From 7a6dd815fe045499d2861331924e0e02710392d4 Mon Sep 17 00:00:00 2001 From: Andy Holmes Date: Sun, 24 Sep 2023 21:33:23 -0700 Subject: [PATCH 1/2] refactor(device): sign certificates with SHA256 Emulate KDE Connect by specifying that certificates should be signed with SHA256 (`GNUTLS_DIG_SHA256`). --- src/libvalent/device/valent-certificate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libvalent/device/valent-certificate.c b/src/libvalent/device/valent-certificate.c index 506a3fc5c2..08c89e053e 100644 --- a/src/libvalent/device/valent-certificate.c +++ b/src/libvalent/device/valent-certificate.c @@ -132,7 +132,7 @@ valent_certificate_generate (const char *cert_path, } /* Sign and export the certificate */ - if ((rc = gnutls_x509_crt_sign (crt, crt, privkey)) != GNUTLS_E_SUCCESS || + if ((rc = gnutls_x509_crt_sign2 (crt, crt, privkey, GNUTLS_DIG_SHA256, 0)) != GNUTLS_E_SUCCESS || (rc = gnutls_x509_crt_export2 (crt, GNUTLS_X509_FMT_PEM, &out)) != GNUTLS_E_SUCCESS) { g_set_error (error, From f997b0b8146e3e8334772f6486f06b031d0ac8f1 Mon Sep 17 00:00:00 2001 From: Andy Holmes Date: Sun, 24 Sep 2023 21:33:23 -0700 Subject: [PATCH 2/2] refactor(bluez): include TLS certificate in identity packet --- .../bluez/valent-bluez-channel-service.c | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/plugins/bluez/valent-bluez-channel-service.c b/src/plugins/bluez/valent-bluez-channel-service.c index 2e5ac2a02e..306ee67335 100644 --- a/src/plugins/bluez/valent-bluez-channel-service.c +++ b/src/plugins/bluez/valent-bluez-channel-service.c @@ -324,6 +324,35 @@ on_name_owner_changed (GDBusProxy *proxy, /* * ValentChannelService */ +static void +valent_bluez_channel_service_build_identity (ValentChannelService *service) +{ + ValentChannelServiceClass *klass; + g_autoptr (JsonNode) identity = NULL; + + g_assert (VALENT_IS_BLUEZ_CHANNEL_SERVICE (service)); + + /* Chain-up */ + klass = VALENT_CHANNEL_SERVICE_CLASS (valent_bluez_channel_service_parent_class); + klass->build_identity (service); + + /* Set the certificate on the packet */ + identity = valent_channel_service_ref_identity (service); + + if (identity != NULL) + { + g_autoptr (GTlsCertificate) certificate = NULL; + g_autofree char *certificate_pem = NULL; + JsonObject *body; + + certificate = valent_channel_service_ref_certificate (service); + g_object_get (certificate, "certificate-pem", &certificate_pem, NULL); + + body = valent_packet_get_body (identity); + json_object_set_string_member (body, "certificate", certificate_pem); + } +} + static void valent_bluez_channel_service_identify (ValentChannelService *service, const char *target) @@ -502,6 +531,7 @@ valent_bluez_channel_service_class_init (ValentBluezChannelServiceClass *klass) vobject_class->destroy = valent_bluez_channel_service_destroy; + service_class->build_identity = valent_bluez_channel_service_build_identity; service_class->identify = valent_bluez_channel_service_identify; }