Padding remove() is failable operation and may throws error now. #184

CryptoSwiftTests/AESTests.swift

@@ -183,4 +183,18 @@ final class AESTests: XCTestCase {
         })
     }
 
+    func testAESWithWrongKey() {
+        let key:[UInt8] = [0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c];
+        let key2:[UInt8] = [0x22,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x33];
+        let iv:[UInt8] = [0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F]
+        let plaintext:[UInt8] = [49, 46, 50, 50, 50, 51, 51, 51, 51]
+
+        let aes = try! AES(key: key, iv:iv, blockMode: .CBC)
+        let aes2 = try! AES(key: key2, iv:iv, blockMode: .CBC)
+        XCTAssertTrue(aes.blockMode == .CBC, "Invalid block mode")
+        let encrypted = try! aes.encrypt(plaintext, padding: PKCS7())
+        let decrypted = try? aes2.decrypt(encrypted, padding: PKCS7())
+        XCTAssertTrue(decrypted == nil, "failed")
+    }
+
 }

CryptoSwiftTests/PaddingTests.swift

@@ -14,7 +14,7 @@ final class PaddingTests: XCTestCase {
         let expected:[UInt8] = [1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16]
         let padded = PKCS7().add(input, blockSize: 16)
         XCTAssertEqual(padded, expected, "PKCS7 failed")
-        let clean = PKCS7().remove(padded, blockSize: nil)
+        let clean = try! PKCS7().remove(padded, blockSize: nil)
         XCTAssertEqual(clean, input, "PKCS7 failed")
     }
     
@@ -23,7 +23,7 @@ final class PaddingTests: XCTestCase {
         let expected:[UInt8] = [1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,1]
         let padded = PKCS7().add(input, blockSize: 16)
         XCTAssertEqual(padded, expected, "PKCS7 failed")
-        let clean = PKCS7().remove(padded, blockSize: nil)
+        let clean = try! PKCS7().remove(padded, blockSize: nil)
         XCTAssertEqual(clean, input, "PKCS7 failed")
     }
     
@@ -32,7 +32,7 @@ final class PaddingTests: XCTestCase {
         let expected:[UInt8] = [1,2,3,4,5,6,7,8,9,0,1,2,3,4,2,2]
         let padded = PKCS7().add(input, blockSize: 16)
         XCTAssertEqual(padded, expected, "PKCS7 failed")
-        let clean = PKCS7().remove(padded, blockSize: nil)
+        let clean = try! PKCS7().remove(padded, blockSize: nil)
         XCTAssertEqual(clean, input, "PKCS7 failed")
     }
 }

Sources/CryptoSwift/AES.swift

@@ -187,7 +187,7 @@ final public class AES {
         }
         
         if let padding = padding {
-            return padding.remove(out, blockSize: nil)
+            return try padding.remove(out, blockSize: AES.blockSize)
         }
         
         return out

Sources/CryptoSwift/PKCS7.swift

@@ -10,6 +10,10 @@
 //
 
 public struct PKCS7: Padding {
+
+    public enum Error: ErrorType {
+        case InvalidPaddingValue
+    }
     
     public init() {
         
@@ -32,12 +36,17 @@ public struct PKCS7: Padding {
         return withPadding
     }
     
-    public func remove(bytes: [UInt8], blockSize:Int?) -> [UInt8] {
+    public func remove(bytes: [UInt8], blockSize:Int?) throws -> [UInt8] {
         let lastByte = bytes.last!
         let padding = Int(lastByte) // last byte
+        let finalLength = bytes.count - padding
+
+        if finalLength < 0 {
+            throw Error.InvalidPaddingValue
+        }
         
-        if padding >= 1 { //TODO: need test for that, what about empty padding
-            return Array(bytes[0..<(bytes.count - padding)])
+        if padding >= 1 {
+            return Array(bytes[0..<finalLength])
         }
         return bytes
     }

Sources/CryptoSwift/Padding.swift

@@ -8,5 +8,5 @@
 
 public protocol Padding {
     func add(data: [UInt8], blockSize:Int) -> [UInt8]
-    func remove(data: [UInt8], blockSize:Int?) -> [UInt8]
+    func remove(data: [UInt8], blockSize:Int?) throws -> [UInt8]
 }