Google Git
Sign in
go / crypto.git / aedad9a179ec1ea11b7064c57cbc6dc30d7724ec
commitaedad9a179ec1ea11b7064c57cbc6dc30d7724ec[log] [tgz]
authorReinaldo de Souza Jr <juniorz@gmail.com>Tue Jul 28 12:55:38 2015 -0500
committerAdam Langley <agl@golang.org>Sun Aug 30 18:06:42 2015 +0000
treeb9b46e5500d11a5daa6da664ba212f4cee9447ec
parentd5c5f1769f2fcd2377be6f29863081f59a4fc80f [diff]
otr: Fix revealing MAC keys when a DH key is rotated

The existing implementation did not save all the fields in keySlot, which not
only caused a cache miss on every calcDataKeys() but also caused the rotate keys
functions to not find the MAC keys that should be revealed.

It also stops revealing the sending MAC keys. The finite-state analysis of the
otr v2 spec[1] revealed an attack on message integrity when sending MAC keys are
revealed. The spec had been updated accordingly [2].

1 - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.165.7945&rep=rep1&type=pdf
2 - http://sourceforge.net/p/otr/libotr/ci/58fd90cb77c836ff9fa762e91d2b2becc6d5aae8/

Change-Id: Iee36205994ebdb27d8c890ae25fd9981326401df
Reviewed-on: https://go-review.googlesource.com/12781
Reviewed-by: Adam Langley <agl@golang.org>
2 files changed
tree: b9b46e5500d11a5daa6da664ba212f4cee9447ec
  1. bcrypt/
  2. blowfish/
  3. bn256/
  4. cast5/
  5. curve25519/
  6. hkdf/
  7. md4/
  8. nacl/
  9. ocsp/
  10. openpgp/
  11. otr/
  12. pbkdf2/
  13. poly1305/
  14. ripemd160/
  15. salsa20/
  16. scrypt/
  17. sha3/
  18. ssh/
  19. tea/
  20. twofish/
  21. xtea/
  22. xts/
  23. .gitattributes
  24. .gitignore
  25. AUTHORS
  26. codereview.cfg
  27. CONTRIBUTING.md
  28. CONTRIBUTORS
  29. LICENSE
  30. PATENTS
  31. README