I'm working with the Microsoft Authentication Library for iOS. It is being flagged by a Microfocus Fortify scan for the following vulnerability. I need to understand two things:
- What encryption mode is this using with AES 128 (CBC, ECB, GCM, etc) ?
- How and where is the Initialized Vector (key) being generated? If it's null in this case, I saw another post discussing the NULL key scenario for CCCrypt
The function msidAES128DecryptedDataWithKey:keySize:() in NSData+AES.m uses a cryptographic encryption algorithm with an insecure mode of operation on line 48.
The mode of operation of a block cipher is an algorithm that describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block. Some modes of operation include Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Counter (CTR).
ECB mode is inherently weak, as it produces the same ciphertext for identical blocks of plain text. CBC mode is vulnerable to padding oracle attacks. CTR mode is the superior choice because it does not have these weaknesses.
Avoid using ECB and CBC modes of operation when encrypting data larger than a block. CBC mode is somewhat inefficient and poses a serious risk if used with SSL 1. Instead, use CCM (Counter with CBC-MAC) mode or, if performance is a concern, GCM (Galois/Counter Mode) mode where they are available.
CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
key, keySize,
NULL /* initialization vector (optional) */,
[self bytes], dataLength, /* input */
buffer, bufferSize, /* output */
&numBytesDecrypted);
Example Solution - The following code uses the AES cipher with CTR mode:
ccStatus = CCCryptorCreateWithMode( kCCEncrypt,
kCCModeCTR, // Uses CTR mode
kCCOptionPKCS7Padding,
ccPKCS7Padding,
iv,
key,
kCCKeySizeAES128,
tweak,
kCCKeySizeAES128,
0,
0,
&cryptor);
CVE 2014-3566, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
