[GNUnet-SVN] r26299 - in gnunet/src: gns include testing util

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r26299 - in gnunet/src: gns include testing util

From:	gnunet
Subject:	[GNUnet-SVN] r26299 - in gnunet/src: gns include testing util
Date:	Mon, 4 Mar 2013 15:09:27 +0100

Author: grothoff
Date: 2013-03-04 15:09:27 +0100 (Mon, 04 Mar 2013)
New Revision: 26299

Modified:
   gnunet/src/gns/gns.conf.in
   gnunet/src/include/gnunet_crypto_lib.h
   gnunet/src/testing/testing.c
   gnunet/src/util/crypto_ecc.c
Log:
add argument to GNUNET_CRYPTO_ecc_decode_key to allow testing to disable key 
validation

Modified: gnunet/src/gns/gns.conf.in
===================================================================
--- gnunet/src/gns/gns.conf.in  2013-03-04 13:52:11 UTC (rev 26298)
+++ gnunet/src/gns/gns.conf.in  2013-03-04 14:09:27 UTC (rev 26299)
@@ -22,6 +22,13 @@
 # Automatically import PKEYs we learn into the shorten zone?
 AUTO_IMPORT_PKEY = YES
 
+# Do we require users that want to access GNS to run this process 
+# (usually not a good idea)
+UNIX_MATCH_UID = NO
+
+# Do we require users that want to access GNS to be in the 'gnunet' group?
+UNIX_MATCH_GID = YES
+
 # When we automatically import PKEYs into shorten zone, require confirmation
 # before they become active? (Not useful right now as the GUI to confirm
 # doesn't exist)

Modified: gnunet/src/include/gnunet_crypto_lib.h
===================================================================
--- gnunet/src/include/gnunet_crypto_lib.h      2013-03-04 13:52:11 UTC (rev 
26298)
+++ gnunet/src/include/gnunet_crypto_lib.h      2013-03-04 14:09:27 UTC (rev 
26299)
@@ -1244,11 +1244,15 @@
  *
  * @param buf the buffer where the private key data is stored
  * @param len the length of the data in 'buffer'
+ * @param validate GNUNET_YES to validate that the key is well-formed,
+ *                 GNUNET_NO if the key comes from a totally trusted source 
+ *                 and validation is considered too expensive
  * @return NULL on error
  */
 struct GNUNET_CRYPTO_EccPrivateKey *
 GNUNET_CRYPTO_ecc_decode_key (const char *buf, 
-                             size_t len);
+                             size_t len,
+                             int validate);
 
 
 /**

Modified: gnunet/src/testing/testing.c
===================================================================
--- gnunet/src/testing/testing.c        2013-03-04 13:52:11 UTC (rev 26298)
+++ gnunet/src/testing/testing.c        2013-03-04 14:09:27 UTC (rev 26299)
@@ -544,7 +544,8 @@
   private_key = GNUNET_CRYPTO_ecc_decode_key (system->hostkeys_data +
                                               (key_number *
                                                GNUNET_TESTING_HOSTKEYFILESIZE),
-                                              GNUNET_TESTING_HOSTKEYFILESIZE);
+                                              GNUNET_TESTING_HOSTKEYFILESIZE,
+                                             GNUNET_NO);
   if (NULL == private_key)
   {
     LOG (GNUNET_ERROR_TYPE_ERROR,

Modified: gnunet/src/util/crypto_ecc.c
===================================================================
--- gnunet/src/util/crypto_ecc.c        2013-03-04 13:52:11 UTC (rev 26298)
+++ gnunet/src/util/crypto_ecc.c        2013-03-04 14:09:27 UTC (rev 26299)
@@ -325,11 +325,15 @@
  *
  * @param buf the buffer where the private key data is stored
  * @param len the length of the data in 'buffer'
+ * @param validate GNUNET_YES to validate that the key is well-formed,
+ *                 GNUNET_NO if the key comes from a totally trusted source 
+ *                 and validation is considered too expensive
  * @return NULL on error
  */
 struct GNUNET_CRYPTO_EccPrivateKey *
 GNUNET_CRYPTO_ecc_decode_key (const char *buf, 
-                             size_t len)
+                             size_t len,
+                             int validate)
 {
   struct GNUNET_CRYPTO_EccPrivateKey *ret;
   uint16_t be;
@@ -350,8 +354,9 @@
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_scan", rc);
     return NULL;
-  }
-  if (0 != (rc = gcry_pk_testkey (sexp)))
+  }  
+  if ( (GNUNET_YES == validate) &&
+       (0 != (rc = gcry_pk_testkey (sexp))) )
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
     return NULL;
@@ -451,7 +456,7 @@
     char enc[fs];
 
     GNUNET_break (fs == GNUNET_DISK_file_read (fd, enc, fs));
-    if (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, fs)))
+    if (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, fs, 
GNUNET_YES)))
     {
       LOG (GNUNET_ERROR_TYPE_ERROR,
           _("File `%s' does not contain a valid private key (failed decode, 
%llu bytes).  Deleting it.\n"),
@@ -646,7 +651,7 @@
   len = ntohs (enc->size);
   ret = NULL;
   if ((len > fs) ||
-      (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len))))
+      (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len, 
GNUNET_YES))))
   {
     LOG (GNUNET_ERROR_TYPE_ERROR,
          _("File `%s' does not contain a valid private key.  Deleting it.\n"),

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r26299 - in gnunet/src: gns include testing util, gnunet <=

Prev by Date: [GNUnet-SVN] r26298 - gnunet/src/fs
Next by Date: [GNUnet-SVN] r26300 - in gnunet/src: include testing
Previous by thread: [GNUnet-SVN] r26298 - gnunet/src/fs
Next by thread: [GNUnet-SVN] r26300 - in gnunet/src: include testing
Index(es):
- Date
- Thread