fix(aes): Add iv size validation (#4580)

satoshiotomakan · web-flow · commit 1a13583d8faa · 2025-12-02T12:52:58.000+01:00
* fix(aes): Add iv size validation

* fix(aes): Add unit tests
diff --git a/src/Encrypt.cpp b/src/Encrypt.cpp
@@ -24,6 +24,10 @@ size_t paddingSize(size_t origSize, size_t blockSize, TWAESPaddingMode paddingMo
 }
 
 Data AESCBCEncrypt(const Data& key, const Data& data, Data& iv, TWAESPaddingMode paddingMode) {
+    if (iv.size() != AES_BLOCK_SIZE) {
+        throw std::invalid_argument("Invalid iv size");
+    }
+
     aes_encrypt_ctx ctx;
     if (aes_encrypt_key(key.data(), static_cast<int>(key.size()), &ctx) == EXIT_FAILURE) {
         throw std::invalid_argument("Invalid key");
@@ -52,6 +56,10 @@ Data AESCBCEncrypt(const Data& key, const Data& data, Data& iv, TWAESPaddingMode
 }
 
 Data AESCBCDecrypt(const Data& key, const Data& data, Data& iv, TWAESPaddingMode paddingMode) {
+    if (iv.size() != AES_BLOCK_SIZE) {
+        throw std::invalid_argument("Invalid iv size");
+    }
+
     const size_t blockSize = AES_BLOCK_SIZE;
     if (data.size() % blockSize != 0) {
         throw std::invalid_argument("Invalid data size");
@@ -83,7 +91,11 @@ Data AESCBCDecrypt(const Data& key, const Data& data, Data& iv, TWAESPaddingMode
 }
 
 Data AESCTREncrypt(const Data& key, const Data& data, Data& iv) {
-	aes_encrypt_ctx ctx;
+    if (iv.size() != AES_BLOCK_SIZE) {
+        throw std::invalid_argument("Invalid iv size");
+    }
+
+    aes_encrypt_ctx ctx;
     if (aes_encrypt_key(key.data(), static_cast<int>(key.size()), &ctx) != EXIT_SUCCESS) {
         throw std::invalid_argument("Invalid key");
     }
@@ -94,6 +106,10 @@ Data AESCTREncrypt(const Data& key, const Data& data, Data& iv) {
 }
 
 Data AESCTRDecrypt(const Data& key, const Data& data, Data& iv) {
+    if (iv.size() != AES_BLOCK_SIZE) {
+        throw std::invalid_argument("Invalid iv size");
+    }
+
     aes_encrypt_ctx ctx;
     if (aes_encrypt_key(key.data(), static_cast<int>(key.size()), &ctx) != EXIT_SUCCESS) {
         throw std::invalid_argument("Invalid key");
diff --git a/src/Keystore/AESParameters.h b/src/Keystore/AESParameters.h
@@ -34,13 +34,18 @@ struct AESParameters {
     Data iv;
 
     /// Initializes `AESParameters` with a encryption cipher.
-    static AESParameters AESParametersFromEncryption(TWStoredKeyEncryption encryption);;
+    static AESParameters AESParametersFromEncryption(TWStoredKeyEncryption encryption);
 
     /// Initializes `AESParameters` with a JSON object.
     static AESParameters AESParametersFromJson(const nlohmann::json& json, const std::string& cipher);
 
     /// Saves `this` as a JSON object.
     nlohmann::json json() const;
+
+    /// Validates AES parameters.
+    [[nodiscard]] bool isValid() const {
+        return iv.size() == static_cast<std::size_t>(mBlockSize);
+    }
 };
 
 } // namespace TW::Keystore
diff --git a/src/Keystore/EncryptionParameters.cpp b/src/Keystore/EncryptionParameters.cpp
@@ -40,6 +40,9 @@ static const auto mac = "mac";
 EncryptionParameters::EncryptionParameters(const nlohmann::json& json) {
     auto cipher = json[CodingKeys::cipher].get<std::string>();
     cipherParams = AESParameters::AESParametersFromJson(json[CodingKeys::cipherParams], cipher);
+    if (!cipherParams.isValid()) {
+        throw std::invalid_argument("Invalid cipher params");
+    }
 
     auto kdf = json[CodingKeys::kdf].get<std::string>();
     if (kdf == "scrypt") {
@@ -67,6 +70,10 @@ nlohmann::json EncryptionParameters::json() const {
 
