bc-csharp icon indicating copy to clipboard operation
bc-csharp copied to clipboard
verified publisher icon bcgit

TwofishEngine silently accepts keys of wrong size

Open willnix opened this issue 4 years ago • 1 comments

The TwofishEngine's Init function only fails with "Key size larger than 256 bits" if the supplied key is larger than 312 bit. I believe this is because the following line performs an integer division by 8 and the result (k64Cnt) passes the check in line 343 as long as the dived key length (workingKey.Length) is not greater 39:

https://github.com/bcgit/bc-csharp/blob/93b32a75656955faf7996d0f3e0ed391968d2ac6/crypto/src/crypto/engines/TwofishEngine.cs#L275

https://github.com/bcgit/bc-csharp/blob/93b32a75656955faf7996d0f3e0ed391968d2ac6/crypto/src/crypto/engines/TwofishEngine.cs#L343

It looks to me like the surplus bits will silently be discarded as a result of the Twofish key schedule. I don't see any attacks resulting from this behavior, but its definitely misleading.

willnix avatar Jun 25 '21 14:06 willnix

Thanks for the report. I've committed a fix that strictly checks for 128/192/256 bit keys. Perhaps the original author had in mind to automatically zero-pad keys up to the next key size, but in any case the code doesn't support that.

peterdettman avatar Jun 25 '21 16:06 peterdettman