summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-03-27 12:30:31 +0100
committerChristian Grothoff <christian@grothoff.org>2020-03-27 12:30:31 +0100
commit31746d812837b64e1c6ba345efd6d59764e0c4dc (patch)
tree6d7f32bd5f1207161c4fd8c5c93697beb68823b0
parent13bbcef87b7a88344aa09922205932a80dd610ac (diff)
downloadexchange-31746d812837b64e1c6ba345efd6d59764e0c4dc.tar.gz
exchange-31746d812837b64e1c6ba345efd6d59764e0c4dc.tar.bz2
exchange-31746d812837b64e1c6ba345efd6d59764e0c4dc.zip
enable test 32
-rw-r--r--contrib/auditor-report.tex.j235
-rw-r--r--src/auditor/taler-helper-auditor-aggregation.c11
-rw-r--r--src/auditor/taler-helper-auditor-coins.c11
-rwxr-xr-xsrc/auditor/test-auditor.sh48
4 files changed, 60 insertions, 45 deletions
diff --git a/contrib/auditor-report.tex.j2 b/contrib/auditor-report.tex.j2
index 16b53e20..4d01f2f5 100644
--- a/contrib/auditor-report.tex.j2
+++ b/contrib/auditor-report.tex.j2
@@ -707,31 +707,23 @@ This section lists operations that the exchange performed, but for
which the signatures provided are invalid. Hence the operations were
invalid and the amount involved should be considered lost.
-The key given is always the key for which the signature verification
-step failed. This is the reserve public key for ``withdraw''
-operations, the coin public key for ``deposit'' and ``melt''
-operations, the merchant's public key for ``melt'' operations,
-the (hash of the) denomination public key for
-``recoup-verify'' and ``deposit-verify'' operations, and the master
-public key for ``recoup-master'' operations.
-
-\subsubsection{For aggregations}
+\subsubsection{For aggregation}
-% Table generation tested by testcase #XX in test-auditor.sh
+% Table generation tested by testcase #32 in test-auditor.sh
{% if aggregation.bad_sig_losses|length() == 0 %}
{\bf All signatures were valid.}
{% else %}
\begin{longtable}{l|r|r}
- \multicolumn{3}{l}{ {\bf Public key} }\\
+ \multicolumn{3}{l}{ {\bf Coin public key} }\\
{\bf Operation type} & Database row & {\bf Loss amount} \\
\hline \hline
\endfirsthead
- \multicolumn{3}{l}{ {\bf Public key} }\\
+ \multicolumn{3}{l}{ {\bf Coin public key} }\\
{\bf Operation type} & Database row & {\bf Loss amount} \\ \hline \hline
\endhead
\hline \hline
- \multicolumn{3}{l}{ {\bf Public key} }\\
+ \multicolumn{3}{l}{ {\bf Coin public key} }\\
{\bf Operation type} & Database row & {\bf Loss amount} \\
\endfoot
\hline
@@ -741,7 +733,7 @@ public key for ``recoup-master'' operations.
\label{table:bad_signature_losses}
\endlastfoot
{% for item in aggregation.bad_sig_losses %}
- \multicolumn{3}{l}{ {\tt \small \truncate{0.9\textwidth}{ {{ item.key_pub }} } } } \\
+ \multicolumn{3}{l}{ {\tt \small \truncate{0.9\textwidth}{ {{ item.coin_pub }} } } } \\
\nopagebreak
{{ item.operation }} &
{{ item.row }} &
@@ -759,15 +751,15 @@ public key for ``recoup-master'' operations.
{\bf All signatures were valid.}
{% else %}
\begin{longtable}{l|r|r}
- \multicolumn{3}{l}{ {\bf Public key} }\\
+ \multicolumn{3}{l}{ {\bf Coin public key} }\\
{\bf Operation type} & Database row & {\bf Loss amount} \\
\hline \hline
\endfirsthead
- \multicolumn{3}{l}{ {\bf Public key} }\\
+ \multicolumn{3}{l}{ {\bf Coin public key} }\\
{\bf Operation type} & Database row & {\bf Loss amount} \\ \hline \hline
\endhead
\hline \hline
- \multicolumn{3}{l}{ {\bf Public key} }\\
+ \multicolumn{3}{l}{ {\bf Coin public key} }\\
{\bf Operation type} & Database row & {\bf Loss amount} \\
\endfoot
\hline
@@ -790,6 +782,13 @@ public key for ``recoup-master'' operations.
% Table generation tested by testcase #7 in test-auditor.sh
+The key given is always the key for which the signature verification step
+failed. This is the reserve public key for ``withdraw'' operations, the coin
+public key for ``recoup'' operations, and the master public key for
+``recoup-master'' operations (where the master's signature on the revocation
+is invalid).
+
+
{% if reserves.bad_sig_losses|length() == 0 %}
{\bf All signatures were valid.}
{% else %}
@@ -1140,7 +1139,7 @@ with respect to what wire fee it charges at what time.
This section describes issues found that do not have a clear financial
impact.
-\subsubsection{For aggregations}
+\subsubsection{For aggregation}
% Table generation tested by testcase #15/#25 in test-auditor.sh
diff --git a/src/auditor/taler-helper-auditor-aggregation.c b/src/auditor/taler-helper-auditor-aggregation.c
index a26cf5dc..e0fe1e2c 100644
--- a/src/auditor/taler-helper-auditor-aggregation.c
+++ b/src/auditor/taler-helper-auditor-aggregation.c
@@ -845,6 +845,9 @@ wire_transfer_information_cb (
wcc->qs = qs;
return;
}
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Testing coin `%s' for validity\n",
+ TALER_B2S (&coin.coin_pub));
if (GNUNET_OK !=
TALER_test_coin_valid (&coin,
denom_pub))
@@ -854,8 +857,8 @@ wire_transfer_information_cb (
"operation", "wire",
"row", (json_int_t) rowid,
"loss", TALER_JSON_from_amount (coin_value),
- "key_pub", GNUNET_JSON_from_data_auto (
- &issue->denom_hash)));
+ "coin_pub", GNUNET_JSON_from_data_auto (
+ &coin.coin_pub)));
GNUNET_assert (GNUNET_OK ==
TALER_amount_add (&total_bad_sig_loss,
&total_bad_sig_loss,
@@ -1490,10 +1493,10 @@ run (void *cls,
"total_wire_out_delta_minus",
TALER_JSON_from_amount (
&total_wire_out_delta_minus),
- /* Tested in test-auditor.sh #28 */
+ /* Tested in test-auditor.sh #28/32 */
"bad_sig_losses",
report_bad_sig_losses,
- /* Tested in test-auditor.sh #28 */
+ /* Tested in test-auditor.sh #28/32 */
"total_bad_sig_loss",
TALER_JSON_from_amount (&total_bad_sig_loss),
/* block #2 */
diff --git a/src/auditor/taler-helper-auditor-coins.c b/src/auditor/taler-helper-auditor-coins.c
index b292da8b..8cf8ce5b 100644
--- a/src/auditor/taler-helper-auditor-coins.c
+++ b/src/auditor/taler-helper-auditor-coins.c
@@ -31,14 +31,11 @@
#include "report-lib.h"
/**
- * How many coin histories do we keep in RAM at any given point in
- * time? Used bound memory consumption of the auditor. Larger values
- * reduce database accesses.
- *
- * Set to a VERY low value here for testing. Practical values may be
- * in the millions.
+ * How many coin histories do we keep in RAM at any given point in time?
+ * Expect a few kB per coin history to be used. Used bound memory consumption
+ * of the auditor. Larger values reduce database accesses.
*/
-#define MAX_COIN_HISTORIES 4
+#define MAX_COIN_HISTORIES (16 * 1024 * 1024)
/**
* Use a 1 day grace period to deal with clocks not being perfectly synchronized.
diff --git a/src/auditor/test-auditor.sh b/src/auditor/test-auditor.sh
index c32cab44..b1be12d2 100755
--- a/src/auditor/test-auditor.sh
+++ b/src/auditor/test-auditor.sh
@@ -9,7 +9,7 @@ set -eu
# Set of numbers for all the testcases.
# When adding new tests, increase the last number:
-ALL_TESTS=`seq 0 31`
+ALL_TESTS=`seq 0 32`
# $TESTS determines which tests we should run.
# This construction is used to make it easy to
@@ -60,7 +60,6 @@ function pre_audit () {
exit_skip "Failed to launch bank"
fi
echo " DONE"
-
if test ${1:-no} = "aggregator"
then
echo -n "Running exchange aggregator ..."
