1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const assert = require('assert');
const crypto = require('crypto');
function testCipher1(key, iv) {
// Test encryption and decryption with explicit key and iv
const plaintext =
'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw' +
'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ' +
'jAfaFg**';
const cipher = crypto.createCipheriv('des-ede3-cbc', key, iv);
let ciph = cipher.update(plaintext, 'utf8', 'hex');
ciph += cipher.final('hex');
const decipher = crypto.createDecipheriv('des-ede3-cbc', key, iv);
let txt = decipher.update(ciph, 'hex', 'utf8');
txt += decipher.final('utf8');
assert.strictEqual(txt, plaintext,
`encryption/decryption with key ${key} and iv ${iv}`);
// Streaming cipher interface
// NB: In real life, it's not guaranteed that you can get all of it
// in a single read() like this. But in this case, we know it's
// quite small, so there's no harm.
const cStream = crypto.createCipheriv('des-ede3-cbc', key, iv);
cStream.end(plaintext);
ciph = cStream.read();
const dStream = crypto.createDecipheriv('des-ede3-cbc', key, iv);
dStream.end(ciph);
txt = dStream.read().toString('utf8');
assert.strictEqual(txt, plaintext,
`streaming cipher with key ${key} and iv ${iv}`);
}
function testCipher2(key, iv) {
// Test encryption and decryption with explicit key and iv
const plaintext =
'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw' +
'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ' +
'jAfaFg**';
const cipher = crypto.createCipheriv('des-ede3-cbc', key, iv);
let ciph = cipher.update(plaintext, 'utf8', 'buffer');
ciph = Buffer.concat([ciph, cipher.final('buffer')]);
const decipher = crypto.createDecipheriv('des-ede3-cbc', key, iv);
let txt = decipher.update(ciph, 'buffer', 'utf8');
txt += decipher.final('utf8');
assert.strictEqual(txt, plaintext,
`encryption/decryption with key ${key} and iv ${iv}`);
}
function testCipher3(key, iv) {
// Test encryption and decryption with explicit key and iv.
// AES Key Wrap test vector comes from RFC3394
const plaintext = Buffer.from('00112233445566778899AABBCCDDEEFF', 'hex');
const cipher = crypto.createCipheriv('id-aes128-wrap', key, iv);
let ciph = cipher.update(plaintext, 'utf8', 'buffer');
ciph = Buffer.concat([ciph, cipher.final('buffer')]);
const ciph2 = Buffer.from('1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5',
'hex');
assert(ciph.equals(ciph2));
const decipher = crypto.createDecipheriv('id-aes128-wrap', key, iv);
let deciph = decipher.update(ciph, 'buffer');
deciph = Buffer.concat([deciph, decipher.final()]);
assert(deciph.equals(plaintext),
`encryption/decryption with key ${key} and iv ${iv}`);
}
{
const Cipheriv = crypto.Cipheriv;
const key = '123456789012345678901234';
const iv = '12345678';
const instance = Cipheriv('des-ede3-cbc', key, iv);
assert(instance instanceof Cipheriv, 'Cipheriv is expected to return a new ' +
'instance when called without `new`');
common.expectsError(
() => crypto.createCipheriv(null),
{
code: 'ERR_INVALID_ARG_TYPE',
type: TypeError,
message: 'The "cipher" argument must be of type string. ' +
'Received type object'
});
common.expectsError(
() => crypto.createCipheriv('des-ede3-cbc', null),
{
code: 'ERR_INVALID_ARG_TYPE',
type: TypeError,
message: 'The "key" argument must be one of type Buffer, TypedArray, ' +
'DataView, string, or KeyObject. Received type object'
});
common.expectsError(
() => crypto.createCipheriv('des-ede3-cbc', key, 10),
{
code: 'ERR_INVALID_ARG_TYPE',
type: TypeError,
message: 'The "iv" argument must be one of type string, Buffer, ' +
'TypedArray, or DataView. Received type number'
});
}
{
const Decipheriv = crypto.Decipheriv;
const key = '123456789012345678901234';
const iv = '12345678';
const instance = Decipheriv('des-ede3-cbc', key, iv);
assert(instance instanceof Decipheriv, 'Decipheriv expected to return a new' +
' instance when called without `new`');
common.expectsError(
() => crypto.createDecipheriv(null),
{
code: 'ERR_INVALID_ARG_TYPE',
type: TypeError,
message: 'The "cipher" argument must be of type string. ' +
'Received type object'
});
common.expectsError(
() => crypto.createDecipheriv('des-ede3-cbc', null),
{
code: 'ERR_INVALID_ARG_TYPE',
type: TypeError,
message: 'The "key" argument must be one of type Buffer, TypedArray, ' +
'DataView, string, or KeyObject. Received type object'
});
common.expectsError(
() => crypto.createDecipheriv('des-ede3-cbc', key, 10),
{
code: 'ERR_INVALID_ARG_TYPE',
type: TypeError,
message: 'The "iv" argument must be one of type string, Buffer, ' +
'TypedArray, or DataView. Received type number'
});
}
testCipher1('0123456789abcd0123456789', '12345678');
testCipher1('0123456789abcd0123456789', Buffer.from('12345678'));
testCipher1(Buffer.from('0123456789abcd0123456789'), '12345678');
testCipher1(Buffer.from('0123456789abcd0123456789'), Buffer.from('12345678'));
testCipher2(Buffer.from('0123456789abcd0123456789'), Buffer.from('12345678'));
if (!common.hasFipsCrypto) {
testCipher3(Buffer.from('000102030405060708090A0B0C0D0E0F', 'hex'),
Buffer.from('A6A6A6A6A6A6A6A6', 'hex'));
}
// Zero-sized IV or null should be accepted in ECB mode.
crypto.createCipheriv('aes-128-ecb', Buffer.alloc(16), Buffer.alloc(0));
crypto.createCipheriv('aes-128-ecb', Buffer.alloc(16), null);
const errMessage = /Invalid IV length/;
// But non-empty IVs should be rejected.
for (let n = 1; n < 256; n += 1) {
assert.throws(
() => crypto.createCipheriv('aes-128-ecb', Buffer.alloc(16),
Buffer.alloc(n)),
errMessage);
}
// Correctly sized IV should be accepted in CBC mode.
crypto.createCipheriv('aes-128-cbc', Buffer.alloc(16), Buffer.alloc(16));
// But all other IV lengths should be rejected.
for (let n = 0; n < 256; n += 1) {
if (n === 16) continue;
assert.throws(
() => crypto.createCipheriv('aes-128-cbc', Buffer.alloc(16),
Buffer.alloc(n)),
errMessage);
}
// And so should null be.
assert.throws(() => {
crypto.createCipheriv('aes-128-cbc', Buffer.alloc(16), null);
}, /Missing IV for cipher aes-128-cbc/);
// Zero-sized IV should be rejected in GCM mode.
assert.throws(
() => crypto.createCipheriv('aes-128-gcm', Buffer.alloc(16),
Buffer.alloc(0)),
errMessage);
// But all other IV lengths should be accepted.
for (let n = 1; n < 256; n += 1) {
if (common.hasFipsCrypto && n < 12) continue;
crypto.createCipheriv('aes-128-gcm', Buffer.alloc(16), Buffer.alloc(n));
}
{
// Passing an invalid cipher name should throw.
assert.throws(
() => crypto.createCipheriv('aes-127', Buffer.alloc(16), null),
/Unknown cipher/);
// Passing a key with an invalid length should throw.
assert.throws(
() => crypto.createCipheriv('aes-128-ecb', Buffer.alloc(17), null),
/Invalid key length/);
}
|
