Closed
Description
- Node.js Version: v12.15.0
- OS: Linux 5.5.2-arch1-1
- Scope (install, code, runtime, meta, other?): code
- Module (and version) (if relevant): crypto (openssl: '1.1.1d')
With a 32768 bytes message, the AES-128-CCM cipher and decipher both work well.
With a 32769 bytes message, the AES-128-CCM cipher works well, but the decipher failed with a message:
Error: Unsupported state or unable to authenticate data
at Decipheriv._flush (internal/crypto/cipher.js:139:29)
at Decipheriv.prefinish (_stream_transform.js:140:10)
at Decipheriv.emit (events.js:223:5)
at prefinish (_stream_writable.js:670:14)
at finishMaybe (_stream_writable.js:678:5)
at endWritable (_stream_writable.js:698:3)
at Decipheriv.Writable.end (_stream_writable.js:627:5)
at ReadStream.onend (_stream_readable.js:693:10)
at Object.onceWrapper (events.js:312:28)
at ReadStream.emit (events.js:228:7)
I can't understand why. Whatever I change the AAD/IV/authTagLength, it can‘t work.
Here is my code:
// execute after: dd if=/dev/random of=random.bin count=1 bs=32769
const $Crypto = require("crypto");
const $fs = require("fs");
const key = $Crypto.randomBytes(16);
const iv = $Crypto.randomBytes(8);
const aad = $Crypto.randomBytes(1);
const stream = $Crypto.createCipheriv("aes-128-ccm", key, iv, {
authTagLength: 16
});
stream.setAAD(aad, {
plaintextLength: 32769
});
$fs.createReadStream("./random.bin").pipe(stream).pipe(
$fs.createWriteStream("./random.bin.ciphertext")
).on("finish", function() {
console.info("encrypted");
const destream = $Crypto.createDecipheriv("aes-128-ccm", key, iv, {
authTagLength: 16
});
destream.setAAD(aad, {
plaintextLength: 32769
});
destream.setAuthTag(stream.getAuthTag());
$fs.createReadStream("./random.bin.ciphertext").pipe(destream).pipe(
$fs.createWriteStream("./random.bin.plaintext")
);
});