refactor: encryption and decryption methods by deriving HMAC and encryption keys based on key length, and update HMAC validation logic
All checks were successful
Go Build Multi-Platform / build (amd64, darwin) (push) Successful in 38s
Go Build Multi-Platform / build (arm, windows) (push) Successful in 32s
Bearer / scan (push) Successful in 7s
Go Build Multi-Platform / build (arm, freebsd) (push) Successful in 34s
Go Build Multi-Platform / build (amd64, linux) (push) Successful in 37s
Go Build Multi-Platform / build (arm64, windows) (push) Successful in 31s
Go Test Multi-Platform / Test (ubuntu-latest, arm64) (push) Successful in 59s
Go Revive Lint / lint (push) Successful in 48s
Run Gosec / tests (push) Successful in 1m18s
Go Test Multi-Platform / Test (ubuntu-latest, amd64) (push) Successful in 1m32s
Go Build Multi-Platform / build (amd64, freebsd) (push) Successful in 9m26s
Go Build Multi-Platform / build (amd64, windows) (push) Successful in 9m24s
Go Build Multi-Platform / build (arm, linux) (push) Successful in 9m26s
Go Build Multi-Platform / build (arm64, darwin) (push) Successful in 9m24s
Go Build Multi-Platform / build (arm64, linux) (push) Successful in 9m24s
Go Build Multi-Platform / build (arm64, freebsd) (push) Successful in 9m26s
Go Build Multi-Platform / Create Release (push) Has been skipped
All checks were successful
Go Build Multi-Platform / build (amd64, darwin) (push) Successful in 38s
Go Build Multi-Platform / build (arm, windows) (push) Successful in 32s
Bearer / scan (push) Successful in 7s
Go Build Multi-Platform / build (arm, freebsd) (push) Successful in 34s
Go Build Multi-Platform / build (amd64, linux) (push) Successful in 37s
Go Build Multi-Platform / build (arm64, windows) (push) Successful in 31s
Go Test Multi-Platform / Test (ubuntu-latest, arm64) (push) Successful in 59s
Go Revive Lint / lint (push) Successful in 48s
Run Gosec / tests (push) Successful in 1m18s
Go Test Multi-Platform / Test (ubuntu-latest, amd64) (push) Successful in 1m32s
Go Build Multi-Platform / build (amd64, freebsd) (push) Successful in 9m26s
Go Build Multi-Platform / build (amd64, windows) (push) Successful in 9m24s
Go Build Multi-Platform / build (arm, linux) (push) Successful in 9m26s
Go Build Multi-Platform / build (arm64, darwin) (push) Successful in 9m24s
Go Build Multi-Platform / build (arm64, linux) (push) Successful in 9m24s
Go Build Multi-Platform / build (arm64, freebsd) (push) Successful in 9m26s
Go Build Multi-Platform / Create Release (push) Has been skipped
This commit is contained in:
@@ -466,12 +466,23 @@ func (i *Identity) tryRatchetDecryption(peerPubBytes, ciphertext, mac, ratchet [
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (i *Identity) EncryptWithHMAC(plaintext []byte, key []byte) ([]byte, error) {
|
func (i *Identity) EncryptWithHMAC(plaintext []byte, key []byte) ([]byte, error) {
|
||||||
ciphertext, err := cryptography.EncryptAES256CBC(key, plaintext)
|
var hmacKey, encryptionKey []byte
|
||||||
|
if len(key) == 64 {
|
||||||
|
hmacKey = key[:32]
|
||||||
|
encryptionKey = key[32:64]
|
||||||
|
} else if len(key) == 32 {
|
||||||
|
hmacKey = key[:16]
|
||||||
|
encryptionKey = key[16:32]
|
||||||
|
} else {
|
||||||
|
return nil, errors.New("invalid key length for EncryptWithHMAC")
|
||||||
|
}
|
||||||
|
|
||||||
|
ciphertext, err := cryptography.EncryptAES256CBC(encryptionKey, plaintext)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
mac := cryptography.ComputeHMAC(key, ciphertext)
|
mac := cryptography.ComputeHMAC(hmacKey, ciphertext)
|
||||||
return append(ciphertext, mac...), nil
|
return append(ciphertext, mac...), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -480,15 +491,26 @@ func (i *Identity) DecryptWithHMAC(data []byte, key []byte) ([]byte, error) {
|
|||||||
return nil, errors.New("data too short")
|
return nil, errors.New("data too short")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var hmacKey, encryptionKey []byte
|
||||||
|
if len(key) == 64 {
|
||||||
|
hmacKey = key[:32]
|
||||||
|
encryptionKey = key[32:64]
|
||||||
|
} else if len(key) == 32 {
|
||||||
|
hmacKey = key[:16]
|
||||||
|
encryptionKey = key[16:32]
|
||||||
|
} else {
|
||||||
|
return nil, errors.New("invalid key length for DecryptWithHMAC")
|
||||||
|
}
|
||||||
|
|
||||||
macStart := len(data) - cryptography.SHA256Size
|
macStart := len(data) - cryptography.SHA256Size
|
||||||
ciphertext := data[:macStart]
|
ciphertext := data[:macStart]
|
||||||
messageMAC := data[macStart:]
|
messageMAC := data[macStart:]
|
||||||
|
|
||||||
if !cryptography.ValidateHMAC(key, ciphertext, messageMAC) {
|
if !cryptography.ValidateHMAC(hmacKey, ciphertext, messageMAC) {
|
||||||
return nil, errors.New("invalid HMAC")
|
return nil, errors.New("invalid HMAC")
|
||||||
}
|
}
|
||||||
|
|
||||||
return cryptography.DecryptAES256CBC(key, ciphertext)
|
return cryptography.DecryptAES256CBC(encryptionKey, ciphertext)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (i *Identity) ToFile(path string) error {
|
func (i *Identity) ToFile(path string) error {
|
||||||
@@ -898,7 +920,7 @@ func NewIdentity() (*Identity, error) {
|
|||||||
copy(combinedPub[:KEYSIZE/16], i.publicKey)
|
copy(combinedPub[:KEYSIZE/16], i.publicKey)
|
||||||
copy(combinedPub[KEYSIZE/16:], i.verificationKey)
|
copy(combinedPub[KEYSIZE/16:], i.verificationKey)
|
||||||
hash := sha256.Sum256(combinedPub)
|
hash := sha256.Sum256(combinedPub)
|
||||||
i.hash = hash[:]
|
i.hash = hash[:TRUNCATED_HASHLENGTH/8]
|
||||||
|
|
||||||
return i, nil
|
return i, nil
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user