Support for padded attachments

Author: Trolldemorted

libsignal-service-dotnet/SignalServiceMessageReceiver.cs

@@ -83,7 +83,7 @@ public Stream RetrieveProfileAvatar(string path, FileStream destination, byte[]
         public Stream RetrieveAttachment(SignalServiceAttachmentPointer pointer, Stream tmpCipherDestination, int maxSizeBytes, ProgressListener listener)
         {
             Socket.RetrieveAttachment(pointer.Relay, pointer.Id, tmpCipherDestination, maxSizeBytes);
-            return new AttachmentCipherInputStream(tmpCipherDestination, pointer.Key, pointer.Digest);
+            return AttachmentCipherInputStream.CreateFor(tmpCipherDestination, pointer.Size != null ? pointer.Size.Value : 0, pointer.Key, pointer.Digest);
         }
 
         /// <summary>

libsignal-service-dotnet/SignalServiceMessageSender.cs

@@ -617,9 +617,11 @@ private IList<AttachmentPointer> CreateAttachmentPointers(List<SignalServiceAtta
         private AttachmentPointer CreateAttachmentPointer(SignalServiceAttachmentStream attachment)
         {
             byte[] attachmentKey = Util.getSecretBytes(64);
+            long paddedLength = PaddingInputStream.GetPaddedSize(attachment.getLength());
+            long ciphertextLength = AttachmentCipherInputStream.GetCiphertextLength(paddedLength);
             PushAttachmentData attachmentData = new PushAttachmentData(attachment.getContentType(),
-                                                                       attachment.getInputStream(),
-                                                                       (ulong)GetCiphertextLength(attachment.getLength()),
+                                                                       new PaddingInputStream(attachment.getInputStream(), attachment.getLength()),
+                                                                       ciphertextLength,
                                                                        new AttachmentCipherOutputStreamFactory(attachmentKey),
                                                                        attachment.getListener());
 
@@ -685,11 +687,6 @@ private AttachmentPointer CreateAttachmentPointerFromPointer(SignalServiceAttach
             return socket.RetrieveAttachmentUploadUrl();
         }
 
-        private long GetCiphertextLength(long plaintextLength)
-        {
-            return 16 + (((plaintextLength / 16) + 1) * 16) + 32;
-        }
-
         /// <summary>
         /// Encrypts an attachment to be uploaded
         /// </summary>

libsignal-service-dotnet/crypto/AttachmentCipherInputStream.cs

@@ -30,33 +30,42 @@ public class AttachmentCipherInputStream : Stream
         public override long Length => throw new NotImplementedException();
         public override long Position { get => throw new NotImplementedException(); set => throw new NotImplementedException(); }
 
-        public AttachmentCipherInputStream(Stream inputStream, byte[] combinedKeyMaterial, byte[] digest)
+        public static Stream CreateFor(Stream inputStream, long plaintextLength, byte[] combinedKeyMaterial, byte[] digest)
         {
-            InputStream = inputStream;
             long fileSize = inputStream.Length;
             byte[][] keyParts = Util.Split(combinedKeyMaterial, 32, 32);
             IncrementalHash mac = IncrementalHash.CreateHMAC(HashAlgorithmName.SHA256, keyParts[1]);
+            VerifyMac(inputStream, mac, digest);
+            inputStream.Seek(0, SeekOrigin.Begin);
+
+            Stream stream = new AttachmentCipherInputStream(inputStream, keyParts[0], inputStream.Length);
+
+            if (plaintextLength > 0)
+            {
+                stream = new ContentLengthInputStream(stream, plaintextLength);
+            }
 
+            return stream;
+        }
 
+        private AttachmentCipherInputStream(Stream inputStream, byte[] key, long totalDataSize)
+        {
+            InputStream = inputStream;
             if (InputStream.Length <= BLOCK_SIZE + 32)
             {
                 throw new InvalidMessageException("Message shorter than crypto overhead!");
             }
 
-            VerifyMac(InputStream, mac, digest);
-            InputStream.Seek(0, SeekOrigin.Begin);
-
             byte[] iv = new byte[BLOCK_SIZE];
             ReadFully(iv);
             Aes = Aes.Create();
-            Aes.Key = keyParts[0];
+            Aes.Key = key;
             Aes.IV = iv;
             Aes.Mode = CipherMode.CBC;
             Aes.Padding = PaddingMode.PKCS7;
             Decryptor = Aes.CreateDecryptor();
             Cipher = new CryptoStream(InputStream, Decryptor, CryptoStreamMode.Read);
-            
-            TotalDataSize = fileSize - Aes.BlockSize - 32;
+            TotalDataSize = totalDataSize;
         }
 
         public override void Flush()
@@ -90,7 +99,7 @@ public override void Write(byte[] buffer, int offset, int count)
             throw new NotImplementedException();
         }
 
