diff --git a/.changeset/nervous-cooks-promise.md b/.changeset/nervous-cooks-promise.md new file mode 100644 index 000000000..f5a0c1317 --- /dev/null +++ b/.changeset/nervous-cooks-promise.md @@ -0,0 +1,5 @@ +--- +'@lagon/runtime': patch +--- + +AES-GCM uses 16 bytes iv instead of 12 bytes previously diff --git a/Cargo.lock b/Cargo.lock index e1cb890a1..aba8ede55 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1376,6 +1376,7 @@ dependencies = [ name = "lagon-runtime" version = "0.1.0" dependencies = [ + "aes", "aes-gcm", "anyhow", "flume", diff --git a/packages/runtime/Cargo.toml b/packages/runtime/Cargo.toml index 1792b1511..1ef312fca 100644 --- a/packages/runtime/Cargo.toml +++ b/packages/runtime/Cargo.toml @@ -20,6 +20,7 @@ lazy_static = "1.4.0" hmac = "0.12.1" sha1 = "0.10.5" sha2 = "0.10.6" +aes = "0.8.2" aes-gcm = "0.10.1" [dev-dependencies] diff --git a/packages/runtime/src/crypto.rs b/packages/runtime/src/crypto.rs index a0ac6648a..5f3b2ad9e 100644 --- a/packages/runtime/src/crypto.rs +++ b/packages/runtime/src/crypto.rs @@ -1,3 +1,5 @@ +use aes::{cipher::typenum::U16, Aes256}; +use aes_gcm::AesGcm; use anyhow::{anyhow, Result}; use hmac::Hmac; use sha2::{Sha256, Sha384, Sha512}; @@ -7,6 +9,7 @@ use crate::utils::{extract_v8_string, extract_v8_uint8array, v8_string}; pub type HmacSha256 = Hmac; pub type HmacSha384 = Hmac; pub type HmacSha512 = Hmac; +pub type Aes256Gcm = AesGcm; pub enum Sha { Sha256, diff --git a/packages/runtime/src/isolate/bindings/crypto/decrypt.rs b/packages/runtime/src/isolate/bindings/crypto/decrypt.rs index 9a89413a4..c518a61e2 100644 --- a/packages/runtime/src/isolate/bindings/crypto/decrypt.rs +++ b/packages/runtime/src/isolate/bindings/crypto/decrypt.rs @@ -1,10 +1,9 @@ use crate::{ - crypto::{extract_algorithm_object, extract_cryptokey_key_value, Algorithm}, + crypto::{extract_algorithm_object, extract_cryptokey_key_value, Aes256Gcm, Algorithm}, isolate::bindings::{BindingResult, PromiseResult}, utils::extract_v8_uint8array, }; -use aes_gcm::{aead::Aead, Aes256Gcm}; -use aes_gcm::{KeyInit, Nonce}; +use aes_gcm::{aead::Aead, KeyInit, Nonce}; use anyhow::Result; type Arg = (Algorithm, Vec, Vec); diff --git a/packages/runtime/src/isolate/bindings/crypto/encrypt.rs b/packages/runtime/src/isolate/bindings/crypto/encrypt.rs index 74173f182..699b8a6e8 100644 --- a/packages/runtime/src/isolate/bindings/crypto/encrypt.rs +++ b/packages/runtime/src/isolate/bindings/crypto/encrypt.rs @@ -1,9 +1,9 @@ use crate::{ - crypto::{extract_algorithm_object, extract_cryptokey_key_value, Algorithm}, + crypto::{extract_algorithm_object, extract_cryptokey_key_value, Aes256Gcm, Algorithm}, isolate::bindings::{BindingResult, PromiseResult}, utils::extract_v8_uint8array, }; -use aes_gcm::{aead::Aead, Aes256Gcm}; +use aes_gcm::aead::Aead; use aes_gcm::{KeyInit, Nonce}; use anyhow::Result; diff --git a/packages/runtime/src/isolate/bindings/crypto/random_values.rs b/packages/runtime/src/isolate/bindings/crypto/random_values.rs index b301a8123..1a7e3ea60 100644 --- a/packages/runtime/src/isolate/bindings/crypto/random_values.rs +++ b/packages/runtime/src/isolate/bindings/crypto/random_values.rs @@ -15,7 +15,6 @@ pub fn random_values_binding( buf[i] = rand::random(); } - dbg!(&buf); let result = v8_uint8array(scope, buf); retval.set(result.into()); diff --git a/packages/runtime/tests/crypto.rs b/packages/runtime/tests/crypto.rs index 44069fc24..a746d2a07 100644 --- a/packages/runtime/tests/crypto.rs +++ b/packages/runtime/tests/crypto.rs @@ -255,7 +255,7 @@ async fn crypto_encrypt() { ['sign'], ); - const iv = crypto.getRandomValues(new Uint8Array(12)); + const iv = crypto.getRandomValues(new Uint8Array(16)); const ciphertext = await crypto.subtle.encrypt( { name: 'AES-GCM', iv }, key, @@ -288,7 +288,7 @@ async fn crypto_decrypt() { ['sign'], ); - const iv = crypto.getRandomValues(new Uint8Array(12)); + const iv = crypto.getRandomValues(new Uint8Array(16)); const ciphertext = await crypto.subtle.encrypt( { name: 'AES-GCM', iv }, key,