diff options
author | Tobias Nießen <tniessen@tnie.de> | 2022-03-27 03:28:19 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-27 03:28:19 +0300 |
commit | 934a3aa28fdc8dd23701d642580b261f5f6c932b (patch) | |
tree | 81d1b5f1fb3a97b54f16cad3036aec6f4e823ff6 /doc/api/crypto.md | |
parent | 6e5485135737094582cdda68664ab2354154a60c (diff) |
crypto: make authTagLength optional for CC20P1305
PR-URL: https://github.com/nodejs/node/pull/42427
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Diffstat (limited to 'doc/api/crypto.md')
-rw-r--r-- | doc/api/crypto.md | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 99b6fe8ed62..ff35c136d8a 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -2948,6 +2948,10 @@ Checks the primality of the `candidate`. added: v0.1.94 deprecated: v10.0.0 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/42427 + description: The `authTagLength` option is now optional when using the + `chacha20-poly1305` cipher and defaults to 16 bytes. - version: v15.0.0 pr-url: https://github.com/nodejs/node/pull/35093 description: The password argument can be an ArrayBuffer and is limited to @@ -2972,12 +2976,12 @@ Creates and returns a `Cipher` object that uses the given `algorithm` and `password`. The `options` argument controls stream behavior and is optional except when a -cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) or `chacha20-poly1305` is used. -In that case, the +cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the `authTagLength` option is required and specifies the length of the authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength` option is not required but can be used to set the length of the authentication tag that will be returned by `getAuthTag()` and defaults to 16 bytes. +For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes. The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On recent OpenSSL releases, `openssl list -cipher-algorithms` will @@ -3008,6 +3012,10 @@ Adversaries][] for details. <!-- YAML added: v0.1.94 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/42427 + description: The `authTagLength` option is now optional when using the + `chacha20-poly1305` cipher and defaults to 16 bytes. - version: v15.0.0 pr-url: https://github.com/nodejs/node/pull/35093 description: The password and iv arguments can be an ArrayBuffer and are @@ -3044,12 +3052,12 @@ Creates and returns a `Cipher` object, with the given `algorithm`, `key` and initialization vector (`iv`). The `options` argument controls stream behavior and is optional except when a -cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) or `chacha20-poly1305` is used. -In that case, the +cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the `authTagLength` option is required and specifies the length of the authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength` option is not required but can be used to set the length of the authentication tag that will be returned by `getAuthTag()` and defaults to 16 bytes. +For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes. The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On recent OpenSSL releases, `openssl list -cipher-algorithms` will @@ -3077,6 +3085,10 @@ given IV will be. added: v0.1.94 deprecated: v10.0.0 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/42427 + description: The `authTagLength` option is now optional when using the + `chacha20-poly1305` cipher and defaults to 16 bytes. - version: v10.10.0 pr-url: https://github.com/nodejs/node/pull/21447 description: Ciphers in OCB mode are now supported. @@ -3093,10 +3105,10 @@ Creates and returns a `Decipher` object that uses the given `algorithm` and `password` (key). The `options` argument controls stream behavior and is optional except when a -cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) or `chacha20-poly1305` is used. -In that case, the +cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the `authTagLength` option is required and specifies the length of the authentication tag in bytes, see [CCM mode][]. +For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes. The implementation of `crypto.createDecipher()` derives keys using the OpenSSL function [`EVP_BytesToKey`][] with the digest algorithm set to MD5, one @@ -3115,6 +3127,10 @@ to create the `Decipher` object. <!-- YAML added: v0.1.94 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/42427 + description: The `authTagLength` option is now optional when using the + `chacha20-poly1305` cipher and defaults to 16 bytes. - version: v11.6.0 pr-url: https://github.com/nodejs/node/pull/24234 description: The `key` argument can now be a `KeyObject`. @@ -3147,12 +3163,12 @@ Creates and returns a `Decipher` object that uses the given `algorithm`, `key` and initialization vector (`iv`). The `options` argument controls stream behavior and is optional except when a -cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) or `chacha20-poly1305` is used. -In that case, the +cipher in CCM or OCB mode (e.g. `'aes-128-ccm'`) is used. In that case, the `authTagLength` option is required and specifies the length of the authentication tag in bytes, see [CCM mode][]. In GCM mode, the `authTagLength` option is not required but can be used to restrict accepted authentication tags to those with the specified length. +For `chacha20-poly1305`, the `authTagLength` option defaults to 16 bytes. The `algorithm` is dependent on OpenSSL, examples are `'aes192'`, etc. On recent OpenSSL releases, `openssl list -cipher-algorithms` will |