From 4a6dd2e48e99b7a71394ce6b78404c647b31c4af Mon Sep 17 00:00:00 2001 From: Sergey Konovalov Date: Fri, 27 Dec 2024 17:27:31 +0300 Subject: [PATCH] [bug] Set authTagLength param in createCipheriv; Fix bug 72354 --- Common/sources/utils.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Common/sources/utils.js b/Common/sources/utils.js index 6438d987..3340253e 100644 --- a/Common/sources/utils.js +++ b/Common/sources/utils.js @@ -1078,7 +1078,8 @@ exports.encryptPassword = async function (ctx, password) { const iterations = Math.floor(Math.random() * (greaterNumber - lowerNumber)) + lowerNumber; const encryptionKey = await pbkdf2Promise(tenSecret, salt, iterations, keyByteLength, 'sha512'); - const cipher = crypto.createCipheriv('aes-256-gcm', encryptionKey, initializationVector); + //todo chacha20-poly1305 (clean db) + const cipher = crypto.createCipheriv('aes-256-gcm', encryptionKey, initializationVector, {authTagLength:16}); const encryptedData = Buffer.concat([cipher.update(password, 'utf8'), cipher.final()]); const authTag = cipher.getAuthTag(); const predicate = iterations.toString(16); @@ -1120,7 +1121,7 @@ exports.decryptPassword = async function (ctx, password) { ] = pointerArray; const decryptionKey = await pbkdf2Promise(tenSecret, salt, parseInt(iterations, 16), keyByteLength, 'sha512'); - const decipher = crypto.createDecipheriv('aes-256-gcm', decryptionKey, initializationVector); + const decipher = crypto.createDecipheriv('aes-256-gcm', decryptionKey, initializationVector, {authTagLength:16}); decipher.setAuthTag(authTag); return Buffer.concat([decipher.update(encryptedData, 'binary'), decipher.final()]).toString();