diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-03-04 14:09:27 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-03-04 14:09:27 +0000 |
commit | dcb57a9e51e8fe7412948ec0c47d383ed390ed61 (patch) | |
tree | 4b137f53d1959e099db77da43091973471df0dbc | |
parent | 4022058a6325b650542ad8e5a52e167c5336eaaa (diff) | |
download | gnunet-dcb57a9e51e8fe7412948ec0c47d383ed390ed61.tar.gz gnunet-dcb57a9e51e8fe7412948ec0c47d383ed390ed61.zip |
add argument to GNUNET_CRYPTO_ecc_decode_key to allow testing to disable key validation
-rw-r--r-- | src/gns/gns.conf.in | 7 | ||||
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 6 | ||||
-rw-r--r-- | src/testing/testing.c | 3 | ||||
-rw-r--r-- | src/util/crypto_ecc.c | 15 |
4 files changed, 24 insertions, 7 deletions
diff --git a/src/gns/gns.conf.in b/src/gns/gns.conf.in index a6075f346..f2aa1c2c6 100644 --- a/src/gns/gns.conf.in +++ b/src/gns/gns.conf.in | |||
@@ -22,6 +22,13 @@ HIJACK_DNS = NO | |||
22 | # Automatically import PKEYs we learn into the shorten zone? | 22 | # Automatically import PKEYs we learn into the shorten zone? |
23 | AUTO_IMPORT_PKEY = YES | 23 | AUTO_IMPORT_PKEY = YES |
24 | 24 | ||
25 | # Do we require users that want to access GNS to run this process | ||
26 | # (usually not a good idea) | ||
27 | UNIX_MATCH_UID = NO | ||
28 | |||
29 | # Do we require users that want to access GNS to be in the 'gnunet' group? | ||
30 | UNIX_MATCH_GID = YES | ||
31 | |||
25 | # When we automatically import PKEYs into shorten zone, require confirmation | 32 | # When we automatically import PKEYs into shorten zone, require confirmation |
26 | # before they become active? (Not useful right now as the GUI to confirm | 33 | # before they become active? (Not useful right now as the GUI to confirm |
27 | # doesn't exist) | 34 | # doesn't exist) |
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 1bfa988c2..5b6d238c5 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -1244,11 +1244,15 @@ GNUNET_CRYPTO_ecc_encode_key (const struct GNUNET_CRYPTO_EccPrivateKey *key); | |||
1244 | * | 1244 | * |
1245 | * @param buf the buffer where the private key data is stored | 1245 | * @param buf the buffer where the private key data is stored |
1246 | * @param len the length of the data in 'buffer' | 1246 | * @param len the length of the data in 'buffer' |
1247 | * @param validate GNUNET_YES to validate that the key is well-formed, | ||
1248 | * GNUNET_NO if the key comes from a totally trusted source | ||
1249 | * and validation is considered too expensive | ||
1247 | * @return NULL on error | 1250 | * @return NULL on error |
1248 | */ | 1251 | */ |
1249 | struct GNUNET_CRYPTO_EccPrivateKey * | 1252 | struct GNUNET_CRYPTO_EccPrivateKey * |
1250 | GNUNET_CRYPTO_ecc_decode_key (const char *buf, | 1253 | GNUNET_CRYPTO_ecc_decode_key (const char *buf, |
1251 | size_t len); | 1254 | size_t len, |
1255 | int validate); | ||
1252 | 1256 | ||
1253 | 1257 | ||
1254 | /** | 1258 | /** |
diff --git a/src/testing/testing.c b/src/testing/testing.c index 16f902890..826c5753f 100644 --- a/src/testing/testing.c +++ b/src/testing/testing.c | |||
@@ -544,7 +544,8 @@ GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system, | |||
544 | private_key = GNUNET_CRYPTO_ecc_decode_key (system->hostkeys_data + | 544 | private_key = GNUNET_CRYPTO_ecc_decode_key (system->hostkeys_data + |
545 | (key_number * | 545 | (key_number * |
546 | GNUNET_TESTING_HOSTKEYFILESIZE), | 546 | GNUNET_TESTING_HOSTKEYFILESIZE), |
