diff --git a/SignalServiceKit/src/Devices/OWSProvisioningCipher.m b/SignalServiceKit/src/Devices/OWSProvisioningCipher.m index 1f2c2b77e..9e23e0903 100644 --- a/SignalServiceKit/src/Devices/OWSProvisioningCipher.m +++ b/SignalServiceKit/src/Devices/OWSProvisioningCipher.m @@ -86,9 +86,8 @@ NS_ASSUME_NONNULL_BEGIN return nil; } - // allow space for message + padding any incomplete block - NSUInteger blockCount = ceil((double)dataToEncrypt.length / (double)kCCBlockSizeAES128); - size_t ciphertextBufferSize = blockCount * kCCBlockSizeAES128; + // allow space for message + padding any incomplete block. PKCS7 padding will always add at least one byte. + size_t ciphertextBufferSize = dataToEncrypt.length + kCCBlockSizeAES128; // message format is (iv || ciphertext) NSMutableData *encryptedMessage = [NSMutableData dataWithLength:iv.length + ciphertextBufferSize]; @@ -117,8 +116,8 @@ NS_ASSUME_NONNULL_BEGIN DDLogError(@"Encryption failed with status: %d", cryptStatus); return nil; } - - return [encryptedMessage copy]; + + return [encryptedMessage subdataWithRange:NSMakeRange(0, iv.length + bytesEncrypted)]; } - (NSData *)macForMessage:(NSData *)message withKey:(NSData *)macKey diff --git a/SignalServiceKit/src/Devices/OWSProvisioningMessage.m b/SignalServiceKit/src/Devices/OWSProvisioningMessage.m index 68022a7c1..abb02aeb4 100644 --- a/SignalServiceKit/src/Devices/OWSProvisioningMessage.m +++ b/SignalServiceKit/src/Devices/OWSProvisioningMessage.m @@ -61,7 +61,7 @@ NS_ASSUME_NONNULL_BEGIN OWSProvisioningCipher *cipher = [[OWSProvisioningCipher alloc] initWithTheirPublicKey:self.theirPublicKey]; NSData *_Nullable encryptedProvisionMessage = [cipher encrypt:plainTextProvisionMessage]; if (encryptedProvisionMessage == nil) { - DDLogError(@"Failed to encrypt provision message"); + OWSFail(@"Failed to encrypt provision message"); return nil; } diff --git a/SignalServiceKit/tests/Devices/OWSDeviceProvisionerTest.m b/SignalServiceKit/tests/Devices/OWSDeviceProvisionerTest.m index 9d8c1d69e..d74fb005b 100644 --- a/SignalServiceKit/tests/Devices/OWSDeviceProvisionerTest.m +++ b/SignalServiceKit/tests/Devices/OWSDeviceProvisionerTest.m @@ -1,4 +1,6 @@ -// Copyright © 2016 Open Whisper Systems. All rights reserved. +// +// Copyright (c) 2017 Open Whisper Systems. All rights reserved. +// #import "OWSDeviceProvisioner.h" #import "OWSDeviceProvisioningCodeService.h" @@ -62,6 +64,7 @@ NSData *myPublicKey = [nullKey copy]; NSData *myPrivateKey = [nullKey copy]; NSData *theirPublicKey = [nullKey copy]; + NSData *profileKey = [nullKey copy]; NSString *accountIdentifier; NSString *theirEphemeralDeviceId; @@ -72,6 +75,7 @@ theirPublicKey:theirPublicKey theirEphemeralDeviceId:theirEphemeralDeviceId accountIdentifier:accountIdentifier + profileKey:profileKey provisioningCodeService:[[OWSFakeDeviceProvisioningCodeService alloc] initWithNetworkManager:networkManager] provisioningService:[[OWSFakeDeviceProvisioningService alloc] initWithNetworkManager:networkManager]]; diff --git a/SignalServiceKit/tests/Devices/OWSProvisioningCipherTest.m b/SignalServiceKit/tests/Devices/OWSProvisioningCipherTest.m index edde5864c..df7936386 100644 --- a/SignalServiceKit/tests/Devices/OWSProvisioningCipherTest.m +++ b/SignalServiceKit/tests/Devices/OWSProvisioningCipherTest.m @@ -131,4 +131,25 @@ XCTAssertEqualObjects(expectedOutput, actualOutput); } +- (void)testPadding +{ + NSUInteger kBlockSize = 16; + for (int i = 0; i <= kBlockSize; i++) { + NSData *message = [Cryptography generateRandomBytes:i]; + + + NSData *theirPublicKey = [self knownPublicKey]; + ECKeyPair *ourKeyPair = [self knownKeyPair]; + NSData *initializationVector = [self knownInitializationVector]; + + OWSProvisioningCipher *cipher = [[OWSProvisioningCipher alloc] initWithTheirPublicKey:theirPublicKey + ourKeyPair:ourKeyPair + initializationVector:initializationVector]; + + + NSData *actualOutput = [cipher encrypt:message]; + XCTAssertNotNil(actualOutput, @"failed for message length: %d", i); + } +} + @end