Increase strength of hashes used for certificate signing

This does not increase of any packet because the size of certificate signature only depends on the size of the certificate key. With 512-bit hashes, it's still possible to use RSA keys as small as 768 bits.

Increase strength of hashes used for certificate signing
This does not increase of any packet because the size of certificate signature only depends on the size of the certificate key. With 512-bit hashes, it's still possible to use RSA keys as small as 768 bits.
766ad6c8 · Julien Muchembled · 40d4e496 · 766ad6c8 · 766ad6c8 · 766ad6c8
Commit 766ad6c8 authored Apr 09, 2015 by Julien Muchembled
Show whitespace changes
Inline Side-by-side

Showing with 11 additions and 6 deletions

demo/demo demo/demo +1 -1

re6st-conf re6st-conf +1 -1

re6st/registry.py re6st/registry.py +1 -1

re6st/x509.py re6st/x509.py +8 -3

No files found.
--- a/demo/demo
+++ b/demo/demo
@@ -172,7 +172,7 @@ if 1:
        " -set_serial 0x120010db80042 -days %u" % CA_DAYS, shell=True)
    with open('ca.crt') as f:
        ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
-    fingerprint = "sha1:" + hashlib.sha1(
+    fingerprint = "sha256:" + hashlib.sha256(
        crypto.dump_certificate(crypto.FILETYPE_ASN1, ca)).hexdigest()
    db_path = 'registry/registry.db'
    registry.screen('./py re6st-registry @registry/re6st-registry.conf'

--- a/re6st-conf
+++ b/re6st-conf
@@ -132,7 +132,7 @@ def main():
            create(key_path, key, 0600)

        req.set_pubkey(pkey)
-        req.sign(pkey, 'sha1')
+        req.sign(pkey, 'sha512')
        req = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)

        # First make sure we can open certificate file for writing,

--- a/re6st/registry.py
+++ b/re6st/registry.py
@@ -404,7 +404,7 @@ class RegistryServer(object):
        serial = 1 + self.getConfig('serial', 0)
        self.setConfig('serial', serial)
        cert.set_serial_number(serial)
-        cert.sign(self.cert.key, 'sha1')
+        cert.sign(self.cert.key, 'sha512')
        cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
        self.db.execute("UPDATE cert SET cert = ? WHERE prefix = ?",
                        (cert, client_prefix))

--- a/re6st/x509.py
+++ b/re6st/x509.py
@@ -138,10 +138,10 @@ class Cert(object):
        return r

    def verify(self, sign, data):
-        crypto.verify(self.ca, sign, data, 'sha1')
+        crypto.verify(self.ca, sign, data, 'sha512')

    def sign(self, data):
-        return crypto.sign(self.key, data, 'sha1')
+        return crypto.sign(self.key, data, 'sha512')

    def decrypt(self, data):
        p = openssl('rsautl', '-decrypt', '-inkey', self.key_path)
@@ -179,6 +179,11 @@ class Peer(object):
    - hello0 packets (0 & 1) are subject to DoS, because verifying a
      certificate uses much CPU. A solution would be to use TCP until the
      secret is exchanged and continue with UDP.
+
+    The fingerprint is only used to quickly know if peer's certificate has
+    changed. It must be short enough to not exceed packet size when using
+    certificates with 4096-bit keys. A weak algorithm is ok as long as there
+    is no accidental collision. So SHA-1 looks fine.
    """
    _hello = _last = 0
    _key = newHmacSecret()
@@ -233,7 +238,7 @@ class Peer(object):
        self._last = None

    def verify(self, sign, data):
-        crypto.verify(self.cert, sign, data, 'sha1')
+        crypto.verify(self.cert, sign, data, 'sha512')

    seqno_struct = struct.Struct("!L")