search

denoland / deno

A modern runtime for JavaScript and TypeScript.
https://deno.com
MIT License
98.09k stars 5.4k forks source link

decipherIV AES-ECB is broken #22988

Open littledivy opened 8 months ago

littledivy commented 8 months ago

The BlockModeCache does not work correctly with ECB (Electronic Codebook) block mode.

Cached blocks are not returned for 16-byte buffers.

const blockCache = new BlockCache(true); // With aes-XXX-ecb

const input = new Uint8Array(16);
blockCache.add(input)

const cache = blockCache.get(); // This returns `null`

Setting lastChunkIsNotZero to false fixes the cache retrieval issue but op_node_crypto_decipheriv panics:

============================================================
Deno has panicked. This is a bug in Deno. Please report this
at https://github.com/denoland/deno/issues/new.
If you can reliably reproduce this panic, include the
reproduction steps and re-run with the RUST_BACKTRACE=1 env
var set and include the backtrace in your report.

Platform: macos aarch64
Version: 1.41.3
Args: ["../../deno/target/debug/deno", "run", "cipher.ts"]

thread 'main' panicked at ext/node/ops/crypto/cipher.rs:362:9:
assertion failed: input.len() == 16
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

because this.#cache.cache is not 16 byte-aligned.

This whole part needs to be rewritten in Rust.

littledivy commented 3 months ago

https://github.com/denoland/deno/issues/22053 is still reproducible

marvinhagemeister commented 3 months ago

@littledivy Where is BlockCache coming from? What's the full reproduction?