This is an automated email from the ASF dual-hosted git repository. ccollins pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mynewt-artifact.git
The following commit(s) were added to refs/heads/master by this push: new 252824c Encrypt AES: Don't assume nonce is 8 bytes 252824c is described below commit 252824cdbca1dc71e5bf1cd59af36552628c049a Author: Christopher Collins <ccoll...@apache.org> AuthorDate: Thu Jul 30 11:09:02 2020 -0700 Encrypt AES: Don't assume nonce is 8 bytes For AES encryption, the client can optionally pass a nonce to use as the beginning of the IV. The code assumed the nonce was exactly eight bytes, so it would always append eight zeros to form the 16-byte nonce. The fix is to only append as many zeros are necessary for a 16-byte IV. --- sec/encrypt.go | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/sec/encrypt.go b/sec/encrypt.go index 85d4571..8d142e3 100644 --- a/sec/encrypt.go +++ b/sec/encrypt.go @@ -31,9 +31,10 @@ import ( "crypto/sha256" "crypto/x509" "encoding/base64" - "golang.org/x/crypto/hkdf" "io" + "golang.org/x/crypto/hkdf" + keywrap "github.com/NickBall/go-aes-key-wrap" "github.com/apache/mynewt-artifact/errors" ) @@ -251,17 +252,18 @@ func (k *PrivEncKey) Decrypt(ciph []byte) ([]byte, error) { } func EncryptAES(plain []byte, secret []byte, nonce []byte) ([]byte, error) { + if len(nonce) > 16 { + return nil, errors.Errorf("AES nonce has invalid length: have=%d want<=16", len(nonce)) + } + blk, err := aes.NewCipher(secret) if err != nil { return nil, errors.Errorf("Failed to create block cipher") } - var iv []byte - if nonce == nil { - iv = make([]byte, 16) - } else { - zeros := make([]byte, 8) - iv = append(nonce, zeros...) + iv := nonce + for len(iv) < 16 { + iv = append(nonce, 0) } stream := cipher.NewCTR(blk, iv)