integrate auditor signature check logic with taler-helper-auditor-coins

This commit is contained in:
Christian Grothoff 2020-12-22 18:27:34 +01:00
parent a644355c44
commit fe232f1fed
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
5 changed files with 181 additions and 57 deletions

View File

@ -64,7 +64,12 @@ struct TALER_MasterPublicKeyP TALER_ARL_master_pub;
/**
* Public key of the auditor.
*/
static struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
/**
* REST API endpoint of the auditor.
*/
char *TALER_ARL_auditor_url;
/**
* At what time did the auditor process start?
@ -177,62 +182,6 @@ add_denomination (
GNUNET_CONTAINER_multihashmap_get (denominations,
&issue->denom_hash))
return; /* value already known */
#if FIXME_IMPLEMENT
qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls,
TALER_ARL_esession,
&issue->denom_hash,
&TALER_ARL_auditor_pub,
&auditor_sig);
if (0 >= qs)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Encountered denomination `%s' that this auditor is not auditing!\n",
GNUNET_h2s (&issue->denom_hash));
return; /* skip! */
}
{
// TODO: one of the auditor passes should really just do this
// add problems to JSON report (even if the implications are unclear),
// instead of doing it here!
struct TALER_Amount coin_value;
struct TALER_Amount fee_withdraw;
struct TALER_Amount fee_deposit;
struct TALER_Amount fee_refresh;
struct TALER_Amount fee_refund;
TALER_amount_hton (&coin_value,
&issue->value);
TALER_amount_hton (&fee_withdraw,
&issue->fee_withdraw);
TALER_amount_hton (&fee_deposit,
&issue->fee_deposit);
TALER_amount_hton (&fee_refresh,
&issue->fee_refresh);
TALER_amount_hton (&fee_refund,
&issue->fee_refund);
if (GNUNET_OK !=
TALER_auditor_denom_validity_verify (
TALER_ARL_auditor_url,
&issue->denom_hash,
&TALER_ARL_master_pub,
GNUNET_TIME_absolute_ntoh (issue->start),
GNUNET_TIME_absolute_ntoh (issue->expire_withdraw),
GNUNET_TIME_absolute_ntoh (issue->expire_deposit),
GNUNET_TIME_absolute_ntoh (issue->expire_legal),
&coin_value,
&fee_withdraw,
&fee_deposit,
&fee_refresh,
&fee_refund,
&TALER_ARL_auditor_pub,
&auditor_sig))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Exchange has invalid signature from this auditor for denomination `%s' in its database!\n",
GNUNET_h2s (&issue->denom_hash));
}
}
#endif
#if GNUNET_EXTRA_LOGGING >= 1
{
struct TALER_Amount value;
@ -728,6 +677,18 @@ TALER_ARL_init (const struct GNUNET_CONFIGURATION_Handle *c)
{
TALER_ARL_cfg = c;
start_time = GNUNET_TIME_absolute_get ();
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (TALER_ARL_cfg,
"auditor",
"BASE_URL",
&TALER_ARL_auditor_url))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"auditor",
"BASE_URL");
return GNUNET_SYSERR;
}
if (GNUNET_YES == GNUNET_is_zero (&TALER_ARL_master_pub))
{
/* -m option not given, try configuration */
@ -944,6 +905,7 @@ TALER_ARL_done (json_t *report)
JSON_INDENT (2));
json_decref (report);
}
GNUNET_free (TALER_ARL_auditor_url);
}

View File

@ -74,6 +74,16 @@ extern struct TALER_AUDITORDB_Session *TALER_ARL_asession;
*/
extern struct TALER_MasterPublicKeyP TALER_ARL_master_pub;
/**
* Public key of the auditor.
*/
extern struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
/**
* REST API endpoint of the auditor.
*/
extern char *TALER_ARL_auditor_url;
/**
* At what time did the auditor process start?
*/

