From 7bb4e4ef62bf2e967b8368531e2eb1e5b0481947 Mon Sep 17 00:00:00 2001 From: Marvin W Date: Mon, 14 Sep 2020 21:56:58 +0200 Subject: [PATCH] Send OMEMO-encrypted messages and files using 12 byte IV --- plugins/omemo/src/file_transfer/file_decryptor.vala | 10 ++-------- plugins/omemo/src/file_transfer/file_encryptor.vala | 6 ++++-- plugins/omemo/src/jingle/jet_omemo.vala | 12 ++++++++---- plugins/omemo/src/logic/trust_manager.vala | 6 ++++-- plugins/omemo/src/protocol/stream_module.vala | 2 +- plugins/signal-protocol/src/signal_helper.c | 4 ---- 6 files changed, 19 insertions(+), 21 deletions(-) diff --git a/plugins/omemo/src/file_transfer/file_decryptor.vala b/plugins/omemo/src/file_transfer/file_decryptor.vala index 3999d3b8..75adec1a 100644 --- a/plugins/omemo/src/file_transfer/file_decryptor.vala +++ b/plugins/omemo/src/file_transfer/file_decryptor.vala @@ -48,14 +48,8 @@ public class OmemoFileDecryptor : FileDecryptor, Object { MatchInfo match_info; this.url_regex.match(omemo_http_receive_data.original_url, 0, out match_info); uint8[] iv_and_key = hex_to_bin(match_info.fetch(2).up()); - uint8[] iv, key; - if (iv_and_key.length == 44) { - iv = iv_and_key[0:12]; - key = iv_and_key[12:44]; - } else { - iv = iv_and_key[0:16]; - key = iv_and_key[16:48]; - } + uint8[] iv = iv_and_key[0:iv_and_key.length-16]; + uint8[] key = iv_and_key[iv_and_key.length-16:iv_and_key.length]; file_transfer.encryption = Encryption.OMEMO; debug("Decrypting file %s from %s", file_transfer.file_name, file_transfer.server_file_name); diff --git a/plugins/omemo/src/file_transfer/file_encryptor.vala b/plugins/omemo/src/file_transfer/file_encryptor.vala index 31c3ad6c..7e79abdc 100644 --- a/plugins/omemo/src/file_transfer/file_encryptor.vala +++ b/plugins/omemo/src/file_transfer/file_encryptor.vala @@ -20,13 +20,15 @@ public class OmemoFileEncryptor : Dino.FileEncryptor, Object { } public FileMeta encrypt_file(Conversation conversation, FileTransfer file_transfer) throws FileSendError { + const uint KEY_SIZE = 32; + const uint IV_SIZE = 12; var omemo_http_file_meta = new OmemoHttpFileMeta(); try { //Create a key and use it to encrypt the file - uint8[] iv = new uint8[16]; + uint8[] iv = new uint8[IV_SIZE]; Plugin.get_context().randomize(iv); - uint8[] key = new uint8[32]; + uint8[] key = new uint8[KEY_SIZE]; Plugin.get_context().randomize(key); SymmetricCipher cipher = new SymmetricCipher("AES-GCM"); diff --git a/plugins/omemo/src/jingle/jet_omemo.vala b/plugins/omemo/src/jingle/jet_omemo.vala index 2ddf5d33..c2f7b265 100644 --- a/plugins/omemo/src/jingle/jet_omemo.vala +++ b/plugins/omemo/src/jingle/jet_omemo.vala @@ -12,6 +12,8 @@ private const string AES_128_GCM_URI = "urn:xmpp:ciphers:aes-128-gcm-nopadding"; public class Module : XmppStreamModule, Jet.EnvelopEncoding { public static Xmpp.ModuleIdentity IDENTITY = new Xmpp.ModuleIdentity(NS_URI, "0396_jet_omemo"); private Omemo.Plugin plugin; + const uint KEY_SIZE = 16; + const uint IV_SIZE = 12; public Module(Omemo.Plugin plugin) { this.plugin = plugin; @@ -21,7 +23,7 @@ public class Module : XmppStreamModule, Jet.EnvelopEncoding { if (stream.get_module(Jet.Module.IDENTITY) != null) { stream.get_module(ServiceDiscovery.Module.IDENTITY).add_feature(stream, NS_URI); stream.get_module(Jet.Module.IDENTITY).register_envelop_encoding(this); - stream.get_module(Jet.Module.IDENTITY).register_cipher(new