547 | GNUNET_TESTING_HOSTKEYFILESIZE); | 547 | GNUNET_TESTING_HOSTKEYFILESIZE, |
548 | GNUNET_NO); | ||
548 | if (NULL == private_key) | 549 | if (NULL == private_key) |
549 | { | 550 | { |
550 | LOG (GNUNET_ERROR_TYPE_ERROR, | 551 | LOG (GNUNET_ERROR_TYPE_ERROR, |
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 0c9f6e134..d89989bd4 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
@@ -325,11 +325,15 @@ GNUNET_CRYPTO_ecc_encode_key (const struct GNUNET_CRYPTO_EccPrivateKey *key) | |||
325 | * | 325 | * |
326 | * @param buf the buffer where the private key data is stored | 326 | * @param buf the buffer where the private key data is stored |
327 | * @param len the length of the data in 'buffer' | 327 | * @param len the length of the data in 'buffer' |
328 | * @param validate GNUNET_YES to validate that the key is well-formed, | ||
329 | * GNUNET_NO if the key comes from a totally trusted source | ||
330 | * and validation is considered too expensive | ||
328 | * @return NULL on error | 331 | * @return NULL on error |
329 | */ | 332 | */ |
330 | struct GNUNET_CRYPTO_EccPrivateKey * | 333 | struct GNUNET_CRYPTO_EccPrivateKey * |
331 | GNUNET_CRYPTO_ecc_decode_key (const char *buf, | 334 | GNUNET_CRYPTO_ecc_decode_key (const char *buf, |
332 | size_t len) | 335 | size_t len, |
336 | int validate) | ||
333 | { | 337 | { |
334 | struct GNUNET_CRYPTO_EccPrivateKey *ret; | 338 | struct GNUNET_CRYPTO_EccPrivateKey *ret; |
335 | uint16_t be; | 339 | uint16_t be; |
@@ -350,8 +354,9 @@ GNUNET_CRYPTO_ecc_decode_key (const char *buf, | |||
350 | { | 354 | { |
351 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_scan", rc); | 355 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_scan", rc); |
352 | return NULL; | 356 | return NULL; |
353 | } | 357 | } |
354 | if (0 != (rc = gcry_pk_testkey (sexp))) | 358 | if ( (GNUNET_YES == validate) && |
359 | (0 != (rc = gcry_pk_testkey (sexp))) ) | ||
355 | { | 360 | { |
356 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); | 361 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); |
357 | return NULL; | 362 | return NULL; |
@@ -451,7 +456,7 @@ try_read_key (const char *filename) | |||
451 | char enc[fs]; | 456 | char enc[fs]; |
452 | 457 | ||
453 | GNUNET_break (fs == GNUNET_DISK_file_read (fd, enc, fs)); | 458 | GNUNET_break (fs == GNUNET_DISK_file_read (fd, enc, fs)); |
454 | if (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, fs))) | 459 | if (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, fs, GNUNET_YES))) |
455 | { | 460 | { |
456 | LOG (GNUNET_ERROR_TYPE_ERROR, | 461 | LOG (GNUNET_ERROR_TYPE_ERROR, |
457 | _("File `%s' does not contain a valid private key (failed decode, %llu bytes). Deleting it.\n"), | 462 | _("File `%s' does not contain a valid private key (failed decode, %llu bytes). Deleting it.\n"), |
@@ -646,7 +651,7 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) | |||
646 | len = ntohs (enc->size); | 651 | len = ntohs (enc->size); |
647 | ret = NULL; | 652 | ret = NULL; |
648 | if ((len > fs) || | 653 | if ((len > fs) || |
649 | (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len)))) | 654 | (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len, GNUNET_YES)))) |
650 | { | 655 | { |
651 | LOG (GNUNET_ERROR_TYPE_ERROR, | 656 | LOG (GNUNET_ERROR_TYPE_ERROR, |
652 | _("File `%s' does not contain a valid private key. Deleting it.\n"), | 657 | _("File `%s' does not contain a valid private key. Deleting it.\n"), |