View File

@ -2196,6 +2196,81 @@ recoup_refresh_cb (void *cls,
}
/**
* Function called with the results of iterate_denomination_info(),
* or directly (!). Used to check that we correctly signed the
* denomination and to warn if there are denominations not approved
* by this auditor.
*
* @param cls closure, NULL
* @param denom_pub public key, sometimes NULL (!)
* @param validity issuing information with value, fees and other info about the denomination.
*/
static void
check_denomination (
void *cls,
const struct TALER_DenominationPublicKey *denom_pub,
const struct TALER_EXCHANGEDB_DenominationKeyInformationP *validity)
{
const struct TALER_DenominationKeyValidityPS *issue = &validity->properties;
enum GNUNET_DB_QueryStatus qs;
struct TALER_AuditorSignatureP auditor_sig;
qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls,
TALER_ARL_esession,
&issue->denom_hash,
&TALER_ARL_auditor_pub,
&auditor_sig);
if (0 >= qs)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Encountered denomination `%s' that this auditor is not auditing!\n",
GNUNET_h2s (&issue->denom_hash));
return; /* skip! */
}
{
struct TALER_Amount coin_value;
struct TALER_Amount fee_withdraw;
struct TALER_Amount fee_deposit;
struct TALER_Amount fee_refresh;
struct TALER_Amount fee_refund;
TALER_amount_ntoh (&coin_value,
&issue->value);
TALER_amount_ntoh (&fee_withdraw,
&issue->fee_withdraw);
TALER_amount_ntoh (&fee_deposit,
&issue->fee_deposit);
TALER_amount_ntoh (&fee_refresh,
&issue->fee_refresh);
TALER_amount_ntoh (&fee_refund,
&issue->fee_refund);
if (GNUNET_OK !=
TALER_auditor_denom_validity_verify (
TALER_ARL_auditor_url,
&issue->denom_hash,
&TALER_ARL_master_pub,
GNUNET_TIME_absolute_ntoh (issue->start),
GNUNET_TIME_absolute_ntoh (issue->expire_withdraw),
GNUNET_TIME_absolute_ntoh (issue->expire_deposit),
GNUNET_TIME_absolute_ntoh (issue->expire_legal),
&coin_value,
&fee_withdraw,
&fee_deposit,
&fee_refresh,
&fee_refund,
&TALER_ARL_auditor_pub,
&auditor_sig))
{
// FIXME: add properly to audit report!
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Exchange has invalid signature from this auditor for denomination `%s' in its database!\n",
GNUNET_h2s (&issue->denom_hash));
}
}
}
/**
* Analyze the exchange's processing of coins.
*
@ -2211,6 +2286,17 @@ analyze_coins (void *cls)
enum GNUNET_DB_QueryStatus qsp;
(void) cls;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Checking denominations...\n");
qs = TALER_ARL_edb->iterate_denomination_info (TALER_ARL_edb->cls,
TALER_ARL_esession,
&check_denomination,
NULL);
if (0 > qs)
{
GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
return qs;
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Analyzing coins\n");
qsp = TALER_ARL_adb->get_auditor_progress_coin (TALER_ARL_adb->cls,

View File

@ -1597,6 +1597,14 @@ postgres_get_session (void *cls)
") VALUES "
"($1, $2, $3);",
3),
/* used in #postgres_select_auditor_denom_sig() */
GNUNET_PQ_make_prepare ("select_auditor_denom_sig",
"SELECT"
" auditor_sig"
" FROM auditor_denom_sigs"
" WHERE auditor_pub=$1"
" AND denom_pub_hash=$2",
2),
/* used in #postgres_lookup_wire_fee_by_time() */
GNUNET_PQ_make_prepare ("lookup_wire_fee_by_time",
"SELECT"
@ -8695,6 +8703,43 @@ postgres_insert_auditor_denom_sig (
}
/**
* Select information about an auditor auditing a denomination key.
*
* @param cls closure
* @param session a session
* @param h_denom_pub the audited denomination
* @param auditor_pub the auditor's key
* @param[out] auditor_sig set to signature affirming the auditor's audit activity
* @return transaction status code
*/
static enum GNUNET_DB_QueryStatus
postgres_select_auditor_denom_sig (
void *cls,
struct TALER_EXCHANGEDB_Session *session,
const struct GNUNET_HashCode *h_denom_pub,
const struct TALER_AuditorPublicKeyP *auditor_pub,
struct TALER_AuditorSignatureP *auditor_sig)
{
struct GNUNET_PQ_QueryParam params[] = {
GNUNET_PQ_query_param_auto_from_type (auditor_pub),
GNUNET_PQ_query_param_auto_from_type (h_denom_pub),
GNUNET_PQ_query_param_end
};
struct GNUNET_PQ_ResultSpec rs[] = {
GNUNET_PQ_result_spec_auto_from_type ("auditor_sig",
auditor_sig),
GNUNET_PQ_result_spec_end
};
(void) cls;
return GNUNET_PQ_eval_prepared_singleton_select (session->conn,
"select_auditor_denom_sig",
params,
rs);
}
/**
* Closure for #wire_fee_by_time_helper()
*/
@ -9036,6 +9081,8 @@ libtaler_plugin_exchangedb_postgres_init (void *cls)
= &postgres_lookup_denomination_key;
plugin->insert_auditor_denom_sig
= &postgres_insert_auditor_denom_sig;
plugin->select_auditor_denom_sig
= &postgres_select_auditor_denom_sig;
plugin->lookup_wire_fee_by_time
= &postgres_lookup_wire_fee_by_time;
plugin->add_denomination_key

View File

@ -3436,6 +3436,25 @@ struct TALER_EXCHANGEDB_Plugin
const struct TALER_AuditorSignatureP *auditor_sig);
/**
* Obtain information about an auditor auditing a denomination key.
*
* @param cls closure
* @param session a session
* @param h_denom_pub the audited denomination
* @param auditor_pub the auditor's key
* @param[out] auditor_sig set to signature affirming the auditor's audit activity
* @return transaction status code
*/
enum GNUNET_DB_QueryStatus
(*select_auditor_denom_sig)(
void *cls,
struct TALER_EXCHANGEDB_Session *session,
const struct GNUNET_HashCode *h_denom_pub,
const struct TALER_AuditorPublicKeyP *auditor_pub,
struct TALER_AuditorSignatureP *auditor_sig);
/**
* Lookup information about known wire fees.
*