whisper/whisperv6: remove aesnonce (#15578)
As per EIP-627, the salt for symmetric encryption is now part of the payload. This commit does that.
This commit is contained in:
Guillaume Ballet
committed by
Felix Lange
Felix Lange
parent
b5874273ce
commit
d95962cd5d
@@ -61,6 +61,7 @@ type ReceivedMessage struct {
|
||||
Payload []byte
|
||||
Padding []byte
|
||||
Signature []byte
|
||||
Salt []byte
|
||||
|
||||
PoW float64 // Proof of work as described in the Whisper spec
|
||||
Sent uint32 // Time when the message was posted into the network
|
||||
@@ -196,31 +197,31 @@ func (msg *sentMessage) encryptAsymmetric(key *ecdsa.PublicKey) error {
|
||||
|
||||
// encryptSymmetric encrypts a message with a topic key, using AES-GCM-256.
|
||||
// nonce size should be 12 bytes (see cipher.gcmStandardNonceSize).
|
||||
func (msg *sentMessage) encryptSymmetric(key []byte) (nonce []byte, err error) {
|
||||
func (msg *sentMessage) encryptSymmetric(key []byte) (err error) {
|
||||
if !validateSymmetricKey(key) {
|
||||
return nil, errors.New("invalid key provided for symmetric encryption")
|
||||
return errors.New("invalid key provided for symmetric encryption")
|
||||
}
|
||||
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
aesgcm, err := cipher.NewGCM(block)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
|
||||
// never use more than 2^32 random nonces with a given key
|
||||
nonce = make([]byte, aesgcm.NonceSize())
|
||||
_, err = crand.Read(nonce)
|
||||
salt := make([]byte, aesgcm.NonceSize())
|
||||
_, err = crand.Read(salt)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
} else if !validateSymmetricKey(nonce) {
|
||||
return nil, errors.New("crypto/rand failed to generate nonce")
|
||||
return err
|
||||
} else if !validateSymmetricKey(salt) {
|
||||
return errors.New("crypto/rand failed to generate salt")
|
||||
}
|
||||
|
||||
msg.Raw = aesgcm.Seal(nil, nonce, msg.Raw, nil)
|
||||
return nonce, nil
|
||||
msg.Raw = append(aesgcm.Seal(nil, salt, msg.Raw, nil), salt...)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Wrap bundles the message into an Envelope to transmit over the network.
|
||||
@@ -233,11 +234,10 @@ func (msg *sentMessage) Wrap(options *MessageParams) (envelope *Envelope, err er
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
var nonce []byte
|
||||
if options.Dst != nil {
|
||||
err = msg.encryptAsymmetric(options.Dst)
|
||||
} else if options.KeySym != nil {
|
||||
nonce, err = msg.encryptSymmetric(options.KeySym)
|
||||
err = msg.encryptSymmetric(options.KeySym)
|
||||
} else {
|
||||
err = errors.New("unable to encrypt the message: neither symmetric nor assymmetric key provided")
|
||||
}
|
||||
@@ -245,7 +245,7 @@ func (msg *sentMessage) Wrap(options *MessageParams) (envelope *Envelope, err er
|
||||
return nil, err
|
||||
}
|
||||
|
||||
envelope = NewEnvelope(options.TTL, options.Topic, nonce, msg)
|
||||
envelope = NewEnvelope(options.TTL, options.Topic, msg)
|
||||
if err = envelope.Seal(options); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -254,7 +254,14 @@ func (msg *sentMessage) Wrap(options *MessageParams) (envelope *Envelope, err er
|
||||
|
||||
// decryptSymmetric decrypts a message with a topic key, using AES-GCM-256.
|
||||
// nonce size should be 12 bytes (see cipher.gcmStandardNonceSize).
|
||||
func (msg *ReceivedMessage) decryptSymmetric(key []byte, nonce []byte) error {
|
||||
func (msg *ReceivedMessage) decryptSymmetric(key []byte) error {
|
||||
// In v6, symmetric messages are expected to contain the 12-byte
|
||||
// "salt" at the end of the payload.
|
||||
if len(msg.Raw) < AESNonceLength {
|
||||
return errors.New("missing salt or invalid payload in symmetric message")
|
||||
}
|
||||
salt := msg.Raw[len(msg.Raw)-AESNonceLength:]
|
||||
|
||||
block, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -263,15 +270,16 @@ func (msg *ReceivedMessage) decryptSymmetric(key []byte, nonce []byte) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(nonce) != aesgcm.NonceSize() {
|
||||
log.Error("decrypting the message", "AES nonce size", len(nonce))
|
||||
return errors.New("wrong AES nonce size")
|
||||
if len(salt) != aesgcm.NonceSize() {
|
||||
log.Error("decrypting the message", "AES salt size", len(salt))
|
||||
return errors.New("wrong AES salt size")
|
||||
}
|
||||
decrypted, err := aesgcm.Open(nil, nonce, msg.Raw, nil)
|
||||
decrypted, err := aesgcm.Open(nil, salt, msg.Raw[:len(msg.Raw)-AESNonceLength], nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
msg.Raw = decrypted
|
||||
msg.Salt = salt
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user