summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-12-24 14:48:50 +0100
committerChristian Grothoff <christian@grothoff.org>2020-12-24 14:48:50 +0100
commit247d1ca3e56461069c02481c7071b56e950fe78a (patch)
treef5d87d3579ff3e55fcecc44083176e685bd87753
parentdeed88fe3337059b2e1502939b7a5b55ee7417a8 (diff)
downloadexchange-247d1ca3e56461069c02481c7071b56e950fe78a.tar.gz
exchange-247d1ca3e56461069c02481c7071b56e950fe78a.tar.bz2
exchange-247d1ca3e56461069c02481c7071b56e950fe78a.zip
implement #6661: secm key pinning via configuration
-rw-r--r--contrib/auditor-report.tex.j22
-rw-r--r--src/auditor/report-lib.c4
-rw-r--r--src/exchange-tools/exchange-offline.conf6
-rw-r--r--src/exchange-tools/taler-exchange-offline.c68
4 files changed, 77 insertions, 3 deletions
diff --git a/contrib/auditor-report.tex.j2 b/contrib/auditor-report.tex.j2
index d96040512..c2d406ebe 100644
--- a/contrib/auditor-report.tex.j2
+++ b/contrib/auditor-report.tex.j2
@@ -977,7 +977,7 @@ future denomnations. So this must be read with a keen eye on the
business situation.
-{% if coins.unsigned_denominations() == 0 %}
+{% if coins.unsigned_denominations|length() == 0 %}
{\bf All denominations officially audited by this auditor.}
{% else %}
\begin{longtable}{p{6cm}|r|r|r}
diff --git a/src/auditor/report-lib.c b/src/auditor/report-lib.c
index 6334e6f65..e3b41b1a8 100644
--- a/src/auditor/report-lib.c
+++ b/src/auditor/report-lib.c
@@ -681,12 +681,12 @@ TALER_ARL_init (const struct GNUNET_CONFIGURATION_Handle *c)
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (TALER_ARL_cfg,
"auditor",
- "BASE_URL",
+ "AUDITOR_URL",
&TALER_ARL_auditor_url))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"auditor",
- "BASE_URL");
+ "AUDITOR_URL");
return GNUNET_SYSERR;
}
if (GNUNET_YES == GNUNET_is_zero (&TALER_ARL_master_pub))
diff --git a/src/exchange-tools/exchange-offline.conf b/src/exchange-tools/exchange-offline.conf
index 3d42cc63d..336ec51be 100644
--- a/src/exchange-tools/exchange-offline.conf
+++ b/src/exchange-tools/exchange-offline.conf
@@ -7,3 +7,9 @@ MASTER_PRIV_FILE = ${TALER_DATA_HOME}/exchange/offline-keys/master.priv
# Where do we store the TOFU key material?
SECM_TOFU_FILE = ${TALER_DATA_HOME}/exchange/offline-keys/secm_tofus.pub
+
+# Base32-encoded public key of the RSA helper.
+# SECM_DENOM_PUBKEY =
+
+# Base32-encoded public key of the EdDSA helper.
+# SECM_ESIGN_PUBKEY = \ No newline at end of file
diff --git a/src/exchange-tools/taler-exchange-offline.c b/src/exchange-tools/taler-exchange-offline.c
index abcd52f22..97fc0b560 100644
--- a/src/exchange-tools/taler-exchange-offline.c
+++ b/src/exchange-tools/taler-exchange-offline.c
@@ -2331,6 +2331,74 @@ tofu_check (const struct TALER_SecurityModulePublicKeyP secm[2])
GNUNET_free (fn);
return GNUNET_OK;
}
+ else
+ {
+ char *key;
+
+ /* check against SECMOD-keys pinned in configuration */
+ if (GNUNET_OK ==
+ GNUNET_CONFIGURATION_get_value_string (kcfg,
+ "exchange-offline",
+ "SECM_ESIGN_PUBKEY",
+ &key))
+ {
+ struct TALER_SecurityModulePublicKeyP k;
+
+ if (GNUNET_OK !=
+ GNUNET_STRINGS_string_to_data (key,
+ strlen (key),
+ &k,
+ sizeof (k)))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-offline",
+ "SECM_ESIGN_PUBKEY",
+ "key malformed");
+ GNUNET_free (key);
+ return GNUNET_SYSERR;
+ }
+ GNUNET_free (key);
+ if (0 !=
+ GNUNET_memcmp (&k,
+ &secm[1]))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "ESIGN security module key does not match SECM_ESIGN_PUBKEY in configuration\n");
+ return GNUNET_SYSERR;
+ }
+ }
+ if (GNUNET_OK ==
+ GNUNET_CONFIGURATION_get_value_string (kcfg,
+ "exchange-offline",
+ "SECM_DENOM_PUBKEY",
+ &key))
+ {
+ struct TALER_SecurityModulePublicKeyP k;
+
+ if (GNUNET_OK !=
+ GNUNET_STRINGS_string_to_data (key,
+ strlen (key),
+ &k,
+ sizeof (k)))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-offline",
+ "SECM_DENOM_PUBKEY",
+ "key malformed");
+ GNUNET_free (key);
+ return GNUNET_SYSERR;
+ }
+ GNUNET_free (key);
+ if (0 !=
+ GNUNET_memcmp (&k,
+ &secm[0]))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "DENOM security module key does not match SECM_DENOM_PUBKEY in configuration\n");
+ return GNUNET_SYSERR;
+ }
+ }
+ }
/* persist keys for future runs */
if (GNUNET_OK !=
GNUNET_DISK_fn_write (fn,