taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add logic to check timestamp, revise history balance calculation logic in client

Browse Source
This commit is contained in:
Christian Grothoff 2022-03-21 03:59:31 +01:00
parent 1f86b02ffa
commit c7e2d206ba
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
9 changed files with 91 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/gana

@ -1 +1 @@
Subproject commit 4cfefdf374de55fe9be3f0f039c7a13f496ab970 Subproject commit 25eb78f2d0e20a137020dd0ab1c6474123843dbe

25
src/exchange/taler-exchange-httpd_reserves_history.c
View File

@ -31,6 +31,14 @@
#include "taler-exchange-httpd_responses.h" #include "taler-exchange-httpd_responses.h"
/**
* How far do we allow a client's time to be off when
* checking the request timestamp?
*/
#define TIMESTAMP_TOLERANCE \
GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 15)
/** /**
* Closure for #reserve_history_transaction. * Closure for #reserve_history_transaction.
*/ */
@ -121,8 +129,7 @@ reserve_history_transaction (void *cls,
struct ReserveHistoryContext *rsc = cls; struct ReserveHistoryContext *rsc = cls;
enum GNUNET_DB_QueryStatus qs; enum GNUNET_DB_QueryStatus qs;
// FIXME: first deduct rsc->gf->fees.history from balance! // FIXME: first deduct rsc->gf->fees.history from reserve balance (and persist the signature justifying this)
// FIXME: pass rsc.gf->history_expiration?
qs = TEH_plugin->get_reserve_history (TEH_plugin->cls, qs = TEH_plugin->get_reserve_history (TEH_plugin->cls,
rsc->reserve_pub, rsc->reserve_pub,
&rsc->balance, &rsc->balance,
@ -175,13 +182,21 @@ TEH_handler_reserves_history (struct TEH_RequestContext *rc,
} }
} }
now = GNUNET_TIME_timestamp_get (); now = GNUNET_TIME_timestamp_get ();
/* FIXME: check that 'timestamp' is close to 'now' */ if (! GNUNET_TIME_absolute_approx_eq (now.abs_time,
rsc.timestamp.abs_time,
TIMESTAMP_TOLERANCE))
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_BAD_REQUEST,
TALER_EC_EXCHANGE_GENERIC_CLOCK_SKEW,
NULL);
}
rsc.gf = TEH_keys_global_fee_by_time (TEH_keys_get_state (), rsc.gf = TEH_keys_global_fee_by_time (TEH_keys_get_state (),
rsc.timestamp); rsc.timestamp);
if (NULL == rsc.gf) if (NULL == rsc.gf)
{ {
GNUNET_break_op (0); GNUNET_break (0);
return TALER_MHD_reply_with_error (rc->connection, return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_INTERNAL_SERVER_ERROR, MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_EXCHANGE_GENERIC_BAD_CONFIGURATION, TALER_EC_EXCHANGE_GENERIC_BAD_CONFIGURATION,

19
src/exchange/taler-exchange-httpd_reserves_status.c
View File

@ -30,6 +30,13 @@
#include "taler-exchange-httpd_reserves_status.h" #include "taler-exchange-httpd_reserves_status.h"
#include "taler-exchange-httpd_responses.h" #include "taler-exchange-httpd_responses.h"
/**
* How far do we allow a client's time to be off when
* checking the request timestamp?
*/
#define TIMESTAMP_TOLERANCE \
GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 15)
/** /**
* Closure for #reserve_status_transaction. * Closure for #reserve_status_transaction.
@ -140,6 +147,7 @@ TEH_handler_reserves_status (struct TEH_RequestContext *rc,
&reserve_sig), &reserve_sig),
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
struct GNUNET_TIME_Timestamp now;
rsc.reserve_pub = reserve_pub; rsc.reserve_pub = reserve_pub;
{ {
@ -159,6 +167,17 @@ TEH_handler_reserves_status (struct TEH_RequestContext *rc,
return MHD_YES; /* failure */ return MHD_YES; /* failure */
} }
} }
now = GNUNET_TIME_timestamp_get ();
if (! GNUNET_TIME_absolute_approx_eq (now.abs_time,
timestamp.abs_time,
TIMESTAMP_TOLERANCE))
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_BAD_REQUEST,
TALER_EC_EXCHANGE_GENERIC_CLOCK_SKEW,
NULL);
}
if (GNUNET_OK != if (GNUNET_OK !=
TALER_wallet_reserve_status_verify (timestamp, TALER_wallet_reserve_status_verify (timestamp,
reserve_pub, reserve_pub,

1
src/exchangedb/plugin_exchangedb_postgres.c
View File

@ -5595,6 +5595,7 @@ postgres_get_reserve_status (void *cls,
GNUNET_PQ_query_param_end GNUNET_PQ_query_param_end
}; };
/* FIXME: actually implement reserve history truncation logic! */
rhc.reserve_pub = reserve_pub; rhc.reserve_pub = reserve_pub;
rhc.rh = NULL; rhc.rh = NULL;
rhc.rh_tail = NULL; rhc.rh_tail = NULL;

