X Tutup
Skip to content

crypto: refactor WebCrypto AEAD algorithms auth tag handling#62169

Open
panva wants to merge 2 commits intonodejs:mainfrom
panva:refact-aes-webcrypto
Open

crypto: refactor WebCrypto AEAD algorithms auth tag handling#62169
panva wants to merge 2 commits intonodejs:mainfrom
panva:refact-aes-webcrypto

Conversation

@panva
Copy link
Member

@panva panva commented Mar 9, 2026
edited
Loading

Previously JS would split the auth tag from the ciphertext before passing both to the *Job for AEAD decryption. Now the full data is passed to C++, which handles the split and validation internally.

Applies to AES-GCM, AES-OCB, and ChaCha20-Poly1305.

This also fixes an edge case where if ciphertext is, or is backed by, a detached arraybuffer the spec tells us to treat it as an empty byte sequence. Before we would TypeError on trying to slice it, now we correctly OperationError after C++ handles the ByteSource copy per spec.

@panva panva added crypto Issues and PRs related to the crypto subsystem. webcrypto labels Mar 9, 2026
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 9, 2026

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Mar 9, 2026
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@codecov
Copy link

codecov bot commented Mar 9, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 75.60976% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.67%. Comparing base (3725bd2) to head (8bf2ce4).
⚠️ Report is 20 commits behind head on main.

Files with missing lines Patch % Lines
src/crypto/crypto_aes.cc 61.90% 4 Missing and 4 partials ⚠️
src/crypto/crypto_chacha20_poly1305.cc 83.33% 0 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #62169      +/-   ##
==========================================
+ Coverage   89.65%   89.67%   +0.01%     
==========================================
  Files         676      676              
  Lines      206543   206420     -123     
  Branches    39547    39510      -37     
==========================================
- Hits       185184   185102      -82     
+ Misses      13480    13463      -17     
+ Partials     7879     7855      -24
Files with missing lines Coverage Δ
lib/internal/crypto/aes.js 88.14% <100.00%> (-0.33%) ⬇️
lib/internal/crypto/chacha20_poly1305.js 93.97% <100.00%> (+0.19%) ⬆️
src/crypto/crypto_aes.h 33.33% <ø> (ø)
src/crypto/crypto_chacha20_poly1305.h 33.33% <ø> (ø)
src/crypto/crypto_chacha20_poly1305.cc 58.13% <83.33%> (+8.13%) ⬆️
src/crypto/crypto_aes.cc 53.47% <61.90%> (+2.14%) ⬆️

... and 33 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
anonrig
anonrig approved these changes Mar 10, 2026
View reviewed changes
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@panva panva mentioned this pull request Mar 10, 2026
Open
@panva panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Mar 10, 2026
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 10, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/71672/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anonrig anonrig anonrig approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. webcrypto

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@panva @nodejs-github-bot @anonrig
X Tutup