Skip to content

Commit

Permalink
fix: Check correct key length for AFV encryption
Browse files Browse the repository at this point in the history
  • Loading branch information
ltoenning committed May 12, 2024
1 parent 21ddb63 commit 920d9c0
Show file tree
Hide file tree
Showing 5 changed files with 24 additions and 1 deletion.
9 changes: 8 additions & 1 deletion src/blackcore/afv/connection/clientconnectiondata.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,14 @@ namespace BlackCore::Afv::Connection
CLogMessage(this).warning(u"Tokens not set");
return;
}
m_voiceCryptoChannel.reset(new CCryptoDtoChannel(m_tokens.VoiceServer.channelConfig));
try
{
m_voiceCryptoChannel.reset(new CCryptoDtoChannel(m_tokens.VoiceServer.channelConfig));
}
catch (const std::invalid_argument &)
{
m_voiceCryptoChannel.reset();
}
}

void CClientConnectionData::setTsAuthenticatedToNow()
Expand Down
13 changes: 13 additions & 0 deletions src/blackcore/afv/crypto/cryptodtochannel.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,26 @@

#include "blackcore/afv/crypto/cryptodtochannel.h"
#include "blackmisc/verify.h"
#include "sodium/crypto_aead_chacha20poly1305.h"

using namespace BlackMisc;

namespace BlackCore::Afv::Crypto
{
CCryptoDtoChannel::CCryptoDtoChannel(const CryptoDtoChannelConfigDto &channelConfig, int receiveSequenceHistorySize) : m_aeadTransmitKey(channelConfig.aeadTransmitKey), m_aeadReceiveKey(channelConfig.aeadReceiveKey), m_receiveSequenceSizeMaxSize(receiveSequenceHistorySize), m_hmacKey(channelConfig.hmacKey), m_channelTag(channelConfig.channelTag)
{
if (m_aeadTransmitKey.size() != crypto_aead_chacha20poly1305_IETF_KEYBYTES)
{
BLACK_AUDIT_X(false, Q_FUNC_INFO, "wrong transmit key size");
throw std::invalid_argument("wrong transmit key size");
}

if (m_aeadReceiveKey.size() != crypto_aead_chacha20poly1305_IETF_KEYBYTES)
{
BLACK_AUDIT_X(false, Q_FUNC_INFO, "wrong receive key size");
throw std::invalid_argument("wrong receive key size");
}

if (m_receiveSequenceSizeMaxSize < 1) { m_receiveSequenceSizeMaxSize = 1; }
m_receiveSequenceHistory.fill(0, m_receiveSequenceSizeMaxSize);
m_receiveSequenceHistoryDepth = 0;
Expand Down
1 change: 1 addition & 0 deletions src/blackcore/afv/crypto/cryptodtoserializer.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ namespace BlackCore::Afv::Crypto
QByteArray key;
if (loopback) { key = channel.getTransmitKey(CryptoDtoMode::AEAD_ChaCha20Poly1305); }
else { key = channel.getReceiveKey(CryptoDtoMode::AEAD_ChaCha20Poly1305); }
Q_ASSERT_X(key.size() == crypto_aead_chacha20poly1305_IETF_KEYBYTES, Q_FUNC_INFO, "");
int result = crypto_aead_chacha20poly1305_ietf_decrypt(reinterpret_cast<unsigned char *>(decryptedPayload.data()), &mlen, nullptr,
reinterpret_cast<const unsigned char *>(aePayloadBuffer.constData()), aePayloadBuffer.size(),
reinterpret_cast<const unsigned char *>(adBuffer.constData()), adBuffer.size(),
Expand Down
1 change: 1 addition & 0 deletions src/blackcore/afv/crypto/cryptodtoserializer.h
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ namespace BlackCore::Afv::Crypto
template <typename T>
static QByteArray serialize(const QString &channelTag, CryptoDtoMode mode, const QByteArray &transmitKey, uint sequenceToBeSent, T dto)
{
Q_ASSERT_X(transmitKey.size() == crypto_aead_chacha20poly1305_IETF_KEYBYTES, Q_FUNC_INFO, "");
const CryptoDtoHeaderDto header = { channelTag.toStdString(), sequenceToBeSent, mode };

QBuffer headerBuffer;
Expand Down
1 change: 1 addition & 0 deletions src/blackcore/afv/dto.h
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
namespace BlackCore::Afv
{
//! Channel config DTO
//! \warning Data inside the DTO is taken from the network AS IS. No content verification is performed.
struct CryptoDtoChannelConfigDto
{
//! @{
Expand Down

0 comments on commit 920d9c0

Please sign in to comment.