bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-13 06:54:07 +00:00
Code Issues Releases Wiki Activity

Add optional aad for aes gcm mode decryption

Browse Source 
This is used in key connector communication tunneling to prevent downgrade attacks in the future
This commit is contained in:
Matt Gibson
2024-11-18 14:33:01 -08:00
parent 8ccf0b77ac
commit 42ebc23fd3
8 changed files with 191 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
libs/node/src/services/node-crypto-function.service.spec.ts
View File

@@ -226,6 +226,21 @@ describe("NodeCrypto Function Service", () => {
const decValue = await cryptoFunctionService.aesDecrypt(envValue, iv, key, "gcm");
expect(Utils.fromBufferToUtf8(decValue)).toBe(value);
});
it("should successfully encrypt and then decrypt data with aad", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const iv = makeStaticByteArray(12);
const key = makeStaticByteArray(32);
const value = "EncryptMe!";
const data = Utils.fromUtf8ToArray(value);
const aad = Utils.fromUtf8ToArray("aad");
const encAndIv = new Uint8Array(
await cryptoFunctionService.aesGcmEncrypt(data, iv, key, aad),
);
const envValue = encAndIv.slice(0, encAndIv.length - 12);
const decValue = await cryptoFunctionService.aesDecrypt(envValue, iv, key, "gcm", aad);
expect(Utils.fromBufferToUtf8(decValue)).toBe(value);
});
});
describe("aesDecryptFast CBC mode", () => {
@@ -251,18 +266,6 @@ describe("NodeCrypto Function Service", () => {
});
});
describe("aesDecryptFast GCM mode", () => {
it("successfully decrypts data", async () => {
const nodeCryptoFunctionService = new NodeCryptoFunctionService();
const iv = Utils.fromBufferToB64(makeStaticByteArray(12));
const symKey = new SymmetricCryptoKey(makeStaticByteArray(32));
const data = "Amy1abyVtlboYFBtLnDAzAwAgb3Qg2m4fMo=";
const params = nodeCryptoFunctionService.aesDecryptFastParameters(data, iv, null, symKey);
const decValue = await nodeCryptoFunctionService.aesDecryptFast(params, "gcm");
expect(decValue).toBe("EncryptMe!");
});
});
describe("aesDecrypt CBC mode", () => {
it("should successfully decrypt data", async () => {
const nodeCryptoFunctionService = new NodeCryptoFunctionService();