6 files changed, 43 insertions, 7 deletions
diff --git a/AUTHORS b/AUTHORS
index 257669f..e7f9101 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -9 +9,2 @@ cdavies of Eye-Fi forums for integrity digest verification algorithm.
        See http://forums.eye.fi/viewtopic.php?f=4&t=270&p=4074#p4074
+        and session nonce verification patch
diff --git a/configure.ac b/configure.ac
index 2e66fc4..515d465 100644
--- a/configure.ac
+++ b/configure.ac
@@ -17,2 +17,8 @@ PKG_CHECK_MODULES([MODULES],[gsoap++ openssl libconfuse],,[
 ])
+PKG_CHECK_MODULES([UUID],[uuid],[have_uuid=true],[have_uuid=false])
+AM_CONDITIONAL([HAVE_UUID],[$have_uuid])
+if $have_uuid ; then
+ AC_DEFINE([HAVE_LIBUUID],,[defined in presence of libuuid])
+ AC_SUBST([UUID_UUID],[uuid])
+fi
diff --git a/src/Makefile.am b/src/Makefile.am
index 09f698e..b5b7d5c 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -9,3 +9,3 @@ AM_CPPFLAGS = ${CPPFLAGS_DEBUG} \
 DEFAULT_INCLUDES = -I${top_builddir} -I${builddir} -I${srcdir}
-INCLUDES = ${MODULES_CFLAGS}
+INCLUDES = ${MODULES_CFLAGS} ${UUID_CFLAGS}
@@ -17,3 +17,3 @@ nodist_iiid_SOURCES = \
        COPYING.cc
-iiid_LDADD = ${MODULES_LIBS}
+iiid_LDADD = ${MODULES_LIBS} ${UUID_LIBS}
diff --git a/src/eyefiservice.cc b/src/eyefiservice.cc
index d233a07..1a21c02 100644
--- a/src/eyefiservice.cc
+++ b/src/eyefiservice.cc
@@ -8,2 +8,3 @@
 #include <autosprintf.h>
+#include <openssl/rand.h>
 #include "eyekinfig.h"
@@ -12,2 +13,4 @@
+static binary_t session_nonce;
 static bool detached_child() {
@@ -48,5 +51,4 @@ int eyefiService::StartSession(
    r.credential = binary_t(macaddress+cnonce+eyekinfig_t(macaddress).get_upload_key()).md5().hex();
-    /* TODO: better nonce generator */
-    time_t t = time(0);
+    r.snonce = session_nonce.make_nonce().hex();
-    r.snonce = binary_t(&t,sizeof(t)).md5().hex();
    r.transfermode=transfermode;
@@ -76,5 +78,14 @@ int eyefiService::GetPhotoStatus(
    syslog(LOG_DEBUG,
-            "GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s",
+            "GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s; session nonce=%s",
-            macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str() );
+            macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str(), session_nonce.hex().c_str() );
+#endif
+    std::string computed_credential = binary_t(macaddress+eyekinfig_t(macaddress).get_upload_key()+session_nonce.hex()).md5().hex();
+#ifndef NDEBUG
+    syslog(LOG_DEBUG, " computed credential=%s", computed_credential.c_str());
 #endif
+    if (credential != computed_credential) throw std::runtime_error("card authentication failed");
    r.fileid = 1; r.offset = 0;
diff --git a/src/eyetil.cc b/src/eyetil.cc
index fe816a6..7669cb6 100644
--- a/src/eyetil.cc
+++ b/src/eyetil.cc
@@ -11,2 +11,7 @@
+#include "config.h"
+#ifdef HAVE_LIBUUID
+# include <uuid/uuid.h>
+#endif
 binary_t& binary_t::from_hex(const std::string& h) {
@@ -34,2 +39,14 @@ binary_t& binary_t::from_data(const void *d,size_t s) {
+binary_t& binary_t::make_nonce() {
+#ifdef HAVE_LIBUUID
+    uuid_t uuid;
+    uuid_generate(uuid);
+    from_data((unsigned char*)uuid,sizeof(uuid));
+#else
+    resize(16);
+    std::generate_n(begin(),16,rand);
+#endif /* HAVE_LIBUUID */
+    return *this;
+}
 std::string binary_t::hex() const {
diff --git a/src/eyetil.h b/src/eyetil.h
index 378f703..d946e71 100644
--- a/src/eyetil.h
+++ b/src/eyetil.h
@@ -17,2 +17,3 @@ class binary_t : public std::vector<unsigned char> {
        binary_t& from_data(const void *d,size_t s);
+        binary_t& make_nonce();

diff --git a/AUTHORS b/AUTHORS index 257669f..e7f9101 100644 --- a/AUTHORS +++ b/AUTHORS
@@ -9 +9,2 @@ cdavies of Eye-Fi forums for integrity digest verification algorithm.
9	See http://forums.eye.fi/viewtopic.php?f=4&t=270&p=4074#p4074	9	See http://forums.eye.fi/viewtopic.php?f=4&t=270&p=4074#p4074
		10	and session nonce verification patch


diff --git a/configure.ac b/configure.ac index 2e66fc4..515d465 100644 --- a/configure.ac +++ b/configure.ac
@@ -17,2 +17,8 @@ PKG_CHECK_MODULES([MODULES],[gsoap++ openssl libconfuse],,[
17	])	17	])
		18	PKG_CHECK_MODULES([UUID],[uuid],[have_uuid=true],[have_uuid=false])
		19	AM_CONDITIONAL([HAVE_UUID],[$have_uuid])
		20	if $have_uuid ; then
		21	AC_DEFINE([HAVE_LIBUUID],,[defined in presence of libuuid])
		22	AC_SUBST([UUID_UUID],[uuid])
		23	fi
18		24


diff --git a/src/Makefile.am b/src/Makefile.am index 09f698e..b5b7d5c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am
@@ -9,3 +9,3 @@ AM_CPPFLAGS = ${CPPFLAGS_DEBUG} \
9	DEFAULT_INCLUDES = -I${top_builddir} -I${builddir} -I${srcdir}	9	DEFAULT_INCLUDES = -I${top_builddir} -I${builddir} -I${srcdir}
10	INCLUDES = ${MODULES_CFLAGS}	10	INCLUDES = ${MODULES_CFLAGS} ${UUID_CFLAGS}
11		11
@@ -17,3 +17,3 @@ nodist_iiid_SOURCES = \
17	COPYING.cc	17	COPYING.cc
18	iiid_LDADD = ${MODULES_LIBS}	18	iiid_LDADD = ${MODULES_LIBS} ${UUID_LIBS}
19		19


diff --git a/src/eyefiservice.cc b/src/eyefiservice.cc index d233a07..1a21c02 100644 --- a/src/eyefiservice.cc +++ b/src/eyefiservice.cc
@@ -8,2 +8,3 @@
8	#include <autosprintf.h>	8	#include <autosprintf.h>
		9	#include <openssl/rand.h>
9	#include "eyekinfig.h"	10	#include "eyekinfig.h"
@@ -12,2 +13,4 @@
12		13
		14	static binary_t session_nonce;
		15
13	static bool detached_child() {	16	static bool detached_child() {
@@ -48,5 +51,4 @@ int eyefiService::StartSession(
48	r.credential = binary_t(macaddress+cnonce+eyekinfig_t(macaddress).get_upload_key()).md5().hex();	51	r.credential = binary_t(macaddress+cnonce+eyekinfig_t(macaddress).get_upload_key()).md5().hex();
49	/* TODO: better nonce generator */	52
50	time_t t = time(0);	53	r.snonce = session_nonce.make_nonce().hex();
51	r.snonce = binary_t(&t,sizeof(t)).md5().hex();
52	r.transfermode=transfermode;	54	r.transfermode=transfermode;
@@ -76,5 +78,14 @@ int eyefiService::GetPhotoStatus(
76	syslog(LOG_DEBUG,	78	syslog(LOG_DEBUG,
77	"GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s",	79	"GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s; session nonce=%s",
78	macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str() );	80	macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str(), session_nonce.hex().c_str() );
		81	#endif
		82
		83	std::string computed_credential = binary_t(macaddress+eyekinfig_t(macaddress).get_upload_key()+session_nonce.hex()).md5().hex();
		84
		85	#ifndef NDEBUG
		86	syslog(LOG_DEBUG, " computed credential=%s", computed_credential.c_str());
79	#endif	87	#endif
		88
		89	if (credential != computed_credential) throw std::runtime_error("card authentication failed");
		90
80	r.fileid = 1; r.offset = 0;	91	r.fileid = 1; r.offset = 0;


diff --git a/src/eyetil.cc b/src/eyetil.cc index fe816a6..7669cb6 100644 --- a/src/eyetil.cc +++ b/src/eyetil.cc
@@ -11,2 +11,7 @@
11		11
		12	#include "config.h"
		13	#ifdef HAVE_LIBUUID
		14	# include <uuid/uuid.h>
		15	#endif
		16
12	binary_t& binary_t::from_hex(const std::string& h) {	17	binary_t& binary_t::from_hex(const std::string& h) {
@@ -34,2 +39,14 @@ binary_t& binary_t::from_data(const void *d,size_t s) {
34		39
		40	binary_t& binary_t::make_nonce() {
		41	#ifdef HAVE_LIBUUID
		42	uuid_t uuid;
		43	uuid_generate(uuid);
		44	from_data((unsigned char*)uuid,sizeof(uuid));
		45	#else
		46	resize(16);
		47	std::generate_n(begin(),16,rand);
		48	#endif /* HAVE_LIBUUID */
		49	return *this;
		50	}
		51
35	std::string binary_t::hex() const {	52	std::string binary_t::hex() const {


diff --git a/src/eyetil.h b/src/eyetil.h index 378f703..d946e71 100644 --- a/src/eyetil.h +++ b/src/eyetil.h
@@ -17,2 +17,3 @@ class binary_t : public std::vector<unsigned char> {
17	binary_t& from_data(const void *d,size_t s);	17	binary_t& from_data(const void *d,size_t s);
		18	binary_t& make_nonce();
18		19