diff options
| author | Kasper Timm Hansen <kaspth@gmail.com> | 2017-05-15 21:20:12 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-05-15 21:20:12 +0200 |
| commit | 7cc526beb5c1ecc509db9f607c26fabaed4b4027 (patch) | |
| tree | 6dc8c89cff17d9e8be090fe728df7cf82f199022 /activesupport/test | |
| parent | 5bfb2875e9287c75f91e89f5e50654e5fbaa5855 (diff) | |
| parent | 51b090549b76684692bbb8a5c7fbdb3bdaa25642 (diff) | |
| download | rails-7cc526beb5c1ecc509db9f607c26fabaed4b4027.tar.gz rails-7cc526beb5c1ecc509db9f607c26fabaed4b4027.tar.bz2 rails-7cc526beb5c1ecc509db9f607c26fabaed4b4027.zip | |
Merge pull request #29086 from mikeycgto/message-encryptor-auth-tag-check
Message encryptor auth tag check
Fixes MessageEncryptor when used in AEAD mode. Specifically, we need to check if the `auth_tag` is nil. This may arise when an AEAD encryptor is used to decrypt a ciphertext generated from a different mode, such as CBC-HMAC. Basically, the number of double dashes will differ and `auth_tag` may be nil in this case.
Diffstat (limited to 'activesupport/test')
| -rw-r--r-- | activesupport/test/message_encryptor_test.rb | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/activesupport/test/message_encryptor_test.rb b/activesupport/test/message_encryptor_test.rb index 56a436f751..4c3515b5e1 100644 --- a/activesupport/test/message_encryptor_test.rb +++ b/activesupport/test/message_encryptor_test.rb @@ -86,20 +86,32 @@ class MessageEncryptorTest < ActiveSupport::TestCase assert_equal @data, encryptor.decrypt_and_verify(message) end + def test_aead_mode_with_hmac_cbc_cipher_text + encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm") + + assert_aead_not_decrypted(encryptor, "eHdGeExnZEwvMSt3U3dKaFl1WFo0TjVvYzA0eGpjbm5WSkt5MXlsNzhpZ0ZnbWhBWFlQZTRwaXE1bVJCS2oxMDZhYVp2dVN3V0lNZUlWQ3c2eVhQbnhnVjFmeVVubmhRKzF3WnZyWHVNMDg9LS1HSisyakJVSFlPb05ISzRMaXRzcFdBPT0=--831a1d54a3cda8a0658dc668a03dedcbce13b5ca") + end + def test_messing_with_aead_values_causes_failures encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm") text, iv, auth_tag = encryptor.encrypt_and_sign(@data).split("--") - assert_not_decrypted([iv, text, auth_tag] * "--") - assert_not_decrypted([munge(text), iv, auth_tag] * "--") - assert_not_decrypted([text, munge(iv), auth_tag] * "--") - assert_not_decrypted([text, iv, munge(auth_tag)] * "--") - assert_not_decrypted([munge(text), munge(iv), munge(auth_tag)] * "--") - assert_not_decrypted([text, iv] * "--") - assert_not_decrypted([text, iv, auth_tag[0..-2]] * "--") + assert_aead_not_decrypted(encryptor, [iv, text, auth_tag] * "--") + assert_aead_not_decrypted(encryptor, [munge(text), iv, auth_tag] * "--") + assert_aead_not_decrypted(encryptor, [text, munge(iv), auth_tag] * "--") + assert_aead_not_decrypted(encryptor, [text, iv, munge(auth_tag)] * "--") + assert_aead_not_decrypted(encryptor, [munge(text), munge(iv), munge(auth_tag)] * "--") + assert_aead_not_decrypted(encryptor, [text, iv] * "--") + assert_aead_not_decrypted(encryptor, [text, iv, auth_tag[0..-2]] * "--") end private + def assert_aead_not_decrypted(encryptor, value) + assert_raise(ActiveSupport::MessageEncryptor::InvalidMessage) do + encryptor.decrypt_and_verify(value) + end + end + def assert_not_decrypted(value) assert_raise(ActiveSupport::MessageEncryptor::InvalidMessage) do @encryptor.decrypt_and_verify(@verifier.generate(value)) |