aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuillaume Ballet <gballet@gmail.com>2017-12-11 19:32:58 +0800
committerFelix Lange <fjl@users.noreply.github.com>2017-12-11 19:32:58 +0800
commite7610eadfee686d7d979e8d23d0b903a78288a13 (patch)
treebad08f078627607d2293edc31ba53e3e061c0575
parent732f5468d33ae184dfa518fb75b9da87efeee940 (diff)
downloaddexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar
dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.gz
dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.bz2
dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.lz
dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.xz
dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.zst
dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.zip
whisper: sym encryption message padding includes salt (#15631)
Now that the AES salt has been moved to the payload, padding must be adjusted to hide it, lest an attacker guesses that the packet uses symmetric encryption.
-rw-r--r--whisper/whisperv6/message.go4
-rw-r--r--whisper/whisperv6/message_test.go56
2 files changed, 60 insertions, 0 deletions
diff --git a/whisper/whisperv6/message.go b/whisper/whisperv6/message.go
index 63bcdd85e..f8df50336 100644
--- a/whisper/whisperv6/message.go
+++ b/whisper/whisperv6/message.go
@@ -124,6 +124,10 @@ func (msg *sentMessage) appendPadding(params *MessageParams) error {
if params.Src != nil {
rawSize += signatureLength
}
+
+ if params.KeySym != nil {
+ rawSize += AESNonceLength
+ }
odd := rawSize % padSizeLimit
if len(params.Padding) != 0 {
diff --git a/whisper/whisperv6/message_test.go b/whisper/whisperv6/message_test.go
index 281a852d6..c90bcc01e 100644
--- a/whisper/whisperv6/message_test.go
+++ b/whisper/whisperv6/message_test.go
@@ -416,3 +416,59 @@ func TestPadding(t *testing.T) {
singlePaddingTest(t, n)
}
}
+
+func TestPaddingAppendedToSymMessages(t *testing.T) {
+ params := &MessageParams{
+ Payload: make([]byte, 246),
+ KeySym: make([]byte, aesKeyLength),
+ }
+
+ // Simulate a message with a payload just under 256 so that
+ // payload + flag + aesnonce > 256. Check that the result
+ // is padded on the next 256 boundary.
+ msg := sentMessage{}
+ msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength)
+
+ err := msg.appendPadding(params)
+
+ if err != nil {
+ t.Fatalf("Error appending padding to message %v", err)
+ return
+ }
+
+ if len(msg.Raw) != 512 {
+ t.Errorf("Invalid size %d != 512", len(msg.Raw))
+ }
+}
+
+func TestPaddingAppendedToSymMessagesWithSignature(t *testing.T) {
+ params := &MessageParams{
+ Payload: make([]byte, 246),
+ KeySym: make([]byte, aesKeyLength),
+ }
+
+ pSrc, err := crypto.GenerateKey()
+
+ if err != nil {
+ t.Fatalf("Error creating the signature key %v", err)
+ return
+ }
+ params.Src = pSrc
+
+ // Simulate a message with a payload just under 256 so that
+ // payload + flag + aesnonce > 256. Check that the result
+ // is padded on the next 256 boundary.
+ msg := sentMessage{}
+ msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength+signatureLength)
+
+ err = msg.appendPadding(params)
+
+ if err != nil {
+ t.Fatalf("Error appending padding to message %v", err)
+ return
+ }
+
+ if len(msg.Raw) != 512 {
+ t.Errorf("Invalid size %d != 512", len(msg.Raw))
+ }
+}