search

asmcrypto / asmcrypto.js

JavaScript Cryptographic Library with performance in mind.
MIT License
659 stars 182 forks source link

AES_CBC.decrypt is broken with default iv #142

Open cvlmtg opened 6 years ago

cvlmtg commented 6 years ago

Hi, I just tried to upgrade from 0.0.11 to 0.22.0 and my code doesn't work anymore because of this error:

TypeError: unexpected iv type

following the code it seems an error of asmycrypto. I call:

asmCrypto.AES_CBC.decrypt(data, key);

which calls AES_CBC_decrypt_bytes(data, key, padding, iv), which calls:

class AES_CBC extends AES {
     /**
      * @param {Uint8Array} key
      * @param {Uint8Array} [iv=null]
      * @param {boolean} [padding=true]
      * @param {Uint8Array} [heap]
      * @param {Uint8Array} [asm]
      */
     constructor(key, iv = null, padding = true, heap, asm) {
       super(key, iv, padding, heap, asm);

please note that since I did not specify iv (which the docs says is optional) it was undefined in AES_CBC_decrypt_bytes but now gets converted to null because of the default value specified in the constructor. the constructor call super() which then calls:

this.AES_reset(key, iv, padding);

which calls:

this.AES_set_iv(iv);

inside AES_set_iv we have:

       if (iv !== undefined) {
         if (!is_bytes(iv)) {
           throw new TypeError('unexpected iv type');
         }

since 'iv' has been set to null we have is_bytes(null) which is false. the error is in the AES_CBC class which sets iv to null instead of leaving it undefined.