mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-07-24 15:05:35 -04:00
disable limit of forward time checking for validating signatures
This commit is contained in:
parent
6617946fbd
commit
7db8400233
1 changed files with 28 additions and 9 deletions
|
@ -417,13 +417,24 @@ bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& s
|
||||||
// /********************* check signature *******************/
|
// /********************* check signature *******************/
|
||||||
|
|
||||||
/* check signature timeperiod */
|
/* check signature timeperiod */
|
||||||
if ((msgMeta.mPublishTs < key.startTS) || (key.endTS != 0 && msgMeta.mPublishTs > key.endTS))
|
if(msgMeta.mPublishTs < key.startTS)
|
||||||
{
|
{
|
||||||
RsWarn() << __PRETTY_FUNCTION__ << " GxsSecurity::validateNxsMsg() TS out of range for key " << msgMeta.mAuthorId
|
RsWarn() << __PRETTY_FUNCTION__ << " GxsSecurity::validateNxsMsg() TS out of range for key " << msgMeta.mAuthorId
|
||||||
<< " usage is limited to TS=[" << key.startTS << "," << key.endTS << "] and msg publish time is " << msgMeta.mPublishTs << std::endl;
|
<< " The signed message has an inconsistent msg publish time of " << msgMeta.mPublishTs
|
||||||
|
<< " whereas the signing key was created later at TS " << key.startTS
|
||||||
|
<< ". Validation rejected for security. If you see this, something irregular is going on." << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(key.endTS != 0 && msgMeta.mPublishTs > key.endTS)
|
||||||
|
{
|
||||||
|
RsWarn() << __PRETTY_FUNCTION__ << " GxsSecurity::validateNxsMsg() TS out of range for key " << msgMeta.mAuthorId
|
||||||
|
<< " usage is limited to TS=[" << key.startTS << "," << key.endTS << "] and msg publish time is " << msgMeta.mPublishTs
|
||||||
|
<< " The validation still passes, but that key should be renewed." << std::endl;
|
||||||
|
|
||||||
|
// no return here. We still proceed checking the signature.
|
||||||
|
}
|
||||||
|
|
||||||
/* decode key */
|
/* decode key */
|
||||||
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
||||||
long keylen = key.keyData.bin_len;
|
long keylen = key.keyData.bin_len;
|
||||||
|
@ -1053,14 +1064,22 @@ bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& s
|
||||||
/********************* check signature *******************/
|
/********************* check signature *******************/
|
||||||
|
|
||||||
/* check signature timeperiod */
|
/* check signature timeperiod */
|
||||||
if ((grpMeta.mPublishTs < key.startTS) || (key.endTS != 0 && grpMeta.mPublishTs > key.endTS))
|
if (grpMeta.mPublishTs < key.startTS)
|
||||||
{
|
{
|
||||||
#ifdef GXS_SECURITY_DEBUG
|
RsWarn() << __PRETTY_FUNCTION__ << " GxsSecurity::validateNxsGrp() TS out of range for admin/publish key of group " << grpMeta.mGroupId
|
||||||
std::cerr << " GxsSecurity::validateNxsMsg() TS out of range";
|
<< " The signed group has an inconsistent creation/modification time of " << grpMeta.mPublishTs
|
||||||
std::cerr << std::endl;
|
<< " whereas the key was created later at TS " << key.startTS
|
||||||
#endif
|
<< ". Validation rejected for security. If you see this, something irregular is going on." << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
if (key.endTS != 0 && grpMeta.mPublishTs > key.endTS)
|
||||||
|
{
|
||||||
|
RsWarn() << __PRETTY_FUNCTION__ << " GxsSecurity::validateNxsMsg() TS out of range for admin/publish key for group " << grpMeta.mGroupId
|
||||||
|
<< " usage is limited to TS=[" << key.startTS << "," << key.endTS << "] and msg publish time is " << grpMeta.mPublishTs
|
||||||
|
<< " The validation still passes, but that key should be renewed." << std::endl;
|
||||||
|
|
||||||
|
// no return. Still proceed checking signature.
|
||||||
|
}
|
||||||
|
|
||||||
/* decode key */
|
/* decode key */
|
||||||
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue