Encode transaction message using AES-GCM (#640)

* Fixed #633
- Updated doc in transaction search criteria

* Fixed #637

Author: rg911

src/core/crypto/Crypto.ts

@@ -21,6 +21,7 @@ import * as crypto from 'crypto';
 import * as CryptoJS from 'crypto-js';
 
 export class Crypto {
+    private static AES_ALGO = 'aes-256-gcm';
     /**
      * Encrypt data
      * @param {string} data
@@ -93,19 +94,18 @@ export class Crypto {
         }
         // Processing
         const keyPair = KeyPair.createKeyPairFromPrivateKeyString(senderPriv);
-        const pk = convert.hexToUint8(recipientPub);
-        const encKey = utility.ua2words(utility.catapult_crypto.deriveSharedKey(keyPair.privateKey, pk), 32);
-        const encIv = {
-            iv: utility.ua2words(iv, 16),
-        };
-        const encrypted = CryptoJS.AES.encrypt(CryptoJS.enc.Hex.parse(msg), encKey, encIv);
+        const encKey = Buffer.from(utility.catapult_crypto.deriveSharedKey(keyPair.privateKey, convert.hexToUint8(recipientPub)), 32);
+        const encIv = Buffer.from(iv);
+        const cipher = crypto.createCipheriv(Crypto.AES_ALGO, encKey, encIv);
+        const encrypted = Buffer.concat([cipher.update(Buffer.from(convert.hexToUint8(msg))), cipher.final()]);
+        const tag = cipher.getAuthTag();
         // Result
-        const result = convert.uint8ToHex(iv) + CryptoJS.enc.Hex.stringify(encrypted.ciphertext);
+        const result = tag.toString('hex') + encIv.toString('hex') + encrypted.toString('hex');
         return result;
     };
 
     /**
-     * Encode a message
+     * Encode a message using AES-GCM algorithm
      *
      * @param {string} senderPriv - A sender private key
      * @param {string} recipientPub - A recipient public key
@@ -119,7 +119,7 @@ export class Crypto {
             throw new Error('Missing argument !');
         }
         // Processing
-        const iv = Crypto.randomBytes(16);
+        const iv = Crypto.randomBytes(12);
         const encoded = Crypto._encode(senderPriv, recipientPub, isHexString ? msg : convert.utf8ToHex(msg), iv);
         // Result
         return encoded;
@@ -131,31 +131,28 @@ export class Crypto {
      * @param {string} recipientPrivate - A recipient private key
      * @param {string} senderPublic - A sender public key
      * @param {Uint8Array} payload - An encrypted message payload in bytes
-     * @param {Uint8Array} iv - 16-byte AES initialization vector
+     * @param {Uint8Array} tagAndIv - 16-bytes AES auth tag and 12-byte AES initialization vector
      * @return {string} - The decoded payload as hex
      */
-    public static _decode = (recipientPrivate: string, senderPublic: string, payload: Uint8Array, iv: Uint8Array): string => {
+    public static _decode = (recipientPrivate: string, senderPublic: string, payload: Uint8Array, tagAndIv: Uint8Array): string => {
         // Error
         if (!recipientPrivate || !senderPublic || !payload) {
             throw new Error('Missing argument !');
         }
         // Processing
         const keyPair = KeyPair.createKeyPairFromPrivateKeyString(recipientPrivate);
-        const pk = convert.hexToUint8(senderPublic);
-        const encKey = utility.ua2words(utility.catapult_crypto.deriveSharedKey(keyPair.privateKey, pk), 32);
-        const encIv = {
-            iv: utility.ua2words(iv, 16),
-        };
-        const encrypted = {
-            ciphertext: utility.ua2words(payload, payload.length),
-        };
-        const plain = CryptoJS.AES.decrypt(encrypted, encKey, encIv);
+        const encKey = Buffer.from(utility.catapult_crypto.deriveSharedKey(keyPair.privateKey, convert.hexToUint8(senderPublic)), 32);
+        const encIv = Buffer.from(new Uint8Array(tagAndIv.buffer, 16, 12));
+        const encTag = Buffer.from(new Uint8Array(tagAndIv.buffer, 0, 16));
+        const cipher = crypto.createDecipheriv(Crypto.AES_ALGO, encKey, encIv);
+        cipher.setAuthTag(encTag);
+        const decrypted = Buffer.concat([cipher.update(Buffer.from(payload)), cipher.final()]);
         // Result
-        return CryptoJS.enc.Hex.stringify(plain);
+        return decrypted.toString('hex');
     };
 
