aboutsummaryrefslogtreecommitdiff
path: root/src/include/anastasis_database_plugin.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/anastasis_database_plugin.h')
-rw-r--r--src/include/anastasis_database_plugin.h655
1 files changed, 655 insertions, 0 deletions
diff --git a/src/include/anastasis_database_plugin.h b/src/include/anastasis_database_plugin.h
new file mode 100644
index 0000000..488a5af
--- /dev/null
+++ b/src/include/anastasis_database_plugin.h
@@ -0,0 +1,655 @@
1/*
2 This file is part of Anastasis
3 Copyright (C) 2019 Taler Systems SA
4
5 Anastasis is free software; you can redistribute it and/or modify it under the
6 terms of the GNU Lesser General Public License as published by the Free Software
7 Foundation; either version 3, or (at your option) any later version.
8
9 Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
11 A PARTICULAR PURPOSE. See the GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License along with
14 Anastasis; see the file COPYING.GPL. If not, see <http://www.gnu.org/licenses/>
15*/
16/**
17 * @file include/anastasis_database_plugin.h
18 * @brief database access for Anastasis
19 * @author Christian Grothoff
20 */
21#ifndef ANASTASIS_DATABASE_PLUGIN_H
22#define ANASTASIS_DATABASE_PLUGIN_H
23
24#include "anastasis_service.h"
25#include <gnunet/gnunet_db_lib.h>
26
27/**
28 * How long is an offer for a challenge payment valid for payment?
29 */
30#define ANASTASIS_CHALLENGE_OFFER_LIFETIME GNUNET_TIME_UNIT_HOURS
31
32/**
33 * Return values for checking code validity.
34 */
35enum ANASTASIS_DB_CodeStatus
36{
37 /**
38 * Provided authentication code does not match database content.
39 */
40 ANASTASIS_DB_CODE_STATUS_CHALLENGE_CODE_MISMATCH = -3,
41
42 /**
43 * Encountered hard error talking to DB.
44 */
45 ANASTASIS_DB_CODE_STATUS_HARD_ERROR = -2,
46
47 /**
48 * Encountered serialization error talking to DB.
49 */
50 ANASTASIS_DB_CODE_STATUS_SOFT_ERROR = -1,
51
52 /**
53 * We have no challenge in the database.
54 */
55 ANASTASIS_DB_CODE_STATUS_NO_RESULTS = 0,
56
57 /**
58 * The provided challenge matches what we have in the database.
59 */
60 ANASTASIS_DB_CODE_STATUS_VALID_CODE_STORED = 1,
61};
62
63
64/**
65 * Return values for checking account validity.
66 */
67enum ANASTASIS_DB_AccountStatus
68{
69 /**
70 * Account is unknown, user should pay to establish it.
71 */
72 ANASTASIS_DB_ACCOUNT_STATUS_PAYMENT_REQUIRED = -3,
73
74 /**
75 * Encountered hard error talking to DB.
76 */
77 ANASTASIS_DB_ACCOUNT_STATUS_HARD_ERROR = -2,
78
79 /**
80 * Account is valid, but we have no policy stored yet.
81 */
82 ANASTASIS_DB_ACCOUNT_STATUS_NO_RESULTS = 0,
83
84 /**
85 * Account is valid, and we have a policy stored.
86 */
87 ANASTASIS_DB_ACCOUNT_STATUS_VALID_HASH_RETURNED = 1,
88};
89
90
91/**
92 * Return values for storing data in database with payment.
93 */
94enum ANASTASIS_DB_StoreStatus
95{
96 /**
97 * The client has stored too many policies, should pay to store more.
98 */
99 ANASTASIS_DB_STORE_STATUS_STORE_LIMIT_EXCEEDED = -4,
100
101 /**
102 * The client needs to pay to store policies.
103 */
104 ANASTASIS_DB_STORE_STATUS_PAYMENT_REQUIRED = -3,
105
106 /**
107 * Encountered hard error talking to DB.
108 */
109 ANASTASIS_DB_STORE_STATUS_HARD_ERROR = -2,
110
111 /**
112 * Despite retrying, we encountered serialization errors.
113 */
114 ANASTASIS_DB_STORE_STATUS_SOFT_ERROR = -1,
115
116 /**
117 * Database did not need an update (document exists).
118 */
119 ANASTASIS_DB_STORE_STATUS_NO_RESULTS = 0,
120
121 /**
122 * We successfully stored the document.
