GitLab

at 2023-02-22T11:17:01+00:00

Bug 1817756 - Add a seed to the network ID. r=valentin,necko-reviewers

This helps to prevent linkability of users in the same network.

Differential Revision: https://phabricator.services.mozilla.com/D170373

 +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 +/* vim: set ts=8 sts=2 et sw=2 tw=80: */
 +/* This Source Code Form is subject to the terms of the Mozilla Public
 + * License, v. 2.0. If a copy of the MPL was not distributed with this
 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
 +#include "LinkServiceCommon.h"
++
 +#include "mozilla/Maybe.h"
 +#include "mozilla/SHA1.h"
 +#include "mozilla/TimeStamp.h"
 +#include "nsID.h"
++
 +using namespace mozilla;
++
 +void SeedNetworkId(SHA1Sum& aSha1) {
 +  static Maybe<nsID> seed = ([]() {
 +    Maybe<nsID> uuid(std::in_place);
 +    if (NS_FAILED(nsID::GenerateUUIDInPlace(*uuid))) {
 +      uuid.reset();
 +    }
 +    return uuid;
 +  })();
 +  if (seed) {
 +    aSha1.update(seed.ptr(), sizeof(*seed));
 +  } else {
 +    TimeStamp timestamp = TimeStamp::ProcessCreation();
 +    aSha1.update(&timestamp, sizeof(timestamp));
 +  }
 +}

 +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 +/* vim: set ts=8 sts=2 et sw=2 tw=80: */
 +/* This Source Code Form is subject to the terms of the Mozilla Public
 + * License, v. 2.0. If a copy of the MPL was not distributed with this
 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
 +#ifndef LINK_SERVICE_COMMON_H_
 +#define LINK_SERVICE_COMMON_H_
++
 +namespace mozilla {
 +class SHA1Sum;
 +}
++
 +// Add a seed to the computed network ID to prevent user linkability.
 +void SeedNetworkId(mozilla::SHA1Sum& aSha1);
++
 +#endif  // LINK_SERVICE_COMMON_H_

@@ -123,11 +123,15 @@ nsAndroidNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
  NS_IMETHODIMP
  nsAndroidNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
 +#ifdef BASE_BROWSER
 +  aNetworkID.Truncate();
 +#else
    if (!mNetlinkSvc) {
      return NS_ERROR_NOT_AVAILABLE;
+   }
    mNetlinkSvc->GetNetworkID(aNetworkID);
 +#endif
    return NS_OK;
+ }

@@ -50,11 +50,15 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
  NS_IMETHODIMP
  nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
 +#ifdef BASE_BROWSER
 +  aNetworkID.Truncate();
 +#else
    if (!mNetlinkSvc) {
      return NS_ERROR_NOT_AVAILABLE;
+   }
    mNetlinkSvc->GetNetworkID(aNetworkID);
 +#endif
    return NS_OK;
+ }

@@ -35,6 +35,7 @@
  #include "mozilla/Telemetry.h"
  #include "nsNetworkLinkService.h"
  #include "../../base/IPv6Utils.h"
 +#include "../LinkServiceCommon.h"
  #include "../NetworkLinkServiceDefines.h"
  #import <Cocoa/Cocoa.h>
@@ -122,8 +123,12 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) {
  NS_IMETHODIMP
  nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) {
 +#ifdef BASE_BROWSER
 +  aNetworkID.Truncate();
 +#else
    MutexAutoLock lock(mMutex);
    aNetworkID = mNetworkId;
 +#endif
    return NS_OK;
+ }
@@ -600,11 +605,8 @@ void nsNetworkLinkService::calculateNetworkIdInternal(void) {
    bool found6 = IPv6NetworkId(&sha1);
    if (found4 || found6) {
 -    // This 'addition' could potentially be a fixed number from the
 -    // profile or something.
 -    nsAutoCString addition("local-rubbish");
      nsAutoCString output;
 -    sha1.update(addition.get(), addition.Length());
 +    SeedNetworkId(sha1);
      uint8_t digest[SHA1Sum::kHashSize];
      sha1.finish(digest);
      nsAutoCString newString(reinterpret_cast<char*>(digest), SHA1Sum::kHashSize);

@@ -15,3 +15,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] == "android":
  elif CONFIG["OS_ARCH"] == "Linux":
      DIRS += ["linux", "netlink"]
++
 +SOURCES += [
 +    "LinkServiceCommon.cpp",
 +]
++
 +FINAL_LIBRARY = "xul"

@@ -45,6 +45,7 @@
  #include "mozilla/Base64.h"
  #include "mozilla/ScopeExit.h"
  #include "mozilla/Telemetry.h"
 +#include "../LinkServiceCommon.h"
  #include <iptypes.h>
  #include <iphlpapi.h>
@@ -104,8 +105,12 @@ nsNotifyAddrListener::GetLinkType(uint32_t* aLinkType) {
  NS_IMETHODIMP
  nsNotifyAddrListener::GetNetworkID(nsACString& aNetworkID) {
 +#ifdef BASE_BROWSER
 +  aNetworkID.Truncate();
 +#else
    MutexAutoLock lock(mMutex);
    aNetworkID = mNetworkId;
 +#endif
    return NS_OK;
+ }
@@ -248,7 +253,7 @@ void nsNotifyAddrListener::calculateNetworkId(void) {
    nsAutoCString output;
    SHA1Sum::Hash digest;
    HashSortedNetworkIds(nwGUIDS, sha1);
+-
 +  SeedNetworkId(sha1);
    sha1.finish(digest);
    nsCString newString(reinterpret_cast<char*>(digest), SHA1Sum::kHashSize);
    nsresult rv = Base64Encode(newString, output);