fix key management issue with LOC signing identified in #3559

author: Christian Grothoff <christian@grothoff.org> 2014-12-14 22:15:55 +0000
committer: Christian Grothoff <christian@grothoff.org> 2014-12-14 22:15:55 +0000
commit: 6c8fa85819a2b02b3c4a175a08c1779283eda209 (patch)
tree: 3d635a2aa58f321fbb8779b6e086113558dc1c52 /src/fs/fs_publish.c
parent: 6d7c1dd00a193fc054d1f1588ae7c98dc95b6257 (diff)
download: gnunet-6c8fa85819a2b02b3c4a175a08c1779283eda209.tar.gz
gnunet-6c8fa85819a2b02b3c4a175a08c1779283eda209.zip
1 files changed, 124 insertions, 24 deletions
diff --git a/src/fs/fs_publish.c b/src/fs/fs_publish.c
index beeab8b12..a8a9a220f 100644
--- a/src/fs/fs_publish.c
+++ b/src/fs/fs_publish.c
@@ -823,6 +823,116 @@ hash_for_index_cb (void *cls,
 /**
+ * We've computed the CHK/LOC URI, now publish the KSKs (if applicable).
+ *
+ * @param pc publishing context to do this for
+ */
+static void
+publish_kblocks (struct GNUNET_FS_PublishContext *pc)
+{
+  struct GNUNET_FS_FileInformation *p;
+  p = pc->fi_pos;
+  /* upload of "p" complete, publish KBlocks! */
+  if (NULL != p->keywords)
+  {
+    pc->ksk_pc = GNUNET_FS_publish_ksk (pc->h,
+                                        p->keywords,
+                                        p->meta,
+                                        p->chk_uri,
+                                        &p->bo,
+                                        pc->options,
+                                        &publish_kblocks_cont, pc);
+  }
+  else
+  {
+    publish_kblocks_cont (pc, p->chk_uri, NULL);
+  }
+}
+/**
+ * Process the response (or lack thereof) from
+ * the "fs" service to our LOC sign request.
+ *
+ * @param cls closure (of type `struct GNUNET_FS_PublishContext *`)
+ * @param msg the response we got
+ */
+static void
+process_signature_response (void *cls,
+                            const struct GNUNET_MessageHeader *msg)
+{
+  struct GNUNET_FS_PublishContext *pc = cls;
+  const struct ResponseLocSignatureMessage *sig;
+  struct GNUNET_FS_FileInformation *p;
+  p = pc->fi_pos;
+  if (NULL == msg)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                _("Can not create LOC URI. Will continue with CHK instead.\n"));
+    publish_kblocks (pc);
+    return;
+  }
+  if (sizeof (struct ResponseLocSignatureMessage) !=
+      ntohs (msg->size))
+  {
+    GNUNET_break (0);
+    publish_kblocks (pc);
+    return;
+  }
+  sig = (const struct ResponseLocSignatureMessage *) msg;
+  p->chk_uri->type = GNUNET_FS_URI_LOC;
+  /* p->data.loc.fi kept from CHK before */
+  p->chk_uri->data.loc.peer = sig->peer;
+  p->chk_uri->data.loc.expirationTime = GNUNET_TIME_absolute_ntoh (sig->expiration_time);
+  p->chk_uri->data.loc.contentSignature = sig->signature;
+  GNUNET_FS_file_information_sync_ (p);
+  GNUNET_FS_publish_sync_ (pc);
+  publish_kblocks (pc);
+}
+/**
+ * We're publishing without anonymity. Contact the FS service
+ * to create a signed LOC URI for further processing, then
+ * continue with KSKs.
+ *
+ * @param pc the publishing context do to this for
+ */
+static void
+create_loc_uri (struct GNUNET_FS_PublishContext *pc)
+{
+  struct RequestLocSignatureMessage req;
+  struct GNUNET_FS_FileInformation *p;
+  if (NULL == pc->client)
+    pc->client = GNUNET_CLIENT_connect ("fs", pc->h->cfg);
+  if (NULL == pc->client)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                _("Can not create LOC URI. Will continue with CHK instead.\n"));
+    publish_kblocks (pc);
+    return;
+  }
+  p = pc->fi_pos;
+  req.header.size = htons (sizeof (struct RequestLocSignatureMessage));
+  req.header.type = htons (GNUNET_MESSAGE_TYPE_FS_REQUEST_LOC_SIGN);
+  req.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT);
+  req.expiration_time = GNUNET_TIME_absolute_hton (p->bo.expiration_time);
+  req.chk = p->chk_uri->data.chk.chk;
+  req.file_length = GNUNET_htonll (p->chk_uri->data.chk.file_length);
+  GNUNET_break (GNUNET_YES ==
+                GNUNET_CLIENT_transmit_and_get_response (pc->client,
+                                                         &req.header,
+                                                         GNUNET_TIME_UNIT_FOREVER_REL,
+                                                         GNUNET_YES,
+                                                         &process_signature_response,
+                                                         pc));
+}
+/**
 * Main function that performs the upload.
