From dda75006e4e88320dfe8c4c274381aa30c6066ca Mon Sep 17 00:00:00 2001 From: Moxie Marlinspike Date: Sun, 5 Aug 2012 19:03:14 -0700 Subject: [PATCH] Remove some logging that could result in an information leak. --- .../securesms/protocol/WirePrefix.java | 61 ++++++++----------- 1 file changed, 27 insertions(+), 34 deletions(-) diff --git a/src/org/thoughtcrime/securesms/protocol/WirePrefix.java b/src/org/thoughtcrime/securesms/protocol/WirePrefix.java index ae9cd01ca..6561d1d8c 100644 --- a/src/org/thoughtcrime/securesms/protocol/WirePrefix.java +++ b/src/org/thoughtcrime/securesms/protocol/WirePrefix.java @@ -1,6 +1,6 @@ -/** +/** * Copyright (C) 2011 Whisper Systems - * + * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or @@ -10,49 +10,47 @@ * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ package org.thoughtcrime.securesms.protocol; +import org.thoughtcrime.securesms.util.Base64; + import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; -import org.thoughtcrime.securesms.util.Base64; - -import android.util.Log; - /** * Calculates prefixes that identify a message as * being part of an encrypted session. The idea was to * make calculating and identifying these prefixes somewhat * expensive, so that filtering them en-mass would come at a cost. - * + * * @author Moxie Marlinspike */ public abstract class WirePrefix { - + private static final int HASH_ITERATIONS = 1000; private static final int PREFIX_BYTES = 3; public static final int PREFIX_SIZE = 4; - + public abstract String calculatePrefix(String message); - + public static boolean isKeyExchange(String message) { return verifyPrefix("?TSK", message); } - + public static boolean isEncryptedMessage(String message) { return verifyPrefix("?TSM", message); } - + public static String calculateKeyExchangePrefix(String message) { return calculatePrefix(("?TSK" + message).getBytes(), PREFIX_BYTES); } - + public static String calculateEncryptedMesagePrefix(String message) { return calculatePrefix(("?TSM" + message).getBytes(), PREFIX_BYTES); } @@ -60,27 +58,22 @@ public abstract class WirePrefix { private static boolean verifyPrefix(String prefixType, String message) { if (message.length() <= PREFIX_SIZE) return false; - + String prefix = message.substring(0, PREFIX_SIZE); - message = message.substring(PREFIX_SIZE); - - Log.w("Prefix", "Calculating on message: " + message + "**"); - + message = message.substring(PREFIX_SIZE); + String calculatedPrefix = calculatePrefix((prefixType + message).getBytes(), PREFIX_BYTES); - + assert(calculatedPrefix.length() == PREFIX_SIZE); - - Log.w("Prefix", "Received prefix: " + prefix); - Log.w("Prefix", "Calculated prefix: " + calculatedPrefix); - - return prefix.equals(calculatedPrefix); + + return prefix.equals(calculatedPrefix); } - + private static String calculatePrefix(byte[] message, int byteCount) { try { MessageDigest md = MessageDigest.getInstance("SHA1"); byte[] runningDigest = message; - + for (int i=0;i