Fix issue with gcm

skadefro · skadefro · commit 2c0ebbadff71 · 2021-05-25T14:41:17.000+02:00
diff --git a/OpenFlow/src/Crypt.ts b/OpenFlow/src/Crypt.ts
@@ -44,24 +44,28 @@ export class Crypt {
     }
     static encrypt(text: string): string {
         let iv: Buffer = crypto.randomBytes(Crypt.iv_length);
-        let cipher: crypto.Cipher = crypto.createCipheriv("AES-256-GCM", Buffer.from(Crypt.encryption_key), iv);
+        let cipher: crypto.CipherGCM = crypto.createCipheriv('aes-256-gcm', Buffer.from(Crypt.encryption_key), iv);
         let encrypted: Buffer = cipher.update((text as any));
         encrypted = Buffer.concat([encrypted, cipher.final()]);
-        return iv.toString("hex") + ":" + encrypted.toString("hex");
+        const authTag = cipher.getAuthTag()
+        return iv.toString("hex") + ":" + encrypted.toString("hex") + ":" + authTag.toString("hex");
     }
     static decrypt(text: string): string {
         let textParts: string[] = text.split(":");
         let iv: Buffer = Buffer.from(textParts.shift(), "hex");
-        let encryptedText: Buffer = Buffer.from(textParts.join(":"), "hex");
+        let encryptedText: Buffer = Buffer.from(textParts.shift(), "hex");
+        let authTag: Buffer = null;
+        if (textParts.length > 0) authTag = Buffer.from(textParts.shift(), "hex");
         let decrypted: Buffer
-        try {
-            let decipher: crypto.Decipher = crypto.createDecipheriv("AES-256-GCM", Buffer.from(this.encryption_key), iv);
-            decrypted = decipher.update(encryptedText);
-            decrypted = Buffer.concat([decrypted, decipher.final()]);
-        } catch {
-            let decipher: crypto.Decipher = crypto.createDecipheriv("aes-256-cbc", Buffer.from(this.encryption_key), iv);
+        if (authTag != null) {
+            let decipher: crypto.DecipherGCM = crypto.createDecipheriv('aes-256-gcm', Buffer.from(Crypt.encryption_key), iv);
+            decipher.setAuthTag(authTag);
             decrypted = decipher.update(encryptedText);
             decrypted = Buffer.concat([decrypted, decipher.final()]);
+        } else {
+            let decipher2: crypto.Decipher = crypto.createDecipheriv("aes-256-cbc", Buffer.from(this.encryption_key), iv);
+            decrypted = decipher2.update(encryptedText);
+            decrypted = Buffer.concat([decrypted, decipher2.final()]);
         }
         return decrypted.toString();
     }
diff --git a/OpenFlowNodeRED/package.json b/OpenFlowNodeRED/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openiap/nodered",
-  "version": "1.3.14",
+  "version": "1.3.16",
   "description": "Simple wrapper around NodeRed, RabbitMQ and MongoDB to support a more scaleable NodeRed implementation.\r Also the \"backend\" for [OpenRPA](https://github.com/skadefro/OpenRPA)",
   "main": "index.js",
   "scripts": {
diff --git a/OpenFlowNodeRED/src/node-red-contrib-openflow-storage.ts b/OpenFlowNodeRED/src/node-red-contrib-openflow-storage.ts
@@ -69,37 +69,31 @@ export class noderedcontribopenflowstorage {
     private static iv_length: number = 16; // for AES, this is always 16
     private static encryption_key: string = ("smurfkicks-to-anyone-hating-on-nodejs").substr(0, 32);
     static encrypt(text: string): string {
-        try {
-            let iv: Buffer = crypto.randomBytes(this.iv_length);
-            let cipher: crypto.Cipher = crypto.createCipheriv("AES-256-GCM", Buffer.from(this.encryption_key), iv);
-            let encrypted: Buffer = cipher.update((text as any));
-            encrypted = Buffer.concat([encrypted, cipher.final()]);
-            return iv.toString("hex") + ":" + encrypted.toString("hex");
-        } catch (error) {
