From 95c939a2a06a6098199f6fad208d355bc93ef402 Mon Sep 17 00:00:00 2001 From: Jonathan Warren Date: Fri, 20 Feb 2015 21:03:20 -0500 Subject: [PATCH] Fix #748 - Check hash of sig instead of message contents --- src/class_objectProcessor.py | 46 +++++++++++++++++++----------------- src/class_singleWorker.py | 3 ++- src/class_sqlThread.py | 20 +++++++++++++--- src/helper_inbox.py | 6 ++--- 4 files changed, 46 insertions(+), 29 deletions(-) diff --git a/src/class_objectProcessor.py b/src/class_objectProcessor.py index 7a126f4a..6cb55c25 100644 --- a/src/class_objectProcessor.py +++ b/src/class_objectProcessor.py @@ -427,6 +427,7 @@ class objectProcessor(threading.Thread): logger.debug('As a matter of intellectual curiosity, here is the Bitcoin address associated with the keys owned by the other person: %s ..and here is the testnet address: %s. The other person must take their private signing key from Bitmessage and import it into Bitcoin (or a service like Blockchain.info) for it to be of any use. Do not use this unless you know what you are doing.' % (helper_bitcoin.calculateBitcoinAddressFromPubkey(pubSigningKey), helper_bitcoin.calculateTestnetAddressFromPubkey(pubSigningKey)) ) + sigHash = hashlib.sha512(hashlib.sha512(signature).digest()).digest()[32:] # Used to detect and ignore duplicate messages in our inbox # calculate the fromRipe. sha = hashlib.new('sha512') @@ -503,13 +504,13 @@ class objectProcessor(threading.Thread): body = 'Unknown encoding type.\n\n' + repr(message) subject = '' # Let us make sure that we haven't already received this message - if helper_inbox.isMessageAlreadyInInbox(toAddress, fromAddress, subject, body, messageEncodingType): + if helper_inbox.isMessageAlreadyInInbox(sigHash): logger.info('This msg is already in our inbox. Ignoring it.') blockMessage = True if not blockMessage: if messageEncodingType != 0: t = (inventoryHash, toAddress, fromAddress, subject, int( - time.time()), body, 'inbox', messageEncodingType, 0) + time.time()), body, 'inbox', messageEncodingType, 0, sigHash) helper_inbox.insert(t) shared.UISignalQueue.put(('displayNewInboxMessage', ( @@ -701,6 +702,7 @@ class objectProcessor(threading.Thread): logger.debug('ECDSA verify failed') return logger.debug('ECDSA verify passed') + sigHash = hashlib.sha512(hashlib.sha512(signature).digest()).digest()[32:] # Used to detect and ignore duplicate messages in our inbox fromAddress = encodeAddress( sendersAddressVersion, sendersStream, calculatedRipe) @@ -735,33 +737,33 @@ class objectProcessor(threading.Thread): subject = '' elif messageEncodingType == 0: logger.info('messageEncodingType == 0. Doing nothing with the message.') + return else: body = 'Unknown encoding type.\n\n' + repr(message) subject = '' toAddress = '[Broadcast subscribers]' - if messageEncodingType != 0: - if helper_inbox.isMessageAlreadyInInbox(toAddress, fromAddress, subject, body, messageEncodingType): - logger.info('This broadcast is already in our inbox. Ignoring it.') - else: - t = (inventoryHash, toAddress, fromAddress, subject, int( - time.time()), body, 'inbox', messageEncodingType, 0) - helper_inbox.insert(t) + if helper_inbox.isMessageAlreadyInInbox(sigHash): + logger.info('This broadcast is already in our inbox. Ignoring it.') + return + t = (inventoryHash, toAddress, fromAddress, subject, int( + time.time()), body, 'inbox', messageEncodingType, 0, sigHash) + helper_inbox.insert(t) - shared.UISignalQueue.put(('displayNewInboxMessage', ( - inventoryHash, toAddress, fromAddress, subject, body))) + shared.UISignalQueue.put(('displayNewInboxMessage', ( + inventoryHash, toAddress, fromAddress, subject, body))) - # If we are behaving as an API then we might need to run an - # outside command to let some program know that a new message - # has arrived. - if shared.safeConfigGetBoolean('bitmessagesettings', 'apienabled'): - try: - apiNotifyPath = shared.config.get( - 'bitmessagesettings', 'apinotifypath') - except: - apiNotifyPath = '' - if apiNotifyPath != '': - call([apiNotifyPath, "newBroadcast"]) + # If we are behaving as an API then we might need to run an + # outside command to let some program know that a new message + # has arrived. + if shared.safeConfigGetBoolean('bitmessagesettings', 'apienabled'): + try: + apiNotifyPath = shared.config.get( + 'bitmessagesettings', 'apinotifypath') + except: + apiNotifyPath = '' + if apiNotifyPath != '': + call([apiNotifyPath, "newBroadcast"]) # Display timing data logger.info('Time spent processing this interesting broadcast: %s' % (time.time() - messageProcessingStartTime,)) diff --git a/src/class_singleWorker.py b/src/class_singleWorker.py index 84f0403c..feda7638 100644 --- a/src/class_singleWorker.py +++ b/src/class_singleWorker.py @@ -821,8 +821,9 @@ class singleWorker(threading.Thread): # If we are sending to ourselves or a chan, let's put the message in # our own inbox. if shared.config.has_section(toaddress): + sigHash = hashlib.sha512(hashlib.sha512(signature).digest()).digest()[32:] # Used to detect and ignore duplicate messages in our inbox t = (inventoryHash, toaddress, fromaddress, subject, int( - time.time()), message, 'inbox', 2, 0) + time.time()), message, 'inbox', 2, 0, sigHash) helper_inbox.insert(t) shared.UISignalQueue.put(('displayNewInboxMessage', ( diff --git a/src/class_sqlThread.py b/src/class_sqlThread.py index 4eadc6f0..d4c69b59 100644 --- a/src/class_sqlThread.py +++ b/src/class_sqlThread.py @@ -28,7 +28,7 @@ class sqlThread(threading.Thread): try: self.cur.execute( - '''CREATE TABLE inbox (msgid blob, toaddress text, fromaddress text, subject text, received text, message text, folder text, encodingtype int, read bool, UNIQUE(msgid) ON CONFLICT REPLACE)''' ) + '''CREATE TABLE inbox (msgid blob, toaddress text, fromaddress text, subject text, received text, message text, folder text, encodingtype int, read bool, sighash blob, UNIQUE(msgid) ON CONFLICT REPLACE)''' ) self.cur.execute( '''CREATE TABLE sent (msgid blob, toaddress text, toripe blob, fromaddress text, subject text, message text, ackdata blob, lastactiontime integer, status text, pubkeyretrynumber integer, msgretrynumber integer, folder text, encodingtype int)''' ) self.cur.execute( @@ -61,7 +61,7 @@ class sqlThread(threading.Thread): '''INSERT INTO subscriptions VALUES('Bitmessage new releases/announcements','BM-GtovgYdgs7qXPkoYaRgrLFuFKz1SFpsw',1)''') self.cur.execute( '''CREATE TABLE settings (key blob, value blob, UNIQUE(key) ON CONFLICT REPLACE)''' ) - self.cur.execute( '''INSERT INTO settings VALUES('version','8')''') + self.cur.execute( '''INSERT INTO settings VALUES('version','9')''') self.cur.execute( '''INSERT INTO settings VALUES('lastvacuumtime',?)''', ( int(time.time()),)) self.cur.execute( @@ -360,7 +360,21 @@ class sqlThread(threading.Thread): parameters = (8,) self.cur.execute(query, parameters) logger.debug('Finished clearing currently held pubkeys.') - + + # Add a new column to the inbox table to store the hash of the message signature. + # We'll use this as temporary message UUID in order to detect duplicates. + item = '''SELECT value FROM settings WHERE key='version';''' + parameters = '' + self.cur.execute(item, parameters) + currentVersion = int(self.cur.fetchall()[0][0]) + if currentVersion == 8: + logger.debug('In messages.dat database, adding sighash field to the inbox table.') + item = '''ALTER TABLE inbox ADD sighash blob DEFAULT '' ''' + parameters = '' + self.cur.execute(item, parameters) + item = '''update settings set value=? WHERE key='version';''' + parameters = (9,) + self.cur.execute(item, parameters) # Are you hoping to add a new option to the keys.dat file of existing # Bitmessage users or modify the SQLite database? Add it right above this line! diff --git a/src/helper_inbox.py b/src/helper_inbox.py index 04ca1d0c..09c7edbc 100644 --- a/src/helper_inbox.py +++ b/src/helper_inbox.py @@ -2,14 +2,14 @@ from helper_sql import * import shared def insert(t): - sqlExecute('''INSERT INTO inbox VALUES (?,?,?,?,?,?,?,?,?)''', *t) + sqlExecute('''INSERT INTO inbox VALUES (?,?,?,?,?,?,?,?,?,?)''', *t) shared.UISignalQueue.put(('changedInboxUnread', None)) def trash(msgid): sqlExecute('''UPDATE inbox SET folder='trash' WHERE msgid=?''', msgid) shared.UISignalQueue.put(('removeInboxRowByMsgid',msgid)) -def isMessageAlreadyInInbox(toAddress, fromAddress, subject, body, encodingType): +def isMessageAlreadyInInbox(sigHash): queryReturn = sqlQuery( - '''SELECT COUNT(*) FROM inbox WHERE toaddress=? AND fromaddress=? AND subject=? AND message=? AND encodingtype=? ''', toAddress, fromAddress, subject, body, encodingType) + '''SELECT COUNT(*) FROM inbox WHERE sighash=?''', sigHash) return queryReturn[0][0] != 0 \ No newline at end of file