bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-12 22:44:11 +00:00
Code Issues Releases Wiki Activity

Add diffie-hellman and aes-gcm cryptography

Browse Source 
We're planning on using x25519 encapsulating an aes-256-gcm key.
This commit is contained in:
Matt Gibson
2024-11-14 16:40:19 -08:00
parent 5c540a86f4
commit b036c0ce16
5 changed files with 777 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

255
libs/node/src/services/node-crypto-function.service.spec.ts
View File

@@ -210,6 +210,18 @@ describe("NodeCrypto Function Service", () => {
});
});
describe("aesDecryptFast GCM mode", () => {
it("successfully decrypts data", async () => {
const nodeCryptoFunctionService = new NodeCryptoFunctionService();
const iv = Utils.fromBufferToB64(makeStaticByteArray(12));
const symKey = new SymmetricCryptoKey(makeStaticByteArray(32));
const data = "Amy1abyVtlboYFBtLnDAzAwAgb3Qg2m4fMo=";
const params = nodeCryptoFunctionService.aesDecryptFastParameters(data, iv, null, symKey);
const decValue = await nodeCryptoFunctionService.aesDecryptFast(params, "gcm");
expect(decValue).toBe("EncryptMe!");
});
});
describe("aesDecrypt CBC mode", () => {
it("should successfully decrypt data", async () => {
const nodeCryptoFunctionService = new NodeCryptoFunctionService();
@@ -231,6 +243,17 @@ describe("NodeCrypto Function Service", () => {
});
});
describe("aesDecrypt GCM mode", () => {
it("successfully decrypts data", async () => {
const nodeCryptoFunctionService = new NodeCryptoFunctionService();
const iv = makeStaticByteArray(12);
const key = makeStaticByteArray(32);
const data = Utils.fromB64ToArray("Amy1abyVtlboYFBtLnDAzAwAgb3Qg2m4fMo=");
const decValue = await nodeCryptoFunctionService.aesDecrypt(data, iv, key, "gcm");
expect(Utils.fromBufferToUtf8(decValue)).toBe("EncryptMe!");
});
});
describe("rsaEncrypt", () => {
it("should successfully encrypt and then decrypt data", async () => {
const nodeCryptoFunctionService = new NodeCryptoFunctionService();
@@ -302,6 +325,238 @@ describe("NodeCrypto Function Service", () => {
expect(spy).toHaveBeenCalledWith(32);
});
});
describe("diffieHellmanGenerateKeyPair", () => {
describe("x25519", () => {
it("generates a key pair", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const { keyPair } = await cryptoFunctionService.diffieHellmanGenerateKeyPair(
"x25519",
undefined,
);
expect(keyPair.privateKey).toBeDefined();
expect(keyPair.publicKey).toBeDefined();
});
it("pre-extracts the public key in raw format", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const { keyPair, publicKey } = await cryptoFunctionService.diffieHellmanGenerateKeyPair(
"x25519",
undefined,
);
const publicFromKeyPair = await crypto.subtle.exportKey("raw", keyPair.publicKey);
expect(publicKey).toEqual(new Uint8Array(publicFromKeyPair));
});
});
describe("ecdh", () => {
describe.each(["P-256", "P-384", "P-521"] as const)("curve %s", (curve) => {
it("generates a key pair", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const { keyPair } = await cryptoFunctionService.diffieHellmanGenerateKeyPair(
"ecdh",
curve,
);
expect(keyPair.privateKey).toBeDefined();
expect(keyPair.publicKey).toBeDefined();
});
it("pre-extracts the public key in raw format", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const { keyPair, publicKey } = await cryptoFunctionService.diffieHellmanGenerateKeyPair(
"ecdh",
curve,
);
const publicFromKeyPair = await crypto.subtle.exportKey("raw", keyPair.publicKey);
expect(publicKey).toEqual(new Uint8Array(publicFromKeyPair));
// Should be odd
expect(publicKey.byteLength % 2).toBe(1);
// First byte should be 0x04
expect(publicKey[0]).toBe(0x04);
});
});
});
});
describe("deriveSharedKeyBits", () => {
let cryptoFunctionService: NodeCryptoFunctionService;
beforeEach(() => {
cryptoFunctionService = new NodeCryptoFunctionService();
});
describe("x25519", () => {
const testVectors = Object.freeze({
a: {
key_ops: ["deriveKey", "deriveBits"],
ext: true,
crv: "X25519",
d: "dwdtCnMYpX08FsFyUbJmRd9ML4frwJkqsXf7pR25LCo=",
x: "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo=",
kty: "OKP",
},
b: {
key_ops: ["deriveKey", "deriveBits"],
ext: true,
crv: "X25519",
d: "XasIfmJKikt54X+Lg4AO5m87sSkmGLb9HC+LJ/+I4Os=",
x: "3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08=",