123 */
124 ANASTASIS_DB_STORE_STATUS_SUCCESS = 1,
125};
126
127
128/**
129 * Function called on all pending payments for an account or challenge.
130 *
131 * @param cls closure
132 * @param timestamp for how long have we been waiting
133 * @param payment_secret payment secret / order id in the backend
134 * @param amount how much is the order for
135 */
136typedef void
137(*ANASTASIS_DB_PaymentPendingIterator)(
138 void *cls,
139 struct GNUNET_TIME_Absolute timestamp,
140 const struct ANASTASIS_PaymentSecretP *payment_secret,
141 const struct TALER_Amount *amount);
142
143
144/**
145 * Handle to interact with the database.
146 *
147 * Functions ending with "_TR" run their OWN transaction scope
148 * and MUST NOT be called from within a transaction setup by the
149 * caller. Functions ending with "_NT" require the caller to
150 * setup a transaction scope. Functions without a suffix are
151 * simple, single SQL queries that MAY be used either way.
152 */
153struct ANASTASIS_DatabasePlugin
154{
155
156 /**
157 * Closure for all callbacks.
158 */
159 void *cls;
160
161 /**
162 * Name of the library which generated this plugin. Set by the
163 * plugin loader.
164 */
165 char *library_name;
166
167 /**
168 * Drop anastasis tables. Used for testcases.
169 *
170 * @param cls closure
171 * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure
172 */
173 int
174 (*drop_tables) (void *cls);
175
176 /**
177 * Function called to perform "garbage collection" on the
178 * database, expiring records we no longer require. Deletes
179 * all user records that are not paid up (and by cascade deletes
180 * the associated recovery documents). Also deletes expired
181 * truth and financial records older than @a fin_expire.
182 *
183 * @param cls closure
184 * @param expire_backups backups older than the given time stamp should be garbage collected
185 * @param expire_pending_payments payments still pending from since before
186 * this value should be garbage collected
187 * @return transaction status
188 */
189 enum GNUNET_DB_QueryStatus
190 (*gc)(void *cls,
191 struct GNUNET_TIME_Absolute expire,
192 struct GNUNET_TIME_Absolute expire_pending_payments);
193
194 /**
195 * Do a pre-flight check that we are not in an uncommitted transaction.
196 * If we are, try to commit the previous transaction and output a warning.
197 * Does not return anything, as we will continue regardless of the outcome.
198 *
199 * @param cls the `struct PostgresClosure` with the plugin-specific state
200 */
201 void
202 (*preflight) (void *cls);
203
204 /**
205 * Check that the database connection is still up.
206 *
207 * @param pg connection to check
208 */
209 void
210 (*check_connection) (void *cls);
211
212 /**
213 * Roll back the current transaction of a database connection.
214 *
215 * @param cls the `struct PostgresClosure` with the plugin-specific state
216 * @return #GNUNET_OK on success
217 */
218 void
219 (*rollback) (void *cls);
220
221 /**
222 * Start a transaction.
223 *
224 * @param cls the `struct PostgresClosure` with the plugin-specific state
225 * @param name unique name identifying the transaction (for debugging),
226 * must point to a constant
227 * @return #GNUNET_OK on success
228 */
229 int
230 (*start) (void *cls,
231 const char *name);
232
233 /**
234 * Commit the current transaction of a database connection.
235 *
236 * @param cls the `struct PostgresClosure` with the plugin-specific state
237 * @return transaction status code
238 */
239 enum GNUNET_DB_QueryStatus
240 (*commit)(void *cls);
241
242
243 /**
244 * Store encrypted recovery document.
245 *
246 * @param cls closure
247 * @param anastasis_pub public key of the user's account
248 * @param account_sig signature affirming storage request
249 * @param data_hash hash of @a data
250 * @param data contains encrypted_recovery_document
251 * @param data_size size of data blob
252 * @param payment_secret identifier for the payment, used to later charge on uploads
253 * @param[out] version set to the version assigned to the document by the database
254 * @return transaction status, 0 if upload could not be finished because @a payment_secret
255 * did not have enough upload left; HARD error if @a payment_secret is unknown, ...
256 */
257 enum ANASTASIS_DB_StoreStatus
258 (*store_recovery_document)(
259 void *cls,
260 const struct ANASTASIS_CRYPTO_AccountPublicKeyP *anastasis_pub,
261 const struct ANASTASIS_AccountSignatureP *account_sig,
262 const struct GNUNET_HashCode *data_hash,
263 const void *data,
264 size_t data_size,
265 const struct ANASTASIS_PaymentSecretP *payment_secret,
266 uint32_t *version);
267
268
269 /**
270 * Fetch recovery document for user according given version.
