Skip to content

fix: The final frame can not be larger than the Frame Length #281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Apr 1, 2020
Merged

fix: The final frame can not be larger than the Frame Length #281

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
742adca
fix: The final frame can not be larger than the Frame Length
seebees Mar 26, 2020
1f29bd6
Update modules/serialize/src/decode_body_header.ts
seebees Mar 27, 2020
9ed5d34
Update modules/serialize/test/decode_body_header.test.ts
seebees Mar 27, 2020
61302e4
update the serialize path
seebees Mar 27, 2020
2012ba2
Merge branch 'master' into final-frame-content-length
seebees Apr 1, 2020
9a38cea
update error message and tests
seebees Apr 1, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions modules/encrypt-browser/src/encrypt.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ export async function encrypt (
/* The final frame has a variable length.
* The value needs to be known, but should only be calculated once.
* So I calculate how much of a frame I should have at the end.
* This value will NEVER be larger than the frameLength.
*/
const finalFrameLength = frameLength - ((numberOfFrames * frameLength) - plaintextLength)
const bodyContent = []
Expand Down
13 changes: 10 additions & 3 deletions modules/encrypt-node/src/framed_encrypt_stream.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ export function getFramedEncryptStream (getCipher: GetCipher, messageHeader: Mes
/* Push the authTag onto the end. Yes, I am abusing the name. */
cipherContent.push(cipher.getAuthTag())

needs(frameSize === frameLength || isFinalFrame, 'Malformed frame')
needs(frameSize === frameLength || (isFinalFrame && frameLength >= frameSize), 'Malformed frame')

for (const cipherText of cipherContent) {
if (!this.push(cipherText)) {
Expand All @@ -190,11 +190,18 @@ type EncryptFrameInput = {
export function getEncryptFrame (input: EncryptFrameInput): EncryptFrame {
const { pendingFrame, messageHeader, getCipher, isFinalFrame } = input
const { sequenceNumber, contentLength, content } = pendingFrame
const frameIv = serialize.frameIv(messageHeader.headerIvLength, sequenceNumber)
const { frameLength, contentType, messageId, headerIvLength } = messageHeader
/* Precondition: The content length MUST correlate with the frameLength.
* In the case of a regular frame,
* the content length MUST strictly equal the frame length.
* In the case of the final frame,
* it MUST NOT be larger than the frame length.
*/
needs(frameLength === contentLength || (isFinalFrame && frameLength >= contentLength), `Malformed frame length and content length: ${JSON.stringify({ frameLength, contentLength, isFinalFrame })}`)
const frameIv = serialize.frameIv(headerIvLength, sequenceNumber)
const bodyHeader = Buffer.from(isFinalFrame
? finalFrameHeader(sequenceNumber, frameIv, contentLength)
: frameHeader(sequenceNumber, frameIv))
const { contentType, messageId } = messageHeader
const contentString = aadUtility.messageAADContentString({ contentType, isFinalFrame })
const { buffer, byteOffset, byteLength } = aadUtility.messageAAD(messageId, contentString, sequenceNumber, contentLength)
const cipher = getCipher(frameIv)
Expand Down
89 changes: 88 additions & 1 deletion modules/encrypt-node/test/framed_encrypt_stream.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@

import * as chai from 'chai'
import chaiAsPromised from 'chai-as-promised'
import { getFramedEncryptStream } from '../src/framed_encrypt_stream'
import { getFramedEncryptStream, getEncryptFrame } from '../src/framed_encrypt_stream'

chai.use(chaiAsPromised)
const { expect } = chai
Expand Down Expand Up @@ -60,3 +60,90 @@ describe('getFramedEncryptStream', () => {
expect(called).to.equal(true)
})
})

describe('getEncryptFrame', () => {
it('can return an EncryptFrame', () => {
const input = {
pendingFrame: {
content: [Buffer.from([1, 2, 3, 4, 5])],
contentLength: 5,
sequenceNumber: 1
},
isFinalFrame: false,
getCipher: () => ({ setAAD: () => {} }) as any,
messageHeader: {
frameLength: 5,
contentType: 2,
messageId: Buffer.from([]),
headerIvLength: 12 as 12,
version: 1,
type: 12,
suiteId: 1,
encryptionContext: {},
encryptedDataKeys: []
}
}
const test1 = getEncryptFrame(input)
expect(test1.content).to.equal(input.pendingFrame.content)
expect(test1.isFinalFrame).to.equal(input.isFinalFrame)

