about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorPaul Fariello <paul@fariello.eu>2019-03-06 21:27:25 +0220
committerPaul Fariello <paul@fariello.eu>2019-04-10 16:31:45 +0200
commitda0376a6a9b83756efffed6fb24fafd72f0fc36e (patch)
tree0d9dc515158b9b5798ec357a489b89bcabfe24c9
parentb0c52f84ab419918d4dd0ab1fd3f9755b3687c93 (diff)
downloadprofani-tty-da0376a6a9b83756efffed6fb24fafd72f0fc36e.tar.gz
Check received gcm tag
Diffstat
-rw-r--r--src/omemo/crypto.c11


-rw-r--r--src/omemo/crypto.h2


-rw-r--r--src/omemo/omemo.c12


3 files changed, 18 insertions, 7 deletions
diff --git a/src/omemo/crypto.c b/src/omemo/crypto.c
index d959020b..9d64a701 100644
--- a/src/omemo/crypto.c
+++ b/src/omemo/crypto.c
@@ -295,7 +295,7 @@ out:
 }
 
 int
-aes128gcm_decrypt(unsigned char *plaintext, size_t *plaintext_len, const unsigned char *const ciphertext, size_t ciphertext_len, const unsigned char *const iv, const unsigned char *const key)
+aes128gcm_decrypt(unsigned char *plaintext, size_t *plaintext_len, const unsigned char *const ciphertext, size_t ciphertext_len, const unsigned char *const iv, const unsigned char *const key, const unsigned char *const tag)
 {
     gcry_error_t res;
     gcry_cipher_hd_t hd;
@@ -319,10 +319,11 @@ aes128gcm_decrypt(unsigned char *plaintext, size_t *plaintext_len, const unsigne
     if (res != GPG_ERR_NO_ERROR) {
         goto out;
     }
-    //res = gcry_cipher_checktag(hd, ciphertext + ciphertext_len - AES128_GCM_TAG_LENGTH, AES128_GCM_TAG_LENGTH);
-    //if (res != GPG_ERR_NO_ERROR) {
-    //    goto out;
-    //}
+
+    res = gcry_cipher_checktag(hd, tag, AES128_GCM_TAG_LENGTH);
+    if (res != GPG_ERR_NO_ERROR) {
+        goto out;
+    }
 
 out:
     gcry_cipher_close(hd);
diff --git a/src/omemo/crypto.h b/src/omemo/crypto.h
index e4a0a4ad..4b882455 100644
--- a/src/omemo/crypto.h
+++ b/src/omemo/crypto.h
@@ -145,4 +145,4 @@ int aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len,
 int aes128gcm_decrypt(unsigned char *plaintext,
     size_t *plaintext_len, const unsigned char *const ciphertext,
     size_t ciphertext_len, const unsigned char *const iv,
-    const unsigned char *const key);
+    const unsigned char *const key, const unsigned char *const tag);
diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c
index 66793085..98448a73 100644
--- a/src/omemo/omemo.c
+++ b/src/omemo/omemo.c
@@ -577,10 +577,20 @@ omemo_on_message_recv(const char *const from, uint32_t sid,
         return NULL;
     }
 
+    if (signal_buffer_len(plaintext_key) != AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH) {
+        log_error("OMEMO: invalid key length");
+        signal_buffer_free(plaintext_key);
+        return NULL;
+    }
+
     size_t plaintext_len = payload_len;
     unsigned char *plaintext = malloc(plaintext_len + 1);
-    res = aes128gcm_decrypt(plaintext, &plaintext_len, payload, payload_len, iv, signal_buffer_data(plaintext_key));
+    res = aes128gcm_decrypt(plaintext, &plaintext_len, payload, payload_len, iv,
+        signal_buffer_data(plaintext_key),
+        signal_buffer_data(plaintext_key) + AES128_GCM_KEY_LENGTH);
     if (res != 0) {
+        log_error("OMEMO: cannot decrypt message: %s", gcry_strerror(res));
+        signal_buffer_free(plaintext_key);
         free(plaintext);
         return NULL;
     }

 

generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-06-30 04:26:05 +0000