author | Michael Krelin <hacker@klever.net> | 2009-04-06 20:27:39 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2009-04-06 20:27:39 (UTC) |
commit | 51d8a8a4ac6ef6096c393fd602df34c6bf8f6366 (patch) (side-by-side diff) | |
tree | 8126f60fac6562b14c965e41d19983d81312638a /src/eyefiservice.cc | |
parent | de964540e5a58b3a9195c642ef7a0745ee3b2344 (diff) | |
download | iii-51d8a8a4ac6ef6096c393fd602df34c6bf8f6366.zip iii-51d8a8a4ac6ef6096c393fd602df34c6bf8f6366.tar.gz iii-51d8a8a4ac6ef6096c393fd602df34c6bf8f6366.tar.bz2 |
better nonce generation and session credentials verification
based on the patch from Chris Davies
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | src/eyefiservice.cc | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/src/eyefiservice.cc b/src/eyefiservice.cc index d233a07..1a21c02 100644 --- a/src/eyefiservice.cc +++ b/src/eyefiservice.cc @@ -6,10 +6,13 @@ #include <syslog.h> #include <sys/wait.h> #include <autosprintf.h> +#include <openssl/rand.h> #include "eyekinfig.h" #include "eyetil.h" #include "soapeyefiService.h" +static binary_t session_nonce; + static bool detached_child() { pid_t p = fork(); if(p<0) throw std::runtime_error("failed to fork()"); @@ -46,9 +49,8 @@ int eyefiService::StartSession( macaddress.c_str(), cnonce.c_str(), transfermode, transfermodetimestamp ); #endif r.credential = binary_t(macaddress+cnonce+eyekinfig_t(macaddress).get_upload_key()).md5().hex(); - /* TODO: better nonce generator */ - time_t t = time(0); - r.snonce = binary_t(&t,sizeof(t)).md5().hex(); + + r.snonce = session_nonce.make_nonce().hex(); r.transfermode=transfermode; r.transfermodetimestamp=transfermodetimestamp; r.upsyncallowed=false; @@ -74,9 +76,18 @@ int eyefiService::GetPhotoStatus( struct rns__GetPhotoStatusResponse &r ) { #ifndef NDEBUG syslog(LOG_DEBUG, - "GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s", - macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str() ); + "GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s; session nonce=%s", + macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str(), session_nonce.hex().c_str() ); +#endif + + std::string computed_credential = binary_t(macaddress+eyekinfig_t(macaddress).get_upload_key()+session_nonce.hex()).md5().hex(); + +#ifndef NDEBUG + syslog(LOG_DEBUG, " computed credential=%s", computed_credential.c_str()); #endif + + if (credential != computed_credential) throw std::runtime_error("card authentication failed"); + r.fileid = 1; r.offset = 0; return SOAP_OK; } |