sjcl 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -0
- data/lib/sjcl.rb +1 -1
- data/lib/sjcl/bit_array.rb +5 -6
- data/lib/sjcl/ccm.rb +7 -4
- data/lib/sjcl/version.rb +1 -1
- data/spec/integration_spec.rb +15 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 968c459e932db96eda2d7eb914fda7a0c21fba74
|
4
|
+
data.tar.gz: 559eb8fee1ca448515d7c88534e9e4bb6ff8857f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6718ccd8639b75d9d58cc76b8cfcc21add1f0750e7ed6396818e687bd323df9d90478493eea2031ce42207794cbc7fe6422add256a73ad895826663701bc6b99
|
7
|
+
data.tar.gz: feedec8ea9568bff8bb32f30802db9e685a3cb3ab97a139f67a487866a637b8d6cc30b3ebc09fbe7ace8e1a3a352b2d4a673c105ddb395177e484bd2838f6d19
|
data/README.md
CHANGED
@@ -32,6 +32,11 @@ gem install sjcl
|
|
32
32
|
|
33
33
|
### Changelog
|
34
34
|
|
35
|
+
- 1.0.1
|
36
|
+
- Match comparison fucntion from SJCL js
|
37
|
+
- Include SJCL version in JSON
|
38
|
+
- Better errors thrown
|
39
|
+
- Update docs
|
35
40
|
- 1.0.0
|
36
41
|
- Update to use OpenSSL PBKDF2 function for increased speed
|
37
42
|
- Increase default iterations to 100,000
|
data/lib/sjcl.rb
CHANGED
data/lib/sjcl/bit_array.rb
CHANGED
@@ -141,16 +141,15 @@ module SJCL::BitArray
|
|
141
141
|
end
|
142
142
|
|
143
143
|
# Compare two SJCL type BitArrays
|
144
|
-
#
|
144
|
+
# in a predictable amount of time
|
145
145
|
def self.compare(arr1, arr2)
|
146
|
+
x = 0
|
146
147
|
return false if arr1.length != arr2.length
|
147
148
|
arr1 = convertToSigned32(arr1)
|
148
149
|
arr2 = convertToSigned32(arr2)
|
149
|
-
(arr1.length
|
150
|
-
|
150
|
+
(arr1.length).times do |i|
|
151
|
+
x = arr1[i] ^ arr2[i]
|
151
152
|
end
|
152
|
-
|
153
|
-
return false if arr2[arr2.length - 1] != arr1[arr1.length - 1]
|
154
|
-
return true
|
153
|
+
return (x == 0)
|
155
154
|
end
|
156
155
|
end
|
data/lib/sjcl/ccm.rb
CHANGED
@@ -1,5 +1,8 @@
|
|
1
1
|
module SJCL::Mode
|
2
2
|
module CCM
|
3
|
+
class TagAuthError < ::StandardError; end
|
4
|
+
class Error < ::StandardError; end
|
5
|
+
|
3
6
|
NAME = "ccm"
|
4
7
|
|
5
8
|
def self.encrypt(prf, plaintext, iv, adata=[], tlen=64)
|
@@ -7,7 +10,7 @@ module SJCL::Mode
|
|
7
10
|
out = plaintext.dup
|
8
11
|
ivl = SJCL::BitArray.bitLength(iv) / 8
|
9
12
|
ol = SJCL::BitArray.bitLength(out) / 8
|
10
|
-
raise "ccm: IV must be at least 7 bytes" if ivl < 7
|
13
|
+
raise Error, "ccm: IV must be at least 7 bytes" if ivl < 7
|
11
14
|
while ccml < 4 && ((ol & 0xFFFFFFFF) >> 8*ccml > 0)
|
12
15
|
ccml += 1
|
13
16
|
end
|
@@ -28,7 +31,7 @@ module SJCL::Mode
|
|
28
31
|
tag = SJCL::BitArray.bitSlice(ciphertext, ol - tlen)
|
29
32
|
|
30
33
|
ol = (ol - tlen) / 8;
|
31
|
-
raise "ccm: iv must be at least 7 bytes" if (ivl < 7)
|
34
|
+
raise Error, "ccm: iv must be at least 7 bytes" if (ivl < 7)
|
32
35
|
|
33
36
|
# compute the length of the length
|
34
37
|
while ccml < 4 && ((ol & 0xFFFFFFFF) >> 8*ccml > 0)
|
@@ -46,7 +49,7 @@ module SJCL::Mode
|
|
46
49
|
# check the tag
|
47
50
|
tag2 = computeTag(prf, out[:data], iv, adata, tlen, ccml)
|
48
51
|
if (!SJCL::BitArray.compare(out[:tag], tag2))
|
49
|
-
raise "ccm: tag doesn't match"
|
52
|
+
raise TagAuthError, "ccm: tag doesn't match"
|
50
53
|
end
|
51
54
|
return out[:data]
|
52
55
|
end
|
@@ -54,7 +57,7 @@ module SJCL::Mode
|
|
54
57
|
def self.computeTag(prf, plaintext, iv, adata, tlen, l)
|
55
58
|
tlen /= 8
|
56
59
|
if (tlen % 2 != 0 || tlen < 4 || tlen > 16)
|
57
|
-
raise "ccm: invalid tag length"
|
60
|
+
raise Error, "ccm: invalid tag length"
|
58
61
|
end
|
59
62
|
|
60
63
|
# mac the flags
|
data/lib/sjcl/version.rb
CHANGED
data/spec/integration_spec.rb
CHANGED
@@ -28,4 +28,19 @@ describe "the SJCL aes crypto" do
|
|
28
28
|
puts "sjcl.decrypt('s33krit','#{result}')"
|
29
29
|
# Checking this by hand for now :(
|
30
30
|
end
|
31
|
+
|
32
|
+
it "should fail to decrypt tampered with adata tag" do
|
33
|
+
json = '{"iv":"+Y+RZjk81MN9wkLVRgfLkA==","v":1,"iter":10000,"ks":256,"ts":64,"mode":"ccm","adata":"Tampered","cipher":"aes","salt":"4TD5tILYe6U=","ct":"NUeGvbXWVEmssnSGORpVSl1OefdLHjU2yPZnxVsPifyD1TJ3+w=="}'
|
34
|
+
expect {
|
35
|
+
SJCL.decrypt('s33krit', json)
|
36
|
+
}.to raise_error SJCL::Mode::CCM::TagAuthError
|
37
|
+
end
|
38
|
+
|
39
|
+
it "should fail to decrypt tampered with crypts" do
|
40
|
+
json = '{"iv":"+Y+RZjk81MN9wkLVRgfLkA==","v":1,"iter":10000,"ks":256,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"4TD5tILYe6U=","ct":"NUeGvbXWVEmssnSGORpVSl1OefdLHjU2yPZnxVsPifyD1tJ3+w=="}'
|
41
|
+
expect {
|
42
|
+
SJCL.decrypt('s33krit', json)
|
43
|
+
}.to raise_error SJCL::Mode::CCM::TagAuthError
|
44
|
+
end
|
45
|
+
|
31
46
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sjcl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mark Percival
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-01-
|
11
|
+
date: 2015-01-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|