Adding support for expanded context

Author: martinthomson

nodejs/ece.js

@@ -110,6 +110,12 @@ function extractSecretAndContext(params, mode) {
   if (!secret) {
     throw new Error('Unable to determine key');
   }
+  if (params.expandedContext) {
+    context = Buffer.concat([
+      context,
+      base64.decode(params.expandedContext)
+    ]);
+  }
   return { secret: secret, context: context };
 }
 

nodejs/test.js

@@ -48,6 +48,19 @@ function useExplicitKey() {
   encryptDecrypt(length.readUInt16BE(2), params);
 }
 
+function expandedContext() {
+  var length = crypto.randomBytes(4);
+  var params = {
+    key: base64.encode(crypto.randomBytes(16)),
+    salt: base64.encode(crypto.randomBytes(16)),
+    rs: length.readUInt16BE(0) + 1,
+    expandedContext: base64.encode(crypto.randomBytes(16))
+  };
+  log('Key: ' + base64.encode(params.key));
+  log('Context: ' + base64.encode(params.expandedContext));
+  encryptDecrypt(length.readUInt16BE(2), params);
+}
+
 function exactlyOneRecord() {
   var length = Math.min(crypto.randomBytes(2).readUInt16BE(0), maxLen);
   var params = {
@@ -136,6 +149,7 @@ function useDH() {
 var i;
 for (i = 0; i < count; ++i) {
   useExplicitKey();
+  expandedContext();
   exactlyOneRecord();
   detectTruncation();
   useKeyId();

python/http_ece/__init__.py

@@ -10,9 +10,9 @@
 keys = {}
 labels = {}
 
-def deriveKey(mode, salt, key=None, dh=None, keyid=None):
+def deriveKey(mode, salt, key=None, dh=None, keyid=None, expandedContext=b""):
     def buildInfo(base, context):
-        return b"Content-Encoding: " + base + b"\0" + context
+        return b"Content-Encoding: " + base + b"\0" + context + expandedContext
 
     def deriveDH(mode, keyid, dh):
         def lengthPrefix(key):
@@ -43,7 +43,7 @@ def lengthPrefix(key):
     if salt is None or len(salt) != 16:
         raise Exception(u"'salt' must be a 16 octet value")
 
-    context = b''
+    context = b""
     if key is not None:
         secret = key
     elif dh is not None:
@@ -75,7 +75,7 @@ def iv(base, counter):
     (mask,) = struct.unpack("!Q", base[4:])
     return base[:4] + struct.pack("!Q", counter ^ mask)
 
-def decrypt(buffer, salt, key=None, keyid=None, dh=None, rs=4096):
+def decrypt(buffer, salt, key=None, keyid=None, dh=None, rs=4096, expandedContext=b""):
     def decryptRecord(key, nonce, counter, buffer):
         decryptor = Cipher(
             algorithms.AES(key),
@@ -90,7 +90,8 @@ def decryptRecord(key, nonce, counter, buffer):
         return data
 
     (key_, nonce_) = deriveKey(mode="decrypt", salt=salt,
-                               key=key, keyid=keyid, dh=dh)
+                               key=key, keyid=keyid, dh=dh,
+                               expandedContext=expandedContext)
     if rs < 2:
         raise Exception(u"Record size too small")
     rs += 16 # account for tags
@@ -104,7 +105,7 @@ def decryptRecord(key, nonce, counter, buffer):
         counter += 1
     return result
 
-def encrypt(buffer, salt, key=None, keyid=None, dh=None, rs=4096):
+def encrypt(buffer, salt, key=None, keyid=None, dh=None, rs=4096, expandedContext=b""):
     def encryptRecord(key, nonce, counter, buffer):
         encryptor = Cipher(
             algorithms.AES(key),
@@ -116,7 +117,8 @@ def encryptRecord(key, nonce, counter, buffer):
         return data
 
     (key_, nonce_) = deriveKey(mode="encrypt", salt=salt,
-                               key=key, keyid=keyid, dh=dh)
+                               key=key, keyid=keyid, dh=dh,
+                               expandedContext=expandedContext)
     if rs < 2:
         raise Exception(u"Record size too small")
     rs -= 1 # account for padding

python/test.py

@@ -33,13 +33,15 @@ def encryptDecrypt(length, encryptParams, decryptParams=None):
                             key=encryptParams.get("key"),
                             keyid=encryptParams.get("keyid"),
                             dh=encryptParams.get("dh"),
-                            rs=encryptParams.get("rs"))
+                            rs=encryptParams.get("rs"),
+                            expandedContext=encryptParams.get("expandedContext", b""))
     log("Encrypted: " + b64e(encrypted))
     decrypted = ece.decrypt(encrypted, salt=decryptParams.get("salt"),
                             key=decryptParams.get("key"),
                             keyid=decryptParams.get("keyid"),
                             dh=decryptParams.get("dh"),
-                            rs=decryptParams.get("rs"))
+                            rs=decryptParams.get("rs"),
+                            expandedContext=decryptParams.get("expandedContext", b""))
     log("Decrypted: " + b64e(decrypted))
     assert input == decrypted
     log("----- OK");
@@ -54,6 +56,19 @@ def useExplicitKey():
     encryptDecrypt(rlen() + 1, params)
 
 
+def expandedContext():
+    params = {
+        "key": os.urandom(16),
+        "salt": os.urandom(16),
+        "rs": rlen() + 1,
+        "expandedContext": os.urandom(10)
+    }
+    log("Key: " + b64e(params["key"]))
+    log("Context: " + b64e(params["expandedContext"]))
+    encryptDecrypt(rlen() + 1, params)
+
+
+
 def exactlyOneRecord():
     length = min(rlen(), maxLen)
     params = {
@@ -135,6 +150,7 @@ def isUncompressed(k):
 if __name__ == "__main__":
     for i in list(range(0,count)):
         useExplicitKey()
+        expandedContext()
         exactlyOneRecord()
         detectTruncation()
         useKeyId()