Potentially Inconsistent Coordinate Slicing (#299)

* Replaced potentially unexpected accesses to coordinate slices with consistent ranges no matter if the raw representation is a root or a slice of data * Updated uses of `.suffix(from:)` with `.dropFirst()` to prevent issues with potential non-0 start indexes
apple · Nov 21, 2024 · a3b7196 · a3b7196
1 parent b6a32eb
commit a3b7196
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 14 deletions.
diff --git a/Sources/Crypto/HPKE/Ciphersuite/HPKE-AEAD.swift b/Sources/Crypto/HPKE/Ciphersuite/HPKE-AEAD.swift
@@ -82,9 +82,9 @@ extension HPKE {
         internal func seal<D: DataProtocol, AD: DataProtocol>(_ message: D, authenticating aad: AD, nonce: Data, using key: SymmetricKey) throws -> Data {
             switch self {
             case .chaChaPoly:
-                return try ChaChaPoly.seal(message, using: key, nonce: ChaChaPoly.Nonce(data: nonce), authenticating: aad).combined.suffix(from: nonce.count)
+                return try ChaChaPoly.seal(message, using: key, nonce: ChaChaPoly.Nonce(data: nonce), authenticating: aad).combined.dropFirst(nonce.count)
             default:
-                return try AES.GCM.seal(message, using: key, nonce: AES.GCM.Nonce(data: nonce), authenticating: aad).combined!.suffix(from: nonce.count)
+                return try AES.GCM.seal(message, using: key, nonce: AES.GCM.Nonce(data: nonce), authenticating: aad).combined!.dropFirst(nonce.count)
             }
         }
 

diff --git a/Sources/Crypto/Signatures/ECDSA.swift b/Sources/Crypto/Signatures/ECDSA.swift
@@ -66,7 +66,7 @@ extension P256.Signing {
             let combined = rawRepresentation
             assert(combined.count % 2 == 0)
             let half = combined.count / 2
-            return (combined.prefix(upTo: half), combined.suffix(from: half))
+            return (combined.prefix(half), combined.suffix(half))
         }
 
         /// Creates a P-256 digital signature from a Distinguished Encoding
@@ -115,8 +115,8 @@ extension P256.Signing {
             #else
             let raw = rawRepresentation
             let half = raw.count / 2
-            let r = Array(raw.prefix(upTo: half))[...]
-            let s = Array(raw.suffix(from: half))[...]
+            let r = Array(raw.prefix(half))[...]
+            let s = Array(raw.suffix(half))[...]
 
             let sig = ASN1.ECDSASignature(r: r, s: s)
             var serializer = ASN1.Serializer()
@@ -229,7 +229,7 @@ extension P384.Signing {
             let combined = rawRepresentation
             assert(combined.count % 2 == 0)
             let half = combined.count / 2
-            return (combined.prefix(upTo: half), combined.suffix(from: half))
+            return (combined.prefix(half), combined.suffix(half))
         }
 
         /// Creates a P-384 digital signature from a Distinguished Encoding
@@ -278,8 +278,8 @@ extension P384.Signing {
             #else
             let raw = rawRepresentation
             let half = raw.count / 2
-            let r = Array(raw.prefix(upTo: half))[...]
-            let s = Array(raw.suffix(from: half))[...]
+            let r = Array(raw.prefix(half))[...]
+            let s = Array(raw.suffix(half))[...]
 
             let sig = ASN1.ECDSASignature(r: r, s: s)
             var serializer = ASN1.Serializer()
@@ -392,7 +392,7 @@ extension P521.Signing {
             let combined = rawRepresentation
             assert(combined.count % 2 == 0)
             let half = combined.count / 2
-            return (combined.prefix(upTo: half), combined.suffix(from: half))
+            return (combined.prefix(half), combined.suffix(half))
         }
 
         /// Creates a P-521 digital signature from a Distinguished Encoding
@@ -441,8 +441,8 @@ extension P521.Signing {
             #else
             let raw = rawRepresentation
             let half = raw.count / 2
-            let r = Array(raw.prefix(upTo: half))[...]
-            let s = Array(raw.suffix(from: half))[...]
+            let r = Array(raw.prefix(half))[...]
+            let s = Array(raw.suffix(half))[...]
 
             let sig = ASN1.ECDSASignature(r: r, s: s)
             var serializer = ASN1.Serializer()

diff --git a/Sources/Crypto/Signatures/ECDSA.swift.gyb b/Sources/Crypto/Signatures/ECDSA.swift.gyb
@@ -76,7 +76,7 @@ extension ${CURVE}.Signing {
             let combined = rawRepresentation
             assert(combined.count % 2 == 0)
             let half = combined.count / 2
-            return (combined.prefix(upTo: half), combined.suffix(from: half))
+            return (combined.prefix(half), combined.suffix(half))
         }
 
         /// Creates a ${DISPLAY_CURVE} digital signature from a Distinguished Encoding
@@ -125,8 +125,8 @@ extension ${CURVE}.Signing {
             #else
             let raw = rawRepresentation
             let half = raw.count / 2
-            let r = Array(raw.prefix(upTo: half))[...]
-            let s = Array(raw.suffix(from: half))[...]
+            let r = Array(raw.prefix(half))[...]
+            let s = Array(raw.suffix(half))[...]
 
             let sig = ASN1.ECDSASignature(r: r, s: s)
             var serializer = ASN1.Serializer()