implement #6661: secm key pinning via configuration

This commit is contained in:
Christian Grothoff 2020-12-24 14:48:50 +01:00
parent deed88fe33
commit 247d1ca3e5
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
4 changed files with 77 additions and 3 deletions

View File

@ -977,7 +977,7 @@ future denomnations. So this must be read with a keen eye on the
business situation. business situation.
{% if coins.unsigned_denominations() == 0 %} {% if coins.unsigned_denominations|length() == 0 %}
{\bf All denominations officially audited by this auditor.} {\bf All denominations officially audited by this auditor.}
{% else %} {% else %}
\begin{longtable}{p{6cm}|r|r|r} \begin{longtable}{p{6cm}|r|r|r}

View File

@ -681,12 +681,12 @@ TALER_ARL_init (const struct GNUNET_CONFIGURATION_Handle *c)
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (TALER_ARL_cfg, GNUNET_CONFIGURATION_get_value_string (TALER_ARL_cfg,
"auditor", "auditor",
"BASE_URL", "AUDITOR_URL",
&TALER_ARL_auditor_url)) &TALER_ARL_auditor_url))
{ {
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"auditor", "auditor",
"BASE_URL"); "AUDITOR_URL");
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
if (GNUNET_YES == GNUNET_is_zero (&TALER_ARL_master_pub)) if (GNUNET_YES == GNUNET_is_zero (&TALER_ARL_master_pub))

View File

@ -7,3 +7,9 @@ MASTER_PRIV_FILE = ${TALER_DATA_HOME}/exchange/offline-keys/master.priv
# Where do we store the TOFU key material? # Where do we store the TOFU key material?
SECM_TOFU_FILE = ${TALER_DATA_HOME}/exchange/offline-keys/secm_tofus.pub SECM_TOFU_FILE = ${TALER_DATA_HOME}/exchange/offline-keys/secm_tofus.pub
# Base32-encoded public key of the RSA helper.
# SECM_DENOM_PUBKEY =
# Base32-encoded public key of the EdDSA helper.
# SECM_ESIGN_PUBKEY =

View File

@ -2331,6 +2331,74 @@ tofu_check (const struct TALER_SecurityModulePublicKeyP secm[2])
GNUNET_free (fn); GNUNET_free (fn);
return GNUNET_OK; return GNUNET_OK;
} }
else
{
char *key;
/* check against SECMOD-keys pinned in configuration */
if (GNUNET_OK ==
GNUNET_CONFIGURATION_get_value_string (kcfg,
"exchange-offline",
"SECM_ESIGN_PUBKEY",
&key))
{
struct TALER_SecurityModulePublicKeyP k;
if (GNUNET_OK !=
GNUNET_STRINGS_string_to_data (key,
strlen (key),
&k,
sizeof (k)))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchange-offline",
"SECM_ESIGN_PUBKEY",
"key malformed");
GNUNET_free (key);
return GNUNET_SYSERR;
}
GNUNET_free (key);
if (0 !=
GNUNET_memcmp (&k,
&secm[1]))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"ESIGN security module key does not match SECM_ESIGN_PUBKEY in configuration\n");
return GNUNET_SYSERR;
}
}
if (GNUNET_OK ==
GNUNET_CONFIGURATION_get_value_string (kcfg,
"exchange-offline",
"SECM_DENOM_PUBKEY",
&key))
{
struct TALER_SecurityModulePublicKeyP k;
if (GNUNET_OK !=
GNUNET_STRINGS_string_to_data (key,
strlen (key),
&k,
sizeof (k)))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchange-offline",
"SECM_DENOM_PUBKEY",
"key malformed");
GNUNET_free (key);
return GNUNET_SYSERR;
}
GNUNET_free (key);
if (0 !=
GNUNET_memcmp (&k,
&secm[0]))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"DENOM security module key does not match SECM_DENOM_PUBKEY in configuration\n");
return GNUNET_SYSERR;
}
}
}
/* persist keys for future runs */ /* persist keys for future runs */
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_DISK_fn_write (fn, GNUNET_DISK_fn_write (fn,