Fixes incremental updates with AES-CTR. Backport 057ec9a. Fixes #287.

krzyzanowskim · krzyzanowskim · commit b4f932cf7925 · 2016-07-29T01:01:33.000+02:00
diff --git a/CryptoSwiftTests/AESTests.swift b/CryptoSwiftTests/AESTests.swift
@@ -268,6 +268,31 @@ final class AESTests: XCTestCase {
             self.stopMeasuring()
         })
     }
+    
+    // https://github.com/krzyzanowskim/CryptoSwift/pull/289
+    func testAES_encrypt_ctr_irregular_length_incremental_update() {
+        let key:Array<UInt8> = [0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c];
+        let iv:Array<UInt8> = [0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff]
+        let plaintext:Array<UInt8> = [0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,0x01,0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,0x01]
+        let expected:Array<UInt8> = [0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,0x1b,0xef,0x68,0x64,0x99,0xd,0xb6,0xce,0x37,0x40,0xbd,0x82,0x85,0x5d,0x11,0xfc,0x8e,0x49,0x4a,0xa9,0xed,0x23,0xe0,0xb9,0x40,0x2d]
+
+        let aes = try! AES(key: key, iv:iv, blockMode: .CTR, padding: NoPadding())
+        var encryptor = aes.makeEncryptor()
+        var encrypted = Array<UInt8>()
+        encrypted += try! encryptor.update(withBytes: Array(plaintext[0..<5]))
+        encrypted += try! encryptor.update(withBytes: Array(plaintext[5..<15]))
+        encrypted += try! encryptor.update(withBytes: Array(plaintext[15..<plaintext.count]))
+        encrypted += try! encryptor.finish()
+        XCTAssertEqual(encrypted, expected, "encryption failed")
+        
+        var decryptor = aes.makeDecryptor()
+        var decrypted = Array<UInt8>()
+        decrypted += try! decryptor.update(withBytes: Array(expected[0..<5]))
+        decrypted += try! decryptor.update(withBytes: Array(expected[5..<15]))
+        decrypted += try! decryptor.update(withBytes: Array(expected[15..<plaintext.count]))
+        decrypted += try! decryptor.finish()
+        XCTAssertEqual(decrypted, plaintext, "decryption failed")
+    }
 
     func testAESWithWrongKey() {
         let key:Array<UInt8> = [0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c];
diff --git a/Sources/CryptoSwift/AES.swift b/Sources/CryptoSwift/AES.swift
@@ -406,15 +406,14 @@ extension AES {
         mutating public func update(withBytes bytes:Array<UInt8>, isLast: Bool = false) throws -> Array<UInt8> {
             self.accumulated += bytes
 
-            if (isLast) {
+            if isLast {
                 self.accumulated = padding.add(self.accumulated, blockSize: AES.blockSize)
             }
 
-            //CTR does not require full block therefore work with anything
             var encrypted = Array<UInt8>()
             encrypted.reserveCapacity(self.accumulated.count)
             for chunk in self.accumulated.chunks(AES.blockSize) {
-                if (!self.paddingRequired || self.accumulated.count >= AES.blockSize) {
+                if (isLast || self.accumulated.count >= AES.blockSize) {
                     encrypted += worker.encrypt(chunk)
                     self.accumulated.removeFirst(chunk.count)
                 }
@@ -452,13 +451,13 @@ extension AES {
             var plaintext = Array<UInt8>()
             plaintext.reserveCapacity(self.accumulated.count)
             for chunk in self.accumulated.chunks(AES.blockSize) {
-                if (!self.paddingRequired || self.accumulated.count >= AES.blockSize) {
+                if (isLast || self.accumulated.count >= AES.blockSize) {
                     plaintext += worker.decrypt(chunk)
                     self.accumulated.removeFirst(chunk.count)
                 }
             }
 
-            if (isLast) {
+            if isLast {
                 plaintext = padding.remove(plaintext, blockSize: AES.blockSize)
             }
 
diff --git a/Sources/CryptoSwift/BlockMode/CTR.swift b/Sources/CryptoSwift/BlockMode/CTR.swift
@@ -32,13 +32,7 @@ struct CTRModeWorker: BlockModeWorker {
     }
 
     mutating func decrypt(ciphertext: Array<UInt8>) -> Array<UInt8> {
-        let nonce = buildNonce(iv, counter: UInt64(counter))
-        counter = counter + 1
-
-        guard let plaintext = cipherOperation(block: nonce) else {
-            return ciphertext
-        }
-        return xor(plaintext, ciphertext)
+        return encrypt(ciphertext)
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -406,15 +406,14 @@ extension AES {`
`406`	`406`	`mutating public func update(withBytes bytes:Array<UInt8>, isLast: Bool = false) throws -> Array<UInt8> {`
`407`	`407`	`self.accumulated += bytes`
`408`	`408`
`409`		`- if (isLast) {`
	`409`	`+ if isLast {`
`410`	`410`	`self.accumulated = padding.add(self.accumulated, blockSize: AES.blockSize)`
`411`	`411`	`}`
`412`	`412`
`413`		`- //CTR does not require full block therefore work with anything`
`414`	`413`	`var encrypted = Array<UInt8>()`
`415`	`414`	`encrypted.reserveCapacity(self.accumulated.count)`
`416`	`415`	`for chunk in self.accumulated.chunks(AES.blockSize) {`
`417`		`- if (!self.paddingRequired \|\| self.accumulated.count >= AES.blockSize) {`
	`416`	`+ if (isLast \|\| self.accumulated.count >= AES.blockSize) {`
`418`	`417`	`encrypted += worker.encrypt(chunk)`
`419`	`418`	`self.accumulated.removeFirst(chunk.count)`
`420`	`419`	`}`
`@@ -452,13 +451,13 @@ extension AES {`
`452`	`451`	`var plaintext = Array<UInt8>()`
`453`	`452`	`plaintext.reserveCapacity(self.accumulated.count)`
`454`	`453`	`for chunk in self.accumulated.chunks(AES.blockSize) {`
`455`		`- if (!self.paddingRequired \|\| self.accumulated.count >= AES.blockSize) {`
	`454`	`+ if (isLast \|\| self.accumulated.count >= AES.blockSize) {`
`456`	`455`	`plaintext += worker.decrypt(chunk)`
`457`	`456`	`self.accumulated.removeFirst(chunk.count)`
`458`	`457`	`}`
`459`	`458`	`}`
`460`	`459`
`461`		`- if (isLast) {`
	`460`	`+ if isLast {`
`462`	`461`	`plaintext = padding.remove(plaintext, blockSize: AES.blockSize)`
`463`	`462`	`}`
`464`	`463`
Original file line number	Diff line number	Diff line change
`@@ -32,13 +32,7 @@ struct CTRModeWorker: BlockModeWorker {`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`mutating func decrypt(ciphertext: Array<UInt8>) -> Array<UInt8> {`
`35`		`- let nonce = buildNonce(iv, counter: UInt64(counter))`
`36`		`- counter = counter + 1`
`37`		`-`
`38`		`- guard let plaintext = cipherOperation(block: nonce) else {`
`39`		`- return ciphertext`
`40`		`- }`
`41`		`- return xor(plaintext, ciphertext)`
	`35`	`+ return encrypt(ciphertext)`
`42`	`36`	`}`
`43`	`37`	`}`
`44`	`38`