AES should enforce minimal length of IV

[benkuly]

The following does fail with native JVM or JS implementations:

AES.decryptAesCtr(
            Random.Default.nextBytes(ByteArray(1)),
            Random.Default.nextBytes(ByteArray(128 / 8)),
            ByteArray(0)
)

On JVM it throws: java.security.InvalidAlgorithmParameterException: Wrong IV length: must be 16 bytes long

[soywiz]

Can you create an assertEquals based on JS and JVM implementation with the expected behavior to make it easier to create a fix?

[benkuly]

Because JVM and JS throw Exception, there is nothing to compare with assertations.

@Test
fun decryptNoPaddingJVM(){
   try {
    val content = Random.Default.nextBytes(ByteArray(1))
    val key = Random.Default.nextBytes(ByteArray(128 / 8))
    val iv = ByteArray(0)

    val cipher = Cipher.getInstance("AES/CTR/NoPadding")
    val keySpec: Key = SecretKeySpec(key, "AES")
    val ivSpec = IvParameterSpec(iv)
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec)
    cipher.doFinal(content)

    fail("should throw exception")
   } catch(exception: Exception){
       
   }
}

JS is a bit more complicated, because it needs externals.

[soywiz]

Oh, you mean it should throw if IV length is less than 16, and currently it doesn't?

So (assertFailsWith):

assertFailsWith<IllegalStateException> {
  val anyData = Random.Default.nextBytes(ByteArray(1))
  val anyKey = Random.Default.nextBytes(ByteArray(128 / 8))
  val invalidIV = ByteArray(15) // This should be at least 16 bytes long
  AES.decryptAesCtr(
    data = anyData,
    key = anykey,
    iv = invalidIV,
    padding = NoPadding
  )
}

Is, that the behaviour you would expect? Is this then a minor validation issue?

[benkuly]

Exactly :)

[benkuly]

Thank you :)