Networks/Reticulum-Go
2
1
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects 1 Releases 1 Wiki Activity

refactor: encryption and decryption methods by deriving HMAC and encryption keys based on key length, and update HMAC validation logic
All checks were successful
Go Build Multi-Platform / build (amd64, darwin) (push) Successful in 38s
Details
Go Build Multi-Platform / build (arm, windows) (push) Successful in 32s
Details
Bearer / scan (push) Successful in 7s
Details
Go Build Multi-Platform / build (arm, freebsd) (push) Successful in 34s
Details
Go Build Multi-Platform / build (amd64, linux) (push) Successful in 37s
Details
Go Build Multi-Platform / build (arm64, windows) (push) Successful in 31s
Details
Go Test Multi-Platform / Test (ubuntu-latest, arm64) (push) Successful in 59s
Details
Go Revive Lint / lint (push) Successful in 48s
Details
Run Gosec / tests (push) Successful in 1m18s
Details
Go Test Multi-Platform / Test (ubuntu-latest, amd64) (push) Successful in 1m32s
Details
Go Build Multi-Platform / build (amd64, freebsd) (push) Successful in 9m26s
Details
Go Build Multi-Platform / build (amd64, windows) (push) Successful in 9m24s
Details
Go Build Multi-Platform / build (arm, linux) (push) Successful in 9m26s
Details
Go Build Multi-Platform / build (arm64, darwin) (push) Successful in 9m24s
Details
Go Build Multi-Platform / build (arm64, linux) (push) Successful in 9m24s
Details
Go Build Multi-Platform / build (arm64, freebsd) (push) Successful in 9m26s
Details
Go Build Multi-Platform / Create Release (push) Has been skipped
Details

Browse Source
This commit is contained in:
ivan
2025-12-29 23:59:58 -06:00
parent ff1589216b
commit 738aa9528a
1 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
pkg/identity/identity.go
View File

@@ -466,12 +466,23 @@ func (i *Identity) tryRatchetDecryption(peerPubBytes, ciphertext, mac, ratchet [
}
func (i *Identity) EncryptWithHMAC(plaintext []byte, key []byte) ([]byte, error) {
ciphertext, err := cryptography.EncryptAES256CBC(key, plaintext)
var hmacKey, encryptionKey []byte
if len(key) == 64 {
hmacKey = key[:32]
encryptionKey = key[32:64]
} else if len(key) == 32 {
hmacKey = key[:16]
encryptionKey = key[16:32]
} else {
return nil, errors.New("invalid key length for EncryptWithHMAC")
}
ciphertext, err := cryptography.EncryptAES256CBC(encryptionKey, plaintext)
if err != nil {
return nil, err
}
mac := cryptography.ComputeHMAC(key, ciphertext)
mac := cryptography.ComputeHMAC(hmacKey, ciphertext)
return append(ciphertext, mac...), nil
}
@@ -480,15 +491,26 @@ func (i *Identity) DecryptWithHMAC(data []byte, key []byte) ([]byte, error) {
return nil, errors.New("data too short")
}
var hmacKey, encryptionKey []byte
if len(key) == 64 {
hmacKey = key[:32]
encryptionKey = key[32:64]
} else if len(key) == 32 {
hmacKey = key[:16]
encryptionKey = key[16:32]
} else {
return nil, errors.New("invalid key length for DecryptWithHMAC")
}
macStart := len(data) - cryptography.SHA256Size
ciphertext := data[:macStart]
messageMAC := data[macStart:]
if !cryptography.ValidateHMAC(key, ciphertext, messageMAC) {
if !cryptography.ValidateHMAC(hmacKey, ciphertext, messageMAC) {
return nil, errors.New("invalid HMAC")
}
return cryptography.DecryptAES256CBC(key, ciphertext)
return cryptography.DecryptAES256CBC(encryptionKey, ciphertext)
}
func (i *Identity) ToFile(path string) error {
@@ -898,7 +920,7 @@ func NewIdentity() (*Identity, error) {
copy(combinedPub[:KEYSIZE/16], i.publicKey)
copy(combinedPub[KEYSIZE/16:], i.verificationKey)
hash := sha256.Sum256(combinedPub)
i.hash = hash[:]
i.hash = hash[:TRUNCATED_HASHLENGTH/8]
return i, nil
}