Merge pull request #35 from martinthomson/release

Release

Author: martinthomson

nodejs/ece.js

@@ -20,10 +20,6 @@
 var crypto = require('crypto');
 var base64 = require('urlsafe-base64');
 
-var saved = {
-  keymap: {},
-  keylabels: {}
-};
 var AES_GCM = 'aes-128-gcm';
 var PAD_SIZE = { 'aes128gcm': 1, 'aesgcm': 2, 'aesgcm128': 1 };
 var TAG_LENGTH = 16;
@@ -102,15 +98,6 @@ function lengthPrefix(buffer) {
 
 function extractDH(header, mode) {
   var key = header.privateKey;
-  if (!key) {
-    if (!header.keymap || !header.keyid || !header.keymap[header.keyid]) {
-      throw new Error('No known DH key for ' + header.keyid);
-    }
-    key = header.keymap[header.keyid];
-  }
-  if (!header.keylabels[header.keyid]) {
-    throw new Error('No known DH key label for ' + header.keyid);
-  }
   var senderPubKey, receiverPubKey;
   if (mode === MODE_ENCRYPT) {
     senderPubKey = key.getPublicKey();
@@ -125,7 +112,7 @@ function extractDH(header, mode) {
   return {
     secret: key.computeSecret(header.dh),
     context: Buffer.concat([
-      Buffer.from(header.keylabels[header.keyid], 'ascii'),
+      Buffer.from(header.keylabel, 'ascii'),
       Buffer.from([0]),
       lengthPrefix(receiverPubKey), // user agent
       lengthPrefix(senderPubKey)    // application server
@@ -248,12 +235,8 @@ function deriveKeyAndNonce(header, mode) {
 /* Parse command-line arguments. */
 function parseParams(params) {
   var header = {};
-  if (params.version) {
-    header.version = params.version;
-  } else {
-    header.version = (params.padSize === 1) ? 'aesgcm128' : 'aesgcm';
-  }
 
+  header.version = params.version || 'aes128gcm';
   header.rs = parseInt(params.rs, 10);
   if (isNaN(header.rs)) {
     header.rs = 4096;
@@ -281,7 +264,7 @@ function parseParams(params) {
       header.keymap = params.keymap || saved.keymap;
     }
     if (header.version !== 'aes128gcm') {
-      header.keylabels = params.keylabels || saved.keylabels;
+      header.keylabel = params.keylabel || 'P-256';
     }
     if (params.dh) {
       header.dh = decode(params.dh);
@@ -362,28 +345,21 @@ function decryptRecord(key, counter, buffer, header, last) {
   return unpad(data, last);
 }
 
-// TODO: this really should use the node streams stuff
-
 /**
  * Decrypt some bytes.  This uses the parameters to determine the key and block
  * size, which are described in the draft.  Binary values are base64url encoded.
  *
  * |params.version| contains the version of encoding to use: aes128gcm is the latest,
  * but aesgcm and aesgcm128 are also accepted (though the latter two might
- * disappear in a future release).  If omitted, assume aesgcm, unless
- * |params.padSize| is set to 1, which means aesgcm128.
+ * disappear in a future release).  If omitted, assume aes128gcm.
  *
  * If |params.key| is specified, that value is used as the key.
  *
- * If |params.keyid| is specified without |params.dh|, the keyid value is used
- * to lookup the |params.keymap| for a buffer containing the key.
+ * If the version is aes128gcm, the keyid is extracted from the header and used
+ * as the ECDH public key of the sender.  For version aesgcm and aesgcm128,
+ * |params.dh| needs to be provided with the public key of the sender.
  *
- * For version aesgcm and aesgcm128, |params.dh| includes the public key of the sender.  The ECDH key
- * pair used to decrypt is looked up using |params.keymap[params.keyid]|.
- *
- * Version aes128gcm is stricter.  The |params.privateKey| includes the private
- * key of the receiver.  The keyid is extracted from the header and used as the
- * ECDH public key of the sender.
+ * The |params.privateKey| includes the private key of the receiver.
  */
 function decrypt(buffer, params) {
   var header = parseParams(params);
@@ -470,21 +446,13 @@ function writeHeader(header) {
  *
  * |params.version| contains the version of encoding to use: aes128gcm is the latest,
  * but aesgcm and aesgcm128 are also accepted (though the latter two might
- * disappear in a future release).  If omitted, assume aesgcm, unless
- * |params.padSize| is set to 1, which means aesgcm128.
+ * disappear in a future release).  If omitted, assume aes128gcm.
  *
  * If |params.key| is specified, that value is used as the key.
  *
- * If |params.keyid| is specified without |params.dh|, the keyid value is used
- * to lookup the |params.keymap| for a buffer containing the key.  This feature
- * is deprecated in favour of just including |params.key| or |params.privateKey|.
- *
  * For Diffie-Hellman (WebPush), |params.dh| includes the public key of the
- * receiver.  |params.privateKey| is used to establish a shared secret.  For
- * versions aesgcm and aesgcm128, if a private key is not provided, the ECDH key
- * pair used to encrypt is looked up using |params.keymap[params.keyid]|, and
- * |params.keymap| defaults to the values saved with saveKey().  Key pairs can
- * be created using |crypto.createECDH()|.
+ * receiver.  |params.privateKey| is used to establish a shared secret.  Key
+ * pairs can be created using |crypto.createECDH()|.
  */
 function encrypt(buffer, params) {
   if (!Buffer.isBuffer(buffer)) {
@@ -497,7 +465,7 @@ function encrypt(buffer, params) {
 
