From fe232f1fed5323774578b01f83bf22a8923b684a Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 22 Dec 2020 18:27:34 +0100 Subject: integrate auditor signature check logic with taler-helper-auditor-coins --- src/auditor/report-lib.c | 76 +++++++------------------ src/auditor/report-lib.h | 10 ++++ src/auditor/taler-helper-auditor-coins.c | 86 +++++++++++++++++++++++++++++ src/exchangedb/plugin_exchangedb_postgres.c | 47 ++++++++++++++++ src/include/taler_exchangedb_plugin.h | 19 +++++++ 5 files changed, 181 insertions(+), 57 deletions(-) diff --git a/src/auditor/report-lib.c b/src/auditor/report-lib.c index e7d20dc53..6334e6f65 100644 --- a/src/auditor/report-lib.c +++ b/src/auditor/report-lib.c @@ -64,7 +64,12 @@ struct TALER_MasterPublicKeyP TALER_ARL_master_pub; /** * Public key of the auditor. */ -static struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub; +struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub; + +/** + * REST API endpoint of the auditor. + */ +char *TALER_ARL_auditor_url; /** * At what time did the auditor process start? @@ -177,62 +182,6 @@ add_denomination ( GNUNET_CONTAINER_multihashmap_get (denominations, &issue->denom_hash)) return; /* value already known */ -#if FIXME_IMPLEMENT - qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls, - TALER_ARL_esession, - &issue->denom_hash, - &TALER_ARL_auditor_pub, - &auditor_sig); - if (0 >= qs) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Encountered denomination `%s' that this auditor is not auditing!\n", - GNUNET_h2s (&issue->denom_hash)); - return; /* skip! */ - } - { - // TODO: one of the auditor passes should really just do this - // add problems to JSON report (even if the implications are unclear), - // instead of doing it here! - struct TALER_Amount coin_value; - struct TALER_Amount fee_withdraw; - struct TALER_Amount fee_deposit; - struct TALER_Amount fee_refresh; - struct TALER_Amount fee_refund; - - TALER_amount_hton (&coin_value, - &issue->value); - TALER_amount_hton (&fee_withdraw, - &issue->fee_withdraw); - TALER_amount_hton (&fee_deposit, - &issue->fee_deposit); - TALER_amount_hton (&fee_refresh, - &issue->fee_refresh); - TALER_amount_hton (&fee_refund, - &issue->fee_refund); - if (GNUNET_OK != - TALER_auditor_denom_validity_verify ( - TALER_ARL_auditor_url, - &issue->denom_hash, - &TALER_ARL_master_pub, - GNUNET_TIME_absolute_ntoh (issue->start), - GNUNET_TIME_absolute_ntoh (issue->expire_withdraw), - GNUNET_TIME_absolute_ntoh (issue->expire_deposit), - GNUNET_TIME_absolute_ntoh (issue->expire_legal), - &coin_value, - &fee_withdraw, - &fee_deposit, - &fee_refresh, - &fee_refund, - &TALER_ARL_auditor_pub, - &auditor_sig)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Exchange has invalid signature from this auditor for denomination `%s' in its database!\n", - GNUNET_h2s (&issue->denom_hash)); - } - } -#endif #if GNUNET_EXTRA_LOGGING >= 1 { struct TALER_Amount value; @@ -728,6 +677,18 @@ TALER_ARL_init (const struct GNUNET_CONFIGURATION_Handle *c) { TALER_ARL_cfg = c; start_time = GNUNET_TIME_absolute_get (); + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (TALER_ARL_cfg, + "auditor", + "BASE_URL", + &TALER_ARL_auditor_url)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "auditor", + "BASE_URL"); + return GNUNET_SYSERR; + } if (GNUNET_YES == GNUNET_is_zero (&TALER_ARL_master_pub)) { /* -m option not given, try configuration */ @@ -944,6 +905,7 @@ TALER_ARL_done (json_t *report) JSON_INDENT (2)); json_decref (report); } + GNUNET_free (TALER_ARL_auditor_url); } diff --git a/src/auditor/report-lib.h b/src/auditor/report-lib.h index 04165ae4a..05632f2dc 100644 --- a/src/auditor/report-lib.h +++ b/src/auditor/report-lib.h @@ -74,6 +74,16 @@ extern struct TALER_AUDITORDB_Session *TALER_ARL_asession; */ extern struct TALER_MasterPublicKeyP TALER_ARL_master_pub; +/** + * Public key of the auditor. + */ +extern struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub; + +/** + * REST API endpoint of the auditor. + */ +extern char *TALER_ARL_auditor_url; + /** * At what time did the auditor process start? */ diff --git a/src/auditor/taler-helper-auditor-coins.c b/src/auditor/taler-helper-auditor-coins.c index 55feeec36..fe9cf7744 100644 --- a/src/auditor/taler-helper-auditor-coins.c +++ b/src/auditor/taler-helper-auditor-coins.c @@ -2196,6 +2196,81 @@ recoup_refresh_cb (void *cls, } +/** + * Function called with the results of iterate_denomination_info(), + * or directly (!). Used to check that we correctly signed the + * denomination and to warn if there are denominations not approved + * by this auditor. + * + * @param cls closure, NULL + * @param denom_pub public key, sometimes NULL (!) + * @param validity issuing information with value, fees and other info about the denomination. + */ +static void +check_denomination ( + void *cls, + const struct TALER_DenominationPublicKey *denom_pub, + const struct TALER_EXCHANGEDB_DenominationKeyInformationP *validity) +{ + const struct TALER_DenominationKeyValidityPS *issue = &validity->properties; + enum GNUNET_DB_QueryStatus qs; + struct TALER_AuditorSignatureP auditor_sig; + + qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls, + TALER_ARL_esession, + &issue->denom_hash, + &TALER_ARL_auditor_pub, + &auditor_sig); + if (0 >= qs) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Encountered denomination `%s' that this auditor is not auditing!