_account_section IS 'identifies the configuration section with the debit account of this payment'; COMMENT ON COLUMN wire_out.wire_target_serial_id IS 'Identifies the credited bank account and KYC status'; +CREATE TABLE IF NOT EXISTS wire_out_default + PARTITION OF wire_out + FOR VALUES WITH (MODULUS 1, REMAINDER 0); + +CREATE INDEX IF NOT EXISTS wire_out_by_wireout_uuid_index + ON wire_out + (wireout_uuid); +CREATE INDEX IF NOT EXISTS wire_out_by_wire_target_serial_id_index + ON wire_out + (wire_target_serial_id); + + CREATE TABLE IF NOT EXISTS aggregation_tracking - (aggregation_serial_id BIGSERIAL UNIQUE - ,deposit_serial_id INT8 PRIMARY KEY REFERENCES deposits (deposit_serial_id) ON DELETE CASCADE + (aggregation_serial_id BIGSERIAL -- UNIQUE + ,deposit_serial_id INT8 PRIMARY KEY -- REFERENCES deposits (deposit_serial_id) ON DELETE CASCADE ,wtid_raw BYTEA CONSTRAINT wire_out_ref REFERENCES wire_out(wtid_raw) ON DELETE CASCADE DEFERRABLE - ); + ) + PARTITION BY HASH (deposit_serial_id); COMMENT ON TABLE aggregation_tracking IS 'mapping from wire transfer identifiers (WTID) to deposits (and back)'; COMMENT ON COLUMN aggregation_tracking.wtid_raw IS 'We first create entries in the aggregation_tracking table and then finally the wire_out entry once we know the total amount. Hence the constraint must be deferrable and we cannot use a wireout_uuid here, because we do not have it when these rows are created. Changing the logic to first INSERT a dummy row into wire_out and then UPDATEing that row in the same transaction would theoretically reduce per-deposit storage costs by 5 percent (24/~460 bytes).'; +CREATE TABLE IF NOT EXISTS aggregation_tracking_default + PARTITION OF aggregation_tracking + FOR VALUES WITH (MODULUS 1, REMAINDER 0); -CREATE INDEX IF NOT EXISTS aggregation_tracking_wtid_index +CREATE INDEX IF NOT EXISTS aggregation_tracking_by_aggregation_serial_id_index + ON aggregation_tracking + (aggregation_serial_id); +CREATE INDEX IF NOT EXISTS aggregation_tracking_by_wtid_raw_index ON aggregation_tracking (wtid_raw); -COMMENT ON INDEX aggregation_tracking_wtid_index +COMMENT ON INDEX aggregation_tracking_by_wtid_raw_index IS 'for lookup_transactions'; @@ -546,52 +616,58 @@ COMMENT ON TABLE wire_fee COMMENT ON COLUMN wire_fee.wire_fee_serial IS 'needed for exchange-auditor replication logic'; -CREATE INDEX IF NOT EXISTS wire_fee_gc_index +CREATE INDEX IF NOT EXISTS wire_fee_by_end_date_index ON wire_fee (end_date); CREATE TABLE IF NOT EXISTS recoup - (recoup_uuid BIGSERIAL UNIQUE - ,known_coin_id INT8 NOT NULL REFERENCES known_coins (known_coin_id) + (recoup_uuid BIGSERIAL -- UNIQUE + ,known_coin_id INT8 NOT NULL -- REFERENCES known_coins (known_coin_id) ,coin_sig BYTEA NOT NULL CHECK(LENGTH(coin_sig)=64) ,coin_blind BYTEA NOT NULL CHECK(LENGTH(coin_blind)=32) ,amount_val INT8 NOT NULL ,amount_frac INT4 NOT NULL - ,timestamp INT8 NOT NULL - ,reserve_out_serial_id INT8 NOT NULL REFERENCES reserves_out (reserve_out_serial_id) ON DELETE CASCADE - ); + ,recoup_timestamp INT8 NOT NULL + ,reserve_out_serial_id INT8 NOT NULL -- REFERENCES reserves_out (reserve_out_serial_id) ON DELETE CASCADE + ) + PARTITION BY RANGE (known_coin_id); COMMENT ON TABLE recoup IS 'Information about recoups that were executed between a coin and a reserve. In this type of recoup, the amount is credited back to the reserve from which the coin originated.'; COMMENT ON COLUMN recoup.known_coin_id - IS 'Coin that is being debited in the recoup. Do not CASCADE ON DROP on the known_coin_id, as we may keep the coin alive!'; + IS 'Coin that is being debited in the recoup. Do not CASCADE ON DROP on the coin_pub, as we may keep the coin alive!'; COMMENT ON COLUMN recoup.reserve_out_serial_id IS 'Identifies the h_blind_ev of the recouped coin and provides the link to the credited reserve.'; COMMENT ON COLUMN recoup.coin_sig IS 'Signature by the coin affirming the recoup, of type TALER_SIGNATURE_WALLET_COIN_RECOUP'; COMMENT ON COLUMN recoup.coin_blind IS 'Denomination blinding key used when creating the blinded coin from the planchet. Secret revealed during the recoup to provide the linkage between the coin and the withdraw operation.'; +CREATE TABLE IF NOT EXISTS recoup_default + PARTITION OF recoup + DEFAULT; -CREATE INDEX IF NOT EXISTS recoup_by_h_blind_ev +CREATE INDEX IF NOT EXISTS recoup_by_recoup_uuid_index + ON recoup + (recoup_uuid); +CREATE INDEX IF NOT EXISTS recoup_by_reserve_out_serial_id_index ON recoup (reserve_out_serial_id); -CREATE INDEX IF NOT EXISTS recoup_for_by_reserve +CREATE INDEX IF NOT EXISTS recoup_by_known_coin_id_index ON recoup - (known_coin_id - ,reserve_out_serial_id - ); + (known_coin_id); CREATE TABLE IF NOT EXISTS recoup_refresh - (recoup_refresh_uuid BIGSERIAL UNIQUE - ,known_coin_id INT8 NOT NULL REFERENCES known_coins (known_coin_id) + (recoup_refresh_uuid BIGSERIAL -- UNIQUE + ,known_coin_id INT8 NOT NULL -- REFERENCES known_coins (known_coin_id) ,coin_sig BYTEA NOT NULL CHECK(LENGTH(coin_sig)=64) ,coin_blind BYTEA NOT NULL CHECK(LENGTH(coin_blind)=32) ,amount_val INT8 NOT NULL ,amount_frac INT4 NOT NULL - ,timestamp INT8 NOT NULL - ,rrc_serial INT8 NOT NULL UNIQUE REFERENCES refresh_revealed_coins (rrc_serial) ON DELETE CASCADE - ); + ,recoup_timestamp INT8 NOT NULL + ,rrc_serial INT8 NOT NULL -- REFERENCES refresh_revealed_coins (rrc_serial) ON DELETE CASCADE -- UNIQUE + ) + PARTITION BY RANGE (known_coin_id); COMMENT ON TABLE recoup_refresh IS 'Table of coins that originated from a refresh operation and that were recouped. Links the (fresh) coin to the melted operation (and thus the old coin). A recoup on a refreshed coin credits the old coin and debits the fresh coin.'; COMMENT ON COLUMN recoup_refresh.known_coin_id @@ -600,24 +676,29 @@ COMMENT ON COLUMN recoup_refresh.rrc_serial IS 'Link to the refresh operation. Also identifies the h_blind_ev of the recouped coin (as h_coin_ev).'; COMMENT ON COLUMN recoup_refresh.coin_blind IS 'Denomination blinding key used when creating the blinded coin from the planchet. Secret revealed during the recoup to provide the linkage between the coin and the refresh operation.'; +CREATE TABLE IF NOT EXISTS recoup_refresh_default + PARTITION OF recoup_refresh + DEFAULT; -CREATE INDEX IF NOT EXISTS recoup_refresh_by_h_blind_ev +CREATE INDEX IF NOT EXISTS recoup_refresh_by_recoup_refresh_uuid_index + ON recoup_refresh + (recoup_refresh_uuid); +CREATE INDEX IF NOT EXISTS recoup_refresh_by_rrc_serial_index ON recoup_refresh (rrc_serial); -CREATE INDEX IF NOT EXISTS recoup_refresh_for_by_reserve +CREATE INDEX IF NOT EXISTS recoup_refresh_by_known_coin_id_index ON recoup_refresh - (known_coin_id - ,rrc_serial - ); + (known_coin_id); CREATE TABLE IF NOT EXISTS prewire (prewire_uuid BIGSERIAL PRIMARY KEY - ,type TEXT NOT NULL + ,wire_method TEXT NOT NULL ,finished BOOLEAN NOT NULL DEFAULT false ,failed BOOLEAN NOT NULL DEFAULT false ,buf BYTEA NOT NULL - ); + ) + PARTITION BY RANGE (prewire_uuid); COMMENT ON TABLE prewire IS 'pre-commit data for wire transfers we are about to execute'; COMMENT ON COLUMN prewire.failed @@ -626,17 +707,20 @@ COMMENT ON COLUMN prewire.finished IS 'set to TRUE once bank confirmed receiving the wire transfer request'; COMMENT ON COLUMN prewire.buf IS 'serialized data to send to the bank to execute the wire transfer'; +CREATE TABLE IF NOT EXISTS prewire_default + PARTITION OF prewire + DEFAULT; -CREATE INDEX IF NOT EXISTS prepare_iteration_index +CREATE INDEX IF NOT EXISTS prewire_by_finished_index ON prewire (finished); -COMMENT ON INDEX prepare_iteration_index +COMMENT ON INDEX prewire_by_finished_index IS 'for gc_prewire'; - -CREATE INDEX IF NOT EXISTS prepare_get_index +-- FIXME: find a way to combine these two indices? +CREATE INDEX IF NOT EXISTS prewire_by_failed_finished_index ON prewire (failed,finished); -COMMENT ON INDEX prepare_get_index +COMMENT ON INDEX prewire_by_failed_finished_index IS 'for wire_prepare_data_get'; @@ -684,7 +768,7 @@ COMMENT ON COLUMN work_shards.end_row COMMENT ON COLUMN work_shards.job_name IS 'unique name of the job the workers on this shard are performing'; -CREATE INDEX IF NOT EXISTS work_shards_index +CREATE INDEX IF NOT EXISTS work_shards_by_job_name_completed_last_attempt_index ON work_shards (job_name ,completed @@ -716,7 +800,7 @@ COMMENT ON COLUMN revolving_work_shards.end_row COMMENT ON COLUMN revolving_work_shards.job_name IS 'unique name of the job the workers on this shard are performing'; -CREATE INDEX IF NOT EXISTS revolving_work_shards_index +CREATE INDEX IF NOT EXISTS revolving_work_shards_by_job_name_active_last_attempt_index ON revolving_work_shards (job_name ,active @@ -740,7 +824,8 @@ CREATE OR REPLACE FUNCTION exchange_do_withdraw( OUT reserve_found BOOLEAN, OUT balance_ok BOOLEAN, OUT kycok BOOLEAN, - OUT account_uuid INT8) + OUT account_uuid INT8, + OUT ruuid INT8) LANGUAGE plpgsql AS $$ DECLARE @@ -752,6 +837,11 @@ DECLARE DECLARE reserve_frac INT4; BEGIN +-- Shards: reserves by reserve_pub (SELECT) +-- reserves_out (INSERT, with CONFLICT detection) by h_blind_ev +-- reserves by reserve_pub (UPDATE) +-- reserves_in by reserve_pub (SELECT) +-- wire_targets by wire_target_serial_id SELECT denominations_serial INTO denom_serial FROM denominations @@ -764,6 +854,7 @@ THEN balance_ok=FALSE; kycok=FALSE; account_uuid=0; + ruuid=0; ASSERT false, 'denomination unknown'; RETURN; END IF; @@ -771,12 +862,13 @@ END IF; SELECT current_balance_val ,current_balance_frac - ,expiration_date ,gc_date + ,reserve_uuid INTO reserve_val ,reserve_frac ,reserve_gc + ,ruuid FROM reserves WHERE reserves.reserve_pub=rpub; @@ -787,6 +879,7 @@ THEN balance_ok=FALSE; kycok=FALSE; account_uuid=0; + ruuid=0; RETURN; END IF; @@ -796,7 +889,7 @@ INSERT INTO reserves_out (h_blind_ev ,denominations_serial ,denom_sig - ,reserve_pub + ,reserve_uuid ,reserve_sig ,execution_date ,amount_with_fee_val @@ -805,7 +898,7 @@ VALUES (h_coin_envelope ,denom_serial ,denom_sig - ,rpub + ,ruuid ,reserve_sig ,now ,amount_val @@ -882,7 +975,7 @@ COMMENT ON FUNCTION exchange_do_withdraw(INT8, INT4, BYTEA, BYTEA, BYTEA, BYTEA, CREATE OR REPLACE FUNCTION exchange_do_withdraw_limit_check( - IN rpub BYTEA, + IN ruuid INT8, IN start_time INT8, IN upper_limit_val INT8, IN upper_limit_frac INT4, @@ -894,6 +987,10 @@ DECLARE DECLARE total_frac INT8; -- INT4 could overflow during accumulation! BEGIN +-- NOTE: Read-only, but crosses shards. +-- Shards: reserves by reserve_pub +-- reserves_out by reserve_uuid -- crosses shards!! + SELECT SUM(amount_with_fee_val) -- overflow here is not plausible @@ -902,7 +999,7 @@ SELECT total_val ,total_frac FROM reserves_out - WHERE reserves_out.reserve_pub=rpub + WHERE reserve_uuid=ruuid AND execution_date > start_time; -- normalize result @@ -915,199 +1012,882 @@ below_limit = (total_val < upper_limit_val) OR (total_frac <= upper_limit_frac) ); END $$; -COMMENT ON FUNCTION exchange_do_withdraw_limit_check(BYTEA, INT8, INT8, INT4) +COMMENT ON FUNCTION exchange_do_withdraw_limit_check(INT8, INT8, INT8, INT4) IS 'Check whether the withdrawals from the given reserve since the given time are below the given threshold'; -CREATE OR REPLACE FUNCTION exchange_do_check_coin_balance( - IN denom_val INT8, -- value of the denomination of the coin - IN denom_frac INT4, -- value of the denomination of the coin - IN in_coin_pub BYTEA, -- coin public key - IN check_recoup BOOLEAN, -- do we need to check the recoup table? - IN zombie_required BOOLEAN, -- do we need a zombie coin? - OUT balance_ok BOOLEAN, -- balance satisfied? - OUT zombie_ok BOOLEAN) -- zombie satisfied? + +CREATE OR REPLACE FUNCTION exchange_do_deposit( + IN in_amount_with_fee_val INT8, + IN in_amount_with_fee_frac INT4, + IN in_h_contract_terms BYTEA, + IN in_wire_salt BYTEA, + IN in_wallet_timestamp INT8, + IN in_exchange_timestamp INT8, + IN in_refund_deadline INT8, + IN in_wire_deadline INT8, + IN in_merchant_pub BYTEA, + IN in_receiver_wire_account VARCHAR, + IN in_h_payto BYTEA, + IN in_known_coin_id INT8, + IN in_coin_pub BYTEA, + IN in_coin_sig BYTEA, + IN in_shard INT8, + IN in_extension_blocked BOOLEAN, + IN in_extension_details VARCHAR, + OUT out_exchange_timestamp INT8, + OUT out_balance_ok BOOLEAN, + OUT out_conflict BOOLEAN) LANGUAGE plpgsql AS $$ DECLARE - coin_uuid INT8; -- known_coin_id of coin_pub + wtsi INT8; -- wire target serial id DECLARE - tmp_val INT8; -- temporary result -DECLARE - tmp_frac INT8; -- temporary result -DECLARE - spent_val INT8; -- how much of coin was spent? -DECLARE - spent_frac INT8; -- how much of coin was spent? -DECLARE - unspent_val INT8; -- how much of coin was refunded? -DECLARE - unspent_frac INT8; -- how much of coin was refunded? + xdi INT8; -- eXstension details serial id BEGIN +-- Shards: INSERT extension_details (by extension_details_serial_id) +-- INSERT wire_targets (by h_payto), on CONFLICT DO NOTHING; +-- INSERT deposits (by shard + known_coin_id, merchant_pub, h_contract_terms), ON CONFLICT DO NOTHING; +-- UPDATE known_coins (by coin_pub) --- Note: possible future optimization: get the coin_uuid from the previous --- 'ensure_coin_known' and pass that here instead of the coin_pub. Might help --- a tiny bit with performance. -SELECT known_coin_id INTO coin_uuid - FROM known_coins - WHERE coin_pub=in_coin_pub; +IF NOT NULL in_extension_details +THEN + INSERT INTO extension_details + (extension_options) + VALUES + (in_extension_details) + RETURNING extension_details_serial_id INTO xdi; +ELSE + xdi=NULL; +END IF; + + +INSERT INTO wire_targets + (h_payto + ,payto_uri) + VALUES + (in_h_payto + ,in_receiver_wire_account) +ON CONFLICT (h_payto) DO NOTHING + RETURNING wire_target_serial_id INTO wtsi; IF NOT FOUND THEN - -- coin unknown, should be impossible! - balance_ok=FALSE; - zombie_ok=FALSE; - ASSERT false, 'coin unknown'; + SELECT wire_target_serial_id + INTO wtsi + FROM wire_targets + WHERE h_payto=in_h_payto; +END IF; + + +INSERT INTO deposits + (shard + ,known_coin_id + ,amount_with_fee_val + ,amount_with_fee_frac + ,wallet_timestamp + ,exchange_timestamp + ,refund_deadline + ,wire_deadline + ,merchant_pub + ,h_contract_terms + ,coin_sig + ,wire_salt + ,wire_target_serial_id + ,extension_blocked + ,extension_details_serial_id + ) + VALUES + (in_shard + ,in_known_coin_id + ,in_amount_with_fee_val + ,in_amount_with_fee_frac + ,in_wallet_timestamp + ,in_exchange_timestamp + ,in_refund_deadline + ,in_wire_deadline + ,in_merchant_pub + ,in_h_contract_terms + ,in_coin_sig + ,in_wire_salt + ,wtsi + ,in_extension_blocked + ,xdi) + ON CONFLICT DO NOTHING; + +IF NOT FOUND +THEN + -- Idempotency check: see if an identical record exists. + -- Note that by checking 'coin_sig', we implicitly check + -- identity over everything that the signature covers. + -- We do select over merchant_pub and h_contract_terms + -- primarily here to maximally use the existing index. + SELECT + exchange_timestamp + INTO + out_exchange_timestamp + FROM deposits + WHERE + shard=in_shard AND + known_coin_id=in_known_coin_id AND + merchant_pub=in_merchant_pub AND + h_contract_terms=in_h_contract_terms AND + coin_sig=in_coin_sig; + + IF NOT FOUND + THEN + -- Deposit exists, but with differences. Not allowed. + out_balance_ok=FALSE; + out_conflict=TRUE; + RETURN; + END IF; + + -- Idempotent request known, return success. + out_balance_ok=TRUE; + out_conflict=FALSE; + RETURN; END IF; -spent_val = 0; -spent_frac = 0; -unspent_val = denom_val; -unspent_frac = denom_frac; +out_exchange_timestamp=in_exchange_timestamp; -SELECT - SUM(amount_with_fee_val) -- overflow here is not plausible - ,SUM(CAST(amount_with_fee_frac AS INT8)) -- compute using 64 bits - INTO - tmp_val - ,tmp_frac - FROM deposits - WHERE known_coin_id=coin_uuid; +-- Check and update balance of the coin. +UPDATE known_coins + SET + remaining_frac=remaining_frac-in_amount_with_fee_frac + + CASE + WHEN remaining_frac < in_amount_with_fee_frac + THEN 100000000 + ELSE 0 + END, + remaining_val=remaining_val-in_amount_with_fee_val + - CASE + WHEN remaining_frac < in_amount_with_fee_frac + THEN 1 + ELSE 0 + END + WHERE coin_pub=in_coin_pub + AND ( (remaining_val > in_amount_with_fee_val) OR + ( (remaining_frac >= in_amount_with_fee_frac) AND + (remaining_val >= in_amount_with_fee_val) ) ); -IF tmp_val IS NOT NULL +IF NOT FOUND THEN - spent_val = spent_val + tmp_val; - spent_frac = spent_frac + tmp_frac; + -- Insufficient balance. + out_balance_ok=FALSE; + out_conflict=FALSE; + RETURN; END IF; -SELECT - SUM(amount_with_fee_val) -- overflow here is not plausible - ,SUM(CAST(amount_with_fee_frac AS INT8)) -- compute using 64 bits - INTO - tmp_val - ,tmp_frac - FROM refresh_commitments - WHERE old_known_coin_id=coin_uuid; - -IF tmp_val IS NOT NULL -THEN - spent_val = spent_val + tmp_val; - spent_frac = spent_frac + tmp_frac; -END IF; - - -SELECT - SUM(rf.amount_with_fee_val) -- overflow here is not plausible - ,SUM(CAST(rf.amount_with_fee_frac AS INT8)) -- compute using 64 bits - INTO - tmp_val - ,tmp_frac - FROM deposits - JOIN refunds rf - USING (deposit_serial_id) - WHERE - known_coin_id=coin_uuid; -IF tmp_val IS NOT NULL -THEN - unspent_val = unspent_val + tmp_val; - unspent_frac = unspent_frac + tmp_frac; -END IF; - --- Note: even if 'check_recoup' is true, the tables below --- are in practice likely empty (as they only apply if --- the exchange (ever) had to revoke keys). -IF check_recoup -THEN - - SELECT - SUM(amount_val) -- overflow here is not plausible - ,SUM(CAST(amount_frac AS INT8)) -- compute using 64 bits - INTO - tmp_val - ,tmp_frac - FROM recoup_refresh - WHERE known_coin_id=coin_uuid; - - IF tmp_val IS NOT NULL - THEN - spent_val = spent_val + tmp_val; - spent_frac = spent_frac + tmp_frac; - END IF; - - SELECT - SUM(amount_val) -- overflow here is not plausible - ,SUM(CAST(amount_frac AS INT8)) -- compute using 64 bits - INTO - tmp_val - ,tmp_frac - FROM recoup - WHERE known_coin_id=coin_uuid; - - IF tmp_val IS NOT NULL - THEN - spent_val = spent_val + tmp_val; - spent_frac = spent_frac + tmp_frac; - END IF; - - SELECT - SUM(amount_val) -- overflow here is not plausible - ,SUM(CAST(amount_frac AS INT8)) -- compute using 64 bits - INTO - tmp_val - ,tmp_frac - FROM recoup_refresh - JOIN refresh_revealed_coins rrc - USING (rrc_serial) - JOIN refresh_commitments rfc - ON (rrc.melt_serial_id = rfc.melt_serial_id) - WHERE rfc.old_known_coin_id=coin_uuid; - - IF tmp_val IS NOT NULL - THEN - unspent_val = unspent_val + tmp_val; - unspent_frac = unspent_frac + tmp_frac; - END IF; - - IF ( (0 < tmp_val) OR (0 < tmp_frac) ) - THEN - -- There was a transaction that justifies the zombie - -- status, clear the flag - zombie_required=FALSE; - END IF; - -END IF; - - --- normalize results -spent_val = spent_val + spent_frac / 100000000; -spent_frac = spent_frac % 100000000; -unspent_val = unspent_val + unspent_frac / 100000000; -unspent_frac = unspent_frac % 100000000; - --- Actually check if the coin balance is sufficient. Verbosely. ;-) -IF (unspent_val > spent_val) -THEN - balance_ok=TRUE; -ELSE - IF (unspent_val = spent_val) AND (unspent_frac >= spent_frac) - THEN - balance_ok=TRUE; - ELSE - balance_ok=FALSE; - END IF; -END IF; - -zombie_ok = NOT zombie_required; +-- Everything fine, return success! +out_balance_ok=TRUE; +out_conflict=FALSE; END $$; -COMMENT ON FUNCTION exchange_do_check_coin_balance(INT8, INT4, BYTEA, BOOLEAN, BOOLEAN) - IS 'Checks whether the coin has sufficient balance for all the operations associated with it'; +CREATE OR REPLACE FUNCTION exchange_do_melt( + IN in_amount_with_fee_val INT8, + IN in_amount_with_fee_frac INT4, + IN in_rc BYTEA, + IN in_old_coin_pub BYTEA, + IN in_old_coin_sig BYTEA, + IN in_known_coin_id INT8, -- not used, but that's OK + IN in_noreveal_index INT4, + IN in_zombie_required BOOLEAN, + OUT out_balance_ok BOOLEAN, + OUT out_zombie_bad BOOLEAN, + OUT out_noreveal_index INT4) +LANGUAGE plpgsql +AS $$ +BEGIN +-- Shards: INSERT refresh_commitments (by rc) +-- (rare:) SELECT refresh_commitments (by old_coin_pub) -- crosses shards! +-- (rare:) SEELCT refresh_revealed_coins (by melt_serial_id) +-- (rare:) PERFORM recoup_refresh (by rrc_serial) -- crosses shards! +-- UPDATE known_coins (by coin_pub) + +INSERT INTO refresh_commitments + (rc + ,old_coin_pub + ,old_coin_sig + ,amount_with_fee_val + ,amount_with_fee_frac + ,noreveal_index + ) + VALUES + (in_rc + ,in_old_coin_pub + ,in_old_coin_sig + ,in_amount_with_fee_val + ,in_amount_with_fee_frac + ,in_noreveal_index) + ON CONFLICT DO NOTHING; + +IF NOT FOUND +THEN + -- Idempotency check: see if an identical record exists. + out_noreveal_index=-1; + SELECT + noreveal_index + INTO + out_noreveal_index + FROM refresh_commitments + WHERE rc=in_rc; + out_balance_ok=FOUND; + out_zombie_bad=FALSE; -- zombie is OK + RETURN; +END IF; + + +IF in_zombie_required +THEN + -- Check if this coin was part of a refresh + -- operation that was subsequently involved + -- in a recoup operation. We begin by all + -- refresh operations our coin was involved + -- with, then find all associated reveal + -- operations, and then see if any of these + -- reveal operations was involved in a recoup. + PERFORM + FROM recoup_refresh + WHERE rrc_serial IN + (SELECT rrc_serial + FROM refresh_revealed_coins + WHERE melt_serial_id IN + (SELECT melt_serial_id + FROM refresh_commitments + WHERE old_coin_pub=in_old_coin_pub)); + IF NOT FOUND + THEN + out_zombie_bad=TRUE; + out_balance_ok=FALSE; + RETURN; + END IF; +END IF; + +out_zombie_bad=FALSE; -- zombie is OK + + +-- Check and update balance of the coin. +UPDATE known_coins + SET + remaining_frac=remaining_frac-in_amount_with_fee_frac + + CASE + WHEN remaining_frac < in_amount_with_fee_frac + THEN 100000000 + ELSE 0 + END, + remaining_val=remaining_val-in_amount_with_fee_val + - CASE + WHEN remaining_frac < in_amount_with_fee_frac + THEN 1 + ELSE 0 + END + WHERE coin_pub=in_old_coin_pub + AND ( (remaining_val > in_amount_with_fee_val) OR + ( (remaining_frac >= in_amount_with_fee_frac) AND + (remaining_val >= in_amount_with_fee_val) ) ); + +IF NOT FOUND +THEN + -- Insufficient balance. + out_noreveal_index=-1; + out_balance_ok=FALSE; + RETURN; +END IF; + +-- Everything fine, return success! +out_balance_ok=TRUE; +out_noreveal_index=in_noreveal_index; + +END $$; + + + +CREATE OR REPLACE FUNCTION exchange_do_refund( + IN in_amount_with_fee_val INT8, + IN in_amount_with_fee_frac INT4, + IN in_amount_val INT8, + IN in_amount_frac INT4, + IN in_deposit_fee_val INT8, + IN in_deposit_fee_frac INT4, + IN in_h_contract_terms BYTEA, + IN in_rtransaction_id INT8, + IN in_deposit_shard INT8, + IN in_known_coin_id INT8, + IN in_coin_pub BYTEA, + IN in_merchant_pub BYTEA, + IN in_merchant_sig BYTEA, + OUT out_not_found BOOLEAN, + OUT out_refund_ok BOOLEAN, + OUT out_gone BOOLEAN, + OUT out_conflict BOOLEAN) +LANGUAGE plpgsql +AS $$ +DECLARE + dsi INT8; -- ID of deposit being refunded +DECLARE + tmp_val INT8; -- total amount refunded +DECLARE + tmp_frac INT8; -- total amount refunded +DECLARE + deposit_val INT8; -- amount that was originally deposited +DECLARE + deposit_frac INT8; -- amount that was originally deposited +BEGIN +-- Shards: SELECT deposits (by shard, known_coin_id,h_contract_terms, merchant_pub) +-- INSERT refunds (by deposit_serial_id, rtransaction_id) ON CONFLICT DO NOTHING +-- SELECT refunds (by deposit_serial_id) +-- UPDATE known_coins (by coin_pub) + +SELECT + deposit_serial_id + ,amount_with_fee_val + ,amount_with_fee_frac + ,done +INTO + dsi + ,deposit_val + ,deposit_frac + ,out_gone +FROM deposits +WHERE shard=in_deposit_shard + AND known_coin_id=in_known_coin_id + AND h_contract_terms=in_h_contract_terms + AND merchant_pub=in_merchant_pub; + +IF NOT FOUND +THEN + -- No matching deposit found! + out_refund_ok=FALSE; + out_conflict=FALSE; + out_not_found=TRUE; + out_gone=FALSE; + RETURN; +END IF; + + +INSERT INTO refunds + (deposit_serial_id + ,merchant_sig + ,rtransaction_id + ,amount_with_fee_val + ,amount_with_fee_frac + ) + VALUES + (dsi + ,in_merchant_sig + ,in_rtransaction_id + ,in_amount_with_fee_val + ,in_amount_with_fee_frac) + ON CONFLICT DO NOTHING; + +IF NOT FOUND +THEN + -- Idempotency check: see if an identical record exists. + -- Note that by checking 'coin_sig', we implicitly check + -- identity over everything that the signature covers. + -- We do select over merchant_pub and h_contract_terms + -- primarily here to maximally use the existing index. + PERFORM + FROM refunds + WHERE + deposit_serial_id=dsi AND + rtransaction_id=in_rtransaction_id AND + amount_with_fee_val=in_amount_with_fee_val AND + amount_with_fee_frac=in_amount_with_fee_frac; + + IF NOT FOUND + THEN + -- Deposit exists, but have conflicting refund. + out_refund_ok=FALSE; + out_conflict=TRUE; + out_not_found=FALSE; + RETURN; + END IF; + + -- Idempotent request known, return success. + out_refund_ok=TRUE; + out_conflict=FALSE; + out_not_found=FALSE; + out_gone=FALSE; + RETURN; +END IF; + + +IF out_gone +THEN + -- money already sent to the merchant. Tough luck. + out_refund_ok=FALSE; + out_conflict=FALSE; + out_not_found=FALSE; + RETURN; +END IF; + + + +-- Check refund balance invariant. +SELECT + SUM(amount_with_fee_val) -- overflow here is not plausible + ,SUM(CAST(amount_with_fee_frac AS INT8)) -- compute using 64 bits + INTO + tmp_val + ,tmp_frac + FROM refunds + WHERE + deposit_serial_id=dsi; +IF tmp_val IS NULL +THEN + RAISE NOTICE 'failed to sum up existing refunds'; + out_refund_ok=FALSE; + out_conflict=FALSE; + out_not_found=FALSE; + RETURN; +END IF; + +-- Normalize result before continuing +tmp_val = tmp_val + tmp_frac / 100000000; +tmp_frac = tmp_frac % 100000000; + +-- Actually check if the deposits are sufficient for the refund. Verbosely. ;-) +IF (tmp_val < deposit_val) +THEN + out_refund_ok=TRUE; +ELSE + IF (tmp_val = deposit_val) AND (tmp_frac <= deposit_frac) + THEN + out_refund_ok=TRUE; + ELSE + out_refund_ok=FALSE; + END IF; +END IF; + +IF (tmp_val = deposit_val) AND (tmp_frac = deposit_frac) +THEN + -- Refunds have reached the full value of the original + -- deposit. Also refund the deposit fee. + in_amount_frac = in_amount_frac + in_deposit_fee_frac; + in_amount_val = in_amount_val + in_deposit_fee_val; + + -- Normalize result before continuing + in_amount_val = in_amount_val + in_amount_frac / 100000000; + in_amount_frac = in_amount_frac % 100000000; +END IF; + +-- Update balance of the coin. +UPDATE known_coins + SET + remaining_frac=remaining_frac+in_amount_frac + - CASE + WHEN remaining_frac+in_amount_frac >= 100000000 + THEN 100000000 + ELSE 0 + END, + remaining_val=remaining_val+in_amount_val + + CASE + WHEN remaining_frac+in_amount_frac >= 100000000 + THEN 1 + ELSE 0 + END + WHERE coin_pub=in_coin_pub; + + +out_conflict=FALSE; +out_not_found=FALSE; + +END $$; + +-- COMMENT ON FUNCTION exchange_do_refund(INT8, INT4, BYTEA, BOOLEAN, BOOLEAN) +-- IS 'Executes a refund operation, checking that the corresponding deposit was sufficient to cover the refunded amount'; + + +CREATE OR REPLACE FUNCTION exchange_do_recoup_to_reserve( + IN in_reserve_pub BYTEA, + IN in_reserve_out_serial_id INT8, + IN in_amount_val INT8, + IN in_amount_frac INT4, + IN in_coin_blind BYTEA, + IN in_coin_pub BYTEA, + IN in_known_coin_id INT8, + IN in_coin_sig BYTEA, + IN in_reserve_gc INT8, + IN in_reserve_expiration INT8, + IN in_recoup_timestamp INT8, + OUT out_recoup_ok BOOLEAN, + OUT out_internal_failure BOOLEAN, + OUT out_recoup_timestamp INT8) +LANGUAGE plpgsql +AS $$ +DECLARE + tmp_val INT8; -- previous amount recouped +DECLARE + tmp_frac INT8; -- previous amount recouped +BEGIN +-- Shards: SELECT known_coins (by coin_pub) +-- SELECT recoup (by known_coin_id) +-- UPDATE reserves (by reserve_pub) +-- INSERT recoup (by known_coin_id) + +out_internal_failure=FALSE; + +-- Check and update balance of the coin. +UPDATE known_coins + SET + remaining_frac=remaining_frac-in_amount_frac + + CASE + WHEN remaining_frac < in_amount_frac + THEN 100000000 + ELSE 0 + END, + remaining_val=remaining_val-in_amount_val + - CASE + WHEN remaining_frac < in_amount_frac + THEN 1 + ELSE 0 + END + WHERE coin_pub=in_coin_pub + AND ( (remaining_val > in_amount_val) OR + ( (remaining_frac >= in_amount_frac) AND + (remaining_val >= in_amount_val) ) ); + +IF NOT FOUND +THEN + -- Check if we already recouped this coin before! + SELECT + amount_val + ,amount_frac + ,recoup_timestamp + INTO + tmp_val + ,tmp_frac + ,out_recoup_timestamp + FROM recoup + WHERE known_coin_id=in_known_coin_id; + + IF FOUND + THEN + -- Idempotent request, all OK! + out_recoup_ok= (tmp_val = in_amount_val) AND + (tmp_frac = in_amount_frac); + RETURN; + END IF; + + out_recoup_ok=FALSE; + RETURN; +END IF; + + +-- Credit the reserve and update reserve timers. +UPDATE reserves + SET + current_balance_frac=current_balance_frac+in_amount_frac + - CASE + WHEN current_balance_frac+in_amount_frac >= 100000000 + THEN 100000000 + ELSE 0 + END, + current_balance_val=current_balance_val+in_amount_val + + CASE + WHEN current_balance_frac+in_amount_frac >= 100000000 + THEN 1 + ELSE 0 + END, + gc_date=GREATEST(gc_date, in_reserve_gc), + expiration_date=GREATEST(expiration_date, in_reserve_expiration) + WHERE reserve_pub=in_reserve_pub; + + +IF NOT FOUND +THEN + RAISE NOTICE 'failed to increase reserve balance from recoup'; + out_recoup_ok=FALSE; + out_internal_failure=TRUE; + RETURN; +END IF; + + +INSERT INTO recoup + (known_coin_id + ,coin_sig + ,coin_blind + ,amount_val + ,amount_frac + ,recoup_timestamp + ,reserve_out_serial_id + ) +VALUES + (in_known_coin_id + ,in_coin_sig + ,in_coin_blind + ,in_amount_val + ,in_amount_frac + ,in_recoup_timestamp + ,in_reserve_out_serial_id); + +-- Normal end, everything is fine. +out_recoup_ok=TRUE; +out_recoup_timestamp=in_recoup_timestamp; + +END $$; + +-- COMMENT ON FUNCTION exchange_do_recoup_to_reserve(INT8, INT4, BYTEA, BOOLEAN, BOOLEAN) +-- IS 'Executes a recoup of a coin that was withdrawn from a reserve'; + + + + + + +CREATE OR REPLACE FUNCTION exchange_do_recoup_to_coin( + IN in_old_coin_pub BYTEA, + IN in_rrc_serial INT8, + IN in_amount_val INT8, + IN in_amount_frac INT4, + IN in_coin_blind BYTEA, + IN in_coin_pub BYTEA, + IN in_known_coin_id INT8, + IN in_coin_sig BYTEA, + IN in_recoup_timestamp INT8, + OUT out_recoup_ok BOOLEAN, + OUT out_internal_failure BOOLEAN, + OUT out_recoup_timestamp INT8) +LANGUAGE plpgsql +AS $$ +DECLARE + tmp_val INT8; -- previous amount recouped +DECLARE + tmp_frac INT8; -- previous amount recouped +BEGIN + +-- Shards: UPDATE known_coins (by coin_pub) +-- SELECT recoup_refresh (by known_coin_id) +-- UPDATE known_coins (by coin_pub) +-- INSERT recoup_refresh (by known_coin_id) + + +out_internal_failure=FALSE; + +-- Check and update balance of the coin. +UPDATE known_coins + SET + remaining_frac=remaining_frac-in_amount_frac + + CASE + WHEN remaining_frac < in_amount_frac + THEN 100000000 + ELSE 0 + END, + remaining_val=remaining_val-in_amount_val + - CASE + WHEN remaining_frac < in_amount_frac + THEN 1 + ELSE 0 + END + WHERE coin_pub=in_coin_pub + AND ( (remaining_val > in_amount_val) OR + ( (remaining_frac >= in_amount_frac) AND + (remaining_val >= in_amount_val) ) ); + +IF NOT FOUND +THEN + -- Check if we already recouped this coin before! + SELECT + amount_val + ,amount_frac + ,recoup_timestamp + INTO + tmp_val + ,tmp_frac + ,out_recoup_timestamp + FROM recoup_refresh + WHERE known_coin_id=in_known_coin_id; + + IF FOUND + THEN + -- Idempotent request, all OK! + out_recoup_ok= (tmp_val = in_amount_val) AND + (tmp_frac = in_amount_frac); + RETURN; + END IF; + + -- Insufficient balance, not idempotent. + out_recoup_ok=FALSE; + RETURN; +END IF; + + +-- Credit the old coin. +UPDATE known_coins + SET + remaining_frac=remaining_frac+in_amount_frac + - CASE + WHEN remaining_frac+in_amount_frac >= 100000000 + THEN 100000000 + ELSE 0 + END, + remaining_val=remaining_val+in_amount_val + + CASE + WHEN remaining_frac+in_amount_frac >= 100000000 + THEN 1 + ELSE 0 + END + WHERE coin_pub=in_old_coin_pub; + + +IF NOT FOUND +THEN + RAISE NOTICE 'failed to increase old coin balance from recoup'; + out_recoup_ok=FALSE; + out_internal_failure=TRUE; + RETURN; +END IF; + + +INSERT INTO recoup_refresh + (known_coin_id + ,coin_sig + ,coin_blind + ,amount_val + ,amount_frac + ,recoup_timestamp + ,rrc_serial + ) +VALUES + (in_known_coin_id + ,in_coin_sig + ,in_coin_blind + ,in_amount_val + ,in_amount_frac + ,in_recoup_timestamp + ,in_rrc_serial); + +-- Normal end, everything is fine. +out_recoup_ok=TRUE; +out_recoup_timestamp=in_recoup_timestamp; + +END $$; + + +-- COMMENT ON FUNCTION exchange_do_recoup_to_coin(INT8, INT4, BYTEA, BOOLEAN, BOOLEAN) +-- IS 'Executes a recoup-refresh of a coin that was obtained from a refresh-reveal process'; + + + +CREATE OR REPLACE PROCEDURE exchange_do_gc( + IN in_ancient_date INT8, + IN in_now INT8) +LANGUAGE plpgsql +AS $$ +DECLARE + reserve_uuid_min INT8; -- minimum reserve UUID still alive +DECLARE + melt_min INT8; -- minimum melt still alive +DECLARE + coin_min INT8; -- minimum known_coin still alive +DECLARE + deposit_min INT8; -- minimum deposit still alive +DECLARE + reserve_out_min INT8; -- minimum reserve_out still alive +BEGIN + +DELETE FROM prewire + WHERE finished=TRUE; + +DELETE FROM wire_fee + WHERE end_date < in_ancient_date; + +-- TODO: use closing fee as threshold? +DELETE FROM reserves + WHERE gc_date < in_now + AND current_balance_val = 0 + AND current_balance_frac = 0; + +SELECT + reserve_out_serial_id + INTO + reserve_out_min + FROM reserves_out + ORDER BY reserve_out_serial_id ASC + LIMIT 1; + +DELETE FROM recoup + WHERE reserve_out_serial_id < reserve_out_min; + + +SELECT + reserve_uuid + INTO + reserve_uuid_min + FROM reserves + ORDER BY reserve_uuid ASC + LIMIT 1; + +DELETE FROM reserves_out + WHERE reserve_uuid < reserve_uuid_min; + + +DELETE FROM denominations + WHERE expire_legal < in_now + AND denominations_serial NOT IN + (SELECT DISTINCT denominations_serial + FROM reserves_out) + AND denominations_serial NOT IN + (SELECT DISTINCT denominations_serial + FROM known_coins + WHERE known_coin_id IN + (SELECT DISTINCT known_coin_id + FROM recoup)) + AND denominations_serial NOT IN + (SELECT DISTINCT denominations_serial + FROM known_coins + WHERE known_coin_id IN + (SELECT DISTINCT known_coin_id + FROM recoup_refresh)); + +SELECT + melt_serial_id + INTO + melt_min + FROM refresh_commitments + ORDER BY melt_serial_id ASC + LIMIT 1; + +DELETE FROM refresh_revealed_coins + WHERE melt_serial_id < melt_min; + +DELETE FROM refresh_transfer_keys + WHERE melt_serial_id < melt_min; + +SELECT + known_coin_id + INTO + coin_min + FROM known_coins + ORDER BY known_coin_id ASC + LIMIT 1; + +DELETE FROM deposits + WHERE known_coin_id < coin_min; + +SELECT + deposit_serial_id + INTO + deposit_min + FROM deposits + ORDER BY deposit_serial_id ASC + LIMIT 1; + +DELETE FROM refunds + WHERE deposit_serial_id < deposit_min; + +DELETE FROM aggregation_tracking + WHERE deposit_serial_id < deposit_min; + + +END $$; -- Complete transaction diff --git a/src/exchangedb/irbt_callbacks.c b/src/exchangedb/irbt_callbacks.c index ffccbef3b..0e0264e89 100644 --- a/src/exchangedb/irbt_callbacks.c +++ b/src/exchangedb/irbt_callbacks.c @@ -233,8 +233,8 @@ irbt_cb_table_reserves_out (struct PostgresClosure *pg, &td->details.reserves_out.denominations_serial), TALER_PQ_query_param_blinded_denom_sig ( &td->details.reserves_out.denom_sig), - GNUNET_PQ_query_param_auto_from_type ( - &td->details.reserves_out.reserve_pub), + GNUNET_PQ_query_param_uint64 ( + &td->details.reserves_out.reserve_uuid), GNUNET_PQ_query_param_auto_from_type ( &td->details.reserves_out.reserve_sig), GNUNET_PQ_query_param_timestamp ( @@ -404,8 +404,8 @@ irbt_cb_table_refresh_commitments (struct PostgresClosure *pg, &td->details.refresh_commitments.amount_with_fee), GNUNET_PQ_query_param_uint32 ( &td->details.refresh_commitments.noreveal_index), - GNUNET_PQ_query_param_uint64 ( - &td->details.refresh_commitments.old_known_coin_id), + GNUNET_PQ_query_param_auto_from_type ( + &td->details.refresh_commitments.old_coin_pub), GNUNET_PQ_query_param_end }; diff --git a/src/exchangedb/lrbt_callbacks.c b/src/exchangedb/lrbt_callbacks.c index 4711ac86b..04be98696 100644 --- a/src/exchangedb/lrbt_callbacks.c +++ b/src/exchangedb/lrbt_callbacks.c @@ -408,9 +408,9 @@ lrbt_cb_table_reserves_out (void *cls, TALER_PQ_result_spec_blinded_denom_sig ( "denom_sig", &td.details.reserves_out.denom_sig), - GNUNET_PQ_result_spec_auto_from_type ( - "reserve_pub", - &td.details.reserves_out.reserve_pub), + GNUNET_PQ_result_spec_uint64 ( + "reserve_uuid", + &td.details.reserves_out.reserve_uuid), GNUNET_PQ_result_spec_auto_from_type ( "reserve_sig", &td.details.reserves_out.reserve_sig), @@ -732,9 +732,9 @@ lrbt_cb_table_refresh_commitments (void *cls, GNUNET_PQ_result_spec_uint32 ( "noreveal_index", &td.details.refresh_commitments.noreveal_index), - GNUNET_PQ_result_spec_uint64 ( - "old_known_coin_id", - &td.details.refresh_commitments.old_known_coin_id), + GNUNET_PQ_result_spec_auto_from_type ( + "old_coin_pub", + &td.details.refresh_commitments.old_coin_pub), GNUNET_PQ_result_spec_end }; @@ -1219,7 +1219,7 @@ lrbt_cb_table_recoup (void *cls, &td.details.recoup.coin_blind), TALER_PQ_RESULT_SPEC_AMOUNT ("amount", &td.details.recoup.amount), - GNUNET_PQ_result_spec_timestamp ("timestamp", + GNUNET_PQ_result_spec_timestamp ("recoup_timestamp", &td.details.recoup.timestamp), GNUNET_PQ_result_spec_uint64 ("known_coin_id", &td.details.recoup.known_coin_id), @@ -1274,7 +1274,7 @@ lrbt_cb_table_recoup_refresh (void *cls, &td.details.recoup_refresh.coin_blind), TALER_PQ_RESULT_SPEC_AMOUNT ("amount", &td.details.recoup_refresh.amount), - GNUNET_PQ_result_spec_timestamp ("timestamp", + GNUNET_PQ_result_spec_timestamp ("recoup_timestamp", &td.details.recoup_refresh.timestamp), GNUNET_PQ_result_spec_uint64 ("known_coin_id", &td.details.recoup_refresh.known_coin_id), diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c index 5ac344c20..d5290d9c0 100644 --- a/src/exchangedb/plugin_exchangedb_postgres.c +++ b/src/exchangedb/plugin_exchangedb_postgres.c @@ -400,16 +400,6 @@ prepare_statements (struct PostgresClosure *pg) " WHERE wire_target_serial_id=$1" " LIMIT 1;", 1), - /* Used in #postgres_get_kyc_status() */ - GNUNET_PQ_make_prepare ( - "get_kyc_status", - "SELECT" - " kyc_ok" - ",wire_target_serial_id AS payment_target_uuid" - " FROM wire_targets" - " WHERE payto_uri=$1" - " LIMIT 1;", - 1), /* Used in #postgres_select_kyc_status() */ GNUNET_PQ_make_prepare ( "select_kyc_status", @@ -518,17 +508,6 @@ prepare_statements (struct PostgresClosure *pg) 7), /* Used in postgres_select_reserves_in_above_serial_id() to obtain inbound transactions for reserves with serial id '\geq' the given parameter */ - GNUNET_PQ_make_prepare ( - "reserves_in_get_latest_wire_reference", - "SELECT" - " wire_reference" - " FROM reserves_in" - " WHERE exchange_account_section=$1" - " ORDER BY reserve_in_serial_id DESC" - " LIMIT 1;", - 1), - /* Used in postgres_select_reserves_in_above_serial_id() to obtain inbound - transactions for reserves with serial id '\geq' the given parameter */ GNUNET_PQ_make_prepare ( "audit_reserves_in_get_transactions_incr", "SELECT" @@ -589,16 +568,6 @@ prepare_statements (struct PostgresClosure *pg) "lock_withdraw", "LOCK TABLE reserves_out;", 0), - /* Used in #postgres_do_check_coin_balance() to check - a coin's balance */ - GNUNET_PQ_make_prepare ( - "call_check_coin_balance", - "SELECT " - " balance_ok" - ",zombie_ok" - " FROM exchange_do_check_coin_balance" - " ($1,$2,$3,$4,$5);", - 5), /* Used in #postgres_do_withdraw() to store the signature of a blinded coin with the blinded coin's details before returning it during /reserve/withdraw. We store @@ -613,6 +582,7 @@ prepare_statements (struct PostgresClosure *pg) ",balance_ok" ",kycok AS kyc_ok" ",account_uuid AS payment_target_uuid" + ",ruuid" " FROM exchange_do_withdraw" " ($1,$2,$3,$4,$5,$6,$7,$8,$9);", 9), @@ -626,28 +596,58 @@ prepare_statements (struct PostgresClosure *pg) " FROM exchange_do_withdraw_limit_check" " ($1,$2,$3,$4);", 4), - /* Used in #postgres_insert_withdraw_info() to store - the signature of a blinded coin with the blinded coin's - details before returning it during /reserve/withdraw. We store - the coin's denomination information (public key, signature) - and the blinded message as well as the reserve that the coin - is being withdrawn from and the signature of the message - authorizing the withdrawal. */ + /* Used in #postgres_do_deposit() to execute a deposit, + checking the coin's balance in the process as needed. */ GNUNET_PQ_make_prepare ( - "insert_withdraw_info", - "INSERT INTO reserves_out " - "(h_blind_ev" - ",denominations_serial" - ",denom_sig" - ",reserve_pub" - ",reserve_sig" - ",execution_date" - ",amount_with_fee_val" - ",amount_with_fee_frac" - ") SELECT $1, denominations_serial, $3, $4, $5, $6, $7, $8" - " FROM denominations" - " WHERE denom_pub_hash=$2;", + "call_deposit", + "SELECT " + " out_exchange_timestamp AS exchange_timestamp" + ",out_balance_ok AS balance_ok" + ",out_conflict AS conflicted" + " FROM exchange_do_deposit" + " ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17);", + 17), + /* Used in #postgres_do_melt() to melt a coin. */ + GNUNET_PQ_make_prepare ( + "call_melt", + "SELECT " + " out_balance_ok AS balance_ok" + ",out_zombie_bad AS zombie_required" + ",out_noreveal_index AS noreveal_index" + " FROM exchange_do_melt" + " ($1,$2,$3,$4,$5,$6,$7,$8);", 8), + /* Used in #postgres_do_refund() to refund a deposit. */ + GNUNET_PQ_make_prepare ( + "call_refund", + "SELECT " + " out_not_found AS not_found" + ",out_refund_ok AS refund_ok" + ",out_gone AS gone" + ",out_conflict AS conflict" + " FROM exchange_do_refund" + " ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13);", + 13), + /* Used in #postgres_do_recoup() to recoup a coin to a reserve. */ + GNUNET_PQ_make_prepare ( + "call_recoup", + "SELECT " + " out_recoup_timestamp AS recoup_timestamp" + ",out_recoup_ok AS recoup_ok" + ",out_internal_failure AS internal_failure" + " FROM exchange_do_recoup_to_reserve" + " ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11);", + 11), + /* Used in #postgres_do_recoup_refresh() to recoup a coin to a zombie coin. */ + GNUNET_PQ_make_prepare ( + "call_recoup_refresh", + "SELECT " + " out_recoup_timestamp AS recoup_timestamp" + ",out_recoup_ok AS recoup_ok" + ",out_internal_failure AS internal_failure" + " FROM exchange_do_recoup_to_coin" + " ($1,$2,$3,$4,$5,$6,$7,$8,$9);", + 9), /* Used in #postgres_get_withdraw_info() to locate the response for a /reserve/withdraw request using the hash of the blinded message. Used to @@ -666,7 +666,7 @@ prepare_statements (struct PostgresClosure *pg) ",denom.fee_withdraw_frac" " FROM reserves_out" " JOIN reserves" - " USING (reserve_pub)" + " USING (reserve_uuid)" " JOIN denominations denom" " USING (denominations_serial)" " WHERE h_blind_ev=$1;", @@ -687,7 +687,9 @@ prepare_statements (struct PostgresClosure *pg) ",amount_with_fee_frac" ",denom.fee_withdraw_val" ",denom.fee_withdraw_frac" - " FROM reserves_out" + " FROM reserves" + " JOIN reserves_out" + " USING (reserve_uuid)" " JOIN denominations denom" " USING (denominations_serial)" " WHERE reserve_pub=$1;", @@ -706,7 +708,7 @@ prepare_statements (struct PostgresClosure *pg) ",reserve_out_serial_id" " FROM reserves_out" " JOIN reserves" - " USING (reserve_pub)" + " USING (reserve_uuid)" " JOIN denominations denom" " USING (denominations_serial)" " WHERE reserve_out_serial_id>=$1" @@ -731,6 +733,7 @@ prepare_statements (struct PostgresClosure *pg) "get_known_coin", "SELECT" " denominations.denom_pub_hash" + ",age_hash" ",denom_sig" " FROM known_coins" " JOIN denominations USING (denominations_serial)" @@ -752,49 +755,72 @@ prepare_statements (struct PostgresClosure *pg) "get_coin_denomination", "SELECT" " denominations.denom_pub_hash" + ",known_coin_id" " FROM known_coins" " JOIN denominations USING (denominations_serial)" " WHERE coin_pub=$1" " FOR SHARE;", 1), - /* Lock deposit table; NOTE: we may want to eventually shard the - deposit table to avoid this lock being the main point of - contention limiting transaction performance. */ - GNUNET_PQ_make_prepare ( - "lock_known_coins", - "LOCK TABLE known_coins;", - 0), - /* Used in #postgres_insert_known_coin() to store - the denomination public key and signature for - a coin known to the exchange. */ + /* Used in #postgres_insert_known_coin() to store the denomination public + key and signature for a coin known to the exchange. + + See also: + https://stackoverflow.com/questions/34708509/how-to-use-returning-with-on-conflict-in-postgresql/37543015#37543015 + */ GNUNET_PQ_make_prepare ( "insert_known_coin", - "INSERT INTO known_coins " - "(coin_pub" - ",denominations_serial" - ",denom_sig" - ") SELECT $1, denominations_serial, $3 " - " FROM denominations" - " WHERE denom_pub_hash=$2" - " ON CONFLICT DO NOTHING;", - 3), + "WITH dd" + " (denominations_serial" + " ,coin_val" + " ,coin_frac" + " ) AS (" + " SELECT " + " denominations_serial" + " ,coin_val" + " ,coin_frac" + " FROM denominations" + " WHERE denom_pub_hash=$2" + " ), input_rows" + " (coin_pub) AS (" + " VALUES ($1::BYTEA)" + " ), ins AS (" + " INSERT INTO known_coins " + " (coin_pub" + " ,denominations_serial" + " ,age_hash" + " ,denom_sig" + " ,remaining_val" + " ,remaining_frac" + " ) SELECT " + " $1" + " ,denominations_serial" + " ,$3" + " ,$4" + " ,coin_val" + " ,coin_frac" + " FROM dd" + " ON CONFLICT (coin_pub) DO NOTHING" + " RETURNING " + " known_coin_id" + " ) " + "SELECT " + " FALSE AS existed" + " ,known_coin_id" + " ,NULL AS denom_pub_hash" + " ,NULL AS age_hash" + " FROM ins " + "UNION ALL " + "SELECT " + " TRUE AS existed" + " ,known_coin_id" + " ,denom_pub_hash" + " ,kc.age_hash" + " FROM input_rows" + " JOIN known_coins kc USING (coin_pub)" + " JOIN denominations USING (denominations_serial)" + " LIMIT 1", + 4), - /* Used in #postgres_insert_melt() to store - high-level information about a melt operation */ - GNUNET_PQ_make_prepare ( - "insert_melt", - "INSERT INTO refresh_commitments " - "(rc " - ",old_known_coin_id " - ",old_coin_sig " - ",amount_with_fee_val " - ",amount_with_fee_frac " - ",noreveal_index " - ") SELECT $1, known_coin_id, $3, $4, $5, $6" - " FROM known_coins" - " WHERE coin_pub=$2" - " ON CONFLICT DO NOTHING", - 6), /* Used in #postgres_get_melt() to fetch high-level information about a melt operation */ GNUNET_PQ_make_prepare ( @@ -803,27 +829,19 @@ prepare_statements (struct PostgresClosure *pg) " denoms.denom_pub_hash" ",denoms.fee_refresh_val" ",denoms.fee_refresh_frac" - ",kc.coin_pub AS old_coin_pub" + ",old_coin_pub" ",old_coin_sig" ",amount_with_fee_val" ",amount_with_fee_frac" ",noreveal_index" + ",melt_serial_id" " FROM refresh_commitments" " JOIN known_coins kc" - " ON (refresh_commitments.old_known_coin_id = kc.known_coin_id)" + " ON (old_coin_pub = kc.coin_pub)" " JOIN denominations denoms" " ON (kc.denominations_serial = denoms.denominations_serial)" " WHERE rc=$1;", 1), - /* Used in #postgres_get_melt_index() to fetch - the noreveal index from a previous melt operation */ - GNUNET_PQ_make_prepare ( - "get_melt_index", - "SELECT" - " noreveal_index" - " FROM refresh_commitments" - " WHERE rc=$1;", - 1), /* Used in #postgres_select_refreshes_above_serial_id() to fetch refresh session with id '\geq' the given parameter */ GNUNET_PQ_make_prepare ( @@ -839,7 +857,7 @@ prepare_statements (struct PostgresClosure *pg) ",rc" " FROM refresh_commitments" " JOIN known_coins kc" - " ON (refresh_commitments.old_known_coin_id = kc.known_coin_id)" + " ON (refresh_commitments.old_coin_pub = kc.coin_pub)" " JOIN denominations denom" " ON (kc.denominations_serial = denom.denominations_serial)" " WHERE melt_serial_id>=$1" @@ -859,22 +877,15 @@ prepare_statements (struct PostgresClosure *pg) ",melt_serial_id" " FROM refresh_commitments" " JOIN known_coins kc" - " ON (refresh_commitments.old_known_coin_id = kc.known_coin_id)" + " ON (refresh_commitments.old_coin_pub = kc.coin_pub)" " JOIN denominations denoms" " USING (denominations_serial)" - " WHERE old_known_coin_id=" - "(SELECT known_coin_id" - " FROM known_coins" - " WHERE coin_pub=$1);", + " WHERE old_coin_pub=$1;", 1), /* Store information about the desired denominations for a refresh operation, used in #postgres_insert_refresh_reveal() */ GNUNET_PQ_make_prepare ( "insert_refresh_revealed_coin", - "WITH rcx AS" - " (SELECT melt_serial_id" - " FROM refresh_commitments" - " WHERE rc=$1)" "INSERT INTO refresh_revealed_coins " "(melt_serial_id " ",freshcoin_index " @@ -883,10 +894,9 @@ prepare_statements (struct PostgresClosure *pg) ",coin_ev" ",h_coin_ev" ",ev_sig" - ") SELECT rcx.melt_serial_id, $2, $3, " + ") SELECT $1, $2, $3, " " denominations_serial, $5, $6, $7" " FROM denominations" - " CROSS JOIN rcx" " WHERE denom_pub_hash=$4;", 7), /* Obtain information about the coins created in a refresh @@ -895,7 +905,7 @@ prepare_statements (struct PostgresClosure *pg) "get_refresh_revealed_coins", "SELECT " " rrc.freshcoin_index" - ",denom.denom_pub" + ",denom.denom_pub_hash" ",rrc.link_sig" ",rrc.coin_ev" ",rrc.ev_sig" @@ -904,8 +914,7 @@ prepare_statements (struct PostgresClosure *pg) " USING (melt_serial_id)" " JOIN denominations denom " " USING (denominations_serial)" - " WHERE rc=$1" - " ORDER BY freshcoin_index ASC;", + " WHERE rc=$1;", 1), /* Used in #postgres_insert_refresh_reveal() to store the transfer @@ -916,22 +925,8 @@ prepare_statements (struct PostgresClosure *pg) "(melt_serial_id" ",transfer_pub" ",transfer_privs" - ") SELECT melt_serial_id, $2, $3" - " FROM refresh_commitments" - " WHERE rc=$1", + ") VALUES ($1, $2, $3);", 3), - /* Used in #postgres_get_refresh_reveal() to retrieve transfer - keys from /refresh/reveal */ - GNUNET_PQ_make_prepare ( - "get_refresh_transfer_keys", - "SELECT" - " transfer_pub" - ",transfer_privs" - " FROM refresh_transfer_keys" - " JOIN refresh_commitments" - " USING (melt_serial_id)" - " WHERE rc=$1;", - 1), /* Used in #postgres_insert_refund() to store refund information */ GNUNET_PQ_make_prepare ( "insert_refund", @@ -943,8 +938,10 @@ prepare_statements (struct PostgresClosure *pg) ",amount_with_fee_frac " ") SELECT deposit_serial_id, $3, $5, $6, $7" " FROM deposits" - " JOIN known_coins USING (known_coin_id)" - " WHERE coin_pub=$1" + " WHERE known_coin_id=" + " (SELECT known_coin_id " + " FROM known_coins" + " WHERE coin_pub=$1)" " AND h_contract_terms=$4" " AND merchant_pub=$2", 7), @@ -1224,10 +1221,7 @@ prepare_statements (struct PostgresClosure *pg) " USING (melt_serial_id)" " JOIN denominations denoms" " ON (rrc.denominations_serial = denoms.denominations_serial)" - " WHERE old_known_coin_id=" - " (SELECT known_coin_id " - " FROM known_coins" - " WHERE coin_pub=$1)" + " WHERE old_coin_pub=$1" " ORDER BY tp.transfer_pub, rrc.freshcoin_index ASC", 1), /* Used in #postgres_lookup_wire_transfer */ @@ -1356,7 +1350,7 @@ prepare_statements (struct PostgresClosure *pg) GNUNET_PQ_make_prepare ( "wire_prepare_data_insert", "INSERT INTO prewire " - "(type" + "(wire_method" ",buf" ") VALUES " "($1, $2);", @@ -1380,7 +1374,7 @@ prepare_statements (struct PostgresClosure *pg) "wire_prepare_data_get", "SELECT" " prewire_uuid" - ",type" + ",wire_method" ",buf" " FROM prewire" " WHERE prewire_uuid >= $1" @@ -1451,54 +1445,12 @@ prepare_statements (struct PostgresClosure *pg) " AND exchange_account_section=$2" " ORDER BY wireout_uuid ASC;", 2), - /* Used in #postgres_insert_recoup_request() to store recoup - information */ - GNUNET_PQ_make_prepare ( - "recoup_insert", - "WITH rx AS" - " (SELECT reserve_out_serial_id" - " FROM reserves_out" - " WHERE h_blind_ev=$7)" - "INSERT INTO recoup " - "(known_coin_id" - ",coin_sig" - ",coin_blind" - ",amount_val" - ",amount_frac" - ",timestamp" - ",reserve_out_serial_id" - ") SELECT known_coin_id, $2, $3, $4, $5, $6, rx.reserve_out_serial_id" - " FROM known_coins" - " CROSS JOIN rx" - " WHERE coin_pub=$1;", - 7), - /* Used in #postgres_insert_recoup_refresh_request() to store recoup-refresh - information */ - GNUNET_PQ_make_prepare ( - "recoup_refresh_insert", - "WITH rrx AS" - " (SELECT rrc_serial" - " FROM refresh_revealed_coins" - " WHERE h_coin_ev=$7)" - "INSERT INTO recoup_refresh " - "(known_coin_id" - ",coin_sig" - ",coin_blind" - ",amount_val" - ",amount_frac" - ",timestamp" - ",rrc_serial" - ") SELECT known_coin_id, $2, $3, $4, $5, $6, rrx.rrc_serial" - " FROM known_coins" - " CROSS JOIN rrx" - " WHERE coin_pub=$1;", - 7), /* Used in #postgres_select_recoup_above_serial_id() to obtain recoup transactions */ GNUNET_PQ_make_prepare ( "recoup_get_incr", "SELECT" " recoup_uuid" - ",timestamp" + ",recoup_timestamp" ",reserves.reserve_pub" ",coins.coin_pub" ",coin_sig" @@ -1515,7 +1467,7 @@ prepare_statements (struct PostgresClosure *pg) " JOIN reserves_out ro" " USING (reserve_out_serial_id)" " JOIN reserves" - " USING (reserve_pub)" + " USING (reserve_uuid)" " JOIN denominations denoms" " ON (coins.denominations_serial = denoms.denominations_serial)" " WHERE recoup_uuid>=$1" @@ -1527,7 +1479,7 @@ prepare_statements (struct PostgresClosure *pg) "recoup_refresh_get_incr", "SELECT" " recoup_refresh_uuid" - ",timestamp" + ",recoup_timestamp" ",old_coins.coin_pub AS old_coin_pub" ",old_denoms.denom_pub_hash AS old_denom_pub_hash" ",new_coins.coin_pub As coin_pub" @@ -1545,7 +1497,7 @@ prepare_statements (struct PostgresClosure *pg) " INNER JOIN refresh_commitments rfc" " ON (rrc.melt_serial_id = rfc.melt_serial_id)" " INNER JOIN known_coins old_coins" - " ON (rfc.old_known_coin_id = old_coins.known_coin_id)" + " ON (rfc.old_coin_pub = old_coins.coin_pub)" " INNER JOIN known_coins new_coins" " ON (new_coins.known_coin_id = recoup_refresh.known_coin_id)" " INNER JOIN denominations new_denoms" @@ -1587,17 +1539,19 @@ prepare_statements (struct PostgresClosure *pg) ",coin_blind" ",amount_val" ",amount_frac" - ",timestamp" + ",recoup_timestamp" ",denoms.denom_pub_hash" ",coins.denom_sig" - " FROM recoup" - " JOIN known_coins coins" - " USING (known_coin_id)" - " JOIN denominations denoms" - " USING (denominations_serial)" - " JOIN reserves_out ro" - " USING (reserve_out_serial_id)" - " WHERE ro.reserve_pub=$1;", + " FROM reserves" + " JOIN reserves_out ro" + " USING (reserve_uuid)" + " JOIN recoup" + " USING (reserve_out_serial_id)" + " JOIN known_coins coins" + " USING (known_coin_id)" + " JOIN denominations denoms" + " ON (coins.denominations_serial = denoms.denominations_serial)" + " WHERE reserve_pub=$1;", 1), /* Used in #postgres_get_coin_transactions() to obtain recoup transactions affecting old coins of refreshed coins */ @@ -1609,7 +1563,7 @@ prepare_statements (struct PostgresClosure *pg) ",coin_blind" ",amount_val" ",amount_frac" - ",timestamp" + ",recoup_timestamp" ",denoms.denom_pub_hash" ",coins.denom_sig" ",recoup_refresh_uuid" @@ -1623,10 +1577,7 @@ prepare_statements (struct PostgresClosure *pg) " FROM refresh_commitments" " JOIN refresh_revealed_coins rrc" " USING (melt_serial_id)" - " WHERE old_known_coin_id=" - " (SELECT known_coin_id" - " FROM known_coins" - " WHERE coin_pub=$1));", + " WHERE old_coin_pub=$1);", 1), /* Used in #postgres_get_reserve_history() */ GNUNET_PQ_make_prepare ( @@ -1675,13 +1626,13 @@ prepare_statements (struct PostgresClosure *pg) ",coin_blind" ",amount_val" ",amount_frac" - ",timestamp" + ",recoup_timestamp" ",recoup_uuid" " FROM recoup" " JOIN reserves_out ro" " USING (reserve_out_serial_id)" " JOIN reserves" - " USING (reserve_pub)" + " USING (reserve_uuid)" " JOIN known_coins coins" " USING (known_coin_id)" " JOIN denominations denoms" @@ -1698,7 +1649,7 @@ prepare_statements (struct PostgresClosure *pg) ",coin_blind" ",amount_val" ",amount_frac" - ",timestamp" + ",recoup_timestamp" ",denoms.denom_pub_hash" ",coins.denom_sig" ",recoup_refresh_uuid" @@ -1708,7 +1659,7 @@ prepare_statements (struct PostgresClosure *pg) " JOIN refresh_commitments