diff options
| -rw-r--r-- | src/_cffi_src/hazmat_src/padding.c | 24 | ||||
| -rw-r--r-- | src/_cffi_src/hazmat_src/padding.h | 1 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/padding.py | 4 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_padding.py | 15 |
4 files changed, 43 insertions, 1 deletions
diff --git a/src/_cffi_src/hazmat_src/padding.c b/src/_cffi_src/hazmat_src/padding.c index 570bad9f..1a0c869d 100644 --- a/src/_cffi_src/hazmat_src/padding.c +++ b/src/_cffi_src/hazmat_src/padding.c @@ -37,3 +37,27 @@ uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data, /* Now check the low bit to see if it's set */ return (mismatch & 1) == 0; } + +uint8_t Cryptography_check_ansix923_padding(const uint8_t *data, + uint8_t block_len) { + uint8_t i; + uint8_t pad_size = data[block_len - 1]; + uint8_t mismatch = 0; + /* Skip the first one with the pad size */ + for (i = 1; i < block_len; i++) { + unsigned int mask = Cryptography_constant_time_lt(i, pad_size); + uint8_t b = data[block_len - 1 - i]; + mismatch |= (mask & b); + } + + /* Check to make sure the pad_size was within the valid range. */ + mismatch |= ~Cryptography_constant_time_lt(0, pad_size); + mismatch |= Cryptography_constant_time_lt(block_len, pad_size); + + /* Make sure any bits set are copied to the lowest bit */ + mismatch |= mismatch >> 4; + mismatch |= mismatch >> 2; + mismatch |= mismatch >> 1; + /* Now check the low bit to see if it's set */ + return (mismatch & 1) == 0; +} diff --git a/src/_cffi_src/hazmat_src/padding.h b/src/_cffi_src/hazmat_src/padding.h index 4d218b1a..fb023c17 100644 --- a/src/_cffi_src/hazmat_src/padding.h +++ b/src/_cffi_src/hazmat_src/padding.h @@ -3,3 +3,4 @@ // repository for complete details. uint8_t Cryptography_check_pkcs7_padding(const uint8_t *, uint8_t); +uint8_t Cryptography_check_ansix923_padding(const uint8_t *, uint8_t); diff --git a/src/cryptography/hazmat/primitives/padding.py b/src/cryptography/hazmat/primitives/padding.py index 08c6ca03..81883404 100644 --- a/src/cryptography/hazmat/primitives/padding.py +++ b/src/cryptography/hazmat/primitives/padding.py @@ -165,4 +165,6 @@ class _ANSIX923PaddingContext(_BytePaddingContext): class _ANSIX923UnpaddingContext(_ByteUnpaddingContext): def _check_padding(self): - return True + return lib.Cryptography_check_ansix923_padding( + self._buffer, self.block_size // 8 + ) diff --git a/tests/hazmat/primitives/test_padding.py b/tests/hazmat/primitives/test_padding.py index 9da8ea7a..9126e5bf 100644 --- a/tests/hazmat/primitives/test_padding.py +++ b/tests/hazmat/primitives/test_padding.py @@ -102,6 +102,21 @@ class TestPKCS7(object): class TestANSIX923(object): + @pytest.mark.parametrize(("size", "padded"), [ + (128, b"1111"), + (128, b"1111111111111111"), + (128, b"111111111111111\x06"), + (128, b"1111111111\x06\x06\x06\x06\x06\x06"), + (128, b""), + (128, b"\x06" * 6), + (128, b"\x00" * 16), + ]) + def test_invalid_padding(self, size, padded): + unpadder = padding.ANSIX923(size).unpadder() + with pytest.raises(ValueError): + unpadder.update(padded) + unpadder.finalize() + @pytest.mark.parametrize(("size", "unpadded", "padded"), [ ( 128, |