aboutsummaryrefslogtreecommitdiff
path: root/src/fs/gnunet-service-fs.c
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2014-12-14 22:15:55 +0000
committerChristian Grothoff <christian@grothoff.org>2014-12-14 22:15:55 +0000
commit6c8fa85819a2b02b3c4a175a08c1779283eda209 (patch)
tree3d635a2aa58f321fbb8779b6e086113558dc1c52 /src/fs/gnunet-service-fs.c
parent6d7c1dd00a193fc054d1f1588ae7c98dc95b6257 (diff)
downloadgnunet-6c8fa85819a2b02b3c4a175a08c1779283eda209.tar.gz
gnunet-6c8fa85819a2b02b3c4a175a08c1779283eda209.zip
fix key management issue with LOC signing identified in #3559
Diffstat (limited to 'src/fs/gnunet-service-fs.c')
-rw-r--r--src/fs/gnunet-service-fs.c195
1 files changed, 148 insertions, 47 deletions
diff --git a/src/fs/gnunet-service-fs.c b/src/fs/gnunet-service-fs.c
index 6652ecb16..dd7d61118 100644
--- a/src/fs/gnunet-service-fs.c
+++ b/src/fs/gnunet-service-fs.c
@@ -1,6 +1,6 @@
1/* 1/*
2 This file is part of GNUnet. 2 This file is part of GNUnet.
3 (C) 2009, 2010, 2011 Christian Grothoff (and other contributing authors) 3 (C) 2009-2014 Christian Grothoff (and other contributing authors)
4 4
5 GNUnet is free software; you can redistribute it and/or modify 5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published 6 it under the terms of the GNU General Public License as published
@@ -45,6 +45,7 @@
45#include "gnunet-service-fs_put.h" 45#include "gnunet-service-fs_put.h"
46#include "gnunet-service-fs_cadet.h" 46#include "gnunet-service-fs_cadet.h"
47#include "fs.h" 47#include "fs.h"
48#include "fs_api.h"
48 49
49/** 50/**
50 * Size for the hash map for DHT requests from the FS 51 * Size for the hash map for DHT requests from the FS
@@ -159,6 +160,11 @@ int GSF_enable_randomized_delays;
159static struct GNUNET_CONFIGURATION_Handle *block_cfg; 160static struct GNUNET_CONFIGURATION_Handle *block_cfg;
160 161
161/** 162/**
163 * Private key of this peer. Used to sign LOC URI requests.
164 */
165static struct GNUNET_CRYPTO_EddsaPrivateKey *pk;
166
167/**
162 * ID of our task that we use to age the cover counters. 168 * ID of our task that we use to age the cover counters.
163 */ 169 */
164static GNUNET_SCHEDULER_TaskIdentifier cover_age_task; 170static GNUNET_SCHEDULER_TaskIdentifier cover_age_task;
@@ -173,6 +179,7 @@ static struct GNUNET_LOAD_Value *datastore_get_load;
173 */ 179 */
174static struct GNUNET_PeerIdentity my_id; 180static struct GNUNET_PeerIdentity my_id;
175 181
182
176/** 183/**
177 * Task that periodically ages our cover traffic statistics. 184 * Task that periodically ages our cover traffic statistics.