   var result;
   if (header.version === 'aes128gcm') {
-    // Save the DH public key in the header.
+    // Save the DH public key in the header unless keyid is set.
     if (header.privateKey && !header.keyid) {
       header.keyid = header.privateKey.getPublicKey();
     }
@@ -548,18 +516,7 @@ function encrypt(buffer, params) {
   return result;
 }
 
-/**
- * Deprecated.  Use the keymap and keylabels arguments to encrypt()/decrypt().
- */
-function saveKey(id, key, dhLabel) {
-  saved.keymap[id] = key;
-  if (dhLabel) {
-    saved.keylabels[id] = dhLabel;
-  }
-}
-
 module.exports = {
   decrypt: decrypt,
-  encrypt: encrypt,
-  saveKey: saveKey
+  encrypt: encrypt
 };

nodejs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "http_ece",
-  "version": "0.7.2",
+  "version": "1.0.0",
   "description": "Encrypted Content-Encoding for HTTP",
   "homepage": "https://github.com/martinthomson/encrypted-content-encoding",
   "bugs": "https://github.com/martinthomson/encrypted-content-encoding/issues",

nodejs/test.js

@@ -67,7 +67,21 @@ function logbuf(msg, buf) {
 
 function reallySaveDump(data){
   if (dumpFile && data.version) {
-    dumpData.push(data);
+    function dumpFix(d) {
+      var r = {};
+      Object.keys(d).forEach(function(k) {
+        if (Buffer.isBuffer(d[k])) {
+          r[k] = base64.encode(d[k]);
+        } else if (d[k] instanceof Object) {
+          r[k] = dumpFix(d[k]);
+        } else {
+          r[k] = d[k];
+        }
+      });
+      return r;
+    }
+
+    dumpData.push(dumpFix(data));
   }
 }
 var saveDump = reallySaveDump;
@@ -128,7 +142,7 @@ function encryptDecrypt(input, encryptParams, decryptParams, keys) {
   assert.equal(encryptParams.authSecret, decryptParams.authSecret);
 
   // Always fill in the salt so we can log it.
-  decryptParams.salt = base64.encode(crypto.randomBytes(16));
+  decryptParams.salt = crypto.randomBytes(16);
   encryptParams.salt = decryptParams.salt;
   logbuf('Salt', encryptParams.salt);
 
