sjcl 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -0
- data/lib/sjcl.rb +1 -1
- data/lib/sjcl/bit_array.rb +5 -6
- data/lib/sjcl/ccm.rb +7 -4
- data/lib/sjcl/version.rb +1 -1
- data/spec/integration_spec.rb +15 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 968c459e932db96eda2d7eb914fda7a0c21fba74
|
|
4
|
+
data.tar.gz: 559eb8fee1ca448515d7c88534e9e4bb6ff8857f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6718ccd8639b75d9d58cc76b8cfcc21add1f0750e7ed6396818e687bd323df9d90478493eea2031ce42207794cbc7fe6422add256a73ad895826663701bc6b99
|
|
7
|
+
data.tar.gz: feedec8ea9568bff8bb32f30802db9e685a3cb3ab97a139f67a487866a637b8d6cc30b3ebc09fbe7ace8e1a3a352b2d4a673c105ddb395177e484bd2838f6d19
|
data/README.md
CHANGED
|
@@ -32,6 +32,11 @@ gem install sjcl
|
|
|
32
32
|
|
|
33
33
|
### Changelog
|
|
34
34
|
|
|
35
|
+
- 1.0.1
|
|
36
|
+
- Match comparison fucntion from SJCL js
|
|
37
|
+
- Include SJCL version in JSON
|
|
38
|
+
- Better errors thrown
|
|
39
|
+
- Update docs
|
|
35
40
|
- 1.0.0
|
|
36
41
|
- Update to use OpenSSL PBKDF2 function for increased speed
|
|
37
42
|
- Increase default iterations to 100,000
|
data/lib/sjcl.rb
CHANGED
data/lib/sjcl/bit_array.rb
CHANGED
|
@@ -141,16 +141,15 @@ module SJCL::BitArray
|
|
|
141
141
|
end
|
|
142
142
|
|
|
143
143
|
# Compare two SJCL type BitArrays
|
|
144
|
-
#
|
|
144
|
+
# in a predictable amount of time
|
|
145
145
|
def self.compare(arr1, arr2)
|
|
146
|
+
x = 0
|
|
146
147
|
return false if arr1.length != arr2.length
|
|
147
148
|
arr1 = convertToSigned32(arr1)
|
|
148
149
|
arr2 = convertToSigned32(arr2)
|
|
149
|
-
(arr1.length
|
|
150
|
-
|
|
150
|
+
(arr1.length).times do |i|
|
|
151
|
+
x = arr1[i] ^ arr2[i]
|
|
151
152
|
end
|
|
152
|
-
|
|
153
|
-
return false if arr2[arr2.length - 1] != arr1[arr1.length - 1]
|
|
154
|
-
return true
|
|
153
|
+
return (x == 0)
|
|
155
154
|
end
|
|
156
155
|
end
|
data/lib/sjcl/ccm.rb
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
module SJCL::Mode
|
|
2
2
|
module CCM
|
|
3
|
+
class TagAuthError < ::StandardError; end
|
|
4
|
+
class Error < ::StandardError; end
|
|
5
|
+
|
|
3
6
|
NAME = "ccm"
|
|
4
7
|
|
|
5
8
|
def self.encrypt(prf, plaintext, iv, adata=[], tlen=64)
|
|
@@ -7,7 +10,7 @@ module SJCL::Mode
|
|
|
7
10
|
out = plaintext.dup
|
|
8
11
|
ivl = SJCL::BitArray.bitLength(iv) / 8
|
|
9
12
|
ol = SJCL::BitArray.bitLength(out) / 8
|
|
10
|
-
raise "ccm: IV must be at least 7 bytes" if ivl < 7
|
|
13
|
+
raise Error, "ccm: IV must be at least 7 bytes" if ivl < 7
|
|
11
14
|
while ccml < 4 && ((ol & 0xFFFFFFFF) >> 8*ccml > 0)
|
|
12
15
|
ccml += 1
|
|
13
16
|
end
|
|
@@ -28,7 +31,7 @@ module SJCL::Mode
|
|
|
28
31
|
tag = SJCL::BitArray.bitSlice(ciphertext, ol - tlen)
|
|
29
32
|
|
|
30
33
|
ol = (ol - tlen) / 8;
|
|
31
|
-
raise "ccm: iv must be at least 7 bytes" if (ivl < 7)
|
|
34
|
+
raise Error, "ccm: iv must be at least 7 bytes" if (ivl < 7)
|
|
32
35
|
|
|
33
36
|
# compute the length of the length
|
|
34
37
|
while ccml < 4 && ((ol & 0xFFFFFFFF) >> 8*ccml > 0)
|
|
@@ -46,7 +49,7 @@ module SJCL::Mode
|
|
|
46
49
|
# check the tag
|
|
47
50
|
tag2 = computeTag(prf, out[:data], iv, adata, tlen, ccml)
|
|
48
51
|
if (!SJCL::BitArray.compare(out[:tag], tag2))
|
|
49
|
-
raise "ccm: tag doesn't match"
|
|
52
|
+
raise TagAuthError, "ccm: tag doesn't match"
|
|
50
53
|
end
|
|
51
54
|
return out[:data]
|
|
52
55
|
end
|
|
@@ -54,7 +57,7 @@ module SJCL::Mode
|
|
|
54
57
|
def self.computeTag(prf, plaintext, iv, adata, tlen, l)
|
|
55
58
|
tlen /= 8
|
|
56
59
|
if (tlen % 2 != 0 || tlen < 4 || tlen > 16)
|
|
57
|
-
raise "ccm: invalid tag length"
|
|
60
|
+
raise Error, "ccm: invalid tag length"
|
|
58
61
|
end
|
|
59
62
|
|
|
60
63
|
# mac the flags
|
data/lib/sjcl/version.rb
CHANGED
data/spec/integration_spec.rb
CHANGED
|
@@ -28,4 +28,19 @@ describe "the SJCL aes crypto" do
|
|
|
28
28
|
puts "sjcl.decrypt('s33krit','#{result}')"
|
|
29
29
|
# Checking this by hand for now :(
|
|
30
30
|
end
|
|
31
|
+
|
|
32
|
+
it "should fail to decrypt tampered with adata tag" do
|
|
33
|
+
json = '{"iv":"+Y+RZjk81MN9wkLVRgfLkA==","v":1,"iter":10000,"ks":256,"ts":64,"mode":"ccm","adata":"Tampered","cipher":"aes","salt":"4TD5tILYe6U=","ct":"NUeGvbXWVEmssnSGORpVSl1OefdLHjU2yPZnxVsPifyD1TJ3+w=="}'
|
|
34
|
+
expect {
|
|
35
|
+
SJCL.decrypt('s33krit', json)
|
|
36
|
+
}.to raise_error SJCL::Mode::CCM::TagAuthError
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
it "should fail to decrypt tampered with crypts" do
|
|
40
|
+
json = '{"iv":"+Y+RZjk81MN9wkLVRgfLkA==","v":1,"iter":10000,"ks":256,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"4TD5tILYe6U=","ct":"NUeGvbXWVEmssnSGORpVSl1OefdLHjU2yPZnxVsPifyD1tJ3+w=="}'
|
|
41
|
+
expect {
|
|
42
|
+
SJCL.decrypt('s33krit', json)
|
|
43
|
+
}.to raise_error SJCL::Mode::CCM::TagAuthError
|
|
44
|
+
end
|
|
45
|
+
|
|
31
46
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sjcl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mark Percival
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-01-
|
|
11
|
+
date: 2015-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|