33
src/include/taler_exchange_service.h
View File

@ -1583,10 +1583,21 @@ struct TALER_EXCHANGE_ReserveStatus
{ {
/** /**
* Reserve balance. * Current reserve balance. May not be the difference between
* @e total_in and @e total_out because the @e may be truncated.
*/ */
struct TALER_Amount balance; struct TALER_Amount balance;
/**
* Total of all inbound transactions in @e history.
*/
struct TALER_Amount total_in;
/**
* Total of all outbound transactions in @e history.
*/
struct TALER_Amount total_out;
/** /**
* Reserve history. * Reserve history.
*/ */
@ -1687,10 +1698,22 @@ struct TALER_EXCHANGE_ReserveHistory
{ {
/** /**
* Reserve balance. * Reserve balance. May not be the difference between
* @e total_in and @e total_out because the @e may be truncated
* due to expiration.
*/ */
struct TALER_Amount balance; struct TALER_Amount balance;
/**
* Total of all inbound transactions in @e history.
*/
struct TALER_Amount total_in;
/**
* Total of all outbound transactions in @e history.
*/
struct TALER_Amount total_out;
/** /**
* Reserve history. * Reserve history.
*/ */
@ -2685,7 +2708,8 @@ TALER_EXCHANGE_verify_coin_history (
* @param history JSON array with the history * @param history JSON array with the history
* @param reserve_pub public key of the reserve to inspect * @param reserve_pub public key of the reserve to inspect
* @param currency currency we expect the balance to be in * @param currency currency we expect the balance to be in
* @param[out] balance final balance * @param[out] total_in set to value of credits to reserve
* @param[out] total_out set to value of debits from reserve
* @param history_length number of entries in @a history * @param history_length number of entries in @a history
* @param[out] rhistory array of length @a history_length, set to the * @param[out] rhistory array of length @a history_length, set to the
* parsed history entries * parsed history entries
@ -2699,7 +2723,8 @@ TALER_EXCHANGE_parse_reserve_history (
const json_t *history, const json_t *history,
const struct TALER_ReservePublicKeyP *reserve_pub, const struct TALER_ReservePublicKeyP *reserve_pub,
const char *currency, const char *currency,
struct TALER_Amount *balance, struct TALER_Amount *total_in,
struct TALER_Amount *total_out,
unsigned int history_length, unsigned int history_length,
struct TALER_EXCHANGE_ReserveHistoryEntry *rhistory); struct TALER_EXCHANGE_ReserveHistoryEntry *rhistory);

44
src/lib/exchange_api_common.c
View File

@ -32,21 +32,20 @@ TALER_EXCHANGE_parse_reserve_history (
const json_t *history, const json_t *history,
const struct TALER_ReservePublicKeyP *reserve_pub, const struct TALER_ReservePublicKeyP *reserve_pub,
const char *currency, const char *currency,
struct TALER_Amount *balance, struct TALER_Amount *total_in,
struct TALER_Amount *total_out,
unsigned int history_length, unsigned int history_length,
struct TALER_EXCHANGE_ReserveHistoryEntry *rhistory) struct TALER_EXCHANGE_ReserveHistoryEntry *rhistory)
{ {
struct GNUNET_HashCode uuid[history_length]; struct GNUNET_HashCode uuid[history_length];
unsigned int uuid_off; unsigned int uuid_off;
struct TALER_Amount total_in;
struct TALER_Amount total_out;
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
TALER_amount_set_zero (currency, TALER_amount_set_zero (currency,
&total_in)); total_in));
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
TALER_amount_set_zero (currency, TALER_amount_set_zero (currency,
&total_out)); total_out));
uuid_off = 0; uuid_off = 0;
for (unsigned int off = 0; off<history_length; off++) for (unsigned int off = 0; off<history_length; off++)
{ {
@ -76,7 +75,7 @@ TALER_EXCHANGE_parse_reserve_history (
rhistory[off].amount = amount; rhistory[off].amount = amount;
if (GNUNET_YES != if (GNUNET_YES !=
TALER_amount_cmp_currency (&amount, TALER_amount_cmp_currency (&amount,
&total_in)) total_in))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return GNUNET_SYSERR; return GNUNET_SYSERR;
@ -99,8 +98,8 @@ TALER_EXCHANGE_parse_reserve_history (
rh->type = TALER_EXCHANGE_RTT_CREDIT; rh->type = TALER_EXCHANGE_RTT_CREDIT;
if (0 > if (0 >
TALER_amount_add (&total_in, TALER_amount_add (total_in,
&total_in, total_in,
&amount)) &amount))
{ {
/* overflow in history already!? inconceivable! Bad exchange! */ /* overflow in history already!? inconceivable! Bad exchange! */
@ -206,8 +205,8 @@ TALER_EXCHANGE_parse_reserve_history (
uuid_off++; uuid_off++;
if (0 > if (0 >
TALER_amount_add (&total_out, TALER_amount_add (total_out,
&total_out, total_out,
&amount)) &amount))
{ {
/* overflow in history already!? inconceivable! Bad exchange! */ /* overflow in history already!? inconceivable! Bad exchange! */
@ -274,8 +273,8 @@ TALER_EXCHANGE_parse_reserve_history (
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
if (0 > if (0 >
TALER_amount_add (&total_in, TALER_amount_add (total_in,
&total_in, total_in,
&rh->amount)) &rh->amount))
{ {
/* overflow in history already!? inconceivable! Bad exchange! */ /* overflow in history already!? inconceivable! Bad exchange! */
@ -349,8 +348,8 @@ TALER_EXCHANGE_parse_reserve_history (
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
if (0 > if (0 >
TALER_amount_add (&total_out, TALER_amount_add (total_out,
&total_out, total_out,
&rh->amount)) &rh->amount))
{ {
/* overflow in history already!? inconceivable! Bad exchange! */ /* overflow in history already!? inconceivable! Bad exchange! */
@ -366,23 +365,6 @@ TALER_EXCHANGE_parse_reserve_history (
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
} }
/* check balance = total_in - total_out < withdraw-amount */
if (NULL != balance)
{
/* if balance is NULL, we may have a partial history
in which case the subtraction may fail, so we do
not even check that invariant in this case. */
if (0 >
TALER_amount_subtract (balance,
&total_in,
&total_out))
{
/* total_in < total_out, why did the exchange ever allow this!? */
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
}
return GNUNET_OK; return GNUNET_OK;
} }

7
src/lib/exchange_api_reserves_history.c
View File

@ -91,7 +91,6 @@ handle_reserves_history_ok (struct TALER_EXCHANGE_ReservesHistoryHandle *rsh,
{ {
json_t *history; json_t *history;
unsigned int len; unsigned int len;
struct TALER_Amount history_balance;
struct TALER_EXCHANGE_ReserveHistory rs = { struct TALER_EXCHANGE_ReserveHistory rs = {
.hr.reply = j, .hr.reply = j,
.hr.http_status = MHD_HTTP_OK .hr.http_status = MHD_HTTP_OK
@ -123,15 +122,13 @@ handle_reserves_history_ok (struct TALER_EXCHANGE_ReservesHistoryHandle *rsh,
rhistory = GNUNET_new_array (len, rhistory = GNUNET_new_array (len,
struct TALER_EXCHANGE_ReserveHistoryEntry); struct TALER_EXCHANGE_ReserveHistoryEntry);
// FIXME: even this history could be partial
// (if the reserve is too old!); update API
// and return incoming & outgoing totals separately?
if (GNUNET_OK != if (GNUNET_OK !=
TALER_EXCHANGE_parse_reserve_history (rsh->exchange, TALER_EXCHANGE_parse_reserve_history (rsh->exchange,
history, history,
&rsh->reserve_pub, &rsh->reserve_pub,
rs.details.ok.balance.currency, rs.details.ok.balance.currency,
&history_balance, &rs.details.ok.total_in,
&rs.details.ok.total_out,
len, len,
rhistory)) rhistory))
{ {

3
src/lib/exchange_api_reserves_status.c
View File

@ -127,7 +127,8 @@ handle_reserves_status_ok (struct TALER_EXCHANGE_ReservesStatusHandle *rsh,
history, history,
&rsh->reserve_pub, &rsh->reserve_pub,
rs.details.ok.balance.currency, rs.details.ok.balance.currency,
NULL, &rs.details.ok.total_in,
&rs.details.ok.total_out,
len, len,
rhistory)) rhistory))
{ {

14
src/lib/exchange_api_withdraw2.c
View File

@ -148,7 +148,8 @@ reserve_withdraw_payment_required (
const json_t *json) const json_t *json)
{ {
struct TALER_Amount balance; struct TALER_Amount balance;
struct TALER_Amount balance_from_history; struct TALER_Amount total_in_from_history;
struct TALER_Amount total_out_from_history;
json_t *history; json_t *history;
size_t len; size_t len;
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
@ -197,7 +198,8 @@ reserve_withdraw_payment_required (
history, history,
&wh->reserve_pub, &wh->reserve_pub,
balance.currency, balance.currency,
&balance_from_history, &total_in_from_history,
&total_out_from_history,
len, len,
rhistory)) rhistory))
{ {
@ -210,14 +212,6 @@ reserve_withdraw_payment_required (
len); len);
} }
if (0 !=
TALER_amount_cmp (&balance_from_history,
&balance))
{
/* exchange cannot add up balances!? */
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
/* Check that funds were really insufficient */ /* Check that funds were really insufficient */
if (0 >= TALER_amount_cmp (&wh->requested_amount, if (0 >= TALER_amount_cmp (&wh->requested_amount,
&balance)) &balance))