diff options
| author | Divy Srivastava <dj.srivastava23@gmail.com> | 2022-01-30 18:42:29 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-30 18:42:29 +0530 |
| commit | efa02ffa2a1b5ff76c9b6ba440e69b68b01f8d7f (patch) | |
| tree | 537f9206cb163a20ead5d8f938f77cdf678c680f /ext | |
| parent | a2e4fa471ba3366f7e05bbad59b247e7825b832c (diff) | |
fix(ext/crypto): enforce 128bits tagLength for AES-GCM decryption (#13536)
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/crypto/decrypt.rs | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/crypto/decrypt.rs b/ext/crypto/decrypt.rs index 9f1157608..40dd3a5b5 100644 --- a/ext/crypto/decrypt.rs +++ b/ext/crypto/decrypt.rs @@ -295,10 +295,19 @@ fn decrypt_aes_gcm( return Err(type_error("iv length not equal to 12")); } + // The `aes_gcm` crate only supports 128 bits tag length. + // + // Note that encryption won't fail, it instead truncates the tag + // to the specified tag length as specified in the spec. + if tag_length != 128 { + return Err(type_error("tag length not equal to 128")); + } + let nonce = Nonce::from_slice(&iv); let sep = data.len() - (tag_length / 8); let tag = &data[sep..]; + // The actual ciphertext, called plaintext because it is reused in place. let mut plaintext = data[..sep].to_vec(); match length { |