mirror of
https://github.com/profanity-im/profanity.git
synced 2024-12-04 14:46:46 -05:00
Follow xep by putting gcm tag on encrypted key
This commit is contained in:
parent
605e06411c
commit
b0c52f84ab
@ -261,7 +261,7 @@ out:
|
|||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, const unsigned char *const plaintext, size_t plaintext_len, const unsigned char *const iv, const unsigned char *const key)
|
aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, unsigned char *tag, size_t *tag_len, const unsigned char *const plaintext, size_t plaintext_len, const unsigned char *const iv, const unsigned char *const key)
|
||||||
{
|
{
|
||||||
gcry_error_t res;
|
gcry_error_t res;
|
||||||
gcry_cipher_hd_t hd;
|
gcry_cipher_hd_t hd;
|
||||||
@ -284,7 +284,7 @@ aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len, const unsig
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
res = gcry_cipher_gettag(hd, ciphertext + plaintext_len, AES128_GCM_TAG_LENGTH);
|
res = gcry_cipher_gettag(hd, tag, *tag_len);
|
||||||
if (res != GPG_ERR_NO_ERROR) {
|
if (res != GPG_ERR_NO_ERROR) {
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -137,10 +137,10 @@ int omemo_decrypt_func(signal_buffer **output,
|
|||||||
const uint8_t *ciphertext, size_t ciphertext_len,
|
const uint8_t *ciphertext, size_t ciphertext_len,
|
||||||
void *user_data);
|
void *user_data);
|
||||||
|
|
||||||
int aes128gcm_encrypt(unsigned char *ciphertext,
|
int aes128gcm_encrypt(unsigned char *ciphertext, size_t *ciphertext_len,
|
||||||
size_t *ciphertext_len, const unsigned char *const cleartext,
|
unsigned char *tag, size_t *tag_len,
|
||||||
size_t cleatext_len, const unsigned char *const iv,
|
const unsigned char *const plaintext, size_t plaintext_len,
|
||||||
const unsigned char *const key);
|
const unsigned char *const iv, const unsigned char *const key);
|
||||||
|
|
||||||
int aes128gcm_decrypt(unsigned char *plaintext,
|
int aes128gcm_decrypt(unsigned char *plaintext,
|
||||||
size_t *plaintext_len, const unsigned char *const ciphertext,
|
size_t *plaintext_len, const unsigned char *const ciphertext,
|
||||||
|
@ -444,19 +444,27 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
|
|||||||
unsigned char *key;
|
unsigned char *key;
|
||||||
unsigned char *iv;
|
unsigned char *iv;
|
||||||
unsigned char *ciphertext;
|
unsigned char *ciphertext;
|
||||||
size_t ciphertext_len;
|
unsigned char *tag;
|
||||||
|
unsigned char *key_tag;
|
||||||
|
size_t ciphertext_len, tag_len;
|
||||||
|
|
||||||
ciphertext_len = strlen(message) + AES128_GCM_TAG_LENGTH;
|
ciphertext_len = strlen(message);
|
||||||
ciphertext = malloc(ciphertext_len);
|
ciphertext = malloc(ciphertext_len);
|
||||||
|
tag_len = AES128_GCM_TAG_LENGTH;
|
||||||
|
tag = gcry_malloc_secure(tag_len);
|
||||||
|
key_tag = gcry_malloc_secure(AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH);
|
||||||
|
|
||||||
key = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM);
|
key = gcry_random_bytes_secure(AES128_GCM_KEY_LENGTH, GCRY_VERY_STRONG_RANDOM);
|
||||||
iv = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM);
|
iv = gcry_random_bytes_secure(AES128_GCM_IV_LENGTH, GCRY_VERY_STRONG_RANDOM);
|
||||||
|
|
||||||
res = aes128gcm_encrypt(ciphertext, &ciphertext_len, (const unsigned char * const)message, strlen(message), iv, key);
|
res = aes128gcm_encrypt(ciphertext, &ciphertext_len, tag, &tag_len, (const unsigned char * const)message, strlen(message), iv, key);
|
||||||
if (res != 0) {
|
if (res != 0) {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
memcpy(key_tag, key, AES128_GCM_KEY_LENGTH);
|
||||||
|
memcpy(key_tag + AES128_GCM_KEY_LENGTH, tag, AES128_GCM_TAG_LENGTH);
|
||||||
|
|
||||||
GList *keys = NULL;
|
GList *keys = NULL;
|
||||||
GList *device_ids_iter;
|
GList *device_ids_iter;
|
||||||
for (device_ids_iter = recipient_device_id; device_ids_iter != NULL; device_ids_iter = device_ids_iter->next) {
|
for (device_ids_iter = recipient_device_id; device_ids_iter != NULL; device_ids_iter = device_ids_iter->next) {
|
||||||
@ -472,7 +480,7 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext);
|
res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext);
|
||||||
if (res != 0) {
|
if (res != 0) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -498,7 +506,7 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
res = session_cipher_encrypt(cipher, key, AES128_GCM_KEY_LENGTH, &ciphertext);
|
res = session_cipher_encrypt(cipher, key_tag, AES128_GCM_KEY_LENGTH + AES128_GCM_TAG_LENGTH, &ciphertext);
|
||||||
if (res != 0) {
|
if (res != 0) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -520,6 +528,8 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
|
|||||||
free(ciphertext);
|
free(ciphertext);
|
||||||
gcry_free(key);
|
gcry_free(key);
|
||||||
gcry_free(iv);
|
gcry_free(iv);
|
||||||
|
gcry_free(tag);
|
||||||
|
gcry_free(key_tag);
|
||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user