crypto: allow setting add'l authenticated data

cscott · Mar 4, 2014 · 31ce348 · 31ce348
1 parent caca4f3
commit 31ce348
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 4 deletions.
diff --git a/doc/api/crypto.markdown b/doc/api/crypto.markdown
@@ -250,6 +250,12 @@ method returns a `Buffer` that represents the _authentication tag_ that
 has been computed from the given data. Should be called after
 encryption has been completed using the `final` method!
 
+### cipher.setAAD(buffer)
+
+For authenticated encryption modes (currently supported: GCM), this
+method sets the value used for the additional authenticated data (AAD) input
+parameter.
+
 
 ## crypto.createDecipher(algorithm, password)
 
@@ -308,6 +314,12 @@ If no tag is provided or if the ciphertext has been tampered with,
 `final` will throw, thus indicating that the ciphertext should
 be discarded due to failed authentication.
 
+### decipher.setAAD(buffer)
+
+For authenticated encryption modes (currently supported: GCM), this
+method sets the value used for the additional authenticated data (AAD) input
+parameter.
+
 
 ## crypto.createSign(algorithm)
 

diff --git a/lib/crypto.js b/lib/crypto.js
@@ -334,6 +334,9 @@ Cipheriv.prototype.setAuthTag = function(tagbuf) {
   this._binding.setAuthTag(tagbuf);
 };
 
+Cipheriv.prototype.setAAD = function(aadbuf) {
+  this._binding.setAAD(aadbuf);
+};
 
 
 exports.createDecipher = exports.Decipher = Decipher;
@@ -381,6 +384,7 @@ Decipheriv.prototype.finaltol = Cipher.prototype.final;
 Decipheriv.prototype.setAutoPadding = Cipher.prototype.setAutoPadding;
 Decipheriv.prototype.getAuthTag = Cipheriv.prototype.getAuthTag;
 Decipheriv.prototype.setAuthTag = Cipheriv.prototype.setAuthTag;
+Decipheriv.prototype.setAAD = Cipheriv.prototype.setAAD;
 
 
 

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -2194,6 +2194,7 @@ void CipherBase::Initialize(Environment* env, Handle<Object> target) {
   NODE_SET_PROTOTYPE_METHOD(t, "setAutoPadding", SetAutoPadding);
   NODE_SET_PROTOTYPE_METHOD(t, "getAuthTag", GetAuthTag);
   NODE_SET_PROTOTYPE_METHOD(t, "setAuthTag", SetAuthTag);
+  NODE_SET_PROTOTYPE_METHOD(t, "setAAD", SetAAD);
 
   target->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "CipherBase"),
               t->GetFunction());
@@ -2386,6 +2387,35 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
 }
 
 
+bool CipherBase::SetAAD(const char* data, unsigned int len) {
+  if (!initialised_ || !IsAuthenticatedMode())
+    return false;
+  int outlen;
+  if (!EVP_CipherUpdate(&ctx_,
+                        NULL,
+                        &outlen,
+                        reinterpret_cast<const unsigned char*>(data),
+                        len)) {
+    ThrowCryptoTypeError(env(), ERR_get_error());
+    return false;
+  }
+  return true;
+}
+
+
+void CipherBase::SetAAD(const FunctionCallbackInfo<Value>& args) {
+  Environment* env = Environment::GetCurrent(args.GetIsolate());
+  HandleScope handle_scope(env->isolate());
+
+  ASSERT_IS_BUFFER(args[0]);
+
+  CipherBase* cipher = Unwrap<CipherBase>(args.This());
+
+  if (!cipher->SetAAD(Buffer::Data(args[0]), Buffer::Length(args[0])))
+    env->ThrowError("Attempting to set AAD in unsupported state");
+}
+
+
 bool CipherBase::Update(const char* data,
                         int len,
                         unsigned char** out,

diff --git a/src/node_crypto.h b/src/node_crypto.h
@@ -356,6 +356,7 @@ class CipherBase : public BaseObject {
   bool IsAuthenticatedMode() const;
   bool GetAuthTag(char** out, unsigned int* out_len) const;
   bool SetAuthTag(const char* data, unsigned int len);
+  bool SetAAD(const char* data, unsigned int len);
 
   static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -366,6 +367,7 @@ class CipherBase : public BaseObject {
 
   static void GetAuthTag(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void SetAuthTag(const v8::FunctionCallbackInfo<v8::Value>& args);
+  static void SetAAD(const v8::FunctionCallbackInfo<v8::Value>& args);
 
   CipherBase(Environment* env,
              v8::Local<v8::Object> wrap,

diff --git a/test/simple/test-crypto-authenticated.js b/test/simple/test-crypto-authenticated.js
@@ -41,11 +41,17 @@ crypto.DEFAULT_ENCODING = 'buffer';
 //
 
 var TEST_CASES = [
-  { algo: 'aes-128-gcm', key: 'ipxp9a6i1Mb4USb4', iv: 'X6sIq117H0vR',
-    plain: 'Hello World!', ct: '4BE13896F64DFA2C2D0F2C76',
+  { algo: 'aes-128-gcm', key: 'ipxp9a6i1Mb4USb4',
+    iv: 'X6sIq117H0vR', plain: 'Hello World!',
+    ct: '4BE13896F64DFA2C2D0F2C76',
     tag: '272B422F62EB545EAA15B5FF84092447', tampered: false },
-  { algo: 'aes-128-gcm', key: 'ipxp9a6i1Mb4USb4', iv: 'X6sIq117H0vR',
-    plain: 'Hello World!', ct: '4BE13596F64DFA2C2D0FAC76',
+  { algo: 'aes-128-gcm', key: 'ipxp9a6i1Mb4USb4',
+    iv: 'X6sIq117H0vR', plain: 'Hello World!',
+    ct: '4BE13896F64DFA2C2D0F2C76', aad: '000000FF',
+    tag: 'BA2479F66275665A88CB7B15F43EB005', tampered: false },
+  { algo: 'aes-128-gcm', key: 'ipxp9a6i1Mb4USb4',
+    iv: 'X6sIq117H0vR', plain: 'Hello World!',
+    ct: '4BE13596F64DFA2C2D0FAC76',
     tag: '272B422F62EB545EAA15B5FF84092447', tampered: true },
   { algo: 'aes-256-gcm', key: '3zTvzr3p67VC61jmV54rIYu1545x4TlY',
     iv: '60iP0h6vJoEa', plain: 'Hello node.js world!',
@@ -69,6 +75,8 @@ for (var i in TEST_CASES) {
 
   (function() {
     var encrypt = crypto.createCipheriv(test.algo, test.key, test.iv);
+    if (test.aad)
+      encrypt.setAAD(new Buffer(test.aad, 'hex'));
     var hex = encrypt.update(test.plain, 'ascii', 'hex');
     hex += encrypt.final('hex');
     var auth_tag = encrypt.getAuthTag();
@@ -82,6 +90,8 @@ for (var i in TEST_CASES) {
   (function() {
     var decrypt = crypto.createDecipheriv(test.algo, test.key, test.iv);
     decrypt.setAuthTag(new Buffer(test.tag, 'hex'));
+    if (test.aad)
+      decrypt.setAAD(new Buffer(test.aad, 'hex'));
     var msg = decrypt.update(test.ct, 'hex', 'ascii');
     if (!test.tampered) {
       msg += decrypt.final('ascii');