     /**
-     * Decode an encrypted message payload
+     * Decode an encrypted (AES-GCM algorithm) message payload
      *
      * @param {string} recipientPrivate - A recipient private key
      * @param {string} senderPublic - A sender public key
@@ -169,10 +166,15 @@ export class Crypto {
         }
         // Processing
         const binPayload = convert.hexToUint8(payload);
-        const payloadBuffer = new Uint8Array(binPayload.buffer, 16);
-        const iv = new Uint8Array(binPayload.buffer, 0, 16);
-        const decoded = Crypto._decode(recipientPrivate, senderPublic, payloadBuffer, iv);
-        return decoded.toUpperCase();
+        const payloadBuffer = new Uint8Array(binPayload.buffer, 16 + 12); //tag + iv
+        const tagAndIv = new Uint8Array(binPayload.buffer, 0, 16 + 12);
+        try {
+            const decoded = Crypto._decode(recipientPrivate, senderPublic, payloadBuffer, tagAndIv);
+            return decoded.toUpperCase();
+        } catch {
+            // To return empty string rather than error throwing if authentication failed
+            return '';
+        }
     };
 
     /**

src/model/transaction/TransferTransaction.ts

@@ -171,7 +171,7 @@ export class TransferTransaction extends Transaction {
         if (this.message.type === MessageType.PersistentHarvestingDelegationMessage) {
             if (this.mosaics.length > 0) {
                 throw new Error('PersistentDelegationRequestTransaction should be created without Mosaic');
-            } else if (!/^[0-9a-fA-F]{208}$/.test(this.message.payload)) {
+            } else if (!/^[0-9a-fA-F]{200}$/.test(this.message.payload)) {
                 throw new Error('PersistentDelegationRequestTransaction message is invalid');
             }
         }

test/core/crypto/crypto.spec.ts

@@ -133,32 +133,40 @@ describe('crypto tests', () => {
     describe('test vector cipher', () => {
         it('test vector cipher', () => {
             // Arrange:
-            const Private_Key = '3140f94c79f249787d1ec75a97a885980eb8f0a7d9b7aa03e7200296e422b2b6';
+            const Private_Key = '3140F94C79F249787D1EC75A97A885980EB8F0A7D9B7AA03E7200296E422B2B6';
 
             const Public_Keys = 'C62827148875ACAF05D25D29B1BB1D947396A89CE41CB48888AE6961D9991DDF';
 
+            const tags = [
+                '1B3370262014CB148F7A8CC88D344370',
+                'D02C42DBF4507B312BA7C6DC2AC11029',
+                '4924AD697E57E2B84B0677D1B5AA9EF6',
+                'C3670B1C2021CD5590CD5922C23E93A0',
+                '19B0DFA6563E22BF5935C229EB212314',
+            ];
+
             const ivs = [
-                'a73ff5c32f8fd055b09775817a6a3f95',
-                '91246c2d5493867c4fa3e78f85963677',
-                '9f8e33d82374dad6aac0e3dbe7aea704',
-                '6acdf8e01acc8074ddc807281b6af888',
-                'f2e9f18aeb374965f54d2f4e31189a8f',
+                'A73FF5C32F8FD055B0977581',
+                '91246C2D5493867C4FA3E78F',
+                '9F8E33D82374DAD6AAC0E3DB',
+                '6ACDF8E01ACC8074DDC80728',
+                'F2E9F18AEB374965F54D2F4E',
             ];
 
             const cipherText = [
-                'EEF67A32E1FE96AF1401DF42DD356A1CAEC5B6B36576357C22232049D174F63E',
-                'F94355BEF2CBF73E06AF2FF57BB8D72D7090062379062B60E8EF37EA858D8FF4',
-                '18FF3AB60B01D5D39CFDD50ADDE0F49ECAEE4355B224D0D8A0607455A3DFA823',
-                'E64795B1B980A6101E9C12824FAA5A4DFC1467F767AA3DC5A990F3A28692A1FA',
-                '17817662A9B61AF1E9C6F3D7C1D02CAAACEA586E4BD777A68C0765D5231619F3',
+                '1B1398B84750C9DDEE99164AA1A54C89E9705FDCEBACD05A7B75F1E716',
+                '7C7B81434A62C8E3056A943334BEE80C9D283BFF27B87D41ABDD3F46FA',
+                '47DB888FE244202E7E73A1B9CD853C3CD591E872F965386E22306EE568',
+                'C0BBDF03BF0038BFE662E78553357695CD9D2CC06CCE9A7BCF7460379B',
+                '44FB7EA399DE68C017081E371AD8F544C50BE707E6D7AF5B4B65D815FB',
             ];
 