// Just a quick flip to make sure...
input.isFinalFrame = true
const test2 = getEncryptFrame(input)
expect(test2.content).to.equal(input.pendingFrame.content)
expect(test2.isFinalFrame).to.equal(input.isFinalFrame)
})

it('Precondition: The content length MUST correlate with the frameLength.', () => {
const inputFinalFrameToLarge = {
pendingFrame: {
content: [Buffer.from([1, 2, 3, 4, 5, 6])],
// This exceeds the frameLength below
contentLength: 6,
sequenceNumber: 1
},
isFinalFrame: true,
getCipher: () => ({ setAAD: () => {} }) as any,
messageHeader: {
frameLength: 5,
contentType: 2,
messageId: Buffer.from([]),
headerIvLength: 12 as 12,
version: 1,
type: 12,
suiteId: 1,
encryptionContext: {},
encryptedDataKeys: []
}
}

expect(() => getEncryptFrame(inputFinalFrameToLarge)).to.throw('Malformed frame length and content length:')

const inputFrame = {
pendingFrame: {
content: [Buffer.from([1, 2, 3, 4, 5])],
contentLength: 5,
sequenceNumber: 1
},
isFinalFrame: false,
getCipher: () => ({ setAAD: () => {} }) as any,
messageHeader: {
frameLength: 5,
contentType: 2,
messageId: Buffer.from([]),
headerIvLength: 12 as 12,
version: 1,
type: 12,
suiteId: 1,
encryptionContext: {},
encryptedDataKeys: []
}
}

// Make sure that it must be equal as long as we are here...
inputFrame.pendingFrame.contentLength = 4
expect(() => getEncryptFrame(inputFrame)).to.throw('Malformed frame length and content length:')
inputFrame.pendingFrame.contentLength = 6
expect(() => getEncryptFrame(inputFrame)).to.throw('Malformed frame length and content length:')
})
})
2 changes: 2 additions & 0 deletions modules/serialize/src/decode_body_header.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,8 @@ export function decodeFinalFrameBodyHeader (buffer: Uint8Array, headerInfo: Head
needs(sequenceNumber > 0, 'Malformed sequenceNumber.')
const iv = buffer.slice(readPos += 4, readPos += ivLength)
const contentLength = dataView.getUint32(readPos)
/* Postcondition: The final frame MUST NOT exceed the frameLength. */
needs(headerInfo.messageHeader.frameLength >= contentLength, 'Final frame length exceeds frame length.')
return {
sequenceNumber,
iv,
Expand Down
58 changes: 50 additions & 8 deletions modules/serialize/test/decode_body_header.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ describe('decodeFrameBodyHeader', () => {
it('return final frame header', () => {
const headerInfo = {
messageHeader: {
frameLength: 99,
frameLength: 999,
contentType: ContentType.FRAMED_DATA
},
algorithmSuite: {
Expand Down Expand Up @@ -205,7 +205,7 @@ describe('decodeFrameBodyHeader', () => {
const buffer = concatBuffers(new Uint8Array(10), fixtures.finalFrameHeader())
const headerInfo = {
messageHeader: {
frameLength: 99,
frameLength: 999,
contentType: ContentType.FRAMED_DATA
},
algorithmSuite: {
Expand Down Expand Up @@ -296,7 +296,7 @@ describe('decodeFinalFrameBodyHeader', () => {
it('return final frame header from readPos', () => {
const headerInfo = {
messageHeader: {
frameLength: 99,
frameLength: 999,
contentType: ContentType.FRAMED_DATA
},
algorithmSuite: {
Expand All @@ -318,12 +318,36 @@ describe('decodeFinalFrameBodyHeader', () => {
expect(test.tagLength).to.eql(16)
expect(test.isFinalFrame).to.eql(true)
expect(test.contentType).to.eql(ContentType.FRAMED_DATA)
expect(test.contentLength).to.eql(999)
})

