Don't use SHA1 for stable IDs

// FREEBIE
This commit is contained in:
Moxie Marlinspike 2017-01-19 19:06:46 -08:00
parent 9f2328457e
commit 7286fd9b06
2 changed files with 16 additions and 34 deletions

View File

@ -29,7 +29,6 @@ import android.view.View.OnClickListener;
import android.view.View.OnLongClickListener; import android.view.View.OnLongClickListener;
import android.view.ViewGroup; import android.view.ViewGroup;
import org.thoughtcrime.redphone.util.Conversions;
import org.thoughtcrime.securesms.crypto.MasterSecret; import org.thoughtcrime.securesms.crypto.MasterSecret;
import org.thoughtcrime.securesms.database.CursorRecyclerViewAdapter; import org.thoughtcrime.securesms.database.CursorRecyclerViewAdapter;
import org.thoughtcrime.securesms.database.DatabaseFactory; import org.thoughtcrime.securesms.database.DatabaseFactory;
@ -42,8 +41,6 @@ import org.thoughtcrime.securesms.util.LRUCache;
import org.thoughtcrime.securesms.util.ViewUtil; import org.thoughtcrime.securesms.util.ViewUtil;
import java.lang.ref.SoftReference; import java.lang.ref.SoftReference;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.Locale; import java.util.Locale;
@ -78,7 +75,6 @@ public class ConversationAdapter <V extends View & BindableConversationItem>
private final @NonNull Recipients recipients; private final @NonNull Recipients recipients;
private final @NonNull MmsSmsDatabase db; private final @NonNull MmsSmsDatabase db;
private final @NonNull LayoutInflater inflater; private final @NonNull LayoutInflater inflater;
private final @NonNull MessageDigest digest;
protected static class ViewHolder extends RecyclerView.ViewHolder { protected static class ViewHolder extends RecyclerView.ViewHolder {
public <V extends View & BindableConversationItem> ViewHolder(final @NonNull V itemView) { public <V extends View & BindableConversationItem> ViewHolder(final @NonNull V itemView) {
@ -100,17 +96,12 @@ public class ConversationAdapter <V extends View & BindableConversationItem>
@VisibleForTesting @VisibleForTesting
ConversationAdapter(Context context, Cursor cursor) { ConversationAdapter(Context context, Cursor cursor) {
super(context, cursor); super(context, cursor);
try { this.masterSecret = null;
this.masterSecret = null; this.locale = null;
this.locale = null; this.clickListener = null;
this.clickListener = null; this.recipients = null;
this.recipients = null; this.inflater = null;
this.inflater = null; this.db = null;
this.db = null;
this.digest = MessageDigest.getInstance("SHA1");
} catch (NoSuchAlgorithmException nsae) {
throw new AssertionError("SHA1 isn't supported!");
}
} }
public ConversationAdapter(@NonNull Context context, public ConversationAdapter(@NonNull Context context,
@ -121,19 +112,14 @@ public class ConversationAdapter <V extends View & BindableConversationItem>
@NonNull Recipients recipients) @NonNull Recipients recipients)
{ {
super(context, cursor); super(context, cursor);
try { this.masterSecret = masterSecret;
this.masterSecret = masterSecret; this.locale = locale;
this.locale = locale; this.clickListener = clickListener;
this.clickListener = clickListener; this.recipients = recipients;
this.recipients = recipients; this.inflater = LayoutInflater.from(context);
this.inflater = LayoutInflater.from(context); this.db = DatabaseFactory.getMmsSmsDatabase(context);
this.db = DatabaseFactory.getMmsSmsDatabase(context);
this.digest = MessageDigest.getInstance("SHA1");
setHasStableIds(true); setHasStableIds(true);
} catch (NoSuchAlgorithmException nsae) {
throw new AssertionError("SHA1 isn't supported!");
}
} }
@Override @Override
@ -208,9 +194,7 @@ public class ConversationAdapter <V extends View & BindableConversationItem>
@Override @Override
public long getItemId(@NonNull Cursor cursor) { public long getItemId(@NonNull Cursor cursor) {
final String unique = cursor.getString(cursor.getColumnIndexOrThrow(MmsSmsColumns.UNIQUE_ROW_ID)); return cursor.getLong(cursor.getColumnIndexOrThrow(MmsSmsColumns.UNIQUE_ROW_ID));
final byte[] bytes = digest.digest(unique.getBytes());
return Conversions.byteArrayToLong(bytes);
} }
private MessageRecord getMessageRecord(long messageId, Cursor cursor, String type) { private MessageRecord getMessageRecord(long messageId, Cursor cursor, String type) {

