Update encryption function

* Do not use padding * Do not use the ADD data * Append the tag to the ciphertext to be compatible with Android Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2024-10-27 23:17:13 +03:00 · 2017-10-24 15:44:34 +02:00 · 2017-10-24 15:44:34 +02:00 · bacbf337d2
commit bacbf337d2
parent 476fe66043
1 changed files with 9 additions and 14 deletions
--- a/src/libsync/clientsideencryption.cpp
+++ b/src/libsync/clientsideencryption.cpp
@ -47,8 +47,6 @@ namespace {

    int encrypt(unsigned char *plaintext,
                int plaintext_len,
-                unsigned char *aad,
-                int aad_len,
                unsigned char *key,
                unsigned char *iv,
                unsigned char *ciphertext,
@ -70,9 +68,12 @@ namespace {
            handleErrors();
        }

-        /* Set IV length if default 12 bytes (96 bits) is not appropriate */
+        // We don't do padding
+        EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+        /* Set IV length to 16 bytes */
        if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
-			qCInfo(lcCse()) << "Error setting the iv length to 16 bits. ";
+            qCInfo(lcCse()) << "Error setting the iv length to 16 bytes. ";
            handleErrors();
        }

@ -82,14 +83,6 @@ namespace {
            handleErrors();
        }

-        /* Provide any AAD data. This can be called zero or more times as
-        * required
-        */
-        if(1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len)) {
-			qCInfo(lcCse()) << "Error calling the Encrypt Update";
-            handleErrors();
-        }
-
        /* Provide the message to be encrypted, and obtain the encrypted output.
        * EVP_EncryptUpdate can be called multiple times if necessary
        */
@ -114,6 +107,10 @@ namespace {
            handleErrors();
        }

+        /* Add tag to cypher text to be compatible with the Android implementation */
+        memcpy(ciphertext + ciphertext_len, tag, 16);
+        ciphertext_len += 16;
+
        /* Clean up */
        EVP_CIPHER_CTX_free(ctx);

@ -469,8 +466,6 @@ void ClientSideEncryption::encryptPrivateKey(EVP_PKEY *keyPair)
    int cryptedText_len = encrypt(
        (unsigned char*) encryptTest,   //unsigned char *plaintext,
        strlen(encryptTest),            //        int plaintext_len,
-        nullptr,                        //        unsigned char *aad,
-        0,                              //        int aad_len,
        fakepass,                       //        unsigned char *key,
        iv,                             //        unsigned char *iv,
        cryptedText,                    //        unsigned char *ciphertext,