Update crypto.md to correct function description for `decipher.setAAD` #33095

jbuhacoff · 2020-04-27T15:31:33Z

According to the NodeJS CCM example, when decrypting the plaintextLength parameter actually refers to the ciphertext length, not the plaintext length:

decipher.setAAD(aad, {
  plaintextLength: ciphertext.length
});

The same can be seen in the OpenSSL docs where a call to EVP_DecryptUpdate passes the ciphertext length:

/* Provide the total ciphertext length */
    if(1 != EVP_DecryptUpdate(ctx, NULL, &len, NULL, ciphertext_len))
        handleErrors();

This parameter probably should have been called inputLength or bufferLength instead of plaintextLength, so that it makes sense both when encrypting and decrypting, but at least we can correct the sentence in the documentation for now to refer to the correct value.

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

According to the [NodeJS CCM example](https://nodejs.org/docs/latest-v14.x/api/crypto.html#crypto_ccm_mode], when decrypting the `plaintextLength` parameter actually refers to the ciphertext length, not the plaintext length: ``` decipher.setAAD(aad, { plaintextLength: ciphertext.length }); ``` The same can be seen in the [OpenSSL docs](https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption) where a call to `EVP_DecryptUpdate` passes the ciphertext length: ``` /* Provide the total ciphertext length */ if(1 != EVP_DecryptUpdate(ctx, NULL, &len, NULL, ciphertext_len)) handleErrors(); ``` This parameter probably should have been called `inputLength` or `bufferLength` instead of `plaintextLength`, so that it makes sense both when encrypting and decrypting, but at least we can correct the sentence in the documentation for now to refer to the correct value.

addaleax · 2020-04-27T17:08:01Z

@nodejs/crypto

tniessen · 2020-04-27T18:45:33Z

I am not sure if the PR in its current state is an improvement.

when decrypting the plaintextLength parameter actually refers to the ciphertext length, not the plaintext length

The plaintextLength option only applies to CCM ciphers. The ciphertext length produced by CCM ciphers is always equal to the plaintext length. So there is really no difference between "plaintext length" and "ciphertext length" (except for the caveat below).

This parameter probably should have been called inputLength or bufferLength instead of plaintextLength

When I implemented this, I called the option plaintextLength to avoid confusion as to whether it includes the length of the authentication tag. Many crypto libraries include the authentication tag in the ciphertext, which means that they produce ciphertexts of the length plaintextLength + authTagLength. Node.js does not include the authentication tag, so the ciphertext length is always plaintextLength.

I think a better approach would be to explain that the ciphertext length is equal to the plaintext length.

jbuhacoff · 2020-04-27T19:26:45Z

That's a great explanation, it would be helpful to add it to the documentation. Since there is already a link to the CCM Mode section, how about adding it there?

Add explanation in [CCM mode](https://nodejs.org/docs/latest-v14.x/api/crypto.html#crypto_ccm_mode], that ciphertext length is equal to plaintext length in Node.js crypto output because the authentication tag is returned separately: ``` decipher.setAAD(aad, { plaintextLength: ciphertext.length }); ``` The same can be seen in the [OpenSSL docs](https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption) where a call to `EVP_DecryptUpdate` passes the ciphertext length: ``` /* Provide the total ciphertext length */ if(1 != EVP_DecryptUpdate(ctx, NULL, &len, NULL, ciphertext_len)) handleErrors(); ```

addaleax · 2020-05-07T23:34:44Z

@tniessen Do you want to take another look here?

tniessen

The entire paragraph is a verbatim quote from me, so I guess I'll have to approve it :)

addaleax · 2020-05-19T17:28:52Z

Landed in d093e78 🎉 Thanks for the PR again!

According to the [NodeJS CCM example](https://nodejs.org/docs/latest-v14.x/api/crypto.html#crypto_ccm_mode], when decrypting the `plaintextLength` parameter actually refers to the ciphertext length, not the plaintext length: ``` decipher.setAAD(aad, { plaintextLength: ciphertext.length }); ``` The same can be seen in the [OpenSSL docs](https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption) where a call to `EVP_DecryptUpdate` passes the ciphertext length: ``` /* Provide the total ciphertext length */ if(1 != EVP_DecryptUpdate(ctx, NULL, &len, NULL, ciphertext_len)) handleErrors(); ``` This parameter probably should have been called `inputLength` or `bufferLength` instead of `plaintextLength`, so that it makes sense both when encrypting and decrypting, but at least we can correct the sentence in the documentation for now to refer to the correct value. PR-URL: #33095 Reviewed-By: Ujjwal Sharma <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>

According to the [NodeJS CCM example](https://nodejs.org/docs/latest-v14.x/api/crypto.html#crypto_ccm_mode], when decrypting the `plaintextLength` parameter actually refers to the ciphertext length, not the plaintext length: ``` decipher.setAAD(aad, { plaintextLength: ciphertext.length }); ``` The same can be seen in the [OpenSSL docs](https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption) where a call to `EVP_DecryptUpdate` passes the ciphertext length: ``` /* Provide the total ciphertext length */ if(1 != EVP_DecryptUpdate(ctx, NULL, &len, NULL, ciphertext_len)) handleErrors(); ``` This parameter probably should have been called `inputLength` or `bufferLength` instead of `plaintextLength`, so that it makes sense both when encrypting and decrypting, but at least we can correct the sentence in the documentation for now to refer to the correct value. PR-URL: nodejs#33095 Reviewed-By: Ujjwal Sharma <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>

nodejs-github-bot added crypto Issues and PRs related to the crypto subsystem. doc Issues and PRs related to the documentations. labels Apr 27, 2020

jbuhacoff added 2 commits April 27, 2020 12:32

Merge branch 'patch-1' of github.com:jbuhacoff/node into patch-1

7ca5d05

ryzokuken approved these changes Apr 28, 2020

View reviewed changes

tniessen approved these changes May 8, 2020

View reviewed changes

cjihrig approved these changes May 8, 2020

View reviewed changes

addaleax closed this May 19, 2020

codebytere mentioned this pull request Jun 9, 2020

v12.18.1 proposal #33811

Merged

jbuhacoff deleted the patch-1 branch June 26, 2020 22:03

codebytere mentioned this pull request Jun 28, 2020

v14.5.0 proposal #34093

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update crypto.md to correct function description for `decipher.setAAD` #33095

Update crypto.md to correct function description for `decipher.setAAD` #33095

jbuhacoff commented Apr 27, 2020 •

edited

Loading

addaleax commented Apr 27, 2020

tniessen commented Apr 27, 2020

jbuhacoff commented Apr 27, 2020

addaleax commented May 7, 2020

tniessen left a comment

addaleax commented May 19, 2020

Update crypto.md to correct function description for decipher.setAAD #33095

Update crypto.md to correct function description for decipher.setAAD #33095

Conversation

jbuhacoff commented Apr 27, 2020 • edited Loading

Checklist

addaleax commented Apr 27, 2020

tniessen commented Apr 27, 2020

jbuhacoff commented Apr 27, 2020

addaleax commented May 7, 2020

tniessen left a comment

Choose a reason for hiding this comment

addaleax commented May 19, 2020

Update crypto.md to correct function description for `decipher.setAAD` #33095

Update crypto.md to correct function description for `decipher.setAAD` #33095

jbuhacoff commented Apr 27, 2020 •

edited

Loading