signing with SHA256, have a temp fallback on verification
This commit is contained in:
Ilyaaaaaaaaaaaaa Zhitomirskiy
Ilya Zhitomirskiy
parent
e2e6e7ea5b
commit
4cdfe8431b
2 changed files with 46 additions and 2 deletions
|
|
@ -1,5 +1,7 @@
|
|||
module Diaspora
|
||||
module Encryptable
|
||||
|
||||
LAST_FALLBACK_TIME = "Sept 15 2011 17:00 UTC "
|
||||
# Check that signature is a correct signature of #signable_string by person
|
||||
#
|
||||
# @param [String] signature The signature to be verified.
|
||||
|
|
@ -17,7 +19,11 @@ module Diaspora
|
|||
return false
|
||||
end
|
||||
log_string = "event=verify_signature status=complete guid=#{self.guid}"
|
||||
validity = person.public_key.verify "SHA", Base64.decode64(signature), signable_string
|
||||
validity = person.public_key.verify OpenSSL::Digest::SHA256.new, Base64.decode64(signature), signable_string
|
||||
if !validity && Time.now < Time.parse(LAST_FALLBACK_TIME)
|
||||
validity = person.public_key.verify "SHA", Base64.decode64(signature), signable_string
|
||||
end
|
||||
#validity = person.public_key.verify "SHA", Base64.decode64(signature), signable_string
|
||||
log_string += " validity=#{validity}"
|
||||
Rails.logger.info(log_string)
|
||||
validity
|
||||
|
|
@ -26,7 +32,7 @@ module Diaspora
|
|||
# @param [OpenSSL::PKey::RSA] key An RSA key
|
||||
# @return [String] A Base64 encoded signature of #signable_string with key
|
||||
def sign_with_key(key)
|
||||
sig = Base64.encode64s(key.sign "SHA", signable_string)
|
||||
sig = Base64.encode64s(key.sign( OpenSSL::Digest::SHA256.new, signable_string ))
|
||||
log_hash = {:event => :sign_with_key, :status => :complete}
|
||||
log_hash.merge(:model_id => self.id) if self.respond_to?(:persisted?)
|
||||
Rails.logger.info(log_hash)
|
||||
|
|
|
|||
38
spec/lib/diaspora/encryptable_spec.rb
Normal file
38
spec/lib/diaspora/encryptable_spec.rb
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
# Copyright (c) 2010, Diaspora Inc. This file is
|
||||
# licensed under the Affero General Public License version 3 or later. See
|
||||
# the COPYRIGHT file.
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
describe Diaspora::Encryptable do
|
||||
before do
|
||||
@comment = Factory(:comment, :author => bob.person)
|
||||
end
|
||||
describe '#sign_with_key' do
|
||||
it 'signs the object with RSA256 signature' do
|
||||
sig = @comment.sign_with_key bob.encryption_key
|
||||
bob.public_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(sig), @comment.signable_string).should be_true
|
||||
end
|
||||
end
|
||||
|
||||
describe '#verify_signature' do
|
||||
it 'verifies SHA256 signatures' do
|
||||
sig = @comment.sign_with_key bob.encryption_key
|
||||
@comment.verify_signature(sig, bob.person).should be_true
|
||||
end
|
||||
|
||||
context "fallback" do
|
||||
it "checks the SHA if it's within the week of the rollout window" do
|
||||
sig = Base64.encode64s(bob.encryption_key.sign( "SHA", @comment.signable_string ))
|
||||
@comment.verify_signature(sig, bob.person).should be_true
|
||||
end
|
||||
|
||||
it 'does not verify the fallback after rollout window' do
|
||||
Kernel::silence_warnings { Diaspora::Encryptable.const_set(:LAST_FALLBACK_TIME,((Time.now - 1.week).to_s))}
|
||||
|
||||
sig = Base64.encode64s(bob.encryption_key.sign( "SHA", @comment.signable_string ))
|
||||
@comment.verify_signature(sig, bob.person).should be_false
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
Loading…
Reference in a new issue