Added length check to Triple DES IVs

2026-01-04 01:23:18 +00:00 · 2019-10-16 15:50:37 +01:00
parent 011dc09d5e
commit be365f66ef
5 changed files with 18 additions and 4 deletions
--- a/src/core/operations/TripleDESEncrypt.mjs
+++ b/src/core/operations/TripleDESEncrypt.mjs
@@ -75,6 +75,12 @@ class TripleDESEncrypt extends Operation {
 Triple DES uses a key length of 24 bytes (192 bits).
 DES uses a key length of 8 bytes (64 bits).`);
        }
+        if (iv.length !== 8) {
+            throw new OperationError(`Invalid IV length: ${iv.length} bytes
+
+Triple DES uses an IV length of 8 bytes (64 bits).
+Make sure you have specified the type correctly (e.g. Hex vs UTF8).`);
+        }

        input = Utils.convertToByteString(input, inputType);