From cbbb376860e995e5efefcfb2ca158750e366c838 Mon Sep 17 00:00:00 2001 From: Michael Kirk Date: Thu, 26 Oct 2017 17:59:35 -0700 Subject: [PATCH] Handle receiving padded attachments Don't send padded attachments yet. // FREEBIE --- .../Attachments/OWSAttachmentsProcessor.m | 1 + SignalServiceKit/src/Util/Cryptography.h | 1 + SignalServiceKit/src/Util/Cryptography.m | 41 +++++++++++++++---- 3 files changed, 35 insertions(+), 8 deletions(-) diff --git a/SignalServiceKit/src/Messages/Attachments/OWSAttachmentsProcessor.m b/SignalServiceKit/src/Messages/Attachments/OWSAttachmentsProcessor.m index b7962e9fc..0654b2d66 100644 --- a/SignalServiceKit/src/Messages/Attachments/OWSAttachmentsProcessor.m +++ b/SignalServiceKit/src/Messages/Attachments/OWSAttachmentsProcessor.m @@ -250,6 +250,7 @@ static const CGFloat kAttachmentDownloadProgressTheta = 0.001f; NSData *plaintext = [Cryptography decryptAttachment:cipherText withKey:attachment.encryptionKey digest:attachment.digest + unpaddedSize:attachment.byteCount error:&decryptError]; if (decryptError) { diff --git a/SignalServiceKit/src/Util/Cryptography.h b/SignalServiceKit/src/Util/Cryptography.h index 9a35081e8..f0369969d 100755 --- a/SignalServiceKit/src/Util/Cryptography.h +++ b/SignalServiceKit/src/Util/Cryptography.h @@ -59,6 +59,7 @@ typedef NS_ENUM(NSInteger, TSMACType) { + (NSData *)decryptAttachment:(NSData *)dataToDecrypt withKey:(NSData *)key digest:(nullable NSData *)digest + unpaddedSize:(UInt32)unpaddedSize error:(NSError **)error; + (NSData *)encryptAttachmentData:(NSData *)attachmentData diff --git a/SignalServiceKit/src/Util/Cryptography.m b/SignalServiceKit/src/Util/Cryptography.m index 0ec59232b..641a223ae 100755 --- a/SignalServiceKit/src/Util/Cryptography.m +++ b/SignalServiceKit/src/Util/Cryptography.m @@ -297,6 +297,7 @@ const NSUInteger kAES256_KeyByteLength = 32; + (NSData *)decryptAttachment:(NSData *)dataToDecrypt withKey:(NSData *)key digest:(nullable NSData *)digest + unpaddedSize:(UInt32)unpaddedSize error:(NSError **)error; { if (digest.length <= 0) { @@ -328,14 +329,38 @@ const NSUInteger kAES256_KeyByteLength = 32; NSData *hmac = [dataToDecrypt subdataWithRange:NSMakeRange([dataToDecrypt length] - HMAC256_OUTPUT_LENGTH, HMAC256_OUTPUT_LENGTH)]; - return [Cryptography decryptCBCMode:encryptedAttachment - key:encryptionKey - IV:iv - version:nil - HMACKey:hmacKey - HMACType:TSHMACSHA256AttachementType - matchingHMAC:hmac - digest:digest]; + NSData *paddedPlainText = [Cryptography decryptCBCMode:encryptedAttachment + key:encryptionKey + IV:iv + version:nil + HMACKey:hmacKey + HMACType:TSHMACSHA256AttachementType + matchingHMAC:hmac + digest:digest]; + if (unpaddedSize == 0) { + // Work around for legacy iOS client's which weren't setting padding size. + // Since we know those clients pre-date attachment padding we return the entire data. + DDLogWarn(@"%@ Decrypted attachment with unspecified size.", self.tag); + return paddedPlainText; + } else { + if (unpaddedSize > paddedPlainText.length) { + *error = OWSErrorWithCodeDescription( + OWSErrorCodeFailedToDecryptMessage, NSLocalizedString(@"ERROR_MESSAGE_INVALID_MESSAGE", @"")); + return nil; + } + + if (unpaddedSize == paddedPlainText.length) { + DDLogInfo(@"%@ decrypted unpadded attachment.", self.tag); + } else { + unsigned long paddingSize = paddedPlainText.length - unpaddedSize; + DDLogInfo(@"%@ decrypted padded attachment with unpaddedSize: %u, paddingSize: %lu", + self.tag, + unpaddedSize, + paddingSize); + } + + return [paddedPlainText subdataWithRange:NSMakeRange(0, unpaddedSize)]; + } } + (NSData *)encryptAttachmentData:(NSData *)attachmentData