[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-exchange] branch master updated: implement FIXME42:
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [taler-exchange] branch master updated: implement FIXME42: denomination signature checks (and test) in taler-auditor |
|
Date: |
Tue, 03 Sep 2019 06:22:02 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new e9e58b73 implement FIXME42: denomination signature checks (and test)
in taler-auditor
e9e58b73 is described below
commit e9e58b735496f35f2eff60f83af3536bcaf7f937
Author: Christian Grothoff <address@hidden>
AuthorDate: Tue Sep 3 06:21:51 2019 +0200
implement FIXME42: denomination signature checks (and test) in taler-auditor
---
src/auditor/taler-auditor.c | 81 +++++++++++++++++++++++++++++++++++++++------
src/auditor/test-auditor.sh | 62 ++++++++++++++++++++++++----------
2 files changed, 115 insertions(+), 28 deletions(-)
diff --git a/src/auditor/taler-auditor.c b/src/auditor/taler-auditor.c
index 3e0c7f73..0563ff70 100644
--- a/src/auditor/taler-auditor.c
+++ b/src/auditor/taler-auditor.c
@@ -34,14 +34,12 @@
* this eventually anyway!
*
* KNOWN BUGS:
- * - we also seem to nowhere check the denomination signatures over the coins
- * (While as the exchange could easily falsify those, we should
- * probably check as otherwise insider *without* RSA private key
- * access could still create false paybacks to drain exchange funds!)
- * => See FIXME42 for last place (likely) missing!
* - error handling if denomination keys are used that are not known to the
* auditor is, eh, awful / non-existent. We just throw the DB's constraint
* violation back at the user. Great UX.
+ *
+ * UNDECIDED:
+ * - do we care about checking the 'done' flag in deposit_cb?
*/
#include "platform.h"
#include <gnunet/gnunet_util_lib.h>
@@ -3513,6 +3511,55 @@ reveal_data_cb (void *cls,
/**
+ * Check that the @a coin_pub is a known coin with a proper
+ * signature for denominatinon @a denom_pub. If not, report
+ * a loss of @a loss_potential.
+ *
+ * @param coin_pub public key of a coin
+ * @param denom_pub expected denomination of the coin
+ * @return database transaction status, on success
+ * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT
+ */
+static enum GNUNET_DB_QueryStatus
+check_known_coin (const struct TALER_CoinSpendPublicKeyP *coin_pub,
+ const struct TALER_DenominationPublicKey *denom_pub,
+ const struct TALER_Amount *loss_potential)
+{
+ struct TALER_CoinPublicInfo ci;
+ enum GNUNET_DB_QueryStatus qs;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Checking denomination signature on %s\n",
+ TALER_B2S (coin_pub));
+ qs = edb->get_known_coin (edb->cls,
+ esession,
+ coin_pub,
+ &ci);
+ if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs)
+ {
+ GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
+ return qs;
+ }
+ if (GNUNET_YES !=
+ TALER_test_coin_valid (&ci,
+ denom_pub))
+ {
+ report (report_bad_sig_losses,
+ json_pack ("{s:s, s:I, s:o, s:o}",
+ "operation", "known-coin",
+ "row", (json_int_t) -1,
+ "loss", TALER_JSON_from_amount (loss_potential),
+ "key_pub", GNUNET_JSON_from_data_auto (coin_pub)));
+ GNUNET_break (GNUNET_OK ==
+ TALER_amount_add (&total_bad_sig_loss,
+ &total_bad_sig_loss,
+ loss_potential));
+ }
+ return qs;
+}
+
+
+/**
* Function called with details about coins that were melted, with the
* goal of auditing the refresh's execution. Verifies the signature
* and updates our information about coins outstanding (the old coin's
@@ -3559,9 +3606,15 @@ refresh_session_cb (void *cls,
cc->qs = qs;
return GNUNET_SYSERR;
}
- // FIXME42: should verify that the
- // coin was properly signed via TALER_test_coin_valid() here!
- // (but would need more information from DB to do so!)
+ if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT !=
+ check_known_coin (coin_pub,
+ denom_pub,
+ amount_with_fee))
+ {
+ GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
+ cc->qs = qs;
+ return GNUNET_SYSERR;
+ }
/* verify melt signature */
rmc.purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_MELT);
@@ -3904,9 +3957,15 @@ deposit_cb (void *cls,
cc->qs = qs;
return GNUNET_SYSERR;
}
- // FIXME42: should verify that the
- // coin was properly signed via TALER_test_coin_valid() here!