 *
 * @param cls `struct GNUNET_FS_PublishContext *` identifies the upload
@@ -835,7 +945,6 @@ GNUNET_FS_publish_main_ (void *cls,
  struct GNUNET_FS_PublishContext *pc = cls;
  struct GNUNET_FS_ProgressInfo pi;
  struct GNUNET_FS_FileInformation *p;
-  struct GNUNET_FS_Uri *loc;
  char *fn;
  pc->upload_task = GNUNET_SCHEDULER_NO_TASK;
@@ -875,13 +984,17 @@ GNUNET_FS_publish_main_ (void *cls,
      p = p->dir;
      if (fn != NULL)
      {
-        GNUNET_asprintf (&p->emsg, _("Recursive upload failed at `%s': %s"), fn,
+        GNUNET_asprintf (&p->emsg,
+                         _("Recursive upload failed at `%s': %s"),
+                         fn,
                         p->emsg);
        GNUNET_free (fn);
      }
      else
      {
-        GNUNET_asprintf (&p->emsg, _("Recursive upload failed: %s"), p->emsg);
+        GNUNET_asprintf (&p->emsg,
+                         _("Recursive upload failed: %s"),
+                         p->emsg);
      }
      pi.status = GNUNET_FS_STATUS_PUBLISH_ERROR;
      pi.value.publish.eta = GNUNET_TIME_UNIT_FOREVER_REL;
@@ -897,31 +1010,18 @@ GNUNET_FS_publish_main_ (void *cls,
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "File upload complete, now publishing KSK blocks.\n");
-    if (0 == p->bo.anonymity_level)
-    {
-      /* zero anonymity, box CHK URI in LOC URI */
-      loc = GNUNET_FS_uri_loc_create (p->chk_uri,
-                                      pc->h->cfg,
-                                      p->bo.expiration_time);
-      GNUNET_FS_uri_destroy (p->chk_uri);
-      p->chk_uri = loc;
-      GNUNET_FS_file_information_sync_ (p);
-    }
    GNUNET_FS_publish_sync_ (pc);
-    /* upload of "p" complete, publish KBlocks! */
-    if (NULL != p->keywords)
+    if ( (0 == p->bo.anonymity_level) &&
+         (GNUNET_YES !=
+          GNUNET_FS_uri_test_loc (p->chk_uri)) )
    {
-      pc->ksk_pc = GNUNET_FS_publish_ksk (pc->h,
+      /* zero anonymity, box CHK URI in LOC URI */
-                                          p->keywords,
+      create_loc_uri (pc);
-                                          p->meta,
-                                          p->chk_uri,
-                                          &p->bo,
-                                          pc->options,
-                                          &publish_kblocks_cont, pc);
    }
    else
    {
-      publish_kblocks_cont (pc, p->chk_uri, NULL);
+      publish_kblocks (pc);
    }
    return;
  }
@@ -1320,7 +1420,7 @@ fip_signal_stop (void *cls,
    pc->skip_next_fi_callback = GNUNET_YES;
    GNUNET_FS_file_information_inspect (fi, &fip_signal_stop, pc);
  }
-  if (fi->serialization != NULL)
+  if (NULL != fi->serialization)
  {
    GNUNET_FS_remove_sync_file_ (pc->h, GNUNET_FS_SYNC_PATH_FILE_INFO,
                                 fi->serialization);
author	Christian Grothoff <christian@grothoff.org>	2014-12-14 22:15:55 +0000
committer	Christian Grothoff <christian@grothoff.org>	2014-12-14 22:15:55 +0000
commit	6c8fa85819a2b02b3c4a175a08c1779283eda209 (patch)
tree	3d635a2aa58f321fbb8779b6e086113558dc1c52 /src/fs/fs_publish.c
parent	6d7c1dd00a193fc054d1f1588ae7c98dc95b6257 (diff)
download	gnunet-6c8fa85819a2b02b3c4a175a08c1779283eda209.tar.gz gnunet-6c8fa85819a2b02b3c4a175a08c1779283eda209.zip

diff --git a/src/fs/fs_publish.c b/src/fs/fs_publish.c index beeab8b12..a8a9a220f 100644 --- a/src/fs/fs_publish.c +++ b/src/fs/fs_publish.c
@@ -823,6 +823,116 @@ hash_for_index_cb (void *cls,
823		823
824		824
825	/**	825	/**
		826	* We've computed the CHK/LOC URI, now publish the KSKs (if applicable).
