diff options
| author | Guillaume Ballet <gballet@gmail.com> | 2017-12-11 19:32:58 +0800 |
|---|---|---|
| committer | Felix Lange <fjl@users.noreply.github.com> | 2017-12-11 19:32:58 +0800 |
| commit | e7610eadfee686d7d979e8d23d0b903a78288a13 (patch) | |
| tree | bad08f078627607d2293edc31ba53e3e061c0575 /whisper/whisperv6 | |
| parent | 732f5468d33ae184dfa518fb75b9da87efeee940 (diff) | |
| download | go-tangerine-e7610eadfee686d7d979e8d23d0b903a78288a13.tar go-tangerine-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.gz go-tangerine-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.bz2 go-tangerine-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.lz go-tangerine-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.xz go-tangerine-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.zst go-tangerine-e7610eadfee686d7d979e8d23d0b903a78288a13.zip | |
whisper: sym encryption message padding includes salt (#15631)
Now that the AES salt has been moved to the payload, padding must
be adjusted to hide it, lest an attacker guesses that the packet
uses symmetric encryption.
Diffstat (limited to 'whisper/whisperv6')
| -rw-r--r-- | whisper/whisperv6/message.go | 4 | ||||
| -rw-r--r-- | whisper/whisperv6/message_test.go | 56 |
2 files changed, 60 insertions, 0 deletions
diff --git a/whisper/whisperv6/message.go b/whisper/whisperv6/message.go index 63bcdd85e..f8df50336 100644 --- a/whisper/whisperv6/message.go +++ b/whisper/whisperv6/message.go @@ -124,6 +124,10 @@ func (msg *sentMessage) appendPadding(params *MessageParams) error { if params.Src != nil { rawSize += signatureLength } + + if params.KeySym != nil { + rawSize += AESNonceLength + } odd := rawSize % padSizeLimit if len(params.Padding) != 0 { diff --git a/whisper/whisperv6/message_test.go b/whisper/whisperv6/message_test.go index 281a852d6..c90bcc01e 100644 --- a/whisper/whisperv6/message_test.go +++ b/whisper/whisperv6/message_test.go @@ -416,3 +416,59 @@ func TestPadding(t *testing.T) { singlePaddingTest(t, n) } } + +func TestPaddingAppendedToSymMessages(t *testing.T) { + params := &MessageParams{ + Payload: make([]byte, 246), + KeySym: make([]byte, aesKeyLength), + } + + // Simulate a message with a payload just under 256 so that + // payload + flag + aesnonce > 256. Check that the result + // is padded on the next 256 boundary. + msg := sentMessage{} + msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength) + + err := msg.appendPadding(params) + + if err != nil { + t.Fatalf("Error appending padding to message %v", err) + return + } + + if len(msg.Raw) != 512 { + t.Errorf("Invalid size %d != 512", len(msg.Raw)) + } +} + +func TestPaddingAppendedToSymMessagesWithSignature(t *testing.T) { + params := &MessageParams{ + Payload: make([]byte, 246), + KeySym: make([]byte, aesKeyLength), + } + + pSrc, err := crypto.GenerateKey() + + if err != nil { + t.Fatalf("Error creating the signature key %v", err) + return + } + params.Src = pSrc + + // Simulate a message with a payload just under 256 so that + // payload + flag + aesnonce > 256. Check that the result + // is padded on the next 256 boundary. + msg := sentMessage{} + msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength+signatureLength) + + err = msg.appendPadding(params) + + if err != nil { + t.Fatalf("Error appending padding to message %v", err) + return + } + + if len(msg.Raw) != 512 { + t.Errorf("Invalid size %d != 512", len(msg.Raw)) + } +} |