- // (but may need more information from DB to do so!)
+ if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT !=
+ check_known_coin (coin_pub,
+ denom_pub,
+ amount_with_fee))
+ {
+ GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
+ cc->qs = qs;
+ return GNUNET_SYSERR;
+ }
/* Verify deposit signature */
dr.purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_DEPOSIT);
diff --git a/src/auditor/test-auditor.sh b/src/auditor/test-auditor.sh
index f51ec473..7e99fdea 100755
--- a/src/auditor/test-auditor.sh
+++ b/src/auditor/test-auditor.sh
@@ -9,7 +9,7 @@ set -eu
# Set of numbers for all the testcases.
# When adding new tests, increase the last number:
-ALL_TESTS=`seq 0 5`
+ALL_TESTS=`seq 0 6`
# $TESTS determines which tests we should run.
# This construction is used to make it easy to
@@ -42,7 +42,7 @@ function exit_fail() {
# before auditor (to trigger pending wire transfers).
function run_audit () {
# Launch bank
- echo "Launching bank"
+ echo -n "Launching bank "
taler-bank-manage -c test-auditor.conf serve-http 2>bank.err >bank.log &
while true
do
@@ -50,28 +50,30 @@ function run_audit () {
wget http://localhost:8082/ -o /dev/null -O /dev/null >/dev/null &&
break
sleep 1
done
- echo "OK"
+ echo " DONE"
if test ${1:-no} = "aggregator"
then
- echo "Running exchange aggregator"
+ echo -e "Running exchange aggregator ..."
taler-exchange-aggregator -t -c test-auditor.conf
+ echo " DONE"
fi
# Run the auditor!
- echo "Running audit(s)"
+ echo -n "Running audit(s) ..."
taler-auditor -r -c test-auditor.conf -m $MASTER_PUB > test-audit.json 2>
test-audit.log || exit_fail "auditor failed"
taler-wire-auditor -r -c test-auditor.conf -m $MASTER_PUB >
test-wire-audit.json 2> test-wire-audit.log || exit_fail "wire auditor failed"
-
- echo "Shutting down services"
+ echo " DONE"
+
kill `jobs -p` || true
- echo "TeXing"
+ echo -n "TeXing ..."
../../contrib/render.py test-audit.json test-wire-audit.json <
../../contrib/auditor-report.tex.j2 > test-report.tex || exit_fail "Renderer
failed"
timeout 10 pdflatex test-report.tex >/dev/null || exit_fail "pdflatex
failed"
timeout 10 pdflatex test-report.tex >/dev/null
+ echo "DONE"
}
@@ -94,7 +96,7 @@ echo "Checking output"
# if an emergency was detected, that is a bug and we should fail
echo -n "Test for emergencies... "
jq -e .emergencies[0] < test-audit.json > /dev/null && exit_fail "Unexpected
emergency detected in ordinary run" || echo OK
-
+echo -n "Test for emergencies by count... "
jq -e .emergencies_by_count[0] < test-audit.json > /dev/null && exit_fail
"Unexpected emergency by count detected in ordinary run" || echo OK
echo -n "Test for wire inconsistencies... "
@@ -137,12 +139,15 @@ if test $WIRED != "TESTKUDOS:0"
then
exit_fail "Expected total missattribution in wrong, got $WIRED"
fi
+echo " OK"
# FIXME: check NO lag reported
# cannot easily undo aggregator, hence full reload
+echo -n "Reloading database ..."