kty: "OKP",
},
expected: "Sl2dW6TOLeFyjjv0gDUPJeB+IclH0Z4zdvCbPB4WF0I", // hex
});
it("computes the correct shared key for a test vector", async () => {
function testVectorToUint8Array(hex: string): Uint8Array {
return new Uint8Array(Buffer.from(hex, "hex"));
}
const aPrivateKey = await crypto.subtle.importKey("jwk", testVectors.a, "x25519", false, [
"deriveBits",
]);
const aPublicKey = new Uint8Array(Buffer.from(testVectors.a.x, "base64"));
const bPrivateKey = await crypto.subtle.importKey("jwk", testVectors.b, "x25519", false, [
"deriveBits",
]);
const bPublicKey = new Uint8Array(Buffer.from(testVectors.b.x, "base64"));
const expectedSharedKey = testVectorToUint8Array(
"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742",
);
const actualAB = await cryptoFunctionService.deriveSharedKeyBits(
aPrivateKey,
bPublicKey,
"x25519",
undefined,
);
const actualBA = await cryptoFunctionService.deriveSharedKeyBits(
bPrivateKey,
aPublicKey,
"x25519",
undefined,
);
expect(actualAB).toEqual(expectedSharedKey);
expect(actualBA).toEqual(expectedSharedKey);
});
});
describe("ecdh", () => {
// from rfc 7027 https://datatracker.ietf.org/doc/html/rfc7027.html#page-6
const testVectors = Object.freeze({
"P-256": {
a: {
key_ops: ["deriveKey", "deriveBits"],
ext: true,
kty: "EC",
x: "slavLyCsXalaOmUgYA-cG4RFNxapMfWK5cnGFZXEsmE",
y: "fR3rqDZX_m9ba5OPD4EM4AecqltCTNyXsGmV6e5UYkk",
crv: "P-256",
d: "HauUPXMuCzvArJpcNJisBzfHq05MVPmHv1Ixd_8Trxk",
},
b: {
key_ops: ["deriveKey", "deriveBits"],
ext: true,
kty: "EC",
x: "UDVHYHeNMuViKX2ixvJfUdRkP2vYaLH5LEtaZj0Sp5U",
y: "ScRWbvlcz4IZc6h4SkUu6ejmho1hOrg3kUgEkpJf4OE",
crv: "P-256",
d: "xquL6bqtpdDaEoZ0h2HDwpXlPdX__w0xrr8VZLAS2wQ",
},
expectedSharedKey: {
x: "89AFC39D41D3B327814B80940B042590F96556EC91E6AE7939BCE31F3A18BF2B",
y: "49C27868F4ECA2179BFD7D59B1E3BF34C1DBDE61AE12931648F43E59632504DE",
},
},
"P-384": {
a: {
key_ops: ["deriveKey", "deriveBits"],
ext: true,
kty: "EC",
x: "0vsFRhdWTrrQyXF6MJcB3Lg-JjalCra973eA46nFNBwD4oLbTzpL514ZVNIb5nPG",
y: "_KZHmMem5pmjhKjAmQ2twvwkssOh5ww28ZXBabgOsCF3MYi-ICkvkqdVvdPNCPaM",
crv: "P-384",
d: "V7yD-hx8gep_0pw8nFTYD0pRVkxGGN9Uz1zL1Ynq99oSJBG-mceLkwhXACvTKN2o",
},
b: {
key_ops: ["deriveKey", "deriveBits"],
ext: true,
kty: "EC",
x: "4pgonl58vdZpXrBurolmIw85fAwIY0gMfNRYt1TZWY-kXYz5vKxhi1ycjqotiprR",
y: "CCFnRehKJtFX1-0zJWHcXaIpm09B88rq2nhmCRcc5E9NOdgh8dRyJw63o7c7F7XQ",
crv: "P-384",
d: "40D_ztyfZdBzV3CT8r5JC-SvZfGx4IfUnQNOzbgLcD98zvGcCH04Zs41JCEQ0t-y",
},
},
"P-521": {
a: {
key_ops: ["deriveKey", "deriveBits"],
ext: true,
kty: "EC",
x: "APD7DZbPsfQ-9tDlc1gFnZGQg5seDx59BmKeFDRERULUqr3EYoxpH-8eutJoXaKCTdzdiXWYpG7nEO99Q6CQuR6Q",
y: "ACbcq7utMbQ5XRGwg-O23brBa29Gcaht6TRQvT9k3worJDQlKN-awn8b68HGMb8WEfJe2gFoPAB9D9Cr8sRT5W35",
crv: "P-521",
d: "AVeaaA3VUhbZfz_oJOCZjhg6gqxXjf96YDJ7rawtAnJDHxtLif7LHVQcOHRKiB6dN9al5KdCGhvo8eekMgRcDXPI",
},
b: {
key_ops: ["deriveKey", "deriveBits"],
ext: true,
kty: "EC",
x: "AD_GaHOGgjivKoC4C7L5P-fEUzvEpXKFSi32tmscW4NJqiCWQsekuR0EMNgXTw_7GTlrnsn5CcLHfianF3Way-bk",
y: "AcJO4Pl7_qys5QS0-XP_Wluy5KgBXZIIG5vmmDLK7Vhsl_30IP6_WPA5JkqEOHZs25uTMdEERvcJlw7EAItGrM5t",
crv: "P-521",
d: "ADYRyQSF0aLOcYGukdjtFEe5d_pI8wLoU5kNHXfUPoVDHqK02zC-bDRIjJB8f0VWBZYVs88WXFVabUzYlbFwcSi1",
},
},
});
describe.each(["P-256", "P-384", "P-521"] as const)("curve %s", (curve) => {
it("computes the correct shared key for a test vector", async () => {
const aPrivateKey = await crypto.subtle.importKey(
"jwk",
testVectors[curve].a,
{ name: "ecdh", namedCurve: curve },
true,
["deriveBits"],
);
const aPublicKey = Buffer.concat([
new Uint8Array([0x04]),
Buffer.from(testVectors[curve].a.x, "base64"),
Buffer.from(testVectors[curve].a.y, "base64"),
]);
const bPrivateKey = await crypto.subtle.importKey(
"jwk",
testVectors[curve].b,
{ name: "ecdh", namedCurve: curve },
true,
["deriveBits"],
);
const bPublicKey = Buffer.concat([
new Uint8Array([0x04]),
Buffer.from(testVectors[curve].b.x, "base64"),
Buffer.from(testVectors[curve].b.y, "base64"),
]);
const actualAB = cryptoFunctionService.deriveSharedKeyBits(
aPrivateKey,
bPublicKey,
"ecdh",
curve,
);
const actualBA = cryptoFunctionService.deriveSharedKeyBits(
bPrivateKey,
aPublicKey,
"ecdh",
curve,
);
expect(actualAB).toEqual(actualBA);
});
});
});
});
});
function testPbkdf2(

