Add a warning about Decrypt() being used as a padding oracle.

R=agl@chromium.org,rsleevi@chromium.org BUG=124434 TEST=none Review URL: https://chromiumcodereview.appspot.com/10216004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@133822 0039d316-1c4b-4281-b951-d872f2087c98

Add a warning about Decrypt() being used as a padding oracle.
R=agl@chromium.org,rsleevi@chromium.org BUG=124434 TEST=none Review URL: https://chromiumcodereview.appspot.com/10216004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@133822 0039d316-1c4b-4281-b951-d872f2087c98
ef067746 · wtc@chromium.org · 488d87a6 · ef067746
Commit ef067746 authored Apr 25, 2012 by wtc@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 1 deletion

crypto/encryptor.h crypto/encryptor.h +9 -1

No files found.
--- a/crypto/encryptor.h
+++ b/crypto/encryptor.h
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

@@ -70,6 +70,14 @@ class CRYPTO_EXPORT Encryptor {
  bool Encrypt(const base::StringPiece& plaintext, std::string* ciphertext);

  // Decrypts |ciphertext| into |plaintext|.  |ciphertext| must not be empty.
+  //
+  // WARNING: In CBC mode, Decrypt() returns false if it detects the padding
+  // in the decrypted plaintext is wrong. Padding errors can result from
+  // tampered ciphertext or a wrong decryption key. But successful decryption
+  // does not imply the authenticity of the data. The caller of Decrypt()
+  // must either authenticate the ciphertext before decrypting it, or take
+  // care to not report decryption failure. Otherwise it could inadvertently
+  // be used as a padding oracle to attack the cryptosystem.
  bool Decrypt(const base::StringPiece& ciphertext, std::string* plaintext);

  // Sets the counter value when in CTR mode. Currently only 128-bits