View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0003950GNUnetGNSpublic2015-08-25 02:492019-02-28 11:17
Reporterjah Assigned ToChristian Grothoff  
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Platformx86_64OSTrisquelOS Version7.0, Belenos
Product VersionGit master 
Target Version0.11.0Fixed in Version0.11.0 
Summary0003950: Trouble adding CERT record
DescriptionI've made several attempts to add a CERT record to the namestore and one of these appears to have worked, but then a possible bug in GNUNET_DNSPARSER_parse_cert prevented the record from being displayed. After fixing the bug, a CERT record is displayed, but it wasn't added correctly (which is surely my fault).

Please find the attached dnsparser.c.patch and let me know what I'm doing wrong with the CERT (specifically, what tool should I use to produce the correct GNS record value).
Steps To Reproduce$ export MY_KEY_ID=<gnupg_keyid>
$ gpg --export $MY_KEY_ID > $MY_KEY_ID.gpg
$ ./make-dns-cert -h
make-dns-cert
    -f fingerprint
    -u URL
    -k key file
    -n DNS name

$ ./make-dns-cert -n "+" -k $MY_KEY_ID.gpg > $MY_KEY_ID.dns.cert
$ wc -m $MY_KEY_ID.dns.cert
17971
$ hd $MY_KEY_ID.dns.cert | head -n 3
00000000 2b 09 54 59 50 45 33 37 09 5c 23 20 38 39 37 35 |+.TYPE37.\# 8975|
00000010 20 30 30 30 33 20 30 30 30 30 20 30 30 20 39 39 | 0003 0000 00 99|
00000020 30 32 30 44 30 34 35 32 43 39 44 37 30 44 30 31 |020D0452C9D70D01|
$ hd $MY_KEY_ID.dns.cert | tail -n 2
00004630 46 38 0a |F8.|
00004633
$ gnunet-namestore -a -t CERT -n "+" -e 1h -p -V "$(cut -b13- $MY_KEY_ID.dns.cert)"
$ gnunet-namestore -D
private:
    PKEY: <snipped> (end of time) PUBLIC

+:
Aug 23 19:55:00-398976 gnunet-namestore-16647 ERROR Assertion failed at dnsparser.c:557.
Aborted

----

After patching dnsparser:-

$ gnunet-namestore -D
+:
    CERT: 53290 52993 0 AA=== (1 h) PUBLIC

<snipped>
Additional Informationmake-dns-cert.c was obtained from:-

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=tree;f=tools;hb=refs/heads/STABLE-BRANCH-2-0

and built with

gcc -o make-dns-cert make-dns-cert.c


This is the salient part of the debug log for the namestore add command, indicating that the record sent to the store was only 85 bytes:-