 EncryptedPayload::EncryptedPayload(const Data& password, const Data& data, const EncryptionParameters& params)
     : params(std::move(params)), _mac() {
+    if (!this->params.cipherParams.isValid()) {
+        throw std::invalid_argument("Invalid cipher params");
+    }
+
     auto scryptParams = std::get<ScryptParameters>(this->params.kdfParams);
     auto derivedKey = Data(scryptParams.desiredKeyLength);
     scrypt(reinterpret_cast<const byte*>(password.data()), password.size(), scryptParams.salt.data(),
@@ -90,6 +97,9 @@ EncryptedPayload::EncryptedPayload(const Data& password, const Data& data, const
     assert(result == EXIT_SUCCESS);
     if (result == EXIT_SUCCESS) {
         Data iv = this->params.cipherParams.iv;
+        // iv size should have been validated in `AESParameters::isValid()`.
+        assert(iv.size() == gBlockSize);
+
         encrypted = Data(data.size());
         aes_ctr_encrypt(data.data(), encrypted.data(), static_cast<int>(data.size()), iv.data(), aes_ctr_cbuf_inc, &ctx);
         _mac = computeMAC(derivedKey.end() - params.getKeyBytesSize(), derivedKey.end(), encrypted);
@@ -125,6 +135,13 @@ Data EncryptedPayload::decrypt(const Data& password) const {
         throw DecryptionError::invalidPassword;
     }
 
+    // Even though the cipher params should have been validated in `EncryptedPayload` constructor,
+    // double check them here.
+    if (!params.cipherParams.isValid()) {
+        throw DecryptionError::invalidCipher;
+    }
+    assert(params.cipherParams.iv.size() == gBlockSize);
+
     Data decrypted(encrypted.size());
     Data iv = params.cipherParams.iv;
     const auto encryption = params.cipherParams.mCipherEncryption;
diff --git a/tests/common/EncryptTests.cpp b/tests/common/EncryptTests.cpp
@@ -49,6 +49,12 @@ TEST(Encrypt, AESCBCEncrypt) {
     assertHexEqual(encryptResult, "f58c4c04d6e5f1ba779eabfb5f7bfbd6");
 }
 
+TEST(Encrypt, AESCBCEncryptInvalidIv) {
+    auto iv = parse_hex("0001020304050607");
+    auto data = parse_hex("6bc1bee22e409f96e93d7e117393172a");
+    ASSERT_THROW(AESCBCEncrypt(gKey, data, iv), std::invalid_argument);
+}
+
 TEST(Encrypt, AESCBCEncryptWithPadding) {
     const Data key = parse_hex("bf6cfdd852f79460981062f551f1dc3215b5e26609bc2a275d5b2da21798b489");
     const Data message = TW::data("secret message");
@@ -66,13 +72,19 @@ TEST(Encrypt, AESCBCEncryptWithPadding) {
 }
 
 TEST(Encrypt, AESCBCDecrypt) {
-	auto iv = parse_hex("000102030405060708090A0B0C0D0E0F");
+    auto iv = parse_hex("000102030405060708090A0B0C0D0E0F");
     auto cipher = parse_hex("f58c4c04d6e5f1ba779eabfb5f7bfbd6");
 
     auto decryptResult = AESCBCDecrypt(gKey, cipher, iv);
     assertHexEqual(decryptResult, "6bc1bee22e409f96e93d7e117393172a");
 }
 
+TEST(Encrypt, AESCBCDecryptInvalidIv) {
+    auto iv = parse_hex("000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F");
+    auto cipher = parse_hex("f58c4c04d6e5f1ba779eabfb5f7bfbd6");
+    ASSERT_THROW(AESCBCDecrypt(gKey, cipher, iv), std::invalid_argument);
+}
+
 TEST(Encrypt, AESCBCDecryptWithPadding) {
     const Data key = parse_hex("bf6cfdd852f79460981062f551f1dc3215b5e26609bc2a275d5b2da21798b489");
     {
@@ -101,14 +113,28 @@ TEST(Encrypt, AESCTREncrypt) {
     assertHexEqual(encryptResult, "601ec313775789a5b7a7f504bbf3d228");
 }
 
