From a57eab75215fd7d6bb4d76b0030f3a4551829298 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96zg=C3=BCr=20Kesim?= Date: Sat, 21 Jan 2023 10:11:10 +0100 Subject: [PATCH] WIP: first steps towards age-withdraw, DOESN'T COMPILE YET --- src/exchange/Makefile.am | 2 + .../taler-exchange-httpd_age-withdraw.c | 385 ++++++++++++++++++ .../taler-exchange-httpd_age-withdraw.h | 47 +++ ...taler-exchange-httpd_age-withdraw_reveal.h | 56 +++ src/include/taler_exchangedb_plugin.h | 46 +++ src/util/exchange_signatures.c | 2 + 6 files changed, 538 insertions(+) create mode 100644 src/exchange/taler-exchange-httpd_age-withdraw.c create mode 100644 src/exchange/taler-exchange-httpd_age-withdraw.h create mode 100644 src/exchange/taler-exchange-httpd_age-withdraw_reveal.h diff --git a/src/exchange/Makefile.am b/src/exchange/Makefile.am index 29596c381..15a554a46 100644 --- a/src/exchange/Makefile.am +++ b/src/exchange/Makefile.am @@ -122,6 +122,8 @@ taler_exchange_wirewatch_LDADD = \ taler_exchange_httpd_SOURCES = \ taler-exchange-httpd.c taler-exchange-httpd.h \ + taler-exchange-httpd_age-withdraw.c taler-exchange-httpd_age-withdraw.h \ + taler-exchange-httpd_age-withdraw_reveal.c taler-exchange-httpd_age-withdraw_reveal.h \ taler-exchange-httpd_auditors.c taler-exchange-httpd_auditors.h \ taler-exchange-httpd_batch-deposit.c taler-exchange-httpd_batch-deposit.h \ taler-exchange-httpd_batch-withdraw.c taler-exchange-httpd_batch-withdraw.h \ diff --git a/src/exchange/taler-exchange-httpd_age-withdraw.c b/src/exchange/taler-exchange-httpd_age-withdraw.c new file mode 100644 index 000000000..7f406310b --- /dev/null +++ b/src/exchange/taler-exchange-httpd_age-withdraw.c @@ -0,0 +1,385 @@ +/* + This file is part of TALER + Copyright (C) 2023 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as + published by the Free Software Foundation; either version 3, + or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty + of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General + Public License along with TALER; see the file COPYING. If not, + see +*/ +/** + * @file taler-exchange-httpd_age-withdraw.c + * @brief Handle /reserves/$RESERVE_PUB/age-withdraw requests + * @author Özgür Kesim + */ +#include "platform.h" +#include +#include +#include "taler_json_lib.h" +#include "taler_kyclogic_lib.h" +#include "taler_mhd_lib.h" +#include "taler-exchange-httpd_withdraw.h" +#include "taler-exchange-httpd_responses.h" +#include "taler-exchange-httpd_keys.h" + + +/** + * Context for #age_withdraw_transaction. + */ +struct AgeWithdrawContext +{ + /** + * KYC status for the operation. + */ + struct TALER_EXCHANGEDB_KycStatus kyc; + + /** + * The commitment request, for n*kappa coins. + */ + struct TALER_EXCHANGEDB_AgeWithdrawCommitment commitment; + + /** + * Current time for the DB transaction. + */ + struct GNUNET_TIME_Timestamp now; +}; + + +#if 0 +/** + * Function called to iterate over KYC-relevant + * transaction amounts for a particular time range. + * Called within a database transaction, so must + * not start a new one. + * + * @param cls closure, identifies the event type and + * account to iterate over events for + * @param limit maximum time-range for which events + * should be fetched (timestamp in the past) + * @param cb function to call on each event found, + * events must be returned in reverse chronological + * order + * @param cb_cls closure for @a cb + */ +static void +withdraw_amount_cb (void *cls, + struct GNUNET_TIME_Absolute limit, + TALER_EXCHANGEDB_KycAmountCallback cb, + void *cb_cls) +{ + struct AgeWithdrawContext *awc = cls; + enum GNUNET_DB_QueryStatus qs; + + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Signaling amount %s for KYC check during age-withdrawal\n", + TALER_amount2s (&awc->amount_with_fee)); + if (GNUNET_OK != + cb (cb_cls, + &awc->amount_with_fee, + awc->now.abs_time)) + return; + qs = TEH_plugin->select_withdraw_amounts_for_kyc_check ( + TEH_plugin->cls, + &wc->h_payto, + limit, + cb, + cb_cls); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Got %d additional transactions for this age-withdrawal and limit %llu\n", + qs, + (unsigned long long) limit.abs_value_us); + GNUNET_break (qs >= 0); +} + + +#endif + + +#if 0 +/** + * TODO: REWRITE + * Function implementing age withdraw transaction. Runs the + * transaction logic; IF it returns a non-error code, the transaction + * logic MUST NOT queue a MHD response. IF it returns an hard error, + * the transaction logic MUST queue a MHD response and set @a mhd_ret. + * IF it returns the soft error code, the function MAY be called again + * to retry and MUST not queue a MHD response. + * + * Note that "wc->collectable.sig" is set before entering this function as we + * signed before entering the transaction. + * + * @param cls a `struct WithdrawContext *` + * @param connection MHD request which triggered the transaction + * @param[out] mhd_ret set to MHD response status for @a connection, + * if transaction failed (!) + * @return transaction status + */ +static enum GNUNET_DB_QueryStatus +age_withdraw_transaction (void *cls, + struct MHD_Connection *connection, + MHD_RESULT *mhd_ret) +{ + struct AgeWithdrawContext *wc = cls; + enum GNUNET_DB_QueryStatus qs; + bool found = false; + bool balance_ok = false; + bool nonce_ok = false; + uint64_t ruuid; + const struct TALER_CsNonce *nonce; + const struct TALER_BlindedPlanchet *bp; + + wc->now = GNUNET_TIME_timestamp_get (); + qs = TEH_plugin->reserves_get_origin (TEH_plugin->cls, + &wc->collectable.reserve_pub, + &wc->h_payto); + if (qs < 0) + return qs; + /* If no results, reserve was created by merge, + in which case no KYC check is required as the + merge already did that. */ + if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) + { + const char *kyc_required; + + kyc_required = TALER_KYCLOGIC_kyc_test_required ( + TALER_KYCLOGIC_KYC_TRIGGER_WITHDRAW, + &wc->h_payto, + TEH_plugin->select_satisfied_kyc_processes, + TEH_plugin->cls, + &withdraw_amount_cb, + wc); + if (NULL != kyc_required) + { + /* insert KYC requirement into DB! */ + wc->kyc.ok = false; + return TEH_plugin->insert_kyc_requirement_for_account ( + TEH_plugin->cls, + kyc_required, + &wc->h_payto, + &wc->kyc.requirement_row); + } + } + wc->kyc.ok = true; + bp = &wc->blinded_planchet; + nonce = (TALER_DENOMINATION_CS == bp->cipher) + ? &bp->details.cs_blinded_planchet.nonce + : NULL; + qs = TEH_plugin->do_withdraw (TEH_plugin->cls, + nonce, + &wc->collectable, + wc->now, + &found, + &balance_ok, + &nonce_ok, + &ruuid); + if (0 > qs) + { + if (GNUNET_DB_STATUS_HARD_ERROR == qs) + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "do_withdraw"); + return qs; + } + if (! found) + { + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_NOT_FOUND, + TALER_EC_EXCHANGE_GENERIC_RESERVE_UNKNOWN, + NULL); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if (! balance_ok) + { + TEH_plugin->rollback (TEH_plugin->cls); + *mhd_ret = TEH_RESPONSE_reply_reserve_insufficient_balance ( + connection, + TALER_EC_EXCHANGE_WITHDRAW_INSUFFICIENT_FUNDS, + &wc->collectable.amount_with_fee, + &wc->collectable.reserve_pub); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if (! nonce_ok) + { + TEH_plugin->rollback (TEH_plugin->cls); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_CONFLICT, + TALER_EC_EXCHANGE_WITHDRAW_NONCE_REUSE, + NULL); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) + TEH_METRICS_num_success[TEH_MT_SUCCESS_WITHDRAW]++; + return qs; +} + + +#endif + + +/** + * Check if the @a rc is replayed and we already have an + * answer. If so, replay the existing answer and return the + * HTTP response. + * + * @param rc request context + * @param[in,out] awc parsed request data + * @param[out] mret HTTP status, set if we return true + * @return true if the request is idempotent with an existing request + * false if we did not find the request in the DB and did not set @a mret + */ +static bool +request_is_idempotent (struct TEH_RequestContext *rc, + struct AgeWithdrawContext *awc, + MHD_RESULT *mret) +{ + enum GNUNET_DB_QueryStatus qs; + + qs = TEH_plugin->get_age_withdraw_info (TEH_plugin->cls, + &awc->reserve_pub, + &awc->commitment); + if (0 > qs) + { + GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); + if (GNUNET_DB_STATUS_HARD_ERROR == qs) + *mret = TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "get_age_withdraw_info"); + return