#include <esp_random.h>\r
#endif\r
\r
+// can be used to disable static allocation\r
#define STATIC static\r
\r
+// DEFINES\r
#define LOGIN_REQUEST_SIZE 1024\r
#define LOGIN_RESPONSE_SIZE 1024\r
#define LOGIN_URL "/_matrix/client/v3/login"\r
#define MAX(a,b) ((a) > (b) ? (a) : (b))\r
#define MIN(a,b) ((a) < (b) ? (a) : (b))\r
\r
+// Util\r
+\r
void\r
Randomize(\r
uint8_t * random,\r
return true;\r
}\r
\r
-\r
bool\r
MatrixOlmAccountInit(\r
MatrixOlmAccount * account)\r
(uint8_t *)outDecrypted, outDecryptedCap,\r
&megolmInMessageIndex);\r
\r
- printf("message index: %d\n", (int)megolmInMessageIndex);\r
- \r
if (res == olm_error()) {\r
printf("error decrypting megolm message: %s\n", olm_inbound_group_session_last_error(session->session));\r
}\r
- else {\r
- printf("decrypted len: %d\n", res);\r
- }\r
\r
return true;\r
}\r
return res != olm_error();\r
}\r
\r
-// https://spec.matrix.org/v1.7/client-server-api/#post_matrixclientv3keysupload\r
+// https://spec.matrix.org/v1.8/client-server-api/#post_matrixclientv3keysupload\r
bool\r
MatrixClientUploadOnetimeKeys(\r
MatrixClient * client)\r
olm_account_one_time_keys(client->olmAccount.account,\r
onetimeKeysBuffer, 1024);\r
\r
+ // olm_account_one_time_keys returns a json object\r
+ // find curve25519 member\r
const char *keys;\r
int keysLen;\r
mjson_find(onetimeKeysBuffer, strlen(onetimeKeysBuffer), "$.curve25519", &keys, &keysLen);\r
\r
+ // iterate over onetime keys, create key object\r
+ // sign it and append to request\r
int koff, klen, voff, vlen, vtype, off = 0;\r
while ((off = mjson_next(keys, keysLen, off, &koff, &klen, &voff, &vlen, &vtype)) != 0) {\r
STATIC char keyJson[JSON_ONETIME_KEY_SIZE];\r
keyJsonSigned);\r
}\r
\r
+ // delete last ',' since the loop always appends it\r
if (g_KeysUploadRequestBuffer[strlen(g_KeysUploadRequestBuffer)-1] == ',')\r
g_KeysUploadRequestBuffer[strlen(g_KeysUploadRequestBuffer)-1] = '\0';\r
\r
mjson_snprintf(g_KeysUploadRequestBuffer+strlen(g_KeysUploadRequestBuffer), KEYS_UPLOAD_REQUEST_SIZE-strlen(g_KeysUploadRequestBuffer),\r
"}");\r
- \r
- // STATIC char onetimeKeysSignedBuffer[KEYS_UPLOAD_REQUEST_SIGNED_SIZE];\r
- // JsonSign(client,\r
- // g_KeysUploadRequestBuffer, strlen(g_KeysUploadRequestBuffer),\r
- // onetimeKeysSignedBuffer, KEYS_UPLOAD_REQUEST_SIZE);\r
- \r
- // STATIC char finalEvent[KEYS_UPLOAD_REQUEST_SIGNED_SIZE];\r
- // snprintf(finalEvent, KEYS_UPLOAD_REQUEST_SIGNED_SIZE,\r
- // "{\"one_time_keys\":%s}", onetimeKeysSignedBuffer);\r
+\r
snprintf(g_KeysUploadRequestSignedBuffer, KEYS_UPLOAD_REQUEST_SIGNED_SIZE,\r
"{\"one_time_keys\":%s}", g_KeysUploadRequestBuffer);\r
\r
return true;\r
}\r
\r
-// https://spec.matrix.org/v1.7/client-server-api/#post_matrixclientv3keysupload\r
+// https://spec.matrix.org/v1.8/client-server-api/#post_matrixclientv3keysupload\r
bool\r
MatrixClientUploadDeviceKeys(\r
MatrixClient * client)\r
return true;\r
}\r
\r
-// https://spec.matrix.org/v1.7/client-server-api/#post_matrixclientv3keysclaim\r
+// https://spec.matrix.org/v1.8/client-server-api/#post_matrixclientv3keysclaim\r
bool\r
MatrixClientClaimOnetimeKey(\r
MatrixClient * client,\r
