-rw-r--r-- | AUTHORS | 1 | ||||
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | src/Makefile.am | 4 | ||||
-rw-r--r-- | src/eyefiservice.cc | 21 | ||||
-rw-r--r-- | src/eyetil.cc | 17 | ||||
-rw-r--r-- | src/eyetil.h | 1 |
6 files changed, 43 insertions, 7 deletions
@@ -9 +9,2 @@ cdavies of Eye-Fi forums for integrity digest verification algorithm. See http://forums.eye.fi/viewtopic.php?f=4&t=270&p=4074#p4074 + and session nonce verification patch diff --git a/configure.ac b/configure.ac index 2e66fc4..515d465 100644 --- a/configure.ac +++ b/configure.ac @@ -17,2 +17,8 @@ PKG_CHECK_MODULES([MODULES],[gsoap++ openssl libconfuse],,[ ]) +PKG_CHECK_MODULES([UUID],[uuid],[have_uuid=true],[have_uuid=false]) +AM_CONDITIONAL([HAVE_UUID],[$have_uuid]) +if $have_uuid ; then + AC_DEFINE([HAVE_LIBUUID],,[defined in presence of libuuid]) + AC_SUBST([UUID_UUID],[uuid]) +fi diff --git a/src/Makefile.am b/src/Makefile.am index 09f698e..b5b7d5c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -9,3 +9,3 @@ AM_CPPFLAGS = ${CPPFLAGS_DEBUG} \ DEFAULT_INCLUDES = -I${top_builddir} -I${builddir} -I${srcdir} -INCLUDES = ${MODULES_CFLAGS} +INCLUDES = ${MODULES_CFLAGS} ${UUID_CFLAGS} @@ -17,3 +17,3 @@ nodist_iiid_SOURCES = \ COPYING.cc -iiid_LDADD = ${MODULES_LIBS} +iiid_LDADD = ${MODULES_LIBS} ${UUID_LIBS} diff --git a/src/eyefiservice.cc b/src/eyefiservice.cc index d233a07..1a21c02 100644 --- a/src/eyefiservice.cc +++ b/src/eyefiservice.cc @@ -8,2 +8,3 @@ #include <autosprintf.h> +#include <openssl/rand.h> #include "eyekinfig.h" @@ -12,2 +13,4 @@ +static binary_t session_nonce; + static bool detached_child() { @@ -48,5 +51,4 @@ int eyefiService::StartSession( r.credential = binary_t(macaddress+cnonce+eyekinfig_t(macaddress).get_upload_key()).md5().hex(); - /* TODO: better nonce generator */ - time_t t = time(0); - r.snonce = binary_t(&t,sizeof(t)).md5().hex(); + + r.snonce = session_nonce.make_nonce().hex(); r.transfermode=transfermode; @@ -76,5 +78,14 @@ int eyefiService::GetPhotoStatus( syslog(LOG_DEBUG, - "GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s", - macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str() ); + "GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s; session nonce=%s", + macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str(), session_nonce.hex().c_str() ); +#endif + + std::string computed_credential = binary_t(macaddress+eyekinfig_t(macaddress).get_upload_key()+session_nonce.hex()).md5().hex(); + +#ifndef NDEBUG + syslog(LOG_DEBUG, " computed credential=%s", computed_credential.c_str()); #endif + + if (credential != computed_credential) throw std::runtime_error("card authentication failed"); + r.fileid = 1; r.offset = 0; diff --git a/src/eyetil.cc b/src/eyetil.cc index fe816a6..7669cb6 100644 --- a/src/eyetil.cc +++ b/src/eyetil.cc @@ -11,2 +11,7 @@ +#include "config.h" +#ifdef HAVE_LIBUUID +# include <uuid/uuid.h> +#endif + binary_t& binary_t::from_hex(const std::string& h) { @@ -34,2 +39,14 @@ binary_t& binary_t::from_data(const void *d,size_t s) { +binary_t& binary_t::make_nonce() { +#ifdef HAVE_LIBUUID + uuid_t uuid; + uuid_generate(uuid); + from_data((unsigned char*)uuid,sizeof(uuid)); +#else + resize(16); + std::generate_n(begin(),16,rand); +#endif /* HAVE_LIBUUID */ + return *this; +} + std::string binary_t::hex() const { diff --git a/src/eyetil.h b/src/eyetil.h index 378f703..d946e71 100644 --- a/src/eyetil.h +++ b/src/eyetil.h @@ -17,2 +17,3 @@ class binary_t : public std::vector<unsigned char> { binary_t& from_data(const void *d,size_t s); + binary_t& make_nonce(); |