true; /* well, kind-of */ + } + + if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) + return false; + + /* generate idempotent reply */ + TEH_METRICS_num_requests[TEH_MT_REQUEST_IDEMPOTENT_AGE_WITHDRAW]++; + *mret = TALER_MHD_REPLY_JSON_PACK ( + rc->connection, + MHD_HTTP_OK, + GNUNET_JSON_pack_uint64 ("noreveal_index", + &awc->commitment.noreveal_index), + GNUNET_JSON_pack_data_auto ("exchange_sig", + &awc->commitment.sig), + GNUNET_JSON_pack_data_auto ("exchange_pub", + /* TODO:oec: where does the pub come from? */ + &pub)); + return true; +} + + +MHD_RESULT +TEH_handler_age_withdraw (struct TEH_RequestContext *rc, + const struct TALER_ReservePublicKeyP *reserve_pub, + const json_t *root) +{ + struct AgeWithdrawContext awc; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_fixed_auto ("reserve_sig", + &awc.commitment.reserve_sig), + GNUNET_JSON_spec_fixed_auto ("age_restricted_coins_commitment", + &awc.commitment.h_commitment), + TALER_JSON_spec_amount ("amount", + &awc.commitment.amount_with_fee); + GNUNET_JSON_spec_uint8 ("max_age_group", + &awc.commitment.max_age_group), + GNUNET_JSON_spec_end () + }; + enum TALER_ErrorCode ec; + + memset (&awc, 0, sizeof (awc)); + awc.commitment.reserve_pub = *reserve_pub; + + + { + enum GNUNET_GenericReturnValue res; + + res = TALER_MHD_parse_json_data (rc->connection, + root, + spec); + if (GNUNET_OK != res) + return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; + } + + if (request_is_idempotent (rc, + &awc, + &mret)) + { + GNUNET_JSON_parse_free (spec); + return mret; + } + + TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; + if (GNUNET_OK != + TALER_wallet_age_withdraw_verify (&awc.commitment.h_commitment, + &awc.commitment.amount_with_fee, + &awc.commitment.max_age_group, + &awc.commitment.reserve_pub, + &awc.commitment.reserve_sig)) + { + GNUNET_break_op (0); + GNUNET_JSON_parse_free (spec); + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_WITHDRAW_RESERVE_SIGNATURE_INVALID, + NULL); + } + + /* run transaction */ + { + MHD_RESULT mhd_ret; + + if (GNUNET_OK != + TEH_DB_run_transaction (rc->connection, + "run age withdraw", + TEH_MT_REQUEST_AGE_WITHDRAW, + &mhd_ret, + &age_withdraw_transaction, + &awc)) + { + /* Even if #withdraw_transaction() failed, it may have created a signature + (or we might have done it optimistically above). */ + /*TODO:oec:which function to call here!? */ + TALER_blinded_denom_sig_free (&awc.commitment.sig); + GNUNET_JSON_parse_free (spec); + return mhd_ret; + } + } + + /* Clean up and send back final response */ + GNUNET_JSON_parse_free (spec); + + if (! awc.kyc.ok) + return TEH_RESPONSE_reply_kyc_required (rc->connection, + &awc.h_payto, + &awc.kyc); + { + MHD_RESULT ret; + + ret = TALER_MHD_REPLY_JSON_PACK ( + rc->connection, + MHD_HTTP_OK, + /* TODO:oec: put in the right answer fields */ + GNUNET_JSON_pack_uint64 ("noreveal_index", + &awc->commitment.noreveal_index), + GNUNET_JSON_pack_data_auto ("exchange_sig", + &awc->commitment.sig), + GNUNET_JSON_pack_data_auto ("exchange_pub", + /* TODO:oec: where does the pub come from? */ + &pub)); + TALER_blinded_denom_sig_free (&awc.commitment.sig); + return ret; + } +} + + +/* end of taler-exchange-httpd_age-withdraw.c */ diff --git a/src/exchange/taler-exchange-httpd_age-withdraw.h b/src/exchange/taler-exchange-httpd_age-withdraw.h new file mode 100644 index 000000000..a76779190 --- /dev/null +++ b/src/exchange/taler-exchange-httpd_age-withdraw.h @@ -0,0 +1,47 @@ +/* + This file is part of TALER + Copyright (C) 2023 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see +*/ +/** + * @file taler-exchange-httpd_age-withdraw.h + * @brief Handle /reserve/$RESERVE_PUB/age-withdraw requests + * @author Özgür Kesim + */ +#ifndef TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H +#define TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H + +#include +#include "taler-exchange-httpd.h" + + +/** + * Handle a "/reserves/$RESERVE_PUB/age-withdraw" request. + * + * Parses the batch of commitments to withdraw age restricted coins, and checks + * that the signature "reserve_sig" makes this a valid withdrawal request