JsonEscape(userId, strlen(userId),\r
userIdEscaped, USER_ID_SIZE);\r
\r
+ // create the json query according to\r
+ // https://spec.matrix.org/v1.8/client-server-api/#post_matrixclientv3keysclaim\r
STATIC char query[JSON_QUERY_SIZE];\r
snprintf(query, JSON_QUERY_SIZE,\r
"$.one_time_keys.%s.%s",\r
userIdEscaped,\r
deviceId);\r
\r
+ // find the corresponding json object\r
const char * keyObject;\r
int keyObjectSize;\r
mjson_find(responseBuffer, strlen(responseBuffer),\r
query,\r
&keyObject, &keyObjectSize);\r
\r
+ // use mjson_next (which iterates over all key/value pairs) once\r
+ // because we only request one key\r
+ // (see https://github.com/cesanta/mjson#mjson_next for details)\r
int koff, klen, voff, vlen, vtype;\r
mjson_next(keyObject, keyObjectSize, 0,\r
&koff, &klen, &voff, &vlen, &vtype);\r
mjson_get_string(keyObject + voff, vlen,\r
"$.key", outOnetimeKey, outOnetimeKeyCap);\r
\r
- // TODO:verify signature\r
+ // TODO: verify signature\r
\r
return true;\r
}\r
\r
-// https://spec.matrix.org/v1.6/client-server-api/#post_matrixclientv3login\r
+// https://spec.matrix.org/v1.8/client-server-api/#post_matrixclientv3login\r
bool\r
MatrixClientLoginPassword(\r
MatrixClient * client,\r
\r
int responseLen = strlen(responseBuffer);\r
\r
+ // store variables in MatrixClient\r
mjson_get_string(responseBuffer, responseLen,\r
"$.access_token",\r
client->accessToken, ACCESS_TOKEN_SIZE);\r
return true;\r
}\r
\r
-// https://spec.matrix.org/v1.6/client-server-api/#put_matrixclientv3roomsroomidsendeventtypetxnid\r
+// https://spec.matrix.org/v1.8/client-server-api/#put_matrixclientv3roomsroomidsendeventtypetxnid\r
bool\r
MatrixClientSendEvent(\r
MatrixClient * client,\r
const char * msgBody)\r
{ \r
STATIC char requestUrl[MAX_URL_LEN];\r
- sprintf(requestUrl,\r
+ snprintf(requestUrl, MAX_URL_LEN,\r
ROOM_SEND_URL, roomId, msgType, (int)time(NULL));\r
\r
STATIC char responseBuffer[ROOM_SEND_RESPONSE_SIZE];\r
return result;\r
}\r
\r
-// https://spec.matrix.org/v1.6/client-server-api/#mroomencrypted\r
+// https://spec.matrix.org/v1.8/client-server-api/#mroomencrypted\r
// https://matrix.org/docs/guides/end-to-end-encryption-implementation-guide#sending-an-encrypted-message-event\r
bool\r
MatrixClientSendEventEncrypted(\r
{\r
// event json\r
STATIC char requestBuffer[ROOM_SEND_REQUEST_SIZE];\r
- sprintf(requestBuffer,\r
+ snprintf(requestBuffer, ROOM_SEND_REQUEST_SIZE,\r
"{"\r
"\"type\":\"%s\","\r
"\"content\":%s,"\r
g_EncryptedEventBuffer);\r
}\r
\r
+// this handles to_device events received from a sync\r
+// mainly for verification (m.key.verification.* events)\r
void\r
MatrixClientHandleEvent(\r
MatrixClient * client,\r
const char * event, int eventLen\r
) {\r
+ // get the event type\r
STATIC char eventType[128];\r
memset(eventType, 0, sizeof(eventType));\r
mjson_get_string(event, eventLen, "$.type", eventType, 128);\r
\r
+ // static variables for verification\r
+ // since verification takes multiple requests\r
+ // data is cleared when verification is finished or started\r
static char transactionId[64];\r
static char verifyFromDeviceId[DEVICE_ID_SIZE];\r
static OlmSAS * olmSas = NULL;\r
