Comments (5)
The padding is specified here: https://tools.ietf.org/html/rfc7539#section-2.8.1
I believe it's implemented properly. If there is a problem here, it probably has something to do with the lazy computation of the aad padding (the C code is something like a port of a port of a port of my original bip151 code, so it could probably use some maintenance).
Anyway, code to reproduce this would be very helpful.
from bcrypto.
Apologies for my delayed response with the test. I cleaned up the tests I was running last night and compiled them into this file here: https://github.com/kilpatty/hsd/blob/brontide-cipher-test/test/brontide-test.js#L19
I think your implementation of the padding is correct, just something is lingering around to make the next tag returned from encryption different, even if it's a different object in JS with the same parameters.
I can dive into this more tonight and see if I can figure out what is causing this exactly.
from bcrypto.
Did some more digging on this today, I couldn't find anything in your implementation of AEAD that would cause this issue.
I think what might be happening is an issue with Buffer reuse in Node - when I reuse the const buffer HELLO
, this issue occurs. When I instead create two new buffers, then it works as intended.
Attempting to reprint HELLO
to string after the first encryption attempt shows that it no longer prints to it's normal text. I don't think this is actually a big issue because A. I didn't notice any corruption occurring if we replace HELLO
with EMPTY
, and B. we aren't sharing buffers that many places in the Brontide code.
I'm going to close this now on the basis that I think it's entirely on that Buffer reuse issue. I'm not sure if that's something we should investigate further, as I think it's just isolated to tests at the moment.
from bcrypto.
@kilpatty, ah, I should have mentioned: all of the stream ciphers in bcrypto encrypt the buffer in-place. This isn't typical of js apis, but it's done for extra speed. This might be the cause of the issue. Maybe this feature should be documented more clearly (?).
from bcrypto.
Ah my mistake -> not sure how I didn't see that in my testing earlier. Noted for the future, happy to work on some docs for that.
from bcrypto.
Related Issues (20)
- Switch to N-API and deprecate NAN HOT 4
- Pre-built binaries ? HOT 2
- bcrypto 5.0.0 fails to install on Windows HOT 5
- Symbol not found: _mpn_zero_p HOT 1
- [security] randomBytes() falling back to Math.random()
- Use of `BCRYPTO_FORCE_BIGINT` may silently error and fallback to JS without BigInt
- bcrypto fails to build on windows HOT 8
- "A dynamic link library (DLL) initialization routine failed" when run in Windows under Electron or PKG HOT 5
- Update secp256k1
- Feature request: ESM support HOT 2
- Typescript support
- Monorepo
- Error when I run `yarn add bcrypto` HOT 6
- Implicitly declaring library function memcpy... on MacOS 10.15.7 HOT 6
- [SECURITY] Timing leaks in lib/native/bn.js HOT 3
- close
- AWS Lambda runtime error: version "GLIBC_2.28" not found HOT 1
- Usage with browsers HOT 4
- bech32m is not replaced with bench32m-browser when using browser HOT 3
- v5.5.0 not found on NPM HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bcrypto.