Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2025-06-09 07:36:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix GCM under node.js

Browse Source
This commit is contained in:
Tankred Hase 2016-03-23 13:20:42 +08:00
parent 8f8218e9de
commit 7fabe02e03
2 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/crypto/gcm.js
View File

@ -29,12 +29,13 @@ const webCrypto = util.getWebCrypto();
const nodeCrypto = util.getNodeCrypto(); const nodeCrypto = util.getNodeCrypto();
const Buffer = util.getNodeBuffer(); const Buffer = util.getNodeBuffer();
export const ivLength = 12; export const ivLength = 12; // size of the IV in bytes
const TAG_LEN = 16; // size of the tag in bytes
const ALGO = 'AES-GCM'; const ALGO = 'AES-GCM';
/** /**
* Encrypt plaintext input. * Encrypt plaintext input.
* @param {String} cipher The symmetric cipher algorithm to use * @param {String} cipher The symmetric cipher algorithm to use e.g. 'aes128'
* @param {Uint8Array} plaintext The cleartext input to be encrypted * @param {Uint8Array} plaintext The cleartext input to be encrypted
* @param {Uint8Array} key The encryption key * @param {Uint8Array} key The encryption key
* @param {Uint8Array} iv The initialization vector (12 bytes) * @param {Uint8Array} iv The initialization vector (12 bytes)
@ -45,16 +46,16 @@ export function encrypt(cipher, plaintext, key, iv) {
return Promise.reject(new Error('GCM mode supports only AES cipher')); return Promise.reject(new Error('GCM mode supports only AES cipher'));
} }
const keySize = cipher.substr(3,3); const keySize = key.length * 8;
if (webCrypto && config.useNative && keySize !== '192') { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support if (webCrypto && config.useNative && keySize !== 192) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support
return webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt']) return webCrypto.importKey('raw', key, { name: ALGO }, false, ['encrypt'])
.then(keyObj => webCrypto.encrypt({ name: ALGO, iv }, keyObj, plaintext)) .then(keyObj => webCrypto.encrypt({ name: ALGO, iv }, keyObj, plaintext))
.then(ciphertext => new Uint8Array(ciphertext)); .then(ciphertext => new Uint8Array(ciphertext));
} else if (nodeCrypto && config.useNative) { // Node crypto library } else if (nodeCrypto && config.useNative) { // Node crypto library
const en = new nodeCrypto.createCipheriv('aes-' + keySize + '-gcm', new Buffer(key), new Buffer(iv)); const en = new nodeCrypto.createCipheriv('aes-' + keySize + '-gcm', new Buffer(key.buffer), new Buffer(iv.buffer));
const encrypted = Buffer.concat([en.update(new Buffer(plaintext)), en.final()]); const encrypted = Buffer.concat([en.update(new Buffer(plaintext.buffer)), en.final()]);
return Promise.resolve(new Uint8Array(encrypted)); return Promise.resolve(new Uint8Array(Buffer.concat([encrypted, en.getAuthTag()])));
} else { // asm.js fallback } else { // asm.js fallback
return Promise.resolve(asmCrypto.AES_GCM.encrypt(plaintext, key, iv)); return Promise.resolve(asmCrypto.AES_GCM.encrypt(plaintext, key, iv));
@ -63,7 +64,7 @@ export function encrypt(cipher, plaintext, key, iv) {
/** /**
* Decrypt ciphertext input * Decrypt ciphertext input
* @param {String} cipher The symmetric cipher algorithm to use * @param {String} cipher The symmetric cipher algorithm to use e.g. 'aes128'
* @param {Uint8Array} ciphertext The ciphertext input to be decrypted * @param {Uint8Array} ciphertext The ciphertext input to be decrypted
* @param {Uint8Array} key The encryption key * @param {Uint8Array} key The encryption key
* @param {Uint8Array} iv The initialization vector (12 bytes) * @param {Uint8Array} iv The initialization vector (12 bytes)
@ -74,16 +75,18 @@ export function decrypt(cipher, ciphertext, key, iv) {
return Promise.reject(new Error('GCM mode supports only AES cipher')); return Promise.reject(new Error('GCM mode supports only AES cipher'));
} }
const keySize = cipher.substr(3,3); const keySize = key.length * 8;
if (webCrypto && config.useNative && keySize !== '192') { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support if (webCrypto && config.useNative && keySize !== 192) { // WebCrypto (no 192 bit support) see: https://www.chromium.org/blink/webcrypto#TOC-AES-support
return webCrypto.importKey('raw', key, { name: ALGO }, false, ['decrypt']) return webCrypto.importKey('raw', key, { name: ALGO }, false, ['decrypt'])
.then(keyObj => webCrypto.decrypt({ name: ALGO, iv }, keyObj, ciphertext)) .then(keyObj => webCrypto.decrypt({ name: ALGO, iv }, keyObj, ciphertext))
.then(plaintext => new Uint8Array(plaintext)); .then(plaintext => new Uint8Array(plaintext));
} else if (nodeCrypto && config.useNative) { // Node crypto library } else if (nodeCrypto && config.useNative) { // Node crypto library
let de = new nodeCrypto.createDecipheriv('aes-' + keySize + '-gcm', new Buffer(key), new Buffer(iv)); const ctBuf = new Buffer(ciphertext.buffer);
let decrypted = Buffer.concat([de.update(new Buffer(ciphertext)), de.final()]); const de = new nodeCrypto.createDecipheriv('aes-' + keySize + '-gcm', new Buffer(key.buffer), new Buffer(iv.buffer));
return Promise.resolve(new Uint8Array(decrypted)); de.setAuthTag(ctBuf.slice(ctBuf.length - TAG_LEN, ctBuf.length));
const encrypted = ctBuf.slice(0, ctBuf.length - TAG_LEN);
return Promise.resolve(new Uint8Array(Buffer.concat([de.update(encrypted), de.final()])));
} else { // asm.js fallback } else { // asm.js fallback
return Promise.resolve(asmCrypto.AES_GCM.decrypt(ciphertext, key, iv)); return Promise.resolve(asmCrypto.AES_GCM.decrypt(ciphertext, key, iv));

2
test/crypto/crypto.js
View File

@ -1,6 +1,6 @@
'use strict'; 'use strict';
var openpgp = typeof window != 'undefined' && window.openpgp ? window.openpgp : require('../../dist/openpgp'); var openpgp = typeof window !== 'undefined' && window.openpgp ? window.openpgp : require('../../dist/openpgp');
var chai = require('chai'), var chai = require('chai'),
expect = chai.expect; expect = chai.expect;