fix(ext/crypto): enforce 128bits tagLength for AES-GCM decryption (#13536)

author: Divy Srivastava <dj.srivastava23@gmail.com> 2022-01-30 18:42:29 +0530
committer: GitHub <noreply@github.com> 2022-01-30 18:42:29 +0530
commit: efa02ffa2a1b5ff76c9b6ba440e69b68b01f8d7f (patch)
tree: 537f9206cb163a20ead5d8f938f77cdf678c680f /ext/crypto/decrypt.rs
parent: a2e4fa471ba3366f7e05bbad59b247e7825b832c (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/crypto/decrypt.rs b/ext/crypto/decrypt.rs
index 9f1157608..40dd3a5b5 100644
--- a/ext/crypto/decrypt.rs
+++ b/ext/crypto/decrypt.rs
@@ -295,10 +295,19 @@ fn decrypt_aes_gcm(
     return Err(type_error("iv length not equal to 12"));
   }
 
+  // The `aes_gcm` crate only supports 128 bits tag length.
+  //
+  // Note that encryption won't fail, it instead truncates the tag
+  // to the specified tag length as specified in the spec.
+  if tag_length != 128 {
+    return Err(type_error("tag length not equal to 128"));
+  }
+
   let nonce = Nonce::from_slice(&iv);
 
   let sep = data.len() - (tag_length / 8);
   let tag = &data[sep..];
+
   // The actual ciphertext, called plaintext because it is reused in place.
   let mut plaintext = data[..sep].to_vec();
   match length {
author	Divy Srivastava <dj.srivastava23@gmail.com>	2022-01-30 18:42:29 +0530
committer	GitHub <noreply@github.com>	2022-01-30 18:42:29 +0530
commit	efa02ffa2a1b5ff76c9b6ba440e69b68b01f8d7f (patch)
tree	537f9206cb163a20ead5d8f938f77cdf678c680f /ext/crypto/decrypt.rs
parent	a2e4fa471ba3366f7e05bbad59b247e7825b832c (diff)