From b0c52f84ab419918d4dd0ab1fd3f9755b3687c93 Mon Sep 17 00:00:00 2001
From: Paul Fariello <paul@fariello.eu>
Date: Wed, 6 Mar 2019 21:23:06 +0220
Subject: Follow xep by putting gcm tag on encrypted key

---
 src/omemo/omemo.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

(limited to 'src/omemo/omemo.c')

diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c
index 1b1da807..66793085 100644
--- a/src/omemo/omemo.c
+++ b/src/omemo/omemo.c
@@ -444,19 +444,27 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
     unsigned char *key;
     unsigned char *iv;
     unsigned char *ciphertext;
-    size_t ciphertext_len;
+    unsigned char *tag;
+    unsigned char *key_tag;
+    size_t ciphertext_len, tag_len;
 
-    ciphertext_len = strlen(message) + AES128_GCM_TAG_LENGTH;
+    ciphertext_len = strlen(message);
     ciphertext = malloc(ciphertext_len);
+    tag_len = AES128_GCM_TAG_LENGTH;
+    tag = gcry_malloc_secure(tag_len);
+    key_tag = gcry_malloc_secure(AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH);
 
-    key = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM);
-    iv = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM);
+    key = gcry_random_bytes_secure(AES128_GCM_KEY_LENGTH, GCRY_VERY_STRONG_RANDOM);
+    iv = gcry_random_bytes_secure(AES128_GCM_IV_LENGTH, GCRY_VERY_STRONG_RANDOM);
 
-    res = aes128gcm_encrypt(ciphertext, &ciphertext_len, (const unsigned char * const)message, strlen(message), iv, key);
+    res = aes128gcm_encrypt(ciphertext, &ciphertext_len, tag, &tag_len, (const unsigned char * const)message, strlen(message), iv, key);
     if (res != 0) {
         return FALSE;
     }
 
+    memcpy(key_tag, key, AES128_GCM_KEY_LENGTH);
+    memcpy(key_tag + AES128_GCM_KEY_LENGTH, tag, AES128_GCM_TAG_LENGTH);
+
     GList *keys = NULL;
     GList *device_ids_iter;
     for (device_ids_iter = recipient_device_id; device_ids_iter != NULL; device_ids_iter = device_ids_iter->next) {
@@ -472,7 +480,7 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
             continue;
         }
 
-        res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext);
+        res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext);
         if (res != 0) {
             continue;
         }
@@ -498,7 +506,7 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
             continue;
         }
 
-        res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext);
+        res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext);
         if (res != 0) {
             continue;
         }
@@ -520,6 +528,8 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
     free(ciphertext);
     gcry_free(key);
     gcry_free(iv);
+    gcry_free(tag);
+    gcry_free(key_tag);
 
     return TRUE;
 }
-- 
cgit 1.4.1-2-gfad0