mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-29 09:26:18 -05:00
fixed bug caused by old GXS keys in distant chat. Added a security warning for these keys to be deleted.
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7684 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
e007151197
commit
756b9acf41
@ -125,14 +125,11 @@ bool DistantChatService::handleTunnelRequest(const RsFileHash& hash,const RsPeer
|
||||
std::list<RsGxsId> own_id_list ;
|
||||
rsIdentity->getOwnIds(own_id_list) ;
|
||||
|
||||
#ifdef DEBUG_DISTANT_CHAT
|
||||
std::cerr << "DistantChatService::handleTunnelRequest: received tunnel request for hash " << hash << std::endl;
|
||||
#endif
|
||||
|
||||
for(std::list<RsGxsId>::const_iterator it(own_id_list.begin());it!=own_id_list.end();++it)
|
||||
if(hashFromGxsId(*it) == hash)
|
||||
{
|
||||
#ifdef DEBUG_DISTANT_CHAT
|
||||
std::cerr << "DistantChatService::handleTunnelRequest: received tunnel request for hash " << hash << std::endl;
|
||||
std::cerr << " answering true!" << std::endl;
|
||||
#endif
|
||||
return true ;
|
||||
@ -555,8 +552,8 @@ bool DistantChatService::locked_sendDHPublicKey(const DistantChatPeerInfo& pinfo
|
||||
RsTlvSecurityKey signature_key ;
|
||||
RsTlvSecurityKey signature_key_public ;
|
||||
|
||||
#ifdef DEBUG_DISTANT_MSG
|
||||
std::cerr << " Getting key material for signature with GXS id " << pingo.own_gxs_id << std::endl;
|
||||
#ifdef DEBUG_DISTANT_CHAT
|
||||
std::cerr << " Getting key material for signature with GXS id " << pinfo.own_gxs_id << std::endl;
|
||||
#endif
|
||||
// The following code is only here to force caching the keys.
|
||||
//
|
||||
@ -583,7 +580,7 @@ bool DistantChatService::locked_sendDHPublicKey(const DistantChatPeerInfo& pinfo
|
||||
|
||||
assert(!(signature_key_public.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
|
||||
|
||||
#ifdef DEBUG_DISTANT_MSG
|
||||
#ifdef DEBUG_DISTANT_CHAT
|
||||
std::cerr << " Signing..." << std::endl;
|
||||
#endif
|
||||
uint32_t size = BN_num_bytes(dhitem->public_key) ;
|
||||
@ -602,8 +599,10 @@ bool DistantChatService::locked_sendDHPublicKey(const DistantChatPeerInfo& pinfo
|
||||
dhitem->gxs_key = signature_key_public ;
|
||||
dhitem->PeerId(pinfo.virtual_peer_id) ;
|
||||
|
||||
#ifdef DEBUG_DISTANT_MSG
|
||||
#ifdef DEBUG_DISTANT_CHAT
|
||||
std::cerr << " Pushing DH session key item to pending distant messages..." << std::endl;
|
||||
dhitem->print(std::cerr, 2) ;
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
pendingDistantChatItems.push_back(dhitem) ;
|
||||
|
||||
|
@ -149,6 +149,21 @@ bool GxsSecurity::extractPublicKey(const RsTlvSecurityKey& private_key,RsTlvSecu
|
||||
public_key.startTS = private_key.startTS ;
|
||||
public_key.endTS = public_key.startTS + 60 * 60 * 24 * 365 * 5; /* approx 5 years */
|
||||
|
||||
// This code fixes a problem of old RSA keys where the fingerprint wasn't computed using SHA1(n,e) but
|
||||
// using the first bytes of n (ouuuuch!). Still, these keys are valid and should produce a correct
|
||||
// fingerprint. So we replace the public key fingerprint (that is normally recomputed) with the FP of
|
||||
// the private key.
|
||||
|
||||
if(public_key.keyId != private_key.keyId)
|
||||
{
|
||||
std::cerr << std::endl;
|
||||
std::cerr << "WARNING: GXS ID key pair " << private_key.keyId << " has inconsistent fingerprint. This is an old key " << std::endl;
|
||||
std::cerr << " that is unsecured (can be faked easily) should not be used anymore. Please delete it." << std::endl;
|
||||
std::cerr << std::endl;
|
||||
|
||||
public_key.keyId = private_key.keyId ;
|
||||
}
|
||||
|
||||
return true ;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user