-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: API changes needed for AES Counter with CBC-MAC (CCM) support #2383
Comments
/cc @nodejs/crypto |
I'm -1 for adding yet another argument to |
@indutny Updated proposal for |
May I ask you to educate me a little bit about the length of cipher-/plain- text? Why is it required to specify, could it be different for the same cipher? |
It is a requirement of OpenSSL. See https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_CCM_mode |
I think this sounds like a good idea to put it in |
I also had the same question as fedor, the reason why the clear/cipher-text length is needed before And I found one more requirement for CCM that So we can have an another idea of api that |
Does this explain why if I try to use aes-128-ccm algorithm, I get
|
Yes, Node currently supports only GCM mode for AEAD. You cannot use CCM now. |
another option would be something along the lines of #941 to create a non-streaming api for encrypting/decrypting. this would also avoid the footgun in gcm of decrypting before authenticating. Strickly speaking we don't really need the authtag length, we get by in GCM by only allowing a single size. |
Hello Bryce (and others). I was checking to see if AES_128_CCM_8 is supported by Node.js crypto lib, and ran into this thread. Since it was initiated in August, Since I would like to use this cipher suite for a project I am working on, I am wondering if this work has been completed yet? Or if there is a date it is expected to be done? Thanks! |
@Partha-Mukherjee-G2H it is not supported yet by the core crypto API. You can use my module node-aes-ccm in the meantime. |
@brycekahle - I greatly appreciate the fast reply! I have not worked with native C++ modules in node.js before so I will take a good look at that. |
I haven't tested with later versions of node, but it should work. If not, raise an issue on that repo and I can fix it. |
Is it the case right now that there's agreement that the feature makes sense, but no one planning to implement and submit a pull request? Is someone willing to mentor a moderately crypto-savvy person who wanted to do this? (That's not me and I don't have anyone specific in mind. I'm just trying to figure out a way to move this forward.) |
I am planning to implement this after landing #17566. |
Any update on this ? This code still returns "Trying to add data in unsupported state". var crypto = require('crypto');
var plaintext = 'some text';
var key = crypto.randomBytes(16);
var encipher = crypto.createCipher('aes-128-ccm', key);
encipher.setAutoPadding(true);
var ciphertext = Buffer.concat([encipher.update(plaintext), encipher.final()]);
var decipher = crypto.createDecipher('aes-128-ccm', key);
decipher.setAutoPadding(true);
try {
var deciphertext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
console.log(deciphertext.toString());
} catch(e) {
console.error(e);
} Is it possible to use a 'ccm' methods in node ? |
@eduardbcom #18138 is awaiting TSC approval and will add full support for |
@tniessen got it, thanks! |
Overview
I've started work on adding AES CCM support to node. This is part of a larger goal of getting full DTLS support into node. Specifically I need
AES_128_CCM_8
support. Until then, I'm working on a native module for the crypto support and helping @Rantanen improve his DTLS protocol module.OpenSSL already supports this cipher, so I thought it was a matter of adding the necessary calls. I've since run into a complication with the order of calls required by OpenSSL and how the
CipherBase
class is structured.I'm looking for some discussion and/or guidance on how to proceed with implementation.
CCM Requirements
CCM requires specifying 2 or 3 additional lengths for proper operation.
Authentication Tag Length
The authentication tag length must be specified before calling
EVP_CipherInit_ex
with thekey
andiv
parameters (source). If specified afterwards, OpenSSL returns a buffer full of zeroes.Plaintext / Ciphertext length
The total plaintext or ciphertext length must be specified before setting the AAD (via
EVP_CipherUpdate
incipher.setAAD
) and before adding any plaintext (viaEVP_CipherUpdate
incipher.update
). If not specified before,cipher.setAAD
will fail.Proposed API Changes
In order to provide the 1 or 2 lengths required, some API changes will be needed. This is where some input would be greatly appreciated.
The requirement for the authentication tag length is needed before the final OpenSSL call of
CipherBase::initiv
. This meanscrypto.createCipheriv
andcrypto.createDecipheriv
need additional optional parameters.authTagLength
property to theoptions
parameter ofcrypto.createCipheriv
andcrypto.createDecipheriv
The requirement for the plaintext / ciphertext length depends on using AAD, thus perhaps it makes sense to add an optional parameter to
cipher.setAAD
?cipher.setAAD
tocipher.setAAD(buffer, [length])
. The confusing part here is thatlength
is not the length of the AAD, but the plaintext / ciphertext length.I'm open to any and all suggestions regarding API signature changes, or even new methods.
What does everyone think?
The text was updated successfully, but these errors were encountered: