properly handle signing errors if httpd lacks signing keys by returning internal errors (and handling new return value from TEH_KS_sign)

This commit is contained in:
Christian Grothoff 2017-10-07 15:10:24 +02:00
parent 7935349d35
commit cc5d09cf1d
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
9 changed files with 97 additions and 33 deletions

View File

@ -78,9 +78,15 @@ reply_deposit_success (struct MHD_Connection *connection,
amount_without_fee); amount_without_fee);
dc.coin_pub = *coin_pub; dc.coin_pub = *coin_pub;
dc.merchant = *merchant; dc.merchant = *merchant;
if (GNUNET_OK !=
TEH_KS_sign (&dc.purpose, TEH_KS_sign (&dc.purpose,
&pub, &pub,
&sig); &sig))
{
return TEH_RESPONSE_reply_internal_error (connection,
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
"no keys");
}
return TEH_RESPONSE_reply_json_pack (connection, return TEH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK, MHD_HTTP_OK,
"{s:s, s:o, s:o}", "{s:s, s:o, s:o}",

View File

@ -1845,8 +1845,9 @@ read_again:
* @param purpose the message to sign * @param purpose the message to sign
* @param[out] pub set to the current public signing key of the exchange * @param[out] pub set to the current public signing key of the exchange
* @param[out] sig signature over purpose using current signing key * @param[out] sig signature over purpose using current signing key
* @return #GNUNET_OK on success, #GNUNET_SYSERR if we lack key material
*/ */
void int
TEH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, TEH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct TALER_ExchangePublicKeyP *pub, struct TALER_ExchangePublicKeyP *pub,
struct TALER_ExchangeSignatureP *sig) struct TALER_ExchangeSignatureP *sig)
@ -1855,15 +1856,21 @@ TEH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct TEH_KS_StateHandle *key_state; struct TEH_KS_StateHandle *key_state;
key_state = TEH_KS_acquire (); key_state = TEH_KS_acquire ();
GNUNET_assert (NULL != key_state); /* This *can* happen if the exchange's keys are if (NULL == key_state)
not properly maintained, but in this case we {
simply have no good way forward. */ /* This *can* happen if the exchange's keys are
not properly maintained. */
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
_("Cannot sign request, no valid keys available\n"));
return GNUNET_SYSERR;
}
*pub = key_state->current_sign_key_issue.issue.signkey_pub; *pub = key_state->current_sign_key_issue.issue.signkey_pub;
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv, GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv,
purpose, purpose,
&sig->eddsa_signature)); &sig->eddsa_signature));
TEH_KS_release (key_state); TEH_KS_release (key_state);
return GNUNET_OK;
} }

View File

@ -140,8 +140,9 @@ TEH_KS_loop (void);
* @param purpose the message to sign * @param purpose the message to sign
* @param[out] pub set to the current public signing key of the exchange * @param[out] pub set to the current public signing key of the exchange
* @param[out] sig signature over purpose using current signing key * @param[out] sig signature over purpose using current signing key
* @return #GNUNET_OK on success, #GNUNET_SYSERR if we lack key material
*/ */
void int
TEH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, TEH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct TALER_ExchangePublicKeyP *pub, struct TALER_ExchangePublicKeyP *pub,
struct TALER_ExchangeSignatureP *sig); struct TALER_ExchangeSignatureP *sig);

View File

@ -82,9 +82,15 @@ reply_payback_success (struct MHD_Connection *connection,
amount); amount);
pc.coin_pub = *coin_pub; pc.coin_pub = *coin_pub;
pc.reserve_pub = *reserve_pub; pc.reserve_pub = *reserve_pub;
if (GNUNET_OK !=
TEH_KS_sign (&pc.purpose, TEH_KS_sign (&pc.purpose,
&pub, &pub,
&sig); &sig))
{
return TEH_RESPONSE_reply_internal_error (connection,
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
"no keys");
}
return TEH_RESPONSE_reply_json_pack (connection, return TEH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK, MHD_HTTP_OK,
"{s:o, s:o, s:o, s:o, s:o}", "{s:o, s:o, s:o, s:o, s:o}",

View File

@ -135,9 +135,15 @@ reply_refresh_melt_success (struct MHD_Connection *connection,
body.session_hash = *session_hash; body.session_hash = *session_hash;
body.noreveal_index = htons (noreveal_index); body.noreveal_index = htons (noreveal_index);
body.reserved = htons (0); body.reserved = htons (0);
if (GNUNET_OK !=
TEH_KS_sign (&body.purpose, TEH_KS_sign (&body.purpose,
&pub, &pub,
&sig); &sig))
{
return TEH_RESPONSE_reply_internal_error (connection,
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
"no keys");
}
sig_json = GNUNET_JSON_from_data_auto (&sig); sig_json = GNUNET_JSON_from_data_auto (&sig);
GNUNET_assert (NULL != sig_json); GNUNET_assert (NULL != sig_json);
return TEH_RESPONSE_reply_json_pack (connection, return TEH_RESPONSE_reply_json_pack (connection,

View File

@ -61,9 +61,15 @@ reply_refund_success (struct MHD_Connection *connection,
&refund->refund_amount); &refund->refund_amount);
TALER_amount_hton (&rc.refund_fee, TALER_amount_hton (&rc.refund_fee,
&refund->refund_fee); &refund->refund_fee);
if (GNUNET_OK !=
TEH_KS_sign (&rc.purpose, TEH_KS_sign (&rc.purpose,
&pub, &pub,
&sig); &sig))
{
return TEH_RESPONSE_reply_internal_error (connection,
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
"no keys");
}
return TEH_RESPONSE_reply_json_pack (connection, return TEH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK, MHD_HTTP_OK,
"{s:s, s:o, s:o}", "{s:s, s:o, s:o}",