+TEST(Encrypt, AESCTREncryptIvalidIv) {
+    // iv is too short.
+    auto iv = parse_hex("ff");
+    auto data = parse_hex("6bc1bee22e409f96e93d7e117393172a");
+    ASSERT_THROW(AESCTREncrypt(gKey, data, iv), std::invalid_argument);
+}
+
 TEST(Encrypt, AESCTRDecrypt) {
-	auto iv = parse_hex("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
+    auto iv = parse_hex("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
     auto cipher = parse_hex("601ec313775789a5b7a7f504bbf3d228");
 
     auto decryptResult = AESCTRDecrypt(gKey, cipher, iv);
     assertHexEqual(decryptResult, "6bc1bee22e409f96e93d7e117393172a");
 }
 
+TEST(Encrypt, AESCTRDecryptIvalidIv) {
+    // iv is too long.
+    auto iv = parse_hex("f0f1f2f3f4f5f6f7f8f9fafbfcfdfefff0");
+    auto cipher = parse_hex("601ec313775789a5b7a7f504bbf3d228");
+    ASSERT_THROW(AESCTRDecrypt(gKey, cipher, iv), std::invalid_argument);
+}
+
 TEST(Encrypt, AESCBCEncryptMultipleBlocks) {
     auto key = parse_hex("e1094a016e6029eabc6f9e3c3cd9afb8");
     auto iv = parse_hex("884b972d70acece4ecf9b790ffce177e");
diff --git a/tests/common/Keystore/Data/invalid-iv.json b/tests/common/Keystore/Data/invalid-iv.json
@@ -0,0 +1,23 @@
+{
+  "version": 3,
+  "id": "e0fe53d0-7a3d-4f65-88b1-9bb4e245a169",
+  "crypto": {
+    "ciphertext": "64b5b416bb2bef882eb7cc63ed92c064e53c818ec46351e07ac140e5ba871596f1595fe6cad8333147fe68c031ba001b79b64dd1edd513043134217b7ffe1903ca23b1fbe823671827e3b2dff69bbd448d9cb79a3321ec8801f2a995",
+    "cipherparams": {
+      "iv": "7aaf7eb6f4b0e7d9"
+    },
+    "kdf": "scrypt",
+    "kdfparams": {
+      "r": 8,
+      "p": 6,
+      "n": 4096,
+      "dklen": 32,
+      "salt": "80132842c6cde8f9d04582932ef92c3cad3ba6b41e1296ef681692372886db86"
+    },
+    "mac": "01816d0a5c31cd03b644f2d756ac8167c2498808040cbace8c35c46dcf06b7a1",
+    "cipher": "aes-128-ctr"
+  },
+  "type": "mnemonic",
+  "coin": 60,
+  "address": "32dd55E0BCF509a35A3F5eEb8593fbEb244796b1"
+}
diff --git a/tests/common/Keystore/StoredKeyTests.cpp b/tests/common/Keystore/StoredKeyTests.cpp
@@ -410,6 +410,10 @@ TEST(StoredKey, InvalidPassword) {
     ASSERT_THROW(key.payload.decrypt(gPassword), DecryptionError);
 }
 
+TEST(StoredKey, InvalidIv) {
+    ASSERT_THROW(StoredKey::load(testDataPath("invalid-iv.json")), std::invalid_argument);
+}
+
 TEST(StoredKey, EmptyAccounts) {
     const auto key = StoredKey::load(testDataPath("empty-accounts.json"));
 

Original file line number	Diff line number	Diff line change
`@@ -410,6 +410,10 @@ TEST(StoredKey, InvalidPassword) {`
`410`	`410`	`ASSERT_THROW(key.payload.decrypt(gPassword), DecryptionError);`
`411`	`411`	`}`
`412`	`412`
	`413`	`+TEST(StoredKey, InvalidIv) {`
	`414`	`+ ASSERT_THROW(StoredKey::load(testDataPath("invalid-iv.json")), std::invalid_argument);`
	`415`	`+}`
	`416`	`+`
`413`	`417`	`TEST(StoredKey, EmptyAccounts) {`
`414`	`418`	`const auto key = StoredKey::load(testDataPath("empty-accounts.json"));`
`415`	`419`