full_reload
-echo "OK"
+echo "DONE"
+
}
@@ -157,7 +162,7 @@ echo "Checking output"
# if an emergency was detected, that is a bug and we should fail
echo -n "Test for emergencies... "
jq -e .emergencies[0] < test-audit.json > /dev/null && exit_fail "Unexpected
emergency detected in ordinary run" || echo OK
-
+echo -n "Test for emergencies by count... "
jq -e .emergencies_by_count[0] < test-audit.json > /dev/null && exit_fail
"Unexpected emergency by count detected in ordinary run" || echo OK
echo -n "Test for wire inconsistencies... "
@@ -319,7 +324,8 @@ test_4() {
echo "===========4: deposit wire target wrong================="
# Original target bank account was 43, changing to 44
-echo "UPDATE deposits SET
wire='{\"url\":\"payto://x-taler-bank/localhost:8082/44\",\"salt\":\"test-salt
(must be constant for aggregation tests)\"}' WHERE deposit_serial_id=1" | psql
-Aqt $DB
+OLD_WIRE=`echo 'SELECT wire FROM deposits WHERE deposit_serial_id=1;' | psql
taler-auditor-test -Aqt`
+echo "UPDATE deposits SET
wire='{\"url\":\"payto://x-taler-bank/localhost:8082/44\",\"salt\":\"test-salt\"}'
WHERE deposit_serial_id=1" | psql -Aqt $DB
run_audit
@@ -348,7 +354,7 @@ then
fi
# Undo:
-echo "UPDATE deposits SET
wire='{\"url\":\"payto://x-taler-bank/localhost:8082/43\",\"salt\":\"test-salt
(must be constant for aggregation tests)\"}' WHERE deposit_serial_id=1" | psql
-Aqt $DB
+echo "UPDATE deposits SET wire='$OLD_WIRE' WHERE deposit_serial_id=1" | psql
-Aqt $DB
}
@@ -401,12 +407,33 @@ echo "===========6: known_coins signature
wrong================="
# Modify denom_sig, so it is wrong
OLD_SIG=`echo 'SELECT denom_sig FROM known_coins LIMIT 1;' | psql
taler-auditor-test -Aqt`
COIN_PUB=`echo "SELECT coin_pub FROM known_coins WHERE denom_sig='$OLD_SIG';"
| psql taler-auditor-test -Aqt`
-echo "UPDATE known_coins SET
denom_sig='\x287369672d76616c200a2028727361200a20202873202335423837314237433930364446433034424244304530393532464136424641324635373031393741313134373537463246323233323946444431463246433334453939394133363634303342334131333244444642394138333538334645363544423743354344453044414430353744383633364345414238344638433238433444463041443630303434304130383534353630393738334344313332393937364236424334373130413246324141324144354138333034324343463141394646353942444343463744
[...]
+echo "UPDATE known_coins SET
denom_sig='\x287369672d76616c200a2028727361200a20202873202335423837314237433930364446433034424244304530393532464136424641324635373031393741313134373537463246323233323946444431463246433334453939394133363634303342334131333244444642394138333538334645363544423743354344453044414530353744383633364345414238344638433238433444463041443630303434304130383534353630393738334344313332393937364236424334373130413246324141324144354138333034324343463141394646353942444343463744
[...]
run_audit
-# FIXME: add logic to check bad signature was detected
-# (NOTE: FIXME42-bug: auditor does not yet check denom_sigs!)
+ROW=`jq -e .bad_sig_losses[0].row < test-audit.json`
+if test $ROW != "-1"
+then
+ exit_fail "Row wrong, got $ROW"
+fi
+
+LOSS=`jq -r .bad_sig_losses[0].loss < test-audit.json`
+if test $LOSS != "TESTKUDOS:0.1"
+then
+ exit_fail "Wrong deposit bad signature loss, got $LOSS"
+fi
+
+OP=`jq -r .bad_sig_losses[0].operation < test-audit.json`
+if test $OP != "known-coin"
+then
+ exit_fail "Wrong operation, got $OP"
+fi
+
+LOSS=`jq -r .total_bad_sig_loss < test-audit.json`
+if test $LOSS != "TESTKUDOS:0.1"
+then
+ exit_fail "Wrong total bad sig loss, got $LOSS"
+fi
# Undo
echo "UPDATE known_coins SET denom_sig='$OLD_SIG' WHERE coin_pub='$COIN_PUB'"
| psql -Aqt $DB
@@ -460,8 +487,9 @@ taler-bank-manage -h >/dev/null </dev/null || exit_skip
"taler-bank-manage requi
echo "Testing for pdflatex"
which pdflatex > /dev/null </dev/null || exit_skip "pdflatex required"
-echo "Database setup"
+echo -n "Database setup ..."
full_reload
+echo " DONE"
# Run test suite
fail=0
--
To stop receiving notification emails like this one, please contact
address@hidden.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-exchange] branch master updated: implement FIXME42: denomination signature checks (and test) in taler-auditor,
gnunet <=