[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: validate exchange signing key on
From: |
gnunet |
Subject: |
[taler-exchange] branch master updated: validate exchange signing key on attestations |
Date: |
Mon, 16 Oct 2023 23:31:04 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new a4af8963 validate exchange signing key on attestations
a4af8963 is described below
commit a4af8963703abb882b08e75f20ef3e525447551e
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Mon Oct 16 23:30:59 2023 +0200
validate exchange signing key on attestations
---
src/include/taler_exchange_service.h | 2 ++
src/lib/exchange_api_purse_create_with_deposit.c | 2 +-
src/lib/exchange_api_reserves_attest.c | 25 +++++++++++++++++++++---
src/testing/testing_api_cmd_reserve_attest.c | 1 +
4 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/src/include/taler_exchange_service.h
b/src/include/taler_exchange_service.h
index 75252449..44f43367 100644
--- a/src/include/taler_exchange_service.h
+++ b/src/include/taler_exchange_service.h
@@ -7155,6 +7155,7 @@ typedef void
*
* @param ctx CURL context
* @param url exchange base URL
+ * @param keys exchange key data
* @param reserve_priv private key of the reserve to attest
* @param attributes_length length of the @a attributes array
* @param attributes array of names of attributes to get attestations for
@@ -7167,6 +7168,7 @@ struct TALER_EXCHANGE_ReservesAttestHandle *
TALER_EXCHANGE_reserves_attest (
struct GNUNET_CURL_Context *ctx,
const char *url,
+ struct TALER_EXCHANGE_Keys *keys,
const struct TALER_ReservePrivateKeyP *reserve_priv,
unsigned int attributes_length,
const char *attributes[const static attributes_length],
diff --git a/src/lib/exchange_api_purse_create_with_deposit.c
b/src/lib/exchange_api_purse_create_with_deposit.c
index c64beede..215b7847 100644
--- a/src/lib/exchange_api_purse_create_with_deposit.c
+++ b/src/lib/exchange_api_purse_create_with_deposit.c
@@ -281,7 +281,7 @@ handle_purse_create_deposit_finished (void *cls,
checked in the GET /coins/$COIN_PUB handler */
break;
case TALER_EC_EXCHANGE_GENERIC_COIN_CONFLICTING_DENOMINATION_KEY:
- // FIXME: write check (add to exchange_api_common! */
+ // FIXME #7267: write check (add to exchange_api_common! */
break;
case TALER_EC_EXCHANGE_PURSE_DEPOSIT_CONFLICTING_META_DATA:
{
diff --git a/src/lib/exchange_api_reserves_attest.c
b/src/lib/exchange_api_reserves_attest.c
index 2537dd16..d5a86711 100644
--- a/src/lib/exchange_api_reserves_attest.c
+++ b/src/lib/exchange_api_reserves_attest.c
@@ -1,6 +1,6 @@
/*
This file is part of TALER
- Copyright (C) 2014-2022 Taler Systems SA
+ Copyright (C) 2014-2023 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
@@ -38,6 +38,11 @@
struct TALER_EXCHANGE_ReservesAttestHandle
{
+ /**
+ * The keys of the this request handle will use
+ */
+ struct TALER_EXCHANGE_Keys *keys;
+
/**
* The url for this request.
*/
@@ -112,6 +117,19 @@ handle_reserves_attest_ok (struct
TALER_EXCHANGE_ReservesAttestHandle *rsh,
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
+ if (GNUNET_OK !=
+ TALER_EXCHANGE_test_signing_key (rsh->keys,
+ &rs.details.ok.exchange_pub))
+ {
+ GNUNET_break_op (0);
+ rs.hr.http_status = 0;
+ rs.hr.ec = TALER_EC_EXCHANGE_DEPOSITS_GET_INVALID_SIGNATURE_BY_EXCHANGE;
+ rsh->cb (rsh->cb_cls,
+ &rs);
+ rsh->cb = NULL;
+ GNUNET_JSON_parse_free (spec);
+ return GNUNET_SYSERR;
+ }
rs.details.ok.attributes = attributes;
if (GNUNET_OK !=
TALER_exchange_online_reserve_attest_details_verify (
@@ -126,8 +144,6 @@ handle_reserves_attest_ok (struct
TALER_EXCHANGE_ReservesAttestHandle *rsh,
GNUNET_JSON_parse_free (spec);
return GNUNET_SYSERR;
}
- /* FIXME: validate exchange_pub is actually
- a good exchange signing key */
rsh->cb (rsh->cb_cls,
&rs);
rsh->cb = NULL;
@@ -227,6 +243,7 @@ struct TALER_EXCHANGE_ReservesAttestHandle *
TALER_EXCHANGE_reserves_attest (
struct GNUNET_CURL_Context *ctx,
const char *url,
+ struct TALER_EXCHANGE_Keys *keys,
const struct TALER_ReservePrivateKeyP *reserve_priv,
unsigned int attributes_length,
const char *attributes[const static attributes_length],
@@ -324,6 +341,7 @@ TALER_EXCHANGE_reserves_attest (
rsh->post_ctx.headers,
&handle_reserves_attest_finished,
rsh);
+ rsh->keys = TALER_EXCHANGE_keys_incref (keys);
return rsh;
}
@@ -338,6 +356,7 @@ TALER_EXCHANGE_reserves_attest_cancel (
rsh->job = NULL;
}
TALER_curl_easy_post_finished (&rsh->post_ctx);
+ TALER_EXCHANGE_keys_decref (rsh->keys);
GNUNET_free (rsh->url);
GNUNET_free (rsh);
}
diff --git a/src/testing/testing_api_cmd_reserve_attest.c
b/src/testing/testing_api_cmd_reserve_attest.c
index 64b15a10..cf4b3a0c 100644
--- a/src/testing/testing_api_cmd_reserve_attest.c
+++ b/src/testing/testing_api_cmd_reserve_attest.c
@@ -185,6 +185,7 @@ attest_run (void *cls,
ss->rsh = TALER_EXCHANGE_reserves_attest (
TALER_TESTING_interpreter_get_context (is),
exchange_url,
+ TALER_TESTING_get_keys (is),
ss->reserve_priv,
ss->attrs_len,
ss->attrs,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: validate exchange signing key on attestations,
gnunet <=