diff options
-rw-r--r-- | src/exchange/taler-exchange-httpd_auditors.c | 255 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_management_auditors.c | 8 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_management_auditors_AP_disable.c | 8 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_management_post_keys.c | 28 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_management_wire.c | 8 | ||||
-rw-r--r-- | src/include/taler_exchangedb_plugin.h | 302 | ||||
-rw-r--r-- | src/include/taler_signatures.h | 2 |
7 files changed, 587 insertions, 24 deletions
diff --git a/src/exchange/taler-exchange-httpd_auditors.c b/src/exchange/taler-exchange-httpd_auditors.c new file mode 100644 index 000000000..954cb9983 --- /dev/null +++ b/src/exchange/taler-exchange-httpd_auditors.c @@ -0,0 +1,255 @@ +/* + This file is part of TALER + Copyright (C) 2020 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file taler-exchange-httpd_auditors.c + * @brief Handle request to add auditor signature on a denomination. + * @author Christian Grothoff + */ +#include "platform.h" +#include <gnunet/gnunet_util_lib.h> +#include <gnunet/gnunet_json_lib.h> +#include <jansson.h> +#include <microhttpd.h> +#include <pthread.h> +#include "taler_json_lib.h" +#include "taler_mhd_lib.h" +#include "taler-exchange-httpd_refund.h" +#include "taler-exchange-httpd_responses.h" +#include "taler-exchange-httpd_keystate.h" + +/** + * Closure for the #add_auditor_denom_sig transaction. + */ +struct AddAuditorDenomContext +{ + /** + * Auditor's signature affirming the AUDITORS XXX operation + * (includes timestamp). + */ + struct TALER_AuditorSignatureP auditor_sig; + + /** + * Denomination this is about. + */ + const struct GNUNET_HashCode *h_denom_pub; + + /** + * Auditor this is about. + */ + const struct TALER_AuditorPublicKeyP *auditor_pub; + +}; + + +/** + * Function implementing database transaction to add an auditors. Runs the + * transaction logic; IF it returns a non-error code, the transaction logic + * MUST NOT queue a MHD response. IF it returns an hard error, the + * transaction logic MUST queue a MHD response and set @a mhd_ret. IF it + * returns the soft error code, the function MAY be called again to retry and + * MUST not queue a MHD response. + * + * @param cls closure with a `struct AddAuditorDenomContext` + * @param connection MHD request which triggered the transaction + * @param session database session to use + * @param[out] mhd_ret set to MHD response status for @a connection, + * if transaction failed (!) + * @return transaction status + */ +static enum GNUNET_DB_QueryStatus +add_auditor_denom_sig (void *cls, + struct MHD_Connection *connection, + struct TALER_EXCHANGEDB_Session *session, + MHD_RESULT *mhd_ret) +{ + struct AddAuditorDenomContext *awc = cls; + struct TALER_EXCHANGEDB_DenominationKeyMetaData meta; + enum GNUNET_DB_QueryStatus qs; + bool enabled; + + qs = TEH_plugin->lookup_deomination_key ( + TEH_plugin->cls, + session, + aws->h_denom_pub, + &meta); + if (qs < 0) + { + if (GNUNET_DB_STATUS_SOFT_ERROR == qs) + return qs; + GNUNET_break (0); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_LOOKUP_FAILED, + "lookup denomination key"); + return qs; + } + if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) + { + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_NOT_FOUND, + TALER_EC_XXX, + "denomination unkown"); + return GNUNET_DB_STATUS_HARD_ERROR; + } + + qs = TEH_plugin->lookup_auditor_status ( + TEH_plugin->cls, + session, + aws->auditor_pub, + &enabled); + if (qs < 0) + { + if (GNUNET_DB_STATUS_SOFT_ERROR == qs) + return qs; + GNUNET_break (0); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_LOOKUP_FAILED, + "lookup auditor"); + return qs; + } + if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) + { + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_PRECONDITION_FAILED, + TALER_EC_EXCHANGE_XXX, + "auditor unkown"); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if (! enabled) + { + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_GONE, + TALER_EC_EXCHANGE_XXX, + "auditor no longer in use"); + return GNUNET_DB_STATUS_HARD_ERROR; + } + { + struct TALER_ExchangeKeyValidityPS kv = { + .purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS), + .purpose.size = htonl (kv), + .master = TEH_master_public_key.eddsa_pub, + .start = meta->start, + .expire_withdraw = GNUNET_TIME_absolute_hton (meta.expire_withdraw), + .expire_deposit = GNUNET_TIME_absolute_hton (meta.expire_deposit), + .expire_legal = GNUNET_TIME_absolute_hton (meta.expire_legal), + .denom_hash = meta->denom_hash + }; + + TALER_amount_hton (&kv.value, + &meta.value); + TALER_amount_hton (&kv.fee_withdraw, + &meta.fee_withdraw); + TALER_amount_hton (&kv.fee_deposit, + &meta.fee_deposit); + TALER_amount_hton (&kv.fee_refresh, + &meta.fee_refresh); + TALER_amount_hton (&kv.fee_refund, + &meta.fee_refund); + GNUNET_CRYPTO_hash (auditor_url, + strlen (auditor_url) + 1, + &kv.auditor_url_hash); + if (GNUNET_OK != + GNUNET_CRYPTO_eddsa_verify ( + TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS, + &kv, + &master_sig.eddsa_sig, + &TEH_master_public_key.eddsa_pub)) + { + /* signature invalid */ + GNUNET_break_op (0); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_XXX, + NULL); + return GNUNET_DB_STATUS_HARD_ERROR; + } + } + + qs = TEH_plugin->insert_auditor_denom_sig (TEH_plugin->cls, + session, + awc->h_denom_pub, + awc->auditor_pub, + &aws->auditor_sig); + if (qs < 0) + { + GNUNET_break (0); + if (GNUNET_DB_STATUS_SOFT_ERROR == qs) + return qs; + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_STORE_FAILED, + "add auditor signature"); + return qs; + } + return qs; +} + + +/** + * Handle a "/auditors/$AUDITOR_PUB/$H_DENOM_PUB" request. + * + * @param connection the MHD connection to handle + * @param root uploaded JSON data + * @return MHD result code + */ +MHD_RESULT +TEH_handler_management_denominations_auditors ( + struct MHD_Connection *connection, + const struct TALER_AuditorPublicKeyP *auditor_pub, + const struct GNUNET_HashCode *h_denom_pub, + const json_t *root) +{ + struct AddAuditorDenomContext awc = { + .auditor_pub = auditor_pub, + .h_denom_pub = h_denom_pub + }; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_fixed_auto ("auditor_sig", + &awc.auditor_sig), + GNUNET_JSON_spec_end () + }; + enum GNUNET_DB_QueryStatus qs; + + { + enum GNUNET_GenericReturnValue res; + + res = TALER_MHD_parse_json_data (connection, + root, + spec); + if (GNUNET_SYSERR == res) + return MHD_NO; /* hard failure */ + if (GNUNET_NO == res) + return MHD_YES; /* failure */ + } + + qs = TEH_DB_run_transaction (connection, + "add auditor denom sig", + &res, + &add_auditor_denom_sig, + &awc); + if (qs < 0) + return res; + return TALER_MHD_reply_static ( + connection, + MHD_HTTP_NO_CONTENT, + NULL, + NULL, + 0); +} + + +/* end of taler-exchange-httpd_management_auditors.c */ diff --git a/src/exchange/taler-exchange-httpd_management_auditors.c b/src/exchange/taler-exchange-httpd_management_auditors.c index a69e2788a..4d4d411e7 100644 --- a/src/exchange/taler-exchange-httpd_management_auditors.c +++ b/src/exchange/taler-exchange-httpd_management_auditors.c @@ -82,10 +82,10 @@ add_auditor (void *cls, struct AddAuditorContext *aac = cls; struct GNUNET_TIME_Absolute last_date; - qs = TEH_plugin->lookup_auditor (TEH_plugin->cls, - session, - &aac->auditor_pub, - &last_date); + qs = TEH_plugin->lookup_auditor_timestamp (TEH_plugin->cls, + session, + &aac->auditor_pub, + &last_date); if (qs < 0) { if (GNUNET_DB_STATUS_SOFT_ERROR == qs) diff --git a/src/exchange/taler-exchange-httpd_management_auditors_AP_disable.c b/src/exchange/taler-exchange-httpd_management_auditors_AP_disable.c index 374a92036..043482bef 100644 --- a/src/exchange/taler-exchange-httpd_management_auditors_AP_disable.c +++ b/src/exchange/taler-exchange-httpd_management_auditors_AP_disable.c @@ -82,10 +82,10 @@ del_auditor (void *cls, struct DelAuditorContext *dac = cls; struct GNUNET_TIME_Absolute last_date; - qs = TEH_plugin->lookup_auditor (TEH_plugin->cls, - session, - &dac->auditor_pub, - &last_date); + qs = TEH_plugin->lookup_auditor_timestamp (TEH_plugin->cls, + session, + &dac->auditor_pub, + &last_date); if (qs < 0) { if (GNUNET_DB_STATUS_SOFT_ERROR == qs) diff --git a/src/exchange/taler-exchange-httpd_management_post_keys.c b/src/exchange/taler-exchange-httpd_management_post_keys.c index 9f7d56335..ab7afd34b 100644 --- a/src/exchange/taler-exchange-httpd_management_post_keys.c +++ b/src/exchange/taler-exchange-httpd_management_post_keys.c @@ -124,12 +124,13 @@ add_keys (void *cls, { enum GNUNET_DB_QueryStatus qs; bool is_active = false; + struct TALER_EXCHANGEDB_DenominationKeyMetaData meta; qs = TEH_plugin->lookup_future_deomination_key ( TEH_plugin->cls, session, &akc->d_sigs[i].h_denom_pub, - &META); + &meta); if (0 == qs) { /* For idempotency, check if the key is already active */ @@ -137,7 +138,7 @@ add_keys (void *cls, TEH_plugin->cls, session, &akc->d_sigs[i].h_denom_pub, - &META); + &meta); is_active = true; /* if we pass, it's active! */ } if (qs < 0) @@ -168,18 +169,23 @@ add_keys (void *cls, TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY), .purpose.size = htonl (sizeof (dkv)), .master = TEH_master_public_key, - .start = META.start, - .expire_withdraw = META.expire_withdraw, - .expire_deposit = META.expire_deposit, - .expire_legal = META.expire_legal, - .value = META.value, - .fee_withdraw = META.fee_withdraw, - .fee_deposit = META.fee_deposit, - .fee_refresh = META.fee_refresh, - .fee_refund = META.fee_refund, + .start = GNUNET_TIME_absolute_hton (meta.start), + .expire_withdraw = GNUNET_TIME_absolute_hton (meta.expire_withdraw), + .expire_deposit = GNUNET_TIME_absolute_hton (meta.expire_deposit), + .expire_legal = GNUNET_TIME_absolute_hton (meta.expire_legal), .denom_hash = akc->d_sigs[i].h_denom_pub }; + TALER_amount_hton (&dkv.value, + &meta.value); + TALER_amount_hton (&dkv.fee_withdraw, + &meta.fee_withdraw); + TALER_amount_hton (&dkv.fee_deposit, + &meta.fee_deposit); + TALER_amount_hton (&dkv.fee_refresh, + &meta.fee_refresh); + TALER_amount_hton (&dkv.fee_refund, + &meta.fee_refund); if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify ( TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY, diff --git a/src/exchange/taler-exchange-httpd_management_wire.c b/src/exchange/taler-exchange-httpd_management_wire.c index 8a13d6cfe..a841a1e67 100644 --- a/src/exchange/taler-exchange-httpd_management_wire.c +++ b/src/exchange/taler-exchange-httpd_management_wire.c @@ -84,10 +84,10 @@ add_wire (void *cls, struct AddWireContext *awc = cls; struct GNUNET_TIME_Absolute last_date; - qs = TEH_plugin->lookup_wire (TEH_plugin->cls, - session, - awc->payto_uri, - &last_date); + qs = TEH_plugin->lookup_wire_timestamp (TEH_plugin->cls, + session, + awc->payto_uri, + &last_date); if (qs < 0) { if (GNUNET_DB_STATUS_SOFT_ERROR == qs) diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index e2abb8a6a..159141f85 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -216,6 +216,84 @@ struct TALER_EXCHANGEDB_Reserve /** + * Meta data about a denomination public key. + */ +struct TALER_EXCHANGEDB_DenominationKeyMetaData +{ + /** + * Start time of the validity period for this key. + */ + struct GNUNET_TIME_Absolute start; + + /** + * The exchange will sign fresh coins between @e start and this time. + * @e expire_withdraw will be somewhat larger than @e start to + * ensure a sufficiently large anonymity set, while also allowing + * the Exchange to limit the financial damage in case of a key being + * compromised. Thus, exchanges with low volume are expected to have a + * longer withdraw period (@e expire_withdraw - @e start) than exchanges + * with high transaction volume. The period may also differ between + * types of coins. A exchange may also have a few denomination keys + * with the same value with overlapping validity periods, to address + * issues such as clock skew. + */ + struct GNUNET_TIME_Absolute expire_withdraw; + + /** + * Coins signed with the denomination key must be spent or refreshed + * between @e start and this expiration time. After this time, the + * exchange will refuse transactions involving this key as it will + * "drop" the table with double-spending information (shortly after) + * this time. Note that wallets should refresh coins significantly + * before this time to be on the safe side. @e expire_deposit must be + * significantly larger than @e expire_withdraw (by months or even + * years). + */ + struct GNUNET_TIME_Absolute expire_deposit; + + /** + * When do signatures with this denomination key become invalid? + * After this point, these signatures cannot