nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

signing with SHA256, have a temp fallback on verification

Browse source
This commit is contained in:
Ilyaaaaaaaaaaaaa Zhitomirskiy 2011-09-08 13:48:58 -07:00 committed by Ilya Zhitomirskiy
parent e2e6e7ea5b
commit 4cdfe8431b
2 changed files with 46 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/diaspora/encryptable.rb
View file

@ -1,5 +1,7 @@
module Diaspora module Diaspora
module Encryptable module Encryptable
LAST_FALLBACK_TIME = "Sept 15 2011 17:00 UTC "
# Check that signature is a correct signature of #signable_string by person # Check that signature is a correct signature of #signable_string by person
# #
# @param [String] signature The signature to be verified. # @param [String] signature The signature to be verified.
@ -17,7 +19,11 @@ module Diaspora
return false return false
end end
log_string = "event=verify_signature status=complete guid=#{self.guid}" log_string = "event=verify_signature status=complete guid=#{self.guid}"
validity = person.public_key.verify OpenSSL::Digest::SHA256.new, Base64.decode64(signature), signable_string
if !validity && Time.now < Time.parse(LAST_FALLBACK_TIME)
validity = person.public_key.verify "SHA", Base64.decode64(signature), signable_string validity = person.public_key.verify "SHA", Base64.decode64(signature), signable_string
end
#validity = person.public_key.verify "SHA", Base64.decode64(signature), signable_string
log_string += " validity=#{validity}" log_string += " validity=#{validity}"
Rails.logger.info(log_string) Rails.logger.info(log_string)
validity validity
@ -26,7 +32,7 @@ module Diaspora
# @param [OpenSSL::PKey::RSA] key An RSA key # @param [OpenSSL::PKey::RSA] key An RSA key
# @return [String] A Base64 encoded signature of #signable_string with key # @return [String] A Base64 encoded signature of #signable_string with key
def sign_with_key(key) def sign_with_key(key)
sig = Base64.encode64s(key.sign "SHA", signable_string) sig = Base64.encode64s(key.sign( OpenSSL::Digest::SHA256.new, signable_string ))
log_hash = {:event => :sign_with_key, :status => :complete} log_hash = {:event => :sign_with_key, :status => :complete}
log_hash.merge(:model_id => self.id) if self.respond_to?(:persisted?) log_hash.merge(:model_id => self.id) if self.respond_to?(:persisted?)
Rails.logger.info(log_hash) Rails.logger.info(log_hash)

38
spec/lib/diaspora/encryptable_spec.rb Normal file
View file

@ -0,0 +1,38 @@
# Copyright (c) 2010, Diaspora Inc. This file is
# licensed under the Affero General Public License version 3 or later. See
# the COPYRIGHT file.
require 'spec_helper'
describe Diaspora::Encryptable do
before do
@comment = Factory(:comment, :author => bob.person)
end
describe '#sign_with_key' do
it 'signs the object with RSA256 signature' do
sig = @comment.sign_with_key bob.encryption_key
bob.public_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(sig), @comment.signable_string).should be_true
end
end
describe '#verify_signature' do
it 'verifies SHA256 signatures' do
sig = @comment.sign_with_key bob.encryption_key
@comment.verify_signature(sig, bob.person).should be_true
end
context "fallback" do
it "checks the SHA if it's within the week of the rollout window" do
sig = Base64.encode64s(bob.encryption_key.sign( "SHA", @comment.signable_string ))
@comment.verify_signature(sig, bob.person).should be_true
end
it 'does not verify the fallback after rollout window' do
Kernel::silence_warnings { Diaspora::Encryptable.const_set(:LAST_FALLBACK_TIME,((Time.now - 1.week).to_s))}
sig = Base64.encode64s(bob.encryption_key.sign( "SHA", @comment.signable_string ))
@comment.verify_signature(sig, bob.person).should be_false
end
end
end
end