178 * 185 *
@@ -180,7 +187,8 @@ static struct GNUNET_PeerIdentity my_id;
180 * @param tc task context 187 * @param tc task context
181 */ 188 */
182static void 189static void
183age_cover_counters (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) 190age_cover_counters (void *cls,
191 const struct GNUNET_SCHEDULER_TaskContext *tc)
184{ 192{
185 GSF_cover_content_count = (GSF_cover_content_count * 15) / 16; 193 GSF_cover_content_count = (GSF_cover_content_count * 15) / 16;
186 GSF_cover_query_count = (GSF_cover_query_count * 15) / 16; 194 GSF_cover_query_count = (GSF_cover_query_count * 15) / 16;
@@ -288,11 +296,12 @@ update_latencies (void *cls,
288 * @param other the other peer involved (sender or receiver, NULL 296 * @param other the other peer involved (sender or receiver, NULL
289 * for loopback messages where we are both sender and receiver) 297 * for loopback messages where we are both sender and receiver)
290 * @param message the actual message 298 * @param message the actual message
291 * @return GNUNET_OK to keep the connection open, 299 * @return #GNUNET_OK to keep the connection open,
292 * GNUNET_SYSERR to close it (signal serious error) 300 * #GNUNET_SYSERR to close it (signal serious error)
293 */ 301 */
294static int 302static int
295handle_p2p_put (void *cls, const struct GNUNET_PeerIdentity *other, 303handle_p2p_put (void *cls,
304 const struct GNUNET_PeerIdentity *other,
296 const struct GNUNET_MessageHeader *message) 305 const struct GNUNET_MessageHeader *message)
297{ 306{
298 struct GSF_ConnectedPeer *cp; 307 struct GSF_ConnectedPeer *cp;
@@ -349,7 +358,8 @@ consider_request_for_forwarding (void *cls,
349 * @param result final datastore lookup result 358 * @param result final datastore lookup result
350 */ 359 */
351static void 360static void
352consider_forwarding (void *cls, struct GSF_PendingRequest *pr, 361consider_forwarding (void *cls,
362 struct GSF_PendingRequest *pr,
353 enum GNUNET_BLOCK_EvaluationResult result) 363 enum GNUNET_BLOCK_EvaluationResult result)
354{ 364{
355 if (GNUNET_BLOCK_EVALUATION_OK_LAST == result) 365 if (GNUNET_BLOCK_EVALUATION_OK_LAST == result)
@@ -365,11 +375,12 @@ consider_forwarding (void *cls, struct GSF_PendingRequest *pr,
365 * @param other the other peer involved (sender or receiver, NULL 375 * @param other the other peer involved (sender or receiver, NULL
366 * for loopback messages where we are both sender and receiver) 376 * for loopback messages where we are both sender and receiver)
367 * @param message the actual message 377 * @param message the actual message
368 * @return GNUNET_OK to keep the connection open, 378 * @return #GNUNET_OK to keep the connection open,
369 * GNUNET_SYSERR to close it (signal serious error) 379 * #GNUNET_SYSERR to close it (signal serious error)
370 */ 380 */
371static int 381static int
372handle_p2p_get (void *cls, const struct GNUNET_PeerIdentity *other, 382handle_p2p_get (void *cls,
383 const struct GNUNET_PeerIdentity *other,
373 const struct GNUNET_MessageHeader *message) 384 const struct GNUNET_MessageHeader *message)
374{ 385{
375 struct GSF_PendingRequest *pr; 386 struct GSF_PendingRequest *pr;
@@ -378,7 +389,8 @@ handle_p2p_get (void *cls, const struct GNUNET_PeerIdentity *other,
378 if (NULL == pr) 389 if (NULL == pr)
379 return GNUNET_SYSERR; 390 return GNUNET_SYSERR;
380 GSF_pending_request_get_data_ (pr)->has_started = GNUNET_YES; 391 GSF_pending_request_get_data_ (pr)->has_started = GNUNET_YES;
381 GSF_local_lookup_ (pr, &consider_forwarding, NULL); 392 GSF_local_lookup_ (pr,
393 &consider_forwarding, NULL);
382 return GNUNET_OK; 394 return GNUNET_OK;
383} 395}
384 396
@@ -389,18 +401,20 @@ handle_p2p_get (void *cls, const struct GNUNET_PeerIdentity *other,
389 * result status). Also signal that we can now 401 * result status). Also signal that we can now
390 * receive more request information from the client. 402 * receive more request information from the client.
