Madiator2011/lbry-sdk
1
0
Fork 0
forked from LBRYCommunity/lbry-sdk
Code Pull requests Activity

fix decrypting invalid bytes with valid padding

Browse source
This commit is contained in:
Victor Shyba 2020-01-12 02:52:27 -03:00 committed by Lex Berezhny
parent 9371122bed
commit 6647dd8f08
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lbry/crypto/crypt.py
View file

@ -33,6 +33,8 @@ def aes_decrypt(secret: str, value: str) -> typing.Tuple[str, bytes]:
unpadder = PKCS7(AES.block_size).unpadder() unpadder = PKCS7(AES.block_size).unpadder()
result = unpadder.update(decryptor.update(data)) + unpadder.finalize() result = unpadder.update(decryptor.update(data)) + unpadder.finalize()
return result.decode(), init_vector return result.decode(), init_vector
except UnicodeDecodeError:
raise InvalidPasswordError()
except ValueError as e: except ValueError as e:
if e.args[0] == 'Invalid padding bytes.': if e.args[0] == 'Invalid padding bytes.':
raise InvalidPasswordError() raise InvalidPasswordError()

4
tests/unit/wallet/test_hash.py
View file

@ -39,6 +39,10 @@ class TestAESEncryptDecrypt(TestCase):
with self.assertRaises(InvalidPasswordError): with self.assertRaises(InvalidPasswordError):
aes_decrypt('notbubblegum', aes_encrypt('bubblegum', self.message)) aes_decrypt('notbubblegum', aes_encrypt('bubblegum', self.message))
def test_edge_case_invalid_password_valid_padding_invalid_unicode(self):
with self.assertRaises(InvalidPasswordError):
aes_decrypt('notbubblegum', 'gy3/mNq3FWB/xAXirOQnlAqQLuvhLGXZaeGBUIg1w6yY4PDLDT7BU83XOfBsJoluWU5zEU4+upOFH35HDqyV8EMQhcKSufN9WkT1izEbFtweBUTK8nTSkV7NBppE1Jaz')
def test_better_encrypt_decrypt(self): def test_better_encrypt_decrypt(self):
self.assertEqual( self.assertEqual(
b'valuable value', b'valuable value',