Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-12-27 16:39:29 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed warning about old fingerprint for own keys.

Browse Source
This commit is contained in:
csoler 2016-06-17 20:46:24 -04:00
parent c25b65074a
commit 886d896151
1 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
libretroshare/src/gxs/gxssecurity.cc
View File

@ -39,6 +39,20 @@ static const uint32_t MULTI_ENCRYPTION_FORMAT_v001_HEADER_SIZE = 2 ;
static const uint32_t MULTI_ENCRYPTION_FORMAT_v001_NUMBER_OF_KEYS_SIZE = 2 ; static const uint32_t MULTI_ENCRYPTION_FORMAT_v001_NUMBER_OF_KEYS_SIZE = 2 ;
static const uint32_t MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE = 256 ; static const uint32_t MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE = 256 ;
static RsGxsId getRsaKeyFingerprint_old_insecure_method(RSA *pubkey)
{
int lenn = BN_num_bytes(pubkey -> n);
RsTemporaryMemory tmp(lenn) ;
BN_bn2bin(pubkey -> n, tmp);
// Copy first CERTSIGNLEN bytes from the hash of the public modulus and exponent
// We should not be using strings here, but a real ID. To be done later.
assert(lenn >= CERTSIGNLEN) ;
return RsGxsId((unsigned char*)tmp) ;
}
static RsGxsId getRsaKeyFingerprint(RSA *pubkey) static RsGxsId getRsaKeyFingerprint(RSA *pubkey)
{ {
int lenn = BN_num_bytes(pubkey -> n); int lenn = BN_num_bytes(pubkey -> n);
@ -135,14 +149,23 @@ bool GxsSecurity::checkPrivateKey(const RsTlvPrivateRSAKey& key)
return false ; return false ;
} }
RsGxsId recomputed_key_id = getRsaKeyFingerprint(rsa_pub) ; RsGxsId recomputed_key_id = getRsaKeyFingerprint(rsa_pub) ;
RSA_free(rsa_pub) ;
if(recomputed_key_id != key.keyId) if(recomputed_key_id != key.keyId)
{ {
std::cerr << "(WW) GxsSecurity::checkPrivateKey(): key " << key.keyId << " has wrong fingerprint " << recomputed_key_id << "! This is unexpected." << std::endl; std::cerr << "(WW) GxsSecurity::checkPrivateKey(): key " << key.keyId << " has wrong fingerprint " << recomputed_key_id << std::endl;
if(key.keyId == getRsaKeyFingerprint_old_insecure_method(rsa_pub))
{
std::cerr << "(WW) fingerprint was derived using old---insecure---format. It can be faked easily. You should get rid of it!" << std::endl;
RSA_free(rsa_pub) ;
return true ;
}
RSA_free(rsa_pub) ;
return false ; return false ;
} }
RSA_free(rsa_pub) ;
return true ; return true ;
} }
bool GxsSecurity::checkPublicKey(const RsTlvPublicRSAKey &key) bool GxsSecurity::checkPublicKey(const RsTlvPublicRSAKey &key)
@ -177,14 +200,25 @@ bool GxsSecurity::checkPublicKey(const RsTlvPublicRSAKey &key)
return false ; return false ;
} }
RsGxsId recomputed_key_id = getRsaKeyFingerprint(rsa_pub) ; RsGxsId recomputed_key_id = getRsaKeyFingerprint(rsa_pub) ;
RSA_free(rsa_pub) ;
if(recomputed_key_id != key.keyId) if(recomputed_key_id != key.keyId)
{ {
std::cerr << "(WW) GxsSecurity::checkPublicKey(): key " << key.keyId << " has wrong fingerprint " << recomputed_key_id << "! This is unexpected." << std::endl; if(key.keyId == getRsaKeyFingerprint_old_insecure_method(rsa_pub))
{
#ifdef GXS_SECURITY_DEBUG
std::cerr << "(WW) fingerprint was derived using old---insecure---format. It can be faked easily." << std::endl;
#endif
RSA_free(rsa_pub) ;
return true ;
}
else
std::cerr << "(WW) GxsSecurity::checkPublicKey(): key " << key.keyId << " has wrong fingerprint " << recomputed_key_id << "! Key will be discarded." << std::endl;
RSA_free(rsa_pub) ;
return false ; return false ;
} }
RSA_free(rsa_pub) ;
return true ; return true ;
} }