This repository has been archived by the owner on Jul 8, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 37
AES should enforce minimal length of IV #699
Labels
Comments
Can you create an assertEquals based on JS and JVM implementation with the expected behavior to make it easier to create a fix? |
Because JVM and JS throw Exception, there is nothing to compare with assertations.
JS is a bit more complicated, because it needs externals. |
Oh, you mean it should throw if IV length is less than 16, and currently it doesn't? So (assertFailsWith): assertFailsWith<IllegalStateException> {
val anyData = Random.Default.nextBytes(ByteArray(1))
val anyKey = Random.Default.nextBytes(ByteArray(128 / 8))
val invalidIV = ByteArray(15) // This should be at least 16 bytes long
AES.decryptAesCtr(
data = anyData,
key = anykey,
iv = invalidIV,
padding = NoPadding
)
} Is, that the behaviour you would expect? Is this then a minor validation issue? |
soywiz
added
enhancement
New feature or request
question
Further information is requested
check
labels
May 30, 2022
Exactly :) |
soywiz
added
good first issue
Good for newcomers
and removed
question
Further information is requested
labels
May 30, 2022
soywiz
added a commit
that referenced
this issue
Jun 18, 2022
Thank you :) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The following does fail with native JVM or JS implementations:
On JVM it throws:
java.security.InvalidAlgorithmParameterException: Wrong IV length: must be 16 bytes long
The text was updated successfully, but these errors were encountered: