keejef
/
session-ios
mirror of https://github.com/oxen-io/session-ios
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix incorrect GCM tag size

Browse Source
pull/148/head
gmbnt 5 years ago
parent 245033dbc4
commit c67e2af9a6
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File

4
SignalServiceKit/src/Loki/API/Onion Requests/OnionRequestAPI+Encryption.swift
Unescape Escape View File

@ -2,7 +2,7 @@ import CryptoSwift
import PromiseKit import PromiseKit
extension OnionRequestAPI { extension OnionRequestAPI {
internal static let gcmTagLength: UInt = 128 internal static let gcmTagSize: UInt = 16
internal static let ivSize: UInt = 12 internal static let ivSize: UInt = 12
internal typealias EncryptionResult = (ciphertext: Data, symmetricKey: Data, ephemeralPublicKey: Data) internal typealias EncryptionResult = (ciphertext: Data, symmetricKey: Data, ephemeralPublicKey: Data)
@ -24,7 +24,7 @@ extension OnionRequestAPI {
private static func encrypt(_ plaintext: Data, usingAESGCMWithSymmetricKey symmetricKey: Data) throws -> Data { private static func encrypt(_ plaintext: Data, usingAESGCMWithSymmetricKey symmetricKey: Data) throws -> Data {
guard !Thread.isMainThread else { preconditionFailure("It's illegal to call encrypt(_:usingAESGCMWithSymmetricKey:) from the main thread.") } guard !Thread.isMainThread else { preconditionFailure("It's illegal to call encrypt(_:usingAESGCMWithSymmetricKey:) from the main thread.") }
let iv = try getSecureRandomData(ofSize: ivSize) let iv = try getSecureRandomData(ofSize: ivSize)
let gcm = GCM(iv: iv.bytes, tagLength: Int(gcmTagLength), mode: .combined) let gcm = GCM(iv: iv.bytes, tagLength: Int(gcmTagSize), mode: .combined)
let aes = try AES(key: symmetricKey.bytes, blockMode: gcm, padding: .pkcs7) let aes = try AES(key: symmetricKey.bytes, blockMode: gcm, padding: .pkcs7)
let ciphertext = try aes.encrypt(plaintext.bytes) let ciphertext = try aes.encrypt(plaintext.bytes)
return iv + Data(bytes: ciphertext) return iv + Data(bytes: ciphertext)

6
SignalServiceKit/src/Loki/API/Onion Requests/OnionRequestAPI.swift
Unescape Escape View File

@ -272,12 +272,12 @@ internal enum OnionRequestAPI {
guard let json = rawResponse as? JSON, let base64EncodedIVAndCiphertext = json["result"] as? String, guard let json = rawResponse as? JSON, let base64EncodedIVAndCiphertext = json["result"] as? String,
let ivAndCiphertext = Data(base64Encoded: base64EncodedIVAndCiphertext) else { return seal.reject(Error.invalidJSON) } let ivAndCiphertext = Data(base64Encoded: base64EncodedIVAndCiphertext) else { return seal.reject(Error.invalidJSON) }
let iv = ivAndCiphertext[0..<Int(ivSize)] let iv = ivAndCiphertext[0..<Int(ivSize)]
let ciphertext = ivAndCiphertext[Int(ivSize)..<ivAndCiphertext.endIndex] let ciphertext = ivAndCiphertext[Int(ivSize)...]
do { do {
let gcm = GCM(iv: iv.bytes, tagLength: Int(gcmTagLength), mode: .combined) let gcm = GCM(iv: iv.bytes, tagLength: Int(gcmTagSize), mode: .combined)
let aes = try AES(key: symmetricKey.bytes, blockMode: gcm, padding: .pkcs7) let aes = try AES(key: symmetricKey.bytes, blockMode: gcm, padding: .pkcs7)
let result = try aes.decrypt(ciphertext.bytes) let result = try aes.decrypt(ciphertext.bytes)
seal.fulfill(result) seal.fulfill(Data(bytes: result))
} catch (let error) { } catch (let error) {
seal.reject(error) seal.reject(error)
} }

Write Preview
Loading…
Cancel
Save