Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update crypto.md to correct function description for decipher.setAAD #33095

Closed
wants to merge 3 commits into from
Closed

Update crypto.md to correct function description for decipher.setAAD #33095

wants to merge 3 commits into from

Commits on Apr 27, 2020

  1. Update crypto.md 

    According to the [NodeJS CCM example](https://nodejs.org/docs/latest-v14.x/api/crypto.html#crypto_ccm_mode], when decrypting the `plaintextLength` parameter actually refers to the ciphertext length, not the plaintext length:

```
decipher.setAAD(aad, {
  plaintextLength: ciphertext.length
});
```


The same can be seen in the [OpenSSL docs](https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption) where a call to `EVP_DecryptUpdate` passes the ciphertext length:

```
/* Provide the total ciphertext length */
    if(1 != EVP_DecryptUpdate(ctx, NULL, &len, NULL, ciphertext_len))
        handleErrors();
```

This parameter probably should have been called `inputLength` or `bufferLength` instead of `plaintextLength`, so that it makes sense both when encrypting and decrypting, but at least we can correct the sentence in the documentation for now to refer to the correct value.
    @jbuhacoff
    jbuhacoff committed Apr 27, 2020
    Copy the full SHA
    6cf4de2 View commit details
    Browse the repository at this point in the history

  2. Update crypto.md 

    Add explanation in [CCM mode](https://nodejs.org/docs/latest-v14.x/api/crypto.html#crypto_ccm_mode], that ciphertext length is equal to plaintext length in Node.js crypto output because the authentication tag is returned separately:

```
decipher.setAAD(aad, {
  plaintextLength: ciphertext.length
});
```

The same can be seen in the [OpenSSL docs](https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption) where a call to `EVP_DecryptUpdate` passes the ciphertext length:

```
/* Provide the total ciphertext length */
    if(1 != EVP_DecryptUpdate(ctx, NULL, &len, NULL, ciphertext_len))
        handleErrors();
```
    @jbuhacoff
    jbuhacoff committed Apr 27, 2020
    Copy the full SHA
    7fda32f View commit details
    Browse the repository at this point in the history

  3. Merge branch 'patch-1' of github.com:jbuhacoff/node into patch-1

    @jbuhacoff
    jbuhacoff committed Apr 27, 2020
    Copy the full SHA
    7ca5d05 View commit details
    Browse the repository at this point in the history