diff options
| author | Christian Grothoff <christian@grothoff.org> | 2014-12-14 22:15:55 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2014-12-14 22:15:55 +0000 |
| commit | 6c8fa85819a2b02b3c4a175a08c1779283eda209 (patch) | |
| tree | 3d635a2aa58f321fbb8779b6e086113558dc1c52 /src/fs/fs_uri.c | |
| parent | 6d7c1dd00a193fc054d1f1588ae7c98dc95b6257 (diff) | |
| download | gnunet-6c8fa85819a2b02b3c4a175a08c1779283eda209.tar.gz gnunet-6c8fa85819a2b02b3c4a175a08c1779283eda209.zip | |
fix key management issue with LOC signing identified in #3559
Diffstat (limited to 'src/fs/fs_uri.c')
| -rw-r--r-- | src/fs/fs_uri.c | 45 |
1 files changed, 15 insertions, 30 deletions
diff --git a/src/fs/fs_uri.c b/src/fs/fs_uri.c index 1597f38ae..883e4b84a 100644 --- a/src/fs/fs_uri.c +++ b/src/fs/fs_uri.c | |||
| @@ -837,61 +837,46 @@ GNUNET_FS_uri_loc_get_uri (const struct GNUNET_FS_Uri *uri) | |||
| 837 | 837 | ||
| 838 | /** | 838 | /** |
| 839 | * Construct a location URI (this peer will be used for the location). | 839 | * Construct a location URI (this peer will be used for the location). |
| 840 | * This function should only be called from within gnunet-service-fs, | ||
| 841 | * as it requires the peer's private key which is generally unavailable | ||
| 842 | * to processes directly under the user's control. However, for | ||
| 843 | * testing and as it logically fits under URIs, it is in this API. | ||
| 840 | * | 844 | * |
| 841 | * @param baseUri content offered by the sender | 845 | * @param base_uri content offered by the sender |
| 842 | * @param cfg configuration information (used to find our hostkey) | 846 | * @param sign_key private key of the peer |
| 843 | * @param expiration_time how long will the content be offered? | 847 | * @param expiration_time how long will the content be offered? |
| 844 | * @return the location URI, NULL on error | 848 | * @return the location URI, NULL on error |
| 845 | */ | 849 | */ |
| 846 | struct GNUNET_FS_Uri * | 850 | struct GNUNET_FS_Uri * |
| 847 | GNUNET_FS_uri_loc_create (const struct GNUNET_FS_Uri *baseUri, | 851 | GNUNET_FS_uri_loc_create (const struct GNUNET_FS_Uri *base_uri, |
| 848 | const struct GNUNET_CONFIGURATION_Handle *cfg, | 852 | const struct GNUNET_CRYPTO_EddsaPrivateKey *sign_key, |
| 849 | struct GNUNET_TIME_Absolute expiration_time) | 853 | struct GNUNET_TIME_Absolute expiration_time) |
| 850 | { | 854 | { |
| 851 | struct GNUNET_FS_Uri *uri; | 855 | struct GNUNET_FS_Uri *uri; |
| 852 | struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key; | ||
| 853 | struct GNUNET_CRYPTO_EddsaPublicKey my_public_key; | 856 | struct GNUNET_CRYPTO_EddsaPublicKey my_public_key; |
| 854 | char *keyfile; | ||
| 855 | struct LocUriAssembly ass; | 857 | struct LocUriAssembly ass; |
| 856 | struct GNUNET_TIME_Absolute et; | 858 | struct GNUNET_TIME_Absolute et; |
| 857 | 859 | ||
| 858 | if (baseUri->type != GNUNET_FS_URI_CHK) | 860 | if (GNUNET_FS_URI_CHK != base_uri->type) |
| 859 | return NULL; | 861 | return NULL; |
| 860 | if (GNUNET_OK != | ||
| 861 | GNUNET_CONFIGURATION_get_value_filename (cfg, | ||
| 862 | "PEER", "PRIVATE_KEY", | ||
| 863 | &keyfile)) | ||
| 864 | { | ||
| 865 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
| 866 | _("Lacking key configuration settings.\n")); | ||
| 867 | return NULL; | ||
| 868 | } | ||
| 869 | if (NULL == | ||
| 870 | (my_private_key = GNUNET_CRYPTO_eddsa_key_create_from_file (keyfile))) | ||
| 871 | { | ||
| 872 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
| 873 | _("Could not access hostkey file `%s'.\n"), keyfile); | ||
| 874 | GNUNET_free (keyfile); | ||
| 875 | return NULL; | ||
| 876 | } | ||
| 877 | GNUNET_free (keyfile); | ||
| 878 | /* we round expiration time to full seconds for SKS URIs */ | 862 | /* we round expiration time to full seconds for SKS URIs */ |
| 879 | et.abs_value_us = (expiration_time.abs_value_us / 1000000LL) * 1000000LL; | 863 | et.abs_value_us = (expiration_time.abs_value_us / 1000000LL) * 1000000LL; |
| 880 | GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, &my_public_key); | 864 | GNUNET_CRYPTO_eddsa_key_get_public (sign_key, |
| 865 | &my_public_key); | ||
| 881 | ass.purpose.size = htonl (sizeof (struct LocUriAssembly)); | 866 | ass.purpose.size = htonl (sizeof (struct LocUriAssembly)); |
| 882 | ass.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT); | 867 | ass.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT); |
| 883 | ass.exptime = GNUNET_TIME_absolute_hton (et); | 868 | ass.exptime = GNUNET_TIME_absolute_hton (et); |
| 884 | ass.fi = baseUri->data.chk; | 869 | ass.fi = base_uri->data.chk; |
| 885 | ass.peer.public_key = my_public_key; | 870 | ass.peer.public_key = my_public_key; |
| 886 | uri = GNUNET_new (struct GNUNET_FS_Uri); | 871 | uri = GNUNET_new (struct GNUNET_FS_Uri); |
| 887 | uri->type = GNUNET_FS_URI_LOC; | 872 | uri->type = GNUNET_FS_URI_LOC; |
| 888 | uri->data.loc.fi = baseUri->data.chk; | 873 | uri->data.loc.fi = base_uri->data.chk; |
| 889 | uri->data.loc.expirationTime = et; | 874 | uri->data.loc.expirationTime = et; |
| 890 | uri->data.loc.peer.public_key = my_public_key; | 875 | uri->data.loc.peer.public_key = my_public_key; |
| 891 | GNUNET_assert (GNUNET_OK == | 876 | GNUNET_assert (GNUNET_OK == |
| 892 | GNUNET_CRYPTO_eddsa_sign (my_private_key, &ass.purpose, | 877 | GNUNET_CRYPTO_eddsa_sign (sign_key, |
| 878 | &ass.purpose, | ||
| 893 | &uri->data.loc.contentSignature)); | 879 | &uri->data.loc.contentSignature)); |
| 894 | GNUNET_free (my_private_key); | ||
| 895 | return uri; | 880 | return uri; |
| 896 | } | 881 | } |
| 897 | 882 | ||