whisper: sym encryption message padding includes salt (#15631)

Now that the AES salt has been moved to the payload, padding must
be adjusted to hide it, lest an attacker guesses that the packet
uses symmetric encryption.
This commit is contained in:
Guillaume Ballet 2017-12-11 12:32:58 +01:00 committed by Felix Lange
parent 732f5468d3
commit e7610eadfe
2 changed files with 60 additions and 0 deletions

View File

@ -124,6 +124,10 @@ func (msg *sentMessage) appendPadding(params *MessageParams) error {
if params.Src != nil { if params.Src != nil {
rawSize += signatureLength rawSize += signatureLength
} }
if params.KeySym != nil {
rawSize += AESNonceLength
}
odd := rawSize % padSizeLimit odd := rawSize % padSizeLimit
if len(params.Padding) != 0 { if len(params.Padding) != 0 {

View File

@ -416,3 +416,59 @@ func TestPadding(t *testing.T) {
singlePaddingTest(t, n) singlePaddingTest(t, n)
} }
} }
func TestPaddingAppendedToSymMessages(t *testing.T) {
params := &MessageParams{
Payload: make([]byte, 246),
KeySym: make([]byte, aesKeyLength),
}
// Simulate a message with a payload just under 256 so that
// payload + flag + aesnonce > 256. Check that the result
// is padded on the next 256 boundary.
msg := sentMessage{}
msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength)
err := msg.appendPadding(params)
if err != nil {
t.Fatalf("Error appending padding to message %v", err)
return
}
if len(msg.Raw) != 512 {
t.Errorf("Invalid size %d != 512", len(msg.Raw))
}
}
func TestPaddingAppendedToSymMessagesWithSignature(t *testing.T) {
params := &MessageParams{
Payload: make([]byte, 246),
KeySym: make([]byte, aesKeyLength),
}
pSrc, err := crypto.GenerateKey()
if err != nil {
t.Fatalf("Error creating the signature key %v", err)
return
}
params.Src = pSrc
// Simulate a message with a payload just under 256 so that
// payload + flag + aesnonce > 256. Check that the result
// is padded on the next 256 boundary.
msg := sentMessage{}
msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength+signatureLength)
err = msg.appendPadding(params)
if err != nil {
t.Fatalf("Error appending padding to message %v", err)
return
}
if len(msg.Raw) != 512 {
t.Errorf("Invalid size %d != 512", len(msg.Raw))
}
}