修复对gcm算法的支持

master 1.2.0
宇天 2019-01-15 18:05:09 +08:00
parent 5c8ec8e024
commit 1f1fe657f8
3 changed files with 59 additions and 23 deletions

View File

@ -173,7 +173,7 @@ crypto.hmac('md5', '123456', 'sdfvkjfhd')
> 在上面的2种算法中加密都是不可逆的也就是说加密后的字符我们是没办法再还原回去了但是有很多场景需要我们对拿到的加密字符还原到明文状态。 > 在上面的2种算法中加密都是不可逆的也就是说加密后的字符我们是没办法再还原回去了但是有很多场景需要我们对拿到的加密字符还原到明文状态。
> 所以出现了公钥加密这种算法; 而`Node.js`本身给我们提供了4种与公钥加密相关的类`Cipher/Decipher、Sign、Verify`这里只讲前面2个以及它们衍生出来的`Cipheriv/Decipheriv`; > 所以出现了公钥加密这种算法; 而`Node.js`本身给我们提供了4种与公钥加密相关的类`Cipher/Decipher、Sign、Verify`这里只讲前面2个以及它们衍生出来的`Cipheriv/Decipheriv`;
#### cipher(mode, data[, key][, inEncode][, outEncode]) #### cipher(mode, data[, key, inEncode, outEncode])
- mode `<String>` - mode `<String>`
- data `<String>` | `<Buffer>` - data `<String>` | `<Buffer>`
- key `<String>` 可选 - key `<String>` 可选
@ -182,24 +182,32 @@ crypto.hmac('md5', '123456', 'sdfvkjfhd')
> `mode`为算法类型,常见的有`aes-128-cbc、aes-128-gcm`等等地,很多,具体有哪些可以通过 `this.crypto.getCiphers()` 来查看。 > `mode`为算法类型,常见的有`aes-128-cbc、aes-128-gcm`等等地,很多,具体有哪些可以通过 `this.crypto.getCiphers()` 来查看。
> 其他的参数与上面的HMAC算法相似; `inEncode`即声明要加密的数据是什么编码的,默认根据要加密的数据进行判断。 > 其他的参数与上面的HMAC算法相似; `inEncode`即声明要加密的数据是什么编码的,默认根据要加密的数据进行判断。
>> 需要注意的是, 算法类型为`aes-***-gcm`时, 返回的不是一个字符串, 而是一个对象{ enStr, authTag }, 解密时, 需要提供这个 authTag方可解密
```javascript ```javascript
// 这里给出一个AES-128-CBC的加密例子 // 这里给出一个AES-128-CBC的加密例子
//
crypto.cipher('aes-128-cbc', '123456', 'abcdefg') crypto.cipher('aes-128-cbc', '123456', 'abcdefg')
// mqA9ZPh9VV+fwKlfpicGVg== // mqA9ZPh9VV+fwKlfpicGVg==
crypto.cipher('aes-128-cbc', '123456', 'abcdefg', 'utf8', 'hex') crypto.cipher('aes-128-cbc', '123456', 'abcdefg', 'utf8', 'hex')
// 9aa03d64f87d555f9fc0a95fa6270656 // 9aa03d64f87d555f9fc0a95fa6270656
// 要注意gcm算法的结果
crypto.cipher('aes-128-gcm', '123456', 'abcdefg')
// { enStr: 'qmo1a4Jz',
// authTag: <Buffer c4 a0 3e ab e5 34 a0 ea 25 02 f0 91 06 f7 3b dd>
// }
``` ```
#### decipher(mode, data[, key][, inEncode][, outEncode]) #### decipher(mode, data[, key, tag, inEncode, outEncode])
- mode `<String>` - mode `<String>`
- data `<String>` | `<Buffer>` - data `<String>` | `<Buffer>`
- key `<String>` 可选 - key `<String>` 可选
- tag `<Buffer>` 可选(mode为gcm算法时必填)
- inEncode '<String>' 可选, 默认是base64 - inEncode '<String>' 可选, 默认是base64
- outEncode '<String>' 可选默认utf8 - outEncode '<String>' 可选默认utf8
@ -214,7 +222,16 @@ crypto.decipher('aes-128-cbc', 'mqA9ZPh9VV+fwKlfpicGVg==', 'abcdefg')
crypto.decipher('aes-128-cbc', '9aa03d64f87d555f9fc0a95fa6270656', 'abcdefg', 'hex') crypto.decipher('aes-128-cbc', '9aa03d64f87d555f9fc0a95fa6270656', 'abcdefg', 'hex')
// 123456 // 123456
// 要注意gcm算法的结果
// authTag: <Buffer c4 a0 3e ab e5 34 a0 ea 25 02 f0 91 06 f7 3b dd>
crypto.decipher('aes-128-gcm', 'qmo1a4Jz', 'abcdefg', authTag)
// 123456
``` ```
> 至于另外的`cipheriv/decipheriv`这2个方法这里就不细讲了和上面的这2个是同样的用法只是要多1个参数`向量(iv)`, **`特别要注意的一点是选择128位的加密算法那key的长度就必须是16位256则是32位依此类推; 向量iv是16位`,具体的请看相关文档** > 至于另外的`cipheriv/decipheriv`这2个方法这里就不细讲了和上面的这2个是同样的用法只是要多1个参数`向量(iv)`
>> **`特别要注意的一点是选择128位的加密算法那key的长度就必须是16位256则是32位依此类推; 算法类型为gcm时,返回的是对象,解密时需要提供authTag `,具体的请看相关文档**

View File

@ -8,6 +8,7 @@
const CRYPTO = require('crypto') const CRYPTO = require('crypto')
const FS = require('fs') const FS = require('fs')
const GCM_MODE = ['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm']
