set gzip timestamp to 0 in backup blob

2021-06-23 11:46:10 +02:00 · 2021-06-23 11:46:10 +02:00 · eaced5ca63
commit eaced5ca63
parent 6c14268c1a
2 changed files with 94 additions and 67 deletions
--- a/packages/taler-wallet-core/src/operations/backup/export.ts
+++ b/packages/taler-wallet-core/src/operations/backup/export.ts
@ -24,44 +24,54 @@
 /**
 * Imports.
 */
 import { hash } from "../../crypto/primitives/nacl-fast.js";
 import {
-  WalletBackupContentV1,
+  Amounts,
  BackupExchange,
  BackupCoin,
  BackupDenomination,
  BackupReserve,
  BackupPurchase,
  BackupProposal,
  BackupRefreshGroup,
  BackupBackupProvider,
  BackupTip,
  BackupRecoupGroup,
  BackupWithdrawalGroup,
  BackupBackupProviderTerms,
  BackupCoin,
  BackupCoinSource,
  BackupCoinSourceType,
  BackupDenomination,
  BackupExchange,
  BackupExchangeDetails,
  BackupExchangeWireFee,
-  BackupRefundItem,
+  BackupProposal,
  BackupRefundState,
  BackupProposalStatus,
  BackupPurchase,
  BackupRecoupGroup,
  BackupRefreshGroup,
  BackupRefreshOldCoin,
  BackupRefreshSession,
-  BackupExchangeDetails,
+  BackupRefundItem,
  BackupRefundState,
  BackupReserve,
  BackupTip,
  BackupWithdrawalGroup,
  canonicalizeBaseUrl,
  canonicalJson,
  getTimestampNow,
  Logger,
  timestampToIsoString,
  WalletBackupContentV1,
 } from "@gnu-taler/taler-util";
 import { InternalWalletState } from "../../common.js";
-import { provideBackupState, getWalletBackupState } from "./state.js";
+import { hash } from "../../crypto/primitives/nacl-fast.js";
 import { Amounts, getTimestampNow } from "@gnu-taler/taler-util";
 import {
  encodeCrock,
  getRandomBytes,
  stringToBytes,
 } from "../../crypto/talerCrypto.js";
 import {
  AbortStatus,
  CoinSourceType,
  CoinStatus,
  RefundState,
  AbortStatus,
  ProposalStatus,
  RefundState,
  WALLET_BACKUP_STATE_KEY,
 } from "../../db.js";
-import { encodeCrock, stringToBytes, getRandomBytes } from "../../crypto/talerCrypto.js";
+import { getWalletBackupState, provideBackupState } from "./state.js";
-import { canonicalizeBaseUrl, canonicalJson } from "@gnu-taler/taler-util";
+
 const logger = new Logger("backup/export.ts");
 export async function exportBackup(
  ws: InternalWalletState,
@ -444,8 +454,10 @@ export async function exportBackup(
        });
      });
      const ts = getTimestampNow();
      if (!bs.lastBackupTimestamp) {
-        bs.lastBackupTimestamp = getTimestampNow();
+        bs.lastBackupTimestamp = ts;
      }
      const backupBlob: WalletBackupContentV1 = {
@ -469,18 +481,30 @@ export async function exportBackup(
        tombstones: [],
      };
-      // If the backup changed, we increment our clock.
+      // If the backup changed, we change our nonce and timestamp.
      let h = encodeCrock(hash(stringToBytes(canonicalJson(backupBlob))));
-      if (h != bs.lastBackupPlainHash) {
+      if (h !== bs.lastBackupPlainHash) {
        logger.trace(
          `plain backup hash changed (from ${bs.lastBackupPlainHash}to ${h})`,
        );
        bs.lastBackupTimestamp = ts;
        backupBlob.timestamp = ts;
        bs.lastBackupPlainHash = encodeCrock(
          hash(stringToBytes(canonicalJson(backupBlob))),
        );
        bs.lastBackupNonce = encodeCrock(getRandomBytes(32));
        logger.trace(
          `setting timestamp to ${timestampToIsoString(ts)} and nonce to ${
            bs.lastBackupNonce
          }`,
        );
        await tx.config.put({
          key: WALLET_BACKUP_STATE_KEY,
          value: bs,
        });
      } else {
        logger.trace("backup hash did not change");
      }
      return backupBlob;
--- a/packages/taler-wallet-core/src/operations/backup/index.ts
+++ b/packages/taler-wallet-core/src/operations/backup/index.ts
@ -24,24 +24,39 @@
 /**
 * Imports.
 */
 import { InternalWalletState } from "../../common.js";
 import {
  AmountString,
  BackupRecovery,
  buildCodecForObject,
  canonicalizeBaseUrl,
  canonicalJson,
  Codec,
  codecForAmountString,
  codecForBoolean,
  codecForNumber,
  codecForString,
  codecOptional,
  ConfirmPayResultType,
  durationFromSpec,
  getTimestampNow,
  j2s,
  Logger,
  PreparePayResultType,
  RecoveryLoadRequest,
  RecoveryMergeStrategy,
  TalerErrorDetails,
  Timestamp,
  timestampAddDuration,
  URL,
  WalletBackupContentV1,
 } from "@gnu-taler/taler-util";
 import { gunzipSync, gzipSync } from "fflate";
 import { InternalWalletState } from "../../common.js";
 import { kdf } from "../../crypto/primitives/kdf.js";
 import {
-  BackupProviderRecord,
+  secretbox,
-  BackupProviderTerms,
+  secretbox_open,
-  ConfigRecord,
+} from "../../crypto/primitives/nacl-fast.js";
  WalletBackupConfState,
  WALLET_BACKUP_STATE_KEY,
 } from "../../db.js";
 import {
  checkDbInvariant,
  checkLogicInvariant,
 } from "../../util/invariants.js";
 import {
  bytesToString,
  decodeCrock,
@ -53,43 +68,24 @@ import {
  rsaBlind,
  stringToBytes,
 } from "../../crypto/talerCrypto.js";
-import { canonicalizeBaseUrl, canonicalJson, j2s } from "@gnu-taler/taler-util";
+import { CryptoApi } from "../../crypto/workers/cryptoApi.js";
 import {
-  durationFromSpec,
+  BackupProviderRecord,
-  getTimestampNow,
+  BackupProviderTerms,
-  Timestamp,
+  ConfigRecord,
-  timestampAddDuration,
+  WalletBackupConfState,
-  URL
+  WALLET_BACKUP_STATE_KEY,
-} from "@gnu-taler/taler-util";
+} from "../../db.js";
 import {
  buildCodecForObject,
  Codec,
  codecForBoolean,
  codecForNumber,
  codecForString,
  codecOptional,
 } from "@gnu-taler/taler-util";
 import {
  HttpResponseStatus,
  readSuccessResponseJsonOrThrow,
  readTalerErrorResponse,
 } from "../../util/http.js";
-import { Logger } from "@gnu-taler/taler-util";
+import {
-import { gunzipSync, gzipSync } from "fflate";
+  checkDbInvariant,
-import { kdf } from "../../crypto/primitives/kdf.js";
+  checkLogicInvariant,
 } from "../../util/invariants.js";
 import { initRetryInfo } from "../../util/retries.js";
 import {
  ConfirmPayResultType,
  PreparePayResultType,
  RecoveryLoadRequest,
  RecoveryMergeStrategy,
  TalerErrorDetails,
 } from "@gnu-taler/taler-util";
 import { CryptoApi } from "../../crypto/workers/cryptoApi.js";
 import {
  secretbox,
  secretbox_open,
 } from "../../crypto/primitives/nacl-fast.js";
 import {
  checkPaymentByProposalId,
  confirmPay,
@ -97,7 +93,7 @@ import {
 } from "../pay.js";
 import { exportBackup } from "./export.js";
 import { BackupCryptoPrecomputedData, importBackup } from "./import.js";
-import { provideBackupState, getWalletBackupState } from "./state.js";
+import { getWalletBackupState, provideBackupState } from "./state.js";
 const logger = new Logger("operations/backup.ts");
@ -137,7 +133,9 @@ export async function encryptBackup(
  chunks.push(nonce);
  const backupJsonContent = canonicalJson(blob);
  logger.trace("backup JSON size", backupJsonContent.length);
-  const compressedContent = gzipSync(stringToBytes(backupJsonContent));
+  const compressedContent = gzipSync(stringToBytes(backupJsonContent), {
    mtime: 0,
  });
  const secret = deriveBlobSecret(config);
  const encrypted = secretbox(compressedContent, nonce.slice(0, 24), secret);
  chunks.push(encrypted);
@ -261,7 +259,12 @@ async function runBackupCycleForProvider(
    backupJson,
  } = args;
  const accountKeyPair = deriveAccountKeyPair(backupConfig, provider.baseUrl);
  const newHash = encodeCrock(currentBackupHash);
  const oldHash = provider.lastBackupHash;
  logger.trace(`trying to upload backup to ${provider.baseUrl}`);
  logger.trace(`old hash ${oldHash}, new hash ${newHash}`);
  const syncSig = await ws.cryptoApi.makeSyncSignature({
    newHash: encodeCrock(currentBackupHash),