sjcl 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9bc27222ca1e75a41a1db9f11f8cb007b6a79874
4
- data.tar.gz: 999c3ec4e08aef5f06daa2d60f6756f93f94331a
3
+ metadata.gz: 968c459e932db96eda2d7eb914fda7a0c21fba74
4
+ data.tar.gz: 559eb8fee1ca448515d7c88534e9e4bb6ff8857f
5
5
  SHA512:
6
- metadata.gz: 716feceacd1b35b785cb122cf53aeb2735292b9e0765da504779fa5ff49fd13c3b4411ad9bb8215d753fcb8b0f3ff5c44270d4510cdd7157c5e350304f097e53
7
- data.tar.gz: 1c8821376b8969072246b53058dc163b5250de237ed80aca1954d33f88f8f332993f9c478439d4b774ce7ad5c6a597084c5d743328a2f88daea865518e2f17c0
6
+ metadata.gz: 6718ccd8639b75d9d58cc76b8cfcc21add1f0750e7ed6396818e687bd323df9d90478493eea2031ce42207794cbc7fe6422add256a73ad895826663701bc6b99
7
+ data.tar.gz: feedec8ea9568bff8bb32f30802db9e685a3cb3ab97a139f67a487866a637b8d6cc30b3ebc09fbe7ace8e1a3a352b2d4a673c105ddb395177e484bd2838f6d19
data/README.md CHANGED
@@ -32,6 +32,11 @@ gem install sjcl
32
32
 
33
33
  ### Changelog
34
34
 
35
+ - 1.0.1
36
+ - Match comparison fucntion from SJCL js
37
+ - Include SJCL version in JSON
38
+ - Better errors thrown
39
+ - Update docs
35
40
  - 1.0.0
36
41
  - Update to use OpenSSL PBKDF2 function for increased speed
37
42
  - Increase default iterations to 100,000
@@ -12,7 +12,7 @@ require 'base64'
12
12
  module SJCL
13
13
 
14
14
  DEFAULT = {
15
- iter:100_000, ks:256, ts:64,
15
+ v:1, iter:100_000, ks:256, ts:64,
16
16
  mode:"ccm", adata:"", cipher:"aes"
17
17
  }
18
18
 
@@ -141,16 +141,15 @@ module SJCL::BitArray
141
141
  end
142
142
 
143
143
  # Compare two SJCL type BitArrays
144
- # caveat: ignore out of band data
144
+ # in a predictable amount of time
145
145
  def self.compare(arr1, arr2)
146
+ x = 0
146
147
  return false if arr1.length != arr2.length
147
148
  arr1 = convertToSigned32(arr1)
148
149
  arr2 = convertToSigned32(arr2)
149
- (arr1.length- 1).times do |i|
150
- return false if arr1[i] != arr2[i]
150
+ (arr1.length).times do |i|
151
+ x = arr1[i] ^ arr2[i]
151
152
  end
152
- # The last word is a funky use of a double
153
- return false if arr2[arr2.length - 1] != arr1[arr1.length - 1]
154
- return true
153
+ return (x == 0)
155
154
  end
156
155
  end
@@ -1,5 +1,8 @@
1
1
  module SJCL::Mode
2
2
  module CCM
3
+ class TagAuthError < ::StandardError; end
4
+ class Error < ::StandardError; end
5
+
3
6
  NAME = "ccm"
4
7
 
5
8
  def self.encrypt(prf, plaintext, iv, adata=[], tlen=64)
@@ -7,7 +10,7 @@ module SJCL::Mode
7
10
  out = plaintext.dup
8
11
  ivl = SJCL::BitArray.bitLength(iv) / 8
9
12
  ol = SJCL::BitArray.bitLength(out) / 8
10
- raise "ccm: IV must be at least 7 bytes" if ivl < 7
13
+ raise Error, "ccm: IV must be at least 7 bytes" if ivl < 7
11
14
  while ccml < 4 && ((ol & 0xFFFFFFFF) >> 8*ccml > 0)
12
15
  ccml += 1
13
16
  end
@@ -28,7 +31,7 @@ module SJCL::Mode
28
31
  tag = SJCL::BitArray.bitSlice(ciphertext, ol - tlen)
29
32
 
30
33
  ol = (ol - tlen) / 8;
31
- raise "ccm: iv must be at least 7 bytes" if (ivl < 7)
34
+ raise Error, "ccm: iv must be at least 7 bytes" if (ivl < 7)
32
35
 
33
36
  # compute the length of the length
34
37
  while ccml < 4 && ((ol & 0xFFFFFFFF) >> 8*ccml > 0)
@@ -46,7 +49,7 @@ module SJCL::Mode
46
49
  # check the tag
47
50
  tag2 = computeTag(prf, out[:data], iv, adata, tlen, ccml)
48
51
  if (!SJCL::BitArray.compare(out[:tag], tag2))
49
- raise "ccm: tag doesn't match"
52
+ raise TagAuthError, "ccm: tag doesn't match"
50
53
  end
51
54
  return out[:data]
52
55
  end
@@ -54,7 +57,7 @@ module SJCL::Mode
54
57
  def self.computeTag(prf, plaintext, iv, adata, tlen, l)
55
58
  tlen /= 8
56
59
  if (tlen % 2 != 0 || tlen < 4 || tlen > 16)
57
- raise "ccm: invalid tag length"
60
+ raise Error, "ccm: invalid tag length"
58
61
  end
59
62
 
60
63
  # mac the flags
@@ -1,3 +1,3 @@
1
1
  module SJCL
2
- VERSION = "1.0.0"
2
+ VERSION = "1.0.1"
3
3
  end
@@ -28,4 +28,19 @@ describe "the SJCL aes crypto" do
28
28
  puts "sjcl.decrypt('s33krit','#{result}')"
29
29
  # Checking this by hand for now :(
30
30
  end
31
+
32
+ it "should fail to decrypt tampered with adata tag" do
33
+ json = '{"iv":"+Y+RZjk81MN9wkLVRgfLkA==","v":1,"iter":10000,"ks":256,"ts":64,"mode":"ccm","adata":"Tampered","cipher":"aes","salt":"4TD5tILYe6U=","ct":"NUeGvbXWVEmssnSGORpVSl1OefdLHjU2yPZnxVsPifyD1TJ3+w=="}'
34
+ expect {
35
+ SJCL.decrypt('s33krit', json)
36
+ }.to raise_error SJCL::Mode::CCM::TagAuthError
37
+ end
38
+
39
+ it "should fail to decrypt tampered with crypts" do
40
+ json = '{"iv":"+Y+RZjk81MN9wkLVRgfLkA==","v":1,"iter":10000,"ks":256,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"4TD5tILYe6U=","ct":"NUeGvbXWVEmssnSGORpVSl1OefdLHjU2yPZnxVsPifyD1tJ3+w=="}'
41
+ expect {
42
+ SJCL.decrypt('s33krit', json)
43
+ }.to raise_error SJCL::Mode::CCM::TagAuthError
44
+ end
45
+
31
46
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sjcl
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mark Percival
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-01-07 00:00:00.000000000 Z
11
+ date: 2015-01-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake