search

anvilresearch / webcrypto

W3C Web Cryptography API for Node.js
MIT License
82 stars 14 forks source link

AES-GCM decrypt taglength #52

Closed pierresegonne closed 6 years ago

pierresegonne commented 6 years ago

Hi! Incredible work!

If the taglength is not provided in the algorithm parameter of the crypto.subtle.decrypt() method it won't be correctly set to 128, and thus the decrypt will throw an error

EternalDeiwos commented 6 years ago

Hi, would you be referring to this logic?

https://github.com/anvilresearch/webcrypto/blob/master/src/algorithms/AES-GCM.js#L139-L143

I'm pretty sure that should result in the tagLength defaulting to 128.

thelunararmy commented 6 years ago

Not getting this error, can you test again and verify.

christiansmith commented 6 years ago

@pierresegonne thanks for the kind words and for filing the issue. Since we're not able to reproduce the error, could you please provide a few additional details about your OS, node versions, etc? And perhaps the snippet of code that's throwing? Thanks again!

pierresegonne commented 6 years ago

here is my decrypt function:

`async function decrypt(encrypted) {

let content = contentDecoder(encrypted);
// password handling
// encoding
let pwUtf8 = encoder.encode(password);
// hashing
let hash = cryptoN.createHash('sha256');
hash.update(pwUtf8);
let pwHash = hash.digest();

// IV
let iv = content.iv;

// ALG
let alg = {name: algorithm, iv: iv, tagLength : 128};

// KEY GENERATION
let cryptoKey = await crypto.subtle.importKey('raw', pwHash, alg, false, ['encrypt', 'decrypt']);

// Decrypt
let data = content.contentBuffer;
let decrypted = await crypto.subtle.decrypt(alg, cryptoKey, data);

// display
console.log(decoder.decode(decrypted));

}`

If I don't precise the tagLength in the alg variable, I catch the following error : Error: Data length cannot be less than tagLength.

I went into the webcrypto/AES-GCM.js file and displayed algorithm.tagLength right before

  1. Verify data length and got that algorithm.tagLength is undefined

So the way I see it,

the 2. Verify data length should become : if ((data.length*8)<tagLength) { throw new OperationError('Data length cannot be less than tagLength. ') }

EternalDeiwos commented 6 years ago

Ah, I see the problem. Thanks @pierresegonne, nice catch.

https://github.com/anvilresearch/webcrypto/blob/master/src/algorithms/AES-GCM.js#L153

^ should use tagLength instead of algorithm.tagLength

thelunararmy commented 6 years ago

Fixed in 0a10dc74277b9632dbe8ebd213477dd7055b90db

EternalDeiwos commented 6 years ago

@pierresegonne I've just published the fix as v0.7.1. Thanks again and please let us know if you find anything else.