Insecure Encryption Affecting rust-crypto package, versions *
Snyk CVSS
Attack Complexity
Low
Scope
Changed
Confidentiality
High
Threat Intelligence
Exploit Maturity
Proof of concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUST-RUSTCRYPTO-2414085
- published 2 Mar 2022
- disclosed 28 Feb 2022
- credit Unknown
How to fix?
There is no fixed version for rust-crypto
.
Overview
rust-crypto is a (mostly) pure-Rust implementation of various common cryptographic algorithms.
Affected versions of this package are vulnerable to Insecure Encryption due to miscomputation when performing the AES
encryption.
PoC
use crypto::{
aes, blockmodes, buffer,
buffer::{BufferResult, ReadBuffer, WriteBuffer},
symmetriccipher,
};
fn encrypt(
key: &[u8],
iv: &[u8],
data: &str,
) -> Result<String, symmetriccipher::SymmetricCipherError> {
let mut encryptor =
aes::cbc_encryptor(aes::KeySize::KeySize256, key, iv, blockmodes::PkcsPadding);
let mut encrypted_data = Vec::<u8>::new();
let mut read_buffer = buffer::RefReadBuffer::new(data.as_bytes());
let mut buffer = [0; 4096];
let mut write_buffer = buffer::RefWriteBuffer::new(&mut buffer);
loop {
let result = encryptor.encrypt(&mut read_buffer, &mut write_buffer, true)?;
encrypted_data.extend(
write_buffer
.take_read_buffer()
.take_remaining()
.iter()
.copied(),
);
match result {
BufferResult::BufferUnderflow => break,
BufferResult::BufferOverflow => {}
}
}
Ok(hex::encode(encrypted_data))
}
fn working() {
let data = "data";
let iv = [
0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE,
0xFF,
];
let key = [
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
0x0F,
];
// The copy here makes the code work.
let key_copy = key;
let key2: Vec<u8> = key_copy.iter().cycle().take(32).copied().collect();
println!("key1:{} key2: {}", hex::encode(&key), hex::encode(&key2));
let x1 = encrypt(&key, &iv, data).unwrap();
println!("X1: {}", x1);
let x2 = encrypt(&key2, &iv, data).unwrap();
println!("X2: {}", x2);
assert_eq!(x1, x2);
}
fn broken() {
let data = "data";
let iv = [
0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE,
0xFF,
];
let key = [
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
0x0F,
];
// This operation shouldn't affect the contents of key at all.
let key2: Vec<u8> = key.iter().cycle().take(32).copied().collect();
println!("key1:{} key2: {}", hex::encode(&key), hex::encode(&key2));
let x1 = encrypt(&key, &iv, data).unwrap();
println!("X1: {}", x1);
let x2 = encrypt(&key2, &iv, data).unwrap();
println!("X2: {}", x2);
assert_eq!(x1, x2);
}
fn main() {
working();
broken();
}