module.exports = { module.exports = {
origin: CRYPTO, origin: CRYPTO,
@ -37,20 +38,29 @@ module.exports = {
inEncode = isBuffer ? 'binary' : inEncode || 'utf8' inEncode = isBuffer ? 'binary' : inEncode || 'utf8'
outEncode = outEncode || 'base64' outEncode = outEncode || 'base64'
let cp = CRYPTO.createCipher(mode, key) let cc = CRYPTO.createCipher(mode, key)
let res = cp.update(data, inEncode, outEncode) let enStr = cc.update(data, inEncode, outEncode)
return res + cp.final(outEncode) enStr += cc.final(outEncode)
if (GCM_MODE.indexOf(mode) > -1) {
let authTag = cc.getAuthTag()
return { enStr: enStr, authTag: authTag }
}
return enStr
}, },
decipher(mode, data, key, inEncode, outEncode) { decipher(mode, data, key, tag, inEncode, outEncode) {
key = key || '' key = key || ''
let isBuffer = Buffer.isBuffer(data) let isBuffer = Buffer.isBuffer(data)
inEncode = isBuffer ? 'binary' : inEncode || 'base64' inEncode = isBuffer ? 'binary' : inEncode || 'base64'
outEncode = outEncode || 'utf8' outEncode = outEncode || 'utf8'
let dcp = CRYPTO.createDecipher(mode, key) let cd = CRYPTO.createDecipher(mode, key)
let res = dcp.update(data, inEncode, outEncode) if (GCM_MODE.indexOf(mode) > -1) {
return res + dcp.final(outEncode) cd.setAuthTag(tag)
}
let deStr = cd.update(data, inEncode, outEncode)
deStr += cd.final(outEncode)
return deStr
}, },
cipheriv(mode, data, key, iv, inEncode, outEncode) { cipheriv(mode, data, key, iv, inEncode, outEncode) {
@ -60,21 +70,30 @@ module.exports = {
inEncode = isBuffer ? 'binary' : inEncode || 'utf8' inEncode = isBuffer ? 'binary' : inEncode || 'utf8'
outEncode = outEncode || 'base64' outEncode = outEncode || 'base64'
let cp = CRYPTO.createCipheriv(mode, key, iv) let cciv = CRYPTO.createCipheriv(mode, key, iv)
let res = cp.update(data, inEncode, outEncode) let enStr = cciv.update(data, inEncode, outEncode)
return res + cp.final(outEncode) enStr += cciv.final(outEncode)
if (GCM_MODE.indexOf(mode) > -1) {
let authTag = cciv.getAuthTag()
return { enStr: enStr, authTag: authTag }
}
return enStr
}, },
decipheriv(mode, data, key, iv, inEncode, outEncode) { decipheriv(mode, data, key, iv, tag, inEncode, outEncode) {
key = key || '0000000000000000' key = key || '0000000000000000'
iv = iv || '' iv = iv || ''
let isBuffer = Buffer.isBuffer(data) let isBuffer = Buffer.isBuffer(data)
inEncode = isBuffer ? 'binary' : inEncode || 'base64' inEncode = isBuffer ? 'binary' : inEncode || 'base64'
outEncode = outEncode || 'utf8' outEncode = outEncode || 'utf8'
let dcp = CRYPTO.createDecipheriv(mode, key, iv) let dcpiv = CRYPTO.createDecipheriv(mode, key, iv)
let res = dcp.update(data, inEncode, outEncode) if (GCM_MODE.indexOf(mode) > -1) {
return res + dcp.final(outEncode) dcpiv.setAuthTag(tag)
}
let deStr = dcpiv.update(data, inEncode, outEncode)
deStr += dcpiv.final(outEncode)
return deStr
}, },
/** /**

View File

@ -1,6 +1,6 @@
{ {
"name": "crypto.js", "name": "crypto.js",
"version": "1.1.6", "version": "1.2.0",
"description": "原生crypto加密模块的二次封装,简化常用加密函数的使用", "description": "原生crypto加密模块的二次封装,简化常用加密函数的使用",
"keywords": ["md5", "sha1", "base64", "fivejs", "crypto"], "keywords": ["md5", "sha1", "base64", "fivejs", "crypto"],
"author": "yutent <yutent@doui.cc>", "author": "yutent <yutent@doui.cc>",