From 628043b228daf50d0c6774cdcd4ea7e2b1fd42dd Mon Sep 17 00:00:00 2001
From: Zack Scholl <zack.scholl@gmail.com>
Date: Fri, 16 Apr 2021 08:13:43 -0700
Subject: [PATCH] fix: do not use part of secret as room name

---
 src/croc/croc.go        |  8 ++++----
 src/utils/utils.go      | 17 ++++++++++++++++-
 src/utils/utils_test.go |  1 +
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/croc/croc.go b/src/croc/croc.go
index 88013923..36e5d56e 100644
--- a/src/croc/croc.go
+++ b/src/croc/croc.go
@@ -157,7 +157,7 @@ func New(ops Options) (c *Client, err error) {
 	Debug(c.Options.Debug)
 	log.Debugf("options: %+v", c.Options)
 
-	if len(c.Options.SharedSecret) < 4 {
+	if len(c.Options.SharedSecret) < 6 {
 		err = fmt.Errorf("code is too short")
 		return
 	}
@@ -166,9 +166,9 @@ func New(ops Options) (c *Client, err error) {
 
 	// initialize pake
 	if c.Options.IsSender {
-		c.Pake, err = pake.Init([]byte(c.Options.SharedSecret), 1, siec.SIEC255(), 1*time.Microsecond)
+		c.Pake, err = pake.Init([]byte(c.Options.SharedSecret[5:]), 1, siec.SIEC255(), 1*time.Microsecond)
 	} else {
-		c.Pake, err = pake.Init([]byte(c.Options.SharedSecret), 0, siec.SIEC255(), 1*time.Microsecond)
+		c.Pake, err = pake.Init([]byte(c.Options.SharedSecret[5:]), 0, siec.SIEC255(), 1*time.Microsecond)
 	}
 	if err != nil {
 		return
@@ -872,7 +872,7 @@ func (c *Client) procesMessagePake(m message.Message) (err error) {
 				c.conn[j+1], _, _, err = tcp.ConnectToTCPServer(
 					server,
 					c.Options.RelayPassword,
-					fmt.Sprintf("%s-%d", utils.SHA256(c.Options.SharedSecret)[:7], j),
+					fmt.Sprintf("%s-%d", utils.SHA256(c.Options.SharedSecret[:5])[:6], j),
 				)
 				if err != nil {
 					panic(err)
diff --git a/src/utils/utils.go b/src/utils/utils.go
index d54e4229..f7b2e243 100644
--- a/src/utils/utils.go
+++ b/src/utils/utils.go
@@ -12,6 +12,7 @@ import (
 	"io/ioutil"
 	"log"
 	"math"
+	"math/big"
 	"net"
 	"net/http"
 	"os"
@@ -140,13 +141,27 @@ func LocalIP() string {
 	return localAddr.IP.String()
 }
 
+func GenerateRandomPin() string {
+	s := ""
+	max := new(big.Int)
+	max.SetInt64(9)
+	for i := 0; i < 4; i++ {
+		v, err := rand.Int(rand.Reader, max)
+		if err != nil {
+			panic(err)
+		}
+		s += fmt.Sprintf("%d", v)
+	}
+	return s
+}
+
 // GetRandomName returns mnemoicoded random name
 func GetRandomName() string {
 	var result []string
 	bs := make([]byte, 4)
 	rand.Read(bs)
 	result = mnemonicode.EncodeWordList(result, bs)
-	return strings.Join(result, "-")
+	return GenerateRandomPin() + "-" + strings.Join(result, "-")
 }
 
 // ByteCountDecimal converts bytes to human readable byte string
diff --git a/src/utils/utils_test.go b/src/utils/utils_test.go
index 8e3acaa1..c1334770 100644
--- a/src/utils/utils_test.go
+++ b/src/utils/utils_test.go
@@ -184,6 +184,7 @@ func TestLocalIP(t *testing.T) {
 
 func TestGetRandomName(t *testing.T) {
 	name := GetRandomName()
+	fmt.Println(name)
 	assert.NotEmpty(t, name)
 }