Fix bugs in python and javascript both

martinthomson · martinthomson · commit 6a409da4625c · 2016-12-23T12:12:55.000+11:00
diff --git a/nodejs/ece.js b/nodejs/ece.js
@@ -125,7 +125,7 @@ function extractDH(header, mode) {
   return {
     secret: key.computeSecret(header.dh),
     context: Buffer.concat([
-      decode(header.keylabels[header.keyid]),
+      Buffer.from(header.keylabels[header.keyid], 'ascii'),
       Buffer.from([0]),
       lengthPrefix(receiverPubKey), // user agent
       lengthPrefix(senderPubKey)    // application server
diff --git a/nodejs/test.js b/nodejs/test.js
@@ -79,13 +79,17 @@ function validate() {
 }
 
 function generateInput(len) {
-  if (typeof len === 'undefined') {
-    len = 0;
-  }
-  var input = plaintext ||
-      crypto.randomBytes(Math.max(minLen, Math.min(len, maxLen)));
-  if (input.length < minLen) {
-    throw new Error('Plaintext is too short');
+  var input;
+  if (plaintext) {
+    if (plaintext.length < minLen) {
+      throw new Error('Plaintext is too short');
+    }
+    input = plaintext;
+  } else {
+    if (typeof len === 'undefined') {
+      len = Math.floor((Math.random() * (maxLen - minLen) + minLen));
+    }
+    input = crypto.randomBytes(Math.max(minLen, Math.min(len, maxLen)));
   }
   logbuf('Input', input);
   return input;
@@ -197,11 +201,7 @@ function useKeyId(version) {
     keymap: keymap
   };
 
-  var keyData = {
-    keyid: keyid,
-    key: base64.encode(keyid)
-  }
-  encryptDecrypt(input, params, params, keyData);
+  encryptDecrypt(input, params, params);
 }
 
 function useDH(version) {
diff --git a/python/http_ece/__init__.py b/python/http_ece/__init__.py
@@ -115,6 +115,9 @@ def length_prefix(key):
     elif version == "aes128gcm":
         keyinfo = b"Content-Encoding: aes128gcm\x00"
         nonceinfo = b"Content-Encoding: nonce\x00"
+        if dh is None:
+            # Only mix the authentication secret when using DH for aes128gcm
+            auth_secret = None
 
     if auth_secret is not None:
         if version == "aes128gcm":
@@ -292,7 +295,7 @@ def encrypt_record(key, nonce, counter, buf):
         data += encryptor.tag
         return data
 
-    def compose_aes128gcm(salt, content, rs=4096, key_id=""):
+    def compose_aes128gcm(salt, content, rs, keyid):
         """Compose the header and content of an aes128gcm encrypted
         message body
 
@@ -302,25 +305,22 @@ def compose_aes128gcm(salt, content, rs=4096, key_id=""):
         :type content: str
         :param rs: Override for the content length
         :type rs: int
-        :param key_id: The optional key_id to use for this message
-        :type key_id: str
+        :param keyid: The keyid to use for this message
+        :type keyid: str
 
         """
         if len(salt) != 16:
             raise ECEException("Invalid salt")
-        if key_id is None:
-            key_id = ''
-        if len(key_id) > 255:
-            raise ECEException("key_id is too long")
+        if len(keyid) > 255:
+            raise ECEException("keyid is too long")
         header = salt
-        rs = rs or len(content)
         if rs < MIN_BUFFER_SIZE:
             raise ECEException("Too little content")
         if rs > MAX_BUFFER_SIZE:
             raise ECEException("Too much content")
         header += struct.pack("!L", rs)
-        header += struct.pack("!B", len(key_id))
-        header += key_id.encode('utf-8')
+        header += struct.pack("!B", len(keyid))
+        header += keyid
         return header + content
 
     if version not in versions:
@@ -343,16 +343,21 @@ def compose_aes128gcm(salt, content, rs=4096, key_id=""):
                                 keyid=keyid, keymap=keymap, keylabels=keylabels)
     if rs <= pad_size:
         raise ECEException(u"Record size too small")
-    rs -= pad_size  # account for padding
+    chunk_size = rs - pad_size
 
     result = b""
     counter = 0
 
-    # the extra pad_size on the loop ensures that we produce a padding only
-    # record if the data length is an exact multiple of rs-pad_size
-    for i in list(range(0, len(content) + pad_size, rs)):
-        result += encrypt_record(key_, nonce_, counter, content[i:i + rs])
+    # the extra one on the loop ensures that we produce a padding only
+    # record if the data length is an exact multiple of the chunk size
+    for i in list(range(0, len(content) + 1, chunk_size)):
+        result += encrypt_record(key_, nonce_, counter,
+                                 content[i:i + chunk_size])
         counter += 1
     if version == "aes128gcm":
-        return compose_aes128gcm(salt, result, rs, key_id=keyid)
+        if keyid == '' and keyid in keymap:
+            kid = keymap[keyid].get_pubkey()
+        else:
+            kid = (keyid or '').encode('utf-8')
+        return compose_aes128gcm(salt, result, rs, keyid=kid)
     return result
diff --git a/python/http_ece/tests/test_ece.py b/python/http_ece/tests/test_ece.py
@@ -380,36 +380,59 @@ def setUp(self):
         self.legacy_data = json.loads(f.read())
         f.close()
 
-    def test_decrypt(self):
+    def _run(self, mode):
+        if mode == 'encrypt':
+            func = ece.encrypt
+            local = 'sender'
+            remote = 'receiver'
+            inp = 'input'
+            outp = 'encrypted'
+        else:
+            func = ece.decrypt
+            local = 'receiver'
+            remote = 'sender'
+            inp = 'encrypted'
+            outp = 'input'
+
         for data in self.legacy_data:
-            print(data)
+            print(mode)
+            print(repr(data))
+            p = data['params'][mode]
+            keyid=p.get('keyid', '')
             if 'keys' in data:
-                dh = b64d(data['keys']['sender']['public'])
+                dh = b64d(data['keys'][remote]['public'])
                 key = None
                 keymap = {
-                    'static': pyelliptic.ECC(
-                        pubkey=b64d(data['keys']['receiver']['public']),
-                        privkey=b64d(data['keys']['receiver']['private']),
+                    keyid: pyelliptic.ECC(
+                        curve='prime256v1',
+                        pubkey=b64d(data['keys'][local]['public']),
+                        privkey=b64d(data['keys'][local]['private']),
                     )
                 }
             else:
                 dh = None
-                key = b64d(data['params']['decrypt']['key'])
+                key = b64d(p['key'])
                 keymap = {}
 
-            if 'authSecret' in data['params']['decrypt']:
-                auth_secret = b64d(data['params']['decrypt']['authSecret'])
+            if 'authSecret' in p:
+                auth_secret = b64d(p['authSecret'])
             else:
                 auth_secret = None
-            decrypted = ece.decrypt(
-                b64d(data['encrypted']),
-                salt=b64d(data['params']['decrypt']['salt']),
+            result = func(
+                b64d(data[inp]),
+                salt=b64d(p['salt']),
                 key=key,
                 dh=dh,
                 auth_secret=auth_secret,
-                keyid='static',
+                keyid=keyid,
                 keymap=keymap,
-                rs=data['params']['decrypt']['rs'],
-                version=data['version'],
+                rs=p.get('rs', 4096),
+                version=p['version'],
             )
-            eq_(b64d(data['input']), decrypted)
+            eq_(b64d(data[outp]), result)
+
+    def test_decrypt(self):
+        self._run('decrypt')
+
+    def test_encrypt(self):
+        self._run('encrypt')