util-15925 DEBUG Scheduling transmission (0x1cf3ca0).
util-scheduler-15925 DEBUG Adding task 0x1cf0f90
util-scheduler-15925 DEBUG Running task: 0x1cf0f90
util-15925 DEBUG transmit_ready running (0x1cf3ca0).
util-15925 DEBUG process_notify is running
util-15925 DEBUG client_notify is running
util-15925 DEBUG calling GNUNET_CONNECTION_receive
util-scheduler-15925 DEBUG Adding task 0x1cf0d90
util-15925 DEBUG Transmitting message of type 437 and size 46 to namestore service.
util-15925 DEBUG Connection transmitted 46/46 bytes to `/tmp/gnunet-jah-runtime//gnunet-service-namestore.sock' (0x1cf3ca0)
util-scheduler-15925 DEBUG Running task: 0x1cf0d90
util-15925 DEBUG receive_ready read 50/65535 bytes from `/tmp/gnunet-jah-runtime//gnunet-service-namestore.sock' (0x1cf3ca0)!
util-scheduler-15925 DEBUG Adding task: 0x1cf0f90
util-scheduler-15925 DEBUG Running task: 0x1cf0f90
util-15925 DEBUG Received message of type 438 and size 50 from namestore service.
namestore-api-15925 DEBUG Received message type 438 size 50 op 0
namestore-api-15925 DEBUG Received `RECORD_LOOKUP_RESULT'
gnunet-namestore-15925 DEBUG Received 0 records for name `+'
namestore-api-15925 DEBUG Sending `NAMESTORE_RECORD_STORE' message for name `+' with size 85 and 1 records
util-15925 DEBUG Scheduling transmission (0x1cf3ca0).
util-scheduler-15925 DEBUG Adding task 0x1cf0d90
util-15925 DEBUG calling GNUNET_CONNECTION_receive
util-scheduler-15925 DEBUG Adding task 0x1cf0eb0
util-scheduler-15925 DEBUG Running task: 0x1cf0d90
util-15925 DEBUG transmit_ready running (0x1cf3ca0).
util-15925 DEBUG process_notify is running
util-15925 DEBUG client_notify is running
util-15925 DEBUG Transmitting message of type 435 and size 85 to namestore service.
util-15925 DEBUG Connection transmitted 85/85 bytes to `/tmp/gnunet-jah-runtime//gnunet-service-namestore.sock' (0x1cf3ca0)
util-scheduler-15925 DEBUG Running task: 0x1cf0eb0
util-15925 DEBUG receive_ready read 12/65535 bytes from `/tmp/gnunet-jah-runtime//gnunet-service-namestore.sock' (0x1cf3ca0)!
util-scheduler-15925 DEBUG Adding task: 0x1cf0d90
util-scheduler-15925 DEBUG Running task: 0x1cf0d90
util-15925 DEBUG Received message of type 436 and size 12 from namestore service.
namestore-api-15925 DEBUG Received message type 436 size 12 op 1
namestore-api-15925 DEBUG Received `RECORD_STORE_RESPONSE' with result 1
util-15925 DEBUG calling GNUNET_CONNECTION_receive
util-scheduler-15925 DEBUG Adding task 0x1cf0eb0
util-scheduler-15925 DEBUG Running task: 0x1d05800
util-scheduler-15925 DEBUG Adding task 0x1cf0d90
util-scheduler-15925 DEBUG Running task: 0x1d05540
util-scheduler-15925 DEBUG Canceling task 0x1cf0d90
util-15925 DEBUG Shutting down connection (0x1cf09f0)
namestore-api-15925 DEBUG Cleaning up
util-scheduler-15925 DEBUG Canceling task 0x1cf0eb0
util-15925 DEBUG Shutting down connection (0x1cf3ca0)
TagsNo tags attached.
Attached Files
dnsparser.c.patch (568 bytes)    
Index: src/dns/dnsparser.c
===================================================================
--- src/dns/dnsparser.c	(revision 36268)
+++ src/dns/dnsparser.c	(working copy)
@@ -548,7 +548,7 @@
     return NULL;
   }
   memcpy (&dcert, &udp_payload[*off], sizeof (struct GNUNET_TUN_DnsCertRecord));
-  (*off) += sizeof (sizeof (struct GNUNET_TUN_DnsCertRecord));
+  (*off) += sizeof (struct GNUNET_TUN_DnsCertRecord);
   cert = GNUNET_new (struct GNUNET_DNSPARSER_CertRecord);
   cert->cert_type = ntohs (dcert.cert_type);
   cert->cert_tag = ntohs (dcert.cert_tag);
dnsparser.c.patch (568 bytes)   

Activities

Christian Grothoff

2015-08-25 17:06

manager   ~0009583

Patch applied in SVN 36272. Will try to look into the issue itself later.

Christian Grothoff

2015-08-25 20:59

manager   ~0009586

Ok, the first issue is that you need to do "cut -b18-" instead of just "-b13" as the first text field that GnuPG outputs is the overall size of the buffer, and that's not what GNUnet expects to get. However, there is a second, possibly way bigger issue here, which is that the make-dns-cert output is in HEX, while RFC 4398 says it should be base64. GNUnet then tries to decode the HEX as base64, which kind-of succeeds (due to a bug in our code an error is not detected/reported), except that the last character gets mugged.

