Skip to content

crypto: refactor WebCrypto AEAD algorithms auth tag handling#62169

Open
panva wants to merge 1 commit intonodejs:mainfrom
panva:refact-aes-webcrypto
Open

crypto: refactor WebCrypto AEAD algorithms auth tag handling#62169
panva wants to merge 1 commit intonodejs:mainfrom
panva:refact-aes-webcrypto

Conversation

@panva
Copy link
Member

@panva panva commented Mar 9, 2026
edited
Loading

Previously JS would split the auth tag from the ciphertext before passing both to the *Job for AEAD decryption. Now the full data is passed to C++, which handles the split and validation internally.

Applies to AES-GCM, AES-OCB, and ChaCha20-Poly1305.

This also fixes an edge case where if ciphertext is, or is backed by, a detached arraybuffer the spec tells us to treat it as an empty byte sequence. Before we would TypeError on trying to slice it, now we correctly OperationError after C++ handles the ByteSource copy per spec.

@panva panva added crypto Issues and PRs related to the crypto subsystem. webcrypto labels Mar 9, 2026
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 9, 2026

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Mar 9, 2026
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@codecov
Copy link

codecov bot commented Mar 9, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 75.60976% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.67%. Comparing base (3725bd2) to head (f26a933).
⚠️ Report is 10 commits behind head on main.

Files with missing lines Patch % Lines
src/crypto/crypto_aes.cc 61.90% 4 Missing and 4 partials ⚠️
src/crypto/crypto_chacha20_poly1305.cc 83.33% 0 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #62169      +/-   ##
==========================================
+ Coverage   89.65%   89.67%   +0.01%     
==========================================
  Files         676      676              
  Lines      206543   206409     -134     
  Branches    39547    39520      -27     
==========================================
- Hits       185184   185091      -93     
+ Misses      13480    13473       -7     
+ Partials     7879     7845      -34
Files with missing lines Coverage Δ
lib/internal/crypto/aes.js 88.06% <100.00%> (-0.40%) ⬇️
lib/internal/crypto/chacha20_poly1305.js 92.77% <100.00%> (-1.02%) ⬇️
src/crypto/crypto_aes.h 33.33% <ø> (ø)
src/crypto/crypto_chacha20_poly1305.h 33.33% <ø> (ø)
src/crypto/crypto_chacha20_poly1305.cc 58.13% <83.33%> (+8.13%) ⬆️
src/crypto/crypto_aes.cc 53.47% <61.90%> (+2.14%) ⬆️

... and 48 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 9, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/71641/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. webcrypto

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@panva @nodejs-github-bot