rfc" " ON (rrc.melt_serial_id = rfc.melt_serial_id)" " JOIN known_coins old_coins" - " ON (rfc.old_known_coin_id = old_coins.known_coin_id)" + " ON (rfc.old_coin_pub = old_coins.coin_pub)" " JOIN known_coins coins" " ON (recoup_refresh.known_coin_id = coins.known_coin_id)" " JOIN denominations denoms" @@ -1720,9 +1671,10 @@ prepare_statements (struct PostgresClosure *pg) "reserve_by_h_blind", "SELECT" " reserves.reserve_pub" + ",reserve_out_serial_id" " FROM reserves_out" " JOIN reserves" - " USING (reserve_pub)" + " USING (reserve_uuid)" " WHERE h_blind_ev=$1" " LIMIT 1;", 1), @@ -1731,9 +1683,10 @@ prepare_statements (struct PostgresClosure *pg) "old_coin_by_h_blind", "SELECT" " okc.coin_pub AS old_coin_pub" + ",rrc_serial" " FROM refresh_revealed_coins rrc" " JOIN refresh_commitments rcom USING (melt_serial_id)" - " JOIN known_coins okc ON (rcom.old_known_coin_id = okc.known_coin_id)" + " JOIN known_coins okc ON (rcom.old_coin_pub = okc.coin_pub)" " WHERE h_coin_ev=$1" " LIMIT 1;", 1), @@ -1923,16 +1876,6 @@ prepare_statements (struct PostgresClosure *pg) " FROM denominations" " WHERE denom_pub_hash=$2);", 2), - /* used in #postgres_select_withdraw_amounts_by_account() */ - GNUNET_PQ_make_prepare ( - "select_above_date_by_reserves_out", - "SELECT" - " amount_with_fee_val" - ",amount_with_fee_frac" - " FROM reserves_out" - " WHERE reserve_pub=$1" - " AND execution_date > $2;", - 2), /* used in #postgres_lookup_wire_fee_by_time() */ GNUNET_PQ_make_prepare ( "lookup_wire_fee_by_time", @@ -2214,6 +2157,7 @@ prepare_statements (struct PostgresClosure *pg) ",amount_with_fee_val" ",amount_with_fee_frac" " FROM reserves_out" + " JOIN reserves USING (reserve_uuid)" " WHERE reserve_out_serial_id > $1" " ORDER BY reserve_out_serial_id ASC;", 1), @@ -2284,7 +2228,7 @@ prepare_statements (struct PostgresClosure *pg) ",amount_with_fee_val" ",amount_with_fee_frac" ",noreveal_index" - ",old_known_coin_id" + ",old_coin_pub" " FROM refresh_commitments" " WHERE melt_serial_id > $1" " ORDER BY melt_serial_id ASC;", @@ -2400,7 +2344,7 @@ prepare_statements (struct PostgresClosure *pg) ",coin_blind" ",amount_val" ",amount_frac" - ",timestamp" + ",recoup_timestamp" ",known_coin_id" ",reserve_out_serial_id" " FROM recoup" @@ -2415,7 +2359,7 @@ prepare_statements (struct PostgresClosure *pg) ",coin_blind" ",amount_val" ",amount_frac" - ",timestamp" + ",recoup_timestamp" ",known_coin_id" ",rrc_serial" " FROM recoup_refresh" @@ -2505,7 +2449,7 @@ prepare_statements (struct PostgresClosure *pg) ",h_blind_ev" ",denominations_serial" ",denom_sig" - ",reserve_pub" + ",reserve_uuid" ",reserve_sig" ",execution_date" ",amount_with_fee_val" @@ -2575,7 +2519,7 @@ prepare_statements (struct PostgresClosure *pg) ",amount_with_fee_val" ",amount_with_fee_frac" ",noreveal_index" - ",old_known_coin_id" + ",old_coin_pub" ") VALUES " "($1, $2, $3, $4, $5, $6, $7);", 7), @@ -2672,7 +2616,7 @@ prepare_statements (struct PostgresClosure *pg) ",coin_blind" ",amount_val" ",amount_frac" - ",timestamp" + ",recoup_timestamp" ",known_coin_id" ",reserve_out_serial_id" ") VALUES " @@ -2686,7 +2630,7 @@ prepare_statements (struct PostgresClosure *pg) ",coin_blind" ",amount_val" ",amount_frac" - ",timestamp" + ",recoup_timestamp" ",known_coin_id" ",rrc_serial" ") VALUES " @@ -2845,7 +2789,14 @@ internal_setup (struct PostgresClosure *pg, GNUNET_PQ_EXECUTE_STATEMENT_END }; #else - struct GNUNET_PQ_ExecuteStatement *es = NULL; + struct GNUNET_PQ_ExecuteStatement es[] = { + GNUNET_PQ_make_try_execute ( + "SET SESSION CHARACTERISTICS AS TRANSACTION ISOLATION LEVEL SERIALIZABLE;"), + GNUNET_PQ_make_try_execute ("SET enable_sort=OFF;"), + GNUNET_PQ_make_try_execute ("SET enable_seqscan=OFF;"), + GNUNET_PQ_make_try_execute ("SET autocommit=OFF;"), + GNUNET_PQ_EXECUTE_STATEMENT_END + }; #endif struct GNUNET_PQ_Context *db_conn; @@ -3872,40 +3823,6 @@ postgres_set_kyc_ok (void *cls, } -/** - * Get the KYC status for a bank account. - * - * @param cls the @e cls of this struct with the plugin-specific state - * @param payto_uri payto:// URI that identifies the bank account - * @param[out] kyc set to the KYC status of the reserve - * @return transaction status - */ -static enum GNUNET_DB_QueryStatus -postgres_get_kyc_status (void *cls, - const char *payto_uri, - struct TALER_EXCHANGEDB_KycStatus *kyc) -{ - struct PostgresClosure *pg = cls; - struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_string (payto_uri), - GNUNET_PQ_query_param_end - }; - struct GNUNET_PQ_ResultSpec rs[] = { - GNUNET_PQ_result_spec_uint64 ("payment_target_uuid", - &kyc->payment_target_uuid), - GNUNET_PQ_result_spec_auto_from_type ("kyc_ok", - &kyc->ok), - GNUNET_PQ_result_spec_end - }; - - kyc->type = TALER_EXCHANGEDB_KYC_DEPOSIT; - return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, - "get_kyc_status", - params, - rs); -} - - /** * Get the @a kyc status and @a h_payto by UUID. * @@ -4366,39 +4283,6 @@ postgres_reserves_in_insert (void *cls, } -/** - * Obtain the most recent @a wire_reference that was inserted via @e reserves_in_insert. - * - * @param cls the @e cls of this struct with the plugin-specific state - * @param exchange_account_name name of the section in the exchange's configuration - * for the account that we are tracking here - * @param[out] wire_reference set to unique reference identifying the wire transfer - * @return transaction status code - */ -static enum GNUNET_DB_QueryStatus -postgres_get_latest_reserve_in_reference ( - void *cls, - const char *exchange_account_name, - uint64_t *wire_reference) -{ - struct PostgresClosure *pg = cls; - struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_string (exchange_account_name), - GNUNET_PQ_query_param_end - }; - struct GNUNET_PQ_ResultSpec rs[] = { - GNUNET_PQ_result_spec_uint64 ("wire_reference", - wire_reference), - GNUNET_PQ_result_spec_end - }; - - return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, - "reserves_in_get_latest_wire_reference", - params, - rs); -} - - /** * Locate the response for a /reserve/withdraw request under the * key of the hash of the blinded message. @@ -4455,53 +4339,6 @@ postgres_get_withdraw_info ( } -/** - * Check coin balance is sufficient to satisfy balance - * invariants. - * - * @param cls the `struct PostgresClosure` with the plugin-specific state - * @param coin_pub coin to check - * @param coin_value value of the coin's denomination (avoids internal lookup) - * @param check_recoup include recoup and recoup_refresh tables in calculation - * @param zombie_required additionally require coin to be a zombie coin - * @param[out] balance_ok set to true if the balance was sufficient - * @param[out] zombie_ok set to true if the zombie requirement was satisfied - * @return query execution status - */ -static enum GNUNET_DB_QueryStatus -postgres_do_check_coin_balance ( - void *cls, - const struct TALER_CoinSpendPublicKeyP *coin_pub, - const struct TALER_Amount *coin_value, - bool check_recoup, - bool zombie_required, - bool *balance_ok, - bool *zombie_ok) -{ - struct PostgresClosure *pg = cls; - struct GNUNET_PQ_QueryParam params[] = { - TALER_PQ_query_param_amount (coin_value), - GNUNET_PQ_query_param_auto_from_type (coin_pub), - GNUNET_PQ_query_param_bool (check_recoup), - GNUNET_PQ_query_param_bool (zombie_required), - GNUNET_PQ_query_param_end - }; - struct GNUNET_PQ_ResultSpec rs[] = { - GNUNET_PQ_result_spec_bool ("balance_ok", - balance_ok), - GNUNET_PQ_result_spec_bool ("zombie_ok", - zombie_ok), - GNUNET_PQ_result_spec_end - }; - - return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, - "call_check_coin_balance", - params, - rs); - -} - - /** * Perform withdraw operation, checking for sufficient balance * and possibly persisting the withdrawal details. @@ -4513,6 +4350,7 @@ postgres_do_check_coin_balance ( * @param[out] found set to true if the reserve was found * @param[out] balance_ok set to true if the balance was sufficient * @param[out] kyc_ok set to true if the kyc status of the reserve is satisfied + * @param[out] ruuid set to the reserve's UUID (reserves table row) * @return query execution status */ static enum GNUNET_DB_QueryStatus @@ -4522,7 +4360,8 @@ postgres_do_withdraw ( struct GNUNET_TIME_Timestamp now, bool *found, bool *balance_ok, - struct TALER_EXCHANGEDB_KycStatus *kyc) + struct TALER_EXCHANGEDB_KycStatus *kyc, + uint64_t *ruuid) { struct PostgresClosure *pg = cls; struct GNUNET_TIME_Timestamp gc; @@ -4546,6 +4385,8 @@ postgres_do_withdraw ( &kyc->ok), GNUNET_PQ_result_spec_uint64 ("payment_target_uuid", &kyc->payment_target_uuid), + GNUNET_PQ_result_spec_uint64 ("ruuid", + ruuid), GNUNET_PQ_result_spec_end }; @@ -4566,7 +4407,7 @@ postgres_do_withdraw ( * checks after withdraw operation. * * @param cls the `struct PostgresClosure` with the plugin-specific state - * @param reserve_uuid reserve to check + * @param ruuid reserve to check * @param withdraw_start starting point to accumulate from * @param upper_limit maximum amount allowed * @param[out] below_limit set to true if the limit was not exceeded @@ -4575,14 +4416,14 @@ postgres_do_withdraw ( static enum GNUNET_DB_QueryStatus postgres_do_withdraw_limit_check ( void *cls, - const struct TALER_ReservePublicKeyP *reserve_pub, + uint64_t ruuid, struct GNUNET_TIME_Absolute withdraw_start, const struct TALER_Amount *upper_limit, bool *below_limit) { struct PostgresClosure *pg = cls; struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_auto_from_type (reserve_pub), + GNUNET_PQ_query_param_uint64 (&ruuid), GNUNET_PQ_query_param_absolute_time (&withdraw_start), TALER_PQ_query_param_amount (upper_limit), GNUNET_PQ_query_param_end @@ -4600,6 +4441,353 @@ postgres_do_withdraw_limit_check ( } +/** + * Compute the shard number of a given @a deposit + * + * @param deposit deposit to compute shard for + * @return shard number + */ +static uint64_t +compute_shard (const struct TALER_MerchantPublicKeyP *merchant_pub) +{ + uint32_t res; + + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (&res, + sizeof (res), + merchant_pub, + sizeof (*merchant_pub), + "VOID", + 4, + NULL, 0)); + /* interpret hash result as NBO for platform independence, + convert to HBO and map to [0..2^31-1] range */ + res = ntohl (res); + if (res > INT32_MAX) + res += INT32_MIN; + GNUNET_assert (res <= INT32_MAX); + return (uint64_t) res; +} + + +/** + * Perform deposit operation, checking for sufficient balance + * of the coin and possibly persisting the deposit details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param deposit deposit operation details + * @param known_coin_id row of the coin in the known_coins table + * @param[in,out] exchange_timestamp time to use for the deposit (possibly updated) + * @param[out] balance_ok set to true if the balance was sufficient + * @param[out] in_conflict set to true if the deposit conflicted + * @return query execution status + */ +static enum GNUNET_DB_QueryStatus +postgres_do_deposit ( + void *cls, + const struct TALER_EXCHANGEDB_Deposit *deposit, + uint64_t known_coin_id, + const struct TALER_PaytoHash *h_payto, + bool extension_blocked, + struct GNUNET_TIME_Timestamp *exchange_timestamp, + bool *balance_ok, + bool *in_conflict) +{ + struct PostgresClosure *pg = cls; + uint64_t deposit_shard = compute_shard (&deposit->merchant_pub); + struct GNUNET_PQ_QueryParam params[] = { + TALER_PQ_query_param_amount (&deposit->amount_with_fee), + GNUNET_PQ_query_param_auto_from_type (&deposit->h_contract_terms), + GNUNET_PQ_query_param_auto_from_type (&deposit->wire_salt), + GNUNET_PQ_query_param_timestamp (&deposit->timestamp), + GNUNET_PQ_query_param_timestamp (exchange_timestamp), + GNUNET_PQ_query_param_timestamp (&deposit->refund_deadline), + GNUNET_PQ_query_param_timestamp (&deposit->wire_deadline), + GNUNET_PQ_query_param_auto_from_type (&deposit->merchant_pub), + GNUNET_PQ_query_param_string (deposit->receiver_wire_account), + GNUNET_PQ_query_param_auto_from_type (h_payto), + GNUNET_PQ_query_param_uint64 (&known_coin_id), + GNUNET_PQ_query_param_auto_from_type (&deposit->coin.coin_pub), + GNUNET_PQ_query_param_auto_from_type (&deposit->csig), + GNUNET_PQ_query_param_uint64 (&deposit_shard), + GNUNET_PQ_query_param_bool (extension_blocked), + (NULL == deposit->extension_details) + ? GNUNET_PQ_query_param_null () + : TALER_PQ_query_param_json (deposit->extension_details), + GNUNET_PQ_query_param_end + }; + struct GNUNET_PQ_ResultSpec rs[] = { + GNUNET_PQ_result_spec_bool ("balance_ok", + balance_ok), + GNUNET_PQ_result_spec_bool ("conflicted", + in_conflict), + GNUNET_PQ_result_spec_timestamp ("exchange_timestamp", + exchange_timestamp), + GNUNET_PQ_result_spec_end + }; + + return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, + "call_deposit", + params, + rs); +} + + +/** + * Perform melt operation, checking for sufficient balance + * of the coin and possibly persisting the melt details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param[in,out] refresh refresh operation details; the noreveal_index + * is set in case the coin was already melted before + * @param known_coin_id row of the coin in the known_coins table + * @param[in,out] zombie_required true if the melt must only succeed if the coin is a zombie, set to false if the requirement was satisfied + * @param[out] balance_ok set to true if the balance was sufficient + * @return query execution status + */ +static enum GNUNET_DB_QueryStatus +postgres_do_melt ( + void *cls, + struct TALER_EXCHANGEDB_Refresh *refresh, + uint64_t known_coin_id, + bool *zombie_required, + bool *balance_ok) +{ + struct PostgresClosure *pg = cls; + struct GNUNET_PQ_QueryParam params[] = { + TALER_PQ_query_param_amount (&refresh->amount_with_fee), + GNUNET_PQ_query_param_auto_from_type (&refresh->rc), + GNUNET_PQ_query_param_auto_from_type (&refresh->coin.coin_pub), + GNUNET_PQ_query_param_auto_from_type (&refresh->coin_sig), + GNUNET_PQ_query_param_uint64 (&known_coin_id), + GNUNET_PQ_query_param_uint32 (&refresh->noreveal_index), + GNUNET_PQ_query_param_bool (*zombie_required), + GNUNET_PQ_query_param_end + }; + bool is_null; + struct GNUNET_PQ_ResultSpec rs[] = { + GNUNET_PQ_result_spec_bool ("balance_ok", + balance_ok), + GNUNET_PQ_result_spec_bool ("zombie_required", + zombie_required), + GNUNET_PQ_result_spec_allow_null ( + GNUNET_PQ_result_spec_uint32 ("noreveal_index", + &refresh->noreveal_index), + &is_null), + GNUNET_PQ_result_spec_end + }; + enum GNUNET_DB_QueryStatus qs; + + qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn, + "call_melt", + params, + rs); + if (is_null) + refresh->noreveal_index = UINT32_MAX; /* set to very invalid value */ + return qs; +} + + +/** + * Perform refund operation, checking for sufficient deposits + * of the coin and possibly persisting the refund details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param refund refund operation details + * @param deposit_fee deposit fee applicable for the coin, possibly refunded + * @param known_coin_id row of the coin in the known_coins table + * @param[out] not_found set if the deposit was not found + * @param[out] refund_ok set if the refund succeeded (below deposit amount) + * @param[out] gone if the merchant was already paid + * @param[out] conflict set if the refund ID was re-used + * @return query execution status + */ +static enum GNUNET_DB_QueryStatus +postgres_do_refund ( + void *cls, + const struct TALER_EXCHANGEDB_Refund *refund, + const struct TALER_Amount *deposit_fee, + uint64_t known_coin_id, + bool *not_found, + bool *refund_ok, + bool *gone, + bool *conflict) +{ + struct PostgresClosure *pg = cls; + uint64_t deposit_shard = compute_shard (&refund->details.merchant_pub); + struct TALER_Amount amount_without_fee; + struct GNUNET_PQ_QueryParam params[] = { + TALER_PQ_query_param_amount (&refund->details.refund_amount), + TALER_PQ_query_param_amount (&amount_without_fee), + TALER_PQ_query_param_amount (deposit_fee), + GNUNET_PQ_query_param_auto_from_type (&refund->details.h_contract_terms), + GNUNET_PQ_query_param_uint64 (&refund->details.rtransaction_id), + GNUNET_PQ_query_param_uint64 (&deposit_shard), + GNUNET_PQ_query_param_uint64 (&known_coin_id), + GNUNET_PQ_query_param_auto_from_type (&refund->coin.coin_pub), + GNUNET_PQ_query_param_auto_from_type (&refund->details.merchant_pub), + GNUNET_PQ_query_param_auto_from_type (&refund->details.merchant_sig), + GNUNET_PQ_query_param_end + }; + struct GNUNET_PQ_ResultSpec rs[] = { + GNUNET_PQ_result_spec_bool ("not_found", + not_found), + GNUNET_PQ_result_spec_bool ("refund_ok", + refund_ok), + GNUNET_PQ_result_spec_bool ("gone", + gone), + GNUNET_PQ_result_spec_bool ("conflict", + conflict), + GNUNET_PQ_result_spec_end + }; + + if (0 > + TALER_amount_subtract (&amount_without_fee, + &refund->details.refund_amount, + &refund->details.refund_fee)) + { + GNUNET_break (0); + return GNUNET_DB_STATUS_HARD_ERROR; + } + return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, + "call_refund", + params, + rs); +} + + +/** + * Perform recoup operation, checking for sufficient deposits + * of the coin and possibly persisting the recoup details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param reserve_pub public key of the reserve to credit + * @param reserve_out_serial_id row in the reserves_out table justifying the recoup + * @param requested_amount the amount to be recouped + * @param coin_bks coin blinding key secret to persist + * @param coin_pub public key of the coin being recouped + * @param known_coin_id row of the @a coin_pub in the known_coins table + * @param coin_sig signature of the coin requesting the recoup + * @param[in,out] recoup_timestamp recoup timestamp, set if recoup existed + * @param[out] recoup_ok set if the recoup succeeded (balance ok) + * @param[out] internal_failure set on internal failures + * @return query execution status + */ +static enum GNUNET_DB_QueryStatus +postgres_do_recoup ( + void *cls, + const struct TALER_ReservePublicKeyP *reserve_pub, + uint64_t reserve_out_serial_id, + const struct TALER_Amount *requested_amount, + const union TALER_DenominationBlindingKeyP *coin_bks, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + uint64_t known_coin_id, + const struct TALER_CoinSpendSignatureP *coin_sig, + struct GNUNET_TIME_Timestamp *recoup_timestamp, + bool *recoup_ok, + bool *internal_failure) +{ + struct PostgresClosure *pg = cls; + struct GNUNET_TIME_Timestamp reserve_gc + = GNUNET_TIME_relative_to_timestamp (pg->legal_reserve_expiration_time); + struct GNUNET_TIME_Timestamp reserve_expiration + = GNUNET_TIME_relative_to_timestamp (pg->idle_reserve_expiration_time); + struct GNUNET_PQ_QueryParam params[] = { + GNUNET_PQ_query_param_auto_from_type (reserve_pub), + GNUNET_PQ_query_param_uint64 (&reserve_out_serial_id), + TALER_PQ_query_param_amount (requested_amount), + GNUNET_PQ_query_param_auto_from_type (coin_bks), + GNUNET_PQ_query_param_auto_from_type (coin_pub), + GNUNET_PQ_query_param_uint64 (&known_coin_id), + GNUNET_PQ_query_param_auto_from_type (coin_sig), + GNUNET_PQ_query_param_timestamp (&reserve_gc), + GNUNET_PQ_query_param_timestamp (&reserve_expiration), + GNUNET_PQ_query_param_timestamp (recoup_timestamp), + GNUNET_PQ_query_param_end + }; + bool is_null; + struct GNUNET_PQ_ResultSpec rs[] = { + GNUNET_PQ_result_spec_allow_null ( + GNUNET_PQ_result_spec_timestamp ("recoup_timestamp", + recoup_timestamp), + &is_null), + GNUNET_PQ_result_spec_bool ("recoup_ok", + recoup_ok), + GNUNET_PQ_result_spec_bool ("internal_failure", + internal_failure), + GNUNET_PQ_result_spec_end + }; + + return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, + "call_recoup", + params, + rs); +} + + +/** + * Perform recoup-refresh operation, checking for sufficient deposits of the + * coin and possibly persisting the recoup-refresh details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param old_coin_pub public key of the old coin to credit + * @param rrc_serial row in the refresh_revealed_coins table justifying the recoup-refresh + * @param requested_amount the amount to be recouped + * @param coin_bks coin blinding key secret to persist + * @param coin_pub public key of the coin being recouped + * @param known_coin_id row of the @a coin_pub in the known_coins table + * @param coin_sig signature of the coin requesting the recoup + * @param[in,out] recoup_timestamp recoup timestamp, set if recoup existed + * @param[out] recoup_ok set if the recoup-refresh succeeded (balance ok) + * @param[out] internal_failure set on internal failures + * @return query execution status + */ +static enum GNUNET_DB_QueryStatus +postgres_do_recoup_refresh ( + void *cls, + const struct TALER_CoinSpendPublicKeyP *old_coin_pub, + uint64_t rrc_serial, + const struct TALER_Amount *requested_amount, + const union TALER_DenominationBlindingKeyP *coin_bks, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + uint64_t known_coin_id, + const struct TALER_CoinSpendSignatureP *coin_sig, + struct GNUNET_TIME_Timestamp *recoup_timestamp, + bool *recoup_ok, + bool *internal_failure) +{ + struct PostgresClosure *pg = cls; + struct GNUNET_PQ_QueryParam params[] = { + GNUNET_PQ_query_param_auto_from_type (old_coin_pub), + GNUNET_PQ_query_param_uint64 (&rrc_serial), + TALER_PQ_query_param_amount (requested_amount), + GNUNET_PQ_query_param_auto_from_type (coin_bks), + GNUNET_PQ_query_param_auto_from_type (coin_pub), + GNUNET_PQ_query_param_uint64 (&known_coin_id), + GNUNET_PQ_query_param_auto_from_type (coin_sig), + GNUNET_PQ_query_param_timestamp (recoup_timestamp), + GNUNET_PQ_query_param_end + }; + bool is_null; + struct GNUNET_PQ_ResultSpec rs[] = { + GNUNET_PQ_result_spec_allow_null ( + GNUNET_PQ_result_spec_timestamp ("recoup_timestamp", + recoup_timestamp), + &is_null), + GNUNET_PQ_result_spec_bool ("recoup_ok", + recoup_ok), + GNUNET_PQ_result_spec_bool ("internal_failure", + internal_failure), + GNUNET_PQ_result_spec_end + }; + + return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, + "call_recoup_refresh", + params, + rs); +} + + /** * Closure for callbacks invoked via #postgres_get_reserve_history. */ @@ -4820,7 +5008,7 @@ add_recoup (void *cls, &recoup->coin_blind), GNUNET_PQ_result_spec_auto_from_type ("coin_sig", &recoup->coin_sig), - GNUNET_PQ_result_spec_timestamp ("timestamp", + GNUNET_PQ_result_spec_timestamp ("recoup_timestamp", &recoup->timestamp), GNUNET_PQ_result_spec_auto_from_type ("denom_pub_hash", &recoup->coin.denom_pub_hash), @@ -5008,218 +5196,6 @@ postgres_get_reserve_history (void *cls, } -/** - * Closure for withdraw_amount_by_account_cb() - */ -struct WithdrawAmountByAccountContext -{ - /** - * Function to call on each amount. - */ - TALER_EXCHANGEDB_WithdrawHistoryCallback cb; - - /** - * Closure for @e cb - */ - void *cb_cls; - - /** - * Our plugin's context. - */ - struct PostgresClosure *pg; - - /** - * Set to true on failures. - */ - bool failed; -}; - - -/** - * Helper function for #postgres_select_withdraw_amounts_by_account(). - * To be called with the results of a SELECT statement - * that has returned @a num_results results. - * - * @param cls closure of type `struct WithdrawAmountByAccountContext *` - * @param result the postgres result - * @param num_results the number of results in @a result - */ -static void -withdraw_amount_by_account_cb (void *cls, - PGresult *result, - unsigned int num_results) -{ - struct WithdrawAmountByAccountContext *wac = cls; - struct PostgresClosure *pg = wac->pg; - - for (unsigned int i = 0; i < num_results; i++) - { - struct TALER_Amount val; - struct GNUNET_PQ_ResultSpec rs[] = { - TALER_PQ_RESULT_SPEC_AMOUNT ("amount_with_fee", - &val), - GNUNET_PQ_result_spec_end - }; - - if (GNUNET_OK != - GNUNET_PQ_extract_result (result, - rs, - i)) - { - GNUNET_break (0); - wac->failed = true; - return; - } - wac->cb (wac->cb_cls, - &val); - } -} - - -/** - * Find out all of the amounts that have been withdrawn - * so far from the same bank account that created the - * given reserve. - * - * @param cls the `struct PostgresClosure` with the plugin-specific state - * @param reserve_pub reserve to select withdrawals by - * @param duration how far back should we select withdrawals - * @param cb function to call on each amount withdrawn - * @param cb_cls closure for @a cb - * @return transaction status - */ -static enum GNUNET_DB_QueryStatus -postgres_select_withdraw_amounts_by_account ( - void *cls, - const struct TALER_ReservePublicKeyP *reserve_pub, - struct GNUNET_TIME_Relative duration, - TALER_EXCHANGEDB_WithdrawHistoryCallback cb, - void *cb_cls) -{ - struct PostgresClosure *pg = cls; - struct WithdrawAmountByAccountContext wac = { - .pg = pg, - .cb = cb, - .cb_cls = cb_cls - }; - struct GNUNET_TIME_Absolute start; - - start = GNUNET_TIME_absolute_subtract (GNUNET_TIME_absolute_get (), - duration); - struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_auto_from_type (reserve_pub), - GNUNET_PQ_query_param_absolute_time (&start), - GNUNET_PQ_query_param_end - }; - enum GNUNET_DB_QueryStatus qs; - - qs = GNUNET_PQ_eval_prepared_multi_select ( - pg->conn, - "select_above_date_by_reserves_out", - params, - &withdraw_amount_by_account_cb, - &wac); - - if (wac.failed) - { - GNUNET_break (0); - qs = GNUNET_DB_STATUS_HARD_ERROR; - } - return qs; -} - - -/** - * Check if we have the specified deposit already in the database. - * - * @param cls the `struct PostgresClosure` with the plugin-specific state - * @param deposit deposit to search for - * @param[out] deposit_fee set to the deposit fee the exchange charged - * @param[out] exchange_timestamp set to the time when the exchange received the deposit - * @return 1 if we know this operation, - * 0 if this exact deposit is unknown to us, - * otherwise transaction error status - */ -static enum GNUNET_DB_QueryStatus -postgres_have_deposit (void *cls, - const struct TALER_EXCHANGEDB_Deposit *deposit, - struct TALER_Amount *deposit_fee, - struct GNUNET_TIME_Timestamp *exchange_timestamp) -{ - struct PostgresClosure *pg = cls; - struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_auto_from_type (&deposit->coin.coin_pub), - GNUNET_PQ_query_param_auto_from_type (&deposit->h_contract_terms), - GNUNET_PQ_query_param_auto_from_type (&deposit->merchant_pub), - GNUNET_PQ_query_param_end - }; - struct TALER_EXCHANGEDB_Deposit deposit2; - struct GNUNET_PQ_ResultSpec rs[] = { - TALER_PQ_RESULT_SPEC_AMOUNT ("amount_with_fee", - &deposit2.amount_with_fee), - GNUNET_PQ_result_spec_timestamp ("wallet_timestamp", - &deposit2.timestamp), - GNUNET_PQ_result_spec_timestamp ("exchange_timestamp", - exchange_timestamp), - GNUNET_PQ_result_spec_timestamp ("refund_deadline", - &deposit2.refund_deadline), - GNUNET_PQ_result_spec_timestamp ("wire_deadline", - &deposit2.wire_deadline), - TALER_PQ_RESULT_SPEC_AMOUNT ("fee_deposit", - deposit_fee), - GNUNET_PQ_result_spec_auto_from_type ("wire_salt", - &deposit2.wire_salt), - GNUNET_PQ_result_spec_string ("receiver_wire_account", - &deposit2.receiver_wire_account), - GNUNET_PQ_result_spec_end - }; - enum GNUNET_DB_QueryStatus qs; -#if EXPLICIT_LOCKS - struct GNUNET_PQ_QueryParam no_params[] = { - GNUNET_PQ_query_param_end - }; - - if (0 > (qs = GNUNET_PQ_eval_prepared_non_select (pg->conn, - "lock_deposit", - no_params))) - return qs; -#endif - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Getting deposits for coin %s\n", - TALER_B2S (&deposit->coin.coin_pub)); - qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn, - "get_deposit", - params, - rs); - if (0 >= qs) - return qs; - /* Now we check that the other information in @a deposit - also matches, and if not report inconsistencies. */ - if ( (0 != TALER_amount_cmp (&deposit->amount_with_fee, - &deposit2.amount_with_fee)) || - (GNUNET_TIME_timestamp_cmp (deposit->timestamp, - !=, - deposit2.timestamp)) || - (GNUNET_TIME_timestamp_cmp (deposit->refund_deadline, - !