-
-
Notifications
You must be signed in to change notification settings - Fork 7.3k
node_crypto: Add support for AES-GCM modes #6317
Conversation
Thank you for contributing this pull request! Here are a few pointers to make sure your submission will be considered for inclusion. Commit KiNgMaR/node-1@bd44373656a78399f9461b0ac5624bb9a1bc1835 has the following error(s):
You can fix all these things without opening another issue. Please see CONTRIBUTING.md for more information |
It's ok if it's documented and second update() call throws with a good error message. It's odd though that seemingly stream cipher don't support streaming. can't say anything about the rest of PR due to lack of knowledge |
src/node_crypto.cc
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Allocate the buffer first and copy the tag data directly into it? Saves an allocation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also note that Buffer
uses malloc
, so to make valgrind happy you'll want to free()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, wait. Use:
Local<Object> buf = Buffer::Use(env, out, out_len);
args.GetReturnValue().Set(buf);
Unless there's some reason you can't hand over control of the memory to Buffer
.
Calling @indutny. |
src/node_crypto.cc
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just had a lint rule put in for this. split it to two lines.
Hey everyone, I changed the things you commented on - except for the Will add documentation update in the next few days. |
👍 for this issue. |
👍 |
src/node_crypto.cc
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No reason to return here. No logic following the if()
. Also, remove the brackets. It's a one liner and you're not using them above.
👍 for this issue. |
Rebased, updated, tested -- let me know if there's something else. |
doc/api/crypto.markdown
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
final
method.
Small style nits, otherwise LGTM. |
Sorry about the delay, nits fixed up :-) |
This adds two new member functions getAuthTag and setAuthTag that are useful for AES-GCM encryption modes. Use getAuthTag after Cipheriv.final, transmit the tag along with the data and use Decipheriv.setAuthTag to have the encrypted data verified.
Thank you, landed in e0d31ea |
This adds support for the authenticated encryption mode GCM to node-crypto.
Before: using aes-128-gcm, aes-192-gcm aes-256-gcm with
createCipheriv
would work, however decryption withcreateDecipheriv
would always throw infinal
.With patch: aforementioned modes are now supported. Users have to use
buf = getAuthTag()
afterFinal
, transmit the tag with the ciphertext, then usesetAuthTag(buf)
when decrypting. If the data has been tampered with or if no tag is provided during decryption,final
will throw.The exception thrown from
final
is currently generic. I can make it more verbose/clear if wanted.Limitations: it's not possible to add any AAD (additional authenticated data) into the mix (or verify it). This could be achieved by adding another method to
Cipheriv
, e.g.setAdditionalAuthenticatedData(buf)
.Other AEAD modes: The AES-CCM mode cannot be used with the current API because it does not support streaming (the total length of the plain / cipher text has to be known when the first
update
call is made). Unless limiting users to 1 call ofupdate
was ok, of course.Composite ciphers such as AES-128-CBC-HMAC-SHA1 use a different OpenSSL API, which is rather poorly documented (and only used in OpenSSL's TLS implementation as far as I can tell), so supporting these is not currently in scope of this pull request either.
Thanks for considering.