be used in (legal) + * disputes anymore, as the Exchange is then allowed to destroy its side + * of the evidence. @e expire_legal is expected to be significantly + * larger than @e expire_deposit (by a year or more). + */ + struct GNUNET_TIME_Absolute expire_legal; + + /** + * The value of the coins signed with this denomination key. + */ + struct TALER_Amount value; + + /** + * The fee the exchange charges when a coin of this type is withdrawn. + * (can be zero). + */ + struct TALER_Amount fee_withdraw; + + /** + * The fee the exchange charges when a coin of this type is deposited. + * (can be zero). + */ + struct TALER_Amount fee_deposit; + + /** + * The fee the exchange charges when a coin of this type is refreshed. + * (can be zero). + */ + struct TALER_Amount fee_refresh; + + /** + * The fee the exchange charges when a coin of this type is refunded. + * (can be zero). Note that refund fees are charged to the customer; + * if a refund is given, the deposit fee is also refunded. + */ + struct TALER_Amount fee_refund; + +}; + + +/** * @brief Information we keep for a withdrawn coin to reproduce * the /withdraw operation if needed, and to have proof * that a reserve was drained by this amount. @@ -2876,6 +2954,230 @@ struct TALER_EXCHANGEDB_Plugin TALER_EXCHANGEDB_WireMissingCallback cb, void *cb_cls); + + /** + * Check the last date an auditor was modified. + * + * @param cls closure + * @param session a session + * @param auditor_pub key to look up information for + * @param[out] last_date last modification date to auditor status + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*lookup_auditor_timestamp)(void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct TALER_AuditorPublicKeyP *auditor_pub, + struct GNUNET_TIME_Absolute *last_date); + + + /** + * Lookup current state of an auditor. + * + * @param cls closure + * @param session a session + * @param auditor_pub key to look up information for + * @param[out] set to the base URL of the auditor's REST API + * @param[out] enabled set if the auditor is currently in use + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*lookup_auditor_status)(void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct TALER_AuditorPublicKeyP *auditor_pub, + char *auditor_url, + bool *enabled); + + + /** + * Insert information about an auditor that will audit this exchange. + * + * @param cls closure + * @param session a session + * @param auditor_pub key of the auditor + * @param auditor_url base URL of the auditor's REST service + * @param start_date date when the auditor was added by the offline system + * (only to be used for replay detection) + * @param master_sig signature affirming the addition of the auditor + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*insert_auditor)(void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct TALER_AuditorPublicKeyP *auditor_pub, + const char *auditor_url, + struct GNUNET_TIME_Absolute start_date, + const struct TALER_MasterSignatureP *master_sig); + + + /** + * Update information about an auditor that will audit this exchange. + * + * @param cls closure + * @param session a session + * @param auditor_pub key of the auditor (primary key for the existing record) + * @param auditor_url base URL of the auditor's REST service, to be updated + * @param change_date date when the auditor status was last changed + * (only to be used for replay detection) + * @param master_sig signature affirming the change in status (enable or disable) + * @param enabled true to enable, false to disable + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*update_auditor)(void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct TALER_AuditorPublicKeyP *auditor_pub, + const char *auditor_url, + struct GNUNET_TIME_Absolute change_date, + const struct TALER_MasterSignatureP *master_sig, + bool enabled); + + + /** + * Check the last date an exchange wire account was modified. + * + * @param cls closure + * @param session a session + * @param payto_uri key to look up information for + * @param[out] last_date last modification date to auditor status + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*lookup_wire_timestamp)(void *cls, + struct TALER_EXCHANGEDB_Session *session, + const