Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(v10.x backport) Backport 12 crypto commits #20706

Closed
wants to merge 12 commits into from
Closed

(v10.x backport) Backport 12 crypto commits #20706

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
40c014f
crypto: allow to restrict valid GCM tag length
tniessen Apr 13, 2018
1cd6fae
crypto: add createCipher/WithIV functions
danbev Apr 19, 2018
8d2b3d2
crypto: add addCipherPrototypeFunctions function
danbev Apr 20, 2018
7ffaf72
crypto: remove rsaPrivate and rename rsaPublic
danbev Apr 20, 2018
1ae5218
src: fix node_crypto.cc compiler warnings
danbev Apr 23, 2018
9e9dad6
test: remove crypto.DEFAULT_ENCODING usage
danbev Apr 23, 2018
3bd5db3
crypto: use kNoAuthTagLength in InitAuthenticated
tniessen Apr 23, 2018
f57543b
crypto: add using directives for v8::Int32, Uint32
tniessen Apr 24, 2018
0259d30
crypto: support authTagLength in GCM encryption
tniessen Apr 15, 2018
bb975aa
crypto: allocate more memory for cipher.update()
yhwang Apr 26, 2018
60c5ada
src: more automatic memory management in node_crypto.cc
addaleax Apr 23, 2018
8177b22
crypto: add test case for AES key wrapping
yhwang May 7, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 22 additions & 3 deletions doc/api/crypto.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1316,6 +1316,11 @@ This property is deprecated. Please use `crypto.setFips()` and
<!-- YAML
added: v0.1.94
deprecated: v10.0.0
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/20235
description: The `authTagLength` option can now be used to produce shorter
authentication tags in GCM mode and defaults to 16 bytes.
-->

> Stability: 0 - Deprecated: Use [`crypto.createCipheriv()`][] instead.
Expand All @@ -1331,7 +1336,9 @@ Creates and returns a `Cipher` object that uses the given `algorithm` and
The `options` argument controls stream behavior and is optional except when a
cipher in CCM mode is used (e.g. `'aes-128-ccm'`). In that case, the
`authTagLength` option is required and specifies the length of the
authentication tag in bytes, see [CCM mode][].
authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength`
option is not required but can be used to set the length of the authentication
tag that will be returned by `getAuthTag()` and defaults to 16 bytes.

The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
recent OpenSSL releases, `openssl list -cipher-algorithms`
Expand Down Expand Up @@ -1362,6 +1369,10 @@ Adversaries][] for details.
<!-- YAML
added: v0.1.94
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/20235
description: The `authTagLength` option can now be used to produce shorter
authentication tags in GCM mode and defaults to 16 bytes.
- version: v9.9.0
pr-url: https://github.com/nodejs/node/pull/18644
description: The `iv` parameter may now be `null` for ciphers which do not
Expand All @@ -1379,7 +1390,9 @@ initialization vector (`iv`).
The `options` argument controls stream behavior and is optional except when a
cipher in CCM mode is used (e.g. `'aes-128-ccm'`). In that case, the
`authTagLength` option is required and specifies the length of the
authentication tag in bytes, see [CCM mode][].
authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength`
option is not required but can be used to set the length of the authentication
tag that will be returned by `getAuthTag()` and defaults to 16 bytes.

The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
recent OpenSSL releases, `openssl list -cipher-algorithms`
Expand Down Expand Up @@ -1454,6 +1467,10 @@ to create the `Decipher` object.
<!-- YAML
added: v0.1.94
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/20039
description: The `authTagLength` option can now be used to restrict accepted
GCM authentication tag lengths.
- version: v9.9.0
pr-url: https://github.com/nodejs/node/pull/18644
description: The `iv` parameter may now be `null` for ciphers which do not
Expand All @@ -1471,7 +1488,9 @@ and initialization vector (`iv`).
The `options` argument controls stream behavior and is optional except when a
cipher in CCM mode is used (e.g. `'aes-128-ccm'`). In that case, the
`authTagLength` option is required and specifies the length of the
authentication tag in bytes, see [CCM mode][].
authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength`
option is not required but can be used to restrict accepted authentication tags
to those with the specified length.

The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On
recent OpenSSL releases, `openssl list -cipher-algorithms`
Expand Down
189 changes: 64 additions & 125 deletions lib/internal/crypto/cipher.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ const { StringDecoder } = require('string_decoder');
const { inherits } = require('util');
const { deprecate, normalizeEncoding } = require('internal/util');

function rsaPublic(method, defaultPadding) {
function rsaFunctionFor(method, defaultPadding) {
return function(options, buffer) {
const key = options.key || options;
const padding = options.padding || defaultPadding;
Expand All @@ -42,19 +42,10 @@ function rsaPublic(method, defaultPadding) {
};
}

function rsaPrivate(method, defaultPadding) {
return function(options, buffer) {
const key = options.key || options;
const passphrase = options.passphrase || null;
const padding = options.padding || defaultPadding;
return method(toBuf(key), buffer, padding, passphrase);
};
}

const publicEncrypt = rsaPublic(_publicEncrypt, RSA_PKCS1_OAEP_PADDING);
const publicDecrypt = rsaPublic(_publicDecrypt, RSA_PKCS1_PADDING);
const privateEncrypt = rsaPrivate(_privateEncrypt, RSA_PKCS1_PADDING);
const privateDecrypt = rsaPrivate(_privateDecrypt, RSA_PKCS1_OAEP_PADDING);
const publicEncrypt = rsaFunctionFor(_publicEncrypt, RSA_PKCS1_OAEP_PADDING);
const publicDecrypt = rsaFunctionFor(_publicDecrypt, RSA_PKCS1_PADDING);
const privateEncrypt = rsaFunctionFor(_privateEncrypt, RSA_PKCS1_PADDING);
const privateDecrypt = rsaFunctionFor(_privateDecrypt, RSA_PKCS1_OAEP_PADDING);

function getDecoder(decoder, encoding) {
encoding = normalizeEncoding(encoding);
Expand All @@ -73,10 +64,21 @@ function getUIntOption(options, key) {
return -1;
}

function Cipher(cipher, password, options) {
if (!(this instanceof Cipher))
return new Cipher(cipher, password, options);
function createCipherBase(cipher, credential, options, decipher, iv) {
const authTagLength = getUIntOption(options, 'authTagLength');

this._handle = new CipherBase(decipher);
if (iv === undefined) {
this._handle.init(cipher, credential, authTagLength);
} else {
this._handle.initiv(cipher, credential, iv, authTagLength);
}
this._decoder = null;

LazyTransform.call(this, options);
}

function createCipher(cipher, password, options, decipher) {
if (typeof cipher !== 'string')
throw new ERR_INVALID_ARG_TYPE('cipher', 'string', cipher);

Expand All @@ -89,14 +91,38 @@ function Cipher(cipher, password, options) {
);
}

const authTagLength = getUIntOption(options, 'authTagLength');
createCipherBase.call(this, cipher, password, options, decipher);
}

this._handle = new CipherBase(true);
function createCipherWithIV(cipher, key, options, decipher, iv) {
if (typeof cipher !== 'string')
throw new ERR_INVALID_ARG_TYPE('cipher', 'string', cipher);

this._handle.init(cipher, password, authTagLength);
this._decoder = null;
key = toBuf(key);
if (!isArrayBufferView(key)) {
throw new ERR_INVALID_ARG_TYPE(
'key',
['string', 'Buffer', 'TypedArray', 'DataView'],
key
);
}

LazyTransform.call(this, options);
iv = toBuf(iv);
if (iv !== null && !isArrayBufferView(iv)) {
throw new ERR_INVALID_ARG_TYPE(
'iv',
['string', 'Buffer', 'TypedArray', 'DataView'],
iv
);
}
createCipherBase.call(this, cipher, key, options, decipher, iv);
}

function Cipher(cipher, password, options) {
if (!(this instanceof Cipher))
return new Cipher(cipher, password, options);

createCipher.call(this, cipher, password, options, true);
}

inherits(Cipher, LazyTransform);
Expand Down Expand Up @@ -198,47 +224,22 @@ function Cipheriv(cipher, key, iv, options) {
if (!(this instanceof Cipheriv))
return new Cipheriv(cipher, key, iv, options);

if (typeof cipher !== 'string')
throw new ERR_INVALID_ARG_TYPE('cipher', 'string', cipher);

key = toBuf(key);
if (!isArrayBufferView(key)) {
throw new ERR_INVALID_ARG_TYPE(
'key',
['string', 'Buffer', 'TypedArray', 'DataView'],
key
);
}

iv = toBuf(iv);
if (iv !== null && !isArrayBufferView(iv)) {
throw new ERR_INVALID_ARG_TYPE(
'iv',
['string', 'Buffer', 'TypedArray', 'DataView'],
iv
);
}

const authTagLength = getUIntOption(options, 'authTagLength');

this._handle = new CipherBase(true);
this._handle.initiv(cipher, key, iv, authTagLength);
this._decoder = null;
createCipherWithIV.call(this, cipher, key, options, true, iv);
}

