From 247d1ca3e56461069c02481c7071b56e950fe78a Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Thu, 24 Dec 2020 14:48:50 +0100
Subject: implement #6661: secm key pinning via configuration

---
 src/exchange-tools/taler-exchange-offline.c | 68 +++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

(limited to 'src/exchange-tools/taler-exchange-offline.c')

diff --git a/src/exchange-tools/taler-exchange-offline.c b/src/exchange-tools/taler-exchange-offline.c
index abcd52f22..97fc0b560 100644
--- a/src/exchange-tools/taler-exchange-offline.c
+++ b/src/exchange-tools/taler-exchange-offline.c
@@ -2331,6 +2331,74 @@ tofu_check (const struct TALER_SecurityModulePublicKeyP secm[2])
     GNUNET_free (fn);
     return GNUNET_OK;
   }
+  else
+  {
+    char *key;
+
+    /* check against SECMOD-keys pinned in configuration */
+    if (GNUNET_OK ==
+        GNUNET_CONFIGURATION_get_value_string (kcfg,
+                                               "exchange-offline",
+                                               "SECM_ESIGN_PUBKEY",
+                                               &key))
+    {
+      struct TALER_SecurityModulePublicKeyP k;
+
+      if (GNUNET_OK !=
+          GNUNET_STRINGS_string_to_data (key,
+                                         strlen (key),
+                                         &k,
+                                         sizeof (k)))
+      {
+        GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                                   "exchange-offline",
+                                   "SECM_ESIGN_PUBKEY",
+                                   "key malformed");
+        GNUNET_free (key);
+        return GNUNET_SYSERR;
+      }
+      GNUNET_free (key);
+      if (0 !=
+          GNUNET_memcmp (&k,
+                         &secm[1]))
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    "ESIGN security module key does not match SECM_ESIGN_PUBKEY in configuration\n");
+        return GNUNET_SYSERR;
+      }
+    }
+    if (GNUNET_OK ==
+        GNUNET_CONFIGURATION_get_value_string (kcfg,
+                                               "exchange-offline",
+                                               "SECM_DENOM_PUBKEY",
+                                               &key))
+    {
+      struct TALER_SecurityModulePublicKeyP k;
+
+      if (GNUNET_OK !=
+          GNUNET_STRINGS_string_to_data (key,
+                                         strlen (key),
+                                         &k,
+                                         sizeof (k)))
+      {
+        GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                                   "exchange-offline",
+                                   "SECM_DENOM_PUBKEY",
+                                   "key malformed");
+        GNUNET_free (key);
+        return GNUNET_SYSERR;
+      }
+      GNUNET_free (key);
+      if (0 !=
+          GNUNET_memcmp (&k,
+                         &secm[0]))
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    "DENOM security module key does not match SECM_DENOM_PUBKEY in configuration\n");
+        return GNUNET_SYSERR;
+      }
+    }
+  }
   /* persist keys for future runs */
   if (GNUNET_OK !=
       GNUNET_DISK_fn_write (fn,
-- 
cgit v1.2.3