=, - deposit2.refund_deadline)) || - (0 != strcmp (deposit->receiver_wire_account, - deposit2.receiver_wire_account)) || - (0 != GNUNET_memcmp (&deposit->wire_salt, - &deposit2.wire_salt) ) ) - { - GNUNET_free (deposit2.receiver_wire_account); - /* Inconsistencies detected! Does not match! (We might want to - expand the API with a 'get_deposit' function to return the - original transaction details to be used for an error message - in the future!) FIXME #3838 */ - return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; - } - GNUNET_free (deposit2.receiver_wire_account); - return GNUNET_DB_STATUS_SUCCESS_ONE_RESULT; -} - - /** * Check if we have the specified deposit already in the database. * @@ -5641,6 +5617,8 @@ postgres_get_known_coin (void *cls, struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_auto_from_type ("denom_pub_hash", &coin_info->denom_pub_hash), + GNUNET_PQ_result_spec_auto_from_type ("age_hash", + &coin_info->age_commitment_hash), TALER_PQ_result_spec_denom_sig ("denom_sig", &coin_info->denom_sig), GNUNET_PQ_result_spec_end @@ -5662,6 +5640,7 @@ postgres_get_known_coin (void *cls, * * @param cls the plugin closure * @param coin_pub the public key of the coin to search for + * @param[out] known_coin_id set to the ID of the coin in the known_coins table * @param[out] denom_hash where to store the hash of the coins denomination * @return transaction status code */ @@ -5669,6 +5648,7 @@ static enum GNUNET_DB_QueryStatus postgres_get_coin_denomination ( void *cls, const struct TALER_CoinSpendPublicKeyP *coin_pub, + uint64_t *known_coin_id, struct TALER_DenominationHash *denom_hash) { struct PostgresClosure *pg = cls; @@ -5679,6 +5659,8 @@ postgres_get_coin_denomination ( struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_auto_from_type ("denom_pub_hash", denom_hash), + GNUNET_PQ_result_spec_uint64 ("known_coin_id", + known_coin_id), GNUNET_PQ_result_spec_end }; @@ -5692,36 +5674,6 @@ postgres_get_coin_denomination ( } -/** - * Insert a coin we know of into the DB. The coin can then be - * referenced by tables for deposits, refresh and refund - * functionality. - * - * @param cls plugin closure - * @param coin_info the public coin info - * @return query result status - */ -static enum GNUNET_DB_QueryStatus -insert_known_coin (void *cls, - const struct TALER_CoinPublicInfo *coin_info) -{ - struct PostgresClosure *pg = cls; - struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_auto_from_type (&coin_info->coin_pub), - GNUNET_PQ_query_param_auto_from_type (&coin_info->denom_pub_hash), - TALER_PQ_query_param_denom_sig (&coin_info->denom_sig), - GNUNET_PQ_query_param_end - }; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Creating known coin %s\n", - TALER_B2S (&coin_info->coin_pub)); - return GNUNET_PQ_eval_prepared_non_select (pg->conn, - "insert_known_coin", - params); -} - - /** * Count the number of known coins by denomination. * @@ -5761,47 +5713,49 @@ postgres_count_known_coins (void *cls, * * @param cls database connection plugin state * @param coin the coin that must be made known + * @param[out] known_coin_id set to the unique row of the coin + * @param[out] denom_hash set to the denomination hash of the existing + * coin (for conflict error reporting) + * @param[out] age_hash set to the conflicting age hash on conflict * @return database transaction status, non-negative on success */ static enum TALER_EXCHANGEDB_CoinKnownStatus postgres_ensure_coin_known (void *cls, - const struct TALER_CoinPublicInfo *coin) + const struct TALER_CoinPublicInfo *coin, + uint64_t *known_coin_id, + struct TALER_DenominationHash *denom_hash, + struct TALER_AgeHash *age_hash) { struct PostgresClosure *pg = cls; enum GNUNET_DB_QueryStatus qs; - struct TALER_DenominationHash denom_pub_hash; + bool existed; struct GNUNET_PQ_QueryParam params[] = { GNUNET_PQ_query_param_auto_from_type (&coin->coin_pub), + GNUNET_PQ_query_param_auto_from_type (&coin->denom_pub_hash), + GNUNET_PQ_query_param_auto_from_type (&coin->age_commitment_hash), + TALER_PQ_query_param_denom_sig (&coin->denom_sig), GNUNET_PQ_query_param_end }; + bool is_null = false; struct GNUNET_PQ_ResultSpec rs[] = { - GNUNET_PQ_result_spec_auto_from_type ("denom_pub_hash", - &denom_pub_hash), + GNUNET_PQ_result_spec_bool ("existed", + &existed), + GNUNET_PQ_result_spec_uint64 ("known_coin_id", + known_coin_id), + GNUNET_PQ_result_spec_allow_null ( + GNUNET_PQ_result_spec_auto_from_type ("age_hash", + age_hash), + &is_null), + GNUNET_PQ_result_spec_allow_null ( + GNUNET_PQ_result_spec_auto_from_type ("denom_pub_hash", + denom_hash), + &is_null), GNUNET_PQ_result_spec_end }; - /* First, try to simply insert it */ - qs = insert_known_coin (pg, - coin); - switch (qs) - { - case GNUNET_DB_STATUS_HARD_ERROR: - GNUNET_break (0); - return TALER_EXCHANGEDB_CKS_HARD_FAIL; - case GNUNET_DB_STATUS_SOFT_ERROR: - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Serialization failure in insert_known_coin? Strange!\n"); - return TALER_EXCHANGEDB_CKS_SOFT_FAIL; - case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - /* continued below */ - break; - case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: - return TALER_EXCHANGEDB_CKS_ADDED; - } - - /* check if the coin is already known */ + GNUNET_break (GNUNET_is_zero (&coin->age_commitment_hash)); // FIXME-OEC qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn, - "get_known_coin_dh", + "insert_known_coin", params, rs); switch (qs) @@ -5810,52 +5764,31 @@ postgres_ensure_coin_known (void *cls, GNUNET_break (0); return TALER_EXCHANGEDB_CKS_HARD_FAIL; case GNUNET_DB_STATUS_SOFT_ERROR: - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Serialization failure in get_known_coin_dh? Strange!\n"); return TALER_EXCHANGEDB_CKS_SOFT_FAIL; - case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: - if (0 == GNUNET_memcmp (&denom_pub_hash, - &coin->denom_pub_hash)) - return TALER_EXCHANGEDB_CKS_PRESENT; - GNUNET_break_op (0); - return TALER_EXCHANGEDB_CKS_CONFLICT; case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - /* should be impossible */ - GNUNET_break (0); + GNUNET_break (0); /* should be impossible */ return TALER_EXCHANGEDB_CKS_HARD_FAIL; + case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: + if (! existed) + return TALER_EXCHANGEDB_CKS_ADDED; + break; /* continued below */ } - /* we should never get here */ - GNUNET_break (0); - return TALER_EXCHANGEDB_CKS_HARD_FAIL; -} - - -/** - * Compute the shard number of a given @a deposit - * - * @param deposit deposit to compute shard for - * @return shard number - */ -static uint64_t -compute_shard (const struct TALER_EXCHANGEDB_Deposit *deposit) -{ - uint32_t res; - - GNUNET_assert (GNUNET_YES == - GNUNET_CRYPTO_kdf (&res, - sizeof (res), - &deposit->merchant_pub, - sizeof (deposit->merchant_pub), - deposit->receiver_wire_account, - strlen (deposit->receiver_wire_account), - NULL, 0)); - /* interpret hash result as NBO for platform independence, - convert to HBO and map to [0..2^31-1] range */ - res = ntohl (res); - if (res > INT32_MAX) - res += INT32_MIN; - GNUNET_assert (res <= INT32_MAX); - return (uint64_t) res; + if ( (! is_null) && + (0 != GNUNET_memcmp (age_hash, + &coin->age_commitment_hash)) ) + { + GNUNET_break (GNUNET_is_zero (age_hash)); // FIXME-OEC + GNUNET_break_op (0); + return TALER_EXCHANGEDB_CKS_AGE_CONFLICT; + } + if ( (! is_null) && + (0 != GNUNET_memcmp (denom_hash, + &coin->denom_pub_hash)) ) + { + GNUNET_break_op (0); + return TALER_EXCHANGEDB_CKS_DENOM_CONFLICT; + } + return TALER_EXCHANGEDB_CKS_PRESENT; } @@ -5885,7 +5818,7 @@ postgres_insert_deposit (void *cls, return qs; } { - uint64_t shard = compute_shard (deposit); + uint64_t shard = compute_shard (&deposit->merchant_pub); struct GNUNET_PQ_QueryParam params[] = { GNUNET_PQ_query_param_auto_from_type (&deposit->coin.coin_pub), TALER_PQ_query_param_amount (&deposit->amount_with_fee), @@ -6070,12 +6003,14 @@ postgres_select_refunds_by_coin ( * @param[out] melt where to store the result; note that * melt->session.coin.denom_sig will be set to NULL * and is not fetched by this routine (as it is not needed by the client) + * @param[out] melt_serial_id set to the row ID of @a rc in the refresh_commitments table * @return transaction status */ static enum GNUNET_DB_QueryStatus postgres_get_melt (void *cls, const struct TALER_RefreshCommitmentP *rc, - struct TALER_EXCHANGEDB_Melt *melt) + struct TALER_EXCHANGEDB_Melt *melt, + uint64_t *melt_serial_id) { struct PostgresClosure *pg = cls; struct GNUNET_PQ_QueryParam params[] = { @@ -6096,6 +6031,8 @@ postgres_get_melt (void *cls, &melt->session.coin_sig), TALER_PQ_RESULT_SPEC_AMOUNT ("amount_with_fee", &melt->session.amount_with_fee), + GNUNET_PQ_result_spec_uint64 ("melt_serial_id", + melt_serial_id), GNUNET_PQ_result_spec_end }; enum GNUNET_DB_QueryStatus qs; @@ -6112,75 +6049,13 @@ postgres_get_melt (void *cls, } -/** - * Lookup noreveal index of a previous melt operation under the given - * @a rc. - * - * @param cls the `struct PostgresClosure` with the plugin-specific state - * @param rc commitment hash to use to locate the operation - * @param[out] noreveal_index returns the "gamma" value selected by the - * exchange which is the index of the transfer key that is - * not to be revealed to the exchange - * @return transaction status - */ -static enum GNUNET_DB_QueryStatus -postgres_get_melt_index (void *cls, - const struct TALER_RefreshCommitmentP *rc, - uint32_t *noreveal_index) -{ - struct PostgresClosure *pg = cls; - struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_auto_from_type (rc), - GNUNET_PQ_query_param_end - }; - struct GNUNET_PQ_ResultSpec rs[] = { - GNUNET_PQ_result_spec_uint32 ("noreveal_index", - noreveal_index), - GNUNET_PQ_result_spec_end - }; - - return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, - "get_melt_index", - params, - rs); -} - - -/** - * Store new refresh melt commitment data. - * - * @param cls the `struct PostgresClosure` with the plugin-specific state - * @param refresh_session session data to store - * @return query status for the transaction - */ -static enum GNUNET_DB_QueryStatus -postgres_insert_melt ( - void *cls, - const struct TALER_EXCHANGEDB_Refresh *refresh_session) -{ - struct PostgresClosure *pg = cls; - struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_auto_from_type (&refresh_session->rc), - GNUNET_PQ_query_param_auto_from_type (&refresh_session->coin.coin_pub), - GNUNET_PQ_query_param_auto_from_type (&refresh_session->coin_sig), - TALER_PQ_query_param_amount (&refresh_session->amount_with_fee), - GNUNET_PQ_query_param_uint32 (&refresh_session->noreveal_index), - GNUNET_PQ_query_param_end - }; - - return GNUNET_PQ_eval_prepared_non_select (pg->conn, - "insert_melt", - params); -} - - /** * Store in the database which coin(s) the wallet wanted to create * in a given refresh operation and all of the other information * we learned or created in the /refresh/reveal step. * * @param cls the @e cls of this struct with the plugin-specific state - * @param rc identify commitment and thus refresh operation + * @param melt_serial_id row ID of the commitment / melt operation in refresh_commitments * @param num_rrcs number of coins to generate, size of the @a rrcs array * @param rrcs information about the new coins * @param num_tprivs number of entries in @a tprivs, should be #TALER_CNC_KAPPA - 1 @@ -6191,7 +6066,7 @@ postgres_insert_melt ( static enum GNUNET_DB_QueryStatus postgres_insert_refresh_reveal ( void *cls, - const struct TALER_RefreshCommitmentP *rc, + uint64_t melt_serial_id, uint32_t num_rrcs, const struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrcs, unsigned int num_tprivs, @@ -6208,13 +6083,12 @@ postgres_insert_refresh_reveal ( for (uint32_t i = 0; iorig_coin_link_sig), - GNUNET_PQ_query_param_auto_from_type (&denom_pub_hash), + GNUNET_PQ_query_param_auto_from_type (&rrc->h_denom_pub), GNUNET_PQ_query_param_fixed_size (rrc->coin_ev, rrc->coin_ev_size), GNUNET_PQ_query_param_auto_from_type (&h_coin_ev), @@ -6223,26 +6097,24 @@ postgres_insert_refresh_reveal ( }; enum GNUNET_DB_QueryStatus qs; - TALER_denom_pub_hash (&rrc->denom_pub, - &denom_pub_hash); GNUNET_CRYPTO_hash (rrc->coin_ev, rrc->coin_ev_size, &h_coin_ev.hash); qs = GNUNET_PQ_eval_prepared_non_select (pg->conn, "insert_refresh_revealed_coin", params); - if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs) + if (0 > qs) return qs; } { struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_auto_from_type (rc), + GNUNET_PQ_query_param_uint64 (&melt_serial_id), GNUNET_PQ_query_param_auto_from_type (tp), - GNUNET_PQ_query_param_fixed_size (tprivs, - num_tprivs - * sizeof (struct - TALER_TransferPrivateKeyP)), + GNUNET_PQ_query_param_fixed_size ( + tprivs, + num_tprivs + * sizeof (struct TALER_TransferPrivateKeyP)), GNUNET_PQ_query_param_end }; @@ -6298,38 +6170,60 @@ add_revealed_coins (void *cls, grctx->rrcs_len = num_results; for (unsigned int i = 0; i < num_results; i++) { - struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrc = &grctx->rrcs[i]; uint32_t off; - struct GNUNET_PQ_ResultSpec rs[] = { + struct GNUNET_PQ_ResultSpec rso[] = { GNUNET_PQ_result_spec_uint32 ("freshcoin_index", &off), - TALER_PQ_result_spec_denom_pub ("denom_pub", - &rrc->denom_pub), - GNUNET_PQ_result_spec_auto_from_type ("link_sig", - &rrc->orig_coin_link_sig), - GNUNET_PQ_result_spec_variable_size ("coin_ev", - (void **) &rrc->coin_ev, - &rrc->coin_ev_size), - TALER_PQ_result_spec_blinded_denom_sig ("ev_sig", - &rrc->coin_sig), GNUNET_PQ_result_spec_end }; if (GNUNET_OK != GNUNET_PQ_extract_result (result, - rs, + rso, i)) { GNUNET_break (0); grctx->qs = GNUNET_DB_STATUS_HARD_ERROR; return; } - if (off != i) + if (off >= num_results) { GNUNET_break (0); grctx->qs = GNUNET_DB_STATUS_HARD_ERROR; return; } + { + struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrc = &grctx->rrcs[off]; + struct GNUNET_PQ_ResultSpec rsi[] = { + GNUNET_PQ_result_spec_auto_from_type ("h_denom_pub", + &rrc->h_denom_pub), + GNUNET_PQ_result_spec_auto_from_type ("link_sig", + &rrc->orig_coin_link_sig), + GNUNET_PQ_result_spec_variable_size ("coin_ev", + (void **) &rrc->coin_ev, + &rrc->coin_ev_size), + TALER_PQ_result_spec_blinded_denom_sig ("ev_sig", + &rrc->coin_sig), + GNUNET_PQ_result_spec_end + }; + + if (NULL != rrc->coin_ev) + { + /* duplicate offset, not allowed */ + GNUNET_break (0); + grctx->qs = GNUNET_DB_STATUS_HARD_ERROR; + return; + } + if (GNUNET_OK != + GNUNET_PQ_extract_result (result, + rsi, + i)) + { + GNUNET_break (0); + grctx->qs = GNUNET_DB_STATUS_HARD_ERROR; + return; + } + } } } @@ -6353,23 +6247,11 @@ postgres_get_refresh_reveal (void *cls, struct PostgresClosure *pg = cls; struct GetRevealContext grctx; enum GNUNET_DB_QueryStatus qs; - struct TALER_TransferPublicKeyP tp; - void *tpriv; - size_t tpriv_size; struct GNUNET_PQ_QueryParam params[] = { GNUNET_PQ_query_param_auto_from_type (rc), GNUNET_PQ_query_param_end }; - struct GNUNET_PQ_ResultSpec rs[] = { - GNUNET_PQ_result_spec_auto_from_type ("transfer_pub", - &tp), - GNUNET_PQ_result_spec_variable_size ("transfer_privs", - &tpriv, - &tpriv_size), - GNUNET_PQ_result_spec_end - }; - /* First get the coins */ memset (&grctx, 0, sizeof (grctx)); @@ -6398,47 +6280,15 @@ postgres_get_refresh_reveal (void *cls, break; } - /* now also get the transfer keys (public and private) */ - qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn, - "get_refresh_transfer_keys", - params, - rs); - switch (qs) - { - case GNUNET_DB_STATUS_HARD_ERROR: - case GNUNET_DB_STATUS_SOFT_ERROR: - case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - goto cleanup; - case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: - break; - default: - GNUNET_assert (0); - } - if ( (0 != tpriv_size % sizeof (struct TALER_TransferPrivateKeyP)) || - (TALER_CNC_KAPPA - 1 != tpriv_size / sizeof (struct - TALER_TransferPrivateKeyP)) ) - { - GNUNET_break (0); - qs = GNUNET_DB_STATUS_HARD_ERROR; - GNUNET_PQ_cleanup_result (rs); - goto cleanup; - } - /* Pass result back to application */ cb (cb_cls, grctx.rrcs_len, - grctx.rrcs, - tpriv_size / sizeof (struct TALER_TransferPrivateKeyP), - (const struct TALER_TransferPrivateKeyP *) tpriv, - &tp); - GNUNET_PQ_cleanup_result (rs); - + grctx.rrcs); cleanup: for (unsigned int i = 0; i < grctx.rrcs_len; i++) { struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrc = &grctx.rrcs[i]; - TALER_denom_pub_free (&rrc->denom_pub); TALER_blinded_denom_sig_free (&rrc->coin_sig); GNUNET_free (rrc->coin_ev); } @@ -6897,7 +6747,7 @@ add_old_coin_recoup (void *cls, &recoup->coin_blind), TALER_PQ_RESULT_SPEC_AMOUNT ("amount", &recoup->value), - GNUNET_PQ_result_spec_timestamp ("timestamp", + GNUNET_PQ_result_spec_timestamp ("recoup_timestamp", &recoup->timestamp), GNUNET_PQ_result_spec_auto_from_type ("denom_pub_hash", &recoup->coin.denom_pub_hash), @@ -6965,7 +6815,7 @@ add_coin_recoup (void *cls, &recoup->coin_blind), TALER_PQ_RESULT_SPEC_AMOUNT ("amount", &recoup->value), - GNUNET_PQ_result_spec_timestamp ("timestamp", + GNUNET_PQ_result_spec_timestamp ("recoup_timestamp", &recoup->timestamp), GNUNET_PQ_result_spec_uint64 ("recoup_uuid", &serial_id), @@ -7026,7 +6876,7 @@ add_coin_recoup_refresh (void *cls, &recoup->coin_blind), TALER_PQ_RESULT_SPEC_AMOUNT ("amount", &recoup->value), - GNUNET_PQ_result_spec_timestamp ("timestamp", + GNUNET_PQ_result_spec_timestamp ("recoup_timestamp", &recoup->timestamp), GNUNET_PQ_result_spec_auto_from_type ("denom_pub_hash", &recoup->coin.denom_pub_hash), @@ -7946,14 +7796,14 @@ prewire_cb (void *cls, for (unsigned int i = 0; i < num_results; i++) { uint64_t prewire_uuid; - char *type; + char *wire_method; void *buf = NULL; size_t buf_size; struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_uint64 ("prewire_uuid", &prewire_uuid), - GNUNET_PQ_result_spec_string ("type", - &type), + GNUNET_PQ_result_spec_string ("wire_method", + &wire_method), GNUNET_PQ_result_spec_variable_size ("buf", &buf, &buf_size), @@ -7971,7 +7821,7 @@ prewire_cb (void *cls, } pc->cb (pc->cb_cls, prewire_uuid, - type, + wire_method, buf, buf_size); GNUNET_PQ_cleanup_result (rs); @@ -8108,15 +7958,9 @@ postgres_gc (void *cls) struct PostgresClosure *pg = cls; struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get (); struct GNUNET_TIME_Absolute long_ago; - struct GNUNET_PQ_QueryParam params_none[] = { - GNUNET_PQ_query_param_end - }; - struct GNUNET_PQ_QueryParam params_time[] = { - GNUNET_PQ_query_param_absolute_time (&now), - GNUNET_PQ_query_param_end - }; - struct GNUNET_PQ_QueryParam params_ancient_time[] = { + struct GNUNET_PQ_QueryParam params[] = { GNUNET_PQ_query_param_absolute_time (&long_ago), + GNUNET_PQ_query_param_absolute_time (&now), GNUNET_PQ_query_param_end }; struct GNUNET_PQ_Context *conn; @@ -8133,28 +7977,11 @@ postgres_gc (void *cls) { struct GNUNET_PQ_PreparedStatement ps[] = { /* Used in #postgres_gc() */ - GNUNET_PQ_make_prepare ("gc_prewire", - "DELETE" - " FROM prewire" - " WHERE finished=true;", - 0), - GNUNET_PQ_make_prepare ("gc_reserves", - "DELETE" - " FROM reserves" - " WHERE gc_date < $1" - " AND current_balance_val = 0" - " AND current_balance_frac = 0;", - 1), - GNUNET_PQ_make_prepare ("gc_wire_fee", - "DELETE" - " FROM wire_fee" - " WHERE end_date < $1;", - 1), - GNUNET_PQ_make_prepare ("gc_denominations", - "DELETE" - " FROM denominations" - " WHERE expire_legal < $1;", - 1), + GNUNET_PQ_make_prepare ("run_gc", + "CALL" + " exchange_do_gc" + " ($1,$2);", + 2), GNUNET_PQ_PREPARED_STATEMENT_END }; @@ -8167,24 +7994,10 @@ postgres_gc (void *cls) if (NULL == conn) return GNUNET_SYSERR; ret = GNUNET_OK; - if ( (0 > GNUNET_PQ_eval_prepared_non_select (conn, - "gc_reserves", - params_time)) || - (0 > GNUNET_PQ_eval_prepared_non_select (conn, - "gc_prewire", - params_none)) || - (0 > GNUNET_PQ_eval_prepared_non_select (conn, - "gc_wire_fee", - params_ancient_time)) ) + if (0 > GNUNET_PQ_eval_prepared_non_select (conn, + "run_gc", + params)) ret = GNUNET_SYSERR; - /* This one may fail due to foreign key constraints from - recoup and reserves_out tables to known_coins; these - are NOT using 'ON DROP CASCADE' and might keep denomination - keys alive for a bit longer, thus causing this statement - to fail. */ - (void) GNUNET_PQ_eval_prepared_non_select (conn, - "gc_denominations", - params_time); GNUNET_PQ_disconnect (conn); return ret; } @@ -9155,7 +8968,7 @@ recoup_serial_helper_cb (void *cls, struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_uint64 ("recoup_uuid", &rowid), - GNUNET_PQ_result_spec_timestamp ("timestamp", + GNUNET_PQ_result_spec_timestamp ("recoup_timestamp", ×tamp), GNUNET_PQ_result_spec_auto_from_type ("reserve_pub", &reserve_pub), @@ -9304,7 +9117,7 @@ recoup_refresh_serial_helper_cb (void *cls, struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_uint64 ("recoup_refresh_uuid", &rowid), - GNUNET_PQ_result_spec_timestamp ("timestamp", + GNUNET_PQ_result_spec_timestamp ("recoup_timestamp", ×tamp), GNUNET_PQ_result_spec_auto_from_type ("old_coin_pub", &old_coin_pub), @@ -9534,153 +9347,6 @@ postgres_select_reserve_closed_above_serial_id ( } -/** - * Function called to add a request for an emergency recoup for a - * coin. The funds are to be added back to the reserve. The function - * should return the @a deadline by which the exchange will trigger a - * wire transfer back to the customer's account for the reserve. - * - * @param cls closure - * @param reserve_pub public key of the reserve that is being refunded - * @param coin information about the coin - * @param coin_sig signature of the coin of type #TALER_SIGNATURE_WALLET_COIN_RECOUP - * @param coin_blind blinding key of the coin - * @param amount total amount to be paid back - * @param h_blind_ev hash of the blinded coin's envelope (must match reserves_out entry) - * @param timestamp current time (rounded) - * @return transaction result status - */ -static enum GNUNET_DB_QueryStatus -postgres_insert_recoup_request ( - void *cls, - const struct TALER_ReservePublicKeyP *reserve_pub, - const struct TALER_CoinPublicInfo *coin, - const struct TALER_CoinSpendSignatureP *coin_sig, - const union TALER_DenominationBlindingKeyP *coin_blind, - const struct TALER_Amount *amount, - const struct TALER_BlindedCoinHash *h_blind_ev, - struct GNUNET_TIME_Timestamp timestamp) -{ - struct PostgresClosure *pg = cls; - struct GNUNET_TIME_Timestamp expiry; - struct GNUNET_TIME_Timestamp gc; - struct TALER_EXCHANGEDB_Reserve reserve; - struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_auto_from_type (&coin->coin_pub), - GNUNET_PQ_query_param_auto_from_type (coin_sig), - GNUNET_PQ_query_param_auto_from_type (coin_blind), - TALER_PQ_query_param_amount (amount), - GNUNET_PQ_query_param_timestamp (×tamp), - GNUNET_PQ_query_param_auto_from_type (h_blind_ev), - GNUNET_PQ_query_param_end - }; - enum GNUNET_DB_QueryStatus qs; - - /* now store actual recoup information */ - qs = GNUNET_PQ_eval_prepared_non_select (pg->conn, - "recoup_insert", - params); - if (0 > qs) - { - GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); - return qs; - } - - /* Update reserve balance */ - reserve.pub = *reserve_pub; - qs = reserves_get_internal (pg, - &reserve); - if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs) - { - GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); - return qs; - } - if (0 > - TALER_amount_add (&reserve.balance, - &reserve.balance, - amount)) - { - GNUNET_break (0); - return GNUNET_DB_STATUS_HARD_ERROR; - } - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Inserting recoup for coin %s\n", - TALER_B2S (&coin->coin_pub)); - gc = GNUNET_TIME_absolute_to_timestamp ( - GNUNET_TIME_absolute_add (timestamp.abs_time, - pg->legal_reserve_expiration_time)); - reserve.gc = GNUNET_TIME_timestamp_max (gc, - reserve.gc); - expiry = GNUNET_TIME_absolute_to_timestamp ( - GNUNET_TIME_absolute_add (timestamp.abs_time, - pg->idle_reserve_expiration_time)); - reserve.expiry = GNUNET_TIME_timestamp_max (expiry, - reserve.expiry); - qs = reserves_update (pg, - &reserve); - if (0 >= qs) - { - GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); - return qs; - } - return qs; -} - - -/** - * Function called to add a request for an emergency recoup for a - * refreshed coin. The funds are to be added back to the original coin - * (which is implied via @a h_blind_ev, see the prepared statement - * "recoup_by_old_coin" used in #postgres_get_coin_transactions()). - * - * @param cls closure - * @param coin public information about the refreshed coin - * @param coin_sig signature of the coin of type #TALER_SIGNATURE_WALLET_COIN_RECOUP - * @param coin_blind blinding key of the coin - * @param h_blind_ev blinded envelope, as calculated by the exchange - * @param amount total amount to be paid back - * @param h_blind_ev hash of the blinded coin's envelope (must match reserves_out entry) - * @param timestamp a timestamp to store - * @return transaction result status - */ -static enum GNUNET_DB_QueryStatus -postgres_insert_recoup_refresh_request ( - void *cls, - const struct TALER_CoinPublicInfo *coin, - const struct TALER_CoinSpendSignatureP *coin_sig, - const union TALER_DenominationBlindingKeyP *coin_blind, - const struct TALER_Amount *amount, - const struct TALER_BlindedCoinHash *h_blind_ev, - struct GNUNET_TIME_Timestamp timestamp) -{ - struct PostgresClosure *pg = cls; - struct GNUNET_PQ_QueryParam params[] = { - GNUNET_PQ_query_param_auto_from_type (&coin->coin_pub), - GNUNET_PQ_query_param_auto_from_type (coin_sig), - GNUNET_PQ_query_param_auto_from_type (coin_blind), - TALER_PQ_query_param_amount (amount), - GNUNET_PQ_query_param_timestamp (×tamp), - GNUNET_PQ_query_param_auto_from_type (h_blind_ev), - GNUNET_PQ_query_param_end - }; - enum GNUNET_DB_QueryStatus qs; - - /* now store actual recoup information */ - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Inserting recoup-refresh for coin %s\n", - TALER_B2S (&coin->coin_pub)); - qs = GNUNET_PQ_eval_prepared_non_select (pg->conn, - "recoup_refresh_insert", - params); - if (0 > qs) - { - GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); - return qs; - } - return qs; -} - - /** * Obtain information about which reserve a coin was generated * from given the hash of the blinded coin. @@ -9688,12 +9354,14 @@ postgres_insert_recoup_refresh_request ( * @param cls closure * @param h_blind_ev hash of the blinded coin * @param[out] reserve_pub set to information about the reserve (on success only) + * @param[out] reserve_out_serial_id set to row of the @a h_blind_ev in reserves_out * @return transaction status code */ static enum GNUNET_DB_QueryStatus postgres_get_reserve_by_h_blind (void *cls, const struct TALER_BlindedCoinHash *h_blind_ev, - struct TALER_ReservePublicKeyP *reserve_pub) + struct TALER_ReservePublicKeyP *reserve_pub, + uint64_t *reserve_out_serial_id) { struct PostgresClosure *pg = cls; struct GNUNET_PQ_QueryParam params[] = { @@ -9703,6 +9371,8 @@ postgres_get_reserve_by_h_blind (void *cls, struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_auto_from_type ("reserve_pub", reserve_pub), + GNUNET_PQ_result_spec_uint64 ("reserve_out_serial_id", + reserve_out_serial_id), GNUNET_PQ_result_spec_end }; @@ -9723,10 +9393,11 @@ postgres_get_reserve_by_h_blind (void *cls, * @return transaction status code */ static enum GNUNET_DB_QueryStatus -postgres_get_old_coin_by_h_blind (void *cls, - const struct - TALER_BlindedCoinHash *h_blind_ev, - struct TALER_CoinSpendPublicKeyP *old_coin_pub) +postgres_get_old_coin_by_h_blind ( + void *cls, + const struct TALER_BlindedCoinHash *h_blind_ev, + struct TALER_CoinSpendPublicKeyP *old_coin_pub, + uint64_t *rrc_serial) { struct PostgresClosure *pg = cls; struct GNUNET_PQ_QueryParam params[] = { @@ -9736,6 +9407,8 @@ postgres_get_old_coin_by_h_blind (void *cls, struct GNUNET_PQ_ResultSpec rs[] = { GNUNET_PQ_result_spec_auto_from_type ("old_coin_pub", old_coin_pub), + GNUNET_PQ_result_spec_uint64 ("rrc_serial", + rrc_serial), GNUNET_PQ_result_spec_end }; @@ -11830,25 +11503,23 @@ libtaler_plugin_exchangedb_postgres_init (void *cls) &postgres_iterate_auditor_denominations; plugin->reserves_get = &postgres_reserves_get; plugin->set_kyc_ok = &postgres_set_kyc_ok; - plugin->get_kyc_status = &postgres_get_kyc_status; plugin->select_kyc_status = &postgres_select_kyc_status; plugin->inselect_wallet_kyc_status = &postgres_inselect_wallet_kyc_status; plugin->reserves_in_insert = &postgres_reserves_in_insert; - plugin->get_latest_reserve_in_reference = - &postgres_get_latest_reserve_in_reference; plugin->get_withdraw_info = &postgres_get_withdraw_info; - plugin->do_check_coin_balance = &postgres_do_check_coin_balance; plugin->do_withdraw = &postgres_do_withdraw; plugin->do_withdraw_limit_check = &postgres_do_withdraw_limit_check; + plugin->do_deposit = &postgres_do_deposit; + plugin->do_melt = &postgres_do_melt; + plugin->do_refund = &postgres_do_refund; + plugin->do_recoup = &postgres_do_recoup; + plugin->do_recoup_refresh = &postgres_do_recoup_refresh; plugin->get_reserve_history = &postgres_get_reserve_history; - plugin->select_withdraw_amounts_by_account - = &postgres_select_withdraw_amounts_by_account; plugin->free_reserve_history = &common_free_reserve_history; plugin->count_known_coins = &postgres_count_known_coins; plugin->ensure_coin_known = &postgres_ensure_coin_known; plugin->get_known_coin = &postgres_get_known_coin; plugin->get_coin_denomination = &postgres_get_coin_denomination; - plugin->have_deposit = &postgres_have_deposit; plugin->have_deposit2 = &postgres_have_deposit2; plugin->mark_deposit_tiny = &postgres_mark_deposit_tiny; plugin->mark_deposit_done = &postgres_mark_deposit_done; @@ -11857,9 +11528,7 @@ libtaler_plugin_exchangedb_postgres_init (void *cls) plugin->insert_deposit = &postgres_insert_deposit; plugin->insert_refund = &postgres_insert_refund; plugin->select_refunds_by_coin = &postgres_select_refunds_by_coin; - plugin->insert_melt = &postgres_insert_melt; plugin->get_melt = &postgres_get_melt; - plugin->get_melt_index = &postgres_get_melt_index; plugin->insert_refresh_reveal = &postgres_insert_refresh_reveal; plugin->get_refresh_reveal = &postgres_get_refresh_reveal; plugin->get_link_data = &postgres_get_link_data; @@ -11903,10 +11572,6 @@ libtaler_plugin_exchangedb_postgres_init (void *cls) = &postgres_select_recoup_refresh_above_serial_id; plugin->select_reserve_closed_above_serial_id = &postgres_select_reserve_closed_above_serial_id; - plugin->insert_recoup_request - = &postgres_insert_recoup_request; - plugin->insert_recoup_refresh_request - = &postgres_insert_recoup_refresh_request; plugin->get_reserve_by_h_blind = &postgres_get_reserve_by_h_blind; plugin->get_old_coin_by_h_blind diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c index 6d334d3c8..49dc8c2db 100644 --- a/src/exchangedb/test_exchangedb.c +++ b/src/exchangedb/test_exchangedb.c @@ -113,7 +113,7 @@ mark_prepare_cb (void *cls, * * @return #GNUNET_OK on success */ -static int +static enum GNUNET_GenericReturnValue test_wire_prepare (void) { FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != @@ -202,7 +202,7 @@ destroy_denom_key_pair (struct DenomKeyPair *dkp) /** - * Create a denominaiton key pair by registering the denomination in the DB. + * Create a denomination key pair by registering the denomination in the DB. * * @param size the size of the denomination key * @param now time to use for key generation, legal expiration will be 3h later. @@ -340,24 +340,15 @@ static struct TALER_TransferPublicKeyP tpub; * @param rowid unique serial ID for the row in our database * @param num_freshcoins size of the @a rrcs array * @param rrcs array of @a num_freshcoins information about coins to be created - * @param num_tprivs number of entries in @a tprivs, should be #TALER_CNC_KAPPA - 1 - * @param tprivs array of @e num_tprivs transfer private keys - * @param tp transfer public key information */ static void never_called_cb (void *cls, uint32_t num_freshcoins, - const struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrcs, - unsigned int num_tprivs, - const struct TALER_TransferPrivateKeyP *tprivs, - const struct TALER_TransferPublicKeyP *tp) + const struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrcs) { (void) cls; (void) num_freshcoins; (void) rrcs; - (void) num_tprivs; - (void) tprivs; - (void) tp; GNUNET_assert (0); /* should never be called! */ } @@ -370,22 +361,14 @@ never_called_cb (void *cls, * @param rowid unique serial ID for the row in our database * @param num_freshcoins size of the @a rrcs array * @param rrcs array of @a num_freshcoins information about coins to be created - * @param num_tprivs number of entries in @a tprivs, should be #TALER_CNC_KAPPA - 1 - * @param tprivsr array of @e num_tprivs transfer private keys - * @param tpr transfer public key information */ static void check_refresh_reveal_cb ( void *cls, uint32_t num_freshcoins, - const struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrcs, - unsigned int num_tprivs, - const struct TALER_TransferPrivateKeyP *tprivsr, - const struct TALER_TransferPublicKeyP *tpr) + const struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrcs) { (void) cls; - - GNUNET_assert (TALER_CNC_KAPPA - 1 == num_tprivs); /* compare the refresh commit coin arrays */ for (unsigned int cnt = 0; cnt < num_freshcoins; cnt++) { @@ -398,13 +381,9 @@ check_refresh_reveal_cb ( GNUNET_memcmp (acoin->coin_ev, bcoin->coin_ev)); GNUNET_assert (0 == - TALER_denom_pub_cmp (&acoin->denom_pub, - &bcoin->denom_pub)); + GNUNET_memcmp (&acoin->h_denom_pub, + &bcoin->h_denom_pub)); } - GNUNET_assert (0 == GNUNET_memcmp (&tpub, tpr)); - GNUNET_assert (0 == memcmp (tprivs, tprivsr, - sizeof(struct TALER_TransferPrivateKeyP) - * (TALER_CNC_KAPPA - 1))); } @@ -431,7 +410,7 @@ static unsigned int auditor_row_cnt; * @param rc what is the session hash * @return #GNUNET_OK to continue to iterate, #GNUNET_SYSERR to stop */ -static int +static enum GNUNET_GenericReturnValue audit_refresh_session_cb (void *cls, uint64_t rowid, const struct TALER_DenominationPublicKey *denom_pub, @@ -479,9 +458,9 @@ handle_link_data_cb (void *cls, NULL != ldlp; ldlp = ldlp->next) { - int found; + bool found; - found = GNUNET_NO; + found = false; for (unsigned int cnt = 0; cnt < MELT_NEW_COINS; cnt++) { if ( (0 == @@ -491,227 +470,15 @@ handle_link_data_cb (void *cls, TALER_blinded_denom_sig_cmp (&ldlp->ev_sig, &revealed_coins[cnt].coin_sig)) ) { - found = GNUNET_YES; + found = true; break; } } - GNUNET_assert (GNUNET_NO != found); + GNUNET_assert (found); } } -/** - * Function to test melting of coins as part of a refresh session - * - * @return #GNUNET_OK if everything went well; #GNUNET_SYSERR if not - */ -static enum GNUNET_GenericReturnValue -test_melting (void) -{ - struct TALER_EXCHANGEDB_Refresh refresh_session; - struct TALER_EXCHANGEDB_Melt ret_refresh_session; - struct DenomKeyPair *dkp; - struct TALER_DenominationPublicKey *new_denom_pubs; - enum GNUNET_GenericReturnValue ret; - enum GNUNET_DB_QueryStatus qs; - struct GNUNET_TIME_Timestamp now; - - ret = GNUNET_SYSERR; - RND_BLK (&refresh_session); - dkp = NULL; - new_dkp = NULL; - new_denom_pubs = NULL; - /* create and test a refresh session */ - refresh_session.noreveal_index = MELT_NOREVEAL_INDEX; - /* create a denomination (value: 1; fraction: 100) */ - now = GNUNET_TIME_timestamp_get (); - dkp = create_denom_key_pair (512, - now, - &value, - &fee_withdraw, - &fee_deposit, - &fee_refresh, - &fee_refund); - GNUNET_assert (NULL != dkp); - /* initialize refresh session melt data */ - { - struct TALER_CoinPubHash c_hash; - struct TALER_PlanchetDetail pd; - struct TALER_BlindedDenominationSignature bds; - union TALER_DenominationBlindingKeyP bks; - - RND_BLK (&refresh_session.coin.coin_pub); - TALER_blinding_secret_create (&bks); - GNUNET_assert (GNUNET_OK == - TALER_denom_blind (&dkp->pub, - &bks, - NULL, /* FIXME-Oec */ - &refresh_session.coin.coin_pub, - &c_hash, - &pd.coin_ev, - &pd.coin_ev_size)); - GNUNET_assert (GNUNET_OK == - TALER_denom_sign_blinded (&bds, - &dkp->priv, - pd.coin_ev, - pd.coin_ev_size)); - GNUNET_free (pd.coin_ev); - GNUNET_assert (GNUNET_OK == - TALER_denom_sig_unblind (&refresh_session.coin.denom_sig, - &bds, - &bks, - &dkp->pub)); - TALER_blinded_denom_sig_free (&bds); - TALER_denom_pub_hash (&dkp->pub, - &refresh_session.coin.denom_pub_hash); - refresh_session.amount_with_fee = amount_with_fee; - } - - /* test insert_melt & get_melt */ - FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - plugin->get_melt (plugin->cls, - &refresh_session.rc, - &ret_refresh_session)); - FAILIF (TALER_EXCHANGEDB_CKS_ADDED != - plugin->ensure_coin_known (plugin->cls, - &refresh_session.coin)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->insert_melt (plugin->cls, - &refresh_session)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->get_melt (plugin->cls, - &refresh_session.rc, - &ret_refresh_session)); - FAILIF (refresh_session.noreveal_index != - ret_refresh_session.session.noreveal_index); - FAILIF (0 != - TALER_amount_cmp (&refresh_session.amount_with_fee, - &ret_refresh_session.session.amount_with_fee)); - FAILIF (0 != - TALER_amount_cmp (&fee_refresh, - &ret_refresh_session.melt_fee)); - FAILIF (0 != - GNUNET_memcmp (&refresh_session.rc, - &ret_refresh_session.session.rc)); - FAILIF (0 != GNUNET_memcmp (&refresh_session.coin_sig, - &ret_refresh_session.session.coin_sig)); - FAILIF (0 != memcmp (&refresh_session.coin.coin_pub, - &ret_refresh_session.session.coin.coin_pub, - sizeof (refresh_session.coin.coin_pub))); - FAILIF (0 != - GNUNET_memcmp (&refresh_session.coin.denom_pub_hash, - &ret_refresh_session.session.coin.denom_pub_hash)); - - /* test 'select_refreshes_above_serial_id' */ - auditor_row_cnt = 0; - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->select_refreshes_above_serial_id (plugin->cls, - 0, - &audit_refresh_session_cb, - NULL)); - FAILIF (1 != auditor_row_cnt); - - new_dkp = GNUNET_new_array (MELT_NEW_COINS, - struct DenomKeyPair *); - new_denom_pubs = GNUNET_new_array (MELT_NEW_COINS, - struct TALER_DenominationPublicKey); - revealed_coins - = GNUNET_new_array (MELT_NEW_COINS, - struct TALER_EXCHANGEDB_RefreshRevealedCoin); - for (unsigned int cnt = 0; cnt < MELT_NEW_COINS; cnt++) - { - struct TALER_EXCHANGEDB_RefreshRevealedCoin *ccoin; - struct GNUNET_TIME_Timestamp now; - - now = GNUNET_TIME_timestamp_get (); - new_dkp[cnt] = create_denom_key_pair (RSA_KEY_SIZE, - now, - &value, - &fee_withdraw, - &fee_deposit, - &fee_refresh, - &fee_refund); - GNUNET_assert (NULL != new_dkp[cnt]); - new_denom_pubs[cnt] = new_dkp[cnt]->pub; - ccoin = &revealed_coins[cnt]; - ccoin->coin_ev_size = (size_t) GNUNET_CRYPTO_random_u64 ( - GNUNET_CRYPTO_QUALITY_WEAK, - (RSA_KEY_SIZE / 8) - 1); - ccoin->coin_ev = GNUNET_malloc (ccoin->coin_ev_size); - GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, - ccoin->coin_ev, - ccoin->coin_ev_size); - ccoin->denom_pub = new_dkp[cnt]->pub; - GNUNET_assert (GNUNET_OK == - TALER_denom_sign_blinded (&ccoin->coin_sig, - &new_dkp[cnt]->priv, - ccoin->coin_ev, - ccoin->coin_ev_size)); - } - RND_BLK (&tprivs); - RND_BLK (&tpub); - FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - plugin->get_refresh_reveal (plugin->cls, - &refresh_session.rc, - &never_called_cb, - NULL)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->insert_refresh_reveal (plugin->cls, - &refresh_session.rc, - MELT_NEW_COINS, - revealed_coins, - TALER_CNC_KAPPA - 1, - tprivs, - &tpub)); - FAILIF (0 >= - plugin->get_refresh_reveal (plugin->cls, - &refresh_session.rc, - &check_refresh_reveal_cb, - NULL)); - qs = plugin->get_link_data (plugin->cls, - &refresh_session.coin.coin_pub, - &handle_link_data_cb, - NULL); - FAILIF (0 >= qs); - { - /* Just to test fetching a coin with melt history */ - struct TALER_EXCHANGEDB_TransactionList *tl; - enum GNUNET_DB_QueryStatus qs; - - qs = plugin->get_coin_transactions (plugin->cls, - &refresh_session.coin.coin_pub, - GNUNET_YES, - &tl); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs); - plugin->free_coin_transaction_list (plugin->cls, - tl); - } - - - ret = GNUNET_OK; -drop: - if (NULL != revealed_coins) - { - for (unsigned int cnt = 0; cnt < MELT_NEW_COINS; cnt++) - { - TALER_blinded_denom_sig_free (&revealed_coins[cnt].coin_sig); - GNUNET_free (revealed_coins[cnt].coin_ev); - } - GNUNET_free (revealed_coins); - revealed_coins = NULL; - } - destroy_denom_key_pair (dkp); - TALER_denom_sig_free (&refresh_session.coin.denom_sig); - GNUNET_free (new_denom_pubs); - for (unsigned int cnt = 0; - (NULL != new_dkp) && (cnt < MELT_NEW_COINS) && (NULL != new_dkp[cnt]); - cnt++) - destroy_denom_key_pair (new_dkp[cnt]); - GNUNET_free (new_dkp); - return ret; -} - - /** * Callback that should never be called. */ @@ -829,26 +596,23 @@ deposit_cb (void *cls, { struct TALER_EXCHANGEDB_Deposit *deposit = cls; - deposit_rowid = rowid; - wire_target_row = wire_target; - if ( (0 != GNUNET_memcmp (merchant_pub, - &deposit->merchant_pub)) || - (0 != TALER_amount_cmp (amount_with_fee, - &deposit->amount_with_fee)) || - (0 != TALER_amount_cmp (deposit_fee, - &deposit->deposit_fee)) || - (0 != GNUNET_memcmp (h_contract_terms, - &deposit->h_contract_terms)) || - (0 != memcmp (coin_pub, - &deposit->coin.coin_pub, - sizeof (struct TALER_CoinSpendPublicKeyP))) || - (0 != strcmp (payto_uri, + if ( (0 == GNUNET_memcmp (merchant_pub, + &deposit->merchant_pub)) && + (0 == TALER_amount_cmp (amount_with_fee, + &deposit->amount_with_fee)) && + (0 == TALER_amount_cmp (deposit_fee, + &deposit->deposit_fee)) && + (0 == GNUNET_memcmp (h_contract_terms, + &deposit->h_contract_terms)) && + (0 == GNUNET_memcmp (coin_pub, + &deposit->coin.coin_pub)) && + (0 == strcmp (payto_uri, deposit->receiver_wire_account)) ) { - GNUNET_break (0); - return GNUNET_DB_STATUS_HARD_ERROR; + deposit_rowid = rowid; + wire_target_row = wire_target; + result = 9; } - return GNUNET_DB_STATUS_SUCCESS_ONE_RESULT; } @@ -1504,11 +1268,12 @@ run (void *cls) union TALER_DenominationBlindingKeyP coin_blind; struct TALER_ReservePublicKeyP reserve_pub; struct TALER_ReservePublicKeyP reserve_pub2; - struct DenomKeyPair *dkp; + struct TALER_ReservePublicKeyP reserve_pub3; + struct DenomKeyPair *dkp = NULL; struct TALER_MasterSignatureP master_sig; struct TALER_EXCHANGEDB_CollectableBlindcoin cbc; struct TALER_EXCHANGEDB_CollectableBlindcoin cbc2; - struct TALER_EXCHANGEDB_ReserveHistory *rh; + struct TALER_EXCHANGEDB_ReserveHistory *rh = NULL; struct TALER_EXCHANGEDB_ReserveHistory *rh_head; struct TALER_EXCHANGEDB_BankTransfer *bt; struct TALER_EXCHANGEDB_CollectableBlindcoin *withdraw; @@ -1518,23 +1283,31 @@ run (void *cls) struct TALER_EXCHANGEDB_TransactionList *tl; struct TALER_EXCHANGEDB_TransactionList *tlp; const char *sndr = "payto://x-taler-bank/localhost:8080/1"; + const char *rcvr = "payto://x-taler-bank/localhost:8080/2"; unsigned int matched; unsigned int cnt; - uint64_t rr; enum GNUNET_DB_QueryStatus qs; struct GNUNET_TIME_Timestamp now; struct TALER_WireSalt salt; union TALER_DenominationBlindingKeyP bks; struct TALER_CoinPubHash c_hash; + uint64_t known_coin_id; + uint64_t rrc_serial; + struct TALER_EXCHANGEDB_Refresh refresh; + struct TALER_DenominationPublicKey *new_denom_pubs = NULL; + uint64_t reserve_out_serial_id; + uint64_t melt_serial_id; - dkp = NULL; - rh = NULL; - memset (&deposit.coin.denom_sig, + memset (&deposit, 0, - sizeof (deposit.coin.denom_sig)); + sizeof (deposit)); + deposit.receiver_wire_account = (char *) rcvr; memset (&salt, 45, sizeof (salt)); + memset (&refresh, + 0, + sizeof (refresh)); ZR_BLK (&cbc); ZR_BLK (&cbc2); if (NULL == @@ -1571,6 +1344,7 @@ run (void *cls) GNUNET_assert (GNUNET_OK == TALER_string_to_amount (CURRENCY ":0.000010", &fee_deposit)); + deposit.deposit_fee = fee_deposit; GNUNET_assert (GNUNET_OK == TALER_string_to_amount (CURRENCY ":0.000010", &fee_refresh)); @@ -1582,10 +1356,6 @@ run (void *cls) &amount_with_fee)); result = 4; - FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - plugin->get_latest_reserve_in_reference (plugin->cls, - "exchange-account-1", - &rr)); now = GNUNET_TIME_timestamp_get (); FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != plugin->reserves_in_insert (plugin->cls, @@ -1595,38 +1365,30 @@ run (void *cls) sndr, "exchange-account-1", 4)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->get_latest_reserve_in_reference (plugin->cls, - "exchange-account-1", - &rr)); - FAILIF (4 != rr); FAILIF (GNUNET_OK != check_reserve (&reserve_pub, value.value, value.fraction, value.currency)); now = GNUNET_TIME_timestamp_get (); + RND_BLK (&reserve_pub2); FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != plugin->reserves_in_insert (plugin->cls, - &reserve_pub, + &reserve_pub2, &value, now, sndr, "exchange-account-1", 5)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->get_latest_reserve_in_reference (plugin->cls, - "exchange-account-1", - &rr)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->get_latest_reserve_in_reference (plugin->cls, - "exchange-account-1", - &rr)); - FAILIF (5 != rr); FAILIF (GNUNET_OK != check_reserve (&reserve_pub, - value.value * 2, - value.fraction * 2, + value.value, + value.fraction, + value.currency)); + FAILIF (GNUNET_OK != + check_reserve (&reserve_pub2, + value.value, + value.fraction, value.currency)); result = 5; now = GNUNET_TIME_timestamp_get (); @@ -1674,6 +1436,7 @@ run (void *cls) bool found; bool balance_ok; struct TALER_EXCHANGEDB_KycStatus kyc; + uint64_t ruuid; FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != plugin->do_withdraw (plugin->cls, @@ -1681,23 +1444,29 @@ run (void *cls) now, &found, &balance_ok, - &kyc)); + &kyc, + &ruuid)); GNUNET_assert (found); GNUNET_assert (balance_ok); GNUNET_assert (! kyc.ok); } FAILIF (GNUNET_OK != check_reserve (&reserve_pub, + 0, + 0, + value.currency)); + FAILIF (GNUNET_OK != + check_reserve (&reserve_pub2, value.value, value.fraction, value.currency)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != plugin->get_reserve_by_h_blind (plugin->cls, &cbc.h_coin_envelope, - &reserve_pub2)); + &reserve_pub3, + &reserve_out_serial_id)); FAILIF (0 != GNUNET_memcmp (&reserve_pub, - &reserve_pub2)); + &reserve_pub3)); FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != plugin->get_withdraw_info (plugin->cls, @@ -1735,29 +1504,310 @@ run (void *cls) &bks, &dkp->pub)); deadline = GNUNET_TIME_timestamp_get (); - FAILIF (TALER_EXCHANGEDB_CKS_ADDED != - plugin->ensure_coin_known (plugin->cls, - &deposit.coin)); + { + struct TALER_DenominationHash dph; + struct TALER_AgeHash agh; + + FAILIF (TALER_EXCHANGEDB_CKS_ADDED != + plugin->ensure_coin_known (plugin->cls, + &deposit.coin, + &known_coin_id, + &dph, + &agh)); + } + FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != + plugin->commit (plugin->cls)); + { + struct GNUNET_TIME_Timestamp deposit_timestamp + = GNUNET_TIME_timestamp_get (); + bool balance_ok; + bool in_conflict; + struct TALER_PaytoHash h_payto; + + RND_BLK (&h_payto); + deposit.refund_deadline + = GNUNET_TIME_relative_to_timestamp (GNUNET_TIME_UNIT_MONTHS); + deposit.wire_deadline + = GNUNET_TIME_relative_to_timestamp (GNUNET_TIME_UNIT_MONTHS); + deposit.amount_with_fee = value; + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->do_deposit (plugin->cls, + &deposit, + known_coin_id, + &h_payto, + false, + &deposit_timestamp, + &balance_ok, + &in_conflict)); + FAILIF (! balance_ok); + FAILIF (in_conflict); + } + + { + bool not_found; + bool refund_ok; + bool gone; + bool conflict; + + refund.coin = deposit.coin; + refund.details.merchant_pub = deposit.merchant_pub; + RND_BLK (&refund.details.merchant_sig); + refund.details.h_contract_terms = deposit.h_contract_terms; + refund.details.rtransaction_id = 1; + refund.details.refund_amount = value; + refund.details.refund_fee = fee_refund; + RND_BLK (&refund.details.merchant_sig); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->do_refund (plugin->cls, + &refund, + &fee_deposit, + known_coin_id, + ¬_found, + &refund_ok, + &gone, + &conflict)); + FAILIF (not_found); + FAILIF (! refund_ok); + FAILIF (gone); + FAILIF (conflict); + + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->select_refunds_by_coin (plugin->cls, + &refund.coin.coin_pub, + &refund.details.merchant_pub, + &refund.details.h_contract_terms, + &check_refund_cb, + &refund)); + } + + /* test do_melt */ + { + bool zombie_required = false; + bool balance_ok; + + refresh.coin = deposit.coin; + RND_BLK (&refresh.coin_sig); + RND_BLK (&refresh.rc); + refresh.amount_with_fee = value; + refresh.noreveal_index = MELT_NOREVEAL_INDEX; + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->do_melt (plugin->cls, + &refresh, + known_coin_id, + &zombie_required, + &balance_ok)); + FAILIF (! balance_ok); + FAILIF (zombie_required); + } + + /* test get_melt */ + { + struct TALER_EXCHANGEDB_Melt ret_refresh_session; + + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->get_melt (plugin->cls, + &refresh.rc, + &ret_refresh_session, + &melt_serial_id)); + FAILIF (refresh.noreveal_index != + ret_refresh_session.session.noreveal_index); + FAILIF (0 != + TALER_amount_cmp (&refresh.amount_with_fee, + &ret_refresh_session.session.amount_with_fee)); + FAILIF (0 != + TALER_amount_cmp (&fee_refresh, + &ret_refresh_session.melt_fee)); + FAILIF (0 != + GNUNET_memcmp (&refresh.rc, + &ret_refresh_session.session.rc)); + FAILIF (0 != GNUNET_memcmp (&refresh.coin_sig, + &ret_refresh_session.session.coin_sig)); + FAILIF (0 != + GNUNET_memcmp (&refresh.coin.coin_pub, + &ret_refresh_session.session.coin.coin_pub)); + FAILIF (0 != + GNUNET_memcmp (&refresh.coin.denom_pub_hash, + &ret_refresh_session.session.coin.denom_pub_hash)); + } + + { + /* test 'select_refreshes_above_serial_id' */ + auditor_row_cnt = 0; + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->select_refreshes_above_serial_id (plugin->cls, + 0, + &audit_refresh_session_cb, + NULL)); + FAILIF (1 != auditor_row_cnt); + } + + /* do refresh-reveal */ + { + new_dkp = GNUNET_new_array (MELT_NEW_COINS, + struct DenomKeyPair *); + new_denom_pubs = GNUNET_new_array (MELT_NEW_COINS, + struct TALER_DenominationPublicKey); + revealed_coins + = GNUNET_new_array (MELT_NEW_COINS, + struct TALER_EXCHANGEDB_RefreshRevealedCoin); + for (unsigned int cnt = 0; cnt < MELT_NEW_COINS; cnt++) + { + struct TALER_EXCHANGEDB_RefreshRevealedCoin *ccoin; + struct GNUNET_TIME_Timestamp now; + + now = GNUNET_TIME_timestamp_get (); + new_dkp[cnt] = create_denom_key_pair (RSA_KEY_SIZE, + now, + &value, + &fee_withdraw, + &fee_deposit, + &fee_refresh, + &fee_refund); + GNUNET_assert (NULL != new_dkp[cnt]); + new_denom_pubs[cnt] = new_dkp[cnt]->pub; + ccoin = &revealed_coins[cnt]; + ccoin->coin_ev_size = 1 + (size_t) GNUNET_CRYPTO_random_u64 ( + GNUNET_CRYPTO_QUALITY_WEAK, + (RSA_KEY_SIZE / 8) - 1); + ccoin->coin_ev = GNUNET_malloc (ccoin->coin_ev_size); + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, + ccoin->coin_ev, + ccoin->coin_ev_size); + TALER_denom_pub_hash (&new_dkp[cnt]->pub, + &ccoin->h_denom_pub); + GNUNET_assert (GNUNET_OK == + TALER_denom_sign_blinded (&ccoin->coin_sig, + &new_dkp[cnt]->priv, + ccoin->coin_ev, + ccoin->coin_ev_size)); + } + RND_BLK (&tprivs); + RND_BLK (&tpub); + FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != + plugin->get_refresh_reveal (plugin->cls, + &refresh.rc, + &never_called_cb, + NULL)); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->insert_refresh_reveal (plugin->cls, + melt_serial_id, + MELT_NEW_COINS, + revealed_coins, + TALER_CNC_KAPPA - 1, + tprivs, + &tpub)); + { + struct TALER_BlindedCoinHash h_coin_ev; + struct TALER_CoinSpendPublicKeyP ocp; + + GNUNET_CRYPTO_hash (revealed_coins[0].coin_ev, + revealed_coins[0].coin_ev_size, + &h_coin_ev.hash); + + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->get_old_coin_by_h_blind (plugin->cls, + &h_coin_ev, + &ocp, + &rrc_serial)); + FAILIF (0 != + GNUNET_memcmp (&ocp, + &refresh.coin.coin_pub)); + } + FAILIF (0 >= + plugin->get_refresh_reveal (plugin->cls, + &refresh.rc, + &check_refresh_reveal_cb, + NULL)); + qs = plugin->get_link_data (plugin->cls, + &refresh.coin.coin_pub, + &handle_link_data_cb, + NULL); + FAILIF (0 >= qs); + { + /* Just to test fetching a coin with melt history */ + struct TALER_EXCHANGEDB_TransactionList *tl; + enum GNUNET_DB_QueryStatus qs; + + qs = plugin->get_coin_transactions (plugin->cls, + &refresh.coin.coin_pub, + GNUNET_YES, + &tl); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs); + plugin->free_coin_transaction_list (plugin->cls, + tl); + } + } + + /* do recoup-refresh */ + { + struct GNUNET_TIME_Timestamp recoup_timestamp + = GNUNET_TIME_timestamp_get (); + union TALER_DenominationBlindingKeyP coin_bks; + uint64_t new_known_coin_id; + struct TALER_CoinPublicInfo new_coin; + struct TALER_DenominationHash dph; + struct TALER_AgeHash agh; + bool recoup_ok; + bool internal_failure; + + new_coin = deposit.coin; /* steal basic data */ + RND_BLK (&new_coin.coin_pub); + FAILIF (TALER_EXCHANGEDB_CKS_ADDED != + plugin->ensure_coin_known (plugin->cls, + &new_coin, + &new_known_coin_id, + &dph, + &agh)); + RND_BLK (&coin_bks); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->do_recoup_refresh (plugin->cls, + &deposit.coin.coin_pub, + rrc_serial, + &value, + &coin_bks, + &new_coin.coin_pub, + new_known_coin_id, + &coin_sig, + &recoup_timestamp, + &recoup_ok, + &internal_failure)); + FAILIF (! recoup_ok); + FAILIF (internal_failure); + } + + /* do recoup */ { struct TALER_EXCHANGEDB_Reserve pre_reserve; struct TALER_EXCHANGEDB_Reserve post_reserve; struct TALER_Amount delta; struct TALER_EXCHANGEDB_KycStatus kyc; + bool recoup_ok; + bool internal_failure; + struct TALER_Amount requested_amount; + struct GNUNET_TIME_Timestamp recoup_timestamp + = GNUNET_TIME_timestamp_get (); pre_reserve.pub = reserve_pub; FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != plugin->reserves_get (plugin->cls, &pre_reserve, &kyc)); + requested_amount = value; + FAILIF (! TALER_amount_is_zero (&pre_reserve.balance)); FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->insert_recoup_request (plugin->cls, - &reserve_pub, - &deposit.coin, - &coin_sig, - &coin_blind, - &value, - &cbc.h_coin_envelope, - deadline)); + plugin->do_recoup (plugin->cls, + &reserve_pub, + reserve_out_serial_id, + &requested_amount, + &coin_blind, + &deposit.coin.coin_pub, + known_coin_id, + &coin_sig, + &recoup_timestamp, + &recoup_ok, + &internal_failure)); + FAILIF (internal_failure); + FAILIF (! recoup_ok); post_reserve.pub = reserve_pub; FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != plugin->reserves_get (plugin->cls, @@ -1771,19 +1821,34 @@ run (void *cls) TALER_amount_cmp (&delta, &value)); } + + FAILIF (GNUNET_OK != + plugin->start (plugin->cls, + "test-3")); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != plugin->select_recoup_above_serial_id (plugin->cls, 0, &recoup_cb, &coin_blind)); - - GNUNET_assert (0 <= - TALER_amount_add (&amount_with_fee, - &value, - &value)); + /* Do reserve close */ + now = GNUNET_TIME_timestamp_get (); GNUNET_assert (GNUNET_OK == TALER_string_to_amount (CURRENCY ":0.000010", &fee_closing)); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->insert_reserve_closed (plugin->cls, + &reserve_pub2, + now, + sndr, + &wire_out_wtid, + &amount_with_fee, + &fee_closing)); + FAILIF (GNUNET_OK != + check_reserve (&reserve_pub2, + 0, + 0, + value.currency)); now = GNUNET_TIME_timestamp_get (); FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != plugin->insert_reserve_closed (plugin->cls, @@ -1791,15 +1856,16 @@ run (void *cls) now, sndr, &wire_out_wtid, - &amount_with_fee, + &value, &fee_closing)); FAILIF (GNUNET_OK != check_reserve (&reserve_pub, 0, 0, value.currency)); - result = 7; + + /* check reserve history */ { struct TALER_Amount balance; @@ -1872,7 +1938,7 @@ run (void *cls) break; } } - FAILIF (5 != cnt); + FAILIF (4 != cnt); auditor_row_cnt = 0; FAILIF (0 >= @@ -1888,234 +1954,12 @@ run (void *cls) FAILIF (3 != auditor_row_cnt); - /* Tests for deposits */ - TALER_denom_sig_free (&deposit.coin.denom_sig); - memset (&deposit, - 0, - sizeof (deposit)); - RND_BLK (&deposit.coin.coin_pub); - TALER_denom_pub_hash (&dkp->pub, - &deposit.coin.denom_pub_hash); - GNUNET_assert (GNUNET_OK == - TALER_denom_sig_unblind (&deposit.coin.denom_sig, - &cbc.sig, - &bks, - &dkp->pub)); - RND_BLK (&deposit.csig); - RND_BLK (&deposit.merchant_pub); - RND_BLK (&deposit.h_contract_terms); - RND_BLK (&deposit.wire_salt); - deposit.receiver_wire_account = - "payto://iban/DE67830654080004822650?receiver-name=Test"; - TALER_merchant_wire_signature_hash ( - "payto://iban/DE67830654080004822650?receiver-name=Test", - &deposit.wire_salt, - &h_wire_wt); - deposit.amount_with_fee = value; - deposit.deposit_fee = fee_deposit; - - deposit.refund_deadline = deadline; - deposit.wire_deadline = deadline; - result = 8; - FAILIF (TALER_EXCHANGEDB_CKS_ADDED != - plugin->ensure_coin_known (plugin->cls, - &deposit.coin)); - { - struct GNUNET_TIME_Timestamp now; - struct GNUNET_TIME_Timestamp r; - struct TALER_Amount deposit_fee; - - now = GNUNET_TIME_timestamp_get (); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->insert_deposit (plugin->cls, - now, - &deposit)); - FAILIF (1 != - plugin->have_deposit (plugin->cls, - &deposit, - &deposit_fee, - &r)); - FAILIF (GNUNET_TIME_timestamp_cmp (now, - !=, - r)); - } - { - struct GNUNET_TIME_Timestamp start_range; - struct GNUNET_TIME_Timestamp end_range; - - start_range = GNUNET_TIME_absolute_to_timestamp ( - GNUNET_TIME_absolute_subtract (deadline.abs_time, - GNUNET_TIME_UNIT_SECONDS)); - end_range = GNUNET_TIME_absolute_to_timestamp ( - GNUNET_TIME_absolute_add (deadline.abs_time, - GNUNET_TIME_UNIT_SECONDS)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->select_deposits_missing_wire (plugin->cls, - start_range, - end_range, - &wire_missing_cb, - &deposit)); - FAILIF (8 != result); - } - auditor_row_cnt = 0; - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->select_deposits_above_serial_id (plugin->cls, - 0, - &audit_deposit_cb, - NULL)); - FAILIF (1 != auditor_row_cnt); - result = 9; - sleep (2); /* give deposit time to be ready */ - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->get_ready_deposit (plugin->cls, - 0, - INT32_MAX, - true, - &deposit_cb, - &deposit)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->iterate_matching_deposits (plugin->cls, - wire_target_row, - &deposit.merchant_pub, - &matching_deposit_cb, - &deposit, - 2)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - plugin->commit (plugin->cls)); - FAILIF (GNUNET_OK != - plugin->start (plugin->cls, - "test-2")); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->mark_deposit_tiny (plugin->cls, - deposit_rowid)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - plugin->get_ready_deposit (plugin->cls, - 0, - INT32_MAX, - true, - &deposit_cb, - &deposit)); - plugin->rollback (plugin->cls); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->get_ready_deposit (plugin->cls, - 0, - INT32_MAX, - true, - &deposit_cb, - &deposit)); - FAILIF (GNUNET_OK != - plugin->start (plugin->cls, - "test-3")); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->mark_deposit_done (plugin->cls, - deposit_rowid)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - plugin->commit (plugin->cls)); - - result = 10; - deposit2 = deposit; - FAILIF (GNUNET_OK != - plugin->start (plugin->cls, - "test-2")); - RND_BLK (&deposit2.merchant_pub); /* should fail if merchant is different */ - { - struct GNUNET_TIME_Timestamp r; - struct TALER_Amount deposit_fee; - - FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - plugin->have_deposit (plugin->cls, - &deposit2, - &deposit_fee, - &r)); - deposit2.merchant_pub = deposit.merchant_pub; - RND_BLK (&deposit2.coin.coin_pub); /* should fail if coin is different */ - FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - plugin->have_deposit (plugin->cls, - &deposit2, - &deposit_fee, - &r)); - } - FAILIF (GNUNET_OK != - test_melting ()); - FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - plugin->commit (plugin->cls)); - - - /* test insert_refund! */ - refund.coin = deposit.coin; - refund.details.merchant_pub = deposit.merchant_pub; - RND_BLK (&refund.details.merchant_sig); - refund.details.h_contract_terms = deposit.h_contract_terms; - refund.details.rtransaction_id - = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, - UINT64_MAX); - refund.details.refund_amount = deposit.amount_with_fee; - refund.details.refund_fee = fee_refund; - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->insert_refund (plugin->cls, - &refund)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->select_refunds_by_coin (plugin->cls, - &refund.coin.coin_pub, - &refund.details.merchant_pub, - &refund.details.h_contract_terms, - &check_refund_cb, - &refund)); - - /* test recoup / revocation */ - RND_BLK (&master_sig); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->insert_denomination_revocation (plugin->cls, - &cbc.denom_pub_hash, - &master_sig)); - FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - plugin->commit (plugin->cls)); - plugin->preflight (plugin->cls); - FAILIF (GNUNET_OK != - plugin->start (plugin->cls, - "test-4")); - FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - plugin->insert_denomination_revocation (plugin->cls, - &cbc.denom_pub_hash, - &master_sig)); - plugin->rollback (plugin->cls); - plugin->preflight (plugin->cls); - FAILIF (GNUNET_OK != - plugin->start (plugin->cls, - "test-5")); - { - struct TALER_MasterSignatureP msig; - uint64_t rev_rowid; - - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->get_denomination_revocation (plugin->cls, - &cbc.denom_pub_hash, - &msig, - &rev_rowid)); - FAILIF (0 != GNUNET_memcmp (&msig, - &master_sig)); - } - - - RND_BLK (&coin_sig); - RND_BLK (&coin_blind); - FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - plugin->insert_recoup_request (plugin->cls, - &reserve_pub, - &deposit.coin, - &coin_sig, - &coin_blind, - &value, - &cbc.h_coin_envelope, - deadline)); - auditor_row_cnt = 0; FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != plugin->select_refunds_above_serial_id (plugin->cls, 0, &audit_refund_cb, NULL)); - FAILIF (1 != auditor_row_cnt); qs = plugin->get_coin_transactions (plugin->cls, &refund.coin.coin_pub, @@ -2163,15 +2007,13 @@ run (void *cls) matched |= 1; break; } -#if 0 /* this coin pub was actually never melted... */ case TALER_EXCHANGEDB_TT_MELT: FAILIF (0 != - GNUNET_memcmp (&melt, - &tlp->details.melt)); + GNUNET_memcmp (&refresh.rc, + &tlp->details.melt->rc)); matched |= 2; break; -#endif case TALER_EXCHANGEDB_TT_REFUND: { struct TALER_EXCHANGEDB_RefundListEntry *have = tlp->details.refund; @@ -2209,16 +2051,241 @@ run (void *cls) matched |= 8; break; } + case TALER_EXCHANGEDB_TT_OLD_COIN_RECOUP: + /* TODO: check fields better... */ + matched |= 16; + break; default: + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unexpected coin history transaction type: %d\n", + tlp->type); FAILIF (1); break; } } - FAILIF (13 != matched); + FAILIF (31 != matched); plugin->free_coin_transaction_list (plugin->cls, tl); + + /* Tests for deposits+wire */ + TALER_denom_sig_free (&deposit.coin.denom_sig); + memset (&deposit, + 0, + sizeof (deposit)); + deposit.deposit_fee = fee_deposit; + RND_BLK (&deposit.coin.coin_pub); + TALER_denom_pub_hash (&dkp->pub, + &deposit.coin.denom_pub_hash); + GNUNET_assert (GNUNET_OK == + TALER_denom_sig_unblind (&deposit.coin.denom_sig, + &cbc.sig, + &bks, + &dkp->pub)); + RND_BLK (&deposit.csig); + RND_BLK (&deposit.merchant_pub); + RND_BLK (&deposit.h_contract_terms); + RND_BLK (&deposit.wire_salt); + deposit.receiver_wire_account = + "payto://iban/DE67830654080004822650?receiver-name=Test"; + TALER_merchant_wire_signature_hash ( + "payto://iban/DE67830654080004822650?receiver-name=Test", + &deposit.wire_salt, + &h_wire_wt); + deposit.amount_with_fee = value; + deposit.deposit_fee = fee_deposit; + + deposit.refund_deadline = deadline; + deposit.wire_deadline = deadline; + result = 8; + { + uint64_t known_coin_id; + struct TALER_DenominationHash dph; + struct TALER_AgeHash agh; + + FAILIF (TALER_EXCHANGEDB_CKS_ADDED != + plugin->ensure_coin_known (plugin->cls, + &deposit.coin, + &known_coin_id, + &dph, + &agh)); + } + { + struct GNUNET_TIME_Timestamp now; + struct GNUNET_TIME_Timestamp r; + struct TALER_Amount deposit_fee; + struct TALER_MerchantWireHash h_wire; + + now = GNUNET_TIME_timestamp_get (); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->insert_deposit (plugin->cls, + now, + &deposit)); + TALER_merchant_wire_signature_hash (deposit.receiver_wire_account, + &deposit.wire_salt, + &h_wire); + FAILIF (1 != + plugin->have_deposit2 (plugin->cls, + &deposit.h_contract_terms, + &h_wire, + &deposit.coin.coin_pub, + &deposit.merchant_pub, + deposit.refund_deadline, + &deposit_fee, + &r)); + FAILIF (GNUNET_TIME_timestamp_cmp (now, + !=, + r)); + } + { + struct GNUNET_TIME_Timestamp start_range; + struct GNUNET_TIME_Timestamp end_range; + + start_range = GNUNET_TIME_absolute_to_timestamp ( + GNUNET_TIME_absolute_subtract (deadline.abs_time, + GNUNET_TIME_UNIT_SECONDS)); + end_range = GNUNET_TIME_absolute_to_timestamp ( + GNUNET_TIME_absolute_add (deadline.abs_time, + GNUNET_TIME_UNIT_SECONDS)); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->select_deposits_missing_wire (plugin->cls, + start_range, + end_range, + &wire_missing_cb, + &deposit)); + FAILIF (8 != result); + } + auditor_row_cnt = 0; + FAILIF (0 >= + plugin->select_deposits_above_serial_id (plugin->cls, + 0, + &audit_deposit_cb, + NULL)); + FAILIF (0 == auditor_row_cnt); + result = 8; + sleep (2); /* give deposit time to be ready */ + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->get_ready_deposit (plugin->cls, + 0, + INT32_MAX, + true, + &deposit_cb, + &deposit)); + FAILIF (8 == result); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->iterate_matching_deposits (plugin->cls, + wire_target_row, + &deposit.merchant_pub, + &matching_deposit_cb, + &deposit, + 2)); + FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != + plugin->commit (plugin->cls)); + FAILIF (GNUNET_OK != + plugin->start (plugin->cls, + "test-2")); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->mark_deposit_tiny (plugin->cls, + deposit_rowid)); + FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != + plugin->get_ready_deposit (plugin->cls, + 0, + INT32_MAX, + true, + &deposit_cb, + &deposit)); + plugin->rollback (plugin->cls); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->get_ready_deposit (plugin->cls, + 0, + INT32_MAX, + true, + &deposit_cb, + &deposit)); + FAILIF (GNUNET_OK != + plugin->start (plugin->cls, + "test-3")); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->mark_deposit_done (plugin->cls, + deposit_rowid)); + FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != + plugin->commit (plugin->cls)); + + result = 10; + deposit2 = deposit; + FAILIF (GNUNET_OK != + plugin->start (plugin->cls, + "test-2")); + RND_BLK (&deposit2.merchant_pub); /* should fail if merchant is different */ + { + struct TALER_MerchantWireHash h_wire; + struct GNUNET_TIME_Timestamp r; + struct TALER_Amount deposit_fee; + + TALER_merchant_wire_signature_hash (deposit2.receiver_wire_account, + &deposit2.wire_salt, + &h_wire); + FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != + plugin->have_deposit2 (plugin->cls, + &deposit2.h_contract_terms, + &h_wire, + &deposit2.coin.coin_pub, + &deposit2.merchant_pub, + deposit2.refund_deadline, + &deposit_fee, + &r)); + deposit2.merchant_pub = deposit.merchant_pub; + RND_BLK (&deposit2.coin.coin_pub); /* should fail if coin is different */ + FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != + plugin->have_deposit2 (plugin->cls, + &deposit2.h_contract_terms, + &h_wire, + &deposit2.coin.coin_pub, + &deposit2.merchant_pub, + deposit2.refund_deadline, + &deposit_fee, + &r)); + } + FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != + plugin->commit (plugin->cls)); + + + /* test revocation */ + RND_BLK (&master_sig); + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->insert_denomination_revocation (plugin->cls, + &cbc.denom_pub_hash, + &master_sig)); + FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != + plugin->commit (plugin->cls)); + plugin->preflight (plugin->cls); + FAILIF (GNUNET_OK != + plugin->start (plugin->cls, + "test-4")); + FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != + plugin->insert_denomination_revocation (plugin->cls, + &cbc.denom_pub_hash, + &master_sig)); + plugin->rollback (plugin->cls); + plugin->preflight (plugin->cls); + FAILIF (GNUNET_OK != + plugin->start (plugin->cls, + "test-5")); + { + struct TALER_MasterSignatureP msig; + uint64_t rev_rowid; + + FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + plugin->get_denomination_revocation (plugin->cls, + &cbc.denom_pub_hash, + &msig, + &rev_rowid)); + FAILIF (0 != GNUNET_memcmp (&msig, + &master_sig)); + } + + plugin->rollback (plugin->cls); FAILIF (GNUNET_OK != test_wire_prepare ()); @@ -2244,6 +2311,22 @@ drop: plugin->drop_tables (plugin->cls)); if (NULL != dkp) destroy_denom_key_pair (dkp); + if (NULL != revealed_coins) + { + for (unsigned int cnt = 0; cnt < MELT_NEW_COINS; cnt++) + { + TALER_blinded_denom_sig_free (&revealed_coins[cnt].coin_sig); + GNUNET_free (revealed_coins[cnt].coin_ev); + } + GNUNET_free (revealed_coins); + revealed_coins = NULL; + } + GNUNET_free (new_denom_pubs); + for (unsigned int cnt = 0; + (NULL != new_dkp) && (cnt < MELT_NEW_COINS) && (NULL != new_dkp[cnt]); + cnt++) + destroy_denom_key_pair (new_dkp[cnt]); + GNUNET_free (new_dkp); TALER_denom_sig_free (&deposit.coin.denom_sig); TALER_blinded_denom_sig_free (&cbc.sig); TALER_blinded_denom_sig_free (&cbc2.sig); diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 89e8697d6..03edb4462 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -1860,6 +1860,43 @@ TALER_wallet_recoup_sign ( struct TALER_CoinSpendSignatureP *coin_sig); +/** + * Verify recoup-refresh signature. + * + * @param h_denom_pub hash of the denomiantion public key of the coin + * @param coin_bks blinding factor used when withdrawing the coin + * @param requested_amount amount that is left to be recouped + * @param coin_pub coin key of the coin to be recouped + * @param coin_sig resulting signature + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_wallet_recoup_refresh_verify ( + const struct TALER_DenominationHash *h_denom_pub, + const union TALER_DenominationBlindingKeyP *coin_bks, + const struct TALER_Amount *requested_amount, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig); + + +/** + * Create recoup-refresh signature. + * + * @param h_denom_pub hash of the denomiantion public key of the coin + * @param coin_bks blinding factor used when withdrawing the coin + * @param requested_amount amount that is left to be recouped + * @param coin_priv coin key of the coin to be recouped + * @param coin_sig resulting signature + */ +void +TALER_wallet_recoup_refresh_sign ( + const struct TALER_DenominationHash *h_denom_pub, + const union TALER_DenominationBlindingKeyP *coin_bks, + const struct TALER_Amount *requested_amount, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig); + + /* ********************* offline signing ************************** */ diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h index b0d5e2af8..af07588e1 100644 --- a/src/include/taler_exchange_service.h +++ b/src/include/taler_exchange_service.h @@ -2001,23 +2001,19 @@ struct TALER_EXCHANGE_RecoupHandle; /** * Callbacks of this type are used to return the final result of - * submitting a refresh request to a exchange. If the operation was - * successful, this function returns the signatures over the coins - * that were remelted. The @a coin_privs and @a sigs arrays give the - * coins in the same order (and should have the same length) in which - * the original request specified the respective denomination keys. + * submitting a recoup request to a exchange. If the operation was + * successful, this function returns the @a reserve_pub of the + * reserve that was credited. * * @param cls closure * @param hr HTTP response data - * @param reserve_pub public key of the reserve receiving the recoup, NULL if refreshed or on error - * @param old_coin_pub public key of the dirty coin, NULL if not refreshed or on error + * @param reserve_pub public key of the reserve receiving the recoup */ typedef void (*TALER_EXCHANGE_RecoupResultCallback) ( void *cls, const struct TALER_EXCHANGE_HttpResponse *hr, - const struct TALER_ReservePublicKeyP *reserve_pub, - const struct TALER_CoinSpendPublicKeyP *old_coin_pub); + const struct TALER_ReservePublicKeyP *reserve_pub); /** @@ -2030,7 +2026,6 @@ typedef void * @param denom_sig signature over the coin by the exchange using @a pk * @param ps secret internals of the original planchet * @param amount value remaining on the coin that is being recouped - * @param was_refreshed true if the coin in @a ps was refreshed * @param recoup_cb the callback to call when the final result for this request is available * @param recoup_cb_cls closure for @a recoup_cb * @return NULL @@ -2043,7 +2038,6 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange, const struct TALER_DenominationSignature *denom_sig, const struct TALER_PlanchetSecretsP *ps, const struct TALER_Amount *amount, - bool was_refreshed, TALER_EXCHANGE_RecoupResultCallback recoup_cb, void *recoup_cb_cls); @@ -2058,6 +2052,70 @@ void TALER_EXCHANGE_recoup_cancel (struct TALER_EXCHANGE_RecoupHandle *ph); +/* ********************* /recoup-refresh *********************** */ + + +/** + * @brief A /recoup-refresh Handle + */ +struct TALER_EXCHANGE_RecoupRefreshHandle; + + +/** + * Callbacks of this type are used to return the final result of + * submitting a recoup-refresh request to a exchange. + * + * @param cls closure + * @param hr HTTP response data + * @param old_coin_pub public key of the dirty coin that was credited + */ +typedef void +(*TALER_EXCHANGE_RecoupRefreshResultCallback) ( + void *cls, + const struct TALER_EXCHANGE_HttpResponse *hr, + const struct TALER_CoinSpendPublicKeyP *old_coin_pub); + + +/** + * Ask the exchange to pay back a coin due to the exchange triggering + * the emergency recoup protocol for a given denomination. The value + * of the coin will be refunded to the original coin that the + * revoked coin was refreshed from. The original coin is then + * considered a zombie. + * + * @param exchange the exchange handle; the exchange must be ready to operate + * @param pk kind of coin to pay back + * @param denom_sig signature over the coin by the exchange using @a pk + * @param ps secret internals of the original planchet + * @param amount value remaining on the coin that is being recouped + * @param recoup_cb the callback to call when the final result for this request is available + * @param recoup_cb_cls closure for @a recoup_cb + * @return NULL + * if the inputs are invalid (i.e. denomination key not with this exchange). + * In this case, the callback is not called. + */ +struct TALER_EXCHANGE_RecoupRefreshHandle * +TALER_EXCHANGE_recoup_refresh ( + struct TALER_EXCHANGE_Handle *exchange, + const struct TALER_EXCHANGE_DenomPublicKey *pk, + const struct TALER_DenominationSignature *denom_sig, + const struct TALER_PlanchetSecretsP *ps, + const struct TALER_Amount *amount, + TALER_EXCHANGE_RecoupRefreshResultCallback recoup_cb, + void *recoup_cb_cls); + + +/** + * Cancel a recoup-refresh request. This function cannot be used on a request + * handle if the callback was already invoked. + * + * @param ph the recoup handle + */ +void +TALER_EXCHANGE_recoup_refresh_cancel ( + struct TALER_EXCHANGE_RecoupRefreshHandle *ph); + + /* ********************* /kyc* *********************** */ /** diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 6796fbac9..357d9f073 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -257,7 +257,7 @@ struct TALER_EXCHANGEDB_TableData struct TALER_BlindedCoinHash h_blind_ev; uint64_t denominations_serial; struct TALER_BlindedDenominationSignature denom_sig; - struct TALER_ReservePublicKeyP reserve_pub; + uint64_t reserve_uuid; struct TALER_ReserveSignatureP reserve_sig; struct GNUNET_TIME_Timestamp execution_date; struct TALER_Amount amount_with_fee; @@ -303,7 +303,7 @@ struct TALER_EXCHANGEDB_TableData struct { struct TALER_RefreshCommitmentP rc; - uint64_t old_known_coin_id; + struct TALER_CoinSpendPublicKeyP old_coin_pub; struct TALER_CoinSpendSignatureP old_coin_sig; struct TALER_Amount amount_with_fee; uint32_t noreveal_index; @@ -1037,7 +1037,7 @@ struct TALER_EXCHANGEDB_Deposit /** * Additional details for extensions relevant for this - * deposit operation. + * deposit operation, possibly NULL! */ json_t *extension_details; @@ -1625,9 +1625,9 @@ typedef enum GNUNET_GenericReturnValue struct TALER_EXCHANGEDB_RefreshRevealedCoin { /** - * Public denomination key of the coin. + * Hash of the public denomination key of the coin. */ - struct TALER_DenominationPublicKey denom_pub; + struct TALER_DenominationHash h_denom_pub; /** * Signature of the original coin being refreshed over the @@ -1725,18 +1725,12 @@ struct TALER_EXCHANGEDB_KycStatus * @param cls closure * @param num_freshcoins size of the @a rrcs array * @param rrcs array of @a num_freshcoins information about coins to be created - * @param num_tprivs number of entries in @a tprivs, should be #TALER_CNC_KAPPA - 1 - * @param tprivs array of @e num_tprivs transfer private keys - * @param tp transfer public key information */ typedef void (*TALER_EXCHANGEDB_RefreshCallback)( void *cls, uint32_t num_freshcoins, - const struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrcs, - unsigned int num_tprivs, - const struct TALER_TransferPrivateKeyP *tprivs, - const struct TALER_TransferPublicKeyP *tp); + const struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrcs); /** @@ -2400,20 +2394,6 @@ struct TALER_EXCHANGEDB_Plugin const char *id); - /** - * Get the KYC status for a bank account. - * - * @param cls the @e cls of this struct with the plugin-specific state - * @param payto_uri payto:// URI that identifies the bank account - * @param[out] kyc set to the KYC status of the reserve - * @return transaction status - */ - enum GNUNET_DB_QueryStatus - (*get_kyc_status)(void *cls, - const char *payto_uri, - struct TALER_EXCHANGEDB_KycStatus *kyc); - - /** * Get the @a kyc status and @a h_payto by UUID. * @@ -2468,22 +2448,6 @@ struct TALER_EXCHANGEDB_Plugin uint64_t wire_reference); - /** - * Obtain the most recent @a wire_reference that was inserted via @e reserves_in_insert. - * Used by the wirewatch process when resuming. - * - * @param cls the @e cls of this struct with the plugin-specific state - * @param exchange_account_name name of the section in the exchange's configuration - * for the account that we are tracking here - * @param[out] wire_reference set to unique reference identifying the wire transfer - * @return transaction status code - */ - enum GNUNET_DB_QueryStatus - (*get_latest_reserve_in_reference)(void *cls, - const char *exchange_account_name, - uint64_t *wire_reference); - - /** * Locate the response for a withdraw request under the * key of the hash of the blinded message. Used to ensure @@ -2502,30 +2466,6 @@ struct TALER_EXCHANGEDB_Plugin struct TALER_EXCHANGEDB_CollectableBlindcoin *collectable); - /** - * Check coin balance is sufficient to satisfy balance - * invariants. - * - * @param cls the `struct PostgresClosure` with the plugin-specific state - * @param coin_pub coin to check - * @param coin_value value of the coin's denomination (avoids internal lookup) - * @param check_recoup include recoup and recoup_refresh tables in calculation - * @param zombie_required additionally require coin to be a zombie coin - * @param[out] balance_ok set to true if the balance was sufficient - * @param[out] zombie_ok set to true if the zombie requirement was satisfied - * @return query execution status - */ - enum GNUNET_DB_QueryStatus - (*do_check_coin_balance)( - void *cls, - const struct TALER_CoinSpendPublicKeyP *coin_pub, - const struct TALER_Amount *coin_value, - bool check_recoup, - bool zombie_required, - bool *balance_ok, - bool *zombie_ok); - - /** * Perform withdraw operation, checking for sufficient balance * and possibly persisting the withdrawal details. @@ -2537,6 +2477,7 @@ struct TALER_EXCHANGEDB_Plugin * @param[out] found set to true if the reserve was found * @param[out] balance_ok set to true if the balance was sufficient * @param[out] kyc set to the KYC status of the reserve + * @param[out] ruuid set to the reserve's UUID (reserves table row) * @return query execution status */ enum GNUNET_DB_QueryStatus @@ -2546,7 +2487,8 @@ struct TALER_EXCHANGEDB_Plugin struct GNUNET_TIME_Timestamp now, bool *found, bool *balance_ok, - struct TALER_EXCHANGEDB_KycStatus *kyc_ok); + struct TALER_EXCHANGEDB_KycStatus *kyc_ok, + uint64_t *ruuid); /** @@ -2554,7 +2496,7 @@ struct TALER_EXCHANGEDB_Plugin * checks after withdraw operation. * * @param cls the `struct PostgresClosure` with the plugin-specific state - * @param reserve_pub reserve to check + * @param ruuid identifies the reserve to check * @param withdraw_start starting point to accumulate from * @param upper_limit maximum amount allowed * @param[out] below_limit set to true if the limit was not exceeded @@ -2563,12 +2505,148 @@ struct TALER_EXCHANGEDB_Plugin enum GNUNET_DB_QueryStatus (*do_withdraw_limit_check)( void *cls, - const struct TALER_ReservePublicKeyP *reserve_pub, + uint64_t ruuid, struct GNUNET_TIME_Absolute withdraw_start, const struct TALER_Amount *upper_limit, bool *below_limit); + /** + * Perform deposit operation, checking for sufficient balance + * of the coin and possibly persisting the deposit details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param deposit deposit operation details + * @param known_coin_id row of the coin in the known_coins table + * @param h_payto hash of the merchant's payto URI + * @param[in,out] exchange_timestamp time to use for the deposit (possibly updated) + * @param[out] balance_ok set to true if the balance was sufficient + * @param[out] in_conflict set to true if the deposit conflicted + * @return query execution status + */ + enum GNUNET_DB_QueryStatus + (*do_deposit)( + void *cls, + const struct TALER_EXCHANGEDB_Deposit *deposit, + uint64_t known_coin_id, + const struct TALER_PaytoHash *h_payto, + bool extension_blocked, + struct GNUNET_TIME_Timestamp *exchange_timestamp, + bool *balance_ok, + bool *in_conflict); + + + /** + * Perform melt operation, checking for sufficient balance + * of the coin and possibly persisting the melt details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param[in,out] refresh refresh operation details; the noreveal_index + * is set in case the coin was already melted before + * @param known_coin_id row of the coin in the known_coins table + * @param[in,out] zombie_required true if the melt must only succeed if the coin is a zombie, set to false if the requirement was satisfied + * @param[out] balance_ok set to true if the balance was sufficient + * @return query execution status + */ + enum GNUNET_DB_QueryStatus + (*do_melt)( + void *cls, + struct TALER_EXCHANGEDB_Refresh *refresh, + uint64_t known_coin_id, + bool *zombie_required, + bool *balance_ok); + + + /** + * Perform refund operation, checking for sufficient deposits + * of the coin and possibly persisting the refund details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param refund refund operation details + * @param deposit_fee deposit fee applicable for the coin, possibly refunded + * @param known_coin_id row of the coin in the known_coins table + * @param[out] not_found set if the deposit was not found + * @param[out] refund_ok set if the refund succeeded (below deposit amount) + * @param[out] gone if the merchant was already paid + * @param[out] conflict set if the refund ID was re-used + * @return query execution status + */ + enum GNUNET_DB_QueryStatus + (*do_refund)( + void *cls, + const struct TALER_EXCHANGEDB_Refund *refund, + const struct TALER_Amount *deposit_fee, + uint64_t known_coin_id, + bool *not_found, + bool *refund_ok, + bool *gone, + bool *conflict); + + + /** + * Perform recoup operation, checking for sufficient deposits + * of the coin and possibly persisting the recoup details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param reserve_pub public key of the reserve to credit + * @param reserve_out_serial_id row in the reserves_out table justifying the recoup + * @param requested_amount the amount to be recouped + * @param coin_bks coin blinding key secret to persist + * @param coin_pub public key of the coin being recouped + * @param known_coin_id row of the @a coin_pub in the known_coins table + * @param coin_sig signature of the coin requesting the recoup + * @param[in,out] recoup_timestamp recoup timestamp, set if recoup existed + * @param[out] recoup_ok set if the recoup succeeded (balance ok) + * @param[out] internal_failure set on internal failures + * @return query execution status + */ + enum GNUNET_DB_QueryStatus + (*do_recoup)( + void *cls, + const struct TALER_ReservePublicKeyP *reserve_pub, + uint64_t reserve_out_serial_id, + const struct TALER_Amount *requested_amount, + const union TALER_DenominationBlindingKeyP *coin_bks, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + uint64_t known_coin_id, + const struct TALER_CoinSpendSignatureP *coin_sig, + struct GNUNET_TIME_Timestamp *recoup_timestamp, + bool *recoup_ok, + bool *internal_failure); + + + /** + * Perform recoup-refresh operation, checking for sufficient deposits of the + * coin and possibly persisting the recoup-refresh details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param old_coin_pub public key of the old coin to credit + * @param rrc_serial row in the refresh_revealed_coins table justifying the recoup-refresh + * @param requested_amount the amount to be recouped + * @param coin_bks coin blinding key secret to persist + * @param coin_pub public key of the coin being recouped + * @param known_coin_id row of the @a coin_pub in the known_coins table + * @param coin_sig signature of the coin requesting the recoup + * @param[in,out] recoup_timestamp recoup timestamp, set if recoup existed + * @param[out] recoup_ok set if the recoup-refresh succeeded (balance ok) + * @param[out] internal_failure set on internal failures + * @return query execution status + */ + enum GNUNET_DB_QueryStatus + (*do_recoup_refresh)( + void *cls, + const struct TALER_CoinSpendPublicKeyP *old_coin_pub, + uint64_t rrc_serial, + const struct TALER_Amount *requested_amount, + const union TALER_DenominationBlindingKeyP *coin_bks, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + uint64_t known_coin_id, + const struct TALER_CoinSpendSignatureP *coin_sig, + struct GNUNET_TIME_Timestamp *recoup_timestamp, + bool *recoup_ok, + bool *internal_failure); + + /** * Get all of the transaction history associated with the specified * reserve. @@ -2586,27 +2664,6 @@ struct TALER_EXCHANGEDB_Plugin struct TALER_EXCHANGEDB_ReserveHistory **rhp); - /** - * Find out all of the amounts that have been withdrawn - * so far from the same bank account that created the - * given reserve. - * - * @param cls closure - * @param reserve_pub reserve to select withdrawals by - * @param duration how far back should we select withdrawals - * @param cb function to call on each amount withdrawn - * @param cb_cls closure for @a cb - * @return transaction status - */ - enum GNUNET_DB_QueryStatus - (*select_withdraw_amounts_by_account)( - void *cls, - const struct TALER_ReservePublicKeyP *reserve_pub, - struct GNUNET_TIME_Relative duration, - TALER_EXCHANGEDB_WithdrawHistoryCallback cb, - void *cb_cls); - - /** * Free memory associated with the given reserve history. * @@ -2635,6 +2692,9 @@ struct TALER_EXCHANGEDB_Plugin * * @param cls database connection plugin state * @param coin the coin that must be made known + * @param[out] known_coin_id set to the unique row of the coin + * @param[out] denom_pub_hash set to the conflicting denomination hash on conflict + * @param[out] age_hash set to the conflicting age hash on conflict * @return database transaction status, non-negative on success */ enum TALER_EXCHANGEDB_CoinKnownStatus @@ -2662,10 +2722,18 @@ struct TALER_EXCHANGEDB_Plugin /** * Conflicting coin (different denomination key) already in database. */ - TALER_EXCHANGEDB_CKS_CONFLICT = -3, + TALER_EXCHANGEDB_CKS_DENOM_CONFLICT = -3, + + /** + * Conflicting coin (different age hash) already in database. + */ + TALER_EXCHANGEDB_CKS_AGE_CONFLICT = -4, } (*ensure_coin_known)(void *cls, - const struct TALER_CoinPublicInfo *coin); + const struct TALER_CoinPublicInfo *coin, + uint64_t *known_coin_id, + struct TALER_DenominationHash *denom_pub_hash, + struct TALER_AgeHash *age_hash); /** @@ -2686,33 +2754,17 @@ struct TALER_EXCHANGEDB_Plugin * * @param cls the plugin closure * @param coin_pub the public key of the coin to search for + * @param[out] known_coin_id set to the ID of the coin in the known_coins table * @param[out] denom_hash where to store the hash of the coins denomination * @return transaction status code */ enum GNUNET_DB_QueryStatus (*get_coin_denomination)(void *cls, const struct TALER_CoinSpendPublicKeyP *coin_pub, + uint64_t *known_coin_id, struct TALER_DenominationHash *denom_hash); - /** - * Check if we have the specified deposit already in the database. - * - * @param cls the @e cls of this struct with the plugin-specific state - * @param deposit deposit to search for - * @param[out] deposit_fee set to the deposit fee the exchange charged - * @param[out] exchange_timestamp set to the time when the exchange received the deposit - * @return 1 if we know this operation, - * 0 if this exact deposit is unknown to us, - * otherwise transaction error status - */ - enum GNUNET_DB_QueryStatus - (*have_deposit)(void *cls, - const struct TALER_EXCHANGEDB_Deposit *deposit, - struct TALER_Amount *deposit_fee, - struct GNUNET_TIME_Timestamp *exchange_timestamp); - - /** * Check if we have the specified deposit already in the database. * @@ -2728,6 +2780,7 @@ struct TALER_EXCHANGEDB_Plugin * 0 if this exact deposit is unknown to us, * otherwise transaction error status */ + // FIXME: rename! enum GNUNET_DB_QueryStatus (*have_deposit2)( void *cls, @@ -2742,6 +2795,7 @@ struct TALER_EXCHANGEDB_Plugin /** * Insert information about deposited coin into the database. + * Used in tests and for benchmarking. * * @param cls the @e cls of this struct with the plugin-specific state * @param exchange_timestamp time the exchange received the deposit request @@ -2756,6 +2810,7 @@ struct TALER_EXCHANGEDB_Plugin /** * Insert information about refunded coin into the database. + * Used in tests and for benchmarking. * * @param cls the @e cls of this struct with the plugin-specific state * @param refund refund information to store @@ -2873,18 +2928,6 @@ struct TALER_EXCHANGEDB_Plugin uint32_t limit); - /** - * Store new melt commitment data. - * - * @param cls the @e cls of this struct with the plugin-specific state - * @param refresh_session operational data to store - * @return query status for the transaction - */ - enum GNUNET_DB_QueryStatus - (*insert_melt)(void *cls, - const struct TALER_EXCHANGEDB_Refresh *refresh_session); - - /** * Lookup melt commitment data under the given @a rc. * @@ -2893,29 +2936,14 @@ struct TALER_EXCHANGEDB_Plugin * @param[out] melt where to store the result; note that * melt->session.coin.denom_sig will be set to NULL * and is not fetched by this routine (as it is not needed by the client) + * @param[out] melt_serial_id set to the row ID of @a rc in the refresh_commitments table * @return transaction status */ enum GNUNET_DB_QueryStatus (*get_melt)(void *cls, const struct TALER_RefreshCommitmentP *rc, - struct TALER_EXCHANGEDB_Melt *melt); - - - /** - * Lookup noreveal index of a previous melt operation under the given - * @a rc. - * - * @param cls the `struct PostgresClosure` with the plugin-specific state - * @param rc commitment hash to use to locate the operation - * @param[out] noreveal_index returns the "gamma" value selected by the - * exchange which is the index of the transfer key that is - * not to be revealed to the exchange - * @return transaction status - */ - enum GNUNET_DB_QueryStatus - (*get_melt_index)(void *cls, - const struct TALER_RefreshCommitmentP *rc, - uint32_t *noreveal_index); + struct TALER_EXCHANGEDB_Melt *melt, + uint64_t *melt_serial_id); /** @@ -2924,7 +2952,7 @@ struct TALER_EXCHANGEDB_Plugin * we learned or created in the reveal step. * * @param cls the @e cls of this struct with the plugin-specific state - * @param rc identify commitment and thus refresh operation + * @param melt_serial_id row ID of the commitment / melt operation in refresh_commitments * @param num_rrcs number of coins to generate, size of the @a rrcs array * @param rrcs information about the new coins * @param num_tprivs number of entries in @a tprivs, should be #TALER_CNC_KAPPA - 1 @@ -2935,7 +2963,7 @@ struct TALER_EXCHANGEDB_Plugin enum GNUNET_DB_QueryStatus (*insert_refresh_reveal)( void *cls, - const struct TALER_RefreshCommitmentP *rc, + uint64_t melt_serial_id, uint32_t num_rrcs, const struct TALER_EXCHANGEDB_RefreshRevealedCoin *rrcs, unsigned int num_tprivs, @@ -3460,58 +3488,6 @@ struct TALER_EXCHANGEDB_Plugin void *cb_cls); - /** - * Function called to add a request for an emergency recoup for a - * coin. The funds are to be added back to the reserve. - * - * @param cls closure - * @param reserve_pub public key of the reserve that is being refunded - * @param coin public information about a coin - * @param coin_sig signature of the coin of type #TALER_SIGNATURE_WALLET_COIN_RECOUP - * @param coin_blind blinding key of the coin - * @param h_blind_ev blinded envelope, as calculated by the exchange - * @param amount total amount to be paid back - * @param h_blind_ev hash of the blinded coin's envelope (must match reserves_out entry) - * @param timestamp the timestamp to store - * @return transaction result status - */ - enum GNUNET_DB_QueryStatus - (*insert_recoup_request)( - void *cls, - const struct TALER_ReservePublicKeyP *reserve_pub, - const struct TALER_CoinPublicInfo *coin, - const struct TALER_CoinSpendSignatureP *coin_sig, - const union TALER_DenominationBlindingKeyP *coin_blind, - const struct TALER_Amount *amount, - const struct TALER_BlindedCoinHash *h_blind_ev, - struct GNUNET_TIME_Timestamp timestamp); - - - /** - * Function called to add a request for an emergency recoup for a - * refreshed coin. The funds are to be added back to the original coin. - * - * @param cls closure - * @param coin public information about the refreshed coin - * @param coin_sig signature of the coin of type #TALER_SIGNATURE_WALLET_COIN_RECOUP - * @param coin_blind blinding key of the coin - * @param h_blind_ev blinded envelope, as calculated by the exchange - * @param amount total amount to be paid back - * @param h_blind_ev hash of the blinded coin's envelope (must match reserves_out entry) - * @param timestamp a timestamp to store - * @return transaction result status - */ - enum GNUNET_DB_QueryStatus - (*insert_recoup_refresh_request)( - void *cls, - const struct TALER_CoinPublicInfo *coin, - const struct TALER_CoinSpendSignatureP *coin_sig, - const union TALER_DenominationBlindingKeyP *coin_blind, - const struct TALER_Amount *amount, - const struct TALER_BlindedCoinHash *h_blind_ev, - struct GNUNET_TIME_Timestamp timestamp); - - /** * Obtain information about which reserve a coin was generated * from given the hash of the blinded coin. @@ -3519,12 +3495,14 @@ struct TALER_EXCHANGEDB_Plugin * @param cls closure * @param h_blind_ev hash of the blinded coin * @param[out] reserve_pub set to information about the reserve (on success only) + * @param[out] reserve_out_serial_id set to row of the @a h_blind_ev in reserves_out * @return transaction status code */ enum GNUNET_DB_QueryStatus (*get_reserve_by_h_blind)(void *cls, const struct TALER_BlindedCoinHash *h_blind_ev, - struct TALER_ReservePublicKeyP *reserve_pub); + struct TALER_ReservePublicKeyP *reserve_pub, + uint64_t *reserve_out_serial_id); /** @@ -3534,12 +3512,14 @@ struct TALER_EXCHANGEDB_Plugin * @param cls closure * @param h_blind_ev hash of the blinded coin * @param[out] old_coin_pub set to information about the old coin (on success only) + * @param[out] rrc_serial set to the row of the @a h_blind_ev in the refresh_revealed_coins table * @return transaction status code */ enum GNUNET_DB_QueryStatus (*get_old_coin_by_h_blind)(void *cls, const struct TALER_BlindedCoinHash *h_blind_ev, - struct TALER_CoinSpendPublicKeyP *old_coin_pub); + struct TALER_CoinSpendPublicKeyP *old_coin_pub, + uint64_t *rrc_serial); /** diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index d3a3d02fc..abd10323e 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -263,6 +263,11 @@ */ #define TALER_SIGNATURE_WALLET_ACCOUNT_SETUP 1205 +/** + * Signature using a coin key requesting recoup-refresh. + */ +#define TALER_SIGNATURE_WALLET_COIN_RECOUP_REFRESH 1206 + /******************************/ /* Security module signatures */ diff --git a/src/include/taler_testing_lib.h b/src/include/taler_testing_lib.h index 4733cf2f6..20e3145f0 100644 --- a/src/include/taler_testing_lib.h +++ b/src/include/taler_testing_lib.h @@ -1747,7 +1747,6 @@ TALER_TESTING_cmd_refund (const char *label, * offers a coin and reserve private key. May specify * the index of the coin using "$LABEL#$INDEX" syntax. * Here, $INDEX must be a non-negative number. - * @param melt_reference NULL if coin was not refreshed, otherwise label of the melt operation * @param amount how much do we expect to recoup, NULL for nothing * @return the command. */ @@ -1755,10 +1754,30 @@ struct TALER_TESTING_Command TALER_TESTING_cmd_recoup (const char *label, unsigned int expected_response_code, const char *coin_reference, - const char *melt_reference, const char *amount); +/** + * Make a "recoup-refresh" command. + * + * @param label the command label + * @param expected_response_code expected HTTP status code + * @param coin_reference reference to any command which + * offers a coin and reserve private key. May specify + * the index of the coin using "$LABEL#$INDEX" syntax. + * Here, $INDEX must be a non-negative number. + * @param melt_reference label of the melt operation + * @param amount how much do we expect to recoup, NULL for nothing + * @return the command. + */ +struct TALER_TESTING_Command +TALER_TESTING_cmd_recoup_refresh (const char *label, + unsigned int expected_response_code, + const char *coin_reference, + const char *melt_reference, + const char *amount); + + /** * Make a "revoke" command. * diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 2b8e0177e..dd4c527d5 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -43,6 +43,7 @@ libtalerexchange_la_SOURCES = \ exchange_api_management_wire_enable.c \ exchange_api_melt.c \ exchange_api_recoup.c \ + exchange_api_recoup_refresh.c \ exchange_api_refresh_common.c exchange_api_refresh_common.h \ exchange_api_refreshes_reveal.c \ exchange_api_refund.c \ diff --git a/src/lib/exchange_api_common.c b/src/lib/exchange_api_common.c index 93b992e65..139b10665 100644 --- a/src/lib/exchange_api_common.c +++ b/src/lib/exchange_api_common.c @@ -546,17 +546,17 @@ TALER_EXCHANGE_verify_coin_history ( else if (0 == strcasecmp (type, "MELT")) { - struct TALER_RefreshMeltCoinAffirmationPS rm; struct TALER_CoinSpendSignatureP sig; + struct TALER_RefreshCommitmentP rc; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_fixed_auto ("coin_sig", &sig), GNUNET_JSON_spec_fixed_auto ("rc", - &rm.rc), + &rc), GNUNET_JSON_spec_fixed_auto ("h_denom_pub", - &rm.h_denom_pub), - TALER_JSON_spec_amount_any_nbo ("melt_fee", - &rm.melt_fee), + h_denom_pub), + TALER_JSON_spec_amount_any ("melt_fee", + &fee), GNUNET_JSON_spec_end () }; @@ -568,26 +568,9 @@ TALER_EXCHANGE_verify_coin_history ( GNUNET_break_op (0); return GNUNET_SYSERR; } - rm.purpose.size = htonl (sizeof (rm)); - rm.purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_MELT); - TALER_amount_hton (&rm.amount_with_fee, - &amount); - rm.coin_pub = *coin_pub; - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_MELT, - &rm, - &sig.eddsa_signature, - &coin_pub->eddsa_pub)) - { - GNUNET_break_op (0); - return GNUNET_SYSERR; - } - *h_denom_pub = rm.h_denom_pub; if (NULL != dk) { /* check that melt fee matches our expectations from /keys! */ - TALER_amount_ntoh (&fee, - &rm.melt_fee); if ( (GNUNET_YES != TALER_amount_cmp_currency (&fee, &dk->fee_refresh)) || @@ -599,6 +582,17 @@ TALER_EXCHANGE_verify_coin_history ( return GNUNET_SYSERR; } } + if (GNUNET_OK != + TALER_wallet_melt_verify (&amount, + &fee, + &rc, + h_denom_pub, + coin_pub, + &sig)) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } add = GNUNET_YES; } else if (0 == strcasecmp (type, diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c index 0f2a079b4..df501f0b7 100644 --- a/src/lib/exchange_api_handle.c +++ b/src/lib/exchange_api_handle.c @@ -39,7 +39,7 @@ * Which version of the Taler protocol is implemented * by this library? Used to determine compatibility. */ -#define EXCHANGE_PROTOCOL_CURRENT 11 +#define EXCHANGE_PROTOCOL_CURRENT 12 /** * How many versions are we backwards compatible with? diff --git a/src/lib/exchange_api_melt.c b/src/lib/exchange_api_melt.c index ab20e6fc1..f375171b9 100644 --- a/src/lib/exchange_api_melt.c +++ b/src/lib/exchange_api_melt.c @@ -213,15 +213,10 @@ verify_melt_signature_spend_conflict (struct TALER_EXCHANGE_MeltHandle *mh, const json_t *json) { json_t *history; - struct TALER_Amount original_value; - struct TALER_Amount melt_value_with_fee; struct TALER_Amount total; - struct TALER_CoinSpendPublicKeyP coin_pub; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_json ("history", &history), - GNUNET_JSON_spec_fixed_auto ("coin_pub", &coin_pub), - TALER_JSON_spec_amount_any ("original_value", &original_value), - TALER_JSON_spec_amount_any ("requested_value", &melt_value_with_fee), + GNUNET_JSON_spec_json ("history", + &history), GNUNET_JSON_spec_end () }; const struct MeltedCoin *mc; @@ -240,25 +235,6 @@ verify_melt_signature_spend_conflict (struct TALER_EXCHANGE_MeltHandle *mh, /* Find out which coin was deemed problematic by the exchange */ mc = &mh->md->melted_coin; - - /* check basic coin properties */ - if (0 != TALER_amount_cmp (&original_value, - &mc->original_value)) - { - /* We disagree on the value of the coin */ - GNUNET_break_op (0); - json_decref (history); - return GNUNET_SYSERR; - } - if (0 != TALER_amount_cmp (&melt_value_with_fee, - &mc->melt_amount_with_fee)) - { - /* We disagree on the value of the coin */ - GNUNET_break_op (0); - json_decref (history); - return GNUNET_SYSERR; - } - /* verify coin history */ memset (&h_denom_pub, 0, @@ -267,8 +243,8 @@ verify_melt_signature_spend_conflict (struct TALER_EXCHANGE_MeltHandle *mh, "history"); if (GNUNET_OK != TALER_EXCHANGE_verify_coin_history (&mh->dki, - original_value.currency, - &coin_pub, + mc->original_value.currency, + &mh->coin_pub, history, &h_denom_pub, &total)) @@ -287,7 +263,7 @@ verify_melt_signature_spend_conflict (struct TALER_EXCHANGE_MeltHandle *mh, if (0 > TALER_amount_add (&total, &total, - &melt_value_with_fee)) + &mc->melt_amount_with_fee)) { /* clearly not OK if our transaction would have caused the overflow... */ @@ -295,7 +271,7 @@ verify_melt_signature_spend_conflict (struct TALER_EXCHANGE_MeltHandle *mh, } if (0 >= TALER_amount_cmp (&total, - &original_value)) + &mc->original_value)) { /* transaction should have still fit */ GNUNET_break (0); @@ -488,7 +464,7 @@ TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange, &coin_pub.eddsa_pub); melt_obj = GNUNET_JSON_PACK ( GNUNET_JSON_pack_data_auto ("denom_pub_hash", - &melt.h_denom_pub), + &h_denom_pub), TALER_JSON_pack_denom_sig ("denom_sig", &md->melted_coin.sig), GNUNET_JSON_pack_data_auto ("confirm_sig", @@ -496,13 +472,13 @@ TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange, TALER_JSON_pack_amount ("value_with_fee", &md->melted_coin.melt_amount_with_fee), GNUNET_JSON_pack_data_auto ("rc", - &melt.rc)); + &md->rc)); { char pub_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2]; char *end; end = GNUNET_STRINGS_data_to_string ( - &melt.coin_pub, + &coin_pub, sizeof (struct TALER_CoinSpendPublicKeyP), pub_str, sizeof (pub_str)); @@ -520,7 +496,7 @@ TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange, /* and now we can at last begin the actual request handling */ mh = GNUNET_new (struct TALER_EXCHANGE_MeltHandle); mh->exchange = exchange; - mh->coin_pub = melt.coin_pub; + mh->coin_pub = coin_pub; mh->dki = *dki; memset (&mh->dki.key, 0, diff --git a/src/lib/exchange_api_recoup.c b/src/lib/exchange_api_recoup.c index 05012926f..63e6480cd 100644 --- a/src/lib/exchange_api_recoup.c +++ b/src/lib/exchange_api_recoup.c @@ -79,11 +79,6 @@ struct TALER_EXCHANGE_RecoupHandle */ struct TALER_CoinSpendPublicKeyP coin_pub; - /** - * #GNUNET_YES if the coin was refreshed - */ - int was_refreshed; - }; @@ -99,17 +94,10 @@ static enum GNUNET_GenericReturnValue process_recoup_response (const struct TALER_EXCHANGE_RecoupHandle *ph, const json_t *json) { - int refreshed; struct TALER_ReservePublicKeyP reserve_pub; - struct TALER_CoinSpendPublicKeyP old_coin_pub; struct GNUNET_JSON_Specification spec_withdraw[] = { - GNUNET_JSON_spec_boolean ("refreshed", &refreshed), - GNUNET_JSON_spec_fixed_auto ("reserve_pub", &reserve_pub), - GNUNET_JSON_spec_end () - }; - struct GNUNET_JSON_Specification spec_refresh[] = { - GNUNET_JSON_spec_boolean ("refreshed", &refreshed), - GNUNET_JSON_spec_fixed_auto ("old_coin_pub", &old_coin_pub), + GNUNET_JSON_spec_fixed_auto ("reserve_pub", + &reserve_pub), GNUNET_JSON_spec_end () }; struct TALER_EXCHANGE_HttpResponse hr = { @@ -119,21 +107,15 @@ process_recoup_response (const struct TALER_EXCHANGE_RecoupHandle *ph, if (GNUNET_OK != GNUNET_JSON_parse (json, - ph->was_refreshed ? spec_refresh : spec_withdraw, + spec_withdraw, NULL, NULL)) { GNUNET_break_op (0); return GNUNET_SYSERR; } - if (ph->was_refreshed != refreshed) - { - GNUNET_break_op (0); - return GNUNET_SYSERR; - } ph->cb (ph->cb_cls, &hr, - ph->was_refreshed ? NULL : &reserve_pub, - ph->was_refreshed ? &old_coin_pub : NULL); + &reserve_pub); return GNUNET_OK; } @@ -214,7 +196,7 @@ handle_recoup_finished (void *cls, ec = TALER_JSON_get_error_code (j); switch (ec) { - case TALER_EC_EXCHANGE_RECOUP_COIN_BALANCE_ZERO: + case TALER_EC_EXCHANGE_GENERIC_INSUFFICIENT_FUNDS: if (0 > TALER_amount_cmp (&total, &dki->value)) { @@ -251,7 +233,6 @@ handle_recoup_finished (void *cls, } ph->cb (ph->cb_cls, &hr, - NULL, NULL); TALER_EXCHANGE_recoup_cancel (ph); return; @@ -294,7 +275,6 @@ handle_recoup_finished (void *cls, } ph->cb (ph->cb_cls, &hr, - NULL, NULL); TALER_EXCHANGE_recoup_cancel (ph); } @@ -306,7 +286,6 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange, const struct TALER_DenominationSignature *denom_sig, const struct TALER_PlanchetSecretsP *ps, const struct TALER_Amount *amount, - bool was_refreshed, TALER_EXCHANGE_RecoupResultCallback recoup_cb, void *recoup_cb_cls) { @@ -340,9 +319,8 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange, GNUNET_JSON_pack_data_auto ("coin_sig", &coin_sig), GNUNET_JSON_pack_data_auto ("coin_blind_key_secret", - &ps->blinding_key), - GNUNET_JSON_pack_bool ("refreshed", - was_refreshed)); + &ps->blinding_key)); + { char pub_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2]; char *end; @@ -376,7 +354,6 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange, GNUNET_free (ph); return NULL; } - ph->was_refreshed = was_refreshed; eh = TALER_EXCHANGE_curl_easy_get_ (ph->url); if ( (NULL == eh) || (GNUNET_OK != diff --git a/src/lib/exchange_api_recoup_refresh.c b/src/lib/exchange_api_recoup_refresh.c new file mode 100644 index 000000000..31a1859bd --- /dev/null +++ b/src/lib/exchange_api_recoup_refresh.c @@ -0,0 +1,403 @@ +/* + This file is part of TALER + Copyright (C) 2017-2021 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see + +*/ +/** + * @file lib/exchange_api_recoup_refresh.c + * @brief Implementation of the /recoup-refresh request of the exchange's HTTP API + * @author Christian Grothoff + */ +#include "platform.h" +#include +#include /* just for HTTP status codes */ +#include +#include +#include +#include "taler_json_lib.h" +#include "taler_exchange_service.h" +#include "exchange_api_handle.h" +#include "taler_signatures.h" +#include "exchange_api_curl_defaults.h" + + +/** + * @brief A Recoup Handle + */ +struct TALER_EXCHANGE_RecoupRefreshHandle +{ + + /** + * The connection to exchange this request handle will use + */ + struct TALER_EXCHANGE_Handle *exchange; + + /** + * The url for this request. + */ + char *url; + + /** + * Context for #TEH_curl_easy_post(). Keeps the data that must + * persist for Curl to make the upload. + */ + struct TALER_CURL_PostContext ctx; + + /** + * Denomination key of the coin. + */ + struct TALER_EXCHANGE_DenomPublicKey pk; + + /** + * Handle for the request. + */ + struct GNUNET_CURL_Job *job; + + /** + * Function to call with the result. + */ + TALER_EXCHANGE_RecoupRefreshResultCallback cb; + + /** + * Closure for @a cb. + */ + void *cb_cls; + + /** + * Public key of the coin we are trying to get paid back. + */ + struct TALER_CoinSpendPublicKeyP coin_pub; + +}; + + +/** + * Parse a recoup-refresh response. If it is valid, call the callback. + * + * @param ph recoup handle + * @param json json reply with the signature + * @return #GNUNET_OK if the signature is valid and we called the callback; + * #GNUNET_SYSERR if not (callback must still be called) + */ +static enum GNUNET_GenericReturnValue +process_recoup_response ( + const struct TALER_EXCHANGE_RecoupRefreshHandle *ph, + const json_t *json) +{ + struct TALER_CoinSpendPublicKeyP old_coin_pub; + struct GNUNET_JSON_Specification spec_refresh[] = { + GNUNET_JSON_spec_fixed_auto ("old_coin_pub", + &old_coin_pub), + GNUNET_JSON_spec_end () + }; + struct TALER_EXCHANGE_HttpResponse hr = { + .reply = json, + .http_status = MHD_HTTP_OK + }; + + if (GNUNET_OK != + GNUNET_JSON_parse (json, + spec_refresh, + NULL, NULL)) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + ph->cb (ph->cb_cls, + &hr, + &old_coin_pub); + return GNUNET_OK; +} + + +/** + * Function called when we're done processing the + * HTTP /recoup-refresh request. + * + * @param cls the `struct TALER_EXCHANGE_RecoupRefreshHandle` + * @param response_code HTTP response code, 0 on error + * @param response parsed JSON result, NULL on error + */ +static void +handle_recoup_refresh_finished (void *cls, + long response_code, + const void *response) +{ + struct TALER_EXCHANGE_RecoupRefreshHandle *ph = cls; + const json_t *j = response; + struct TALER_EXCHANGE_HttpResponse hr = { + .reply = j, + .http_status = (unsigned int) response_code + }; + + ph->job = NULL; + switch (response_code) + { + case 0: + hr.ec = TALER_EC_GENERIC_INVALID_RESPONSE; + break; + case MHD_HTTP_OK: + if (GNUNET_OK != + process_recoup_response (ph, + j)) + { + GNUNET_break_op (0); + hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED; + hr.http_status = 0; + break; + } + TALER_EXCHANGE_recoup_refresh_cancel (ph); + return; + case MHD_HTTP_BAD_REQUEST: + /* This should never happen, either us or the exchange is buggy + (or API version conflict); just pass JSON reply to the application */ + hr.ec = TALER_JSON_get_error_code (j); + hr.hint = TALER_JSON_get_error_hint (j); + break; + case MHD_HTTP_CONFLICT: + { + /* Insufficient funds, proof attached */ + json_t *history; + struct TALER_Amount total; + struct TALER_DenominationHash h_denom_pub; + const struct