[taler-exchange] branch master updated: implement #6661: secm key pinning via configuration

[gnunet]

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository exchange.

The following commit(s) were added to refs/heads/master by this push:
     new 247d1ca3 implement #6661: secm key pinning via configuration
247d1ca3 is described below

commit 247d1ca3e56461069c02481c7071b56e950fe78a
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Thu Dec 24 14:48:50 2020 +0100

    implement #6661: secm key pinning via configuration
---
 contrib/auditor-report.tex.j2               |  2 +-
 src/auditor/report-lib.c                    |  4 +-
 src/exchange-tools/exchange-offline.conf    |  6 +++
 src/exchange-tools/taler-exchange-offline.c | 68 +++++++++++++++++++++++++++++
 4 files changed, 77 insertions(+), 3 deletions(-)

diff --git a/contrib/auditor-report.tex.j2 b/contrib/auditor-report.tex.j2
index d9604051..c2d406eb 100644
--- a/contrib/auditor-report.tex.j2
+++ b/contrib/auditor-report.tex.j2
@@ -977,7 +977,7 @@ future denomnations. So this must be read with a keen eye 
on the
 business situation.
 
 
-{% if coins.unsigned_denominations() == 0 %}
+{% if coins.unsigned_denominations|length() == 0 %}
   {\bf All denominations officially audited by this auditor.}
 {% else %}
   \begin{longtable}{p{6cm}|r|r|r}
diff --git a/src/auditor/report-lib.c b/src/auditor/report-lib.c
index 6334e6f6..e3b41b1a 100644
--- a/src/auditor/report-lib.c
+++ b/src/auditor/report-lib.c
@@ -681,12 +681,12 @@ TALER_ARL_init (const struct GNUNET_CONFIGURATION_Handle 
*c)
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_string (TALER_ARL_cfg,
                                              "auditor",
-                                             "BASE_URL",
+                                             "AUDITOR_URL",
                                              &TALER_ARL_auditor_url))
   {
     GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
                                "auditor",
-                               "BASE_URL");
+                               "AUDITOR_URL");
     return GNUNET_SYSERR;
   }
   if (GNUNET_YES == GNUNET_is_zero (&TALER_ARL_master_pub))
diff --git a/src/exchange-tools/exchange-offline.conf 
b/src/exchange-tools/exchange-offline.conf
index 3d42cc63..336ec51b 100644
--- a/src/exchange-tools/exchange-offline.conf
+++ b/src/exchange-tools/exchange-offline.conf
@@ -7,3 +7,9 @@ MASTER_PRIV_FILE = 
${TALER_DATA_HOME}/exchange/offline-keys/master.priv
 
 # Where do we store the TOFU key material?
 SECM_TOFU_FILE = ${TALER_DATA_HOME}/exchange/offline-keys/secm_tofus.pub
+
+# Base32-encoded public key of the RSA helper.
+# SECM_DENOM_PUBKEY =
+
+# Base32-encoded public key of the EdDSA helper.
+# SECM_ESIGN_PUBKEY =
\ No newline at end of file
diff --git a/src/exchange-tools/taler-exchange-offline.c 
b/src/exchange-tools/taler-exchange-offline.c
index abcd52f2..97fc0b56 100644
--- a/src/exchange-tools/taler-exchange-offline.c
+++ b/src/exchange-tools/taler-exchange-offline.c
@@ -2331,6 +2331,74 @@ tofu_check (const struct TALER_SecurityModulePublicKeyP 
secm[2])
     GNUNET_free (fn);
     return GNUNET_OK;
   }
+  else
+  {
+    char *key;
+
+    /* check against SECMOD-keys pinned in configuration */
+    if (GNUNET_OK ==
+        GNUNET_CONFIGURATION_get_value_string (kcfg,
+                                               "exchange-offline",
+                                               "SECM_ESIGN_PUBKEY",
+                                               &key))
+    {
+      struct TALER_SecurityModulePublicKeyP k;
+
+      if (GNUNET_OK !=
+          GNUNET_STRINGS_string_to_data (key,
+                                         strlen (key),
+                                         &k,
+                                         sizeof (k)))
+      {
+        GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                                   "exchange-offline",
+                                   "SECM_ESIGN_PUBKEY",
+                                   "key malformed");
+        GNUNET_free (key);
+        return GNUNET_SYSERR;
+      }
+      GNUNET_free (key);
+      if (0 !=
+          GNUNET_memcmp (&k,
+                         &secm[1]))
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    "ESIGN security module key does not match 
SECM_ESIGN_PUBKEY in configuration\n");
+        return GNUNET_SYSERR;
+      }
+    }
+    if (GNUNET_OK ==
+        GNUNET_CONFIGURATION_get_value_string (kcfg,
+                                               "exchange-offline",
+                                               "SECM_DENOM_PUBKEY",
+                                               &key))
+    {
+      struct TALER_SecurityModulePublicKeyP k;
+
+      if (GNUNET_OK !=
+          GNUNET_STRINGS_string_to_data (key,
+                                         strlen (key),
+                                         &k,
+                                         sizeof (k)))
+      {
+        GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                                   "exchange-offline",
+                                   "SECM_DENOM_PUBKEY",
+                                   "key malformed");
+        GNUNET_free (key);
+        return GNUNET_SYSERR;
+      }
+      GNUNET_free (key);
+      if (0 !=
+          GNUNET_memcmp (&k,
+                         &secm[0]))
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    "DENOM security module key does not match 
SECM_DENOM_PUBKEY in configuration\n");
+        return GNUNET_SYSERR;
+      }
+    }
+  }
   /* persist keys for future runs */
   if (GNUNET_OK !=
       GNUNET_DISK_fn_write (fn,

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.