fix: sealed box works

holtwick · holtwick · commit e811d598112c · 2024-12-28T18:56:48.000+01:00
diff --git a/src/common/crypto/aes-sealed.spec.ts b/src/common/crypto/aes-sealed.spec.ts
@@ -53,12 +53,12 @@ describe('aes Encryption and Decryption', () => {
     const dataFromKey = await crypto.subtle.exportKey('raw', key)
     expect(toBase64(dataFromKey)).toMatchInlineSnapshot(`"UDl7buu/Zn/UxCIEp55MOTOKcDHvb959P+eyozok7BA="`)
 
-    const sample = new Uint8Array([9, 8, 7, 6, 5, 4, 3, 2, 1, 0])
-    // const encryptedData = await hxEncrypt(sample, key)
-    // expect(toBase64(encryptedData)).toMatchInlineSnapshot(
-    //   `"WbwhO/CaS3W4VxiIIG3Zs4WdEa08CzEFgaQLs0TrRDejZ/8G0yu0S1JIV+3bn79O7SeyCfI0"`,
-    // )
+    // Two ways
+    // const sample = new Uint8Array([9, 8, 7, 6, 5, 4, 3, 2, 1, 0])
+    // const encryptedData2 = await hxEncrypt(sample, key)
+    // expect(toBase64(encryptedData2)).toMatchInlineSnapshot(`"Eo7AexzlYXmV8gEZUE1ai68ZetTwfh8KSQ6kKffhvHAOemZ4C1c="`)
 
+    // From Swift sample
     const encryptedData = fromBase64('AQIDBAUGBwgJCgsMqZ0hGHIvSPG5x0d12q42zezDEJVu8Ic3yB4=')
     const decryptedData = await hxDecrypt(encryptedData, key)
     expect(decryptedData).toMatchInlineSnapshot(`
diff --git a/src/common/crypto/aes-sealed.ts b/src/common/crypto/aes-sealed.ts
@@ -1,41 +1,34 @@
-export async function hxEncrypt(data: Uint8Array, key: CryptoKey, tag?: Uint8Array): Promise<Uint8Array> {
-  const iv = crypto.getRandomValues(new Uint8Array(12)) // AES-GCM requires a 12-byte IV
-  if (!tag) {
-    tag = crypto.getRandomValues(new Uint8Array(16))
-  }
+const tagLength = 128
+const authenticating_default = new Uint8Array()
 
+export async function hxEncrypt(data: Uint8Array, key: CryptoKey, authenticating: Uint8Array = authenticating_default): Promise<Uint8Array> {
+  const iv = crypto.getRandomValues(new Uint8Array(12)) // AES-GCM requires a 12-byte IV
   const encrypted = await crypto.subtle.encrypt(
     {
       name: 'AES-GCM',
       iv,
-      tagLength: 128,
-      additionalData: tag,
+      tagLength,
+      additionalData: authenticating,
     },
     key,
     data,
   )
 
   const encryptedArray = new Uint8Array(encrypted)
-  const combined = new Uint8Array(iv.length + encryptedArray.length + tag.length)
+  const combined = new Uint8Array(iv.length + encryptedArray.length)
   combined.set(iv)
   combined.set(encryptedArray, iv.length)
-  combined.set(tag, encryptedArray.length + iv.length)
   return combined
 }
 
-export async function hxDecrypt(data: Uint8Array, key: CryptoKey): Promise<Uint8Array> {
-  //  The data layout of the combined representation is nonce, ciphertext, then tag.
-  //  The nonce is 12 bytes, the tag is 16 bytes, and the ciphertext is the rest of the data.
+export async function hxDecrypt(data: Uint8Array, key: CryptoKey, authenticating: Uint8Array = authenticating_default): Promise<Uint8Array> {
   const iv = data.slice(0, 12) // nonce is the first 12 bytes
-  const encrypted = data.slice(12) // The ciphertext is everything between the nonce and the tag.
-  // const tag = data.slice(-16) // The authentication tag has a length of 16 bytes.
-  console.log({ iv, encrypted, data })
-
+  const encrypted = data.slice(12) // ciphertext and tag of 128 bits
   const decrypted = await crypto.subtle.decrypt({
     name: 'AES-GCM',
     iv,
-    // tagLength: 32, // tag.length * 8,
-    additionalData: new Uint8Array(),
+    tagLength,
+    additionalData: authenticating,
   }, key, encrypted)
   return new Uint8Array(decrypted)
 }
