about summary refs log tree commit diff stats
path: root/src/omemo
diff options
context:
space:
mode:
authorPaul Fariello <paul@fariello.eu>2019-03-06 21:23:06 +0220
committerPaul Fariello <paul@fariello.eu>2019-04-10 16:31:45 +0200
commitb0c52f84ab419918d4dd0ab1fd3f9755b3687c93 (patch)
tree7858d3ab1323a69d37b32a1408d8476270dcfb09 /src/omemo
parent605e06411ca6d184baf19157620d0473d7c3d557 (diff)
downloadprofani-tty-b0c52f84ab419918d4dd0ab1fd3f9755b3687c93.tar.gz
Follow xep by putting gcm tag on encrypted key
Diffstat (limited to 'src/omemo')
-rw-r--r--src/omemo/crypto.c4
-rw-r--r--src/omemo/crypto.h8
-rw-r--r--src/omemo/omemo.c24
3 files changed, 23 insertions, 13 deletions
diff --git a/src/omemo/crypto.c b/src/omemo/crypto.c
index 5119443a..d959020b 100644
--- a/src/omemo/crypto.c
+++ b/src/omemo/crypto.c
@@ -261,7 +261,7 @@ out:
 }
 
 int
-aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, const unsigned char *const plaintext, size_t plaintext_len, const unsigned char *const iv, const unsigned char *const key)
+aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, unsigned char *tag, size_t *tag_len, const unsigned char *const plaintext, size_t plaintext_len, const unsigned char *const iv, const unsigned char *const key)
 {
     gcry_error_t res;
     gcry_cipher_hd_t hd;
@@ -284,7 +284,7 @@ aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, const unsig
         goto out;
     }
 
-    res = gcry_cipher_gettag(hd, ciphertext + plaintext_len, AES128_GCM_TAG_LENGTH);
+    res = gcry_cipher_gettag(hd, tag, *tag_len);
     if (res != GPG_ERR_NO_ERROR) {
         goto out;
     }
diff --git a/src/omemo/crypto.h b/src/omemo/crypto.h
index 35c5d72a..e4a0a4ad 100644
--- a/src/omemo/crypto.h
+++ b/src/omemo/crypto.h
@@ -137,10 +137,10 @@ int omemo_decrypt_func(signal_buffer **output,
     const uint8_t *ciphertext, size_t ciphertext_len,
     void *user_data);
 
-int aes128gcm_encrypt(unsigned char *ciphertext,
-    size_t *ciphertext_len, const unsigned char *const cleartext,
-    size_t cleatext_len, const unsigned char *const iv,
-    const unsigned char *const key);
+int aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len,
+    unsigned char *tag, size_t *tag_len,
+    const unsigned char *const plaintext, size_t plaintext_len,
+    const unsigned char *const iv, const unsigned char *const key);
 
 int aes128gcm_decrypt(unsigned char *plaintext,
     size_t *plaintext_len, const unsigned char *const ciphertext,
diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c
index 1b1da807..66793085 100644
--- a/src/omemo/omemo.c
+++ b/src/omemo/omemo.c
@@ -444,19 +444,27 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
     unsigned char *key;
     unsigned char *iv;
     unsigned char *ciphertext;
-    size_t ciphertext_len;
+    unsigned char *tag;
+    unsigned char *key_tag;
+    size_t ciphertext_len, tag_len;
 
-    ciphertext_len = strlen(message) + AES128_GCM_TAG_LENGTH;
+    ciphertext_len = strlen(message);
     ciphertext = malloc(ciphertext_len);
+    tag_len = AES128_GCM_TAG_LENGTH;
+    tag = gcry_malloc_secure(tag_len);
+    key_tag = gcry_malloc_secure(AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH);
 
-    key = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM);
-    iv = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM);
+    key = gcry_random_bytes_secure(AES128_GCM_KEY_LENGTH, GCRY_VERY_STRONG_RANDOM);
+    iv = gcry_random_bytes_secure(AES128_GCM_IV_LENGTH, GCRY_VERY_STRONG_RANDOM);
 
-    res = aes128gcm_encrypt(ciphertext, &ciphertext_len, (const unsigned char * const)message, strlen(message), iv, key);
+    res = aes128gcm_encrypt(ciphertext, &ciphertext_len, tag, &tag_len, (const unsigned char * const)message, strlen(message), iv, key);
     if (res != 0) {
         return FALSE;
     }
 
+    memcpy(key_tag, key, AES128_GCM_KEY_LENGTH);
+    memcpy(key_tag + AES128_GCM_KEY_LENGTH, tag, AES128_GCM_TAG_LENGTH);
+
     GList *keys = NULL;
     GList *device_ids_iter;
     for (device_ids_iter = recipient_device_id; device_ids_iter != NULL; device_ids_iter = device_ids_iter->next) {
@@ -472,7 +480,7 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
             continue;
         }
 
-        res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext);
+        res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext);
         if (res != 0) {
             continue;
         }
@@ -498,7 +506,7 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
             continue;
         }
 
-        res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext);
+        res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext);
         if (res != 0) {
             continue;
         }
@@ -520,6 +528,8 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
     free(ciphertext);
     gcry_free(key);
     gcry_free(iv);
+    gcry_free(tag);
+    gcry_free(key_tag);
 
     return TRUE;
 }