391 * 403 *
392 * @param cls the client doing the request ('struct GNUNET_SERVER_Client') 404 * @param cls the client doing the request (`struct GNUNET_SERVER_Client`)
393 * @param pr the pending request we were processing 405 * @param pr the pending request we were processing
394 * @param result final datastore lookup result 406 * @param result final datastore lookup result
395 */ 407 */
396static void 408static void
397start_p2p_processing (void *cls, struct GSF_PendingRequest *pr, 409start_p2p_processing (void *cls,
410 struct GSF_PendingRequest *pr,
398 enum GNUNET_BLOCK_EvaluationResult result) 411 enum GNUNET_BLOCK_EvaluationResult result)
399{ 412{
400 struct GNUNET_SERVER_Client *client = cls; 413 struct GNUNET_SERVER_Client *client = cls;
401 struct GSF_PendingRequestData *prd; 414 struct GSF_PendingRequestData *prd;
402 415
403 GNUNET_SERVER_receive_done (client, GNUNET_OK); 416 GNUNET_SERVER_receive_done (client,
417 GNUNET_OK);
404 if (GNUNET_BLOCK_EVALUATION_OK_LAST == result) 418 if (GNUNET_BLOCK_EVALUATION_OK_LAST == result)
405 return; /* we're done, 'pr' was already destroyed... */ 419 return; /* we're done, 'pr' was already destroyed... */
406 prd = GSF_pending_request_get_data_ (pr); 420 prd = GSF_pending_request_get_data_ (pr);
@@ -441,25 +455,32 @@ start_p2p_processing (void *cls, struct GSF_PendingRequest *pr,
441 * @param message the actual message 455 * @param message the actual message
442 */ 456 */
443static void 457static void
444handle_start_search (void *cls, struct GNUNET_SERVER_Client *client, 458handle_start_search (void *cls,
459 struct GNUNET_SERVER_Client *client,
445 const struct GNUNET_MessageHeader *message) 460 const struct GNUNET_MessageHeader *message)
446{ 461{
447 struct GSF_PendingRequest *pr; 462 struct GSF_PendingRequest *pr;
448 int ret; 463 int ret;
449 464
450 pr = NULL; 465 pr = NULL;
451 ret = GSF_local_client_start_search_handler_ (client, message, &pr); 466 ret = GSF_local_client_start_search_handler_ (client,
467 message,
468 &pr);
452 switch (ret) 469 switch (ret)
453 { 470 {
454 case GNUNET_SYSERR: 471 case GNUNET_SYSERR:
455 GNUNET_SERVER_receive_done (client, GNUNET_SYSERR); 472 GNUNET_SERVER_receive_done (client,
473 GNUNET_SYSERR);
456 break; 474 break;
457 case GNUNET_NO: 475 case GNUNET_NO:
458 GNUNET_SERVER_receive_done (client, GNUNET_OK); 476 GNUNET_SERVER_receive_done (client,
477 GNUNET_OK);
459 break; 478 break;
460 case GNUNET_YES: 479 case GNUNET_YES:
461 GSF_pending_request_get_data_ (pr)->has_started = GNUNET_YES; 480 GSF_pending_request_get_data_ (pr)->has_started = GNUNET_YES;
462 GSF_local_lookup_ (pr, &start_p2p_processing, client); 481 GSF_local_lookup_ (pr,
482 &start_p2p_processing,
483 client);
463 break; 484 break;
464 default: 485 default:
465 GNUNET_assert (0); 486 GNUNET_assert (0);
@@ -468,13 +489,56 @@ handle_start_search (void *cls, struct GNUNET_SERVER_Client *client,
468 489
469 490
470/** 491/**
492 * Handle request to sign a LOC URI (from client).
493 *
494 * @param cls closure (NULL)
495 * @param client identification of the client
496 * @param message the actual message
497 */
498static void
499handle_loc_sign (void *cls,
500 struct GNUNET_SERVER_Client *client,
501 const struct GNUNET_MessageHeader *message)
502{
503 const struct RequestLocSignatureMessage *msg;
504 struct GNUNET_FS_Uri base;
505 struct GNUNET_FS_Uri *loc;
506 struct ResponseLocSignatureMessage resp;
507 struct GSF_LocalClient *lc;
508
509 msg = (const struct RequestLocSignatureMessage *) message;
510 GNUNET_break (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT ==
511 ntohl (msg->purpose));
512 base.type = GNUNET_FS_URI_CHK;
513 base.data.chk.chk = msg->chk;
514 base.data.chk.file_length = GNUNET_ntohll (msg->file_length);
515 loc = GNUNET_FS_uri_loc_create (&base,
516 pk,
517 GNUNET_TIME_absolute_ntoh (msg->expiration_time));
518 resp.header.size = htons (sizeof (struct ResponseLocSignatureMessage));
519 resp.header.type = htons (GNUNET_MESSAGE_TYPE_FS_REQUEST_LOC_SIGNATURE);
520 resp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT);
521 resp.expiration_time = GNUNET_TIME_absolute_hton (loc->data.loc.expirationTime);
522 resp.signature = loc->data.loc.contentSignature;
523 resp.peer = loc->data.loc.peer;
524 GNUNET_FS_uri_destroy (loc);
525 lc = GSF_local_client_lookup_ (client);
526 GSF_local_client_transmit_ (lc,
527 &resp.header);
528 GNUNET_free (loc);
529 GNUNET_SERVER_receive_done (client, GNUNET_OK);
530}
531
532
533/**
471 * Task run during shutdown. 534 * Task run during shutdown.
