Skip to content

Harden decryption error handling and mask secrets in logs#476

Merged
jguz-pubnub merged 6 commits into
masterfrom
objective-c-sec-fixes
Jul 8, 2026
Merged

Harden decryption error handling and mask secrets in logs#476
jguz-pubnub merged 6 commits into
masterfrom
objective-c-sec-fixes

Conversation

@jguz-pubnub

@jguz-pubnub jguz-pubnub commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

fix: return one generic decryption error from cryptors instead of a specific message

The cryptor wrapper now returns a single generic error on any decryption failure instead of surfacing whether it was caused by bad padding, wrong length or other reasons.

fix: check CCCryptorFinal status so bad-padding failures aren't treated as success

Validate the CCCryptorFinal status, where PKCS7 padding is checked, to avoid bad-padding failures being silently treated as successful decryptions.

fix: mask cipher key and auth key in debug descriptions instead of logging their values

PNAESCBCCryptor and PNConfiguration no longer expose the cipher key or auth key in dictionaryRepresentation; both are masked.

Return a single generic error for all decryption failures so they are
indistinguishable, closing an AES-CBC + PKCS7 padding-oracle side
channel. Check CCCryptorFinal status so bad-padding failures are no
longer silently treated as success. Mask cipher key and auth key in
dictionaryRepresentation instead of logging their values.
@pubnub-ops-terraform

pubnub-ops-terraform commented Jun 29, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@jguz-pubnub jguz-pubnub changed the title fix(crypto): mitigate padding oracle and mask secrets in logs Mitigate padding oracle and mask secrets in logs Jun 29, 2026
Restore the original descriptive errors on the length/emptiness guards in
PNAESCBCCryptor: they fire before any cipher operation on attacker-known
input lengths, so they're not a padding-oracle bit and aid integrator
debugging. The padding-oracle mitigation stays in PNCCCryptorWrapper.
@jguz-pubnub jguz-pubnub changed the title Mitigate padding oracle and mask secrets in logs Harden decryption error handling and mask secrets in logs Jun 29, 2026
@jguz-pubnub jguz-pubnub marked this pull request as ready for review July 6, 2026 08:38
@jguz-pubnub jguz-pubnub requested a review from parfeon as a code owner July 6, 2026 08:38
… it in userInfo

The generic decryption error no longer carries the raw CCCryptorStatus under a
userInfo key, so callers can't recover the padding-oracle bit the generic error
is meant to hide. Removes the now-unused public PNCryptorUnderlyingStatusKey.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

@parfeon parfeon left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we had any final agreement that on user's debug session (when debug log level has been set on purpose) we still need to hide this information (at least auth can stay as is)?
Also I've hidden cipher that way, so it will be possible for user to figure out which cipher key he used, so he will be able to assist later during debug.

Comment on lines +186 to +191
// Decryption failures must not be distinguishable from one another: surfacing whether a
// failure was caused by bad padding vs. wrong length vs. other reasons gives an attacker a
// padding-oracle bit (AES-CBC + PKCS7). All decrypt failures return one identical generic
// error with the underlying CommonCrypto status discarded.
if (operation != kCCEncrypt) return [self genericDecryptionError];

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

who is attacker? Application developer?
Oracle attack makes sense if attacker has a ciphertext and then tries to craft secret which will let him access encrypted data. They only one who will be able to do it inside of compiled application - app developer.

Comment thread PubNub/Modules/Crypto/PNCryptoModule.m Outdated
code:PNCryptorErrorDecryption
userInfo:@{ NSLocalizedDescriptionKey: @"Unable to encrypt empty data." }];
return [PNResult resultWithData:nil error:error];
return [PNResult resultWithData:nil error:[PNCCCryptorWrapper genericDecryptionError]];

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, there were copy & paste issue and description key should contain message that empty data can't be decrypted - why we want to make it generic without giving any info (in this case there is nothing for the attacker at all)?

Comment thread PubNub/Modules/Crypto/PNCryptoModule.m Outdated
code:PNCryptorErrorDecryption
userInfo:@{ NSLocalizedDescriptionKey: @"Unable to encrypt empty data." }];
return [PNResult resultWithData:nil error:error];
return [PNResult resultWithData:nil error:[PNCCCryptorWrapper genericDecryptionError]];

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, there were copy & paste issue and description key should contain message that empty data can't be decrypted - why we want to make it generic without giving any info (in this case there is nothing for the attacker at all)?

Comment thread PubNub/Data/PNConfiguration.m Outdated
@jguz-pubnub jguz-pubnub force-pushed the objective-c-sec-fixes branch from c18d47c to 5083c28 Compare July 7, 2026 08:12
@parfeon parfeon self-requested a review July 7, 2026 15:25

@parfeon parfeon left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jguz-pubnub

Copy link
Copy Markdown
Contributor Author

@pubnub-release-bot release

@jguz-pubnub jguz-pubnub merged commit d23063a into master Jul 8, 2026
10 checks passed
@jguz-pubnub jguz-pubnub deleted the objective-c-sec-fixes branch July 8, 2026 13:13
@pubnub-release-bot

Copy link
Copy Markdown

🚀 Release successfully completed 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants