This corrects a bug introduced in #562 that prevented correct decryption of some objects encrypted using AES CTR mode. The objects susceptible to this bug are ones where IV values generated during the encryption process are interpreted as negative BigInteger values. The calculation of applying the CTR mode offset to the initial, randomly-generated IV and the conversion back to a byte array yielded incorrect results in such cases and prevented correct decryption of the associated objects. This PR changes the method used to determine the IV value to use for decrypting the request to instead use operations directly on the byte array rather than converting the values to BigInteger values.
This PR also adds testing to ensure that the IV calculation when using an offset of zero results in an IV that is identical to the input IV.
This corrects a bug introduced in #562 that prevented correct decryption of some objects encrypted using AES CTR mode. The objects susceptible to this bug are ones where IV values generated during the encryption process are interpreted as negative
BigInteger
values. The calculation of applying the CTR mode offset to the initial, randomly-generated IV and the conversion back to a byte array yielded incorrect results in such cases and prevented correct decryption of the associated objects. This PR changes the method used to determine the IV value to use for decrypting the request to instead use operations directly on the byte array rather than converting the values toBigInteger
values.This PR also adds testing to ensure that the IV calculation when using an offset of zero results in an IV that is identical to the input IV.