		827	*
		828	* @param pc publishing context to do this for
		829	*/
		830	static void
		831	publish_kblocks (struct GNUNET_FS_PublishContext *pc)
		832	{
		833	struct GNUNET_FS_FileInformation *p;
		834
		835	p = pc->fi_pos;
		836	/* upload of "p" complete, publish KBlocks! */
		837	if (NULL != p->keywords)
		838	{
		839	pc->ksk_pc = GNUNET_FS_publish_ksk (pc->h,
		840	p->keywords,
		841	p->meta,
		842	p->chk_uri,
		843	&p->bo,
		844	pc->options,
		845	&publish_kblocks_cont, pc);
		846	}
		847	else
		848	{
		849	publish_kblocks_cont (pc, p->chk_uri, NULL);
		850	}
		851	}
		852
		853
		854	/**
		855	* Process the response (or lack thereof) from
		856	* the "fs" service to our LOC sign request.
		857	*
		858	* @param cls closure (of type `struct GNUNET_FS_PublishContext *`)
		859	* @param msg the response we got
		860	*/
		861	static void
		862	process_signature_response (void *cls,
		863	const struct GNUNET_MessageHeader *msg)
		864	{
		865	struct GNUNET_FS_PublishContext *pc = cls;
		866	const struct ResponseLocSignatureMessage *sig;
		867	struct GNUNET_FS_FileInformation *p;
		868
		869	p = pc->fi_pos;
		870	if (NULL == msg)
		871	{
		872	GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
		873	_("Can not create LOC URI. Will continue with CHK instead.\n"));
		874	publish_kblocks (pc);
		875	return;
		876	}
		877	if (sizeof (struct ResponseLocSignatureMessage) !=
		878	ntohs (msg->size))
		879	{
		880	GNUNET_break (0);
		881	publish_kblocks (pc);
		882	return;
		883	}
		884	sig = (const struct ResponseLocSignatureMessage *) msg;
		885	p->chk_uri->type = GNUNET_FS_URI_LOC;
		886	/* p->data.loc.fi kept from CHK before */
		887	p->chk_uri->data.loc.peer = sig->peer;
		888	p->chk_uri->data.loc.expirationTime = GNUNET_TIME_absolute_ntoh (sig->expiration_time);
		889	p->chk_uri->data.loc.contentSignature = sig->signature;
		890	GNUNET_FS_file_information_sync_ (p);
		891	GNUNET_FS_publish_sync_ (pc);
		892	publish_kblocks (pc);
		893	}
		894
		895
		896	/**
		897	* We're publishing without anonymity. Contact the FS service
		898	* to create a signed LOC URI for further processing, then
		899	* continue with KSKs.
		900	*
		901	* @param pc the publishing context do to this for
		902	*/
		903	static void
		904	create_loc_uri (struct GNUNET_FS_PublishContext *pc)
		905	{
		906	struct RequestLocSignatureMessage req;
		907	struct GNUNET_FS_FileInformation *p;
		908
		909	if (NULL == pc->client)
		910	pc->client = GNUNET_CLIENT_connect ("fs", pc->h->cfg);
		911	if (NULL == pc->client)
		912	{
		913	GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
		914	_("Can not create LOC URI. Will continue with CHK instead.\n"));
		915	publish_kblocks (pc);
		916	return;
		917	}
		918	p = pc->fi_pos;
		919	req.header.size = htons (sizeof (struct RequestLocSignatureMessage));
		920	req.header.type = htons (GNUNET_MESSAGE_TYPE_FS_REQUEST_LOC_SIGN);
		921	req.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT);
		922	req.expiration_time = GNUNET_TIME_absolute_hton (p->bo.expiration_time);
		923	req.chk = p->chk_uri->data.chk.chk;
		924	req.file_length = GNUNET_htonll (p->chk_uri->data.chk.file_length);
		925	GNUNET_break (GNUNET_YES ==
		926	GNUNET_CLIENT_transmit_and_get_response (pc->client,
		927	&req.header,
		928	GNUNET_TIME_UNIT_FOREVER_REL,
		929	GNUNET_YES,
		930	&process_signature_response,
		931	pc));
		932	}
		933
		934
		935	/**
826	* Main function that performs the upload.	936	* Main function that performs the upload.
