1
0
mirror of https://github.com/moparisthebest/mail synced 2024-11-25 10:22:18 -05:00

removed hmac integrify check during cbc encryption

This commit is contained in:
Tankred Hase 2013-05-14 13:40:58 +02:00
parent df0696a373
commit 0a6ae5d599
2 changed files with 7 additions and 38 deletions

View File

@ -1,12 +1,11 @@
/**
* A Wrapper for Forge's AES-CBC encryption with HMAC-SHA-256 an integrify check
* A Wrapper for Forge's AES-CBC encryption
*/
app.crypto.AesCBC = function() {
'use strict';
/**
* Encrypt a String using AES-CBC-Pkcs7 using the provided keysize (e.g. 128, 256)
* and create an HMAC-SHA-265 for integrity check
* @param plaintext [String] The input string in UTF8
* @param key [String] The base64 encoded key
* @param iv [String] The base64 encoded IV
@ -22,36 +21,24 @@ app.crypto.AesCBC = function() {
cipher.start(ivUtf8);
cipher.update(forge.util.createBuffer(plaintext));
cipher.finish();
var ctUtf8 = cipher.output.getBytes();
// get hmac
return {
hmac: this.getHmac(ctUtf8, keyUtf8, ivUtf8),
ciphertext: forge.util.encode64(ctUtf8)
};
return forge.util.encode64(cipher.output.getBytes());
};
/**
* Decrypt a String using AES-CBC-Pkcs7 using the provided keysize (e.g. 128, 256)
* and does an HMAC-SHA-265 integrity check
* @param ciphertext [String] The base64 encoded ciphertext
* @param key [String] The base64 encoded key
* @param iv [String] The base64 encoded IV
* @param iv [String] The base64 encoded HMAC
* @return [String] The decrypted plaintext in UTF8
*/
this.decrypt = function(ciphertext, key, iv, hmac) {
this.decrypt = function(ciphertext, key, iv) {
// parse base64 input to utf8
var ctUtf8 = forge.util.decode64(ciphertext);
var keyUtf8 = forge.util.decode64(key);
var ivUtf8 = forge.util.decode64(iv);
// check hmac
var checkedHmac = this.getHmac(ctUtf8, keyUtf8, ivUtf8);
if (hmac !== checkedHmac) {
throw new Error('The integrity check via HMAC failed!');
}
var cipher = forge.aes.createDecryptionCipher(keyUtf8);
cipher.start(ivUtf8);
cipher.update(forge.util.createBuffer(ctUtf8));
@ -60,22 +47,4 @@ app.crypto.AesCBC = function() {
return cipher.output.getBytes();
};
/**
* Generate a base64 encoded HMAC using SHA-265
* @param input [String] The input string in UTF8
* @param key [String] The UTF8 encoded key
* @param iv [String] The UTF8 encoded IV
* @return [String] The base64 encoded hmac
*/
this.getHmac = function(input, key, iv) {
var hmac = forge.hmac.create();
hmac.start('sha256', key);
if (iv) {
hmac.update(iv);
}
hmac.update(input);
return forge.util.encode64(hmac.digest().getBytes());
};
};

View File

@ -12,7 +12,7 @@ test("Init", 1, function() {
aes_test.test_message = new TestData().generateBigString(1000);
});
test("CBC mode with HMAC-SHA-256", 4, function() {
test("CBC mode", 4, function() {
var aes = new app.crypto.AesCBC();
var plaintext = aes_test.test_message;
@ -21,10 +21,10 @@ test("CBC mode with HMAC-SHA-256", 4, function() {
ok(key, 'Key: ' + key);
equal(aes_test.util.base642Str(key).length * 8, aes_test.keySize, 'Keysize ' + aes_test.keySize);
var ct = aes.encrypt(plaintext, key, iv);
ok(ct.ciphertext, 'Ciphertext lenght: ' + ct.ciphertext.length);
var ciphertext = aes.encrypt(plaintext, key, iv);
ok(ciphertext, 'Ciphertext lenght: ' + ciphertext.length);
var decrypted = aes.decrypt(ct.ciphertext, key, iv, ct.hmac);
var decrypted = aes.decrypt(ciphertext, key, iv);
equal(decrypted, plaintext, 'Decryption correct' + decrypted);
});