Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed security hole in generation of key fingerprints. Fingerprint of previously existing GXS ids can be faked. The change is backward compatible.

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7368 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2014-05-15 21:00:44 +00:00
parent bc56c8e0f1
commit 1bf3e2967f
1 changed files with 15 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
libretroshare/src/gxs/gxssecurity.cc
View File

@ -26,6 +26,7 @@
#include "gxssecurity.h" #include "gxssecurity.h"
#include "pqi/authgpg.h" #include "pqi/authgpg.h"
#include "util/rsdir.h"
//#include "retroshare/rspeers.h" //#include "retroshare/rspeers.h"
/**** /****
@ -388,23 +389,22 @@ bool GxsSecurity::decrypt(void *& out, int & outlen, const void *in, int inlen,
std::string GxsSecurity::getRsaKeySign(RSA *pubkey) std::string GxsSecurity::getRsaKeySign(RSA *pubkey)
{ {
int len = BN_num_bytes(pubkey -> n); int lenn = BN_num_bytes(pubkey -> n);
unsigned char tmp[len]; int lene = BN_num_bytes(pubkey -> e);
unsigned char *tmp = new unsigned char[lenn+lene];
BN_bn2bin(pubkey -> n, tmp); BN_bn2bin(pubkey -> n, tmp);
BN_bn2bin(pubkey -> e, &tmp[lenn]);
// copy first CERTSIGNLEN bytes... Sha1CheckSum s = RsDirUtil::sha1sum(tmp,lenn+lene) ;
if (len > CERTSIGNLEN)
{
len = CERTSIGNLEN;
}
std::string id; // Copy first CERTSIGNLEN bytes from the hash of the public modulus and exponent
for(uint32_t i = 0; i < CERTSIGNLEN; i++) // We should not be using strings here, but a real ID. To be done later.
{
rs_sprintf_append(id, "%02x", (uint16_t) (((uint8_t *) (tmp))[i]));
}
return id; assert(Sha1CheckSum::SIZE_IN_BYTES >= CERTSIGNLEN) ;
return s.toStdString().substr(0,2*CERTSIGNLEN);
} }
@ -517,8 +517,7 @@ void GxsSecurity::setRSAPublicKey(RsTlvSecurityKey & key, RSA *rsa_pub)
key.keyData.setBinData(data, reqspace); key.keyData.setBinData(data, reqspace);
std::string keyId = getRsaKeySign(rsa_pub); key.keyId = getRsaKeySign(rsa_pub);
key.keyId = keyId;
} }
@ -531,8 +530,7 @@ void GxsSecurity::setRSAPrivateKey(RsTlvSecurityKey & key, RSA *rsa_priv)
key.keyData.setBinData(data, reqspace); key.keyData.setBinData(data, reqspace);
std::string keyId = getRsaKeySign(rsa_priv); key.keyId = getRsaKeySign(rsa_priv);
key.keyId = keyId;
} }
RSA *GxsSecurity::extractPrivateKey(const RsTlvSecurityKey & key) RSA *GxsSecurity::extractPrivateKey(const RsTlvSecurityKey & key)