char *payto_uri, + struct GNUNET_TIME_Absolute *last_date); + + + /** + * Insert information about an wire account used by this exchange. + * + * @param cls closure + * @param session a session + * @param payto_uri wire account of the exchange + * @param start_date date when the account was added by the offline system + * (only to be used for replay detection) + * @param master_sig signature affirming the addition of the account + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*insert_wire)(void *cls, + struct TALER_EXCHANGEDB_Session *session, + const char *payto_uri, + struct GNUNET_TIME_Absolute start_date, + const struct TALER_MasterSignatureP *master_sig); + + + /** + * Update information about a wire account of the exchange. + * + * @param cls closure + * @param session a session + * @param payto_uri account the update is about + * @param change_date date when the account status was last changed + * (only to be used for replay detection) + * @param master_sig signature affirming the change in status (enable or disable) + * @param enabled true to enable, false to disable (the actual change) + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*update_wire)(void *cls, + struct TALER_EXCHANGEDB_Session *session, + const char *payto_uri, + struct GNUNET_TIME_Absolute change_date, + const struct TALER_MasterSignatureP *master_sig, + bool enabled); + + + /** + * Store information about a revoked online signing key. + * + * @param cls closure + * @param session a session (can be NULL) + * @param exchange_pub exchange online signing key that was revoked + * @param master_sig signature affirming the revocation + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*insert_signkey_revocation)( + void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct TALER_ExchangePublicKeyP *exchange_pub, + const struct TALER_MasterSignatureP *master_sig); + + + /** + * Lookup information about a future denomination key. + * + * @param cls closure + * @param session a session + * @param h_denom_pub hash of the denomination public key + * @param[out] meta set to various meta data about the key + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*lookup_future_denomination_key)( + void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_EXCHANGEDB_DenominationKeyMetaData *meta); + + + /** + * Lookup information about current denomination key. + * + * @param cls closure + * @param session a session + * @param h_denom_pub hash of the denomination public key + * @param[out] meta set to various meta data about the key + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*lookup_denomination_key)( + void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_EXCHANGEDB_DenominationKeyMetaData *meta); + + + /** + * Activate future denomination key, turning it into a "current" or "valid" + * denomination key by adding the master signature. Deletes the + * denomination key from the 'future' table an inserts the data into the + * main denominations table. Because this function will trigger multiple SQL + * statements, it must be run within a transaction. + * + * @param cls closure + * @param session a session + * @param h_denom_pub hash of the denomination public key + * @param master_sig master signature to add + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*activate_denomination_key)( + void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_MasterSignatureP *master_sig); + + + /** + * Insert information about an auditor auditing a denomination key. + * + * @param cls closure + * @param session a session + * @param h_denom_pub the audited denomination + * @param auditor_pub the auditor's key + * @param auditor_sig signature affirming the auditor's audit activity + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*insert_auditor_denom_sig)(void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_AuditorPublicKeyP *auditor_pub, + const struct + TALER_AuditorSignatureP *auditor_sig); }; #endif /* _TALER_EXCHANGE_DB_H */ diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index d80b267cf..c30f21d60 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2017 Taler Systems SA + Copyright (C) 2014-2020 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software |