472 * 535 *
473 * @param cls unused 536 * @param cls unused
474 * @param tc unused 537 * @param tc unused
475 */ 538 */
476static void 539static void
477shutdown_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc) 540shutdown_task (void *cls,
541 const struct GNUNET_SCHEDULER_TaskContext *tc)
478{ 542{
479 GSF_cadet_stop_client (); 543 GSF_cadet_stop_client ();
480 GSF_cadet_stop_server (); 544 GSF_cadet_stop_server ();
@@ -524,10 +588,11 @@ shutdown_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
524 * @param cls the 'struct GSF_ConnectedPeer' of the new peer 588 * @param cls the 'struct GSF_ConnectedPeer' of the new peer
525 * @param key query for the request 589 * @param key query for the request
526 * @param pr handle to the pending request 590 * @param pr handle to the pending request
527 * @return GNUNET_YES to continue to iterate 591 * @return #GNUNET_YES to continue to iterate
528 */ 592 */
529static int 593static int
530consider_peer_for_forwarding (void *cls, const struct GNUNET_HashCode * key, 594consider_peer_for_forwarding (void *cls,
595 const struct GNUNET_HashCode *key,
531 struct GSF_PendingRequest *pr) 596 struct GSF_PendingRequest *pr)
532{ 597{
533 struct GSF_ConnectedPeer *cp = cls; 598 struct GSF_ConnectedPeer *cp = cls;
@@ -568,11 +633,15 @@ connected_peer_cb (void *cls, struct GSF_ConnectedPeer *cp)
568 * @param peer peer identity this notification is about 633 * @param peer peer identity this notification is about
569 */ 634 */
570static void 635static void
571peer_connect_handler (void *cls, const struct GNUNET_PeerIdentity *peer) 636peer_connect_handler (void *cls,
637 const struct GNUNET_PeerIdentity *peer)
572{ 638{
573 if (0 == memcmp (&my_id, peer, sizeof (struct GNUNET_PeerIdentity))) 639 if (0 != GNUNET_CRYPTO_cmp_peer_identity (&my_id,
640 peer))
574 return; 641 return;
575 GSF_peer_connect_handler_ (peer, &connected_peer_cb, NULL); 642 GSF_peer_connect_handler_ (peer,
643 &connected_peer_cb,
644 NULL);
576} 645}
577 646
578 647
@@ -590,7 +659,13 @@ static void
590peer_init_handler (void *cls, 659peer_init_handler (void *cls,
591 const struct GNUNET_PeerIdentity *my_identity) 660 const struct GNUNET_PeerIdentity *my_identity)
592{ 661{
593 my_id = *my_identity; 662 if (0 != GNUNET_CRYPTO_cmp_peer_identity (&my_id,
663 my_identity))
664 {
665 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
666 "Peer identity missmatch, refusing to start!\n");
667 GNUNET_SCHEDULER_shutdown ();
668 }
594} 669}
595 670
596 671
@@ -605,31 +680,36 @@ main_init (struct GNUNET_SERVER_Handle *server,
605 const struct GNUNET_CONFIGURATION_Handle *c) 680 const struct GNUNET_CONFIGURATION_Handle *c)
606{ 681{
607 static const struct GNUNET_CORE_MessageHandler no_p2p_handlers[] = { 682 static const struct GNUNET_CORE_MessageHandler no_p2p_handlers[] = {
608 {NULL, 0, 0} 683 { NULL, 0, 0 }
609 }; 684 };
610 static const struct GNUNET_CORE_MessageHandler p2p_handlers[] = { 685 static const struct GNUNET_CORE_MessageHandler p2p_handlers[] = {
611 {&handle_p2p_get, 686 { &handle_p2p_get,
612 GNUNET_MESSAGE_TYPE_FS_GET, 0}, 687 GNUNET_MESSAGE_TYPE_FS_GET, 0 },
