CodeQL documentation
CodeQL resources

Static initialization vector for encryption

ID: swift/static-initialization-vector Kind: path-problem Security severity: 7.5 Severity: error Precision: high Tags: - security - external/cwe/cwe-329 - external/cwe/cwe-1204 Query suites: - swift-code-scanning.qls - swift-security-extended.qls - swift-security-and-quality.qls

Click to see the query in the CodeQL repository

When a cipher is used in certain modes (such as CBC or GCM), it requires an initialization vector (IV). Under the same secret key, IVs should be unique and ideally unpredictable. If the same IV is used with the same secret key, then the same plaintext results in the same ciphertext. This behavior may enable an attacker to learn if the same data pieces are transferred or stored, or help the attacker run a dictionary attack.

In particular, if the IV is hardcoded or constant, an attacker may just look up potential keys in a dictionary, then concatenate those with the hardcoded or constant IV rather than trying to discover the entire encryption key.

Recommendation

Use a randomly generated IV.

Example

The following example shows a few cases of instantiating a cipher with various encryption keys. In the ‘BAD’ cases, the IV is hardcoded or constant, making the encrypted data vulnerable to recovery. In the ‘GOOD’ cases, the IV is randomly generated and not hardcoded, which protects the encrypted data against recovery.

funcencrypt(padding:Padding){// ...// BAD: Using static IVs for encryptionletiv:Array<UInt8>=[0x2a,0x3a,0x80,0x05]letivString="this is a constant string"letkey=getRandomKey()_=tryAES(key:key,iv:ivString)_=tryCBC(iv:iv)// GOOD: Using randomly generated IVs for encryptionletiv=(0..<10).map({_inUInt8.random(in:0...UInt8.max)})letivString=String(cString:iv)letkey=getRandomKey())_=tryAES(key:key,iv:ivString)_=tryCBC(iv:iv)// ...}

References

close