diff options
| author | Guillaume Ballet <gballet@gmail.com> | 2017-12-08 18:40:59 +0800 |
|---|---|---|
| committer | Felix Lange <fjl@users.noreply.github.com> | 2017-12-08 18:40:59 +0800 |
| commit | d95962cd5d3ea163f8e91d7a9ca2f6303799b2e2 (patch) | |
| tree | 7255f029c04eb4e66e07b757c1ef44ecd1edb986 /whisper/whisperv6/message.go | |
| parent | b5874273cec729adce84acf5848536d20fb60f7c (diff) | |
| download | dexon-d95962cd5d3ea163f8e91d7a9ca2f6303799b2e2.tar dexon-d95962cd5d3ea163f8e91d7a9ca2f6303799b2e2.tar.gz dexon-d95962cd5d3ea163f8e91d7a9ca2f6303799b2e2.tar.bz2 dexon-d95962cd5d3ea163f8e91d7a9ca2f6303799b2e2.tar.lz dexon-d95962cd5d3ea163f8e91d7a9ca2f6303799b2e2.tar.xz dexon-d95962cd5d3ea163f8e91d7a9ca2f6303799b2e2.tar.zst dexon-d95962cd5d3ea163f8e91d7a9ca2f6303799b2e2.zip | |
whisper/whisperv6: remove aesnonce (#15578)
As per EIP-627, the salt for symmetric encryption is now
part of the payload. This commit does that.
Diffstat (limited to 'whisper/whisperv6/message.go')
| -rw-r--r-- | whisper/whisperv6/message.go | 46 |
1 files changed, 27 insertions, 19 deletions
diff --git a/whisper/whisperv6/message.go b/whisper/whisperv6/message.go index 0815f07a2..2f39afda6 100644 --- a/whisper/whisperv6/message.go +++ b/whisper/whisperv6/message.go @@ -61,6 +61,7 @@ type ReceivedMessage struct { Payload []byte Padding []byte Signature []byte + Salt []byte PoW float64 // Proof of work as described in the Whisper spec Sent uint32 // Time when the message was posted into the network @@ -196,31 +197,31 @@ func (msg *sentMessage) encryptAsymmetric(key *ecdsa.PublicKey) error { // encryptSymmetric encrypts a message with a topic key, using AES-GCM-256. // nonce size should be 12 bytes (see cipher.gcmStandardNonceSize). -func (msg *sentMessage) encryptSymmetric(key []byte) (nonce []byte, err error) { +func (msg *sentMessage) encryptSymmetric(key []byte) (err error) { if !validateSymmetricKey(key) { - return nil, errors.New("invalid key provided for symmetric encryption") + return errors.New("invalid key provided for symmetric encryption") } block, err := aes.NewCipher(key) if err != nil { - return nil, err + return err } aesgcm, err := cipher.NewGCM(block) if err != nil { - return nil, err + return err } // never use more than 2^32 random nonces with a given key - nonce = make([]byte, aesgcm.NonceSize()) - _, err = crand.Read(nonce) + salt := make([]byte, aesgcm.NonceSize()) + _, err = crand.Read(salt) if err != nil { - return nil, err - } else if !validateSymmetricKey(nonce) { - return nil, errors.New("crypto/rand failed to generate nonce") + return err + } else if !validateSymmetricKey(salt) { + return errors.New("crypto/rand failed to generate salt") } - msg.Raw = aesgcm.Seal(nil, nonce, msg.Raw, nil) - return nonce, nil + msg.Raw = append(aesgcm.Seal(nil, salt, msg.Raw, nil), salt...) + return nil } // Wrap bundles the message into an Envelope to transmit over the network. @@ -233,11 +234,10 @@ func (msg *sentMessage) Wrap(options *MessageParams) (envelope *Envelope, err er return nil, err } } - var nonce []byte if options.Dst != nil { err = msg.encryptAsymmetric(options.Dst) } else if options.KeySym != nil { - nonce, err = msg.encryptSymmetric(options.KeySym) + err = msg.encryptSymmetric(options.KeySym) } else { err = errors.New("unable to encrypt the message: neither symmetric nor assymmetric key provided") } @@ -245,7 +245,7 @@ func (msg *sentMessage) Wrap(options *MessageParams) (envelope *Envelope, err er return nil, err } - envelope = NewEnvelope(options.TTL, options.Topic, nonce, msg) + envelope = NewEnvelope(options.TTL, options.Topic, msg) if err = envelope.Seal(options); err != nil { return nil, err } @@ -254,7 +254,14 @@ func (msg *sentMessage) Wrap(options *MessageParams) (envelope *Envelope, err er // decryptSymmetric decrypts a message with a topic key, using AES-GCM-256. // nonce size should be 12 bytes (see cipher.gcmStandardNonceSize). -func (msg *ReceivedMessage) decryptSymmetric(key []byte, nonce []byte) error { +func (msg *ReceivedMessage) decryptSymmetric(key []byte) error { + // In v6, symmetric messages are expected to contain the 12-byte + // "salt" at the end of the payload. + if len(msg.Raw) < AESNonceLength { + return errors.New("missing salt or invalid payload in symmetric message") + } + salt := msg.Raw[len(msg.Raw)-AESNonceLength:] + block, err := aes.NewCipher(key) if err != nil { return err @@ -263,15 +270,16 @@ func (msg *ReceivedMessage) decryptSymmetric(key []byte, nonce []byte) error { if err != nil { return err } - if len(nonce) != aesgcm.NonceSize() { - log.Error("decrypting the message", "AES nonce size", len(nonce)) - return errors.New("wrong AES nonce size") + if len(salt) != aesgcm.NonceSize() { + log.Error("decrypting the message", "AES salt size", len(salt)) + return errors.New("wrong AES salt size") } - decrypted, err := aesgcm.Open(nil, nonce, msg.Raw, nil) + decrypted, err := aesgcm.Open(nil, salt, msg.Raw[:len(msg.Raw)-AESNonceLength], nil) if err != nil { return err } msg.Raw = decrypted + msg.Salt = salt return nil } |