613 {&handle_p2p_put, 688 { &handle_p2p_put,
614 GNUNET_MESSAGE_TYPE_FS_PUT, 0}, 689 GNUNET_MESSAGE_TYPE_FS_PUT, 0 },
615 {&GSF_handle_p2p_migration_stop_, 690 { &GSF_handle_p2p_migration_stop_,
616 GNUNET_MESSAGE_TYPE_FS_MIGRATION_STOP, 691 GNUNET_MESSAGE_TYPE_FS_MIGRATION_STOP,
617 sizeof (struct MigrationStopMessage)}, 692 sizeof (struct MigrationStopMessage) },
618 {NULL, 0, 0} 693 { NULL, 0, 0 }
619 }; 694 };
620 static const struct GNUNET_SERVER_MessageHandler handlers[] = { 695 static const struct GNUNET_SERVER_MessageHandler handlers[] = {
621 {&GNUNET_FS_handle_index_start, NULL, 696 { &GNUNET_FS_handle_index_start, NULL,
622 GNUNET_MESSAGE_TYPE_FS_INDEX_START, 0}, 697 GNUNET_MESSAGE_TYPE_FS_INDEX_START, 0 },
623 {&GNUNET_FS_handle_index_list_get, NULL, 698 { &GNUNET_FS_handle_index_list_get, NULL,
624 GNUNET_MESSAGE_TYPE_FS_INDEX_LIST_GET, 699 GNUNET_MESSAGE_TYPE_FS_INDEX_LIST_GET,
625 sizeof (struct GNUNET_MessageHeader)}, 700 sizeof (struct GNUNET_MessageHeader) },
626 {&GNUNET_FS_handle_unindex, NULL, GNUNET_MESSAGE_TYPE_FS_UNINDEX, 701 { &GNUNET_FS_handle_unindex, NULL,
627 sizeof (struct UnindexMessage)}, 702 GNUNET_MESSAGE_TYPE_FS_UNINDEX,
628 {&handle_start_search, NULL, GNUNET_MESSAGE_TYPE_FS_START_SEARCH, 703 sizeof (struct UnindexMessage) },
629 0}, 704 { &handle_start_search, NULL,
705 GNUNET_MESSAGE_TYPE_FS_START_SEARCH, 0 },
706 { &handle_loc_sign, NULL,
707 GNUNET_MESSAGE_TYPE_FS_REQUEST_LOC_SIGN,
708 sizeof (struct RequestLocSignatureMessage) },
630 {NULL, NULL, 0, 0} 709 {NULL, NULL, 0, 0}
631 }; 710 };
632 int anon_p2p_off; 711 int anon_p2p_off;
712 char *keyfile;
633 713
634 /* this option is really only for testcases that need to disable 714 /* this option is really only for testcases that need to disable
635 _anonymous_ file-sharing for some reason */ 715 _anonymous_ file-sharing for some reason */
@@ -637,10 +717,31 @@ main_init (struct GNUNET_SERVER_Handle *server,
637 GNUNET_CONFIGURATION_get_value_yesno (GSF_cfg, 717 GNUNET_CONFIGURATION_get_value_yesno (GSF_cfg,
638 "fs", 718 "fs",
639 "DISABLE_ANON_TRANSFER")); 719 "DISABLE_ANON_TRANSFER"));
640 GSF_core = 720
641 GNUNET_CORE_connect (GSF_cfg, NULL, &peer_init_handler, 721 if (GNUNET_OK !=
642 &peer_connect_handler, &GSF_peer_disconnect_handler_, 722 GNUNET_CONFIGURATION_get_value_filename (GSF_cfg,
643 NULL, GNUNET_NO, NULL, GNUNET_NO, 723 "PEER",
724 "PRIVATE_KEY",
725 &keyfile))
726 {
727 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
728 _("FS service is lacking HOSTKEY configuration setting. Exiting.\n"));
729 GNUNET_SCHEDULER_shutdown ();
730 return GNUNET_SYSERR;
731 }
732 pk = GNUNET_CRYPTO_eddsa_key_create_from_file (keyfile);
733 GNUNET_free (keyfile);
734 GNUNET_assert (NULL != pk);
735 GNUNET_CRYPTO_eddsa_key_get_public (pk,
736 &my_id.public_key);
737
738 GSF_core
739 = GNUNET_CORE_connect (GSF_cfg, NULL,
740 &peer_init_handler,
741 &peer_connect_handler,
742 &GSF_peer_disconnect_handler_,
743 NULL, GNUNET_NO,
744 NULL, GNUNET_NO,
644 (GNUNET_YES == anon_p2p_off) 745 (GNUNET_YES == anon_p2p_off)
645 ? no_p2p_handlers 746 ? no_p2p_handlers
646 : p2p_handlers); 747 : p2p_handlers);