Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed bug caused by old GXS keys in distant chat. Added a security warning for these keys to be deleted.

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7684 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2014-11-15 20:54:42 +00:00
parent e007151197
commit 756b9acf41
2 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libretroshare/src/chat/distantchat.cc
View File

@ -125,14 +125,11 @@ bool DistantChatService::handleTunnelRequest(const RsFileHash& hash,const RsPeer
std::list<RsGxsId> own_id_list ;
rsIdentity->getOwnIds(own_id_list) ;
#ifdef DEBUG_DISTANT_CHAT
std::cerr << "DistantChatService::handleTunnelRequest: received tunnel request for hash " << hash << std::endl;
#endif
for(std::list<RsGxsId>::const_iterator it(own_id_list.begin());it!=own_id_list.end();++it)
if(hashFromGxsId(*it) == hash)
{
#ifdef DEBUG_DISTANT_CHAT
std::cerr << "DistantChatService::handleTunnelRequest: received tunnel request for hash " << hash << std::endl;
std::cerr << " answering true!" << std::endl;
#endif
return true ;
@ -555,8 +552,8 @@ bool DistantChatService::locked_sendDHPublicKey(const DistantChatPeerInfo& pinfo
RsTlvSecurityKey signature_key ;
RsTlvSecurityKey signature_key_public ;
#ifdef DEBUG_DISTANT_MSG
std::cerr << " Getting key material for signature with GXS id " << pingo.own_gxs_id << std::endl;
#ifdef DEBUG_DISTANT_CHAT
std::cerr << " Getting key material for signature with GXS id " << pinfo.own_gxs_id << std::endl;
#endif
// The following code is only here to force caching the keys.
//
@ -583,7 +580,7 @@ bool DistantChatService::locked_sendDHPublicKey(const DistantChatPeerInfo& pinfo
assert(!(signature_key_public.keyFlags & RSTLV_KEY_TYPE_FULL)) ;
#ifdef DEBUG_DISTANT_MSG
#ifdef DEBUG_DISTANT_CHAT
std::cerr << " Signing..." << std::endl;
#endif
uint32_t size = BN_num_bytes(dhitem->public_key) ;
@ -602,8 +599,10 @@ bool DistantChatService::locked_sendDHPublicKey(const DistantChatPeerInfo& pinfo
dhitem->gxs_key = signature_key_public ;
dhitem->PeerId(pinfo.virtual_peer_id) ;
#ifdef DEBUG_DISTANT_MSG
#ifdef DEBUG_DISTANT_CHAT
std::cerr << " Pushing DH session key item to pending distant messages..." << std::endl;
dhitem->print(std::cerr, 2) ;
std::cerr << std::endl;
#endif
pendingDistantChatItems.push_back(dhitem) ;

15
libretroshare/src/gxs/gxssecurity.cc
View File

@ -149,6 +149,21 @@ bool GxsSecurity::extractPublicKey(const RsTlvSecurityKey& private_key,RsTlvSecu
public_key.startTS = private_key.startTS ;
public_key.endTS = public_key.startTS + 60 * 60 * 24 * 365 * 5; /* approx 5 years */
// This code fixes a problem of old RSA keys where the fingerprint wasn't computed using SHA1(n,e) but
// using the first bytes of n (ouuuuch!). Still, these keys are valid and should produce a correct
// fingerprint. So we replace the public key fingerprint (that is normally recomputed) with the FP of
// the private key.
if(public_key.keyId != private_key.keyId)
{
std::cerr << std::endl;
std::cerr << "WARNING: GXS ID key pair " << private_key.keyId << " has inconsistent fingerprint. This is an old key " << std::endl;
std::cerr << " that is unsecured (can be faked easily) should not be used anymore. Please delete it." << std::endl;
std::cerr << std::endl;
public_key.keyId = private_key.keyId ;
}
return true ;
}