74
libs/node/src/services/node-crypto-function.service.ts
View File

@@ -191,7 +191,7 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
async aesDecryptFast(
parameters: DecryptParameters<Uint8Array>,
mode: "cbc" | "ecb",
mode: "cbc" | "ecb" | "gcm",
): Promise<string> {
const decBuf = await this.aesDecrypt(parameters.data, parameters.iv, parameters.encKey, mode);
return Utils.fromBufferToUtf8(decBuf);
@@ -201,12 +201,16 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
data: Uint8Array,
iv: Uint8Array,
key: Uint8Array,
mode: "cbc" | "ecb",
mode: "cbc" | "ecb" | "gcm",
): Promise<Uint8Array> {
const nodeData = this.toNodeBuffer(data);
const nodeData =
mode !== "gcm" ? this.toNodeBuffer(data) : this.toNodeBuffer(data.slice(0, -16)); // remove gcm tag
const nodeIv = mode === "ecb" ? null : this.toNodeBuffer(iv);
const nodeKey = this.toNodeBuffer(key);
const decipher = crypto.createDecipheriv(this.toNodeCryptoAesMode(mode), nodeKey, nodeIv);
if (mode === "gcm") {
(decipher as crypto.DecipherGCM).setAuthTag(data.slice(-16));
}
const decBuf = Buffer.concat([decipher.update(nodeData), decipher.final()]);
return Promise.resolve(this.toUint8Buffer(decBuf));
}
@@ -279,6 +283,61 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
});
}
async diffieHellmanGenerateKeyPair(
algorithm: "x25519" | "ecdh",
curve: undefined | "P-256" | "P-384" | "P-521",
): Promise<{
keyPair: CryptoKeyPair;
publicKey: Uint8Array;
}> {
if (algorithm === "x25519" && curve != null) {
throw new Error("x25519 does not use the curve parameter.");
}
const keys = await crypto.subtle.generateKey(
{
name: algorithm,
namedCurve: curve,
},
true,
["deriveKey", "deriveBits"],
);
return {
keyPair: keys,
publicKey: new Uint8Array(await crypto.subtle.exportKey("raw", keys.publicKey)),
};
}
async deriveSharedKeyBits(
privateKey: CryptoKey,
publicKeyRaw: Uint8Array,
algorithm: "x25519" | "ecdh",
curve: undefined | "P-256" | "P-384" | "P-521",
): Promise<Uint8Array> {
if (algorithm === "x25519" && curve != null) {
throw new Error("x25519 does not use the curve parameter.");
}
const publicKey = await crypto.subtle.importKey(
"raw",
publicKeyRaw,
{ name: algorithm, namedCurve: curve },
true,
[],
);
const dhSecret = await crypto.subtle.deriveBits(
{
name: algorithm,
public: publicKey,
},
privateKey,
256,
);
return new Uint8Array(dhSecret);
}
aesGenerateKey(bitLength: 128 | 192 | 256 | 512): Promise<CsprngArray> {
return this.randomBytes(bitLength / 8);
}
@@ -335,7 +394,12 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
return forge.pki.publicKeyToPem(publicKey);
}
private toNodeCryptoAesMode(mode: "cbc" | "ecb"): string {
return mode === "cbc" ? "aes-256-cbc" : "aes-256-ecb";
private readonly NODE_CRYPTO_AES_MODES = Object.freeze({
cbc: "aes-256-cbc",
ecb: "aes-256-ecb",
gcm: "aes-256-gcm",
} as const);
private toNodeCryptoAesMode(mode: "cbc" | "ecb" | "gcm"): string {
return this.NODE_CRYPTO_AES_MODES[mode];
}
}