@@ -1595,6 +1594,7 @@ then
run_audit aggregator
+ echo -n "Testing inconsistency detection... "
ROW=`jq -e .bad_sig_losses[0].row < test-audit-aggregation.json`
if test $ROW != "1"
then
@@ -1624,6 +1624,7 @@ then
exit_fail "Wrong total bad sig loss, got $LOSS"
fi
+ echo "OK"
# cannot easily undo aggregator, hence full reload
full_reload
@@ -1643,6 +1644,7 @@ echo "UPDATE auditor_denominations SET fee_withdraw_frac=5000000 WHERE coin_val=
run_audit
+echo -n "Testing inconsistency detection... "
AMOUNT=`jq -r .total_balance_summary_delta_plus < test-audit-reserves.json`
if test "x$AMOUNT" == "xTESTKUDOS:0"
then
@@ -1654,7 +1656,7 @@ if test "x$PROFIT" != "x-1"
then
exit_fail "Reported wrong profitability: $PROFIT"
fi
-
+echo "OK"
# Undo
echo "UPDATE auditor_denominations SET fee_withdraw_frac=2000000 WHERE coin_val=1;" | psql -Aqt $DB
@@ -1669,7 +1671,7 @@ echo "===========30: melt fee inconsistency ================="
echo "UPDATE auditor_denominations SET fee_refresh_frac=5000000 WHERE coin_val=10;" | psql -Aqt $DB
run_audit
-
+echo -n "Testing inconsistency detection... "
AMOUNT=`jq -r .bad_sig_losses[0].loss < test-audit-coins.json`
if test "x$AMOUNT" == "xTESTKUDOS:0"
then
@@ -1683,7 +1685,7 @@ then
fi
jq -e .emergencies[0] < test-audit-coins.json > /dev/null && exit_fail "Unexpected emergency detected in ordinary run"
-
+echo "OK"
# Undo
echo "UPDATE auditor_denominations SET fee_refresh_frac=3000000 WHERE coin_val=1;" | psql -Aqt $DB
@@ -1705,8 +1707,8 @@ then
echo "UPDATE auditor_denominations SET fee_deposit_frac=5000000 WHERE coin_val=8;" | psql -Aqt $DB
- run_audit aggregation
-
+ run_audit aggregator
+ echo -n "Testing inconsistency detection... "
AMOUNT=`jq -r .total_bad_sig_loss < test-audit-coins.json`
if test "x$AMOUNT" == "xTESTKUDOS:0"
then
@@ -1714,11 +1716,12 @@ then
fi
OP=`jq -r .bad_sig_losses[0].operation < test-audit-coins.json`
- if test "x$OP" == "xdeposit"
+ if test "x$OP" != "xdeposit"
then
exit_fail "Reported wrong operation: $OP"
fi
+ echo "OK"
# Undo
echo "UPDATE auditor_denominations SET fee_deposit_frac=2000000 WHERE coin_val=8;" | psql -Aqt $DB
@@ -1744,16 +1747,30 @@ then
echo "===========32: known_coins signature wrong w. aggregation================="
# Modify denom_sig, so it is wrong
- OLD_SIG=`echo 'SELECT denom_sig FROM known_coins LIMIT 1;' | psql $DB -Aqt`
- COIN_PUB=`echo "SELECT coin_pub FROM known_coins WHERE denom_sig='$OLD_SIG';" | psql $DB -Aqt`
- echo "UPDATE known_coins SET denom_sig='\x287369672d76616c200a2028727361200a2020287320233542383731423743393036444643303442424430453039353246413642464132463537303139374131313437353746324632323332394644443146324643333445393939413336363430334233413133324444464239413833353833464536354442374335434445304441453035374438363336434541423834463843323843344446304144363030343430413038353435363039373833434431333239393736423642433437313041324632414132414435413833303432434346314139464635394244434346374436323238344143354544364131373739463430353032323241373838423837363535453434423145443831364244353638303232413123290a2020290a20290b' WHERE coin_pub='$COIN_PUB'" | psql -Aqt $DB
+ OLD_SIG=`echo 'SELECT denom_sig FROM known_coins LIMIT 1;' | psql $DB -At`
+ COIN_PUB=`echo "SELECT coin_pub FROM known_coins WHERE denom_sig='$OLD_SIG';" | psql $DB -At`
+ echo "UPDATE known_coins SET denom_sig='\x287369672d76616c200a2028727361200a2020287320233542383731423743393036444643303442424430453039353246413642464132463537303139374131313437353746324632323332394644443146324643333445393939413336363430334233413133324444464239413833353833464536354442374335434445304441453035374438363336434541423834463843323843344446304144363030343430413038353435363039373833434431333239393736423642433437313041324632414132414435413833303432434346314139464635394244434346374436323238344143354544364131373739463430353032323241373838423837363535453434423145443831364244353638303232413123290a2020290a20290b' WHERE coin_pub='$COIN_PUB'" | psql -At $DB
+
+ run_audit aggregator
+ echo -n "Testing inconsistency detection... "
- run_audit aggregation
+ AMOUNT=`jq -r .total_bad_sig_loss < test-audit-aggregation.json`
+ if test "x$AMOUNT" == "xTESTKUDOS:0"
+ then
+ exit_fail "Reported total amount wrong: $AMOUNT"
+ fi
+
+ OP=`jq -r .bad_sig_losses[0].operation < test-audit-aggregation.json`
+ if test "x$OP" != "xwire"
+ then
+ exit_fail "Reported wrong operation: $OP"
+ fi
# FIXME: test incomplete...
# BIG Q: why is wire_out empty? => aggregation test does not actually
# find WTIDs to check, and thus doesn't detect the bad signature!
+ echo "OK"
# Cannot undo aggregation, do full reload
full_reload
@@ -1802,10 +1819,9 @@ check_with_database()
break
fi
done
- # echo "Cleanup (disabled, leaving database $DB behind)"
- dropdb $DB
- rm -r $WIRE_FEE_DIR
- rm -f test-audit.log test-wire-audit.log
+ echo "Cleanup (disabled, leaving database $DB behind)"
+# dropdb $DB
+# rm -r $WIRE_FEE_DIR
}