Fixed argument checks and updated tests accordingly

2024-09-20 08:40:50 +00:00 · 2020-10-17 19:48:22 +03:00 · 2020-10-17 19:48:22 +03:00 · f0d5ade1c1
commit f0d5ade1c1
parent ac670d6868
2 changed files with 20 additions and 5 deletions
--- a/src/Functions/FunctionsAES.h
+++ b/src/Functions/FunctionsAES.h
@ -315,15 +315,14 @@ private:

            if constexpr (mode != CipherMode::MySQLCompatibility)
            {
-                // in GCM mode IV can be of arbitrary size (>0).
-                if ((mode == CipherMode::RFC5116_AEAD_AES_GCM && iv_value.size == 0)
-                    || (mode != CipherMode::RFC5116_AEAD_AES_GCM && iv_value.size != iv_size))
+                // in GCM mode IV can be of arbitrary size (>0), IV is optional for other modes.
+                if (mode == CipherMode::RFC5116_AEAD_AES_GCM && iv_value.size == 0)
                {
                    throw Exception("Invalid IV size " + std::to_string(iv_value.size) + " != expected size " + std::to_string(iv_size),
                            DB::ErrorCodes::BAD_ARGUMENTS);
                }

-                if (key_value.size != key_size)
+                if (mode != CipherMode::RFC5116_AEAD_AES_GCM && key_value.size != key_size)
                {
                    throw Exception("Invalid key size " + std::to_string(key_value.size) + " != expected size " + std::to_string(key_size),
                            DB::ErrorCodes::BAD_ARGUMENTS);
@ -591,6 +590,22 @@ private:
                input_value.size -= tag_size;
            }

+            if constexpr (mode != CipherMode::MySQLCompatibility)
+            {
+                // in GCM mode IV can be of arbitrary size (>0), for other modes IV is optional.
+                if (mode == CipherMode::RFC5116_AEAD_AES_GCM && iv_value.size == 0)
+                {
+                    throw Exception("Invalid IV size " + std::to_string(iv_value.size) + " != expected size " + std::to_string(iv_size),
+                            DB::ErrorCodes::BAD_ARGUMENTS);
+                }
+
+                if (key_value.size != key_size)
+                {
+                    throw Exception("Invalid key size " + std::to_string(key_value.size) + " != expected size " + std::to_string(key_size),
+                            DB::ErrorCodes::BAD_ARGUMENTS);
+                }
+            }
+
            // Avoid extra work on empty ciphertext/plaintext for some ciphers
            if (!(input_value.size == 0 && block_size == 1 && mode != CipherMode::RFC5116_AEAD_AES_GCM))
            {
--- a/tests/testflows/aes_encryption/tests/decrypt.py
+++ b/tests/testflows/aes_encryption/tests/decrypt.py
@ -276,7 +276,7 @@ def invalid_key_or_iv_length_for_gcm(self, mode, key_len, iv_len, aad):
    else:
        with When("iv is not specified"):
            ciphertext = "unhex('1CD4EC93A4B0C687926E8F8C2AA3B4CE1943D006DAE3A774CB1AE5')"
-            decrypt(ciphertext=ciphertext, key=f"'{key[:key_len]}'", mode=mode, exitcode=198, message="DB::Exception: Failed to set custom IV length to 0")
+            decrypt(ciphertext=ciphertext, key=f"'{key[:key_len]}'", mode=mode, exitcode=36, message="DB::Exception: Invalid IV size 0 != expected size 12")

@TestScenario
@Requirements(