-            console.error(error);
-        }
-        return text;
+        let iv: Buffer = crypto.randomBytes(this.iv_length);
+        let cipher: crypto.CipherGCM = crypto.createCipheriv('aes-256-gcm', Buffer.from(this.encryption_key), iv);
+        let encrypted: Buffer = cipher.update((text as any));
+        encrypted = Buffer.concat([encrypted, cipher.final()]);
+        const authTag = cipher.getAuthTag()
+        return iv.toString("hex") + ":" + encrypted.toString("hex") + ":" + authTag.toString("hex");
     }
     static decrypt(text: string): string {
-        try {
-            let textParts: string[] = text.split(":");
-            let iv: Buffer = Buffer.from(textParts.shift(), "hex");
-            let encryptedText: Buffer = Buffer.from(textParts.join(":"), "hex");
-            let decrypted: Buffer
-            try {
-                let decipher: crypto.Decipher = crypto.createDecipheriv("AES-256-GCM", Buffer.from(this.encryption_key), iv);
-                decrypted = decipher.update(encryptedText);
-                decrypted = Buffer.concat([decrypted, decipher.final()]);
-            } catch {
-                let decipher: crypto.Decipher = crypto.createDecipheriv("aes-256-cbc", Buffer.from(this.encryption_key), iv);
-                decrypted = decipher.update(encryptedText);
-                decrypted = Buffer.concat([decrypted, decipher.final()]);
-            }
-            return decrypted.toString();
-        } catch (error) {
-            console.error(error);
+        let textParts: string[] = text.split(":");
+        let iv: Buffer = Buffer.from(textParts.shift(), "hex");
+        let encryptedText: Buffer = Buffer.from(textParts.shift(), "hex");
+        let authTag: Buffer = null;
+        if (textParts.length > 0) authTag = Buffer.from(textParts.shift(), "hex");
+        let decrypted: Buffer
+        if (authTag != null) {
+            let decipher: crypto.DecipherGCM = crypto.createDecipheriv('aes-256-gcm', Buffer.from(this.encryption_key), iv);
+            decipher.setAuthTag(authTag);
+            decrypted = decipher.update(encryptedText);
+            decrypted = Buffer.concat([decrypted, decipher.final()]);
+        } else {
+            let decipher2: crypto.Decipher = crypto.createDecipheriv("aes-256-cbc", Buffer.from(this.encryption_key), iv);
+            decrypted = decipher2.update(encryptedText);
+            decrypted = Buffer.concat([decrypted, decipher2.final()]);
         }
-        return text;
+        return decrypted.toString();
     }
 
 
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.3.14
+1.3.16
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openiap/openflow",
-  "version": "1.3.14",
+  "version": "1.3.16",
   "description": "Simple wrapper around NodeRed, RabbitMQ and MongoDB to support a more scaleable NodeRed implementation.\r Also the \"backend\" for [OpenRPA](https://github.com/skadefro/OpenRPA)",
   "main": "index.js",
   "scripts": {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@openiap/nodered",`
`3`		`- "version": "1.3.14",`
	`3`	`+ "version": "1.3.16",`
`4`	`4`	`"description": "Simple wrapper around NodeRed, RabbitMQ and MongoDB to support a more scaleable NodeRed implementation.\r Also the \"backend\" for [OpenRPA](https://github.com/skadefro/OpenRPA)",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@openiap/openflow",`
`3`		`- "version": "1.3.14",`
	`3`	`+ "version": "1.3.16",`
`4`	`4`	`"description": "Simple wrapper around NodeRed, RabbitMQ and MongoDB to support a more scaleable NodeRed implementation.\r Also the \"backend\" for [OpenRPA](https://github.com/skadefro/OpenRPA)",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`