it('The final frame can be 0 length.', () => {
const headerInfo = {
messageHeader: {
frameLength: 999,
contentType: ContentType.FRAMED_DATA
},
algorithmSuite: {
ivLength: 12,
tagLength: 16
}
} as any
const buffer = fixtures.finalFrameHeaderZeroBytes()

const test = decodeFinalFrameBodyHeader(buffer, headerInfo, 0)
if (!test) throw new Error('failure')
expect(test.sequenceNumber).to.eql(1)
expect(test.iv).to.eql(fixtures.basicFrameIV())
expect(test.tagLength).to.eql(16)
expect(test.isFinalFrame).to.eql(true)
expect(test.contentType).to.eql(ContentType.FRAMED_DATA)
expect(test.contentLength).to.eql(0)
})

it('Precondition: The contentType must be FRAMED_DATA to be a Final Frame.', () => {
const headerInfo = {
messageHeader: {
frameLength: 99,
frameLength: 999,
contentType: 'not FRAMED_DATA'
},
algorithmSuite: {
Expand All @@ -338,7 +362,7 @@ describe('decodeFinalFrameBodyHeader', () => {
it('Precondition: decodeFinalFrameBodyHeader readPos must be within the byte length of the buffer given.', () => {
const headerInfo = {
messageHeader: {
frameLength: 99,
frameLength: 999,
contentType: ContentType.FRAMED_DATA
},
algorithmSuite: {
Expand All @@ -355,7 +379,7 @@ describe('decodeFinalFrameBodyHeader', () => {
it('Postcondition: sequenceEnd must be SEQUENCE_NUMBER_END.', () => {
const headerInfo = {
messageHeader: {
frameLength: 99,
frameLength: 999,
contentType: ContentType.FRAMED_DATA
},
algorithmSuite: {
Expand All @@ -371,7 +395,7 @@ describe('decodeFinalFrameBodyHeader', () => {
it('Postcondition: decodeFinalFrameBodyHeader sequenceNumber must be greater than 0.', () => {
const headerInfo = {
messageHeader: {
frameLength: 99,
frameLength: 999,
contentType: ContentType.FRAMED_DATA
},
algorithmSuite: {
Expand All @@ -388,7 +412,7 @@ describe('decodeFinalFrameBodyHeader', () => {
const frameHeader = fixtures.finalFrameHeader()
const headerInfo = {
messageHeader: {
frameLength: 99,
frameLength: 999,
contentType: ContentType.FRAMED_DATA
},
algorithmSuite: {
Expand All @@ -402,6 +426,24 @@ describe('decodeFinalFrameBodyHeader', () => {
expect(test).to.eql(false)
}
})

it('Postcondition: The final frame MUST NOT exceed the frameLength.', () => {
const headerInfo = {
messageHeader: {
// The content length in this final frame is 999
// So I set the frame length to less than this
frameLength: 99,
contentType: ContentType.FRAMED_DATA
},
algorithmSuite: {
ivLength: 12,
tagLength: 16
}
} as any
const buffer = fixtures.finalFrameHeader()

expect(() => decodeFinalFrameBodyHeader(buffer, headerInfo, 0)).to.throw('Final frame length exceeds frame length.')
})
})

describe('decodeNonFrameBodyHeader', () => {
Expand Down
4 changes: 4 additions & 0 deletions modules/serialize/test/fixtures.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@ export function finalFrameHeader () {
return new Uint8Array([255, 255, 255, 255, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 3, 231])
}

export function finalFrameHeaderZeroBytes () {
return new Uint8Array([255, 255, 255, 255, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0])
}

export function invalidSequenceEndFinalFrameHeader () {
return new Uint8Array([0, 255, 255, 255, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 3, 231])
}
Expand Down