From 59a6c60a929300606378fb6066002283d9e9c716 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Thu, 14 Jun 2018 15:18:14 +0200 Subject: [PATCH] crypto: add support for OCB mode for AEAD Backport-PR-URL: https://github.com/nodejs/node/pull/22473 PR-URL: https://github.com/nodejs/node/pull/21447 Reviewed-By: Ben Noordhuis Reviewed-By: James M Snell --- doc/api/crypto.md | 41 ++-- src/node_crypto.cc | 60 +++-- test/parallel/test-crypto-authenticated.js | 256 +++++++++++++++++++-- 3 files changed, 301 insertions(+), 56 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index c5c29ba404bdf6..ff6f82405135e9 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -249,11 +249,11 @@ added: v1.0.0 - `plaintextLength` {number} * Returns: {Cipher} for method chaining. -When using an authenticated encryption mode (only `GCM` and `CCM` are currently -supported), the `cipher.setAAD()` method sets the value used for the +When using an authenticated encryption mode (`GCM`, `CCM` and `OCB` are +currently supported), the `cipher.setAAD()` method sets the value used for the _additional authenticated data_ (AAD) input parameter. -The `options` argument is optional for `GCM`. When using `CCM`, the +The `options` argument is optional for `GCM` and `OCB`. When using `CCM`, the `plaintextLength` option must be specified and its value must match the length of the plaintext in bytes. See [CCM mode][]. @@ -263,8 +263,8 @@ The `cipher.setAAD()` method must be called before [`cipher.update()`][]. -* Returns: {Buffer} When using an authenticated encryption mode (only `GCM` and - `CCM` are currently supported), the `cipher.getAuthTag()` method returns a +* Returns: {Buffer} When using an authenticated encryption mode (`GCM`, `CCM` + and `OCB` are currently supported), the `cipher.getAuthTag()` method returns a [`Buffer`][] containing the _authentication tag_ that has been computed from the given data. @@ -412,8 +412,8 @@ changes: - `plaintextLength` {number} * Returns: {Decipher} for method chaining. -When using an authenticated encryption mode (only `GCM` and `CCM` are currently -supported), the `decipher.setAAD()` method sets the value used for the +When using an authenticated encryption mode (`GCM`, `CCM` and `OCB` are +currently supported), the `decipher.setAAD()` method sets the value used for the _additional authenticated data_ (AAD) input parameter. The `options` argument is optional for `GCM`. When using `CCM`, the @@ -433,8 +433,8 @@ changes: * `buffer` {Buffer | TypedArray | DataView} * Returns: {Decipher} for method chaining. -When using an authenticated encryption mode (only `GCM` and `CCM` are currently -supported), the `decipher.setAuthTag()` method is used to pass in the +When using an authenticated encryption mode (`GCM`, `CCM` and `OCB` are +currently supported), the `decipher.setAuthTag()` method is used to pass in the received _authentication tag_. If no tag is provided, or if the cipher text has been tampered with, [`decipher.final()`][] will throw, indicating that the cipher text should be discarded due to failed authentication. @@ -1324,6 +1324,9 @@ This property is deprecated. Please use `crypto.setFips()` and added: v0.1.94 deprecated: v10.0.0 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/21447 + description: Ciphers in OCB mode are now supported. - version: v10.2.0 pr-url: https://github.com/nodejs/node/pull/20235 description: The `authTagLength` option can now be used to produce shorter @@ -1341,7 +1344,7 @@ Creates and returns a `Cipher` object that uses the given `algorithm` and `password`. The `options` argument controls stream behavior and is optional except when a -cipher in CCM mode is used (e.g. `'aes-128-ccm'`). In that case, the +cipher in CCM or OCB mode is used (e.g. `'aes-128-ccm'`). In that case, the `authTagLength` option is required and specifies the length of the authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength` option is not required but can be used to set the length of the authentication @@ -1376,6 +1379,9 @@ Adversaries][] for details. > Stability: 0 - Deprecated: Use [`crypto.createDecipheriv()`][] instead. @@ -1454,7 +1464,7 @@ Creates and returns a `Decipher` object that uses the given `algorithm` and `password` (key). The `options` argument controls stream behavior and is optional except when a -cipher in CCM mode is used (e.g. `'aes-128-ccm'`). In that case, the +cipher in CCM or OCB mode is used (e.g. `'aes-128-ccm'`). In that case, the `authTagLength` option is required and specifies the length of the authentication tag in bytes, see [CCM mode][]. @@ -1474,6 +1484,9 @@ to create the `Decipher` object.