taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

check signatures before serving

Browse Source
This commit is contained in:
Christian Grothoff 2019-08-21 20:32:27 +02:00
parent 8577686bbe
commit c17d82e9b4
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
1 changed files with 46 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
src/exchange/taler-exchange-httpd_keystate.c
View File

@ -587,6 +587,30 @@ store_in_map (struct GNUNET_CONTAINER_MultiHashMap *map,
struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *d2; struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *d2;
int res; int res;
{
const struct TALER_EXCHANGEDB_DenominationKeyInformationP *dkip;
struct TALER_DenominationKeyValidityPS denom_key_issue;
dkip = &dki->issue;
denom_key_issue = dkip->properties;
denom_key_issue.purpose.purpose
= htonl (TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY);
denom_key_issue.purpose.size
= htonl (sizeof (struct TALER_DenominationKeyValidityPS));
denom_key_issue.master = TEH_master_public_key;
if (GNUNET_SYSERR ==
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY,
&denom_key_issue.purpose,
&dkip->signature.eddsa_signature,
&TEH_master_public_key.eddsa_pub))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Invalid signature on denomination key `%s'\n",
GNUNET_h2s (&dkip->properties.denom_hash));
return GNUNET_SYSERR;
}
}
d2 = GNUNET_new (struct TALER_EXCHANGEDB_DenominationKeyIssueInformation); d2 = GNUNET_new (struct TALER_EXCHANGEDB_DenominationKeyIssueInformation);
d2->issue = dki->issue; d2->issue = dki->issue;
if (NULL != dki->denom_priv.rsa_private_key) if (NULL != dki->denom_priv.rsa_private_key)
@ -687,9 +711,9 @@ add_revocations_transaction (void *cls,
if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs)
return qs; /* already exists == success */ return qs; /* already exists == success */
return TEH_plugin->insert_denomination_revocation (TEH_plugin->cls, return TEH_plugin->insert_denomination_revocation (TEH_plugin->cls,
session, session,
&arc->dki->issue.properties.denom_hash, &arc->dki->issue.properties.denom_hash,
arc->revocation_master_sig); arc->revocation_master_sig);
} }
@ -704,26 +728,26 @@ add_revocations_transaction (void *cls,
*/ */
static enum GNUNET_DB_QueryStatus static enum GNUNET_DB_QueryStatus
add_denomination_transaction (void *cls, add_denomination_transaction (void *cls,
struct MHD_Connection *connection, struct MHD_Connection *connection,
struct TALER_EXCHANGEDB_Session *session, struct TALER_EXCHANGEDB_Session *session,
int *mhd_ret) int *mhd_ret)
{ {
const struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki = cls; const struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki = cls;
enum GNUNET_DB_QueryStatus qs; enum GNUNET_DB_QueryStatus qs;
struct TALER_EXCHANGEDB_DenominationKeyInformationP issue_exists; struct TALER_EXCHANGEDB_DenominationKeyInformationP issue_exists;
qs = TEH_plugin->get_denomination_info (TEH_plugin->cls, qs = TEH_plugin->get_denomination_info (TEH_plugin->cls,
session, session,
&dki->issue.properties.denom_hash, &dki->issue.properties.denom_hash,
&issue_exists); &issue_exists);
if (0 > qs) if (0 > qs)
return qs; return qs;
if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs) if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT == qs)
return qs; return qs;
return TEH_plugin->insert_denomination_info (TEH_plugin->cls, return TEH_plugin->insert_denomination_info (TEH_plugin->cls,
session, session,
&dki->denom_pub, &dki->denom_pub,
&dki->issue); &dki->issue);
} }
@ -751,7 +775,7 @@ reload_keys_denom_iter (void *cls,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Loading denomination key `%s' (%s)\n", "Loading denomination key `%s' (%s)\n",
alias, alias,
GNUNET_h2s (&dki->issue.properties.denom_hash)); GNUNET_h2s (&dki->issue.properties.denom_hash));
expire_deposit = GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_deposit); expire_deposit = GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_deposit);
if (expire_deposit.abs_value_us < rfc->now.abs_value_us) if (expire_deposit.abs_value_us < rfc->now.abs_value_us)
{ {
@ -777,7 +801,7 @@ reload_keys_denom_iter (void *cls,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Skipping future denomination key `%s' (%s), validity starts at %s\n", "Skipping future denomination key `%s' (%s), validity starts at %s\n",
alias, alias,
GNUNET_h2s (&dki->issue.properties.denom_hash), GNUNET_h2s (&dki->issue.properties.denom_hash),
GNUNET_STRINGS_absolute_time_to_string (start)); GNUNET_STRINGS_absolute_time_to_string (start));
return GNUNET_OK; return GNUNET_OK;
} }
@ -785,21 +809,21 @@ reload_keys_denom_iter (void *cls,
if (GNUNET_OK != if (GNUNET_OK !=
TEH_DB_run_transaction (NULL, TEH_DB_run_transaction (NULL,
"add denomination key", "add denomination key",
NULL, NULL,
&add_denomination_transaction, &add_denomination_transaction,
(void *) dki)) (void *) dki))
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Could not persist denomination key %s in DB. Committing suicide via SIGTERM.\n", "Could not persist denomination key %s in DB. Committing suicide via SIGTERM.\n",
GNUNET_h2s (&dki->issue.properties.denom_hash)); GNUNET_h2s (&dki->issue.properties.denom_hash));
handle_signal (SIGTERM); handle_signal (SIGTERM);
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Adding denomination key `%s' (%s) to active set\n", "Adding denomination key `%s' (%s) to active set\n",
alias, alias,
GNUNET_h2s (&dki->issue.properties.denom_hash)); GNUNET_h2s (&dki->issue.properties.denom_hash));
if (GNUNET_NO /* entry already exists */ == if (GNUNET_NO /* entry already exists */ ==
store_in_map (key_state->denomkey_map, store_in_map (key_state->denomkey_map,
dki)) dki))