\n", + GNUNET_h2s (&issue->denom_hash)); + return; /* skip! */ + } + { + struct TALER_Amount coin_value; + struct TALER_Amount fee_withdraw; + struct TALER_Amount fee_deposit; + struct TALER_Amount fee_refresh; + struct TALER_Amount fee_refund; + + TALER_amount_ntoh (&coin_value, + &issue->value); + TALER_amount_ntoh (&fee_withdraw, + &issue->fee_withdraw); + TALER_amount_ntoh (&fee_deposit, + &issue->fee_deposit); + TALER_amount_ntoh (&fee_refresh, + &issue->fee_refresh); + TALER_amount_ntoh (&fee_refund, + &issue->fee_refund); + if (GNUNET_OK != + TALER_auditor_denom_validity_verify ( + TALER_ARL_auditor_url, + &issue->denom_hash, + &TALER_ARL_master_pub, + GNUNET_TIME_absolute_ntoh (issue->start), + GNUNET_TIME_absolute_ntoh (issue->expire_withdraw), + GNUNET_TIME_absolute_ntoh (issue->expire_deposit), + GNUNET_TIME_absolute_ntoh (issue->expire_legal), + &coin_value, + &fee_withdraw, + &fee_deposit, + &fee_refresh, + &fee_refund, + &TALER_ARL_auditor_pub, + &auditor_sig)) + { + // FIXME: add properly to audit report! + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Exchange has invalid signature from this auditor for denomination `%s' in its database!\n", + GNUNET_h2s (&issue->denom_hash)); + } + } +} + + /** * Analyze the exchange's processing of coins. * @@ -2211,6 +2286,17 @@ analyze_coins (void *cls) enum GNUNET_DB_QueryStatus qsp; (void) cls; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Checking denominations...\n"); + qs = TALER_ARL_edb->iterate_denomination_info (TALER_ARL_edb->cls, + TALER_ARL_esession, + &check_denomination, + NULL); + if (0 > qs) + { + GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); + return qs; + } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Analyzing coins\n"); qsp = TALER_ARL_adb->get_auditor_progress_coin (TALER_ARL_adb->cls, diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c index 43b927c2d..71245dbc8 100644 --- a/src/exchangedb/plugin_exchangedb_postgres.c +++ b/src/exchangedb/plugin_exchangedb_postgres.c @@ -1597,6 +1597,14 @@ postgres_get_session (void *cls) ") VALUES " "($1, $2, $3);", 3), + /* used in #postgres_select_auditor_denom_sig() */ + GNUNET_PQ_make_prepare ("select_auditor_denom_sig", + "SELECT" + " auditor_sig" + " FROM auditor_denom_sigs" + " WHERE auditor_pub=$1" + " AND denom_pub_hash=$2", + 2), /* used in #postgres_lookup_wire_fee_by_time() */ GNUNET_PQ_make_prepare ("lookup_wire_fee_by_time", "SELECT" @@ -8695,6 +8703,43 @@ postgres_insert_auditor_denom_sig ( } +/** + * Select information about an auditor auditing a denomination key. + * + * @param cls closure + * @param session a session + * @param h_denom_pub the audited denomination + * @param auditor_pub the auditor's key + * @param[out] auditor_sig set to signature affirming the auditor's audit activity + * @return transaction status code + */ +static enum GNUNET_DB_QueryStatus +postgres_select_auditor_denom_sig ( + void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_AuditorPublicKeyP *auditor_pub, + struct TALER_AuditorSignatureP *auditor_sig) +{ + struct GNUNET_PQ_QueryParam params[] = { + GNUNET_PQ_query_param_auto_from_type (auditor_pub), + GNUNET_PQ_query_param_auto_from_type (h_denom_pub), + GNUNET_PQ_query_param_end + }; + struct GNUNET_PQ_ResultSpec rs[] = { + GNUNET_PQ_result_spec_auto_from_type ("auditor_sig", + auditor_sig), + GNUNET_PQ_result_spec_end + }; + + (void) cls; + return GNUNET_PQ_eval_prepared_singleton_select (session->conn, + "select_auditor_denom_sig", + params, + rs); +} + + /** * Closure for #wire_fee_by_time_helper() */ @@ -9036,6 +9081,8 @@ libtaler_plugin_exchangedb_postgres_init (void *cls) = &postgres_lookup_denomination_key; plugin->insert_auditor_denom_sig = &postgres_insert_auditor_denom_sig; + plugin->select_auditor_denom_sig + = &postgres_select_auditor_denom_sig; plugin->lookup_wire_fee_by_time = &postgres_lookup_wire_fee_by_time; plugin->add_denomination_key diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 068d97fba..8bf118a07 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -3436,6 +3436,25 @@ struct TALER_EXCHANGEDB_Plugin const struct TALER_AuditorSignatureP *auditor_sig); + /** + * Obtain information about an auditor auditing a denomination key. + * + * @param cls closure + * @param session a session + * @param h_denom_pub the audited denomination + * @param auditor_pub the auditor's key + * @param[out] auditor_sig set to signature affirming the auditor's audit activity + * @return transaction status code + */ + enum GNUNET_DB_QueryStatus + (*select_auditor_denom_sig)( + void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct GNUNET_HashCode *h_denom_pub, + const struct TALER_AuditorPublicKeyP *auditor_pub, + struct TALER_AuditorSignatureP *auditor_sig); + + /** * Lookup information about known wire fees. * -- cgit v1.2.3