-        private void VerifyMac(Stream fin, IncrementalHash mac, byte[] theirDigest)
+        private static void VerifyMac(Stream fin, IncrementalHash mac, byte[] theirDigest)
         {
             IncrementalHash digest = IncrementalHash.CreateHash(HashAlgorithmName.SHA256);
             int remainingData = Util.ToIntExact(fin.Length) - 32;
@@ -136,6 +145,11 @@ private void ReadFully(byte[] buffer)
                     return;
             }
         }
+
+        public static long GetCiphertextLength(long plaintextLength)
+        {
+            return 16 + (((plaintextLength / 16) + 1) * 16) + 32;
+        }
     }
 #pragma warning restore CS1591 // Missing XML comment for publicly visible type or member
 }

libsignal-service-dotnet/crypto/PaddingInputStream.cs

@@ -0,0 +1,72 @@
+using libsignalservice.util;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Text;
+
+namespace libsignalservice.crypto
+{
+    internal class PaddingInputStream : Stream
+    {
+        private readonly Stream InputStream;
+        private long PaddingRemaining;
+
+        public override bool CanRead => throw new NotImplementedException();
+        public override bool CanSeek => throw new NotImplementedException();
+        public override bool CanWrite => throw new NotImplementedException();
+        public override long Length { get => InputStream.Length + Util.ToIntExact(PaddingRemaining); }
+        public override long Position { get => throw new NotImplementedException(); set => throw new NotImplementedException(); }
+
+        public PaddingInputStream(Stream inputStream, long plainTextLength)
+        {
+            InputStream = inputStream;
+            PaddingRemaining = GetPaddedSize(plainTextLength) - plainTextLength;
+        }
+
+        public override void Flush()
+        {
+            throw new NotImplementedException();
+        }
+
+        public override int Read(byte[] buffer, int offset, int count)
+        {
+            int result = InputStream.Read(buffer, offset, count);
+            if (result >= 0)
+                return result;
+
+            if (PaddingRemaining > 0)
+            {
+                count = Math.Min(count, Util.ToIntExact(PaddingRemaining));
+                PaddingRemaining -= count;
+                return count;
+            }
+            return 0;
+        }
+
+        public override long Seek(long offset, SeekOrigin origin)
+        {
+            throw new NotImplementedException();
+        }
+
+        public override void SetLength(long value)
+        {
+            throw new NotImplementedException();
+        }
+
+        public override void Write(byte[] buffer, int offset, int count)
+        {
+            throw new NotImplementedException();
+        }
+
+        public static long GetPaddedSize(long size)
+        {
+            return size;
+        }
+
+        private static long GetRoundedUp(long size, long interval)
+        {
+            long multiplier = (long)Math.Ceiling(((double)size) / interval);
+            return interval * multiplier;
+        }
+    }
+}

libsignal-service-dotnet/crypto/SignalServiceCipher.cs

@@ -375,7 +375,9 @@ private SignalServiceGroup CreateGroupInfo(SignalServiceEnvelope envelope, DataM
                         pointer.ContentType,
                         pointer.Key.ToByteArray(),
                         envelope.getRelay(),
-                        pointer.Digest.ToByteArray(),
+                        pointer.SizeOneofCase == AttachmentPointer.SizeOneofOneofCase.Size ? pointer.Size : 0,
+                        null,
+                        pointer.DigestOneofCase == AttachmentPointer.DigestOneofOneofCase.Digest ? pointer.Digest.ToByteArray() : null,
                         null,
                         false);
                 }

libsignal-service-dotnet/messages/SignalServiceAttachmentPointer.cs

@@ -1,30 +1,17 @@
-/**
- * Copyright (C) 2017 smndtrl, golf1052
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
+using System.IO;
+
 namespace libsignalservice.messages
 {
     /// <summary>
     /// Represents a received SignalServiceAttachment "handle."  This
     /// is a pointer to the actual attachment content, which needs to be
-    /// retrieved using <see cref="SignalServiceMessageReceiver.retrieveAttachment(SignalServiceAttachmentPointer, Windows.Storage.StorageFile)"/>
-    /// </summary>
+    /// retrieved using <see cref="SignalServiceMessageReceiver.RetrieveAttachment(SignalServiceAttachmentPointer, Stream, int, ProgressListener)"/>
+    /// </summary>
+#pragma warning disable CS1591 // Missing XML comment for publicly visible type or member
     public class SignalServiceAttachmentPointer : SignalServiceAttachment
-    {
-        public ulong Id { get; }
+    {
+
+        public ulong Id { get; }
         public byte[] Key { get; }
         public string Relay { get; }
         public uint? Size { get; }
@@ -33,10 +20,6 @@ public class SignalServiceAttachmentPointer : SignalServiceAttachment
         public string FileName { get; }
         public bool VoiceNote { get; }
 
-        public SignalServiceAttachmentPointer(ulong id, string contentType, byte[] key, string relay, byte[] digest, string fileName, bool voiceNote)
-        : this(id, contentType, key, relay, null, null, digest, fileName, voiceNote)
-        { }
-
         public SignalServiceAttachmentPointer(ulong id, string contentType, byte[] key, string relay, uint? size, byte[] preview, byte[] digest, string fileName, bool voiceNote)
             : base(contentType)
         {
@@ -59,5 +42,6 @@ public override bool isPointer()
         {
             return true;
         }
-    }
+    }
+#pragma warning restore CS1591 // Missing XML comment for publicly visible type or member
 }

libsignal-service-dotnet/push/PushAttachmentData.cs

@@ -22,15 +22,16 @@
 
 namespace libsignalservice.push
 {
+#pragma warning disable CS1591 // Missing XML comment for publicly visible type or member
     public class PushAttachmentData
     {
         public string ContentType { get; }
         public Stream Data { get; }
-        public ulong DataSize { get; }
+        public long DataSize { get; }
         public OutputStreamFactory OutputFactory { get; }
         public ProgressListener Listener { get; }
 
-        public PushAttachmentData(String contentType, Stream data, ulong dataSize, OutputStreamFactory outputStreamFactory, ProgressListener listener)
+        public PushAttachmentData(String contentType, Stream data, long dataSize, OutputStreamFactory outputStreamFactory, ProgressListener listener)
         {
             ContentType = contentType;
             Data = data;
@@ -39,4 +40,5 @@ public PushAttachmentData(String contentType, Stream data, ulong dataSize, Outpu
             Listener = listener;
         }
     }
+#pragma warning restore CS1591 // Missing XML comment for publicly visible type or member
 }

libsignal-service-dotnet/push/PushServiceSocket.cs

@@ -525,7 +525,7 @@ private void DownloadAttachment(string url, Stream localDestination)
             }
         }
 
-        private byte[] UploadAttachment(string method, string url, Stream data, ulong dataSize,
+        private byte[] UploadAttachment(string method, string url, Stream data, long dataSize,
             OutputStreamFactory outputStreamFactory, ProgressListener listener)
         {
             MemoryStream tmpStream = new MemoryStream();

libsignal-service-dotnet/push/http/AttachmentCipherOutputStreamFactory.cs

@@ -20,10 +20,5 @@ public DigestingOutputStream CreateFor(Stream wrap)
         {
             return new AttachmentCipherOutputStream(Key, wrap);
         }
-
-        public long getCiphertextLength(long plaintextLength)
-        {
-            return AttachmentCipherOutputStream.GetCiphertextLength(plaintextLength);
-        }
     }
 }

libsignal-service-dotnet/push/http/ProfileCipherOutputStreamFactory.cs

@@ -1,29 +1,24 @@
 using libsignaldotnet.push.http;
-using libsignalservice.crypto;
+using libsignalservice.crypto;
 using System;
 using System.Collections.Generic;
-using System.IO;
+using System.IO;
 using System.Text;
 
 namespace libsignalservice.push.http
 {
-    internal class ProfileCipherOutputStreamFactory : OutputStreamFactory
-    {
-        private readonly byte[] Key;
-
-        internal ProfileCipherOutputStreamFactory(byte[] key)
-        {
-            Key = key;
-        }
-
-        public DigestingOutputStream CreateFor(Stream wrap)
-        {
-            return new ProfileCipherOutputStream(wrap, Key);
-        }
-
-        public long GetCiphertextLength(long plaintextLength)
-        {
-            return ProfileCipherOutputStream.GetCiphertextLength(plaintextLength);
-        }
+    internal class ProfileCipherOutputStreamFactory : OutputStreamFactory
+    {
+        private readonly byte[] Key;
+
+        internal ProfileCipherOutputStreamFactory(byte[] key)
+        {
+            Key = key;
+        }
+
+        public DigestingOutputStream CreateFor(Stream wrap)
+        {
+            return new ProfileCipherOutputStream(wrap, Key);
+        }
     }
 }