SVSim/SVSimServer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(battle-node): NodeCrypto.GenerateKey masks rand source with & 0xF

Browse Source
This commit is contained in:
gamer147
2026-06-01 11:35:53 -04:00
parent e4fbb155e4
commit 34c4ca0237
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
SVSim.BattleNode/Wire/NodeCrypto.cs
View File

@@ -12,9 +12,10 @@ public static class NodeCrypto
{
/// <summary>
/// Generate a fresh 32-char key for server-initiated encryption.
/// Calls <paramref name="randHexDigit"/> 32 times expecting a value in [0,15],
/// formats each as a single hex char, then base64-encodes the resulting 32-char ASCII
/// string and truncates to 32 chars.
/// Calls <paramref name="randHexDigit"/> 32 times; the result is masked with
/// <c>&amp; 0xF</c> so a misbehaving caller that returns a larger int still produces
/// exactly one hex digit per iteration (the internal contract is "32 hex chars").
/// The 32-char ASCII string is then base64-encoded and truncated to 32 chars.
/// </summary>
/// <remarks>
/// Differs from the client's <c>Cryptographer.generateKeyString</c> in input shape:
@@ -29,7 +30,7 @@ public static class NodeCrypto
var sb = new StringBuilder(32);
for (var i = 0; i < 32; i++)
{
sb.Append(randHexDigit().ToString("x"));
sb.Append((randHexDigit() & 0xF).ToString("x"));
}
var ascii = Encoding.ASCII.GetBytes(sb.ToString());
return Convert.ToBase64String(ascii).Substring(0, 32);

15
SVSim.UnitTests/BattleNode/Wire/NodeCryptoTests.cs
View File

@@ -42,6 +42,21 @@ public class NodeCryptoTests
Assert.Throws<ArgumentException>(() => NodeCrypto.DecryptForNode("tooshort"));
}
[Test]
public void GenerateKey_RandSourceReturnsOutOfRange_MasksToLowFourBits()
{
// Defensive: misbehaving caller returns 31 (binary 11111). Internal contract is
// "each call produces one hex digit"; without masking, 31 widens to "1f" (two
// chars) which throws off the base64 length math. After masking with & 0xF,
// 31 becomes 15 — one hex digit "f". This pair distinguishes because
// base64-of-repeated-"1f" and base64-of-repeated-"f" differ at every position.
var keyFromThirtyOne = NodeCrypto.GenerateKey(() => 31);
var keyFromFifteen = NodeCrypto.GenerateKey(() => 15);
Assert.That(keyFromThirtyOne, Is.EqualTo(keyFromFifteen),
"31 & 0xF == 15 — GenerateKey must mask out-of-range bits, not let them widen the hex digit.");
}
[Test]
public void EncryptForNode_FixedVector_ProducesStableOutput()
{