Always allocate new toAuthData, and specify the size needed.

This ensures that encrypt or decrypt do not have unexpected side-effects if associated data is a slice of a bigger byte array. See test. PiperOrigin-RevId: 534332269 Change-Id: I063cea81c498b3a6ae2e4841461226dbda22190f
tink-crypto · May 23, 2023 · 71a1dbb · 71a1dbb
1 parent dde7729
commit 71a1dbb
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 5 deletions.
diff --git a/aead/subtle/encrypt_then_authenticate.go b/aead/subtle/encrypt_then_authenticate.go
@@ -70,10 +70,12 @@ func (e *EncryptThenAuthenticate) Encrypt(plaintext, associatedData []byte) ([]b
 		return nil, fmt.Errorf("encrypt_then_authenticate: %v", err)
 	}
 
-	toAuthData := append(associatedData, ciphertext...)
 	adSizeInBits := uint64(len(associatedData)) * 8
-	toAuthData = append(toAuthData, uint64ToByte(adSizeInBits)...)
-
+	adSizeInBitsEncoded := uint64ToByte(adSizeInBits)
+	toAuthData := make([]byte, 0, len(associatedData)+len(ciphertext)+len(adSizeInBitsEncoded))
+	toAuthData = append(toAuthData, associatedData...)
+	toAuthData = append(toAuthData, ciphertext...)
+	toAuthData = append(toAuthData, adSizeInBitsEncoded...)
 	tag, err := e.mac.ComputeMAC(toAuthData)
 	if err != nil {
 		return nil, fmt.Errorf("encrypt_then_authenticate: %v", err)
@@ -98,9 +100,12 @@ func (e *EncryptThenAuthenticate) Decrypt(ciphertext, associatedData []byte) ([]
 
 	// Authenticate the following data:
 	// associatedData || payload || adSizeInBits
-	toAuthData := append(associatedData, payload...)
 	adSizeInBits := uint64(len(associatedData)) * 8
-	toAuthData = append(toAuthData, uint64ToByte(adSizeInBits)...)
+	adSizeInBitsEncoded := uint64ToByte(adSizeInBits)
+	toAuthData := make([]byte, 0, len(associatedData)+len(payload)+len(adSizeInBitsEncoded))
+	toAuthData = append(toAuthData, associatedData...)
+	toAuthData = append(toAuthData, payload...)
+	toAuthData = append(toAuthData, adSizeInBitsEncoded...)
 
 	err := e.mac.VerifyMAC(ciphertext[len(ciphertext)-e.tagSize:], toAuthData)
 	if err != nil {

diff --git a/aead/subtle/encrypt_then_authenticate_test.go b/aead/subtle/encrypt_then_authenticate_test.go
@@ -175,6 +175,31 @@ func TestETAEncryptDecrypt(t *testing.T) {
 	}
 }
 
+func TestETAWithAssociatedDataSlice(t *testing.T) {
+	const keySize = 16
+	const ivSize = 12
+	const macKeySize = 16
+	const tagSize = 16
+	cipher, err := createAEAD(keySize, ivSize, "SHA1", macKeySize, tagSize)
+	if err != nil {
+		t.Fatalf("got: %v, want: success", err)
+	}
+
+	message := []byte("message")
+	largeData := []byte("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
+	associatedData := largeData[:1]
+
+	_, err = cipher.Encrypt(message, associatedData)
+	if err != nil {
+		t.Fatalf("encryption failed, error: %v", err)
+	}
+
+	wantLargeData := []byte("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
+	if !bytes.Equal(largeData, wantLargeData) {
+		t.Errorf("largeData = %q, want: %q", largeData, wantLargeData)
+	}
+}
+
 func TestETAEncryptDecryptRandomMessage(t *testing.T) {
 	const keySize = 16
 	const ivSize = 12