Open ksivask opened 2 months ago
Hello @ksivask ,
Thanks a lot for pointing out the issue. I realize that the CBC padding implementation is incorrect...
@babelouest, I have opened the PR #37 for the fix.
Yes, but the patch fixed the case when a unpadding with 16 iterations of 0x10
was used. There was an error in the padding algorithm too.
I've added some improvements in the fix-cbc-padding branch to cover padding when payload size is a 16-bytes set of blocks, and raise an error when the unpadding is wrong.
This should make it PKCS#7 padding compatible now.
with cbc, the padding char <= block_size, the code in
r_jwe_remove_padding
incorrectly checks for<
instead of<=
References: [1] Original Code: https://github.com/babelouest/rhonabwy/blob/master/src/jwe.c#L2258 [2] GnuTLS: https://github.com/gnutls/gnutls/blob/master/lib/crypto-api.c#L519
Sample JWKS:
Sample Data:
a) <32: {'sub':'sivak','uid':8,'vni':4}
b) ==32:{'sub':'sivak','uid':8,'vni':14}
c) >32:{'sub':'sivak','uid':8,'vni':148}
Pre-Fix (using apt install rnbyc)
Post-Fix