Description
Version
v16.19.0 / v18.12.1
Platform
Linux andi-vm 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Subsystem
No response
What steps will reproduce the bug?
import { createCipheriv, createDecipheriv, randomBytes } from 'crypto';
const nonce = 12;
const algorithm = 'chacha20-poly1305';
const encryptionKey = 'qwertyuiopasdfghjklzxcvbnm123456';
const file = Buffer.from('Some file', 'utf-8');
const iv1 = randomBytes(nonce);
const cipher = createCipheriv(algorithm, encryptionKey, iv1, { authTagLength: 16 });
const encrypted = Buffer.concat([iv1, cipher.update(file), cipher.final()]);
const authTag = cipher.getAuthTag();
const iv2 = encrypted.slice(0, nonce);
const toDecrypt = encrypted.slice(nonce);
const decipher = createDecipheriv(algorithm, encryptionKey, iv2, { authTagLength: 16 });
//decipher.setAuthTag(authTag);
const result = Buffer.concat([decipher.update(toDecrypt), decipher.final()]);
console.log(result.toString());How often does it reproduce? Is there a required condition?
If running the code using the node v16.19.0, the code runs without throwing an error. If I change to node v18.12.1, an error is thrown, as per the docs.
What is the expected behavior?
According to the docs:
[...] the decipher.setAuthTag() method is used to pass in the received authentication tag. If no tag is provided, or if the cipher text has been tampered with, decipher.final() will throw, indicating that the cipher text should be discarded due to failed authentication.[...]
I would expect the code snipped above to fail, since the authTag is not set on the decypher.
What do you see instead?
The code snippet above runs without throwing any error. It successfully prints "Some file".
Additional information
As soon as I switch from node v16 to v18, the code snipped throws an error, as expected. Uncommenting the setAuthTag line makes the code work. If this is expected behavior in v16 (vs v18), I'd be happy to be guided to a doc/changelog that explains this change.