suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OP-01-001 Type confusion in crypto.random.RandomBuffer (Low)

Browse Source
This commit is contained in:
Thomas Oberndörfer 2014-03-27 15:49:10 +01:00
parent ed13502dc2
commit 4d96089f72
3 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/crypto/random.js
View File

@ -76,6 +76,9 @@ module.exports = {
* @param {Uint8Array} buf * @param {Uint8Array} buf
*/ */
getRandomValues: function(buf) { getRandomValues: function(buf) {
if (!(buf instanceof Uint8Array)) {
throw new Error('Invalid type: buf not an Uint8Array');
}
if (typeof window !== 'undefined' && window.crypto) { if (typeof window !== 'undefined' && window.crypto) {
window.crypto.getRandomValues(buf); window.crypto.getRandomValues(buf);
} else if (nodeCrypto) { } else if (nodeCrypto) {
@ -142,18 +145,21 @@ function RandomBuffer() {
* @param {Integer} size size of buffer * @param {Integer} size size of buffer
*/ */
RandomBuffer.prototype.init = function(size) { RandomBuffer.prototype.init = function(size) {
this.buffer = new Uint32Array(size); this.buffer = new Uint8Array(size);
this.size = 0; this.size = 0;
}; };
/** /**
* Concat array of secure random numbers to buffer * Concat array of secure random numbers to buffer
* @param {Uint32Array} buf * @param {Uint8Array} buf
*/ */
RandomBuffer.prototype.set = function(buf) { RandomBuffer.prototype.set = function(buf) {
if (!this.buffer) { if (!this.buffer) {
throw new Error('RandomBuffer is not initialized'); throw new Error('RandomBuffer is not initialized');
} }
if (!(buf instanceof Uint8Array)) {
throw new Error('Invalid type: buf not an Uint8Array');
}
var freeSpace = this.buffer.length - this.size; var freeSpace = this.buffer.length - this.size;
if (buf.length > freeSpace) { if (buf.length > freeSpace) {
buf = buf.subarray(0, freeSpace); buf = buf.subarray(0, freeSpace);
@ -164,12 +170,15 @@ RandomBuffer.prototype.set = function(buf) {
/** /**
* Take numbers out of buffer and copy to array * Take numbers out of buffer and copy to array
* @param {Uint32Array} buf the destination array * @param {Uint8Array} buf the destination array
*/ */
RandomBuffer.prototype.get = function(buf) { RandomBuffer.prototype.get = function(buf) {
if (!this.buffer) { if (!this.buffer) {
throw new Error('RandomBuffer is not initialized'); throw new Error('RandomBuffer is not initialized');
} }
if (!(buf instanceof Uint8Array)) {
throw new Error('Invalid type: buf not an Uint8Array');
}
if (this.size < buf.length) { if (this.size < buf.length) {
throw new Error('Random number buffer depleted.') throw new Error('Random number buffer depleted.')
} }

3
src/worker/worker.js
View File

@ -31,6 +31,9 @@ onmessage = function (event) {
correct = false; correct = false;
switch (msg.event) { switch (msg.event) {
case 'seed-random': case 'seed-random':
if (!(msg.buf instanceof Uint8Array)) {
msg.buf = new Uint8Array(msg.buf);
}
window.openpgp.crypto.random.randomBuffer.set(msg.buf); window.openpgp.crypto.random.randomBuffer.set(msg.buf);
break; break;
case 'encrypt-message': case 'encrypt-message':

10
test/worker/api.js
View File

@ -509,6 +509,8 @@ describe('Random Buffer', function() {
it('Set Method', function () { it('Set Method', function () {
randomBuffer.init(5); randomBuffer.init(5);
var buf = new Uint32Array(2); var buf = new Uint32Array(2);
expect(randomBuffer.set.bind(randomBuffer, buf)).to.throw('Invalid type: buf not an Uint8Array');
buf = new Uint8Array(2);
buf[0] = 1; buf[1] = 2; buf[0] = 1; buf[1] = 2;
randomBuffer.set(buf); randomBuffer.set(buf);
expect(equal(randomBuffer.buffer, [1,2,0,0,0])).to.be.true; expect(equal(randomBuffer.buffer, [1,2,0,0,0])).to.be.true;
@ -520,7 +522,7 @@ describe('Random Buffer', function() {
expect(equal(randomBuffer.buffer, [1,2,1,2,1])).to.be.true; expect(equal(randomBuffer.buffer, [1,2,1,2,1])).to.be.true;
expect(randomBuffer.size).to.equal(5); expect(randomBuffer.size).to.equal(5);
randomBuffer.init(1); randomBuffer.init(1);
var buf = new Uint32Array(2); buf = new Uint8Array(2);
buf[0] = 1; buf[1] = 2; buf[0] = 1; buf[1] = 2;
randomBuffer.set(buf); randomBuffer.set(buf);
expect(buf).to.to.have.property('0', 1); expect(buf).to.to.have.property('0', 1);
@ -529,10 +531,12 @@ describe('Random Buffer', function() {
it('Get Method', function () { it('Get Method', function () {
randomBuffer.init(5); randomBuffer.init(5);
var buf = new Uint32Array(5); var buf = new Uint8Array(5);
buf[0] = 1; buf[1] = 2; buf[2] = 5; buf[3] = 7; buf[4] = 8; buf[0] = 1; buf[1] = 2; buf[2] = 5; buf[3] = 7; buf[4] = 8;
randomBuffer.set(buf); randomBuffer.set(buf);
var buf = new Uint32Array(2); buf = new Uint32Array(2);
expect(randomBuffer.get.bind(randomBuffer, buf)).to.throw('Invalid type: buf not an Uint8Array');
buf = new Uint8Array(2);
randomBuffer.get(buf); randomBuffer.get(buf);
expect(equal(randomBuffer.buffer, [1,2,5,7,8])).to.be.true; expect(equal(randomBuffer.buffer, [1,2,5,7,8])).to.be.true;
expect(randomBuffer.size).to.equal(3); expect(randomBuffer.size).to.equal(3);