jedarden/pdftract
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(pdftract-495uv): AES-128 test buffer allocation for PKCS#7 padding

Browse source 
Fixed test_aes_128_decrypt_roundtrip_with_valid_padding and two similar
tests to use the ciphertext slice returned by encrypt_padded_mut instead of
the entire buffer. The buffer is over-allocated to accommodate padding, but
only the returned slice contains valid ciphertext. Using the entire buffer
included trailing zeros that caused decryption to fail with invalid padding.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
jedarden 2026-05-28 01:56:07 -04:00
parent 899ee1685b
commit c5440d115a
1 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
crates/pdftract-core/tests/encryption_aes_128_test.rs
View file

@ -140,14 +140,14 @@ mod tests {
let mut data_copy = vec![0u8; plaintext.len() + 16];
data_copy[..plaintext.len()].copy_from_slice(plaintext);
let encryptor = Aes128CbcEnc::new(&key.into(), &iv.into());
encryptor
let ct = encryptor
.encrypt_padded_mut::<Pkcs7>(&mut data_copy, plaintext.len())
.unwrap();
// Prepare data: IV + ciphertext (entire buffer after encrypt_padded_mut)
let mut encrypted_data = Vec::with_capacity(16 + data_copy.len());
// Prepare data: IV + ciphertext (use the returned slice which has correct length)
let mut encrypted_data = Vec::with_capacity(16 + ct.len());
encrypted_data.extend_from_slice(&iv);
encrypted_data.extend_from_slice(&data_copy);
encrypted_data.extend_from_slice(ct);
// Decrypt
let result = aes_128_decrypt(&file_key, object_number, generation, &encrypted_data);
@ -310,14 +310,14 @@ mod tests {
let mut data_copy = vec![0u8; plaintext.len() + 16];
data_copy[..plaintext.len()].copy_from_slice(plaintext);
let encryptor = Aes128CbcEnc::new(&key.into(), &iv.into());
encryptor
let ct = encryptor
.encrypt_padded_mut::<Pkcs7>(&mut data_copy, plaintext.len())
.unwrap();
// Prepare data: IV + ciphertext
let mut encrypted_data = Vec::with_capacity(16 + data_copy.len());
let mut encrypted_data = Vec::with_capacity(16 + ct.len());
encrypted_data.extend_from_slice(&iv);
encrypted_data.extend_from_slice(&data_copy);
encrypted_data.extend_from_slice(ct);
// Decrypt
let result = aes_128_decrypt(&file_key, object_number, generation, &encrypted_data);
@ -352,14 +352,14 @@ mod tests {
let mut data_copy = vec![0u8; plaintext.len() + 16];
data_copy[..plaintext.len()].copy_from_slice(plaintext);
let encryptor = Aes128CbcEnc::new(&key.into(), &iv.into());
encryptor
let ct = encryptor
.encrypt_padded_mut::<Pkcs7>(&mut data_copy, plaintext.len())
.unwrap();
// Prepare data: IV + ciphertext
let mut encrypted_data = Vec::with_capacity(16 + data_copy.len());
let mut encrypted_data = Vec::with_capacity(16 + ct.len());
encrypted_data.extend_from_slice(&iv);
encrypted_data.extend_from_slice(&data_copy);
encrypted_data.extend_from_slice(ct);
// Decrypt
let result = aes_128_decrypt(&file_key, object_number, generation, &encrypted_data);