Skip to content

Raw aes keyrings in a browse not processing zero byte AES-GCM operations. #237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
seebees opened this issue Jan 7, 2020 · 3 comments · Fixed by #239
Closed

Raw aes keyrings in a browse not processing zero byte AES-GCM operations. #237

seebees opened this issue Jan 7, 2020 · 3 comments · Fixed by #239
Assignees
@seebees

Comments

@seebees
Copy link
Contributor

seebees commented Jan 7, 2020

A few browsers, notably Safari (WebKit), do not properly handle zero byte AES-GCM operations.
In this case a fallback is required.
However for raw AES keyrings the master key is not properly handling this case.

Fix the import and use of the master key.
Add tests.

cc @khadir-syed moving the discussion to here to track the work.
@seebees seebees self-assigned this Jan 7, 2020
@khadir-syed
Copy link

@seebees - Thank you for taking this up.

seebees added a commit to seebees/aws-encryption-sdk-javascript that referenced this issue Jan 9, 2020
@seebees
feat: Change to AwsEsdkJsCryptoKey
65c5c2a 
Regarding aws#237, the shape of the CryptoKey
when dealing with a fallback may slightly differ.
By changing all references to AwsEsdkJsCryptoKey
I can control any type mismatch.
seebees added a commit to seebees/aws-encryption-sdk-javascript that referenced this issue Jan 9, 2020
@seebees
fix: WebCrypto API passes the tag with encrypted data.
d318f95 
See: aws#237

Since the WebCrypto decrypt API expects the AES-GCM tag with the encrypted data,
zero bytes of encrypted data is not zero bytes of data.
@seebees seebees mentioned this issue Jan 9, 2020
Merged
1 task
@khadir-syed
Copy link

Hi @seebees - Do we have any further update on this? I have seen some pull request around this, but currently it is in blocked state. It will be helpful, if you can provide some update on this. Thank you for your support.

@seebees
Copy link
Contributor Author

seebees commented Jan 20, 2020

I'm trying to work out the best way to deliver an example.
When I test the code in the PR it works.
I can try and discuss merging the PR without an example,
but there are a few issues with the 1.4.1 version of MSR Crypto.
Delivering code without a clear way to use it feels like passing the buck.
Crypto code is finicky, and I know whatever example I provide people will just copy without fully understanding the dependancy.
Sorry for the delay.

seebees added a commit to seebees/aws-encryption-sdk-javascript that referenced this issue Mar 26, 2020
@seebees
feat: Change to AwsEsdkJsCryptoKey
68e860d 
Regarding aws#237, the shape of the CryptoKey
when dealing with a fallback may slightly differ.
By changing all references to AwsEsdkJsCryptoKey
I can control any type mismatch.
seebees added a commit to seebees/aws-encryption-sdk-javascript that referenced this issue Mar 26, 2020
@seebees
fix: WebCrypto API passes the tag with encrypted data.
e7fe8ab 
See: aws#237

Since the WebCrypto decrypt API expects the AES-GCM tag with the encrypted data,
zero bytes of encrypted data is not zero bytes of data.

fix: Add tests

Add tests to specificly cover the Mixed Backend conditions
and logic.
seebees added a commit that referenced this issue Mar 27, 2020
@seebees
feat: Change to AwsEsdkJsCryptoKey
6b5b6f7 
Regarding #237, the shape of the CryptoKey
when dealing with a fallback may slightly differ.
By changing all references to AwsEsdkJsCryptoKey
I can control any type mismatch.
seebees added a commit that referenced this issue Mar 27, 2020
@seebees
fix: WebCrypto API passes the tag with encrypted data.
aad983f 
See: #237

Since the WebCrypto decrypt API expects the AES-GCM tag with the encrypted data,
zero bytes of encrypted data is not zero bytes of data.

fix: Add tests

Add tests to specificly cover the Mixed Backend conditions
and logic.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seebees seebees

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Zero byte operations seebees/aws-encryption-sdk-javascript
2 participants
@seebees @khadir-syed