diff --git a/libretroshare/src/gxs/gxssecurity.cc b/libretroshare/src/gxs/gxssecurity.cc index 20492626f..33550a87e 100644 --- a/libretroshare/src/gxs/gxssecurity.cc +++ b/libretroshare/src/gxs/gxssecurity.cc @@ -37,6 +37,7 @@ static const uint32_t MULTI_ENCRYPTION_FORMAT_v001_HEADER = 0xFACE; static const uint32_t MULTI_ENCRYPTION_FORMAT_v001_HEADER_SIZE = 2 ; static const uint32_t MULTI_ENCRYPTION_FORMAT_v001_NUMBER_OF_KEYS_SIZE = 2 ; +static const uint32_t MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE = 256 ; static RsGxsId getRsaKeyFingerprint(RSA *pubkey) { @@ -644,8 +645,8 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u // Encrypts (in,inlen) into (out,outlen) using the given RSA public key. // The format of the encrypted data is: // - // [--- ID ---|--- number of encrypted keys---| n * (--- Encrypted session key length ---|--- Encrypted session keys ---) |--- IV ---|---- Encrypted data ---] - // 2 bytes 2 byte = n 1 byte = X X bytes EVP_MAX_IV_LENGTH Rest of packet + // [--- ID ---|--- number of encrypted keys---| n * (--- Encrypted session keys ---) |--- IV ---|---- Encrypted data ---] + // 2 bytes 2 byte = n 256 bytes EVP_MAX_IV_LENGTH Rest of packet // out = NULL ; @@ -682,6 +683,10 @@ bool GxsSecurity::encrypt(uint8_t *& out, uint32_t &outlen, const uint8_t *in, u for(uint32_t i=0;i 0xff) + if(eklen[i] != MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE) { std::cerr << "(EE) eklen[i]=" << eklen[i] << " in " << __PRETTY_FUNCTION__ << " for key id " << keys[i].keyId << ". This is unexpected. Cannot encrypt." << std::endl; throw std::runtime_error("Encryption error") ; } - out[out_offset++] = (unsigned char)eklen[i] ; memcpy((unsigned char*)out + out_offset, ek[i],eklen[i]) ; out_offset += eklen[i] ; @@ -974,8 +975,8 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, // Decrypts (in,inlen) into (out,outlen) using one of the given RSA public keys, trying them all in a row. // The format of the encrypted data is: // - // [--- ID ---|--- number of encrypted keys---| n * (--- Encrypted session key length ---|--- Encrypted session keys ---) |--- IV ---|---- Encrypted data ---] - // 2 bytes 2 byte = n 1 byte = X X bytes EVP_MAX_IV_LENGTH Rest of packet + // [--- ID ---|--- number of encrypted keys---| n * (--- Encrypted session keys ---) |--- IV ---|---- Encrypted data ---] + // 2 bytes 2 byte = n 256 bytes EVP_MAX_IV_LENGTH Rest of packet // // This method can be used to decrypt multi-encrypted data, if passing he correct encrypted key block (corresponding to the given key) @@ -1004,26 +1005,16 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, // reach the actual data offset - uint32_t encrypted_block_offset = offset ; uint32_t encrypted_keys_offset = offset ; uint32_t encrypted_block_size = 0 ; - for(uint32_t i=0;i= inlen) - throw std::runtime_error("Offset error") ; - } + uint32_t IV_offset = offset + number_of_keys * MULTI_ENCRYPTION_FORMAT_v001_ENCRYPTED_KEY_SIZE ; + uint32_t encrypted_block_offset = IV_offset + EVP_MAX_IV_LENGTH ; // read IV offset - uint32_t IV_offset = encrypted_block_offset ; - encrypted_block_offset += EVP_MAX_IV_LENGTH ; - - if(encrypted_block_offset >= inlen) - throw std::runtime_error("Offset error") ; + if(encrypted_block_offset >= inlen) + throw std::runtime_error("Offset error") ; encrypted_block_size = inlen - encrypted_block_offset ; std::cerr << " number of keys in envelop: " << number_of_keys << std::endl; @@ -1056,15 +1047,11 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in, continue ; } - uint32_t sff = encrypted_keys_offset ; - for(uint32_t i=0;i