Fix panic when unsealing a value too short for a crypto box (#217)

* fix panic unsealing a value too short for a crypto box Signed-off-by: Andrew Whitehead <cywolf@gmail.com> * test crypto box error cases Signed-off-by: Andrew Whitehead <cywolf@gmail.com> --------- Signed-off-by: Andrew Whitehead <cywolf@gmail.com>
openwallet-foundation · Jan 25, 2024 · 78ed2f1 · 78ed2f1
1 parent b798d82
commit 78ed2f1
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/askar-crypto/src/encrypt/crypto_box.rs b/askar-crypto/src/encrypt/crypto_box.rs
@@ -119,6 +119,9 @@ pub fn crypto_box_seal_open(
     recip_sk: &X25519KeyPair,
     ciphertext: &[u8],
 ) -> Result<SecretBytes, Error> {
+    if ciphertext.len() < CBOX_KEY_LENGTH + CBOX_TAG_LENGTH {
+        return Err(err_msg!(Encryption, "Invalid size for encrypted data"));
+    }
     let ephem_pk = X25519KeyPair::from_public_bytes(&ciphertext[..CBOX_KEY_LENGTH])?;
     let mut buffer = SecretBytes::from_slice(&ciphertext[CBOX_KEY_LENGTH..]);
     let nonce = crypto_box_seal_nonce(ephem_pk.public.as_bytes(), recip_sk.public.as_bytes())?;
@@ -155,6 +158,21 @@ mod tests {
         assert_eq!(buffer, &message[..]);
     }
 
+    #[test]
+    fn crypto_box_open_too_short() {
+        let sk = X25519KeyPair::from_secret_bytes(&hex!(
+            "a8bdb9830f8790d242f66e04b11cc2a14c752a7b63c073f3c68e9adb151cc854"
+        ))
+        .unwrap();
+        let pk = X25519KeyPair::from_public_bytes(&hex!(
+            "07d0b594683bdb6af5f4eacb1a392687d580a58db196a752dca316dedb7d251c"
+        ))
+        .unwrap();
+        let mut buffer = SecretBytes::from_slice(b"0000000000");
+        let nonce = b"012345678912012345678912";
+        assert!(crypto_box_open(&sk, &pk, &mut buffer, nonce).is_err());
+    }
+
     #[test]
     fn crypto_box_seal_round_trip() {
         let recip = X25519KeyPair::random().unwrap();
@@ -183,4 +201,14 @@ mod tests {
         );
         crypto_box_seal_open(&recip, &ciphertext).unwrap();
     }
+
+    #[test]
+    fn crypto_box_unseal_too_short() {
+        use crate::alg::ed25519::Ed25519KeyPair;
+        let recip = Ed25519KeyPair::from_secret_bytes(b"testseed000000000000000000000001")
+            .unwrap()
+            .to_x25519_keypair();
+        let ciphertext = hex!("ed443c0377a0");
+        assert!(crypto_box_seal_open(&recip, &ciphertext).is_err());
+    }
 }