feat: verify mint keyset id when getting keys

cashubtc · Oct 20, 2024 · e90e665 · e90e665
1 parent cd9c098
commit e90e665
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/crates/cdk/src/nuts/nut02.rs b/crates/cdk/src/nuts/nut02.rs
@@ -43,6 +43,9 @@ pub enum Error {
     /// Unknown version
     #[error("NUT02: Unknown Version")]
     UnknownVersion,
+    /// Keyset id does not match
+    #[error("Keyset id incorrect")]
+    IncorrectKeysetId,
     /// Slice Error
     #[error(transparent)]
     Slice(#[from] TryFromSliceError),
@@ -242,6 +245,19 @@ pub struct KeySet {
     pub keys: Keys,
 }
 
+impl KeySet {
+    /// Verify the keyset is matches keys
+    pub fn verify_id(&self) -> Result<(), Error> {
+        let keys_id: Id = (&self.keys).into();
+
+        if keys_id != self.id {
+            return Err(Error::IncorrectKeysetId);
+        }
+
+        Ok(())
+    }
+}
+
 #[cfg(feature = "mint")]
 impl From<MintKeySet> for KeySet {
     fn from(keyset: MintKeySet) -> Self {

diff --git a/crates/cdk/src/wallet/keysets.rs b/crates/cdk/src/wallet/keysets.rs
@@ -21,6 +21,8 @@ impl Wallet {
                 .get_mint_keyset(self.mint_url.clone().try_into()?, keyset_id)
                 .await?;
 
+            keys.verify_id()?;
+
             self.localstore.add_keys(keys.keys.clone()).await?;
 
             keys.keys