From 257c5a12043fd6a05ce2bf8aaa19fcf90eb10a78 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 12 Apr 2022 21:52:18 +0200 Subject: -make meta data mandatory --- doc/sphinx/rest.rst | 4 ++- src/backend/anastasis-httpd_policy-meta.c | 9 +++--- src/backend/anastasis-httpd_policy-upload.c | 37 ++++++++++++++--------- src/include/anastasis_service.h | 2 +- src/restclient/anastasis_api_policy_meta_lookup.c | 8 ++--- src/restclient/anastasis_api_policy_store.c | 1 - src/stasis/plugin_anastasis_postgres.c | 19 +++++------- src/stasis/stasis-0001.sql | 2 +- 8 files changed, 41 insertions(+), 41 deletions(-) diff --git a/doc/sphinx/rest.rst b/doc/sphinx/rest.rst index 835ac6f..6943387 100644 --- a/doc/sphinx/rest.rst +++ b/doc/sphinx/rest.rst @@ -174,7 +174,7 @@ In the following, UUID is always defined and used according to `RFC 4122`_. interface MetaData { // The meta value can be NULL if the document // exists but no meta data was provided. - meta?: String; + meta: string; // Server-time indicative of when the recovery // document was uploaded. @@ -263,6 +263,8 @@ In the following, UUID is always defined and used according to `RFC 4122`_. The server MUST refuse the upload with a ``304`` status code if the Etag matches the latest version already known to the server. + *Anastasis-Policy-Meta-Data*: Encrypted meta data to be stored by the server and returned with the respective endpoint to provide an overview of the available policies. Encrypted using a random nonce and a key derived from the user ID using the salt "rmd". The plaintext metadata must consist of the policy hash (for deduplication) and the (human readable) secret name. + *Anastasis-Policy-Signature*: The client must provide Base-32 encoded EdDSA signature over hash of body with ``$ACCOUNT_PRIV``, affirming desire to upload an encrypted recovery document. *Payment-Identifier*: Base-32 encoded 32-byte payment identifier that was included in a previous payment (see ``402`` status code). Used to allow the server to check that the client paid for the upload (to protect the server against DoS attacks) and that the client knows a real secret of financial value (as the **kdf_id** might be known to an attacker). If this header is missing in the client's request (or the associated payment has exceeded the upload limit), the server must return a ``402`` response. When making payments, the server must include a fresh, randomly-generated payment-identifier in the payment request. If a payment identifier is given, the Anastasis backend may block for the payment to be confirmed by Taler as specified by the ``timeout_ms`` argument. diff --git a/src/backend/anastasis-httpd_policy-meta.c b/src/backend/anastasis-httpd_policy-meta.c index a62a21e..67acc52 100644 --- a/src/backend/anastasis-httpd_policy-meta.c +++ b/src/backend/anastasis-httpd_policy-meta.c @@ -60,11 +60,10 @@ build_meta_result (void *cls, result, version_s, GNUNET_JSON_PACK ( - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_data_varsize ( - "meta", - recovery_meta_data, - recovery_meta_data_size)), + GNUNET_JSON_pack_data_varsize ( + "meta", + recovery_meta_data, + recovery_meta_data_size), GNUNET_JSON_pack_timestamp ( "upload_time", ts)))); diff --git a/src/backend/anastasis-httpd_policy-upload.c b/src/backend/anastasis-httpd_policy-upload.c index 2cc0389..32f0266 100644 --- a/src/backend/anastasis-httpd_policy-upload.c +++ b/src/backend/anastasis-httpd_policy-upload.c @@ -699,22 +699,29 @@ AH_handler_policy_post ( metas = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, ANASTASIS_HTTP_HEADER_POLICY_META_DATA); - if (NULL != metas) + if (NULL == metas) { - if (GNUNET_OK != - GNUNET_STRINGS_string_to_data_alloc (metas, - strlen (metas), - &puc->meta_data, - &puc->meta_data_size)) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error ( - connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_GENERIC_HTTP_HEADERS_MALFORMED, - ANASTASIS_HTTP_HEADER_POLICY_META_DATA - " header must include a base32-encoded value"); - } + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_HTTP_HEADERS_MALFORMED, + ANASTASIS_HTTP_HEADER_POLICY_META_DATA + " header must be present"); + } + if (GNUNET_OK != + GNUNET_STRINGS_string_to_data_alloc (metas, + strlen (metas), + &puc->meta_data, + &puc->meta_data_size)) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_HTTP_HEADERS_MALFORMED, + ANASTASIS_HTTP_HEADER_POLICY_META_DATA + " header must include a base32-encoded value"); } } /* now setup 'puc' */ diff --git a/src/include/anastasis_service.h b/src/include/anastasis_service.h index 8af0f07..d439ca5 100644 --- a/src/include/anastasis_service.h +++ b/src/include/anastasis_service.h @@ -477,7 +477,7 @@ typedef void * @param anastasis_priv private key of the user's account * @param recovery_data policy data to be stored * @param recovery_data_size number of bytes in @a recovery_data - * @param recovery_meta_data policy meta data to be stored, can be NULL + * @param recovery_meta_data policy meta data to be stored * @param recovery_meta_data_size number of bytes in @a recovery_meta_data * @param payment_years_requested for how many years would the client like the service to store the truth? * @param payment_secret payment identifier of last payment diff --git a/src/restclient/anastasis_api_policy_meta_lookup.c b/src/restclient/anastasis_api_policy_meta_lookup.c index 43c966e..3d1482f 100644 --- a/src/restclient/anastasis_api_policy_meta_lookup.c +++ b/src/restclient/anastasis_api_policy_meta_lookup.c @@ -134,11 +134,9 @@ handle_policy_meta_lookup_finished (void *cls, unsigned int ver; char dummy; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_varsize ("meta", - &md[off], - &metas[off].meta_data_size), - NULL), + GNUNET_JSON_spec_varsize ("meta", + &md[off], + &metas[off].meta_data_size), GNUNET_JSON_spec_timestamp ("upload_time", &metas[off].server_time), GNUNET_JSON_spec_end () diff --git a/src/restclient/anastasis_api_policy_store.c b/src/restclient/anastasis_api_policy_store.c index 2432079..7a8925f 100644 --- a/src/restclient/anastasis_api_policy_store.c +++ b/src/restclient/anastasis_api_policy_store.c @@ -428,7 +428,6 @@ ANASTASIS_policy_store ( job_headers = ext; /* Setup meta-data header */ - if (NULL != recovery_meta_data) { char *meta_val; diff --git a/src/stasis/plugin_anastasis_postgres.c b/src/stasis/plugin_anastasis_postgres.c index bfe86da..709228f 100644 --- a/src/stasis/plugin_anastasis_postgres.c +++ b/src/stasis/plugin_anastasis_postgres.c @@ -1030,10 +1030,8 @@ postgres_store_recovery_document ( GNUNET_PQ_query_param_auto_from_type (recovery_data_hash), GNUNET_PQ_query_param_fixed_size (recovery_data, recovery_data_size), - (NULL == recovery_meta_data) - ? GNUNET_PQ_query_param_null () - : GNUNET_PQ_query_param_fixed_size (recovery_meta_data, - recovery_meta_data_size), + GNUNET_PQ_query_param_fixed_size (recovery_meta_data, + recovery_meta_data_size), GNUNET_PQ_query_param_timestamp (&now), GNUNET_PQ_query_param_end }; @@ -2251,20 +2249,17 @@ meta_iterator (void *cls, for (unsigned int i = 0; i