Use associated data as IV for Aes256Cbc

Nitrokey · Feb 29, 2024 · 62b2cec · 62b2cec
1 parent 419dd5c
commit 62b2cec
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -43,6 +43,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   by default).
 - Change store implementations to use littlefs2’s `DynFilesystem` trait instead
   of being generic over the storage implementation.
+- Use associated data as IV if not empty for `Aes256Cbc`.
 
 ### Fixed
 

diff --git a/src/mechanisms/aes256cbc.rs b/src/mechanisms/aes256cbc.rs
@@ -31,8 +31,12 @@ impl Encrypt for super::Aes256Cbc {
             .try_into()
             .map_err(|_| Error::InternalError)?;
 
-        let zero_iv = [0u8; 16];
-        let cipher = Aes256CbcEnc::new_from_slices(&symmetric_key, &zero_iv).unwrap();
+        let iv = if request.associated_data.is_empty() {
+            [0u8; 16]
+        } else {
+            request.associated_data.as_slice().try_into().map_err(|_| Error::MechanismParamInvalid)?
+        };
+        let cipher = Aes256CbcEnc::new_from_slices(&symmetric_key, &iv).unwrap();
 
         // buffer must have enough space for message+padding
         let mut buffer = request.message.clone();
@@ -117,8 +121,12 @@ impl Decrypt for super::Aes256Cbc {
             .try_into()
             .map_err(|_| Error::InternalError)?;
 
-        let zero_iv = [0u8; 16];
-        let cipher = Aes256CbcDec::new_from_slices(&symmetric_key, &zero_iv).unwrap();
+        let iv = if request.associated_data.is_empty() {
+            [0u8; 16]
+        } else {
+            request.associated_data.as_slice().try_into().map_err(|_| Error::MechanismParamInvalid)?
+        };
+        let cipher = Aes256CbcDec::new_from_slices(&symmetric_key, &iv).unwrap();
 
         // buffer must have enough space for message+padding
         let mut buffer = request.message.clone();