827	*	937	*
828	* @param cls `struct GNUNET_FS_PublishContext *` identifies the upload	938	* @param cls `struct GNUNET_FS_PublishContext *` identifies the upload
@@ -835,7 +945,6 @@ GNUNET_FS_publish_main_ (void *cls,
835	struct GNUNET_FS_PublishContext *pc = cls;	945	struct GNUNET_FS_PublishContext *pc = cls;
836	struct GNUNET_FS_ProgressInfo pi;	946	struct GNUNET_FS_ProgressInfo pi;
837	struct GNUNET_FS_FileInformation *p;	947	struct GNUNET_FS_FileInformation *p;
838	struct GNUNET_FS_Uri *loc;
839	char *fn;	948	char *fn;
840		949
841	pc->upload_task = GNUNET_SCHEDULER_NO_TASK;	950	pc->upload_task = GNUNET_SCHEDULER_NO_TASK;
@@ -875,13 +984,17 @@ GNUNET_FS_publish_main_ (void *cls,
875	p = p->dir;	984	p = p->dir;
876	if (fn != NULL)	985	if (fn != NULL)
877	{	986	{
878	GNUNET_asprintf (&p->emsg, _("Recursive upload failed at `%s': %s"), fn,	987	GNUNET_asprintf (&p->emsg,
		988	_("Recursive upload failed at `%s': %s"),
		989	fn,
879	p->emsg);	990	p->emsg);
880	GNUNET_free (fn);	991	GNUNET_free (fn);
881	}	992	}
882	else	993	else
883	{	994	{
884	GNUNET_asprintf (&p->emsg, _("Recursive upload failed: %s"), p->emsg);	995	GNUNET_asprintf (&p->emsg,
		996	_("Recursive upload failed: %s"),
		997	p->emsg);
885	}	998	}
886	pi.status = GNUNET_FS_STATUS_PUBLISH_ERROR;	999	pi.status = GNUNET_FS_STATUS_PUBLISH_ERROR;
887	pi.value.publish.eta = GNUNET_TIME_UNIT_FOREVER_REL;	1000	pi.value.publish.eta = GNUNET_TIME_UNIT_FOREVER_REL;
@@ -897,31 +1010,18 @@ GNUNET_FS_publish_main_ (void *cls,
897	{	1010	{
898	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	1011	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
899	"File upload complete, now publishing KSK blocks.\n");	1012	"File upload complete, now publishing KSK blocks.\n");
900	if (0 == p->bo.anonymity_level)
901	{
902	/* zero anonymity, box CHK URI in LOC URI */
903	loc = GNUNET_FS_uri_loc_create (p->chk_uri,
904	pc->h->cfg,
905	p->bo.expiration_time);
906	GNUNET_FS_uri_destroy (p->chk_uri);
907	p->chk_uri = loc;
908	GNUNET_FS_file_information_sync_ (p);
909	}
910	GNUNET_FS_publish_sync_ (pc);	1013	GNUNET_FS_publish_sync_ (pc);
911	/* upload of "p" complete, publish KBlocks! */	1014
912	if (NULL != p->keywords)	1015	if ( (0 == p->bo.anonymity_level) &&
		1016	(GNUNET_YES !=
		1017	GNUNET_FS_uri_test_loc (p->chk_uri)) )
913	{	1018	{
914	pc->ksk_pc = GNUNET_FS_publish_ksk (pc->h,	1019	/* zero anonymity, box CHK URI in LOC URI */
915	p->keywords,	1020	create_loc_uri (pc);
916	p->meta,
917	p->chk_uri,
918	&p->bo,
919	pc->options,
920	&publish_kblocks_cont, pc);
921	}	1021	}
922	else	1022	else
923	{	1023	{
924	publish_kblocks_cont (pc, p->chk_uri, NULL);	1024	publish_kblocks (pc);
925	}	1025	}
926	return;	1026	return;
927	}	1027	}
@@ -1320,7 +1420,7 @@ fip_signal_stop (void *cls,
1320	pc->skip_next_fi_callback = GNUNET_YES;	1420	pc->skip_next_fi_callback = GNUNET_YES;
1321	GNUNET_FS_file_information_inspect (fi, &fip_signal_stop, pc);	1421	GNUNET_FS_file_information_inspect (fi, &fip_signal_stop, pc);
1322	}	1422	}
1323	if (fi->serialization != NULL)	1423	if (NULL != fi->serialization)
1324	{	1424	{
1325	GNUNET_FS_remove_sync_file_ (pc->h, GNUNET_FS_SYNC_PATH_FILE_INFO,	1425	GNUNET_FS_remove_sync_file_ (pc->h, GNUNET_FS_SYNC_PATH_FILE_INFO,
1326	fi->serialization);	1426	fi->serialization);