From 3e725e2a984c93398e5d1d574f3ceb8119fc927a Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Sat, 4 Jan 2014 16:37:33 -0800 Subject: [PATCH] Change self-signed cert fingerprint to 80 bits of SHA-256. More secondary preimage resistance. Also better docs and less vague and less promoted Android UI. Feedback from Adam Langley, but likely misinterpreted. Change-Id: I3bf1029b6fc07c0b8dab2af44926aa87b0d4cbad --- .gitignore | 1 + clients/android/res/values/strings.xml | 4 ++-- clients/android/res/xml/preferences.xml | 13 +++++++------ .../src/org/camlistore/SettingsActivity.java | 2 +- .../android/src/org/camlistore/UploadThread.java | 2 +- pkg/client/client.go | 2 +- pkg/misc/misc.go | 12 ++++++------ server/camlistored/camlistored.go | 6 +++--- website/content/docs/client-config | 2 +- 9 files changed, 23 insertions(+), 21 deletions(-) diff --git a/.gitignore b/.gitignore index 246ed5874..68899ebb8 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ server/camlistored/newui/all.js server/camlistored/newui/all.js.map server/camlistored/newui/zembed_all.js.go server/appengine/source_root/ +config/selfgen_pem* diff --git a/clients/android/res/values/strings.xml b/clients/android/res/values/strings.xml index c72007327..b49633dfe 100644 --- a/clients/android/res/values/strings.xml +++ b/clients/android/res/values/strings.xml @@ -4,7 +4,7 @@ Camlistore Uploader Camlistore server e.g. https://foo.example.com or "example.com:3179" - Self-signed certificate + Self-signed cert fingerprint The fingerprint of your self-signed certificate. Not needed for commercial certs. Username Password @@ -30,4 +30,4 @@ Browse Results - \ No newline at end of file + diff --git a/clients/android/res/xml/preferences.xml b/clients/android/res/xml/preferences.xml index 87c09004a..1ab18cd77 100644 --- a/clients/android/res/xml/preferences.xml +++ b/clients/android/res/xml/preferences.xml @@ -7,11 +7,6 @@ android:persistent="true" android:summary="@string/settings_host_summary" android:title="@string/settings_host_title" /> - + + - \ No newline at end of file + diff --git a/clients/android/src/org/camlistore/SettingsActivity.java b/clients/android/src/org/camlistore/SettingsActivity.java index c4d6cdf9e..bdad65544 100644 --- a/clients/android/src/org/camlistore/SettingsActivity.java +++ b/clients/android/src/org/camlistore/SettingsActivity.java @@ -230,7 +230,7 @@ public class SettingsActivity extends PreferenceActivity { if (value != null && value.length() > 0) { trustedCertPref.setSummary(value); } else { - trustedCertPref.setSummary(""); + trustedCertPref.setSummary(""); } } diff --git a/clients/android/src/org/camlistore/UploadThread.java b/clients/android/src/org/camlistore/UploadThread.java index a3133b4d7..47e146427 100644 --- a/clients/android/src/org/camlistore/UploadThread.java +++ b/clients/android/src/org/camlistore/UploadThread.java @@ -56,7 +56,7 @@ public class UploadThread extends Thread { public UploadThread(UploadService uploadService, HostPort hp, String trustedCert, String username, String password) { mService = uploadService; mHostPort = hp; - mTrustedCert = trustedCert; + mTrustedCert = trustedCert != null ? trustedCert.toLowerCase().trim() : ""; mUsername = username; mPassword = password; } diff --git a/pkg/client/client.go b/pkg/client/client.go index 6462ad333..b0040791b 100644 --- a/pkg/client/client.go +++ b/pkg/client/client.go @@ -794,7 +794,7 @@ func (c *Client) DialFunc() func(network, addr string) (net.Conn, error) { if certs == nil || len(certs) < 1 { return nil, errors.New("Could not get server's certificate from the TLS connection.") } - sig := misc.SHA1Prefix(certs[0].Raw) + sig := misc.SHA256Prefix(certs[0].Raw) for _, v := range trustedCerts { if v == sig { return conn, nil diff --git a/pkg/misc/misc.go b/pkg/misc/misc.go index b588e1422..785bf9827 100644 --- a/pkg/misc/misc.go +++ b/pkg/misc/misc.go @@ -20,14 +20,14 @@ limitations under the License. package misc import ( - "crypto/sha1" + "crypto/sha256" "fmt" ) -// SHA1Prefix computes the SHA-1 digest of data and returns -// the first ten digits of its lowercase hex string. -func SHA1Prefix(data []byte) string { - h := sha1.New() +// SHA256Prefix computes the SHA-256 digest of data and returns +// its first twenty lowercase hex digits. +func SHA256Prefix(data []byte) string { + h := sha256.New() h.Write(data) - return fmt.Sprintf("%x", h.Sum(nil))[:10] + return fmt.Sprintf("%x", h.Sum(nil))[:20] } diff --git a/server/camlistored/camlistored.go b/server/camlistored/camlistored.go index ca5ea4371..4d090afa1 100644 --- a/server/camlistored/camlistored.go +++ b/server/camlistored/camlistored.go @@ -176,7 +176,7 @@ func genSelfTLS(listen string) error { if err != nil { return fmt.Errorf("Failed to parse certificate: %v", err) } - sig := misc.SHA1Prefix(cert.Raw) + sig := misc.SHA256Prefix(cert.Raw) hint := "You must add this certificate's fingerprint to your client's trusted certs list to use it. Like so:\n" + `"trustedCerts": ["` + sig + `"],` log.Printf(hint) @@ -365,8 +365,8 @@ func setupTLS(ws *webserver.Server, config *serverconfig.Config, listen string) if err != nil { exitf("Failed to parse certificate: %v", err) } - sig := misc.SHA1Prefix(certif.Raw) - log.Printf("TLS enabled, with certificate fingerprint: %v", sig) + sig := misc.SHA256Prefix(certif.Raw) + log.Printf("TLS enabled, with SHA-256 certificate fingerprint: %v", sig) ws.SetTLS(cert, key) } diff --git a/website/content/docs/client-config b/website/content/docs/client-config index bb212d26c..9cc6013fc 100644 --- a/website/content/docs/client-config +++ b/website/content/docs/client-config @@ -19,7 +19,7 @@ If the server is not on the same host, it is highly recommended to use TLS or an
  • identitySecretRing: Optional. If non-empty, it specifies the location of your GPG secret keyring. Defaults to $HOME/.config/camlistore/identity-secring.gpg. See camput init for help on how to generate a new keypair.
    • -
  • trustedCerts: Optional. The list of TLS server certificates fingerprints (truncated at 10 digits) that the client will trust blindly when using https. It is required when the server is using a self-signed certificate. Example: "trustedCerts": ["ffc7730f4b"].
    • +
  • trustedCerts: Optional. This is the list of TLS server certificate fingerprints that the client will trust when using HTTPS. It is required when the server is using a self-signed certificate (as Camlistore generates by default) instead of a Root Certificate Authority-signed cert (sometimes known as a "commercial SSL cert"). The format of each item is the first 20 hex digits of the SHA-256 digest of the cert. Example: "trustedCerts": ["ffc7730f4bf00ba4bad0"]
  • ignoredFiles: Optional. The list of of files that camput should ignore and not try to upload when using -filenodes.