AesGcmCipher(16, AES_128_GCM_URI)); + stream.get_module(Jet.Module.IDENTITY).register_cipher(new AesGcmCipher(KEY_SIZE, IV_SIZE, AES_128_GCM_URI)); } } @@ -113,17 +115,19 @@ public class Module : XmppStreamModule, Jet.EnvelopEncoding { } public class AesGcmCipher : Jet.Cipher, Object { - private int key_size; + private uint key_size; + private uint default_iv_size; private string uri; - public AesGcmCipher(int key_size, string uri) { + public AesGcmCipher(uint key_size, uint default_iv_size, string uri) { this.key_size = key_size; + this.default_iv_size = default_iv_size; this.uri = uri; } public string get_cipher_uri() { return uri; } public Jet.TransportSecret generate_random_secret() { - uint8[] iv = new uint8[16]; + uint8[] iv = new uint8[default_iv_size]; Omemo.Plugin.get_context().randomize(iv); uint8[] key = new uint8[key_size]; Omemo.Plugin.get_context().randomize(key); diff --git a/plugins/omemo/src/logic/trust_manager.vala b/plugins/omemo/src/logic/trust_manager.vala index 14f19102..f11768c6 100644 --- a/plugins/omemo/src/logic/trust_manager.vala +++ b/plugins/omemo/src/logic/trust_manager.vala @@ -138,6 +138,8 @@ public class TrustManager { } public EncryptState encrypt(MessageStanza message, Jid self_jid, Gee.List recipients, XmppStream stream, Account account) { + const uint KEY_SIZE = 16; + const uint IV_SIZE = 12; EncryptState status = new EncryptState(); if (!Plugin.ensure_context()) return status; if (message.to == null) return status; @@ -146,9 +148,9 @@ public class TrustManager { try { //Create a key and use it to encrypt the message - uint8[] key = new uint8[16]; + uint8[] key = new uint8[KEY_SIZE]; Plugin.get_context().randomize(key); - uint8[] iv = new uint8[16]; + uint8[] iv = new uint8[IV_SIZE]; Plugin.get_context().randomize(iv); uint8[] aes_encrypt_result = aes_encrypt(Cipher.AES_GCM_NOPADDING, key, iv, message.body.data); diff --git a/plugins/omemo/src/protocol/stream_module.vala b/plugins/omemo/src/protocol/stream_module.vala index 83822ea2..0a465d73 100644 --- a/plugins/omemo/src/protocol/stream_module.vala +++ b/plugins/omemo/src/protocol/stream_module.vala @@ -5,7 +5,7 @@ using Signal; namespace Dino.Plugins.Omemo { -private const string NS_URI = "eu.siacs.conversations.axolotl"; +internal const string NS_URI = "eu.siacs.conversations.axolotl"; private const string NODE_DEVICELIST = NS_URI + ".devicelist"; private const string NODE_BUNDLES = NS_URI + ".bundles"; private const string NODE_VERIFICATION = NS_URI + ".verification"; diff --git a/plugins/signal-protocol/src/signal_helper.c b/plugins/signal-protocol/src/signal_helper.c index 74019410..1a428c44 100644 --- a/plugins/signal-protocol/src/signal_helper.c +++ b/plugins/signal-protocol/src/signal_helper.c @@ -211,8 +211,6 @@ int signal_vala_encrypt(signal_buffer **output, int algo, mode, error_code = SG_ERR_UNKNOWN; if (aes_cipher(cipher, key_len, &algo, &mode)) return SG_ERR_INVAL; - if (iv_len != 16 && iv_len != 12) return SG_ERR_INVAL; - gcry_cipher_hd_t ctx = {0}; if (gcry_cipher_open(&ctx, algo, mode, 0)) return SG_ERR_NOMEM; @@ -294,8 +292,6 @@ int signal_vala_decrypt(signal_buffer **output, if (aes_cipher(cipher, key_len, &algo, &mode)) return SG_ERR_INVAL; if (ciphertext_len == 0) return SG_ERR_INVAL; - if (iv_len != 16 && iv_len != 12) return SG_ERR_INVAL; - gcry_cipher_hd_t ctx = {0}; if (gcry_cipher_open(&ctx, algo, mode, 0)) return SG_ERR_NOMEM;