[freenet-cvs] r12637 - trunk/freenet/src/freenet/keys

Fri, 13 Apr 2007 16:27:33 +0000 (UTC) 

Author: toad
Date: 2007-04-13 16:27:33 +0000 (Fri, 13 Apr 2007)
New Revision: 12637

Modified:
   trunk/freenet/src/freenet/keys/ClientCHK.java
   trunk/freenet/src/freenet/keys/ClientSSK.java
   trunk/freenet/src/freenet/keys/Key.java
Log:
Infrastructure for config option to disallow insecure CHKs and SSKs.

Modified: trunk/freenet/src/freenet/keys/ClientCHK.java
===================================================================
--- trunk/freenet/src/freenet/keys/ClientCHK.java       2007-04-13 16:17:03 UTC 
(rev 12636)
+++ trunk/freenet/src/freenet/keys/ClientCHK.java       2007-04-13 16:27:33 UTC 
(rev 12637)
@@ -72,7 +72,7 @@
         // byte 0 is reserved, for now
         cryptoAlgorithm = extra[1];
                if((!(cryptoAlgorithm == Key.ALGO_AES_PCFB_256_SHA256 ||
-                               cryptoAlgorithm == 
Key.ALGO_INSECURE_AES_PCFB_256_SHA256)))
+                               (Key.ALLOW_INSECURE_CLIENT_CHKS && 
cryptoAlgorithm == Key.ALGO_INSECURE_AES_PCFB_256_SHA256))))
                        throw new MalformedURLException("Invalid crypto 
algorithm");
         controlDocument = (extra[2] & 0x02) != 0;
         compressionAlgorithm = (short)(((extra[3] & 0xff) << 8) + (extra[4] & 
0xff));
@@ -89,7 +89,7 @@
                // byte 0 is reserved, for now
         cryptoAlgorithm = extra[1];
                if((!(cryptoAlgorithm == Key.ALGO_AES_PCFB_256_SHA256 ||
-                               cryptoAlgorithm == 
Key.ALGO_INSECURE_AES_PCFB_256_SHA256)))
+                               (Key.ALLOW_INSECURE_CLIENT_CHKS && 
cryptoAlgorithm == Key.ALGO_INSECURE_AES_PCFB_256_SHA256))))
                        throw new MalformedURLException("Invalid crypto 
algorithm");
         compressionAlgorithm = (short)(((extra[3] & 0xff) << 8) + (extra[4] & 
0xff));
         controlDocument = (extra[2] & 0x02) != 0;

Modified: trunk/freenet/src/freenet/keys/ClientSSK.java
===================================================================
--- trunk/freenet/src/freenet/keys/ClientSSK.java       2007-04-13 16:17:03 UTC 
(rev 12636)
+++ trunk/freenet/src/freenet/keys/ClientSSK.java       2007-04-13 16:27:33 UTC 
(rev 12637)
@@ -43,7 +43,7 @@
                        throw new MalformedURLException("Extra bytes too short: 
"+extras.length+" bytes");
                this.cryptoAlgorithm = extras[2];
                if(!(cryptoAlgorithm == Key.ALGO_AES_PCFB_256_SHA256 ||
-                               cryptoAlgorithm == 
Key.ALGO_INSECURE_AES_PCFB_256_SHA256))
+                               (Key.ALLOW_INSECURE_CLIENT_SSKS && 
cryptoAlgorithm == Key.ALGO_INSECURE_AES_PCFB_256_SHA256)))
                        throw new MalformedURLException("Unknown encryption 
algorithm "+cryptoAlgorithm);
                if(!Arrays.equals(extras, getExtraBytes()))
                        throw new MalformedURLException("Wrong extra bytes");

Modified: trunk/freenet/src/freenet/keys/Key.java
===================================================================
--- trunk/freenet/src/freenet/keys/Key.java     2007-04-13 16:17:03 UTC (rev 
12636)
+++ trunk/freenet/src/freenet/keys/Key.java     2007-04-13 16:27:33 UTC (rev 
12637)
@@ -38,6 +38,9 @@
     /** Code for old, insecure (only encrypts first 128 bits of block) 256-bit 
AES with PCFB and SHA-256.
      * FIXME: REMOVE!! */
        static final byte ALGO_INSECURE_AES_PCFB_256_SHA256 = 1;
+       
+       static boolean ALLOW_INSECURE_CLIENT_CHKS;
+       static boolean ALLOW_INSECURE_CLIENT_SSKS;

     protected Key(byte[] routingKey) {
        this.routingKey = routingKey;

Reply via email to