fix: Check correct key length for AFV encryption

src/blackcore/afv/connection/clientconnectiondata.cpp

@@ -42,7 +42,14 @@ namespace BlackCore::Afv::Connection
             CLogMessage(this).warning(u"Tokens not set");
             return;
         }
-        m_voiceCryptoChannel.reset(new CCryptoDtoChannel(m_tokens.VoiceServer.channelConfig));
+        try
+        {
+            m_voiceCryptoChannel.reset(new CCryptoDtoChannel(m_tokens.VoiceServer.channelConfig));
+        }
+        catch (const std::invalid_argument &)
+        {
+            m_voiceCryptoChannel.reset();
+        }
     }
 
     void CClientConnectionData::setTsAuthenticatedToNow()

src/blackcore/afv/crypto/cryptodtochannel.cpp

@@ -3,6 +3,7 @@
 
 #include "blackcore/afv/crypto/cryptodtochannel.h"
 #include "blackmisc/verify.h"
+#include "sodium/crypto_aead_chacha20poly1305.h"
 
 using namespace BlackMisc;
 
@@ -10,6 +11,18 @@ namespace BlackCore::Afv::Crypto
 {
     CCryptoDtoChannel::CCryptoDtoChannel(const CryptoDtoChannelConfigDto &channelConfig, int receiveSequenceHistorySize) : m_aeadTransmitKey(channelConfig.aeadTransmitKey), m_aeadReceiveKey(channelConfig.aeadReceiveKey), m_receiveSequenceSizeMaxSize(receiveSequenceHistorySize), m_hmacKey(channelConfig.hmacKey), m_channelTag(channelConfig.channelTag)
     {
+        if (m_aeadTransmitKey.size() != crypto_aead_chacha20poly1305_IETF_KEYBYTES)
+        {
+            BLACK_AUDIT_X(false, Q_FUNC_INFO, "wrong transmit key size");
+            throw std::invalid_argument("wrong transmit key size");
+        }
+
+        if (m_aeadReceiveKey.size() != crypto_aead_chacha20poly1305_IETF_KEYBYTES)
+        {
+            BLACK_AUDIT_X(false, Q_FUNC_INFO, "wrong receive key size");
+            throw std::invalid_argument("wrong receive key size");
+        }
+
         if (m_receiveSequenceSizeMaxSize < 1) { m_receiveSequenceSizeMaxSize = 1; }
         m_receiveSequenceHistory.fill(0, m_receiveSequenceSizeMaxSize);
         m_receiveSequenceHistoryDepth = 0;

src/blackcore/afv/crypto/cryptodtoserializer.cpp

@@ -48,6 +48,7 @@ namespace BlackCore::Afv::Crypto
             QByteArray key;
             if (loopback) { key = channel.getTransmitKey(CryptoDtoMode::AEAD_ChaCha20Poly1305); }
             else { key = channel.getReceiveKey(CryptoDtoMode::AEAD_ChaCha20Poly1305); }
+            Q_ASSERT_X(key.size() == crypto_aead_chacha20poly1305_IETF_KEYBYTES, Q_FUNC_INFO, "");
             int result = crypto_aead_chacha20poly1305_ietf_decrypt(reinterpret_cast<unsigned char *>(decryptedPayload.data()), &mlen, nullptr,
                                                                    reinterpret_cast<const unsigned char *>(aePayloadBuffer.constData()), aePayloadBuffer.size(),
                                                                    reinterpret_cast<const unsigned char *>(adBuffer.constData()), adBuffer.size(),

src/blackcore/afv/crypto/cryptodtoserializer.h

@@ -35,6 +35,7 @@ namespace BlackCore::Afv::Crypto
         template <typename T>
         static QByteArray serialize(const QString &channelTag, CryptoDtoMode mode, const QByteArray &transmitKey, uint sequenceToBeSent, T dto)
         {
+            Q_ASSERT_X(transmitKey.size() == crypto_aead_chacha20poly1305_IETF_KEYBYTES, Q_FUNC_INFO, "");
             const CryptoDtoHeaderDto header = { channelTag.toStdString(), sequenceToBeSent, mode };
 
             QBuffer headerBuffer;

src/blackcore/afv/dto.h

@@ -16,6 +16,7 @@
 namespace BlackCore::Afv
 {
     //! Channel config DTO
+    //! \warning Data inside the DTO is taken from the network AS IS. No content verification is performed.
     struct CryptoDtoChannelConfigDto
     {
         //! @{