Fix for AEAD auth_tag check in MessageEncryptor

When MessageEncryptor tries to +decrypt_and_verify+ ciphertexts generated in a different mode (such CBC-HMAC), the +auth_tag+ may be +nil+ and must explicitly check for it. See the discussion here: https://github.com/rails/rails/pull/28132#discussion_r116388462
2022-11-09 12:12:34 -05:00 · 2017-05-15 08:45:14 +00:00 · 2017-05-15 08:45:14 +00:00 · 71fb6def5f
commit 71fb6def5f
parent 4734d23c74
2 changed files with 9 additions and 1 deletions
--- a/activesupport/lib/active_support/message_encryptor.rb
+++ b/activesupport/lib/active_support/message_encryptor.rb
@ -110,7 +110,7 @@ module ActiveSupport
        # Currently the OpenSSL bindings do not raise an error if auth_tag is
        # truncated, which would allow an attacker to easily forge it. See
        # https://github.com/ruby/openssl/issues/63
-        raise InvalidMessage if aead_mode? && auth_tag.bytes.length != 16
+        raise InvalidMessage if aead_mode? && (auth_tag.nil? || auth_tag.bytes.length != 16)

        cipher.decrypt
        cipher.key = @secret
--- a/activesupport/test/message_encryptor_test.rb
+++ b/activesupport/test/message_encryptor_test.rb
@ -86,6 +86,14 @@ class MessageEncryptorTest < ActiveSupport::TestCase
    assert_equal @data, encryptor.decrypt_and_verify(message)
  end

+  def test_aead_mode_with_hmac_cbc_cipher_text
+    encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
+
+    assert_raise ActiveSupport::MessageEncryptor::InvalidMessage do
+      encryptor.decrypt_and_verify "eHdGeExnZEwvMSt3U3dKaFl1WFo0TjVvYzA0eGpjbm5WSkt5MXlsNzhpZ0ZnbWhBWFlQZTRwaXE1bVJCS2oxMDZhYVp2dVN3V0lNZUlWQ3c2eVhQbnhnVjFmeVVubmhRKzF3WnZyWHVNMDg9LS1HSisyakJVSFlPb05ISzRMaXRzcFdBPT0=--831a1d54a3cda8a0658dc668a03dedcbce13b5ca"
+    end
+  end
+
  def test_messing_with_aead_values_causes_failures
    encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
    text, iv, auth_tag = encryptor.encrypt_and_sign(@data).split("--")