1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-23 07:44:48 -05:00

fix(ext/node): validate input lengths in Cipheriv and Decipheriv (#25570)

addresses the first part of #25279
This commit is contained in:
Yoshiya Hinosawa 2024-09-11 13:27:07 +09:00 committed by GitHub
parent 1521adf5ed
commit ef2d98fe11
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 105 additions and 14 deletions

View file

@ -4,6 +4,7 @@ use aes::cipher::block_padding::Pkcs7;
use aes::cipher::BlockDecryptMut;
use aes::cipher::BlockEncryptMut;
use aes::cipher::KeyIvInit;
use deno_core::error::range_error;
use deno_core::error::type_error;
use deno_core::error::AnyError;
use deno_core::Resource;
@ -157,6 +158,13 @@ impl Cipher {
Aes256Gcm(Box::new(cipher))
}
"aes256" | "aes-256-cbc" => {
if key.len() != 32 {
return Err(range_error("Invalid key length"));
}
if iv.len() != 16 {
return Err(type_error("Invalid initialization vector"));
}
Aes256Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into())))
}
_ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))),
@ -346,6 +354,13 @@ impl Decipher {
Aes256Gcm(Box::new(decipher))
}
"aes256" | "aes-256-cbc" => {
if key.len() != 32 {
return Err(range_error("Invalid key length"));
}
if iv.len() != 16 {
return Err(type_error("Invalid initialization vector"));
}
Aes256Cbc(Box::new(cbc::Decryptor::new(key.into(), iv.into())))
}
_ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))),

View file

@ -220,13 +220,9 @@ pub fn op_node_create_cipheriv(
#[string] algorithm: &str,
#[buffer] key: &[u8],
#[buffer] iv: &[u8],
) -> u32 {
state.resource_table.add(
match cipher::CipherContext::new(algorithm, key, iv) {
Ok(context) => context,
Err(_) => return 0,
},
)
) -> Result<u32, AnyError> {
let context = cipher::CipherContext::new(algorithm, key, iv)?;
Ok(state.resource_table.add(context))
}
#[op2(fast)]
@ -292,13 +288,9 @@ pub fn op_node_create_decipheriv(
#[string] algorithm: &str,
#[buffer] key: &[u8],
#[buffer] iv: &[u8],
) -> u32 {
state.resource_table.add(
match cipher::DecipherContext::new(algorithm, key, iv) {
Ok(context) => context,
Err(_) => return 0,
},
)
) -> Result<u32, AnyError> {
let context = cipher::DecipherContext::new(algorithm, key, iv)?;
Ok(state.resource_table.add(context))
}
#[op2(fast)]

View file

@ -245,6 +245,44 @@ Deno.test({
},
});
Deno.test({
name: "createCipheriv - invalid inputs",
fn() {
assertThrows(
() =>
crypto.createCipheriv("aes256", new Uint8Array(31), new Uint8Array(16)),
RangeError,
"Invalid key length",
);
assertThrows(
() =>
crypto.createCipheriv(
"aes-256-cbc",
new Uint8Array(31),
new Uint8Array(16),
),
RangeError,
"Invalid key length",
);
assertThrows(
() =>
crypto.createCipheriv("aes256", new Uint8Array(32), new Uint8Array(15)),
TypeError,
"Invalid initialization vector",
);
assertThrows(
() =>
crypto.createCipheriv(
"aes-256-cbc",
new Uint8Array(32),
new Uint8Array(15),
),
TypeError,
"Invalid initialization vector",
);
},
});
Deno.test({
name: "createDecipheriv - invalid algorithm",
fn() {
@ -257,6 +295,52 @@ Deno.test({
},
});
Deno.test({
name: "createDecipheriv - invalid inputs",
fn() {
assertThrows(
() =>
crypto.createDecipheriv(
"aes256",
new Uint8Array(31),
new Uint8Array(16),
),
RangeError,
"Invalid key length",
);
assertThrows(
() =>
crypto.createDecipheriv(
"aes-256-cbc",
new Uint8Array(31),
new Uint8Array(16),
),
RangeError,
"Invalid key length",
);
assertThrows(
() =>
crypto.createDecipheriv(
"aes256",
new Uint8Array(32),
new Uint8Array(15),
),
TypeError,
"Invalid initialization vector",
);
assertThrows(
() =>
crypto.createDecipheriv(
"aes-256-cbc",
new Uint8Array(32),
new Uint8Array(15),
),
TypeError,
"Invalid initialization vector",
);
},
});
Deno.test({
name: "getCiphers",
fn() {