about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorPaul Fariello <paul@fariello.eu>2019-03-06 21:23:06 +0220
committerPaul Fariello <paul@fariello.eu>2019-04-10 16:31:45 +0200
commitb0c52f84ab419918d4dd0ab1fd3f9755b3687c93 (patch)
tree7858d3ab1323a69d37b32a1408d8476270dcfb09
parent605e06411ca6d184baf19157620d0473d7c3d557 (diff)
downloadprofani-tty-b0c52f84ab419918d4dd0ab1fd3f9755b3687c93.tar.gz
Follow xep by putting gcm tag on encrypted key
Diffstat
-rw-r--r--src/omemo/crypto.c4


-rw-r--r--src/omemo/crypto.h8


-rw-r--r--src/omemo/omemo.c24


3 files changed, 23 insertions, 13 deletions
diff --git a/src/omemo/crypto.c b/src/omemo/crypto.c
index 5119443a..d959020b 100644
--- a/src/omemo/crypto.c
+++ b/src/omemo/crypto.c
@@ -261,7 +261,7 @@ out:
 }
 
 int
-aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, const unsigned char *const plaintext, size_t plaintext_len, const unsigned char *const iv, const unsigned char *const key)
+aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, unsigned char *tag, size_t *tag_len, const unsigned char *const plaintext, size_t plaintext_len, const unsigned char *const iv, const unsigned char *const key)
 {
     gcry_error_t res;
     gcry_cipher_hd_t hd;
@@ -284,7 +284,7 @@ aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, const unsig
         goto out;
     }
 
-    res = gcry_cipher_gettag(hd, ciphertext + plaintext_len, AES128_GCM_TAG_LENGTH);
+    res = gcry_cipher_gettag(hd, tag, *tag_len);
     if (res != GPG_ERR_NO_ERROR) {
         goto out;
     }
diff --git a/src/omemo/crypto.h b/src/omemo/crypto.h
index 35c5d72a..e4a0a4ad 100644
--- a/src/omemo/crypto.h
+++ b/src/omemo/crypto.h
@@ -137,10 +137,10 @@ int omemo_decrypt_func(signal_buffer **output,
     const uint8_t *ciphertext, size_t ciphertext_len,
     void *user_data);
 
-int aes128gcm_encrypt(unsigned char *ciphertext,
-    size_t *ciphertext_len, const unsigned char *const cleartext,
-    size_t cleatext_len, const unsigned char *const iv,
-    const unsigned char *const key);
+int aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len,
+    unsigned char *tag, size_t *tag_len,
+    const unsigned char *const plaintext, size_t plaintext_len,
+    const unsigned char *const iv, const unsigned char *const key);
 
 int aes128gcm_decrypt(unsigned char *plaintext,
     size_t *plaintext_len, const unsigned char *const ciphertext,
diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c
index 1b1da807..66793085 100644
--- a/src/omemo/omemo.c
+++ b/src/omemo/omemo.c
@@ -444,19 +444,27 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
     unsigned char *key;
     unsigned char *iv;
     unsigned char *ciphertext;
-    size_t ciphertext_len;
+    unsigned char *tag;
+    unsigned char *key_tag;
+    size_t ciphertext_len, tag_len;
 
-    ciphertext_len = strlen(message) + AES128_GCM_TAG_LENGTH;
+    ciphertext_len = strlen(message);
     ciphertext = malloc(ciphertext_len);
+    tag_len = AES128_GCM_TAG_LENGTH;
+    tag = gcry_malloc_secure(tag_len);
+    key_tag = gcry_malloc_secure(AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH);
 
-    key = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM);
-    iv = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM);
+    key = gcry_random_bytes_secure(AES128_GCM_KEY_LENGTH, GCRY_VERY_STRONG_RANDOM);
+    iv = gcry_random_bytes_secure(AES128_GCM_IV_LENGTH, GCRY_VERY_STRONG_RANDOM);
 
-    res = aes128gcm_encrypt(ciphertext, &ciphertext_len, (const unsigned char * const)message, strlen(message), iv, key);
+    res = aes128gcm_encrypt(ciphertext, &ciphertext_len, tag, &tag_len, (const unsigned char * const)message, strlen(message), iv, key);
     if (res != 0) {
         return FALSE;
     }
 
+    memcpy(key_tag, key, AES128_GCM_KEY_LENGTH);
+    memcpy(key_tag + AES128_GCM_KEY_LENGTH, tag, AES128_GCM_TAG_LENGTH);
+
     GList *keys = NULL;
     GList *device_ids_iter;
     for (device_ids_iter = recipient_device_id; device_ids_iter != NULL; device_ids_iter = device_ids_iter->next) {
@@ -472,7 +480,7 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
             continue;
         }
 
-        res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext);
+        res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext);
         if (res != 0) {
             continue;
         }
@@ -498,7 +506,7 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
             continue;
         }
 
-        res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext);
+        res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext);
         if (res != 0) {
             continue;
         }
@@ -520,6 +528,8 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
     free(ciphertext);
     gcry_free(key);
     gcry_free(iv);
+    gcry_free(tag);
+    gcry_free(key_tag);
 
     return TRUE;
 }

 

generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-11-28 15:47:10 +0000


 


a id='n334' href='#n334'>334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398