diff options
author | Christian Grothoff <christian@grothoff.org> | 2014-12-14 22:15:55 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2014-12-14 22:15:55 +0000 |
commit | 6c8fa85819a2b02b3c4a175a08c1779283eda209 (patch) | |
tree | 3d635a2aa58f321fbb8779b6e086113558dc1c52 /src/fs/fs_uri.c | |
parent | 6d7c1dd00a193fc054d1f1588ae7c98dc95b6257 (diff) | |
download | gnunet-6c8fa85819a2b02b3c4a175a08c1779283eda209.tar.gz gnunet-6c8fa85819a2b02b3c4a175a08c1779283eda209.zip |
fix key management issue with LOC signing identified in #3559
Diffstat (limited to 'src/fs/fs_uri.c')
-rw-r--r-- | src/fs/fs_uri.c | 45 |
1 files changed, 15 insertions, 30 deletions
diff --git a/src/fs/fs_uri.c b/src/fs/fs_uri.c index 1597f38ae..883e4b84a 100644 --- a/src/fs/fs_uri.c +++ b/src/fs/fs_uri.c | |||
@@ -837,61 +837,46 @@ GNUNET_FS_uri_loc_get_uri (const struct GNUNET_FS_Uri *uri) | |||
837 | 837 | ||
838 | /** | 838 | /** |
839 | * Construct a location URI (this peer will be used for the location). | 839 | * Construct a location URI (this peer will be used for the location). |
840 | * This function should only be called from within gnunet-service-fs, | ||
841 | * as it requires the peer's private key which is generally unavailable | ||
842 | * to processes directly under the user's control. However, for | ||
843 | * testing and as it logically fits under URIs, it is in this API. | ||
840 | * | 844 | * |
841 | * @param baseUri content offered by the sender | 845 | * @param base_uri content offered by the sender |
842 | * @param cfg configuration information (used to find our hostkey) | 846 | * @param sign_key private key of the peer |
843 | * @param expiration_time how long will the content be offered? | 847 | * @param expiration_time how long will the content be offered? |
844 | * @return the location URI, NULL on error | 848 | * @return the location URI, NULL on error |
845 | */ | 849 | */ |
846 | struct GNUNET_FS_Uri * | 850 | struct GNUNET_FS_Uri * |
847 | GNUNET_FS_uri_loc_create (const struct GNUNET_FS_Uri *baseUri, | 851 | GNUNET_FS_uri_loc_create (const struct GNUNET_FS_Uri *base_uri, |
848 | const struct GNUNET_CONFIGURATION_Handle *cfg, | 852 | const struct GNUNET_CRYPTO_EddsaPrivateKey *sign_key, |
849 | struct GNUNET_TIME_Absolute expiration_time) | 853 | struct GNUNET_TIME_Absolute expiration_time) |
850 | { | 854 | { |
851 | struct GNUNET_FS_Uri *uri; | 855 | struct GNUNET_FS_Uri *uri; |
852 | struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key; | ||
853 | struct GNUNET_CRYPTO_EddsaPublicKey my_public_key; | 856 | struct GNUNET_CRYPTO_EddsaPublicKey my_public_key; |
854 | char *keyfile; | ||
855 | struct LocUriAssembly ass; | 857 | struct LocUriAssembly ass; |
856 | struct GNUNET_TIME_Absolute et; | 858 | struct GNUNET_TIME_Absolute et; |
857 | 859 | ||
858 | if (baseUri->type != GNUNET_FS_URI_CHK) | 860 | if (GNUNET_FS_URI_CHK != base_uri->type) |
859 | return NULL; | 861 | return NULL; |
860 | if (GNUNET_OK != | ||
861 | GNUNET_CONFIGURATION_get_value_filename (cfg, | ||
862 | "PEER", "PRIVATE_KEY", | ||
863 | &keyfile)) | ||
864 | { | ||
865 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
866 | _("Lacking key configuration settings.\n")); | ||
867 | return NULL; | ||
868 | } | ||
869 | if (NULL == | ||
870 | (my_private_key = GNUNET_CRYPTO_eddsa_key_create_from_file (keyfile))) | ||
871 | { | ||
872 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
873 | _("Could not access hostkey file `%s'.\n"), keyfile); | ||
874 | GNUNET_free (keyfile); | ||
875 | return NULL; | ||
876 | } | ||
877 | GNUNET_free (keyfile); | ||
878 | /* we round expiration time to full seconds for SKS URIs */ | 862 | /* we round expiration time to full seconds for SKS URIs */ |
879 | et.abs_value_us = (expiration_time.abs_value_us / 1000000LL) * 1000000LL; | 863 | et.abs_value_us = (expiration_time.abs_value_us / 1000000LL) * 1000000LL; |
880 | GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, &my_public_key); | 864 | GNUNET_CRYPTO_eddsa_key_get_public (sign_key, |
865 | &my_public_key); | ||
881 | ass.purpose.size = htonl (sizeof (struct LocUriAssembly)); | 866 | ass.purpose.size = htonl (sizeof (struct LocUriAssembly)); |
882 | ass.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT); | 867 | ass.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT); |
883 | ass.exptime = GNUNET_TIME_absolute_hton (et); | 868 | ass.exptime = GNUNET_TIME_absolute_hton (et); |
884 | ass.fi = baseUri->data.chk; | 869 | ass.fi = base_uri->data.chk; |
885 | ass.peer.public_key = my_public_key; | 870 | ass.peer.public_key = my_public_key; |
886 | uri = GNUNET_new (struct GNUNET_FS_Uri); | 871 | uri = GNUNET_new (struct GNUNET_FS_Uri); |
887 | uri->type = GNUNET_FS_URI_LOC; | 872 | uri->type = GNUNET_FS_URI_LOC; |
888 | uri->data.loc.fi = baseUri->data.chk; | 873 | uri->data.loc.fi = base_uri->data.chk; |
889 | uri->data.loc.expirationTime = et; | 874 | uri->data.loc.expirationTime = et; |
890 | uri->data.loc.peer.public_key = my_public_key; | 875 | uri->data.loc.peer.public_key = my_public_key; |
891 | GNUNET_assert (GNUNET_OK == | 876 | GNUNET_assert (GNUNET_OK == |
892 | GNUNET_CRYPTO_eddsa_sign (my_private_key, &ass.purpose, | 877 | GNUNET_CRYPTO_eddsa_sign (sign_key, |
878 | &ass.purpose, | ||
893 | &uri->data.loc.contentSignature)); | 879 | &uri->data.loc.contentSignature)); |
894 | GNUNET_free (my_private_key); | ||
895 | return uri; | 880 | return uri; |
896 | } | 881 | } |
897 | 882 | ||