So I need to fix the base64 decoder to report the issue, and WK should check why make-dns-cert creates HEX while the standard says to use base64.

Christian Grothoff

2015-08-25 21:21

manager   ~0009588

I checked, our base64-decoder is simply written to be, eh, extremely tolerant of encoding issues (such as missing padding). That of course doesn't exactly help for malformed input...

Christian Grothoff

2015-08-26 22:57

manager   ~0009589

WK explains:


The RR stores the certifciate in binary (rfc4398, 2.1):

   The PGP type indicates an OpenPGP packet as described in [5] and its
   extensions and successors. This is used to transfer public key
   material and revocation signatures. The data is binary and MUST NOT
   be encoded into an ASCII armor. An implementation SHOULD process

We use HEX encoding because that is what the TYPExx syntax requiress.
Unfortunately there seems to be no documentation of this feature.

Christian Grothoff

2015-08-30 16:16

manager   ~0009591

Just a quick update, WK is considering adding a gpg option to export the CERT record in a format that GNUnet can consume easily...

Christian Grothoff

2016-09-22 20:16

manager   ~0011137

Update: we should probably simply add a generic HEX importer.

Christian Grothoff

2019-01-24 19:54

manager   ~0013461

Was already fixed in Git head, still thanks for reporting.

Issue History

Date Modified Username Field Change
2015-08-25 02:49 jah New Issue
2015-08-25 02:49 jah File Added: dnsparser.c.patch
2015-08-25 17:04 Christian Grothoff Assigned To => Christian Grothoff
2015-08-25 17:04 Christian Grothoff Status new => assigned
2015-08-25 17:04 Christian Grothoff Priority normal => high
2015-08-25 17:04 Christian Grothoff Target Version => 0.11.0pre66
2015-08-25 17:06 Christian Grothoff Note Added: 0009583
2015-08-25 20:59 Christian Grothoff Note Added: 0009586
2015-08-25 21:21 Christian Grothoff Note Added: 0009588
2015-08-26 22:57 Christian Grothoff Note Added: 0009589
2015-08-30 16:16 Christian Grothoff Note Added: 0009591
2015-09-09 19:40 Christian Grothoff Target Version 0.11.0pre66 => 0.11.0
2015-10-26 11:38 Christian Grothoff Priority high => normal
2016-09-22 20:15 Christian Grothoff Status assigned => resolved
2016-09-22 20:15 Christian Grothoff Fixed in Version => 0.11.0pre66
2016-09-22 20:15 Christian Grothoff Resolution open => fixed
2016-09-22 20:16 Christian Grothoff Note Added: 0011137
2016-09-22 20:16 Christian Grothoff Status resolved => assigned
2016-09-22 20:16 Christian Grothoff Target Version 0.11.0 => 0.11.0pre66
2016-09-22 20:17 Christian Grothoff Severity minor => feature
2016-09-22 20:17 Christian Grothoff Fixed in Version 0.11.0pre66 =>
2016-09-22 20:17 Christian Grothoff Target Version 0.11.0pre66 => 0.11.0
2016-09-22 20:17 Christian Grothoff Assigned To Christian Grothoff =>
2016-09-22 20:17 Christian Grothoff Status assigned => confirmed
2018-07-07 00:27 Christian Grothoff Target Version 0.11.0 =>
2019-01-24 14:15 Christian Grothoff Target Version => 0.11.0
2019-01-24 14:16 Christian Grothoff Assigned To => Christian Grothoff
2019-01-24 14:16 Christian Grothoff Status confirmed => assigned
2019-01-24 19:54 Christian Grothoff Status assigned => resolved
2019-01-24 19:54 Christian Grothoff Fixed in Version => 0.11.0
2019-01-24 19:54 Christian Grothoff Note Added: 0013461
2019-02-28 11:17 Christian Grothoff Status resolved => closed