Handle receiving padded attachments

Don't send padded attachments yet. // FREEBIE
8 years ago · cbbb376860
parent 81386eae0c
commit cbbb376860
3 changed files with 35 additions and 8 deletions
--- a/SignalServiceKit/src/Messages/Attachments/OWSAttachmentsProcessor.m
+++ b/SignalServiceKit/src/Messages/Attachments/OWSAttachmentsProcessor.m
@ -250,6 +250,7 @@ static const CGFloat kAttachmentDownloadProgressTheta = 0.001f;
    NSData *plaintext = [Cryptography decryptAttachment:cipherText
                                                withKey:attachment.encryptionKey
                                                 digest:attachment.digest
+                                           unpaddedSize:attachment.byteCount
                                                  error:&decryptError];

    if (decryptError) {
--- a/SignalServiceKit/src/Util/Cryptography.h
+++ b/SignalServiceKit/src/Util/Cryptography.h
@ -59,6 +59,7 @@ typedef NS_ENUM(NSInteger, TSMACType) {
 + (NSData *)decryptAttachment:(NSData *)dataToDecrypt
                      withKey:(NSData *)key
                       digest:(nullable NSData *)digest
+                 unpaddedSize:(UInt32)unpaddedSize
                        error:(NSError **)error;

 + (NSData *)encryptAttachmentData:(NSData *)attachmentData
--- a/SignalServiceKit/src/Util/Cryptography.m
+++ b/SignalServiceKit/src/Util/Cryptography.m
@ -297,6 +297,7 @@ const NSUInteger kAES256_KeyByteLength = 32;
 + (NSData *)decryptAttachment:(NSData *)dataToDecrypt
                      withKey:(NSData *)key
                       digest:(nullable NSData *)digest
+                 unpaddedSize:(UInt32)unpaddedSize
                        error:(NSError **)error;
 {
    if (digest.length <= 0) {
@ -328,14 +329,38 @@ const NSUInteger kAES256_KeyByteLength = 32;
    NSData *hmac = [dataToDecrypt
        subdataWithRange:NSMakeRange([dataToDecrypt length] - HMAC256_OUTPUT_LENGTH, HMAC256_OUTPUT_LENGTH)];

-    return [Cryptography decryptCBCMode:encryptedAttachment
-                                    key:encryptionKey
-                                     IV:iv
-                                version:nil
-                                HMACKey:hmacKey
-                               HMACType:TSHMACSHA256AttachementType
-                           matchingHMAC:hmac
-                                 digest:digest];
+    NSData *paddedPlainText = [Cryptography decryptCBCMode:encryptedAttachment
+                                                       key:encryptionKey
+                                                        IV:iv
+                                                   version:nil
+                                                   HMACKey:hmacKey
+                                                  HMACType:TSHMACSHA256AttachementType
+                                              matchingHMAC:hmac
+                                                    digest:digest];
+    if (unpaddedSize == 0) {
+        // Work around for legacy iOS client's which weren't setting padding size.
+        // Since we know those clients pre-date attachment padding we return the entire data.
+        DDLogWarn(@"%@ Decrypted attachment with unspecified size.", self.tag);
+        return paddedPlainText;
+    } else {
+        if (unpaddedSize > paddedPlainText.length) {
+            *error = OWSErrorWithCodeDescription(
+                OWSErrorCodeFailedToDecryptMessage, NSLocalizedString(@"ERROR_MESSAGE_INVALID_MESSAGE", @""));
+            return nil;
+        }
+
+        if (unpaddedSize == paddedPlainText.length) {
+            DDLogInfo(@"%@ decrypted unpadded attachment.", self.tag);
+        } else {
+            unsigned long paddingSize = paddedPlainText.length - unpaddedSize;
+            DDLogInfo(@"%@ decrypted padded attachment with unpaddedSize: %u, paddingSize: %lu",
+                self.tag,
+                unpaddedSize,
+                paddingSize);
+        }
+
+        return [paddedPlainText subdataWithRange:NSMakeRange(0, unpaddedSize)];
+    }
 }

 + (NSData *)encryptAttachmentData:(NSData *)attachmentData