hutorny / chaskey

A lightweight 128-bit encryption algorithm implemented in C++ and JavaScript
MIT License
14 stars 8 forks source link

Wrong result if an instance is reused with a shorter message length #1

Open Emill opened 5 years ago

Emill commented 5 years ago
var mac = new ChaskeyCipher.Mac();  // instantiate a cipher in MAC mode
mac.set([1,2,3,4]);         // set the key
console.log(mac.sign(new Uint8Array(0))); 
console.log(mac.sign(new Uint8Array(0)));
console.log(mac.sign(new Uint8Array(17)));
console.log(mac.sign(new Uint8Array(0)));

prints the following:

Uint8Array(16) [164, 51, 219, 196, 236, 190, 42, 255, 44, 145, 84, 85, 202, 211, 40, 178]
Uint8Array(16) [164, 51, 219, 196, 236, 190, 42, 255, 44, 145, 84, 85, 202, 211, 40, 178]
Uint8Array(16) [206, 55, 154, 136, 95, 96, 215, 4, 30, 37, 59, 16, 223, 175, 215, 176]
Uint8Array(16) [89, 208, 133, 178, 254, 56, 60, 179, 61, 217, 110, 222, 43, 11, 187, 61]

I expect the last line to be

Uint8Array(16) [164, 51, 219, 196, 236, 190, 42, 255, 44, 145, 84, 85, 202, 211, 40, 178]

The reason is that the formatter object's byte buffer is not reset completely upon reset. It is filled with zeros instead of truncated to zero length.