From 441449e240ffceef4322661ad936928d98e3f724 Mon Sep 17 00:00:00 2001 From: "Justin Clark-Casey (justincc)" Date: Tue, 6 Mar 2012 00:14:21 +0000 Subject: [PATCH] Switch to sha256 from sha1 in order to avoid future asset hash collisions. Some successful collision attacks have been carried out on sha1 with speculation that more are possible. http://en.wikipedia.org/wiki/Cryptographic_hash_function#Cryptographic_hash_algorithms No successful attacks have been shown on sha256, which makes it less likely that anybody will be able to engineer an asset hash collision in the future. Tradeoff is more storage required for hashes, and more cpu to hash, though this is neglible compared to db operations and network access. --- OpenSim/Data/MySQL/MySQLXAssetData.cs | 22 +++++++++++++------ .../MySQL/Resources/XAssetStore.migrations | 4 ++-- prebuild.xml | 3 ++- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/OpenSim/Data/MySQL/MySQLXAssetData.cs b/OpenSim/Data/MySQL/MySQLXAssetData.cs index 0aff61824b..4cb89fa9e3 100644 --- a/OpenSim/Data/MySQL/MySQLXAssetData.cs +++ b/OpenSim/Data/MySQL/MySQLXAssetData.cs @@ -31,6 +31,7 @@ using System.Data; using System.IO; using System.IO.Compression; using System.Reflection; +using System.Security.Cryptography; using System.Text; using log4net; using MySql.Data.MySqlClient; @@ -44,15 +45,20 @@ namespace OpenSim.Data.MySQL { private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); - private bool m_enableCompression = false; - private string m_connectionString; - private object m_dbLock = new object(); - protected virtual Assembly Assembly { get { return GetType().Assembly; } } + private bool m_enableCompression = false; + private string m_connectionString; + private object m_dbLock = new object(); + + /// + /// We can reuse this for all hashing since all methods are single-threaded through m_dbBLock + /// + private HashAlgorithm hasher = new SHA256CryptoServiceProvider(); + #region IPlugin Members public override string Version { get { return "1.0.0.0"; } } @@ -213,7 +219,7 @@ namespace OpenSim.Data.MySQL } } - string hash = Util.SHA1Hash(asset.Data); + byte[] hash = hasher.ComputeHash(asset.Data); // m_log.DebugFormat( // "[XASSET DB]: Compressed data size for {0} {1}, hash {2} is {3}", @@ -328,7 +334,7 @@ namespace OpenSim.Data.MySQL /// /// /// - private bool ExistsData(MySqlConnection dbcon, MySqlTransaction transaction, string hash) + private bool ExistsData(MySqlConnection dbcon, MySqlTransaction transaction, byte[] hash) { // m_log.DebugFormat("[ASSETS DB]: Checking for asset {0}", uuid); @@ -438,7 +444,9 @@ namespace OpenSim.Data.MySQL metadata.Flags = (AssetFlags)Convert.ToInt32(dbReader["asset_flags"]); metadata.FullID = DBGuid.FromDB(dbReader["id"]); metadata.CreatorID = dbReader["creator_id"].ToString(); - metadata.SHA1 = Encoding.Default.GetBytes((string)dbReader["hash"]); + + // We'll ignore this for now - it appears unused! +// metadata.SHA1 = dbReader["hash"]); retList.Add(metadata); } diff --git a/OpenSim/Data/MySQL/Resources/XAssetStore.migrations b/OpenSim/Data/MySQL/Resources/XAssetStore.migrations index b89eab27f5..d3cca5e884 100644 --- a/OpenSim/Data/MySQL/Resources/XAssetStore.migrations +++ b/OpenSim/Data/MySQL/Resources/XAssetStore.migrations @@ -5,7 +5,7 @@ BEGIN; CREATE TABLE `xassetsmeta` ( `id` char(36) NOT NULL, - `hash` char(64) NOT NULL, + `hash` binary(32) NOT NULL, `name` varchar(64) NOT NULL, `description` varchar(64) NOT NULL, `asset_type` tinyint(4) NOT NULL, @@ -19,7 +19,7 @@ CREATE TABLE `xassetsmeta` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Version 1'; CREATE TABLE `xassetsdata` ( - `hash` char(64) NOT NULL, + `hash` binary(32) NOT NULL, `data` longblob NOT NULL, PRIMARY KEY (`hash`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Version 1'; diff --git a/prebuild.xml b/prebuild.xml index 79814ac2b2..030d232898 100644 --- a/prebuild.xml +++ b/prebuild.xml @@ -2051,9 +2051,10 @@ ../../../bin/ - + +