fix: validate payload length - WPB-24142 (#4454)

Author: johnxnguyen

wire-ios-utilities/Source/NSData+ZMSCrypto.m

@@ -241,25 +241,31 @@ - (NSData *)zmDecryptPrefixedPlainTextIVWithKey:(NSData *)key
 {
     VerifyReturnNil(key.length == kCCKeySizeAES256);
 
+    // The encrypted payload is IV + ciphertext, so a valid
+    // payload must be larger than the IV.
+    VerifyReturnNil(self.length > kCCBlockSizeAES128);
+
     size_t copiedBytes = 0;
     NSMutableData *decryptedData = [NSMutableData dataWithLength:self.length+kCCBlockSizeAES128];
     NSData *dataWithoutIV = [NSData dataWithBytes:self.bytes+kCCBlockSizeAES128 length:self.length-kCCBlockSizeAES128];
     NSData *IV = [NSData dataWithBytes:self.bytes length:kCCBlockSizeAES128];
 
     ZMLogDebug(@"Decrypt: IV is %@. Data : %lu, Data w/out IV: %lu", [IV base64EncodedStringWithOptions:0], (unsigned long)self.length, (unsigned long)dataWithoutIV.length);
 
-    CCCryptorStatus status = CCCrypt(kCCDecrypt,                    // basic operation kCCEncrypt or kCCDecrypt
-                                     kCCAlgorithmAES,               // encryption algorithm
-                                     kCCOptionPKCS7Padding,         // flags defining encryption
-                                     key.bytes,      // Raw key material
-                                     kCCKeySizeAES256,     // Length of key material
-                                     IV.bytes,                      // Initialization vector for Cipher Block Chaining (CBC) mode (first 16 bytes)
-                                     dataWithoutIV.bytes,           // Data to encrypt or decrypt
-                                     dataWithoutIV.length,          // Length of data to encrypt or decrypt
-                                     decryptedData.mutableBytes,    // Result is written here
-                                     decryptedData.length,          // The size of the dataOut buffer in bytes
-                                     &copiedBytes);                    // On successful return, the number of bytes written to dataOut.
-    
+    CCCryptorStatus status = CCCrypt(
+        kCCDecrypt,                    // basic operation kCCEncrypt or kCCDecrypt
+        kCCAlgorithmAES,               // encryption algorithm
+        kCCOptionPKCS7Padding,         // flags defining encryption
+        key.bytes,                     // Raw key material
+        kCCKeySizeAES256,              // Length of key material
+        IV.bytes,                      // Initialization vector for Cipher Block Chaining (CBC) mode (first 16 bytes)
+        dataWithoutIV.bytes,           // Data to encrypt or decrypt
+        dataWithoutIV.length,          // Length of data to encrypt or decrypt
+        decryptedData.mutableBytes,    // Result is written here
+        decryptedData.length,          // The size of the dataOut buffer in bytes
+        &copiedBytes                   // On successful return, the number of bytes written to dataOut.
+    );
+
     if(status != kCCSuccess) {
         ZMLogError(@"Error in decryption: %d", status);
         return nil;

wire-ios-utilities/Tests/Source/NSData+ZMSCryptoTests.swift

@@ -142,6 +142,20 @@ extension NSData_ZMSCryptoTests {
             generatedDataSet.insert(data)
         }
     }
+
+    func testThatItReturnsNilForInvalidPayload_plaintextIV() {
+
+        // given
+        let data = NSData()
+        let key = sampleKey
+
+        // when
+        let decryptedData = data.zmDecryptPrefixedPlainTextIV(withKey: key)
+
+        // then
+        XCTAssertNil(decryptedData)
+    }
+
 }
 
 // MARK: - Random data generation