From b0c52f84ab419918d4dd0ab1fd3f9755b3687c93 Mon Sep 17 00:00:00 2001 From: Paul Fariello Date: Wed, 6 Mar 2019 21:23:06 +0220 Subject: Follow xep by putting gcm tag on encrypted key --- src/omemo/crypto.c | 4 ++-- src/omemo/crypto.h | 8 ++++---- src/omemo/omemo.c | 24 +++++++++++++++++------- 3 files changed, 23 insertions(+), 13 deletions(-) (limited to 'src/omemo') diff --git a/src/omemo/crypto.c b/src/omemo/crypto.c index 5119443a..d959020b 100644 --- a/src/omemo/crypto.c +++ b/src/omemo/crypto.c @@ -261,7 +261,7 @@ out: } int -aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, const unsigned char *const plaintext, size_t plaintext_len, const unsigned char *const iv, const unsigned char *const key) +aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, unsigned char *tag, size_t *tag_len, const unsigned char *const plaintext, size_t plaintext_len, const unsigned char *const iv, const unsigned char *const key) { gcry_error_t res; gcry_cipher_hd_t hd; @@ -284,7 +284,7 @@ aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, const unsig goto out; } - res = gcry_cipher_gettag(hd, ciphertext + plaintext_len, AES128_GCM_TAG_LENGTH); + res = gcry_cipher_gettag(hd, tag, *tag_len); if (res != GPG_ERR_NO_ERROR) { goto out; } diff --git a/src/omemo/crypto.h b/src/omemo/crypto.h index 35c5d72a..e4a0a4ad 100644 --- a/src/omemo/crypto.h +++ b/src/omemo/crypto.h @@ -137,10 +137,10 @@ int omemo_decrypt_func(signal_buffer **output, const uint8_t *ciphertext, size_t ciphertext_len, void *user_data); -int aes128gcm_encrypt(unsigned char *ciphertext, - size_t *ciphertext_len, const unsigned char *const cleartext, - size_t cleatext_len, const unsigned char *const iv, - const unsigned char *const key); +int aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, + unsigned char *tag, size_t *tag_len, + const unsigned char *const plaintext, size_t plaintext_len, + const unsigned char *const iv, const unsigned char *const key); int aes128gcm_decrypt(unsigned char *plaintext, size_t *plaintext_len, const unsigned char *const ciphertext, diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c index 1b1da807..66793085 100644 --- a/src/omemo/omemo.c +++ b/src/omemo/omemo.c @@ -444,19 +444,27 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean unsigned char *key; unsigned char *iv; unsigned char *ciphertext; - size_t ciphertext_len; + unsigned char *tag; + unsigned char *key_tag; + size_t ciphertext_len, tag_len; - ciphertext_len = strlen(message) + AES128_GCM_TAG_LENGTH; + ciphertext_len = strlen(message); ciphertext = malloc(ciphertext_len); + tag_len = AES128_GCM_TAG_LENGTH; + tag = gcry_malloc_secure(tag_len); + key_tag = gcry_malloc_secure(AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH); - key = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM); - iv = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM); + key = gcry_random_bytes_secure(AES128_GCM_KEY_LENGTH, GCRY_VERY_STRONG_RANDOM); + iv = gcry_random_bytes_secure(AES128_GCM_IV_LENGTH, GCRY_VERY_STRONG_RANDOM); - res = aes128gcm_encrypt(ciphertext, &ciphertext_len, (const unsigned char * const)message, strlen(message), iv, key); + res = aes128gcm_encrypt(ciphertext, &ciphertext_len, tag, &tag_len, (const unsigned char * const)message, strlen(message), iv, key); if (res != 0) { return FALSE; } + memcpy(key_tag, key, AES128_GCM_KEY_LENGTH); + memcpy(key_tag + AES128_GCM_KEY_LENGTH, tag, AES128_GCM_TAG_LENGTH); + GList *keys = NULL; GList *device_ids_iter; for (device_ids_iter = recipient_device_id; device_ids_iter != NULL; device_ids_iter = device_ids_iter->next) { @@ -472,7 +480,7 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean continue; } - res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext); + res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext); if (res != 0) { continue; } @@ -498,7 +506,7 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean continue; } - res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext); + res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext); if (res != 0) { continue; } @@ -520,6 +528,8 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean free(ciphertext); gcry_free(key); gcry_free(iv); + gcry_free(tag); + gcry_free(key_tag); return TRUE; } -- cgit 1.4.1-2-gfad0