\r
+ // initial verification request, reply that we are ready to verify\r
if (strcmp(eventType, "m.key.verification.request") == 0) {\r
+ // reset static data\r
memset(transactionId, 0, 64);\r
+ memset(verifyFromDeviceId, 0, DEVICE_ID_SIZE);\r
if (olmSas != NULL)\r
free(olmSas);\r
\r
\r
OlmUtility * olmUtil = olm_utility(malloc(olm_utility_size()));\r
\r
+ // calculate commitment according to \r
+ // https://spec.matrix.org/v1.8/client-server-api/#mkeyverificationaccept\r
STATIC char publicKey[64];\r
STATIC char keyStartJsonCanonical[512];\r
STATIC char concat[512+64];\r
olm_sas_get_pubkey(olmSas,\r
publicKey,\r
64);\r
- printf("public key: %.*s\n", olm_sas_pubkey_length(olmSas), publicKey);\r
\r
const char * keyStartJson;\r
int keyStartJsonLen;\r
mjson_find(event, eventLen, "$.content", &keyStartJson, &keyStartJsonLen);\r
JsonCanonicalize(keyStartJson, keyStartJsonLen, keyStartJsonCanonical, 512);\r
\r
- printf("json:\n%.*s\ncanonical json:\n%s\n", keyStartJsonLen, keyStartJson, keyStartJsonCanonical);\r
-\r
int concatLen =\r
- snprintf(concat, 512+64, "%.*s%s", olm_sas_pubkey_length(olmSas), publicKey, keyStartJsonCanonical);\r
+ snprintf(concat, 512+64, "%.*s%s", (int)olm_sas_pubkey_length(olmSas), publicKey, keyStartJsonCanonical);\r
\r
int commitmentLen =\r
olm_sha256(olmUtil, concat, concatLen, commitment, 1024);\r
+ olm_clear_utility(olmUtil);\r
+ free(olmUtil);\r
\r
STATIC char verificationAcceptBuffer[512];\r
snprintf(verificationAcceptBuffer, 512,\r
verificationAcceptBuffer,\r
"m.key.verification.accept");\r
}\r
+ // send our sas key and calculate sas using their received key\r
else if (strcmp(eventType, "m.key.verification.key") == 0) {\r
STATIC char publicKey[128];\r
olm_sas_get_pubkey(olmSas,\r
STATIC char theirPublicKey[128];\r
int theirPublicKeyLen =\r
mjson_get_string(event, eventLen, "$.content.key", theirPublicKey, 128);\r
- \r
- printf("event: %.*s\n", eventLen, event);\r
- printf("theirPublicKey: %.*s\n", theirPublicKeyLen, theirPublicKey);\r
- printf("publicKey: %.*s\n", olm_sas_pubkey_length(olmSas), publicKey);\r
\r
olm_sas_set_their_key(olmSas, theirPublicKey, theirPublicKeyLen);\r
\r
"\"key\":\"%.*s\","\r
"\"transaction_id\":\"%s\""\r
"}",\r
- olm_sas_pubkey_length(olmSas), publicKey,\r
+ (int)olm_sas_pubkey_length(olmSas), publicKey,\r
transactionId);\r
\r
MatrixClientSendToDevice(client,\r
int b2 = sasBytes[2];\r
int b3 = sasBytes[3];\r
int b4 = sasBytes[4];\r
- \r
- printf("%d %d %d %d %d\n", b0, b1, b2, b3, b4);\r
\r
- // https://spec.matrix.org/v1.7/client-server-api/#sas-method-decimal\r
- printf("%d | %d | %d\n",\r
- (b0 << 5 | b1 >> 3) + 1000,\r
- ((b1 & 0x7) << 10 | b2 << 2 | b3 >> 6) + 1000,\r
- ((b3 & 0x3F) << 7 | b4 >> 1) + 1000);\r
+ // for now just printf SAS numbers\r
+ // https://spec.matrix.org/v1.8/client-server-api/#sas-method-decimal\r
printf("%d | %d | %d\n",\r
((b0 << 5) | (b1 >> 3)) + 1000,\r
(((b1 & 0x7) << 10) | (b2 << 2) | (b3 >> 6)) + 1000,\r
(((b3 & 0x3F) << 7) | (b4 >> 1)) + 1000);\r
}\r
+ // calculate MACs for signing key, master key and the key list\r
else if (strcmp(eventType, "m.key.verification.mac") == 0) { \r