View File

@ -474,7 +474,7 @@ TEH_RESPONSE_reply_invalid_json (struct MHD_Connection *connection)
* Compile the transaction history of a coin into a JSON object. * Compile the transaction history of a coin into a JSON object.
* *
* @param tl transaction history to JSON-ify * @param tl transaction history to JSON-ify
* @return json representation of the @a rh * @return json representation of the @a rh, NULL on error
*/ */
json_t * json_t *
TEH_RESPONSE_compile_transaction_history (const struct TALER_EXCHANGEDB_TransactionList *tl) TEH_RESPONSE_compile_transaction_history (const struct TALER_EXCHANGEDB_TransactionList *tl)
@ -632,9 +632,15 @@ TEH_RESPONSE_compile_transaction_history (const struct TALER_EXCHANGEDB_Transact
&payback->value); &payback->value);
pc.coin_pub = payback->coin.coin_pub; pc.coin_pub = payback->coin.coin_pub;
pc.reserve_pub = payback->reserve_pub; pc.reserve_pub = payback->reserve_pub;
if (GNUNET_OK !=
TEH_KS_sign (&pc.purpose, TEH_KS_sign (&pc.purpose,
&epub, &epub,
&esig); &esig))
{
GNUNET_break (0);
json_decref (history);
return NULL;
}
GNUNET_assert (0 == GNUNET_assert (0 ==
json_array_append_new (history, json_array_append_new (history,
json_pack ("{s:s, s:o, s:o, s:o, s:o, s:o}", json_pack ("{s:s, s:o, s:o, s:o, s:o, s:o}",
@ -796,9 +802,15 @@ TEH_RESPONSE_compile_reserve_history (const struct TALER_EXCHANGEDB_ReserveHisto
&payback->value); &payback->value);
pc.coin_pub = payback->coin.coin_pub; pc.coin_pub = payback->coin.coin_pub;
pc.reserve_pub = payback->reserve_pub; pc.reserve_pub = payback->reserve_pub;
if (GNUNET_OK !=
TEH_KS_sign (&pc.purpose, TEH_KS_sign (&pc.purpose,
&pub, &pub,
&sig); &sig))
{
GNUNET_break (0);
json_decref (json_history);
return NULL;
}
GNUNET_assert (0 == GNUNET_assert (0 ==
json_array_append_new (json_history, json_array_append_new (json_history,
@ -852,9 +864,15 @@ TEH_RESPONSE_compile_reserve_history (const struct TALER_EXCHANGEDB_ReserveHisto
return NULL; return NULL;
} }
rcc.wtid = pos->details.closing->wtid; rcc.wtid = pos->details.closing->wtid;
if (GNUNET_OK !=
TEH_KS_sign (&rcc.purpose, TEH_KS_sign (&rcc.purpose,
&pub, &pub,
&sig); &sig))
{
GNUNET_break (0);
json_decref (json_history);
return NULL;
}
GNUNET_assert (0 == GNUNET_assert (0 ==
json_array_append_new (json_history, json_array_append_new (json_history,
json_pack ("{s:s, s:O, s:o, s:o, s:o, s:o, s:o, s:o}", json_pack ("{s:s, s:O, s:o, s:o, s:o, s:o, s:o, s:o}",

View File

@ -85,9 +85,15 @@ reply_track_transaction (struct MHD_Connection *connection,
cw.execution_time = GNUNET_TIME_absolute_hton (exec_time); cw.execution_time = GNUNET_TIME_absolute_hton (exec_time);
TALER_amount_hton (&cw.coin_contribution, TALER_amount_hton (&cw.coin_contribution,
coin_contribution); coin_contribution);
if (GNUNET_OK !=
TEH_KS_sign (&cw.purpose, TEH_KS_sign (&cw.purpose,
&pub, &pub,
&sig); &sig))
{
return TEH_RESPONSE_reply_internal_error (connection,
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
"no keys");
}
return TEH_RESPONSE_reply_json_pack (connection, return TEH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK, MHD_HTTP_OK,
"{s:o, s:o, s:o, s:o, s:o}", "{s:o, s:o, s:o, s:o, s:o}",

View File

@ -131,9 +131,17 @@ reply_track_transfer_details (struct MHD_Connection *connection,
wdp.h_wire = *h_wire; wdp.h_wire = *h_wire;
GNUNET_CRYPTO_hash_context_finish (hash_context, GNUNET_CRYPTO_hash_context_finish (hash_context,
&wdp.h_details); &wdp.h_details);
if (GNUNET_OK !=
TEH_KS_sign (&wdp.purpose, TEH_KS_sign (&wdp.purpose,
&pub, &pub,
&sig); &sig))
{
json_decref (deposits);
return TEH_RESPONSE_reply_internal_error (connection,
TALER_EC_EXCHANGE_BAD_CONFIGURATION,
"no keys");
}
return TEH_RESPONSE_reply_json_pack (connection, return TEH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK, MHD_HTTP_OK,
"{s:o, s:o, s:o, s:o, s:o, s:o, s:o, s:o}", "{s:o, s:o, s:o, s:o, s:o, s:o, s:o, s:o}",