271 *
272 * @param cls closure
273 * @param anastasis_pub public key of the user's account
274 * @param version the version number of the policy the user requests
275 * @param[out] account_sig signature
276 * @param[out] recovery_data_hash hash of the current recovery data
277 * @param[out] data_size size of data blob
278 * @param[out] data blob which contains the recovery document
279 * @return transaction status
280 */
281 enum GNUNET_DB_QueryStatus
282 (*get_recovery_document)(
283 void *cls,
284 const struct ANASTASIS_CRYPTO_AccountPublicKeyP *anastasis_pub,
285 uint32_t version,
286 struct ANASTASIS_AccountSignatureP *account_sig,
287 struct GNUNET_HashCode *recovery_data_hash,
288 size_t *data_size,
289 void **data);
290
291
292 /**
293 * Fetch latest recovery document for user.
294 *
295 * @param cls closure
296 * @param anastasis_pub public key of the user's account
297 * @param account_sig signature
298 * @param recovery_data_hash hash of the current recovery data
299 * @param[out] data_size set to size of @a data blob
300 * @param[out] data set to blob which contains the recovery document
301 * @param[out] version set to the version number of the policy being returned
302 * @return transaction status
303 */
304 enum GNUNET_DB_QueryStatus
305 (*get_latest_recovery_document)(
306 void *cls,
307 const struct ANASTASIS_CRYPTO_AccountPublicKeyP *anastasis_pub,
308 struct ANASTASIS_AccountSignatureP *account_sig,
309 struct GNUNET_HashCode *recovery_data_hash,
310 size_t *data_size,
311 void **data,
312 uint32_t *version);
313
314
315 /**
316 * Upload Truth, which contains the Truth and the KeyShare.
317 *
318 * @param cls closure
319 * @param truth_uuid the identifier for the Truth
320 * @param key_share_data contains information of an EncryptedKeyShare
321 * @param method name of method
322 * @param nonce nonce used to compute encryption key for encrypted_truth
323 * @param aes_gcm_tag authentication tag of encrypted_truth
324 * @param encrypted_truth contains the encrypted Truth which includes the ground truth i.e. H(challenge answer), phonenumber, SMS
325 * @param encrypted_truth_size the size of the Truth
326 * @param truth_expiration time till the according data will be stored
327 * @return transaction status
328 */
329 enum GNUNET_DB_QueryStatus
330 (*store_truth)(
331 void *cls,
332 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid,
333 const struct ANASTASIS_CRYPTO_EncryptedKeyShareP *key_share_data,
334 const char *mime_type,
335 const void *encrypted_truth,
336 size_t encrypted_truth_size,
337 const char *method,
338 struct GNUNET_TIME_Relative truth_expiration);
339
340
341 /**
342 * Get the encrypted truth to validate the challenge response
343 *
344 * @param cls closure
345 * @param truth_uuid the identifier for the Truth
346 * @param[out] truth contains the encrypted truth
347 * @param[out] truth_size size of the encrypted truth
348 * @param[out] truth_mime mime type of truth
349 * @param[out] method type of the challenge
350 * @return transaction status
351 */
352 enum GNUNET_DB_QueryStatus
353 (*get_escrow_challenge)(
354 void *cls,
355 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid,
356 void **truth,
357 size_t *truth_size,
358 char **truth_mime,
359 char **method);
360
361
362 /**
363 * Lookup (encrypted) key share by @a truth_uuid.
364 *
365 * @param cls closure
366 * @param truth_uuid the identifier for the Truth
367 * @param[out] key_share set to the encrypted Keyshare
368 * @return transaction status
369 */
370 enum GNUNET_DB_QueryStatus
371 (*get_key_share)(
372 void *cls,
373 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid,
374 struct ANASTASIS_CRYPTO_EncryptedKeyShareP *key_share);
375
376
377 /**
378 * Check if an account exists, and if so, return the
379 * current @a recovery_document_hash.
380 *
381 * @param cls closure
382 * @param anastasis_pub account identifier
383 * @param[out] paid_until until when is the account paid up?