// mac\r
STATIC char masterKey[123];\r
STATIC char key2[128];\r
STATIC char key2Mac[128];\r
\r
+ // keys have to be sorted so write keys/key IDs into key1/key2\r
+ // depending on lexicographical order\r
if (strcmp(masterKey, client->deviceId) < 0) {\r
snprintf(key1Id, 1024, "ed25519:%s", masterKey);\r
strcpy(key1, masterKey);\r
strcpy(key2, masterKey);\r
}\r
\r
+ // create key list\r
snprintf(keyList, 1024,\r
"%s,%s", key1Id, key2Id);\r
\r
+ // generate MAC info for both keys and key list\r
+ // https://spec.matrix.org/v1.8/client-server-api/#mac-calculation\r
STATIC char macInfo[1024];\r
int macInfoLen;\r
{\r
olm_sas_calculate_mac_fixed_base64(olmSas, key2, strlen(key2), macInfo, macInfoLen, key2Mac, 1024);\r
}\r
\r
+ // construct message and send\r
STATIC char verificationMacBuffer[1024];\r
snprintf(verificationMacBuffer, 1024,\r
"{"\r
verificationMacBuffer,\r
"m.key.verification.mac");\r
\r
+ // send 'done' message\r
STATIC char verificationDoneBuffer[128];\r
snprintf(verificationDoneBuffer, 128,\r
"{"\r
"m.key.verification.done");\r
\r
free(olmSas);\r
+\r
client->verified = true;\r
}\r
else if (strcmp(eventType, "m.room.encrypted") == 0) {\r
STATIC char algorithm[128];\r
mjson_get_string(event, eventLen, "$.content.algorithm", algorithm, 128);\r
\r
+ // since this only handles to_device messages algorithm should always be olm\r
if (strcmp(algorithm, "m.olm.v1.curve25519-aes-sha2") == 0) {\r
STATIC char thisDeviceKey[DEVICE_KEY_SIZE];\r
MatrixOlmAccountGetDeviceKey(&client->olmAccount, thisDeviceKey, DEVICE_KEY_SIZE);\r
\r
MatrixOlmSession * olmSession;\r
\r
- if (! MatrixClientGetOlmSession(client, client->userId, verifyFromDeviceId, &olmSession))\r
- {\r
- if (messageTypeInt == 0) {\r
- MatrixClientNewOlmSessionIn(client,\r
- client->userId,\r
- verifyFromDeviceId,\r
- g_EncryptedEventBuffer,\r
- &olmSession);\r
- }\r
- else {\r
+ // depending on message type create new incoming\r
+ // (type 0 indicates a new session so we dont check locally)\r
+ if (messageTypeInt == 0) {\r
+ MatrixClientNewOlmSessionIn(client,\r
+ client->userId,\r
+ verifyFromDeviceId,\r
+ g_EncryptedEventBuffer,\r
+ &olmSession);\r
+ }\r
+ // or new outgoing, checking for known sessions first\r
+ else {\r
+ if (! MatrixClientGetOlmSession(client, client->userId, verifyFromDeviceId, &olmSession))\r
+ {\r
MatrixClientNewOlmSessionOut(client,\r
client->userId,\r
verifyFromDeviceId,\r
}\r
else if (strcmp(eventType, "m.room_key") == 0 ||\r
strcmp(eventType, "m.forwarded_room_key") == 0) {\r
+ // store session information\r
STATIC char roomId[128];\r
STATIC char sessionId[128];\r
STATIC char sessionKey[1024];\r
mjson_get_string(event, eventLen, "$.content.room_id", roomId, 128);\r
mjson_get_string(event, eventLen, "$.content.session_id", sessionId, 128);\r
mjson_get_string(event, eventLen, "$.content.session_key", sessionKey, 1024);\r
- \r
- printf("sessionId: %s\n", sessionId);\r
- printf("sessionKey: %s\n", sessionKey);\r
\r
MatrixMegolmInSession * megolmInSession;\r
MatrixClientNewMegolmInSession(client, roomId, sessionId, sessionKey, &megolmInSession);\r
STATIC char algorithm[128];\r
