Detect Invalid Initialization Vector Size.

[iosdevzone]

Since this code is based on IDZSwiftCommonCrypto it has inherited some of that library's flaws. While the library currently pays quite a bit of attention to keys, it has no error checking on IV size.

If a user supplies too small an IV, some uninitialized bytes will used by CommonCrypto. This is not a security risk, it just leads to incorrect results and difficult to track down bugs.

We're adding additional error checking to try to catch these problems before they occur.

You may want to take a look at iosdevzone/IDZSwiftCommonCrypto#79 to see the changes we're making!

[billabt]

Thanks for the heads up. I'll incorporate the enhanced error checking.

[iosdevzone]

You're welcome!

The change you made near line 643 of StreamCryptor.swift is not correct. It should be:

    iv.utf8.count

iv.count will give you the number of Characters not bytes.

[billabt]

Thanks for the catch. Unfortunately, I’ve got a nasty habit of making that particular mistake. Thanks again for catching it.

[iosdevzone]

Happens to us all! Actually this made me aware of the fact that we're relying on some possibly undocumented behavior in how String is passed as an UnsafeRawPointer. Will be checking it out and let you know my conclusion. This route was to avoid the possible performance hit of explicitly converting to [UInt8]. I'll open a separate issue/PR when appropriate.