384 * @param[out] recovery_data_hash set to hash of @a recovery document
385 * @param[out] version set to the recovery policy version
386 * @return transaction status
387 */
388 enum ANASTASIS_DB_AccountStatus
389 (*lookup_account)(
390 void *cls,
391 const struct ANASTASIS_CRYPTO_AccountPublicKeyP *anastasis_pub,
392 struct GNUNET_TIME_Absolute *paid_until,
393 struct GNUNET_HashCode *recovery_data_hash,
394 uint32_t *version);
395
396
397 /**
398 * Check payment identifier. Used to check if a payment identifier given by
399 * the user is valid (existing and paid).
400 *
401 * @param cls closure
402 * @param payment_secret payment secret which the user must provide with every upload
403 * @param[out] paid bool value to show if payment is paid
404 * @param[out] valid_counter bool value to show if post_counter is > 0
405 * @return transaction status
406 */
407 enum GNUNET_DB_QueryStatus
408 (*check_payment_identifier)(
409 void *cls,
410 const struct ANASTASIS_PaymentSecretP *payment_secret,
411 bool *paid,
412 bool *valid_counter);
413
414
415 /**
416 * Check payment identifier. Used to check if a payment identifier given by
417 * the user is valid (existing and paid).
418 *
419 * @param cls closure
420 * @param payment_secret payment secret which the user must provide with every upload
421 * @param truth_uuid unique identifier of the truth the user must satisfy the challenge
422 * @param[out] paid bool value to show if payment is paid
423 * @param[out] valid_counter bool value to show if post_counter is > 0
424 * @return transaction status
425 */
426 enum GNUNET_DB_QueryStatus
427 (*check_challenge_payment)(
428 void *cls,
429 const struct ANASTASIS_PaymentSecretP *payment_secret,
430 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid,
431 bool *paid);
432
433
434 /**
435 * Increment account lifetime by @a lifetime.
436 *
437 * @param cls closure
438 * @param account_pub which account received a payment
439 * @param payment_identifier proof of payment, must be unique and match pending payment
440 * @param lifetime for how long is the account now paid (increment)
441 * @param[out] paid_until set to the end of the lifetime after the operation
442 * @return transaction status
443 */
444 enum GNUNET_DB_QueryStatus
445 (*increment_lifetime)(
446 void *cls,
447 const struct ANASTASIS_CRYPTO_AccountPublicKeyP *anastasis_pub,
448 const struct ANASTASIS_PaymentSecretP *payment_identifier,
449 struct GNUNET_TIME_Relative lifetime,
450 struct GNUNET_TIME_Absolute *paid_until);
451
452
453 /**
454 * Update account lifetime to the maximum of the current
455 * value and @a eol.
456 *
457 * @param cls closure
458 * @param account_pub which account received a payment
459 * @param payment_identifier proof of payment, must be unique and match pending payment
460 * @param eol for how long is the account now paid (absolute)
461 * @return transaction status
462 */
463 enum GNUNET_DB_QueryStatus
464 (*update_lifetime)(
465 void *cls,
466 const struct ANASTASIS_CRYPTO_AccountPublicKeyP *anastasis_pub,
467 const struct ANASTASIS_PaymentSecretP *payment_identifier,
468 struct GNUNET_TIME_Absolute eol);
469
470
471 /**
472 * Store payment. Used to begin a payment, not indicative
473 * that the payment actually was made. (That is done
474 * when we increment the account's lifetime.)
475 *
476 * @param cls closure
477 * @param anastasis_pub anastasis's public key
478 * @param post_counter how many uploads does @a amount pay for
479 * @param payment_secret payment secret which the user must provide with every upload
480 * @param amount how much we asked for
481 * @return transaction status
482 */
483 enum GNUNET_DB_QueryStatus
484 (*record_recdoc_payment)(
485 void *cls,
486 const struct ANASTASIS_CRYPTO_AccountPublicKeyP *anastasis_pub,
487 uint32_t post_counter,
488 const struct ANASTASIS_PaymentSecretP *payment_secret,
489 const struct TALER_Amount *amount);
490
491
492 /**
493 * Record truth upload payment was made.
494 *
495 * @param cls closure
496 * @param uuid the truth's UUID
497 * @param amount the amount that was paid
498 * @param duration how long is the truth paid for
499 * @return transaction status
500 */
501 enum GNUNET_DB_QueryStatus
502 (*record_truth_upload_payment)(
503 void *cls,
504 const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid,
505 const struct TALER_Amount *amount,
506 struct GNUNET_TIME_Relative duration);
507
508
509 /**
510 * Inquire whether truth upload payment was made.
511 *
512 * @param cls closure
513 * @param uuid the truth's UUID
514 * @param[out] paid_until set for how long this truth is paid for
515 * @return transaction status
516 */
517 enum GNUNET_DB_QueryStatus
518 (*check_truth_upload_paid)(
519 void *cls,
520 const struct ANASTASIS_CRYPTO_TruthUUIDP *uuid,
521 struct GNUNET_TIME_Absolute *paid_until);
522
523
524 /**
525 * Verify the provided code with the code on the server.
526 * If the code matches the function will return with success, if the code
527 * does not match, the retry counter will be decreased by one.
528 *
529 * @param cls closure
530 * @param truth_pub identification of the challenge which the code corresponds to
531 * @param hashed_code code which the user provided and wants to verify
532 * @return transaction status
533 */
534 enum ANASTASIS_DB_CodeStatus
535 (*verify_challenge_code)(
536 void *cls,
537 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_pub,
538 const struct GNUNET_HashCode *hashed_code);
539
540 /**
541 * Insert a new challenge code for a given challenge identified by the challenge
542 * public key. The function will first check if there is already a valid code
543 * for this challenge present and won't insert a new one in this case.
544 *
545 * @param cls closure
546 * @param truth_uuid the identifier for the challenge
547 * @param rotation_period for how long is the code available
548 * @param validity_period for how long is the code available
549 * @param retry_counter amount of retries allowed
550 * @param[out] retransmission_date when to next retransmit
551 * @param[out] code set to the code which will be checked for later
552 * @return transaction status,
553 * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we are out of valid tries,
554 * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if @a code is now in the DB
555 */
556 enum GNUNET_DB_QueryStatus
557 (*create_challenge_code)(
558 void *cls,
559 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid,
560 struct GNUNET_TIME_Relative rotation_period,
561 struct GNUNET_TIME_Relative validity_period,
562 unsigned int retry_counter,
563 struct GNUNET_TIME_Absolute *retransmission_date,
564 uint64_t *code);
565
566
567 /**
568 * Remember in the database that we successfully sent a challenge.
569 *
570 * @param cls closure
571 * @param truth_uuid the identifier for the challenge
572 * @param code the challenge that was sent
573 */
574 enum GNUNET_DB_QueryStatus
575 (*mark_challenge_sent)(
576 void *cls,
577 const struct ANASTASIS_PaymentSecretP *payment_secret,
578 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid,
579 uint64_t code);
580
581
582 /**
583 * Store payment for challenge.
584 *
585 * @param cls closure
586 * @param truth_key identifier of the challenge to pay
587 * @param payment_secret payment secret which the user must provide with every upload
588 * @param amount how much we asked for
589 * @return transaction status
590 */
591 enum GNUNET_DB_QueryStatus
592 (*record_challenge_payment)(
593 void *cls,
594 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid,
595 const struct ANASTASIS_PaymentSecretP *payment_secret,
596 const struct TALER_Amount *amount);
597
598
599 /**
600 * Record refund for challenge.
601 *
602 * @param cls closure
603 * @param truth_key identifier of the challenge to pay
604 * @param payment_secret payment secret which the user must provide with every upload
605 * @return transaction status
606 */
607 enum GNUNET_DB_QueryStatus
608 (*record_challenge_refund)(
609 void *cls,
610 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid,
611 const struct ANASTASIS_PaymentSecretP *payment_secret);
612
613
614 /**
615 * Lookup for a pending payment for a certain challenge
616 *
617 * @param cls closure
618 * @param truth_uuid identification of the challenge
619 * @param[out] payment_secret set to the challenge payment secret
620 * @return transaction status
621 */
622 enum GNUNET_DB_QueryStatus
623 (*lookup_challenge_payment)(
624 void *cls,
625 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid,
626 struct ANASTASIS_PaymentSecretP *payment_secret);
627
628
629 /**
630 * Update payment status of challenge
631 *
632 * @param cls closure
633 * @param truth_uuid which challenge received a payment
634 * @param payment_identifier proof of payment, must be unique and match pending payment
635 * @return transaction status
636 */
637 enum GNUNET_DB_QueryStatus
638 (*update_challenge_payment)(
639 void *cls,
640 const struct ANASTASIS_CRYPTO_TruthUUIDP *truth_uuid,
641 const struct ANASTASIS_PaymentSecretP *payment_identifier);
642
643
644 /**
645 * Function called to remove all expired codes from the database.
646 * FIXME: maybe implement as part of @e gc() in the future.
647 *
648 * @return transaction status
649 */
650 enum GNUNET_DB_QueryStatus
651 (*challenge_gc)(void *cls);
652
653
654};
655#endif