From 4d7a496ae2dff956d473b2951f4232b45cbf6d1a Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Fri, 18 Oct 2019 16:12:26 +0200 Subject: Change origin-id/id algo Hash twice. Use HMAC SHA256 from glib. --- src/xmpp/connection.c | 20 ++++++++++---------- src/xmpp/message.c | 23 +++++++++++++++++++---- 2 files changed, 29 insertions(+), 14 deletions(-) (limited to 'src/xmpp') diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c index cfa9db21..e35f19ff 100644 --- a/src/xmpp/connection.c +++ b/src/xmpp/connection.c @@ -462,8 +462,12 @@ connection_create_stanza_id(void) assert(msgid != NULL); + gchar *hmac = g_compute_hmac_for_string(G_CHECKSUM_SHA256, + (guchar*)prof_identifier, strlen(prof_identifier), + msgid, strlen(msgid)); + GString *signature = g_string_new(""); - g_string_printf(signature, "%s%s", msgid, prof_identifier); + g_string_printf(signature, "%s%s", msgid, hmac); char *b64 = g_base64_encode((unsigned char*)signature->str, signature->len); g_string_free(signature, TRUE); @@ -666,17 +670,13 @@ static void _random_bytes_close(void) static void _calculate_identifier(const char *barejid) { - unsigned char *digest = (unsigned char*)malloc(XMPP_SHA1_DIGEST_SIZE); - assert(digest != NULL); - - GString *inp = g_string_new(""); - g_string_printf(inp, "%s%s", random_bytes, barejid); - xmpp_sha1_digest((unsigned char*)inp->str, strlen(inp->str), digest); - g_string_free(inp, TRUE); + gchar *hmac = g_compute_hmac_for_string(G_CHECKSUM_SHA256, + (guchar*)random_bytes, strlen(random_bytes), + barejid, strlen(barejid)); - char *b64 = g_base64_encode(digest, XMPP_SHA1_DIGEST_SIZE); + char *b64 = g_base64_encode((guchar*)hmac, XMPP_SHA1_DIGEST_SIZE); assert(b64 != NULL); - free(digest); + g_free(hmac); prof_identifier = b64; } diff --git a/src/xmpp/message.c b/src/xmpp/message.c index 78364ca2..cf521237 100644 --- a/src/xmpp/message.c +++ b/src/xmpp/message.c @@ -1159,7 +1159,10 @@ _send_message_stanza(xmpp_stanza_t *const stanza) xmpp_free(connection_get_ctx(), text); } -bool message_is_sent_by_us(ProfMessage *message) { +bool +message_is_sent_by_us(ProfMessage *message) { + bool ret = FALSE; + // we check the for this we calculate a hash into it so we can detect // whether this client sent it. See connection_create_stanza_id() if (message->id != NULL) { @@ -1167,10 +1170,22 @@ bool message_is_sent_by_us(ProfMessage *message) { char *tmp = (char*)g_base64_decode(message->id, &tmp_len); // our client sents at least 10 for the identifier + random message bytes - if ((tmp_len > 10) || (g_strcmp0(&tmp[10], connection_get_profanity_identifier()) == 0)) { - return TRUE; + if (tmp_len > 10) { + char *msgid = g_strndup(tmp, 10); + char *prof_identifier = connection_get_profanity_identifier(); + + gchar *hmac = g_compute_hmac_for_string(G_CHECKSUM_SHA256, + (guchar*)prof_identifier, strlen(prof_identifier), + msgid, strlen(msgid)); + + g_free(msgid); + + if (g_strcmp0(&tmp[10], hmac) == 0) { + ret = TRUE; + } } + free(tmp); } - return FALSE; + return ret; } -- cgit 1.4.1-2-gfad0