fix aes-gcm decryption.

nodertc · May 5, 2018 · bf2be23 · bf2be23
1 parent ec815f2
commit bf2be23
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/lib/cipher-suites.js b/lib/cipher-suites.js
@@ -92,6 +92,7 @@ class AEADCipher {
     this.key_length = 0
     this.nonce_length = 0
     this.iv_length = 0
+    this.auth_tag_length = 0
 
     this.nonce_implicit_length = 0
     this.nonce_explicit_length = 0
@@ -181,11 +182,13 @@ class AEADCipher {
   decrypt(session, data, header) {
     const isClient = session[symbols.sessionType] === sessionType.CLIENT
     const iv = isClient ? this.server_nonce : this.client_nonce
+    const final = createDecodeStream(data)
 
-    const explicit_nonce = data.slice(0, this.nonce_explicit_length)
+    const explicit_nonce = final.readBuffer(this.nonce_explicit_length)
     explicit_nonce.copy(iv, this.nonce_implicit_length)
 
-    const encryted = data.slice(this.nonce_explicit_length)
+    const encryted = final.readBuffer(final.length - this.auth_tag_length)
+    const auth_tag = final.readBuffer(this.auth_tag_length)
     const write_key = isClient ? this.server_write_key : this.client_write_key
 
     const additional_data_stream = createEncodeStream()
@@ -194,7 +197,7 @@ class AEADCipher {
       sequence: header.sequenceNumber,
       type: header.type,
       version: header.version,
-      length: data.length
+      length: encryted.length
     }
 
     encode(additional_data, additional_data_stream, AEADAdditionalData)
@@ -206,6 +209,7 @@ class AEADCipher {
     )
 
     decipher.setAAD(additional_data_stream.slice())
+    decipher.setAuthTag(auth_tag)
 
     const head_part = decipher.update(encryted)
     const final_part = decipher.final()
@@ -251,5 +255,7 @@ function createAEADCipher(id, name, block, kx, constants, hash = 'sha256') {
 
   cipher.iv_length = cipher.nonce_implicit_length
 
+  cipher.auth_tag_length = 16
+
   return cipher
 }