diff options
author | Guillaume Ballet <gballet@gmail.com> | 2017-12-11 19:32:58 +0800 |
---|---|---|
committer | Felix Lange <fjl@users.noreply.github.com> | 2017-12-11 19:32:58 +0800 |
commit | e7610eadfee686d7d979e8d23d0b903a78288a13 (patch) | |
tree | bad08f078627607d2293edc31ba53e3e061c0575 | |
parent | 732f5468d33ae184dfa518fb75b9da87efeee940 (diff) | |
download | dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.gz dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.bz2 dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.lz dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.xz dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.zst dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.zip |
whisper: sym encryption message padding includes salt (#15631)
Now that the AES salt has been moved to the payload, padding must
be adjusted to hide it, lest an attacker guesses that the packet
uses symmetric encryption.
-rw-r--r-- | whisper/whisperv6/message.go | 4 | ||||
-rw-r--r-- | whisper/whisperv6/message_test.go | 56 |
2 files changed, 60 insertions, 0 deletions
diff --git a/whisper/whisperv6/message.go b/whisper/whisperv6/message.go index 63bcdd85e..f8df50336 100644 --- a/whisper/whisperv6/message.go +++ b/whisper/whisperv6/message.go @@ -124,6 +124,10 @@ func (msg *sentMessage) appendPadding(params *MessageParams) error { if params.Src != nil { rawSize += signatureLength } + + if params.KeySym != nil { + rawSize += AESNonceLength + } odd := rawSize % padSizeLimit if len(params.Padding) != 0 { diff --git a/whisper/whisperv6/message_test.go b/whisper/whisperv6/message_test.go index 281a852d6..c90bcc01e 100644 --- a/whisper/whisperv6/message_test.go +++ b/whisper/whisperv6/message_test.go @@ -416,3 +416,59 @@ func TestPadding(t *testing.T) { singlePaddingTest(t, n) } } + +func TestPaddingAppendedToSymMessages(t *testing.T) { + params := &MessageParams{ + Payload: make([]byte, 246), + KeySym: make([]byte, aesKeyLength), + } + + // Simulate a message with a payload just under 256 so that + // payload + flag + aesnonce > 256. Check that the result + // is padded on the next 256 boundary. + msg := sentMessage{} + msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength) + + err := msg.appendPadding(params) + + if err != nil { + t.Fatalf("Error appending padding to message %v", err) + return + } + + if len(msg.Raw) != 512 { + t.Errorf("Invalid size %d != 512", len(msg.Raw)) + } +} + +func TestPaddingAppendedToSymMessagesWithSignature(t *testing.T) { + params := &MessageParams{ + Payload: make([]byte, 246), + KeySym: make([]byte, aesKeyLength), + } + + pSrc, err := crypto.GenerateKey() + + if err != nil { + t.Fatalf("Error creating the signature key %v", err) + return + } + params.Src = pSrc + + // Simulate a message with a payload just under 256 so that + // payload + flag + aesnonce > 256. Check that the result + // is padded on the next 256 boundary. + msg := sentMessage{} + msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength+signatureLength) + + err = msg.appendPadding(params) + + if err != nil { + t.Fatalf("Error appending padding to message %v", err) + return + } + + if len(msg.Raw) != 512 { + t.Errorf("Invalid size %d != 512", len(msg.Raw)) + } +} |