mjson_get_string(event, eventLen, "$.content.algorithm", algorithm, 128);\r
\r
+ // only room specific message type is encrypted\r
+ // since this is only room messages, algorithm should always be megolm\r
if (strcmp(algorithm, "m.megolm.v1.aes-sha2") == 0) {\r
STATIC char sessionId[128];\r
int sessionIdLen =\r
MatrixClientHandleEvent(client, decrypted, strlen(decrypted));\r
}\r
else {\r
- printf("megolm session not known\n");\r
+ printf("error: megolm session not known\n");\r
}\r
}\r
}\r
MatrixClientHandleEvent(client, event, eventLen);\r
}\r
\r
+// pass the response from sync to Handle(Room)Event\r
void\r
MatrixClientHandleSync(\r
MatrixClient * client,\r
const char * s = syncBuffer;\r
int slen = syncBufferLen;\r
\r
+ // read next_batch\r
mjson_get_string(s, slen, "$.next_batch", nextBatch, nextBatchCap);\r
\r
// to_device\r
-\r
const char * events;\r
int eventsLen;\r
res =\r
mjson_find(s, slen, "$.to_device.events", &events, &eventsLen);\r
\r
+ // iterate event and pass to HandleEvent\r
if (res != MJSON_TOK_INVALID) {\r
{\r
int koff, klen, voff, vlen, vtype, off = 0;\r
}\r
\r
// rooms\r
- \r
const char * rooms;\r
int roomsLen;\r
res =\r
mjson_find(s, slen, "$.rooms.join", &rooms, &roomsLen);\r
\r
if (res != MJSON_TOK_INVALID) {\r
- {\r
+ // iterate rooms\r
int koff, klen, voff, vlen, vtype, off = 0;\r
for (off = 0; (off = mjson_next(rooms, roomsLen, off, &koff, &klen,\r
&voff, &vlen, &vtype)) != 0; ) {\r
mjson_find(v, vlen, "$.timeline.events", &events, &eventsLen);\r
\r
if (res != MJSON_TOK_INVALID) {\r
- {\r
+ // iterate messages in that room\r
int koff2, klen2, voff2, vlen2, vtype2, off2 = 0;\r
for (off2 = 0; (off2 = mjson_next(events, eventsLen, off2, &koff2, &klen2,\r
&voff2, &vlen2, &vtype2)) != 0; ) {\r
k+1, klen-2,\r
v2, vlen2);\r
}\r
- }\r
}\r
}\r
- }\r
}\r
}\r
\r
-// https://spec.matrix.org/v1.6/client-server-api/#get_matrixclientv3sync\r
+// https://spec.matrix.org/v1.8/client-server-api/#get_matrixclientv3sync\r
bool\r
MatrixClientSync(\r
MatrixClient * client,\r
\r
int index = strlen(url);\r
\r
+ // URL encode next_batch parameter since it can include ~\r
for (size_t i = 0; i < strlen(nextBatch); i++) {\r
char c = nextBatch[i];\r
\r
return result;\r
}\r
\r
-// https://spec.matrix.org/v1.7/client-server-api/#get_matrixclientv3roomsroomideventeventid\r
+// https://spec.matrix.org/v1.8/client-server-api/#get_matrixclientv3roomsroomideventeventid\r
bool\r
MatrixClientGetRoomEvent(\r
MatrixClient * client,\r
{\r
// generate room key event\r
STATIC char eventBuffer[KEY_SHARE_EVENT_LEN];\r
- sprintf(eventBuffer,\r
+ snprintf(eventBuffer, KEY_SHARE_EVENT_LEN,\r
"{"\r
"\"algorithm\":\"m.megolm.v1.aes-sha2\","\r
"\"room_id\":\"%s\","\r
return true;\r
}\r
\r
-bool\r
-MatrixClientShareMegolmOutSessionTest(\r
- MatrixClient * client,\r
- const char * userId,\r
- const char * deviceId,\r
- MatrixMegolmOutSession * session)\r
-{\r
- // generate room key event\r
- char eventBuffer[KEY_SHARE_EVENT_LEN];\r
- sprintf(eventBuffer,\r
- "{"\r
- "\"algorithm\":\"m.megolm.v1.aes-sha2\","\r
- "\"room_id\":\"%s\","\r
- "\"session_id\":\"%s\","\r
- "\"session_key\":\"%s\""\r
- "}",\r
