Comply with RFC 5753 when computing ECDH keys in EnvelopedData - Githubissues

PeculiarVentures / PKI.js

PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.

http://pkijs.org

Other

1.3k stars 204 forks source link

Comply with RFC 5753 when computing ECDH keys in EnvelopedData #336

Closed gnarea closed 2 years ago

gnarea commented 2 years ago

EnvelopedData implementations prior to RFC 5753 used to use NULL as the algorithmParams when using AES ciphers, but RFC 5753 requires the algorithmParams to be absent. PKI.js currently does the former, so it fails to decrypt RFC 5753-compliant EnvelopedData values as reported in #334.

This PR makes PKI.js behave as OpenSSL and Bouncy Castle:

When encrypting, the algorithmParams is absent.
When decrypting, the first attempt is done with algorithmParams absent and, if that fails, we try again with algorithmParams ::= NULL (for backwards compatibility).

Fixes #334

gnarea commented 2 years ago

I just pushed some changes I accidentally left behind earlier today. I'm done making changes now, just waiting for feedback.

gnarea commented 2 years ago

Sorry, folks... I just pushed another commit for another line I forgot to commit before. That really should be the last change before your feedback.

(WebStorm didn't like the CRLF newlines and trailing whitespace in EnvelopedData.js, so I had to manually stage the lines I changed, which is why I missed a bunch of them)

gnarea commented 2 years ago

Thanks! Will do 👍🏾

gnarea commented 2 years ago

Done, @microshine ✔️

microshine commented 2 years ago

The new version v2.2.1 is available

gnarea commented 2 years ago

Awesome, thank you so much! 👏🏾