From f0af2c1b75c366b228925a8b88cf3bf19066dc41 Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Fri, 27 Mar 2015 00:16:51 -0400
Subject: make the decrypt primitives return options based on valid padding

---
 src/aes.rs | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

(limited to 'src/aes.rs')

diff --git a/src/aes.rs b/src/aes.rs
index 05922e7..a4b5059 100644
--- a/src/aes.rs
+++ b/src/aes.rs
@@ -12,21 +12,23 @@ pub enum BlockCipherMode {
     CBC,
 }
 
-pub fn decrypt_aes_128_ecb (bytes: &[u8], key: &[u8]) -> Vec<u8> {
-    return openssl::crypto::symm::decrypt(
+pub fn decrypt_aes_128_ecb (bytes: &[u8], key: &[u8]) -> Option<Vec<u8>> {
+    // openssl already doesn't return differentiable results for invalid
+    // padding, so we can't either
+    return Some(openssl::crypto::symm::decrypt(
         openssl::crypto::symm::Type::AES_128_ECB,
         key,
         vec![],
         bytes
-    )
+    ));
 }
 
-pub fn decrypt_aes_128_cbc (bytes: &[u8], key: &[u8], iv: &[u8]) -> Vec<u8> {
+pub fn decrypt_aes_128_cbc (bytes: &[u8], key: &[u8], iv: &[u8]) -> Option<Vec<u8>> {
     let mut prev = iv.clone();
     let mut plaintext = vec![];
     for block in bytes.chunks(16) {
         let plaintext_block = fixed_xor(
-            &decrypt_aes_128_ecb(&pad_pkcs7(block, 16)[..], key)[..],
+            &decrypt_aes_128_ecb(&pad_pkcs7(block, 16)[..], key).unwrap()[..],
             prev
         );
         for c in plaintext_block {
@@ -34,7 +36,7 @@ pub fn decrypt_aes_128_cbc (bytes: &[u8], key: &[u8], iv: &[u8]) -> Vec<u8> {
         }
         prev = block.clone();
     }
-    return unpad_pkcs7(&plaintext[..]).expect("invalid padding").to_vec();
+    return unpad_pkcs7(&plaintext[..]).map(|v| v.to_vec());
 }
 
 pub fn encrypt_aes_128_ecb (bytes: &[u8], key: &[u8]) -> Vec<u8> {
@@ -318,8 +320,8 @@ fn test_encrypt_decrypt () {
     let ciphertext_ecb = encrypt_aes_128_ecb(&plaintext[..], &key[..]);
     let ciphertext_cbc = encrypt_aes_128_cbc(&plaintext[..], &key[..], &iv[..]);
 
-    let plaintext2_ecb = decrypt_aes_128_ecb(&ciphertext_ecb[..], &key[..]);
-    let plaintext2_cbc = decrypt_aes_128_cbc(&ciphertext_cbc[..], &key[..], &iv[..]);
+    let plaintext2_ecb = decrypt_aes_128_ecb(&ciphertext_ecb[..], &key[..]).unwrap();
+    let plaintext2_cbc = decrypt_aes_128_cbc(&ciphertext_cbc[..], &key[..], &iv[..]).unwrap();
 
     let ciphertext2_ecb = encrypt_aes_128_ecb(&plaintext2_ecb[..], &key[..]);
     let ciphertext2_cbc = encrypt_aes_128_cbc(&plaintext2_cbc[..], &key[..], &iv[..]);
-- 
cgit v1.2.3-54-g00ecf