View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0011125 | GNUnet | util library | public | 2026-02-20 17:23 | 2026-02-21 17:56 |
| Reporter | thejackimonster | Assigned To | thejackimonster | ||
| Priority | high | Severity | major | Reproducibility | always |
| Status | assigned | Resolution | open | ||
| Product Version | Git master | ||||
| Target Version | 0.27.0 | ||||
| Summary | 0011125: Multiple services are using the wrong peer identity key | ||||
| Description | Since the PILS service has been implemented, there are still multiple services and components in GNUnet which use the function `GNUNET_CRYPTO_eddsa_key_create_from_configuration()`. This function simply reads a private key for the peer from the a configuration instead of asking the PILS service about the current peer identity. This results in signature mismatches for example and other cryptographic issues. I'd suggest that we fully remove this function, replacing it with PILS integration. So that services like CADET, DHT, NSE, EXIT, REGEX and multiple TRANSPORT communicators work as intended again and they could react to peer identity changes. | ||||
| Steps To Reproduce | - enable logging to INFO level in the CADET service. - open any port with `gnunet-cadet -o $ANY_PORT` to start CADET if not running already - search for "CADET started for peer " in the log from CADET service - compare the peer identity in that line with the output from `gnunet-pils -1` | ||||
| Additional Information | Originally I was looking into CADET issues and noticed a signature verification failure. The CORE and TRANSPORT services were making a connection from one peer to another properly but CADET was using a different peer identity key for its signatures. So naturally it failed. | ||||
| Tags | No tags attached. | ||||
|
|
I've started working on a patch to address the issue and so far my changes are working for CADET. You can find them under the `dev/thejackimonster/fixes` branch. First the idea is to reduce copying code for the PILS usage, I've found in the tcp and udp communicators. Now I'm using a simplified struct to supply all the services which require the current peer identity and potentially even the derived private key with it. So far I was able to make a successful connection from a host using CADET to another vm running CADET with an open port. Both peers were able to exchange hellos, resolve the peer identity and establish a connection. The udp communicator is still throwing some errors when sending KX with payload size 48 to some IPv6 address failed (but this could depend on the vm setup - unsure). |
|
|
The error from udp communicator was simply a network being unreachable. That's barely to prevent since udp does not guarantee a valid connection before sending anything. So I lowered that log entry to a warning. |
|
|
Otherwise the changes on the `dev/thejackimonster/fixes` branch seem to fix this issue now. The only remaining usage from `GNUNET_CRYPTO_eddsa_key_create_from_configuration()` in services is the test cases using `test_communicator_basic.c` for collecting the peer identities of all peers for a basic test in an array. There's another issue for that though: https://bugs.gnunet.org/view.php?id=10431 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-02-20 17:23 | thejackimonster | New Issue | |
| 2026-02-21 02:17 | thejackimonster | Assigned To | => thejackimonster |
| 2026-02-21 02:17 | thejackimonster | Status | new => assigned |
| 2026-02-21 02:23 | thejackimonster | Note Added: 0027834 | |
| 2026-02-21 17:43 | thejackimonster | Note Added: 0027841 | |
| 2026-02-21 17:56 | thejackimonster | Note Added: 0027842 |