             const clearText = [
-                '86ddb9e713a8ebf67a51830eff03b837e147c20d75e67b2a54aa29e98c',
-                '86ddb9e713a8ebf67a51830eff03b837e147c20d75e67b2a54aa29e98c',
-                '86ddb9e713a8ebf67a51830eff03b837e147c20d75e67b2a54aa29e98c',
-                '86ddb9e713a8ebf67a51830eff03b837e147c20d75e67b2a54aa29e98c',
-                '86ddb9e713a8ebf67a51830eff03b837e147c20d75e67b2a54aa29e98c',
+                '86DDB9E713A8EBF67A51830EFF03B837E147C20D75E67B2A54AA29E98C',
+                '86DDB9E713A8EBF67A51830EFF03B837E147C20D75E67B2A54AA29E98C',
+                '86DDB9E713A8EBF67A51830EFF03B837E147C20D75E67B2A54AA29E98C',
+                '86DDB9E713A8EBF67A51830EFF03B837E147C20D75E67B2A54AA29E98C',
+                '86DDB9E713A8EBF67A51830EFF03B837E147C20D75E67B2A54AA29E98C',
             ];
 
             for (let i = 0; i < ivs.length; ++i) {
@@ -168,7 +176,7 @@ describe('crypto tests', () => {
                 // Act:
                 const encoded = Crypto._encode(Private_Key, Public_Keys, clearText[i], iv);
                 // Assert:
-                expect(encoded.toUpperCase()).to.deep.equal(ivs[i].toUpperCase() + cipherText[i].toUpperCase());
+                expect(encoded.toUpperCase()).to.deep.equal(tags[i].toUpperCase() + ivs[i].toUpperCase() + cipherText[i].toUpperCase());
             }
         });
     });

test/model/message/PersistentHarvestingDelegationMessage.spec.ts

@@ -45,7 +45,7 @@ describe('PersistentHarvestingDelegationMessage', () => {
             recipient.publicKey,
             NetworkType.MIJIN_TEST,
         );
-        expect(encryptedMessage.payload.length).to.be.equal(208);
+        expect(encryptedMessage.payload.length).to.be.equal(200);
         expect(encryptedMessage.type).to.be.equal(MessageType.PersistentHarvestingDelegationMessage);
     });
 

test/model/transaction/PersistentDelegationRequestTransaction.spec.ts

@@ -68,7 +68,7 @@ describe('PersistentDelegationRequestTransaction', () => {
             NetworkType.MIJIN_TEST,
         );
 
-        expect(persistentDelegationRequestTransaction.message.payload.length).to.be.equal(192 + messageMarker.length);
+        expect(persistentDelegationRequestTransaction.message.payload.length).to.be.equal(184 + messageMarker.length);
         expect(persistentDelegationRequestTransaction.message.payload.includes(messageMarker)).to.be.true;
         expect(persistentDelegationRequestTransaction.mosaics.length).to.be.equal(0);
         expect(persistentDelegationRequestTransaction.recipientAddress).to.be.instanceof(Address);

test/model/transaction/TransferTransaction.spec.ts

@@ -267,7 +267,7 @@ describe('TransferTransaction', () => {
             PersistentHarvestingDelegationMessage.create(delegatedPrivateKey, recipientPublicKey, NetworkType.MIJIN_TEST),
             NetworkType.MIJIN_TEST,
         );
-        expect(transferTransaction.message.payload.length).to.be.equal(192 + messageMarker.length);
+        expect(transferTransaction.message.payload.length).to.be.equal(184 + messageMarker.length);
         expect(transferTransaction.message.payload.includes(messageMarker)).to.be.true;
         expect(transferTransaction.mosaics.length).to.be.equal(0);
         expect(transferTransaction.recipientAddress).to.be.instanceof(Address);