mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-01-13 08:29:32 -05:00
added additional key checking for IDs received during distant chat DH handshake
This commit is contained in:
parent
0873c0dfa2
commit
bdad800509
@ -567,22 +567,27 @@ void DistantChatService::handleRecvDHPublicKey(RsChatDHPublicKeyItem *item)
|
|||||||
|
|
||||||
if(signature_key.keyData.bin_data == NULL)
|
if(signature_key.keyData.bin_data == NULL)
|
||||||
{
|
{
|
||||||
std::cerr << " (EE) Key unknown for checking signature from " << senders_id << ", can't verify signature." << std::endl;
|
std::cerr << " (EE) Key unknown for checking signature from " << senders_id << ", can't verify signature. Using key provided in DH packet (without adding to the keyring)." << std::endl;
|
||||||
std::cerr << " Using key provided in DH packet." << std::endl;
|
|
||||||
|
|
||||||
signature_key = item->gxs_key ;
|
// check GXS key for defects.
|
||||||
|
|
||||||
#warning At this point, we should check that the key Ids match!!
|
if(!GxsSecurity::checkPublicKey(item->gxs_key))
|
||||||
}
|
{
|
||||||
else if(signature_key.keyId != item->gxs_key.keyId)
|
std::cerr << "(SS) Security error in distant chat DH handshake: supplied key " << item->gxs_key.keyId << " is inconsistent. Refusing chat!" << std::endl;
|
||||||
{
|
return ;
|
||||||
std::cerr << "(EE) DH session key is signed by an ID that is not the ID of the key provided inthe packet. Refusing distant chat with this peer." << std::endl;
|
}
|
||||||
return;
|
if(item->gxs_key.keyId != item->signature.keyId)
|
||||||
|
{
|
||||||
|
std::cerr << "(SS) Security error in distant chat DH handshake: supplied key " << item->gxs_key.keyId << " is not the same than the item's signature key " << item->signature.keyId << ". Refusing chat!" << std::endl;
|
||||||
|
return ;
|
||||||
|
}
|
||||||
|
|
||||||
|
signature_key = item->gxs_key ;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!GxsSecurity::validateSignature((char*)data,pubkey_size,signature_key,item->signature))
|
if(!GxsSecurity::validateSignature((char*)data,pubkey_size,signature_key,item->signature))
|
||||||
{
|
{
|
||||||
std::cerr << " (EE) Signature was verified and it doesn't check! This is a security issue!" << std::endl;
|
std::cerr << "(SS) Signature was verified and it doesn't check! This is a security issue!" << std::endl;
|
||||||
return ;
|
return ;
|
||||||
}
|
}
|
||||||
mGixs->timeStampKey(item->signature.keyId) ;
|
mGixs->timeStampKey(item->signature.keyId) ;
|
||||||
|
Loading…
Reference in New Issue
Block a user