Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: deprecate useless authentication tag APIs #22126

Closed
wants to merge 4 commits into from
Closed

crypto: deprecate useless authentication tag APIs #22126

wants to merge 4 commits into from

Conversation

tniessen
Copy link
Member

@tniessen tniessen commented Aug 4, 2018

These APIs were probably exposed by accident (maybe Cipher and Decipher had the same prototype at some point?). getAuthTag and setAuthTag are not a usual getter/setter pair: Getting the authentication tag only makes sense in the context of encryption, setting it only makes sense in the context of encryption. Currently, both functions throw. Neither has been documented publicly.

It seems appropriate to skip a documentation-only deprecation here since the functions have never been documented, at least not on these classes, and using them will only throw an error. The deprecation warning is triggered on property access, not just when calling the function, to make sure that people don't rely on the mere existence of the functions.

cc @nodejs/crypto @nodejs/security @nodejs/tsc

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

@tniessen tniessen added the semver-major PRs that contain breaking changes and should be released in the next major version. label Aug 4, 2018
@nodejs-github-bot
Copy link
Collaborator

@tniessen build started: https://ci.nodejs.org/blue/organizations/jenkins/node-test-pull-request-lite-pipeline/detail/node-test-pull-request-lite-pipeline/425/pipeline

@nodejs-github-bot nodejs-github-bot added the crypto Issues and PRs related to the crypto subsystem. label Aug 4, 2018
ryzokuken
ryzokuken approved these changes Aug 4, 2018
View reviewed changes
Copy link
Contributor

@ryzokuken ryzokuken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I wonder how these crept in 😅

@Trott
Copy link
Member

Trott commented Aug 4, 2018

@nodejs/security-wg

@tniessen tniessen force-pushed the crypto-deprecate-useless-auth-tag-apis branch from ddfff1e to e1d7616 Compare August 4, 2018 22:32
@tniessen
Copy link
Member Author

tniessen commented Aug 4, 2018
edited
Loading

Full CI: https://ci.nodejs.org/job/node-test-pull-request/16198/
Resumed: https://ci.nodejs.org/job/node-test-pull-request/16248/

mcollina
mcollina approved these changes Aug 5, 2018
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lirantal
Copy link
Member

lirantal commented Aug 5, 2018

doesn't look like we'll be breaking major modules, though I was able to find some dependents on it (i.e: https://github.com/garbados/comdb)

@tniessen
Copy link
Member Author

tniessen commented Aug 5, 2018

@lirantal Are you sure? Why do you think they depend on these functions?

@lirantal
Copy link
Member

lirantal commented Aug 5, 2018

I spotted this https://github.com/garbados/comdb/blob/9d36dd730bd70de71ebcb1986db51595f967f786/lib/crypt.js#L77

I did a simple github code search for it and there are a few occurrences but probably not a big deal.

@tniessen
Copy link
Member Author

tniessen commented Aug 5, 2018

@lirantal There are two getAuthTag functions and two setAuthTag functions, and one of each is useless. Those are the ones that will be deprecated by this PR. The other two are perfectly fine and it would indeed be a big deal to deprecate them, and there is no reason to do so.

@lirantal
Copy link
Member

lirantal commented Aug 6, 2018

@tniessen wasn't very clear on that, thanks.