TALER_EXCHANGE_DenomPublicKey *dki; + enum TALER_ErrorCode ec; + + dki = &ph->pk; + history = json_object_get (j, + "history"); + if (GNUNET_OK != + TALER_EXCHANGE_verify_coin_history (dki, + dki->fee_deposit.currency, + &ph->coin_pub, + history, + &h_denom_pub, + &total)) + { + GNUNET_break_op (0); + hr.http_status = 0; + hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED; + } + else + { + hr.ec = TALER_JSON_get_error_code (j); + hr.hint = TALER_JSON_get_error_hint (j); + } + ec = TALER_JSON_get_error_code (j); + switch (ec) + { + case TALER_EC_EXCHANGE_GENERIC_INSUFFICIENT_FUNDS: + if (0 > TALER_amount_cmp (&total, + &dki->value)) + { + /* recoup MAY have still been possible */ + /* FIXME: This code may falsely complain, as we do not + know that the smallest denomination offered by the + exchange is here. We should look at the key + structure of ph->exchange, and find the smallest + _currently withdrawable_ denomination and check + if the value remaining would suffice... */ + GNUNET_break_op (0); + hr.http_status = 0; + hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED; + break; + } + break; + case TALER_EC_EXCHANGE_GENERIC_COIN_CONFLICTING_DENOMINATION_KEY: + if (0 == GNUNET_memcmp (&ph->pk.h_key, + &h_denom_pub)) + { + /* invalid proof provided */ + GNUNET_break_op (0); + hr.http_status = 0; + hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED; + break; + } + /* valid error from exchange */ + break; + default: + GNUNET_break_op (0); + hr.http_status = 0; + hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED; + break; + } + ph->cb (ph->cb_cls, + &hr, + NULL); + TALER_EXCHANGE_recoup_refresh_cancel (ph); + return; + } + case MHD_HTTP_FORBIDDEN: + /* Nothing really to verify, exchange says one of the signatures is + invalid; as we checked them, this should never happen, we + should pass the JSON reply to the application */ + hr.ec = TALER_JSON_get_error_code (j); + hr.hint = TALER_JSON_get_error_hint (j); + break; + case MHD_HTTP_NOT_FOUND: + /* Nothing really to verify, this should never + happen, we should pass the JSON reply to the application */ + hr.ec = TALER_JSON_get_error_code (j); + hr.hint = TALER_JSON_get_error_hint (j); + break; + case MHD_HTTP_GONE: + /* Kind of normal: the money was already sent to the merchant + (it was too late for the refund). */ + hr.ec = TALER_JSON_get_error_code (j); + hr.hint = TALER_JSON_get_error_hint (j); + break; + case MHD_HTTP_INTERNAL_SERVER_ERROR: + /* Server had an internal issue; we should retry, but this API + leaves this to the application */ + hr.ec = TALER_JSON_get_error_code (j); + hr.hint = TALER_JSON_get_error_hint (j); + break; + default: + /* unexpected response code */ + hr.ec = TALER_JSON_get_error_code (j); + hr.hint = TALER_JSON_get_error_hint (j); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unexpected response code %u/%d for exchange recoup\n", + (unsigned int) response_code, + (int) hr.ec); + GNUNET_break (0); + break; + } + ph->cb (ph->cb_cls, + &hr, + NULL); + TALER_EXCHANGE_recoup_refresh_cancel (ph); +} + + +struct TALER_EXCHANGE_RecoupRefreshHandle * +TALER_EXCHANGE_recoup_refresh ( + struct TALER_EXCHANGE_Handle *exchange, + const struct TALER_EXCHANGE_DenomPublicKey *pk, + const struct TALER_DenominationSignature *denom_sig, + const struct TALER_PlanchetSecretsP *ps, + const struct TALER_Amount *amount, + TALER_EXCHANGE_RecoupRefreshResultCallback recoup_cb, + void *recoup_cb_cls) +{ + struct TALER_EXCHANGE_RecoupRefreshHandle *ph; + struct GNUNET_CURL_Context *ctx; + struct TALER_CoinSpendSignatureP coin_sig; + struct TALER_CoinSpendPublicKeyP coin_pub; + struct TALER_DenominationHash h_denom_pub; + json_t *recoup_obj; + CURL *eh; + char arg_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2 + 32]; + + GNUNET_assert (GNUNET_YES == + TEAH_handle_is_ready (exchange)); + GNUNET_CRYPTO_eddsa_key_get_public (&ps->coin_priv.eddsa_priv, + &coin_pub.eddsa_pub); + TALER_denom_pub_hash (&pk->key, + &h_denom_pub); + TALER_wallet_recoup_refresh_sign (&h_denom_pub, + &ps->blinding_key, + amount, + &ps->coin_priv, + &coin_sig); + recoup_obj = GNUNET_JSON_PACK ( + GNUNET_JSON_pack_data_auto ("denom_pub_hash", + &h_denom_pub), + TALER_JSON_pack_denom_sig ("denom_sig", + denom_sig), + TALER_JSON_pack_amount ("amount", + amount), + GNUNET_JSON_pack_data_auto ("coin_sig", + &coin_sig), + GNUNET_JSON_pack_data_auto ("coin_blind_key_secret", + &ps->blinding_key)); + + { + char pub_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2]; + char *end; + + end = GNUNET_STRINGS_data_to_string ( + &coin_pub, + sizeof (struct TALER_CoinSpendPublicKeyP), + pub_str, + sizeof (pub_str)); + *end = '\0'; + GNUNET_snprintf (arg_str, + sizeof (arg_str), + "/coins/%s/recoup-refresh", + pub_str); + } + + ph = GNUNET_new (struct TALER_EXCHANGE_RecoupRefreshHandle); + ph->coin_pub = coin_pub; + ph->exchange = exchange; + ph->pk = *pk; + memset (&ph->pk.key, + 0, + sizeof (ph->pk.key)); /* zero out, as lifetime cannot be warranted */ + ph->cb = recoup_cb; + ph->cb_cls = recoup_cb_cls; + ph->url = TEAH_path_to_url (exchange, + arg_str); + if (NULL == ph->url) + { + json_decref (recoup_obj); + GNUNET_free (ph); + return NULL; + } + eh = TALER_EXCHANGE_curl_easy_get_ (ph->url); + if ( (NULL == eh) || + (GNUNET_OK != + TALER_curl_easy_post (&ph->ctx, + eh, + recoup_obj)) ) + { + GNUNET_break (0); + if (NULL != eh) + curl_easy_cleanup (eh); + json_decref (recoup_obj); + GNUNET_free (ph->url); + GNUNET_free (ph); + return NULL; + } + json_decref (recoup_obj); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "URL for recoup-refresh: `%s'\n", + ph->url); + ctx = TEAH_handle_to_context (exchange); + ph->job = GNUNET_CURL_job_add2 (ctx, + eh, + ph->ctx.headers, + &handle_recoup_refresh_finished, + ph); + return ph; +} + + +void +TALER_EXCHANGE_recoup_refresh_cancel ( + struct TALER_EXCHANGE_RecoupRefreshHandle *ph) +{ + if (NULL != ph->job) + { + GNUNET_CURL_job_cancel (ph->job); + ph->job = NULL; + } + GNUNET_free (ph->url); + TALER_curl_easy_post_finished (&ph->ctx); + GNUNET_free (ph); +} + + +/* end of exchange_api_recoup_refresh.c */ diff --git a/src/testing/Makefile.am b/src/testing/Makefile.am index 73ae6d4ab..bc78217b3 100644 --- a/src/testing/Makefile.am +++ b/src/testing/Makefile.am @@ -70,6 +70,7 @@ libtalertesting_la_SOURCES = \ testing_api_cmd_offline_sign_keys.c \ testing_api_cmd_set_wire_fee.c \ testing_api_cmd_recoup.c \ + testing_api_cmd_recoup_refresh.c \ testing_api_cmd_refund.c \ testing_api_cmd_refresh.c \ testing_api_cmd_revoke.c \ diff --git a/src/testing/test_auditor_api.c b/src/testing/test_auditor_api.c index 67d170ef8..90675dd92 100644 --- a/src/testing/test_auditor_api.c +++ b/src/testing/test_auditor_api.c @@ -410,7 +410,6 @@ run (void *cls, TALER_TESTING_cmd_recoup ("recoup-1", MHD_HTTP_OK, "recoup-withdraw-coin-1", - NULL, "EUR:5"), /** * Re-withdraw from this reserve @@ -471,7 +470,6 @@ run (void *cls, TALER_TESTING_cmd_recoup ("recoup-2", MHD_HTTP_OK, "recoup-withdraw-coin-2a", - NULL, "EUR:0.5"), TALER_TESTING_cmd_end () }; diff --git a/src/testing/test_exchange_api.c b/src/testing/test_exchange_api.c index 6dced3e37..59c2cb06d 100644 --- a/src/testing/test_exchange_api.c +++ b/src/testing/test_exchange_api.c @@ -685,7 +685,6 @@ run (void *cls, TALER_TESTING_cmd_recoup ("recoup-1", MHD_HTTP_OK, "recoup-withdraw-coin-1", - NULL, "EUR:5"), /* Check the money is back with the reserve */ TALER_TESTING_cmd_status ("recoup-reserve-status-1", @@ -693,11 +692,11 @@ run (void *cls, "EUR:5.0", MHD_HTTP_OK), /* Recoup-refresh coin to 10 EUR coin */ - TALER_TESTING_cmd_recoup ("recoup-1b", - MHD_HTTP_OK, - "recoup-reveal-coin-1b", - "recoup-melt-coin-1b", - "EUR:5"), + TALER_TESTING_cmd_recoup_refresh ("recoup-1b", + MHD_HTTP_OK, + "recoup-reveal-coin-1b", + "recoup-melt-coin-1b", + "EUR:5"), /* melt 10 EUR coin *again* to get 1 EUR refreshed coin */ TALER_TESTING_cmd_melt ("recoup-remelt-coin-1a", "recoup-withdraw-coin-1b", @@ -843,18 +842,15 @@ run (void *cls, TALER_TESTING_cmd_recoup ("recoup-2x", MHD_HTTP_CONFLICT, "withdraw-coin-1x", - NULL, "EUR:1"), TALER_TESTING_cmd_recoup ("recoup-2", MHD_HTTP_OK, "recoup-withdraw-coin-2a", - NULL, "EUR:0.5"), /* Idempotency of recoup (withdrawal variant) */ TALER_TESTING_cmd_recoup ("recoup-2b", MHD_HTTP_OK, "recoup-withdraw-coin-2a", - NULL, "EUR:0.5"), TALER_TESTING_cmd_deposit ("recoup-deposit-revoked", "recoup-withdraw-coin-2b", diff --git a/src/testing/test_exchange_api_revocation.c b/src/testing/test_exchange_api_revocation.c index 1a334a71b..0531c5b83 100644 --- a/src/testing/test_exchange_api_revocation.c +++ b/src/testing/test_exchange_api_revocation.c @@ -135,11 +135,11 @@ run (void *cls, "refresh-melt-1", MHD_HTTP_OK), /* Try to recoup before it's allowed */ - TALER_TESTING_cmd_recoup ("recoup-not-allowed", - MHD_HTTP_GONE, - "refresh-reveal-1#0", - "refresh-melt-1", - "EUR:0.1"), + TALER_TESTING_cmd_recoup_refresh ("recoup-not-allowed", + MHD_HTTP_GONE, + "refresh-reveal-1#0", + "refresh-melt-1", + "EUR:0.1"), /* Make refreshed coin invalid */ TALER_TESTING_cmd_revoke ("revoke-2-EUR:5", MHD_HTTP_OK, @@ -154,45 +154,44 @@ run (void *cls, TALER_TESTING_cmd_recoup ("recoup-fully-spent", MHD_HTTP_CONFLICT, "withdraw-revocation-coin-2", - NULL, "EUR:0.1"), /* Refund coin to original coin */ - TALER_TESTING_cmd_recoup ("recoup-1a", - MHD_HTTP_OK, - "refresh-reveal-1#0", - "refresh-melt-1", - "EUR:1"), - TALER_TESTING_cmd_recoup ("recoup-1b", - MHD_HTTP_OK, - "refresh-reveal-1#1", - "refresh-melt-1", - "EUR:1"), - TALER_TESTING_cmd_recoup ("recoup-1c", - MHD_HTTP_OK, - "refresh-reveal-1#2", - "refresh-melt-1", - "EUR:1"), + TALER_TESTING_cmd_recoup_refresh ("recoup-1a", + MHD_HTTP_OK, + "refresh-reveal-1#0", + "refresh-melt-1", + "EUR:1"), + TALER_TESTING_cmd_recoup_refresh ("recoup-1b", + MHD_HTTP_OK, + "refresh-reveal-1#1", + "refresh-melt-1", + "EUR:1"), + TALER_TESTING_cmd_recoup_refresh ("recoup-1c", + MHD_HTTP_OK, + "refresh-reveal-1#2", + "refresh-melt-1", + "EUR:1"), /* Repeat recoup to test idempotency */ - TALER_TESTING_cmd_recoup ("recoup-1c", - MHD_HTTP_OK, - "refresh-reveal-1#2", - "refresh-melt-1", - "EUR:1"), - TALER_TESTING_cmd_recoup ("recoup-1c", - MHD_HTTP_OK, - "refresh-reveal-1#2", - "refresh-melt-1", - "EUR:1"), - TALER_TESTING_cmd_recoup ("recoup-1c", - MHD_HTTP_OK, - "refresh-reveal-1#2", - "refresh-melt-1", - "EUR:1"), - TALER_TESTING_cmd_recoup ("recoup-1c", - MHD_HTTP_OK, - "refresh-reveal-1#2", - "refresh-melt-1", - "EUR:1"), + TALER_TESTING_cmd_recoup_refresh ("recoup-1c", + MHD_HTTP_OK, + "refresh-reveal-1#2", + "refresh-melt-1", + "EUR:1"), + TALER_TESTING_cmd_recoup_refresh ("recoup-1c", + MHD_HTTP_OK, + "refresh-reveal-1#2", + "refresh-melt-1", + "EUR:1"), + TALER_TESTING_cmd_recoup_refresh ("recoup-1c", + MHD_HTTP_OK, + "refresh-reveal-1#2", + "refresh-melt-1", + "EUR:1"), + TALER_TESTING_cmd_recoup_refresh ("recoup-1c", + MHD_HTTP_OK, + "refresh-reveal-1#2", + "refresh-melt-1", + "EUR:1"), /* Now we have EUR:3.83 EUR back after 3x EUR:1 in recoups */ /* Melt original coin AGAIN, but only create one 0.1 EUR coin; This costs EUR:0.03 in refresh and EUR:01 in withdraw fees, @@ -219,17 +218,16 @@ run (void *cls, "withdraw-revocation-coin-1", CONFIG_FILE), /* Refund coin EUR:0.1 to original coin, creating zombie! */ - TALER_TESTING_cmd_recoup ("recoup-2", - MHD_HTTP_OK, - "refresh-reveal-2", - "refresh-melt-2", - "EUR:0.1"), + TALER_TESTING_cmd_recoup_refresh ("recoup-2", + MHD_HTTP_OK, + "refresh-reveal-2", + "refresh-melt-2", + "EUR:0.1"), /* Due to recoup, original coin is now at EUR:3.79 */ /* Refund original (now zombie) coin to reserve */ TALER_TESTING_cmd_recoup ("recoup-3", MHD_HTTP_OK, "withdraw-revocation-coin-1", - NULL, "EUR:3.79"), /* Check the money is back with the reserve */ TALER_TESTING_cmd_status ("recoup-reserve-status-1", diff --git a/src/testing/testing_api_cmd_insert_deposit.c b/src/testing/testing_api_cmd_insert_deposit.c index 276907e14..d45bd0c67 100644 --- a/src/testing/testing_api_cmd_insert_deposit.c +++ b/src/testing/testing_api_cmd_insert_deposit.c @@ -235,26 +235,35 @@ insert_deposit_run (void *cls, deposit.wire_deadline = GNUNET_TIME_relative_to_timestamp ( ids->wire_deadline); /* finally, actually perform the DB operation */ - if ( (GNUNET_OK != - ids->dbc->plugin->start (ids->dbc->plugin->cls, - "libtalertesting: insert deposit")) || - (0 > - ids->dbc->plugin->ensure_coin_known (ids->dbc->plugin->cls, - &deposit.coin)) || - (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != - ids->dbc->plugin->insert_deposit (ids->dbc->plugin->cls, - ids->exchange_timestamp, - &deposit)) || - (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != - ids->dbc->plugin->commit (ids->dbc->plugin->cls)) ) { - GNUNET_break (0); - ids->dbc->plugin->rollback (ids->dbc->plugin->cls); - GNUNET_free (deposit.receiver_wire_account); - TALER_denom_pub_free (&dpk); - TALER_denom_priv_free (&denom_priv); - TALER_TESTING_interpreter_fail (is); - return; + uint64_t known_coin_id; + struct TALER_DenominationHash dph; + struct TALER_AgeHash agh; + + if ( (GNUNET_OK != + ids->dbc->plugin->start (ids->dbc->plugin->cls, + "libtalertesting: insert deposit")) || + (0 > + ids->dbc->plugin->ensure_coin_known (ids->dbc->plugin->cls, + &deposit.coin, + &known_coin_id, + &dph, + &agh)) || + (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != + ids->dbc->plugin->insert_deposit (ids->dbc->plugin->cls, + ids->exchange_timestamp, + &deposit)) || + (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS != + ids->dbc->plugin->commit (ids->dbc->plugin->cls)) ) + { + GNUNET_break (0); + ids->dbc->plugin->rollback (ids->dbc->plugin->cls); + GNUNET_free (deposit.receiver_wire_account); + TALER_denom_pub_free (&dpk); + TALER_denom_priv_free (&denom_priv); + TALER_TESTING_interpreter_fail (is); + return; + } } TALER_denom_sig_free (&deposit.coin.denom_sig); diff --git a/src/testing/testing_api_cmd_recoup.c b/src/testing/testing_api_cmd_recoup.c index 379304d01..6290f255e 100644 --- a/src/testing/testing_api_cmd_recoup.c +++ b/src/testing/testing_api_cmd_recoup.c @@ -53,12 +53,6 @@ struct RecoupState */ struct TALER_EXCHANGE_RecoupHandle *ph; - /** - * NULL if coin was not refreshed, otherwise reference - * to the melt operation underlying @a coin_reference. - */ - const char *melt_reference; - /** * If the recoup filled a reserve, this is set to the reserve's public key. */ @@ -124,14 +118,12 @@ parse_coin_reference (const char *coin_reference, * * @param cls closure * @param hr HTTP response details - * @param reserve_pub public key of the reserve receiving the recoup, NULL if refreshed or on error - * @param old_coin_pub public key of the dirty coin, NULL if not refreshed or on error + * @param reserve_pub public key of the reserve receiving the recoup */ static void recoup_cb (void *cls, const struct TALER_EXCHANGE_HttpResponse *hr, - const struct TALER_ReservePublicKeyP *reserve_pub, - const struct TALER_CoinSpendPublicKeyP *old_coin_pub) + const struct TALER_ReservePublicKeyP *reserve_pub) { struct RecoupState *ps = cls; struct TALER_TESTING_Interpreter *is = ps->is; @@ -183,44 +175,6 @@ recoup_cb (void *cls, { case MHD_HTTP_OK: /* check old_coin_pub or reserve_pub, respectively */ - if (NULL != ps->melt_reference) - { - const struct TALER_TESTING_Command *melt_cmd; - const struct TALER_CoinSpendPrivateKeyP *dirty_priv; - struct TALER_CoinSpendPublicKeyP oc; - - melt_cmd = TALER_TESTING_interpreter_lookup_command (is, - ps->melt_reference); - if (NULL == melt_cmd) - { - GNUNET_break (0); - TALER_TESTING_interpreter_fail (is); - return; - } - if (GNUNET_OK != - TALER_TESTING_get_trait_coin_priv (melt_cmd, - 0, - &dirty_priv)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Coin %u not found in command %s\n", - 0, - ps->melt_reference); - GNUNET_break (0); - TALER_TESTING_interpreter_fail (is); - return; - } - GNUNET_CRYPTO_eddsa_key_get_public (&dirty_priv->eddsa_priv, - &oc.eddsa_pub); - if (0 != GNUNET_memcmp (&oc, - old_coin_pub)) - { - GNUNET_break (0); - TALER_TESTING_interpreter_fail (is); - return; - } - } - else { const struct TALER_ReservePrivateKeyP *reserve_priv; @@ -365,8 +319,7 @@ recoup_run (void *cls, coin_sig, &planchet, &ps->reserve_history.amount, - NULL != ps->melt_reference, - recoup_cb, + &recoup_cb, ps); GNUNET_assert (NULL != ps->ph); } @@ -432,7 +385,6 @@ struct TALER_TESTING_Command TALER_TESTING_cmd_recoup (const char *label, unsigned int expected_response_code, const char *coin_reference, - const char *melt_reference, const char *amount) { struct RecoupState *ps; @@ -440,7 +392,6 @@ TALER_TESTING_cmd_recoup (const char *label, ps = GNUNET_new (struct RecoupState); ps->expected_response_code = expected_response_code; ps->coin_reference = coin_reference; - ps->melt_reference = melt_reference; if (GNUNET_OK != TALER_string_to_amount (amount, &ps->reserve_history.amount)) diff --git a/src/testing/testing_api_cmd_recoup_refresh.c b/src/testing/testing_api_cmd_recoup_refresh.c new file mode 100644 index 000000000..bf265cbab --- /dev/null +++ b/src/testing/testing_api_cmd_recoup_refresh.c @@ -0,0 +1,373 @@ +/* + This file is part of TALER + Copyright (C) 2014-2018 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 3, or + (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public + License along with TALER; see the file COPYING. If not, see + +*/ +/** + * @file testing/testing_api_cmd_recoup_refresh.c + * @brief Implement the /recoup-refresh test command. + * @author Marcello Stanisci + */ +#include "platform.h" +#include "taler_json_lib.h" +#include +#include "taler_testing_lib.h" + + +/** + * State for a "pay back" CMD. + */ +struct RecoupRefreshState +{ + /** + * Expected HTTP status code. + */ + unsigned int expected_response_code; + + /** + * Command that offers a reserve private key, + * plus a coin to be paid back. + */ + const char *coin_reference; + + /** + * Amount to be recouped. + */ + struct TALER_Amount amount; + + /** + * The interpreter state. + */ + struct TALER_TESTING_Interpreter *is; + + /** + * Handle to the ongoing operation. + */ + struct TALER_EXCHANGE_RecoupRefreshHandle *ph; + + /** + * NULL if coin was not refreshed, otherwise reference + * to the melt operation underlying @a coin_reference. + */ + const char *melt_reference; + +}; + + +/** + * Parser reference to a coin. + * + * @param coin_reference of format $LABEL['#' $INDEX]? + * @param[out] cref where we return a copy of $LABEL + * @param[out] idx where we set $INDEX + * @return #GNUNET_SYSERR if $INDEX is present but not numeric + */ +static enum GNUNET_GenericReturnValue +parse_coin_reference (const char *coin_reference, + char **cref, + unsigned int *idx) +{ + const char *index; + + /* We allow command references of the form "$LABEL#$INDEX" or + just "$LABEL", which implies the index is 0. Figure out + which one it is. */ + index = strchr (coin_reference, '#'); + if (NULL == index) + { + *idx = 0; + *cref = GNUNET_strdup (coin_reference); + return GNUNET_OK; + } + *cref = GNUNET_strndup (coin_reference, + index - coin_reference); + if (1 != sscanf (index + 1, + "%u", + idx)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Numeric index (not `%s') required after `#' in command reference of command in %s:%u\n", + index, + __FILE__, + __LINE__); + GNUNET_free (*cref); + *cref = NULL; + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +/** + * Check the result of the recoup_refresh request: checks whether + * the HTTP response code is good, and that the coin that + * was paid back belonged to the right old coin. + * + * @param cls closure + * @param hr HTTP response details + * @param old_coin_pub public key of the dirty coin + */ +static void +recoup_refresh_cb (void *cls, + const struct TALER_EXCHANGE_HttpResponse *hr, + const struct TALER_CoinSpendPublicKeyP *old_coin_pub) +{ + struct RecoupRefreshState *ps = cls; + struct TALER_TESTING_Interpreter *is = ps->is; + struct TALER_TESTING_Command *cmd = &is->commands[is->ip]; + char *cref; + unsigned int idx; + + ps->ph = NULL; + if (ps->expected_response_code != hr->http_status) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unexpected response code %u/%d to command %s in %s:%u\n", + hr->http_status, + (int) hr->ec, + cmd->label, + __FILE__, + __LINE__); + json_dumpf (hr->reply, + stderr, + 0); + fprintf (stderr, "\n"); + TALER_TESTING_interpreter_fail (is); + return; + } + + if (GNUNET_OK != + parse_coin_reference (ps->coin_reference, + &cref, + &idx)) + { + TALER_TESTING_interpreter_fail (is); + return; + } + (void) idx; /* do NOT use! We ignore 'idx', must be 0 for melt! */ + + GNUNET_free (cref); + switch (hr->http_status) + { + case MHD_HTTP_OK: + /* check old_coin_pub */ + { + const struct TALER_TESTING_Command *melt_cmd; + const struct TALER_CoinSpendPrivateKeyP *dirty_priv; + struct TALER_CoinSpendPublicKeyP oc; + + melt_cmd = TALER_TESTING_interpreter_lookup_command (is, + ps->melt_reference); + if (NULL == melt_cmd) + { + GNUNET_break (0); + TALER_TESTING_interpreter_fail (is); + return; + } + if (GNUNET_OK != + TALER_TESTING_get_trait_coin_priv (melt_cmd, + 0, + &dirty_priv)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Coin %u not found in command %s\n", + 0, + ps->melt_reference); + GNUNET_break (0); + TALER_TESTING_interpreter_fail (is); + return; + } + GNUNET_CRYPTO_eddsa_key_get_public (&dirty_priv->eddsa_priv, + &oc.eddsa_pub); + if (0 != GNUNET_memcmp (&oc, + old_coin_pub)) + { + GNUNET_break (0); + TALER_TESTING_interpreter_fail (is); + return; + } + } + break; + case MHD_HTTP_NOT_FOUND: + break; + case MHD_HTTP_CONFLICT: + break; + default: + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Unmanaged HTTP status code %u/%d.\n", + hr->http_status, + (int) hr->ec); + break; + } + TALER_TESTING_interpreter_next (is); +} + + +/** + * Run the command. + * + * @param cls closure. + * @param cmd the command to execute. + * @param is the interpreter state. + */ +static void +recoup_refresh_run (void *cls, + const struct TALER_TESTING_Command *cmd, + struct TALER_TESTING_Interpreter *is) +{ + struct RecoupRefreshState *ps = cls; + const struct TALER_TESTING_Command *coin_cmd; + const struct TALER_CoinSpendPrivateKeyP *coin_priv; + const union TALER_DenominationBlindingKeyP *blinding_key; + const struct TALER_EXCHANGE_DenomPublicKey *denom_pub; + const struct TALER_DenominationSignature *coin_sig; + struct TALER_PlanchetSecretsP planchet; + char *cref; + unsigned int idx; + + ps->is = is; + if (GNUNET_OK != + parse_coin_reference (ps->coin_reference, + &cref, + &idx)) + { + TALER_TESTING_interpreter_fail (is); + return; + } + + coin_cmd = TALER_TESTING_interpreter_lookup_command (is, + cref); + GNUNET_free (cref); + + if (NULL == coin_cmd) + { + GNUNET_break (0); + TALER_TESTING_interpreter_fail (is); + return; + } + + if (GNUNET_OK != + TALER_TESTING_get_trait_coin_priv (coin_cmd, + idx, + &coin_priv)) + { + GNUNET_break (0); + TALER_TESTING_interpreter_fail (is); + return; + } + + if (GNUNET_OK != + TALER_TESTING_get_trait_blinding_key (coin_cmd, + idx, + &blinding_key)) + { + GNUNET_break (0); + TALER_TESTING_interpreter_fail (is); + return; + } + planchet.coin_priv = *coin_priv; + planchet.blinding_key = *blinding_key; + + if (GNUNET_OK != + TALER_TESTING_get_trait_denom_pub (coin_cmd, + idx, + &denom_pub)) + { + GNUNET_break (0); + TALER_TESTING_interpreter_fail (is); + return; + } + + if (GNUNET_OK != + TALER_TESTING_get_trait_denom_sig (coin_cmd, + idx, + &coin_sig)) + { + GNUNET_break (0); + TALER_TESTING_interpreter_fail (is); + return; + } + + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Trying to recoup_refresh denomination '%s'\n", + TALER_B2S (&denom_pub->h_key)); + + ps->ph = TALER_EXCHANGE_recoup_refresh (is->exchange, + denom_pub, + coin_sig, + &planchet, + &ps->amount, + recoup_refresh_cb, + ps); + GNUNET_assert (NULL != ps->ph); +} + + +/** + * Cleanup the "recoup_refresh" CMD state, and possibly cancel + * a pending operation thereof. + * + * @param cls closure. + * @param cmd the command which is being cleaned up. + */ +static void +recoup_refresh_cleanup (void *cls, + const struct TALER_TESTING_Command *cmd) +{ + struct RecoupRefreshState *ps = cls; + if (NULL != ps->ph) + { + TALER_EXCHANGE_recoup_refresh_cancel (ps->ph); + ps->ph = NULL; + } + GNUNET_free (ps); +} + + +struct TALER_TESTING_Command +TALER_TESTING_cmd_recoup_refresh (const char *label, + unsigned int expected_response_code, + const char *coin_reference, + const char *melt_reference, + const char *amount) +{ + struct RecoupRefreshState *ps; + + ps = GNUNET_new (struct RecoupRefreshState); + ps->expected_response_code = expected_response_code; + ps->coin_reference = coin_reference; + ps->melt_reference = melt_reference; + if (GNUNET_OK != + TALER_string_to_amount (amount, + &ps->amount)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to parse amount `%s' at %s\n", + amount, + label); + GNUNET_assert (0); + } + { + struct TALER_TESTING_Command cmd = { + .cls = ps, + .label = label, + .run = &recoup_refresh_run, + .cleanup = &recoup_refresh_cleanup + }; + + return cmd; + } +} diff --git a/src/testing/testing_api_cmd_refresh.c b/src/testing/testing_api_cmd_refresh.c index dc0392b9e..d2c2c714c 100644 --- a/src/testing/testing_api_cmd_refresh.c +++ b/src/testing/testing_api_cmd_refresh.c @@ -573,7 +573,6 @@ link_cb (void *cls, const struct TALER_DenominationSignature *sigs, const struct TALER_DenominationPublicKey *pubs) { - struct RefreshLinkState *rls = cls; const struct TALER_TESTING_Command *reveal_cmd; struct TALER_TESTING_Command *link_cmd = &rls->is->commands[rls->is->ip]; diff --git a/src/util/wallet_signatures.c b/src/util/wallet_signatures.c index f686b765c..9c3723b0a 100644 --- a/src/util/wallet_signatures.c +++ b/src/util/wallet_signatures.c @@ -107,6 +107,7 @@ TALER_wallet_deposit_verify ( void TALER_wallet_link_sign (const struct TALER_DenominationHash *h_denom_pub, const struct TALER_TransferPublicKeyP *transfer_pub, + // FIXME: consider passing hash! const void *coin_ev, size_t coin_ev_size, const struct TALER_CoinSpendPrivateKeyP *old_coin_priv, @@ -132,6 +133,7 @@ enum GNUNET_GenericReturnValue TALER_wallet_link_verify ( const struct TALER_DenominationHash *h_denom_pub, const struct TALER_TransferPublicKeyP *transfer_pub, + // FIXME: consider passing hash! const void *coin_ev, size_t coin_ev_size, const struct TALER_CoinSpendPublicKeyP *old_coin_pub, @@ -202,6 +204,53 @@ TALER_wallet_recoup_sign ( } +enum GNUNET_GenericReturnValue +TALER_wallet_recoup_refresh_verify ( + const struct TALER_DenominationHash *h_denom_pub, + const union TALER_DenominationBlindingKeyP *coin_bks, + const struct TALER_Amount *requested_amount, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_CoinSpendSignatureP *coin_sig) +{ + struct TALER_RecoupRequestPS pr = { + .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_RECOUP_REFRESH), + .purpose.size = htonl (sizeof (pr)), + .h_denom_pub = *h_denom_pub, + .coin_blind = *coin_bks + }; + + TALER_amount_hton (&pr.recoup_amount, + requested_amount); + return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_RECOUP_REFRESH, + &pr, + &coin_sig->eddsa_signature, + &coin_pub->eddsa_pub); +} + + +void +TALER_wallet_recoup_refresh_sign ( + const struct TALER_DenominationHash *h_denom_pub, + const union TALER_DenominationBlindingKeyP *coin_bks, + const struct TALER_Amount *requested_amount, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_CoinSpendSignatureP *coin_sig) +{ + struct TALER_RecoupRequestPS pr = { + .purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_RECOUP_REFRESH), + .purpose.size = htonl (sizeof (struct TALER_RecoupRequestPS)), + .h_denom_pub = *h_denom_pub, + .coin_blind = *coin_bks + }; + + TALER_amount_hton (&pr.recoup_amount, + requested_amount); + GNUNET_CRYPTO_eddsa_sign (&coin_priv->eddsa_priv, + &pr, + &coin_sig->eddsa_signature); +} + + void TALER_wallet_melt_sign ( const struct TALER_Amount *amount_with_fee,