JBaczuk
commented
4 years ago Thanks I'll take a look. It'd be nice to have a reproducible example of it breaking just for reference.
Open raullaprida opened 4 years ago
JBaczuk
commented
4 years ago Thanks I'll take a look. It'd be nice to have a reproducible example of it breaking just for reference.
raullaprida
commented
4 years ago Yes I was looking for a place where the browser js tests were coded but I couldn't find any. Basically: Scenario that works without the fix Encrypt('aaaaaaaaaaaaaaa') -->encrypted Decrypt(encrypted) = aaaaaaaaaaaaaaa
Scenario that fails without the fix Encrypt('aaaaaaaaaaaaaaaa') -->encrypted Decrypt(encrypted) = FAIL
(Basically any plaintext 16 bytes or greater will fail) It won't fail in the node version because it actually does the concatenation.
JBaczuk
commented
4 years ago tests are just in the test.js file. The same tests are run in browser and node.js. Would be good to add this case (message > 15 bytes) as a test.
raullaprida
commented
4 years ago Actually the issue is how the index.js is loaded when running the test. It's not using browser.js when running the headless browser tests The test ECIES: " should encrypt and decrypt with generated private and public key" actually fails in the browser. The problem is that, when you run "npm run test", it's not using the browser.js to test when running the headless browser tests.
Proof: If you leave index.js as follows:
`/**
"use strict"; return (module.exports = require("./browser"));`
And run "npm run test". You'll see that " should encrypt and decrypt with generated private and public key" . actually fails and if you apply my fix it gets working
The actual change happens in getAes(), the rest is just styling of the code. In getAes() the code does cypher.update() and ommits the buffer returned by this function. Then it only resolves cypher.final(). When a message is longer than 15 bytes, the encryption/decryption method fails, since it's discarding part of the message blocks.