from + * the specified reserve. If the request is valid, the response contains a + * noreveal_index which the client has to use for the subsequent call to + * /age-withdraw/$ACH/reveal. + * + * @param rc request context + * @param root uploaded JSON data + * @param reserve_pub public key of the reserve + * @return MHD result code + */ +MHD_RESULT +TEH_handler_age_withdraw (struct TEH_RequestContext *rc, + const struct TALER_ReservePublicKeyP *reserve_pub, + const json_t *root); + +#endif diff --git a/src/exchange/taler-exchange-httpd_age-withdraw_reveal.h b/src/exchange/taler-exchange-httpd_age-withdraw_reveal.h new file mode 100644 index 000000000..ed7e37b3b --- /dev/null +++ b/src/exchange/taler-exchange-httpd_age-withdraw_reveal.h @@ -0,0 +1,56 @@ +/* + This file is part of TALER + Copyright (C) 2023 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see +*/ +/** + * @file taler-exchange-httpd_age-withdraw_reveal.h + * @brief Handle /age-withdraw/$ACH/reveal requests + * @author Özgür Kesim + */ +#ifndef TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H +#define TALER_EXCHANGE_HTTPD_AGE_WITHDRAW_H + +#include +#include "taler-exchange-httpd.h" + + +/** + * Handle a "/age-withdraw/$ACH/reveal" request. + * + * The client got a noreveal_index in response to a previous request + * /reserve/$RESERVE_PUB/age-withdraw. It now has to reveal all n*(kappa-1) + * coin's private keys (except for the noreveal_index), from which all other + * coin-relevant data (blinding, age restriction, nonce) is derived from. + * + * The exchange computes those values, ensures that the maximum age is + * correctly applied, calculates the hash of the blinded envelopes, and - + * together with the non-disclosed blinded envelopes - compares the hash of + * those against the original commitment $ACH. + * + * If all those checks and the used denominations turn out to be correct, the + * exchange signs all blinded envelopes with their appropriate denomination + * keys. + * + * @param rc request context + * @param root uploaded JSON data + * @param ach commitment to the age restricted coints from the age-withdraw request + * @return MHD result code + */ +MHD_RESULT +TEH_handler_age_withdraw_reveal ( + struct TEH_RequestContext *rc, + const struct TALER_AgeRestrictedCoinsCommitmentP *ach, + const json_t *root); + +#endif diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 146321eab..aded6b3f1 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -1050,6 +1050,52 @@ struct TALER_EXCHANGEDB_CollectableBlindcoin struct TALER_ReserveSignatureP reserve_sig; }; +/** + * @brief Information we keep for an age-withdraw commitment + * to reproduce the /age-withdraw operation if neede, and to have proof + * that a reserve was drained by this amount. + */ +struct TALER_EXCHANGEDB_AgeWithdrawCommitment +{ + /** + * Total amount (with fee) committed to withdraw + */ + struct TALER_Amount amount_with_fee; + + /** + * Public key of the reserve that was drained. + */ + struct TALER_ReservePublicKeyP reserve_pub; + + /** + * Maximum age group that the coins are restricted to. + */ + uint8_t max_age_group; + + /** + * The hash of the commitment of all n*kappa coins + */ + struct TALER_AgeWithdrawCommitmentHashP h_commitment; + + /** + * Index (smaller #TALER_CNC_KAPPA) which the exchange has chosen to not have + * revealed during cut and choose. This value applies to all n coins in the + * commitment. + */ + uint32_t noreveal_index; + + /** + * Signature confirming the age withdrawal, matching @e reserve_pub, @e + * maximum_age_group and @e h_commitment and @e total_amount_with_fee. + */ + struct TALER_ReserveSignatureP reserve_sig; + + /** + * The exchange's signature of the response. + */ + struct TALER_ExchangeSignatureP sig; +} + /** * Information the exchange records about a recoup request diff --git a/src/util/exchange_signatures.c b/src/util/exchange_signatures.c index c2a841839..21dad5299 100644 --- a/src/util/exchange_signatures.c +++ b/src/util/exchange_signatures.c @@ -359,6 +359,8 @@ TALER_exchange_online_melt_confirmation_verify ( } +/* TODO:oec: add signature for age-withdraw and reveal */ + GNUNET_NETWORK_STRUCT_BEGIN /**