aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Data
diff options
context:
space:
mode:
authorJustin Clark-Casey (justincc)2012-03-06 00:14:21 +0000
committerJustin Clark-Casey (justincc)2012-03-06 00:14:21 +0000
commit441449e240ffceef4322661ad936928d98e3f724 (patch)
tree9a0172f705208096e3e3b208291522965c243576 /OpenSim/Data
parentremove unnecessary hash local variable (diff)
downloadopensim-SC_OLD-441449e240ffceef4322661ad936928d98e3f724.zip
opensim-SC_OLD-441449e240ffceef4322661ad936928d98e3f724.tar.gz
opensim-SC_OLD-441449e240ffceef4322661ad936928d98e3f724.tar.bz2
opensim-SC_OLD-441449e240ffceef4322661ad936928d98e3f724.tar.xz
Switch to sha256 from sha1 in order to avoid future asset hash collisions.
Some successful collision attacks have been carried out on sha1 with speculation that more are possible. http://en.wikipedia.org/wiki/Cryptographic_hash_function#Cryptographic_hash_algorithms No successful attacks have been shown on sha256, which makes it less likely that anybody will be able to engineer an asset hash collision in the future. Tradeoff is more storage required for hashes, and more cpu to hash, though this is neglible compared to db operations and network access.
Diffstat (limited to 'OpenSim/Data')
-rw-r--r--OpenSim/Data/MySQL/MySQLXAssetData.cs22
-rw-r--r--OpenSim/Data/MySQL/Resources/XAssetStore.migrations4
2 files changed, 17 insertions, 9 deletions
diff --git a/OpenSim/Data/MySQL/MySQLXAssetData.cs b/OpenSim/Data/MySQL/MySQLXAssetData.cs
index 0aff618..4cb89fa 100644
--- a/OpenSim/Data/MySQL/MySQLXAssetData.cs
+++ b/OpenSim/Data/MySQL/MySQLXAssetData.cs
@@ -31,6 +31,7 @@ using System.Data;
31using System.IO; 31using System.IO;
32using System.IO.Compression; 32using System.IO.Compression;
33using System.Reflection; 33using System.Reflection;
34using System.Security.Cryptography;
34using System.Text; 35using System.Text;
35using log4net; 36using log4net;
36using MySql.Data.MySqlClient; 37using MySql.Data.MySqlClient;
@@ -44,15 +45,20 @@ namespace OpenSim.Data.MySQL
44 { 45 {
45 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType); 46 private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
46 47
47 private bool m_enableCompression = false;
48 private string m_connectionString;
49 private object m_dbLock = new object();
50
51 protected virtual Assembly Assembly 48 protected virtual Assembly Assembly
52 { 49 {
53 get { return GetType().Assembly; } 50 get { return GetType().Assembly; }
54 } 51 }
55 52
53 private bool m_enableCompression = false;
54 private string m_connectionString;
55 private object m_dbLock = new object();
56
57 /// <summary>
58 /// We can reuse this for all hashing since all methods are single-threaded through m_dbBLock
59 /// </summary>
60 private HashAlgorithm hasher = new SHA256CryptoServiceProvider();
61
56 #region IPlugin Members 62 #region IPlugin Members
57 63
58 public override string Version { get { return "1.0.0.0"; } } 64 public override string Version { get { return "1.0.0.0"; } }
@@ -213,7 +219,7 @@ namespace OpenSim.Data.MySQL
213 } 219 }
214 } 220 }
215 221
216 string hash = Util.SHA1Hash(asset.Data); 222 byte[] hash = hasher.ComputeHash(asset.Data);
217 223
218// m_log.DebugFormat( 224// m_log.DebugFormat(
219// "[XASSET DB]: Compressed data size for {0} {1}, hash {2} is {3}", 225// "[XASSET DB]: Compressed data size for {0} {1}, hash {2} is {3}",
@@ -328,7 +334,7 @@ namespace OpenSim.Data.MySQL
328 /// <param name="transaction"></param> 334 /// <param name="transaction"></param>
329 /// <param name="hash"></param> 335 /// <param name="hash"></param>
330 /// <returns></returns> 336 /// <returns></returns>
331 private bool ExistsData(MySqlConnection dbcon, MySqlTransaction transaction, string hash) 337 private bool ExistsData(MySqlConnection dbcon, MySqlTransaction transaction, byte[] hash)
332 { 338 {
333// m_log.DebugFormat("[ASSETS DB]: Checking for asset {0}", uuid); 339// m_log.DebugFormat("[ASSETS DB]: Checking for asset {0}", uuid);
334 340
@@ -438,7 +444,9 @@ namespace OpenSim.Data.MySQL
438 metadata.Flags = (AssetFlags)Convert.ToInt32(dbReader["asset_flags"]); 444 metadata.Flags = (AssetFlags)Convert.ToInt32(dbReader["asset_flags"]);
439 metadata.FullID = DBGuid.FromDB(dbReader["id"]); 445 metadata.FullID = DBGuid.FromDB(dbReader["id"]);
440 metadata.CreatorID = dbReader["creator_id"].ToString(); 446 metadata.CreatorID = dbReader["creator_id"].ToString();
441 metadata.SHA1 = Encoding.Default.GetBytes((string)dbReader["hash"]); 447
448 // We'll ignore this for now - it appears unused!
449// metadata.SHA1 = dbReader["hash"]);
442 450
443 retList.Add(metadata); 451 retList.Add(metadata);
444 } 452 }
diff --git a/OpenSim/Data/MySQL/Resources/XAssetStore.migrations b/OpenSim/Data/MySQL/Resources/XAssetStore.migrations
index b89eab2..d3cca5e 100644
--- a/OpenSim/Data/MySQL/Resources/XAssetStore.migrations
+++ b/OpenSim/Data/MySQL/Resources/XAssetStore.migrations
@@ -5,7 +5,7 @@ BEGIN;
5 5
6CREATE TABLE `xassetsmeta` ( 6CREATE TABLE `xassetsmeta` (
7 `id` char(36) NOT NULL, 7 `id` char(36) NOT NULL,
8 `hash` char(64) NOT NULL, 8 `hash` binary(32) NOT NULL,
9 `name` varchar(64) NOT NULL, 9 `name` varchar(64) NOT NULL,
10 `description` varchar(64) NOT NULL, 10 `description` varchar(64) NOT NULL,
11 `asset_type` tinyint(4) NOT NULL, 11 `asset_type` tinyint(4) NOT NULL,
@@ -19,7 +19,7 @@ CREATE TABLE `xassetsmeta` (
19) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Version 1'; 19) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Version 1';
20 20
21CREATE TABLE `xassetsdata` ( 21CREATE TABLE `xassetsdata` (
22 `hash` char(64) NOT NULL, 22 `hash` binary(32) NOT NULL,
23 `data` longblob NOT NULL, 23 `data` longblob NOT NULL,
24 PRIMARY KEY (`hash`) 24 PRIMARY KEY (`hash`)
25) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Version 1'; 25) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Version 1';