LazyTransform.call(this, options);
function addCipherPrototypeFunctions(constructor) {
constructor.prototype._transform = Cipher.prototype._transform;
constructor.prototype._flush = Cipher.prototype._flush;
constructor.prototype.update = Cipher.prototype.update;
constructor.prototype.final = Cipher.prototype.final;
constructor.prototype.setAutoPadding = Cipher.prototype.setAutoPadding;
constructor.prototype.getAuthTag = Cipher.prototype.getAuthTag;
constructor.prototype.setAuthTag = Cipher.prototype.setAuthTag;
constructor.prototype.setAAD = Cipher.prototype.setAAD;
}

inherits(Cipheriv, LazyTransform);

Cipheriv.prototype._transform = Cipher.prototype._transform;
Cipheriv.prototype._flush = Cipher.prototype._flush;
Cipheriv.prototype.update = Cipher.prototype.update;
Cipheriv.prototype.final = Cipher.prototype.final;
Cipheriv.prototype.setAutoPadding = Cipher.prototype.setAutoPadding;
Cipheriv.prototype.getAuthTag = Cipher.prototype.getAuthTag;
Cipheriv.prototype.setAuthTag = Cipher.prototype.setAuthTag;
Cipheriv.prototype.setAAD = Cipher.prototype.setAAD;

addCipherPrototypeFunctions(Cipheriv);

const finaltol = deprecate(Cipher.prototype.final,
'crypto.Decipher.finaltol is deprecated. Use ' +
Expand All @@ -248,86 +249,24 @@ function Decipher(cipher, password, options) {
if (!(this instanceof Decipher))
return new Decipher(cipher, password, options);

if (typeof cipher !== 'string')
throw new ERR_INVALID_ARG_TYPE('cipher', 'string', cipher);

password = toBuf(password);
if (!isArrayBufferView(password)) {
throw new ERR_INVALID_ARG_TYPE(
'password',
['string', 'Buffer', 'TypedArray', 'DataView'],
password
);
}

const authTagLength = getUIntOption(options, 'authTagLength');

this._handle = new CipherBase(false);
this._handle.init(cipher, password, authTagLength);
this._decoder = null;

LazyTransform.call(this, options);
createCipher.call(this, cipher, password, options, false);
}

inherits(Decipher, LazyTransform);

Decipher.prototype._transform = Cipher.prototype._transform;
Decipher.prototype._flush = Cipher.prototype._flush;
Decipher.prototype.update = Cipher.prototype.update;
Decipher.prototype.final = Cipher.prototype.final;
addCipherPrototypeFunctions(Decipher);
Decipher.prototype.finaltol = finaltol;
Decipher.prototype.setAutoPadding = Cipher.prototype.setAutoPadding;
Decipher.prototype.getAuthTag = Cipher.prototype.getAuthTag;
Decipher.prototype.setAuthTag = Cipher.prototype.setAuthTag;
Decipher.prototype.setAAD = Cipher.prototype.setAAD;


function Decipheriv(cipher, key, iv, options) {
if (!(this instanceof Decipheriv))
return new Decipheriv(cipher, key, iv, options);

if (typeof cipher !== 'string')
throw new ERR_INVALID_ARG_TYPE('cipher', 'string', cipher);

key = toBuf(key);
if (!isArrayBufferView(key)) {
throw new ERR_INVALID_ARG_TYPE(
'key',
['string', 'Buffer', 'TypedArray', 'DataView'],
key
);
}

iv = toBuf(iv);
if (iv !== null && !isArrayBufferView(iv)) {
throw new ERR_INVALID_ARG_TYPE(
'iv',
['string', 'Buffer', 'TypedArray', 'DataView'],
iv
);
}

const authTagLength = getUIntOption(options, 'authTagLength');

this._handle = new CipherBase(false);
this._handle.initiv(cipher, key, iv, authTagLength);
this._decoder = null;

LazyTransform.call(this, options);
createCipherWithIV.call(this, cipher, key, options, false, iv);
}

inherits(Decipheriv, LazyTransform);

Decipheriv.prototype._transform = Cipher.prototype._transform;
Decipheriv.prototype._flush = Cipher.prototype._flush;
Decipheriv.prototype.update = Cipher.prototype.update;
Decipheriv.prototype.final = Cipher.prototype.final;
addCipherPrototypeFunctions(Decipheriv);
Decipheriv.prototype.finaltol = finaltol;
Decipheriv.prototype.setAutoPadding = Cipher.prototype.setAutoPadding;
Decipheriv.prototype.getAuthTag = Cipher.prototype.getAuthTag;
Decipheriv.prototype.setAuthTag = Cipher.prototype.setAuthTag;
Decipheriv.prototype.setAAD = Cipher.prototype.setAAD;


module.exports = {
Cipher,
Expand Down
Loading