diff options
author | Tobias Nießen <tniessen@tnie.de> | 2018-09-13 00:48:35 +0200 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2018-09-18 12:55:07 +0200 |
commit | a9e7369b117f857f24ed67ece1f212b4b605c584 (patch) | |
tree | ddab0a1f53b55061f28665e57565b83784cb7b65 /test | |
parent | 47a0d041d1f8b53a0cb6a9188b15557241d5fd45 (diff) | |
download | android-node-v8-a9e7369b117f857f24ed67ece1f212b4b605c584.tar.gz android-node-v8-a9e7369b117f857f24ed67ece1f212b4b605c584.tar.bz2 android-node-v8-a9e7369b117f857f24ed67ece1f212b4b605c584.zip |
crypto: fix edge case in authenticated encryption
Restricting the authentication tag length and calling update or
setAAD before setAuthTag caused an incorrect authentication tag to
be passed to OpenSSL: The auth_tag_len_ field was already set, so
the implementation assumed that the tag itself was known as well.
PR-URL: https://github.com/nodejs/node/pull/22828
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/parallel/test-crypto-authenticated.js | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js index a2f5e9cdd8..77587fadf7 100644 --- a/test/parallel/test-crypto-authenticated.js +++ b/test/parallel/test-crypto-authenticated.js @@ -557,27 +557,35 @@ for (const test of TEST_CASES) { } // Test that the authentication tag can be set at any point before calling -// final() in GCM mode. +// final() in GCM or OCB mode. { const plain = Buffer.from('Hello world', 'utf8'); const key = Buffer.from('0123456789abcdef', 'utf8'); const iv = Buffer.from('0123456789ab', 'utf8'); - const cipher = crypto.createCipheriv('aes-128-gcm', key, iv); - const ciphertext = Buffer.concat([cipher.update(plain), cipher.final()]); - const authTag = cipher.getAuthTag(); - - for (const authTagBeforeUpdate of [true, false]) { - const decipher = crypto.createDecipheriv('aes-128-gcm', key, iv); - if (authTagBeforeUpdate) { - decipher.setAuthTag(authTag); - } - const resultUpdate = decipher.update(ciphertext); - if (!authTagBeforeUpdate) { - decipher.setAuthTag(authTag); + for (const mode of ['gcm', 'ocb']) { + for (const authTagLength of mode === 'gcm' ? [undefined, 8] : [8]) { + const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, { + authTagLength + }); + const ciphertext = Buffer.concat([cipher.update(plain), cipher.final()]); + const authTag = cipher.getAuthTag(); + + for (const authTagBeforeUpdate of [true, false]) { + const decipher = crypto.createDecipheriv(`aes-128-${mode}`, key, iv, { + authTagLength + }); + if (authTagBeforeUpdate) { + decipher.setAuthTag(authTag); + } + const resultUpdate = decipher.update(ciphertext); + if (!authTagBeforeUpdate) { + decipher.setAuthTag(authTag); + } + const resultFinal = decipher.final(); + const result = Buffer.concat([resultUpdate, resultFinal]); + assert(result.equals(plain)); + } } - const resultFinal = decipher.final(); - const result = Buffer.concat([resultUpdate, resultFinal]); - assert(result.equals(plain)); } } |