Bug 638297: don't zero-pad buffers, reject short IVs. r=philiKON

2024-10-09 11:25:00 +00:00 · 2011-03-07 11:53:10 -08:00 · 2011-03-07 11:53:10 -08:00 · 88df880802
commit 88df880802
parent a645dd4b91
2 changed files with 18 additions and 10 deletions
--- a/services/crypto/modules/WeaveCrypto.js
+++ b/services/crypto/modules/WeaveCrypto.js
@ -481,7 +481,9 @@ WeaveCrypto.prototype = {
        iv = atob(iv);

        // We never want an IV longer than the block size, which is 16 bytes
-        // for AES.
+        // for AES. Neither do we want one smaller; throw in that case.
+        if (iv.length < this.blockSize)
+            throw "IV too short; must be " + this.blockSize + " bytes.";
        if (iv.length > this.blockSize)
            iv = iv.slice(0, this.blockSize);

@ -637,18 +639,13 @@ WeaveCrypto.prototype = {
     * Compress a JS string into a C uint8 array. count is the number of
     * elements in the destination array. If the array is smaller than the
     * string, the string is effectively truncated. If the string is smaller
-     * than the array, the array is 0-padded.
+     * than the array, the array is not 0-padded.
     */
    byteCompressInts : function byteCompressInts (jsString, intArray, count) {
        let len = jsString.length;
        let end = Math.min(len, count);
-
        for (let i = 0; i < end; i++)
-            intArray[i] = jsString.charCodeAt(i) % 256; // convert to bytes
-
-        // Must zero-pad.
-        for (let i = len; i < count; i++)
-            intArray[i] = 0;
+            intArray[i] = jsString.charCodeAt(i) & 0xFF;  // convert to bytes.
    },

    // Expand a normal C string (1-byte chars) into a JS string (2-byte chars)
--- a/services/crypto/tests/unit/test_crypto_crypt.js
+++ b/services/crypto/tests/unit/test_crypto_crypt.js
@ -103,8 +103,8 @@ function test_SECItem_byteCompressInts() {

  // Fill it too short.
  cryptoSvc.byteCompressInts("MMM", intData, 8);
-  for (let i = 0; i < 8; ++i)
-    do_check_eq(intData[i], [77, 77, 77, 0, 0, 0, 0, 0, 0][i]);
+  for (let i = 0; i < 3; ++i)
+    do_check_eq(intData[i], [77, 77, 77][i]);

  // Fill it too much. Doesn't buffer overrun.
  cryptoSvc.byteCompressInts("NNNNNNNNNNNNNNNN", intData, 8);
@ -138,6 +138,17 @@ function test_encrypt_decrypt() {
  key = "St1tFCor7vQEJNug/465dQ==";
  iv  = "oLjkfrLIOnK2bDRvW4kXYA==";

+  _("Testing small IV.");
+  mySecret = "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXo=";
+  shortiv  = "YWJj";           // "abc": Less than 16.
+  let err;
+  try {
+    cryptoSvc.encrypt(mySecret, key, shortiv);
+  } catch (ex) {
+    err = ex;
+  }
+  do_check_true(!!err);
+
  // Test small input sizes
  mySecret = "";
  cipherText = cryptoSvc.encrypt(mySecret, key, iv);