whisper: sym encryption message padding includes salt (#15631)

Now that the AES salt has been moved to the payload, padding must
be adjusted to hide it, lest an attacker guesses that the packet
uses symmetric encryption.
This commit is contained in:
Guillaume Ballet 2017-12-11 12:32:58 +01:00 committed by Felix Lange
parent 21084335dd
commit 7538b633f5
2 changed files with 60 additions and 0 deletions

View File

@ -124,6 +124,10 @@ func (msg *sentMessage) appendPadding(params *MessageParams) error {
if params.Src != nil {
rawSize += signatureLength
}
if params.KeySym != nil {
rawSize += AESNonceLength
}
odd := rawSize % padSizeLimit
if len(params.Padding) != 0 {

View File

@ -416,3 +416,59 @@ func TestPadding(t *testing.T) {
singlePaddingTest(t, n)
}
}
func TestPaddingAppendedToSymMessages(t *testing.T) {
params := &MessageParams{
Payload: make([]byte, 246),
KeySym: make([]byte, aesKeyLength),
}
// Simulate a message with a payload just under 256 so that
// payload + flag + aesnonce > 256. Check that the result
// is padded on the next 256 boundary.
msg := sentMessage{}
msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength)
err := msg.appendPadding(params)
if err != nil {
t.Fatalf("Error appending padding to message %v", err)
return
}
if len(msg.Raw) != 512 {
t.Errorf("Invalid size %d != 512", len(msg.Raw))
}
}
func TestPaddingAppendedToSymMessagesWithSignature(t *testing.T) {
params := &MessageParams{
Payload: make([]byte, 246),
KeySym: make([]byte, aesKeyLength),
}
pSrc, err := crypto.GenerateKey()
if err != nil {
t.Fatalf("Error creating the signature key %v", err)
return
}
params.Src = pSrc
// Simulate a message with a payload just under 256 so that
// payload + flag + aesnonce > 256. Check that the result
// is padded on the next 256 boundary.
msg := sentMessage{}
msg.Raw = make([]byte, len(params.Payload)+1+AESNonceLength+signatureLength)
err = msg.appendPadding(params)
if err != nil {
t.Fatalf("Error appending padding to message %v", err)
return
}
if len(msg.Raw) != 512 {
t.Errorf("Invalid size %d != 512", len(msg.Raw))
}
}