View File

@ -138,8 +138,7 @@ public class MmsSmsDatabase extends Database {
String[] mmsProjection = {MmsDatabase.DATE_SENT + " AS " + MmsSmsColumns.NORMALIZED_DATE_SENT, String[] mmsProjection = {MmsDatabase.DATE_SENT + " AS " + MmsSmsColumns.NORMALIZED_DATE_SENT,
MmsDatabase.DATE_RECEIVED + " AS " + MmsSmsColumns.NORMALIZED_DATE_RECEIVED, MmsDatabase.DATE_RECEIVED + " AS " + MmsSmsColumns.NORMALIZED_DATE_RECEIVED,
MmsDatabase.TABLE_NAME + "." + MmsDatabase.ID + " AS " + MmsSmsColumns.ID, MmsDatabase.TABLE_NAME + "." + MmsDatabase.ID + " AS " + MmsSmsColumns.ID,
"'MMS::' || " + MmsDatabase.TABLE_NAME + "." + MmsDatabase.ID "CAST('2' || " + MmsDatabase.TABLE_NAME + "." + MmsDatabase.ID + " || " + MmsDatabase.DATE_SENT + " AS INTEGER)"
+ " || '::' || " + MmsDatabase.DATE_SENT
+ " AS " + MmsSmsColumns.UNIQUE_ROW_ID, + " AS " + MmsSmsColumns.UNIQUE_ROW_ID,
AttachmentDatabase.TABLE_NAME + "." + AttachmentDatabase.ROW_ID + " AS " + AttachmentDatabase.ATTACHMENT_ID_ALIAS, AttachmentDatabase.TABLE_NAME + "." + AttachmentDatabase.ROW_ID + " AS " + AttachmentDatabase.ATTACHMENT_ID_ALIAS,
SmsDatabase.BODY, MmsSmsColumns.READ, MmsSmsColumns.THREAD_ID, SmsDatabase.BODY, MmsSmsColumns.READ, MmsSmsColumns.THREAD_ID,
@ -164,8 +163,7 @@ public class MmsSmsDatabase extends Database {
String[] smsProjection = {SmsDatabase.DATE_SENT + " AS " + MmsSmsColumns.NORMALIZED_DATE_SENT, String[] smsProjection = {SmsDatabase.DATE_SENT + " AS " + MmsSmsColumns.NORMALIZED_DATE_SENT,
SmsDatabase.DATE_RECEIVED + " AS " + MmsSmsColumns.NORMALIZED_DATE_RECEIVED, SmsDatabase.DATE_RECEIVED + " AS " + MmsSmsColumns.NORMALIZED_DATE_RECEIVED,
MmsSmsColumns.ID, MmsSmsColumns.ID,
"'SMS::' || " + MmsSmsColumns.ID "CAST('1' || " + MmsSmsColumns.ID + " || " + SmsDatabase.DATE_SENT + " AS INTEGER)"
+ " || '::' || " + SmsDatabase.DATE_SENT
+ " AS " + MmsSmsColumns.UNIQUE_ROW_ID, + " AS " + MmsSmsColumns.UNIQUE_ROW_ID,
"NULL AS " + AttachmentDatabase.ATTACHMENT_ID_ALIAS, "NULL AS " + AttachmentDatabase.ATTACHMENT_ID_ALIAS,
SmsDatabase.BODY, MmsSmsColumns.READ, MmsSmsColumns.THREAD_ID, SmsDatabase.BODY, MmsSmsColumns.READ, MmsSmsColumns.THREAD_ID,