@@ -140,11 +154,11 @@ function encryptDecrypt(input, encryptParams, decryptParams, keys) {
 
   saveDump({
     version: encryptParams.version,
-    input: base64.encode(input),
-    encrypted: base64.encode(encrypted),
+    input: input,
+    encrypted: encrypted,
     params: {
       encrypt: encryptParams,
-      decrypt: decryptParams,
+      decrypt: decryptParams
     },
     keys: keys
   });
@@ -154,7 +168,7 @@ function useExplicitKey(version) {
   var input = generateInput();
   var params = {
     version: version,
-    key: base64.encode(crypto.randomBytes(16))
+    key: crypto.randomBytes(16)
   };
   logbuf('Key', params.key);
   encryptDecrypt(input, params, params);
@@ -164,8 +178,8 @@ function authenticationSecret(version) {
   var input = generateInput();
   var params = {
     version: version,
-    key: base64.encode(crypto.randomBytes(16)),
-    authSecret: base64.encode(crypto.randomBytes(16))
+    key: crypto.randomBytes(16),
+    authSecret: crypto.randomBytes(16)
   };
   logbuf('Key', params.key);
   logbuf('Context', params.authSecret);
@@ -176,7 +190,7 @@ function exactlyOneRecord(version) {
   var input = generateInput(1);
   var params = {
     version: version,
-    key: base64.encode(crypto.randomBytes(16)),
+    key: crypto.randomBytes(16),
     rs: input.length + rsoverhead(version)
   };
   encryptDecrypt(input, params, params);
@@ -188,7 +202,7 @@ function padTinyRecord(version) {
   var input = generateInput(1);
   var params = {
     version: version,
-    key: base64.encode(crypto.randomBytes(16)),
+    key: crypto.randomBytes(16),
     rs: rsoverhead(version) + 1,
     pad: 2
   };
@@ -207,7 +221,7 @@ function tooMuchPadding(version) {
   var input = generateInput(1);
   var params = {
     version: version,
-    key: base64.encode(crypto.randomBytes(16)),
+    key: crypto.randomBytes(16),
     rs: rs,
     pad: rs
   };
@@ -231,7 +245,7 @@ function detectTruncation(version) {
   var input = generateInput(2);
   var params = {
     version: version,
-    key: base64.encode(crypto.randomBytes(16)),
+    key: crypto.randomBytes(16),
     rs: input.length + rsoverhead(version) - 1
   };
   var headerLen = (version === 'aes128gcm') ? 21 : 0;
@@ -255,20 +269,6 @@ function detectTruncation(version) {
   }
 }
 
-function useKeyId(version) {
-  var input = generateInput();
-  var keyid = base64.encode(crypto.randomBytes(16));
-  var key = crypto.randomBytes(16);
-  var keymap = {};
-  keymap[keyid] = key;
-  var params = {
-    keyid: keyid,
-    keymap: keymap
-  };
-
-  encryptDecrypt(input, params, params);
-}
-
 function useDH(version) {
   // the static key is used by the receiver
   var staticKey = crypto.createECDH('prime256v1');
@@ -289,25 +289,20 @@ function useDH(version) {
   var input = generateInput();
   var encryptParams = {
     version: version,
-    authSecret: base64.encode(crypto.randomBytes(16)),
-    dh: base64.encode(staticKey.getPublicKey())
+    authSecret: crypto.randomBytes(16),
+    dh: staticKey.getPublicKey()
   };
   var decryptParams = {
     version: version,
     authSecret: encryptParams.authSecret
   };
-  if (version === 'aes128gcm') {
-    encryptParams.privateKey = ephemeralKey;
-    decryptParams.privateKey = staticKey;
-  } else {
-    encryptParams.keyid = 'k';
-    encryptParams.keymap = { k: ephemeralKey };
-    encryptParams.keylabels = { k: 'P-256' };
-
-    decryptParams.dh = base64.encode(ephemeralKey.getPublicKey());
-    decryptParams.keyid = 'k';
-    decryptParams.keymap = { k: staticKey };
-    decryptParams.keylabels = encryptParams.keylabels;
+  encryptParams.privateKey = ephemeralKey;
+  decryptParams.privateKey = staticKey;
+  if (version !== 'aes128gcm') {
+    encryptParams.keylabel = 'P-256';
+
+    decryptParams.dh = ephemeralKey.getPublicKey();
+    decryptParams.keylabel = 'P-256';
   }
 
 
@@ -379,7 +374,6 @@ filterTests([ 'aesgcm128', 'aesgcm', 'aes128gcm' ])
                   exactlyOneRecord,
                   padTinyRecord,
                   detectTruncation,
-                  useKeyId,
                   useDH,
                   checkExamples,
                 ])