@ChALkeR
Copy link
Member

ChALkeR commented Aug 6, 2018
edited
Loading 

499263  ssh2-streams-0.2.1.tgz/lib/ssh.js:4731:    instance.setAuthTag(data);
499263  ssh2-streams-0.2.1.tgz/lib/ssh.js:5348:      var authTag = encrypter.getAuthTag();
94592   passport-azure-ad-3.0.12.tgz/lib/cookieContentHandler.js:136:  var authTag = cipher.getAuthTag().toString('hex');
94592   passport-azure-ad-3.0.12.tgz/lib/cookieContentHandler.js:151:  decipher.setAuthTag(authTag);
94592   passport-azure-ad-3.0.12.tgz/lib/jwe.js:404:      decipher.setAuthTag(authTag);
80158   node-jose-1.0.0.tgz/lib/algorithms/aes-gcm.js:184:    var tag = cipher.getAuthTag();
80158   node-jose-1.0.0.tgz/lib/algorithms/aes-gcm.js:333:    cipher.setAuthTag(tag);
41405   http_ece-1.0.5.tgz/ece.js:338:  gcm.setAuthTag(buffer.slice(buffer.length - TAG_LENGTH));
41405   http_ece-1.0.5.tgz/ece.js:424:  var tag = gcm.getAuthTag();
31213   openpgp-3.1.0.tgz/src/crypto/gcm.js:84:        const ct = Buffer.concat([en.update(pt), en.final(), en.getAuthTag()]); // append auth tag to ciphertext
31213   openpgp-3.1.0.tgz/src/crypto/gcm.js:94:        de.setAuthTag(ct.slice(ct.length - tagLength, ct.length)); // read auth tag at end of ciphertext
14050   encrypted-attr-1.1.0.tgz/lib/encrypted-attr.js:45:           gcm.getAuthTag().toString('base64').slice(0, 22)
14050   encrypted-attr-1.1.0.tgz/lib/encrypted-attr.js:86:    gcm.setAuthTag(tag)
…

Are those going to be affected?

Some of those (if not all) might be using cipher-base/browserify-aes (or similar) though, which also define those methods.

@tniessen
Copy link
Member Author

tniessen commented Aug 6, 2018

@ChALkeR The functions which will be deprecated by this PR will throw every time they are called, so it is unlikely that someone uses them (for legitimate reasons). The occurrences you listed should be unaffected.

@tniessen tniessen added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Aug 7, 2018
@tniessen
crypto: deprecate useless crypto APIs
39729d9 
The APIs were probably exposed by accident. getAuthTag and setAuthTag
are not a usual getter/setter pair: Getting the authentication tag
only makes sense in the context of encryption, setting it only makes
sense in the context of decryption. Currently, both functions throw.
Neither has been documented publicly.
@tniessen
fixup! crypto: deprecate useless crypto APIs
f010e96
@tniessen
test: fix crypto test case
a05c140
@tniessen
fixup! deprecate useless crypto APIs
24bace5
@tniessen tniessen force-pushed the crypto-deprecate-useless-auth-tag-apis branch from e1d7616 to 24bace5 Compare August 9, 2018 14:05
@tniessen
Copy link
Member Author

tniessen commented Aug 9, 2018

Rebased, old HEAD was e1d76163029d403aeddb83c38883c730675a906f.

tniessen added a commit to tniessen/node that referenced this pull request Aug 10, 2018
@tniessen
test: fix crypto test case
34f56e2 
PR-URL: nodejs#22126
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
tniessen added a commit to tniessen/node that referenced this pull request Aug 10, 2018
@tniessen
crypto: deprecate useless crypto APIs
39dd3a4 
The APIs were probably exposed by accident. getAuthTag and setAuthTag
are not a usual getter/setter pair: Getting the authentication tag
only makes sense in the context of encryption, setting it only makes
sense in the context of decryption. Currently, both functions throw.
Neither has been documented publicly.

PR-URL: nodejs#22126
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@tniessen
Copy link
Member Author

Landed in 34f56e2, 39dd3a4.

@tniessen tniessen closed this Aug 10, 2018
@tniessen tniessen added deprecations Issues and PRs related to deprecations. and removed author ready PRs that have at least one approval, no pending requests for changes, and a CI started. labels Sep 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcollina mcollina mcollina approved these changes

@jasnell jasnell jasnell approved these changes

@ryzokuken ryzokuken ryzokuken approved these changes

@trivikr trivikr trivikr approved these changes

Assignees
No one assigned
Labels
crypto Issues and PRs related to the crypto subsystem. deprecations Issues and PRs related to deprecations. semver-major PRs that contain breaking changes and should be released in the next major version.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@tniessen @nodejs-github-bot @Trott @lirantal @ChALkeR @mcollina @jasnell @ryzokuken @trivikr