Skip to content

Commit

Permalink
Read tag from end of stream (#1232)
Browse files Browse the repository at this point in the history
IB-7882

Signed-off-by: Raul Metsma <raul@metsma.ee>
  • Loading branch information
metsma authored Nov 20, 2023
1 parent 9100625 commit 822ed79
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 3 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:
container: ${{ matrix.container }}
strategy:
matrix:
container: ['ubuntu:20.04', 'ubuntu:22.04', 'ubuntu:23.04', 'ubuntu:23.10']
container: ['ubuntu:20.04', 'ubuntu:22.04', 'ubuntu:23.10']
env:
DEBIAN_FRONTEND: noninteractive
DEBFULLNAME: github-actions
Expand Down
10 changes: 8 additions & 2 deletions client/CDoc2.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ namespace cdoc20 {

qint64 bytesAvailable() const final
{
return io->bytesAvailable() + buf.size() + QIODevice::bytesAvailable();
return (io->bytesAvailable() - Crypto::Cipher::tagLen()) + buf.size() + QIODevice::bytesAvailable();
}

qint64 readData(char *data, qint64 maxlen) final
Expand All @@ -137,7 +137,8 @@ namespace cdoc20 {
std::array<char,CHUNK> in{};
for(int res = Z_OK; s.avail_out > 0 && res == Z_OK;)
{
if(auto size = io->read(in.data(), in.size()); size > 0)
if(auto insize = io->bytesAvailable() - Crypto::Cipher::tagLen(),
size = io->read(in.data(), qMin<qint64>(insize, in.size())); size > 0)
{
if(!cipher->update(in.data(), int(size)))
return -1;
Expand Down Expand Up @@ -532,6 +533,11 @@ bool CDoc2::decryptPayload(const QByteArray &fmk)
files = cdoc20::TAR(std::unique_ptr<QIODevice>(new cdoc20::stream(this, &dec))).files(warning);
if(warning)
setLastError(tr("CDoc contains additional payload data that is not part of content"));
QByteArray tag = read(16);
#ifndef NDEBUG
qDebug() << "tag" << tag.toHex();
#endif
dec.setTag(tag);
if(!dec.result())
files.clear();
return !files.empty();
Expand Down
5 changes: 5 additions & 0 deletions client/Crypto.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,11 @@ QByteArray Crypto::Cipher::tag() const
return {};
}

bool Crypto::Cipher::setTag(const QByteArray &data) const
{
return !isError(EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_AEAD_SET_TAG, int(data.size()), const_cast<char*>(data.data())));
}

QByteArray Crypto::aes_wrap(const QByteArray &key, const QByteArray &data, bool encrypt)
{
Cipher c(key.size() == 32 ? EVP_aes_256_wrap() : EVP_aes_128_wrap(), key, {}, encrypt);
Expand Down
1 change: 1 addition & 0 deletions client/Crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ class Crypto
bool result() const;
QByteArray tag() const;
static constexpr int tagLen() { return 16; }
bool setTag(const QByteArray &data) const;
};

static QByteArray aes_wrap(const QByteArray &key, const QByteArray &data, bool encrypt);
Expand Down

0 comments on commit 822ed79

Please sign in to comment.