whisper: sym encryption message padding includes salt (#15631)
Now that the AES salt has been moved to the payload, padding must be adjusted to hide it, lest an attacker guesses that the packet uses symmetric encryption.
This commit is contained in:
parent
732f5468d3
commit
e7610eadfe
|
@ -124,6 +124,10 @@ func (msg *sentMessage) appendPadding(params *MessageParams) error {
|
|||
if params.Src != nil {
|
||||
rawSize += signatureLength
|
||||
}
|
||||
|
||||
if params.KeySym != nil {
|
||||
rawSize += AESNonceLength
|
||||
}
|
||||
odd := rawSize % padSizeLimit
|
||||
|
||||
if len(params.Padding) != 0 {
|
||||
|
|
|
@ -416,3 +416,59 @@ func TestPadding(t *testing.T) {
|
|||
singlePaddingTest(t, n)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPaddingAppendedToSymMessages(t *testing.T) {
|
||||
params := &MessageParams{
|
||||
Payload: make([]byte, 246),
|
||||
KeySym: make([]byte, aesKeyLength),
|
||||
}
|
||||
|
||||
// Simulate a message with a payload just under 256 so that
|
||||
// payload + flag + aesnonce > 256. Check that the result
|
||||
// is padded on the next 256 boundary.
|
||||
msg := sentMessage{}
|
||||
msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength)
|
||||
|
||||
err := msg.appendPadding(params)
|
||||
|
||||
if err != nil {
|
||||
t.Fatalf("Error appending padding to message %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
if len(msg.Raw) != 512 {
|
||||
t.Errorf("Invalid size %d != 512", len(msg.Raw))
|
||||
}
|
||||
}
|
||||
|
||||
func TestPaddingAppendedToSymMessagesWithSignature(t *testing.T) {
|
||||
params := &MessageParams{
|
||||
Payload: make([]byte, 246),
|
||||
KeySym: make([]byte, aesKeyLength),
|
||||
}
|
||||
|
||||
pSrc, err := crypto.GenerateKey()
|
||||
|
||||
if err != nil {
|
||||
t.Fatalf("Error creating the signature key %v", err)
|
||||
return
|
||||
}
|
||||
params.Src = pSrc
|
||||
|
||||
// Simulate a message with a payload just under 256 so that
|
||||
// payload + flag + aesnonce > 256. Check that the result
|
||||
// is padded on the next 256 boundary.
|
||||
msg := sentMessage{}
|
||||
msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength+signatureLength)
|
||||
|
||||
err = msg.appendPadding(params)
|
||||
|
||||
if err != nil {
|
||||
t.Fatalf("Error appending padding to message %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
if len(msg.Raw) != 512 {
|
||||
t.Errorf("Invalid size %d != 512", len(msg.Raw))
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue