about summary refs log tree commit diff stats
path: root/src/xmpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/xmpp')
-rw-r--r--src/xmpp/connection.c20
-rw-r--r--src/xmpp/message.c23
2 files changed, 29 insertions, 14 deletions
diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c
index cfa9db21..e35f19ff 100644
--- a/src/xmpp/connection.c
+++ b/src/xmpp/connection.c
@@ -462,8 +462,12 @@ connection_create_stanza_id(void)
 
     assert(msgid != NULL);
 
+    gchar *hmac = g_compute_hmac_for_string(G_CHECKSUM_SHA256,
+            (guchar*)prof_identifier, strlen(prof_identifier),
+            msgid, strlen(msgid));
+
     GString *signature = g_string_new("");
-    g_string_printf(signature, "%s%s", msgid, prof_identifier);
+    g_string_printf(signature, "%s%s", msgid, hmac);
 
     char *b64 = g_base64_encode((unsigned char*)signature->str, signature->len);
     g_string_free(signature, TRUE);
@@ -666,17 +670,13 @@ static void _random_bytes_close(void)
 
 static void _calculate_identifier(const char *barejid)
 {
-    unsigned char *digest = (unsigned char*)malloc(XMPP_SHA1_DIGEST_SIZE);
-    assert(digest != NULL);
-
-    GString *inp = g_string_new("");
-    g_string_printf(inp, "%s%s", random_bytes, barejid);
-    xmpp_sha1_digest((unsigned char*)inp->str, strlen(inp->str), digest);
-    g_string_free(inp, TRUE);
+    gchar *hmac = g_compute_hmac_for_string(G_CHECKSUM_SHA256,
+            (guchar*)random_bytes, strlen(random_bytes),
+            barejid, strlen(barejid));
 
-    char *b64 = g_base64_encode(digest, XMPP_SHA1_DIGEST_SIZE);
+    char *b64 = g_base64_encode((guchar*)hmac, XMPP_SHA1_DIGEST_SIZE);
     assert(b64 != NULL);
-    free(digest);
+    g_free(hmac);
 
     prof_identifier = b64;
 }
diff --git a/src/xmpp/message.c b/src/xmpp/message.c
index 78364ca2..cf521237 100644
--- a/src/xmpp/message.c
+++ b/src/xmpp/message.c
@@ -1159,7 +1159,10 @@ _send_message_stanza(xmpp_stanza_t *const stanza)
     xmpp_free(connection_get_ctx(), text);
 }
 
-bool message_is_sent_by_us(ProfMessage *message) {
+bool
+message_is_sent_by_us(ProfMessage *message) {
+    bool ret = FALSE;
+
     // we check the </origin-id> for this we calculate a hash into it so we can detect
     // whether this client sent it. See connection_create_stanza_id()
     if (message->id != NULL) {
@@ -1167,10 +1170,22 @@ bool message_is_sent_by_us(ProfMessage *message) {
         char *tmp = (char*)g_base64_decode(message->id, &tmp_len);
 
         // our client sents at least 10 for the identifier + random message bytes
-        if ((tmp_len > 10) || (g_strcmp0(&tmp[10], connection_get_profanity_identifier()) == 0)) {
-            return TRUE;
+        if (tmp_len > 10) {
+            char *msgid = g_strndup(tmp, 10);
+            char *prof_identifier = connection_get_profanity_identifier();
+
+            gchar *hmac = g_compute_hmac_for_string(G_CHECKSUM_SHA256,
+                    (guchar*)prof_identifier, strlen(prof_identifier),
+                    msgid, strlen(msgid));
+
+            g_free(msgid);
+
+            if (g_strcmp0(&tmp[10], hmac) == 0) {
+                ret = TRUE;
+            }
         }
+        free(tmp);
     }
 
-    return  FALSE;
+    return  ret;
 }
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2025-01-26 23:25:36 +0000