Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aes: encrypt and decrypt one block at a time #64

Merged
merged 6 commits into from
Sep 29, 2024
Merged

aes: encrypt and decrypt one block at a time #64

merged 6 commits into from
Sep 29, 2024

Conversation

qmuntal
Copy link
Member

@qmuntal qmuntal commented Sep 27, 2024

This PR fixes a subtle issue in the AES cipher encryption and decryption functions. When the output buffer is smaller than the input buffer and both are larger than the AES block size (16 bytes), then BCryptEncrypt errors with the STATUS_BUFFER_TOO_SMALL code. This behavior is not what Go implementation expects, as it always encrypts and decrypts one full block at a time, even if the input buffer is larger than that.

This issue is fixed by truncating the input and output buffers to the AES block size before calling BCryptEncrypt and BCryptDecrypt.

Added a new test to make sure that we don't regress and that our AES implementation is fully compatible with upstream AES.

This bug is worth backporting in the next patch release so our backend is more compatible with upstream.

dagood
dagood approved these changes Sep 27, 2024
View reviewed changes
internal/cryptotest/aead.go Show resolved Hide resolved
internal/cryptotest/aead.go Show resolved Hide resolved
internal/cryptotest/aead.go Show resolved Hide resolved
@dagood
Copy link
Member

dagood commented Sep 27, 2024

Oh, my comments are on the copied files. Never mind those. 😅

@qmuntal
Copy link
Member Author

qmuntal commented Sep 27, 2024

Oh, my comments are on the copied files. Never mind those. 😅

Well, you have something to commit upstream 😄

@dagood
Copy link
Member

dagood commented Sep 27, 2024

Indeed, just got https://go-review.googlesource.com/c/go/+/616338 up. 😄

karianna
karianna approved these changes Sep 27, 2024
View reviewed changes
cng/aes.go Outdated Show resolved Hide resolved
@qmuntal qmuntal merged commit 3e2be6d into main Sep 29, 2024
17 checks passed
@qmuntal qmuntal deleted the dev/qmuntal/aesfix branch September 29, 2024 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dagood dagood dagood approved these changes

@karianna karianna karianna approved these changes

@mertakman mertakman Awaiting requested review from mertakman

@gdams gdams Awaiting requested review from gdams

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@qmuntal @dagood @karianna