- session->roomId,\r
- session->id,\r
- session->key\r
- );\r
-\r
- // send\r
- MatrixClientSendToDevice(client,\r
- userId,\r
- deviceId,\r
- eventBuffer,\r
- "m.room_key");\r
-\r
- return true;\r
-}\r
-\r
bool\r
MatrixClientGetMegolmOutSession(\r
MatrixClient * client,\r
return false;\r
}\r
\r
-// https://spec.matrix.org/v1.6/client-server-api/#put_matrixclientv3sendtodeviceeventtypetxnid\r
+// https://spec.matrix.org/v1.8/client-server-api/#put_matrixclientv3sendtodeviceeventtypetxnid\r
bool\r
MatrixClientSendToDevice(\r
MatrixClient * client,\r
const char * msgType)\r
{\r
STATIC char requestUrl[MAX_URL_LEN];\r
- sprintf(requestUrl,\r
+ snprintf(requestUrl, MAX_URL_LEN,\r
TODEVICE_URL, msgType, (int)time(NULL));\r
\r
snprintf(g_TodeviceEventBuffer, TODEVICE_EVENT_SIZE,\r
responseBuffer, ROOM_SEND_RESPONSE_SIZE,\r
true);\r
\r
- printf("%s\n", responseBuffer);\r
- \r
return result;\r
}\r
\r
char * outMasterKey, int outMasterKeyCap)\r
{\r
if (strlen(client->masterKey) > 0) {\r
- strncpy(outMasterKey, outMasterKeyCap, client->masterKey);\r
+ strncpy(outMasterKey, client->masterKey, outMasterKeyCap);\r
return true;\r
}\r
\r
MatrixClientRequestDeviceKeys(client);\r
\r
if (strlen(client->masterKey) > 0) {\r
- strncpy(outMasterKey, outMasterKeyCap, client->masterKey);\r
+ strncpy(outMasterKey, client->masterKey, outMasterKeyCap);\r
return true;\r
}\r
\r
return false;\r
}\r
\r
-// https://spec.matrix.org/v1.6/client-server-api/#post_matrixclientv3keysquery\r
+// https://spec.matrix.org/v1.8/client-server-api/#post_matrixclientv3keysquery\r
bool\r
MatrixClientRequestDeviceKeys(\r
MatrixClient * client)\r
{\r
if (client->numDevices >= NUM_DEVICES) {\r
- printf("Maximum number of devices reached\n");\r
+ printf("error: Maximum number of devices reached\n");\r
return false;\r
}\r
\r
+ // escape userId so we can use it in json queries\r
STATIC char userIdEscaped[USER_ID_SIZE];\r
JsonEscape(client->userId, strlen(client->userId),\r
userIdEscaped, USER_ID_SIZE);\r
\r
+ // construct and send request\r
STATIC char request[KEYS_QUERY_REQUEST_SIZE];\r
snprintf(request, KEYS_QUERY_REQUEST_SIZE,\r
"{\"device_keys\":{\"%s\":[]}}", client->userId);\r
const char * s;\r
int slen;\r
\r
+ // look for master key\r
snprintf(query, JSON_QUERY_SIZE,\r
"$.master_keys.%s.keys", userIdEscaped);\r
mjson_find(responseBuffer, strlen(responseBuffer),\r
&voff, &vlen, &vtype)) != 0; ) {\r
snprintf(client->masterKey, MASTER_KEY_SIZE,\r
"%.*s", vlen-2, s+voff+1);\r
-\r
- printf("found master key: %s\n", client->masterKey);\r
}\r
\r
+ // iterate over returned devices for that userId\r
snprintf(query, JSON_QUERY_SIZE,\r
"$.device_keys.%s", userIdEscaped);\r
\r
query, &s, &slen);\r
\r
// loop over keys\r
- \r
+ // creating a new device if possible\r
for (off = 0; (off = mjson_next(s, slen, off, &koff, &klen,\r
&voff, &vlen, &vtype)) != 0; ) {\r
const char * key = s + koff;\r
foundDevice = true;\r
\r
if (! foundDevice) {\r
- printf("new device: %s %s %s\n", d.deviceId, d.deviceKey, d.signingKey);\r
client->devices[client->numDevices] = d;\r
client->numDevices++;\r
}\r
projects / matrix_esp_thesis / blobdiff