IV Size Mismatch in AES-256-GCM Encryption Between Node.js and Rust #653
Comments
|
You haven't provided any code, but are likely using the https://docs.rs/aes-gcm/latest/aes_gcm/type.Aes256Gcm.html pub type Aes256Gcm = AesGcm<Aes256, U12>;The second Unlike Node.js, this information is encoded in the type system, which prevents runtime errors around bad nonce sizes. If you want to use 16-byte (256-bit) nonces, you need to make a new type alias. use aes_gcm::aead::generic_array::typenum::U16;
use aes_gcm::aes::Aes256;
pub type Aes256GcmWith16ByteNonce = aes_gcm::AesGcm<Aes256, U16>;Note that any nonce size other than 12-bytes carries some security risk: the larger nonce is run through GHASH first, which increases the risk of a collision and nonce reuse. You should always use a 12-byte nonce with AES-GCM unless you are trying to interoperate with a protocol which made the mistake of choosing a different size. |
|
// Step 6: Convert IV to Nonce type // Function to convert the IV to Nonce assertion when the Nonce::from_slice is executed above error is generated |
|
Have you read your own code? You convert an array containing 16 bytes ( |
I am working with AES-256-GCM encryption in both Node.js and Rust using the aes_gcm library, but I am encountering an issue with the IV (Initialization Vector). When I use a 16-byte IV in Node.js with the crypto module, both encryption and decryption work fine. However, when I encrypt data in Node.js with a 16-byte IV and try to decrypt it in Rust, the Rust AES crate does not support a 16-byte IV. It only supports a 12-byte IV.
assertion left == right failed
left: 16*
right: 12*
Note: I can run with the RUST_BACKTRACE=1 environment variable to display a backtrace.
What is the reason behind this, and what would be the best solution to resolve this issue?
The text was updated successfully, but these errors were encountered: