diff options
author | Christian Grothoff <christian@grothoff.org> | 2022-01-11 12:47:35 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2022-01-11 12:47:35 +0100 |
commit | e7aeec04f4eb52caaa61b1ff9362f6fe0ffe0f2d (patch) | |
tree | 7e788144cff60c41a07e2bc136e86ddadf610274 /src/include | |
parent | aaaaa9a103628d7694a4fb3bac6335501187cc00 (diff) |
The current recoup API is broken. I guess this is another example where "trivial" API changes turn out to have (multiple!) unexpected consequences.
The current "/recoup" API does not have clear idempotency semantics, as we've discussed on the phone. This is already bad by itself, as it makes it hard to write down what the API does other than "whatever the implementation does".
However, it actually breaks correctness in this (admittedly kinda contrived, but not impossible) case:
Say that we have a coin A obtained via withdrawal and a coin B obtained via refreshing coin A. Now the denominations of A gets revoked..
The wallet does a recoup of A for EUR:1.
Now the denomination of B also gets revoked. The wallet recoups B (incidentally also for EUR:1) and now A can be recouped again for EUR:1. But now the exchange is in a state where it will refuse a legitimate recoup request for A because the detection for an idempotent request kicks in.
This is IMHO bad API design, and the exchange should simply always recoup the maximum amount.
Furthermore, we usually follow the principle of "API calls that take up DB space are paid". With the current recoup API, I can do many tiny recoup requests which the exchange then has to store, right?
I guess it would not be a big change to remove the "amount" value from the recoup/recoup-refresh request bodies, right?
- Florian
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/taler_crypto_lib.h | 6 | ||||
-rw-r--r-- | src/include/taler_exchange_service.h | 4 | ||||
-rw-r--r-- | src/include/taler_exchangedb_plugin.h | 4 | ||||
-rw-r--r-- | src/include/taler_signatures.h | 6 |
4 files changed, 1 insertions, 19 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index e608effa6..f1fa0285d 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -1839,7 +1839,6 @@ TALER_wallet_link_sign (const struct TALER_DenominationHash *h_denom_pub, * * @param h_denom_pub hash of the denomiantion public key of the coin * @param coin_bks blinding factor used when withdrawing the coin - * @param requested_amount amount that is left to be recouped * @param coin_pub coin key of the coin to be recouped * @param coin_sig resulting signature * @return #GNUNET_OK if the signature is valid @@ -1848,7 +1847,6 @@ enum GNUNET_GenericReturnValue TALER_wallet_recoup_verify ( const struct TALER_DenominationHash *h_denom_pub, const union TALER_DenominationBlindingKeyP *coin_bks, - const struct TALER_Amount *requested_amount, const struct TALER_CoinSpendPublicKeyP *coin_pub, const struct TALER_CoinSpendSignatureP *coin_sig); @@ -1866,7 +1864,6 @@ void TALER_wallet_recoup_sign ( const struct TALER_DenominationHash *h_denom_pub, const union TALER_DenominationBlindingKeyP *coin_bks, - const struct TALER_Amount *requested_amount, const struct TALER_CoinSpendPrivateKeyP *coin_priv, struct TALER_CoinSpendSignatureP *coin_sig); @@ -1876,7 +1873,6 @@ TALER_wallet_recoup_sign ( * * @param h_denom_pub hash of the denomiantion public key of the coin * @param coin_bks blinding factor used when withdrawing the coin - * @param requested_amount amount that is left to be recouped * @param coin_pub coin key of the coin to be recouped * @param coin_sig resulting signature * @return #GNUNET_OK if the signature is valid @@ -1885,7 +1881,6 @@ enum GNUNET_GenericReturnValue TALER_wallet_recoup_refresh_verify ( const struct TALER_DenominationHash *h_denom_pub, const union TALER_DenominationBlindingKeyP *coin_bks, - const struct TALER_Amount *requested_amount, const struct TALER_CoinSpendPublicKeyP *coin_pub, const struct TALER_CoinSpendSignatureP *coin_sig); @@ -1903,7 +1898,6 @@ void TALER_wallet_recoup_refresh_sign ( const struct TALER_DenominationHash *h_denom_pub, const union TALER_DenominationBlindingKeyP *coin_bks, - const struct TALER_Amount *requested_amount, const struct TALER_CoinSpendPrivateKeyP *coin_priv, struct TALER_CoinSpendSignatureP *coin_sig); diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h index 6976293cb..7fb5b4ec0 100644 --- a/src/include/taler_exchange_service.h +++ b/src/include/taler_exchange_service.h @@ -2035,7 +2035,6 @@ typedef void * @param pk kind of coin to pay back * @param denom_sig signature over the coin by the exchange using @a pk * @param ps secret internals of the original planchet - * @param amount value remaining on the coin that is being recouped * @param recoup_cb the callback to call when the final result for this request is available * @param recoup_cb_cls closure for @a recoup_cb * @return NULL @@ -2047,7 +2046,6 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange, const struct TALER_EXCHANGE_DenomPublicKey *pk, const struct TALER_DenominationSignature *denom_sig, const struct TALER_PlanchetSecretsP *ps, - const struct TALER_Amount *amount, TALER_EXCHANGE_RecoupResultCallback recoup_cb, void *recoup_cb_cls); @@ -2097,7 +2095,6 @@ typedef void * @param pk kind of coin to pay back * @param denom_sig signature over the coin by the exchange using @a pk * @param ps secret internals of the original planchet - * @param amount value remaining on the coin that is being recouped * @param recoup_cb the callback to call when the final result for this request is available * @param recoup_cb_cls closure for @a recoup_cb * @return NULL @@ -2110,7 +2107,6 @@ TALER_EXCHANGE_recoup_refresh ( const struct TALER_EXCHANGE_DenomPublicKey *pk, const struct TALER_DenominationSignature *denom_sig, const struct TALER_PlanchetSecretsP *ps, - const struct TALER_Amount *amount, TALER_EXCHANGE_RecoupRefreshResultCallback recoup_cb, void *recoup_cb_cls); diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 4aa80b674..5eb168e14 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -2596,7 +2596,6 @@ struct TALER_EXCHANGEDB_Plugin * @param cls the `struct PostgresClosure` with the plugin-specific state * @param reserve_pub public key of the reserve to credit * @param reserve_out_serial_id row in the reserves_out table justifying the recoup - * @param requested_amount the amount to be recouped * @param coin_bks coin blinding key secret to persist * @param coin_pub public key of the coin being recouped * @param known_coin_id row of the @a coin_pub in the known_coins table @@ -2611,7 +2610,6 @@ struct TALER_EXCHANGEDB_Plugin void *cls, const struct TALER_ReservePublicKeyP *reserve_pub, uint64_t reserve_out_serial_id, - const struct TALER_Amount *requested_amount, const union TALER_DenominationBlindingKeyP *coin_bks, const struct TALER_CoinSpendPublicKeyP *coin_pub, uint64_t known_coin_id, @@ -2628,7 +2626,6 @@ struct TALER_EXCHANGEDB_Plugin * @param cls the `struct PostgresClosure` with the plugin-specific state * @param old_coin_pub public key of the old coin to credit * @param rrc_serial row in the refresh_revealed_coins table justifying the recoup-refresh - * @param requested_amount the amount to be recouped * @param coin_bks coin blinding key secret to persist * @param coin_pub public key of the coin being recouped * @param known_coin_id row of the @a coin_pub in the known_coins table @@ -2643,7 +2640,6 @@ struct TALER_EXCHANGEDB_Plugin void *cls, const struct TALER_CoinSpendPublicKeyP *old_coin_pub, uint64_t rrc_serial, - const struct TALER_Amount *requested_amount, const union TALER_DenominationBlindingKeyP *coin_bks, const struct TALER_CoinSpendPublicKeyP *coin_pub, uint64_t known_coin_id, diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index 947c7e831..3ad1121ca 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -1507,6 +1507,7 @@ struct TALER_RecoupRequestPS { /** * Purpose is #TALER_SIGNATURE_WALLET_COIN_RECOUP + * or #TALER_SIGNATURE_WALLET_COIN_RECOUP_REFRESH. */ struct GNUNET_CRYPTO_EccSignaturePurpose purpose; @@ -1520,11 +1521,6 @@ struct TALER_RecoupRequestPS */ union TALER_DenominationBlindingKeyP coin_blind; - /** - * How much of the coin's value will be recouped? - */ - struct TALER_AmountNBO recoup_amount; - }; |