aboutsummaryrefslogtreecommitdiffstats
path: root/whisper
diff options
context:
space:
mode:
authorGuillaume Ballet <gballet@gmail.com>2017-12-11 19:32:58 +0800
committerFelix Lange <fjl@users.noreply.github.com>2017-12-11 19:32:58 +0800
commite7610eadfee686d7d979e8d23d0b903a78288a13 (patch)
treebad08f078627607d2293edc31ba53e3e061c0575 /whisper
parent732f5468d33ae184dfa518fb75b9da87efeee940 (diff)
downloaddexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.gz
dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.tar.zst
dexon-e7610eadfee686d7d979e8d23d0b903a78288a13.zip
whisper: sym encryption message padding includes salt (#15631)
Now that the AES salt has been moved to the payload, padding must be adjusted to hide it, lest an attacker guesses that the packet uses symmetric encryption.
Diffstat (limited to 'whisper')
-rw-r--r--whisper/whisperv6/message.go4
-rw-r--r--whisper/whisperv6/message_test.go56
2 files changed, 60 insertions, 0 deletions
diff --git a/whisper/whisperv6/message.go b/whisper/whisperv6/message.go
index 63bcdd85e..f8df50336 100644
--- a/whisper/whisperv6/message.go
+++ b/whisper/whisperv6/message.go
@@ -124,6 +124,10 @@ func (msg *sentMessage) appendPadding(params *MessageParams) error {
if params.Src != nil {
rawSize += signatureLength
}
+
+ if params.KeySym != nil {
+ rawSize += AESNonceLength
+ }
odd := rawSize % padSizeLimit
if len(params.Padding) != 0 {
diff --git a/whisper/whisperv6/message_test.go b/whisper/whisperv6/message_test.go
index 281a852d6..c90bcc01e 100644
--- a/whisper/whisperv6/message_test.go
+++ b/whisper/whisperv6/message_test.go
@@ -416,3 +416,59 @@ func TestPadding(t *testing.T) {
singlePaddingTest(t, n)
}
}
+
+func TestPaddingAppendedToSymMessages(t *testing.T) {
+ params := &MessageParams{
+ Payload: make([]byte, 246),
+ KeySym: make([]byte, aesKeyLength),
+ }
+
+ // Simulate a message with a payload just under 256 so that
+ // payload + flag + aesnonce > 256. Check that the result
+ // is padded on the next 256 boundary.
+ msg := sentMessage{}
+ msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength)
+
+ err := msg.appendPadding(params)
+
+ if err != nil {
+ t.Fatalf("Error appending padding to message %v", err)
+ return
+ }
+
+ if len(msg.Raw) != 512 {
+ t.Errorf("Invalid size %d != 512", len(msg.Raw))
+ }
+}
+
+func TestPaddingAppendedToSymMessagesWithSignature(t *testing.T) {
+ params := &MessageParams{
+ Payload: make([]byte, 246),
+ KeySym: make([]byte, aesKeyLength),
+ }
+
+ pSrc, err := crypto.GenerateKey()
+
+ if err != nil {
+ t.Fatalf("Error creating the signature key %v", err)
+ return
+ }
+ params.Src = pSrc
+
+ // Simulate a message with a payload just under 256 so that
+ // payload + flag + aesnonce > 256. Check that the result
+ // is padded on the next 256 boundary.
+ msg := sentMessage{}
+ msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength+signatureLength)
+
+ err = msg.appendPadding(params)
+
+ if err != nil {
+ t.Fatalf("Error appending padding to message %v", err)
+ return
+ }
+
+ if len(msg.Raw) != 512 {
+ t.Errorf("Invalid size %d != 512", len(msg.Raw))
+ }
+}