diff --git a/src/omemo/crypto.c b/src/omemo/crypto.c index d959020b..9d64a701 100644 --- a/src/omemo/crypto.c +++ b/src/omemo/crypto.c @@ -295,7 +295,7 @@ out: } int -aes128gcm_decrypt(unsigned char *plaintext, size_t *plaintext_len, const unsigned char *const ciphertext, size_t ciphertext_len, const unsigned char *const iv, const unsigned char *const key) +aes128gcm_decrypt(unsigned char *plaintext, size_t *plaintext_len, const unsigned char *const ciphertext, size_t ciphertext_len, const unsigned char *const iv, const unsigned char *const key, const unsigned char *const tag) { gcry_error_t res; gcry_cipher_hd_t hd; @@ -319,10 +319,11 @@ aes128gcm_decrypt(unsigned char *plaintext, size_t *plaintext_len, const unsigne if (res != GPG_ERR_NO_ERROR) { goto out; } - //res = gcry_cipher_checktag(hd, ciphertext + ciphertext_len - AES128_GCM_TAG_LENGTH, AES128_GCM_TAG_LENGTH); - //if (res != GPG_ERR_NO_ERROR) { - // goto out; - //} + + res = gcry_cipher_checktag(hd, tag, AES128_GCM_TAG_LENGTH); + if (res != GPG_ERR_NO_ERROR) { + goto out; + } out: gcry_cipher_close(hd); diff --git a/src/omemo/crypto.h b/src/omemo/crypto.h index e4a0a4ad..4b882455 100644 --- a/src/omemo/crypto.h +++ b/src/omemo/crypto.h @@ -145,4 +145,4 @@ int aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, int aes128gcm_decrypt(unsigned char *plaintext, size_t *plaintext_len, const unsigned char *const ciphertext, size_t ciphertext_len, const unsigned char *const iv, - const unsigned char *const key); + const unsigned char *const key, const unsigned char *const tag); diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c index 66793085..98448a73 100644 --- a/src/omemo/omemo.c +++ b/src/omemo/omemo.c @@ -577,10 +577,20 @@ omemo_on_message_recv(const char *const from, uint32_t sid, return NULL; } + if (signal_buffer_len(plaintext_key) != AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH) { + log_error("OMEMO: invalid key length"); + signal_buffer_free(plaintext_key); + return NULL; + } + size_t plaintext_len = payload_len; unsigned char *plaintext = malloc(plaintext_len + 1); - res = aes128gcm_decrypt(plaintext, &plaintext_len, payload, payload_len, iv, signal_buffer_data(plaintext_key)); + res = aes128gcm_decrypt(plaintext, &plaintext_len, payload, payload_len, iv, + signal_buffer_data(plaintext_key), + signal_buffer_data(plaintext_key) + AES128_GCM_KEY_LENGTH); if (res != 0) { + log_error("OMEMO: cannot decrypt message: %s", gcry_strerror(res)); + signal_buffer_free(plaintext_key); free(plaintext); return NULL; }