fix(runtime): use 16 bytes iv for AES-GCM (#411)

lagonapp · Dec 25, 2022 · b0cfd82 · b0cfd82
1 parent a5459f6
commit b0cfd82
Show file tree

Hide file tree

Showing 8 changed files with 16 additions and 8 deletions.
diff --git a/.changeset/nervous-cooks-promise.md b/.changeset/nervous-cooks-promise.md
@@ -0,0 +1,5 @@
+---
+'@lagon/runtime': patch
+---
+
+AES-GCM uses 16 bytes iv instead of 12 bytes previously
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/packages/runtime/Cargo.toml b/packages/runtime/Cargo.toml
@@ -20,6 +20,7 @@ lazy_static = "1.4.0"
 hmac = "0.12.1"
 sha1 = "0.10.5"
 sha2 = "0.10.6"
+aes = "0.8.2"
 aes-gcm = "0.10.1"
 
 [dev-dependencies]

diff --git a/packages/runtime/src/crypto.rs b/packages/runtime/src/crypto.rs
@@ -1,3 +1,5 @@
+use aes::{cipher::typenum::U16, Aes256};
+use aes_gcm::AesGcm;
 use anyhow::{anyhow, Result};
 use hmac::Hmac;
 use sha2::{Sha256, Sha384, Sha512};
@@ -7,6 +9,7 @@ use crate::utils::{extract_v8_string, extract_v8_uint8array, v8_string};
 pub type HmacSha256 = Hmac<Sha256>;
 pub type HmacSha384 = Hmac<Sha384>;
 pub type HmacSha512 = Hmac<Sha512>;
+pub type Aes256Gcm = AesGcm<Aes256, U16>;
 
 pub enum Sha {
     Sha256,

diff --git a/packages/runtime/src/isolate/bindings/crypto/decrypt.rs b/packages/runtime/src/isolate/bindings/crypto/decrypt.rs
@@ -1,10 +1,9 @@
 use crate::{
-    crypto::{extract_algorithm_object, extract_cryptokey_key_value, Algorithm},
+    crypto::{extract_algorithm_object, extract_cryptokey_key_value, Aes256Gcm, Algorithm},
     isolate::bindings::{BindingResult, PromiseResult},
     utils::extract_v8_uint8array,
 };
-use aes_gcm::{aead::Aead, Aes256Gcm};
-use aes_gcm::{KeyInit, Nonce};
+use aes_gcm::{aead::Aead, KeyInit, Nonce};
 use anyhow::Result;
 
 type Arg = (Algorithm, Vec<u8>, Vec<u8>);

diff --git a/packages/runtime/src/isolate/bindings/crypto/encrypt.rs b/packages/runtime/src/isolate/bindings/crypto/encrypt.rs
@@ -1,9 +1,9 @@
 use crate::{
-    crypto::{extract_algorithm_object, extract_cryptokey_key_value, Algorithm},
+    crypto::{extract_algorithm_object, extract_cryptokey_key_value, Aes256Gcm, Algorithm},
     isolate::bindings::{BindingResult, PromiseResult},
     utils::extract_v8_uint8array,
 };
-use aes_gcm::{aead::Aead, Aes256Gcm};
+use aes_gcm::aead::Aead;
 use aes_gcm::{KeyInit, Nonce};
 use anyhow::Result;
 

diff --git a/packages/runtime/src/isolate/bindings/crypto/random_values.rs b/packages/runtime/src/isolate/bindings/crypto/random_values.rs
@@ -15,7 +15,6 @@ pub fn random_values_binding(
         buf[i] = rand::random();
     }
 
-    dbg!(&buf);
     let result = v8_uint8array(scope, buf);
 
     retval.set(result.into());

diff --git a/packages/runtime/tests/crypto.rs b/packages/runtime/tests/crypto.rs
@@ -255,7 +255,7 @@ async fn crypto_encrypt() {
         ['sign'],
     );
 
-    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const iv = crypto.getRandomValues(new Uint8Array(16));
     const ciphertext = await crypto.subtle.encrypt(
         { name: 'AES-GCM', iv },
         key,
@@ -288,7 +288,7 @@ async fn crypto_decrypt() {
         ['sign'],
     );
 
-    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const iv = crypto.getRandomValues(new Uint8Array(16));
     const ciphertext = await crypto.subtle.encrypt(
         { name: 'AES-GCM', iv },
         key,