wire signatures: produce better warning

Produce a better warning when the wire signature file is signed by a
different key than the one we're checking the signature with.

1 files changed, 16 insertions, 2 deletions

diff --git a/src/json/json_wire.c b/src/json/json_wire.c
index d5f095f76..7a4b4a5d9 100644
--- a/src/json/json_wire.c
+++ b/src/json/json_wire.c
@@ -105,12 +105,21 @@ TALER_JSON_exchange_wire_signature_check (const json_t *wire_s,
 {
   const char *payto_url;
   struct TALER_MasterSignatureP master_sig;
+  struct TALER_MasterPublicKeyP master_pub_from_wire;
   struct GNUNET_JSON_Specification spec[] = {
     GNUNET_JSON_spec_string ("url", &payto_url),
     GNUNET_JSON_spec_fixed_auto ("master_sig", &master_sig),
+    GNUNET_JSON_spec_fixed_auto ("master_pub", &master_pub_from_wire),
     GNUNET_JSON_spec_end ()
   };
 
+  if (0 != memcmp (&master_pub_from_wire, master_pub))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "wire signature has an unexpected master public key\n");
+    return GNUNET_SYSERR;
+  }
+
   if (GNUNET_OK !=
       GNUNET_JSON_parse (wire_s,
                          spec,
@@ -136,13 +145,18 @@ TALER_JSON_exchange_wire_signature_make (const char *payto_url,
                                          const struct TALER_MasterPrivateKeyP *master_priv)
 {
   struct TALER_MasterSignatureP master_sig;
+  struct TALER_MasterPublicKeyP master_pub;
+
+  GNUNET_CRYPTO_eddsa_key_get_public (&master_priv->eddsa_priv,
+                                      &master_pub.eddsa_pub);
 
   TALER_exchange_wire_signature_make (payto_url,
                                       master_priv,
                                       &master_sig);
-  return json_pack ("{s:s, s:o}",
+  return json_pack ("{s:s, s:o, s:o}",
                     "url", payto_url,
-                    "master_sig", GNUNET_JSON_from_data_auto (&master_sig));
+                    "master_sig", GNUNET_JSON_from_data_auto (&master_sig),
+                    "master_pub", GNUNET_JSON_from_data_auto (&master_pub));
 }