Commit 766ad6c8 authored by Julien Muchembled's avatar Julien Muchembled

Increase strength of hashes used for certificate signing

This does not increase of any packet because the size of certificate signature
only depends on the size of the certificate key.

With 512-bit hashes, it's still possible to use RSA keys as small as 768 bits.
parent 40d4e496
...@@ -172,7 +172,7 @@ if 1: ...@@ -172,7 +172,7 @@ if 1:
" -set_serial 0x120010db80042 -days %u" % CA_DAYS, shell=True) " -set_serial 0x120010db80042 -days %u" % CA_DAYS, shell=True)
with open('ca.crt') as f: with open('ca.crt') as f:
ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read()) ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
fingerprint = "sha1:" + hashlib.sha1( fingerprint = "sha256:" + hashlib.sha256(
crypto.dump_certificate(crypto.FILETYPE_ASN1, ca)).hexdigest() crypto.dump_certificate(crypto.FILETYPE_ASN1, ca)).hexdigest()
db_path = 'registry/registry.db' db_path = 'registry/registry.db'
registry.screen('./py re6st-registry @registry/re6st-registry.conf' registry.screen('./py re6st-registry @registry/re6st-registry.conf'
......
...@@ -132,7 +132,7 @@ def main(): ...@@ -132,7 +132,7 @@ def main():
create(key_path, key, 0600) create(key_path, key, 0600)
req.set_pubkey(pkey) req.set_pubkey(pkey)
req.sign(pkey, 'sha1') req.sign(pkey, 'sha512')
req = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req) req = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
# First make sure we can open certificate file for writing, # First make sure we can open certificate file for writing,
......
...@@ -404,7 +404,7 @@ class RegistryServer(object): ...@@ -404,7 +404,7 @@ class RegistryServer(object):
serial = 1 + self.getConfig('serial', 0) serial = 1 + self.getConfig('serial', 0)
self.setConfig('serial', serial) self.setConfig('serial', serial)
cert.set_serial_number(serial) cert.set_serial_number(serial)
cert.sign(self.cert.key, 'sha1') cert.sign(self.cert.key, 'sha512')
cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
self.db.execute("UPDATE cert SET cert = ? WHERE prefix = ?", self.db.execute("UPDATE cert SET cert = ? WHERE prefix = ?",
(cert, client_prefix)) (cert, client_prefix))
......
...@@ -138,10 +138,10 @@ class Cert(object): ...@@ -138,10 +138,10 @@ class Cert(object):
return r return r
def verify(self, sign, data): def verify(self, sign, data):
crypto.verify(self.ca, sign, data, 'sha1') crypto.verify(self.ca, sign, data, 'sha512')
def sign(self, data): def sign(self, data):
return crypto.sign(self.key, data, 'sha1') return crypto.sign(self.key, data, 'sha512')
def decrypt(self, data): def decrypt(self, data):
p = openssl('rsautl', '-decrypt', '-inkey', self.key_path) p = openssl('rsautl', '-decrypt', '-inkey', self.key_path)
...@@ -179,6 +179,11 @@ class Peer(object): ...@@ -179,6 +179,11 @@ class Peer(object):
- hello0 packets (0 & 1) are subject to DoS, because verifying a - hello0 packets (0 & 1) are subject to DoS, because verifying a
certificate uses much CPU. A solution would be to use TCP until the certificate uses much CPU. A solution would be to use TCP until the
secret is exchanged and continue with UDP. secret is exchanged and continue with UDP.
The fingerprint is only used to quickly know if peer's certificate has
changed. It must be short enough to not exceed packet size when using
certificates with 4096-bit keys. A weak algorithm is ok as long as there
is no accidental collision. So SHA-1 looks fine.
""" """
_hello = _last = 0 _hello = _last = 0
_key = newHmacSecret() _key = newHmacSecret()
...@@ -233,7 +238,7 @@ class Peer(object): ...@@ -233,7 +238,7 @@ class Peer(object):
self._last = None self._last = None
def verify(self, sign, data): def verify(self, sign, data):
crypto.verify(self.cert, sign, data, 'sha1') crypto.verify(self.cert, sign, data, 'sha512')
seqno_struct = struct.Struct("!L") seqno_struct = struct.Struct("!L")
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment