suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OP-01-003 Suggested Code Enforcement of RandomBuffer (Low). Clearing random number from buffer after usage. buffer variable is still a public.

Browse Source
This commit is contained in:
Thomas Oberndörfer 2014-03-28 13:16:33 +01:00
parent 1acf1cff9a
commit b9c597a41a
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/crypto/random.js
View File

@ -164,6 +164,7 @@ RandomBuffer.prototype.set = function(buf) {
if (buf.length > freeSpace) {
buf = buf.subarray(0, freeSpace);
}
// set buf with offset old size of buffer
this.buffer.set(buf, this.size);
this.size += buf.length;
};
@ -180,9 +181,11 @@ RandomBuffer.prototype.get = function(buf) {
throw new Error('Invalid type: buf not an Uint8Array');
}
if (this.size < buf.length) {
throw new Error('Random number buffer depleted.')
throw new Error('Random number buffer depleted');
}
for (var i = 0; i < buf.length; i++) {
buf[i] = this.buffer[--this.size];
// clear buffer value
this.buffer[this.size] = 0;
}
};

8
test/worker/api.js
View File

@ -388,7 +388,7 @@ describe('High level API', function() {
wProxy.encryptMessage([pubKeyRSA], plaintext, function(err, data) {
expect(data).to.not.exist;
expect(err).to.exist;
expect(err).to.eql(new Error('Random number buffer depleted.'));
expect(err).to.eql(new Error('Random number buffer depleted'));
done();
});
});
@ -538,16 +538,16 @@ describe('Random Buffer', function() {
expect(randomBuffer.get.bind(randomBuffer, buf)).to.throw('Invalid type: buf not an Uint8Array');
buf = new Uint8Array(2);
randomBuffer.get(buf);
expect(equal(randomBuffer.buffer, [1,2,5,7,8])).to.be.true;
expect(equal(randomBuffer.buffer, [1,2,5,0,0])).to.be.true;
expect(randomBuffer.size).to.equal(3);
expect(buf).to.to.have.property('0', 8);
expect(buf).to.to.have.property('1', 7);
expect(equal(randomBuffer.buffer, [1,2,5,7,8])).to.be.true;
randomBuffer.get(buf);
expect(buf).to.to.have.property('0', 5);
expect(buf).to.to.have.property('1', 2);
expect(equal(randomBuffer.buffer, [1,0,0,0,0])).to.be.true;
expect(randomBuffer.size).to.equal(1);
expect(function() { randomBuffer.get(buf) }).to.throw('Random number buffer depleted.');
expect(function() { randomBuffer.get(buf) }).to.throw('Random number buffer depleted');
});
});