feat!: switch to AES-GCM with 96-bit IV, and 96-bit tag

README.md

@@ -19,7 +19,7 @@ Because you don't have to be an expert to _use_ cryptography!
 
 ## Example
 
-Encrypt and Decrypt with AES-CBC.
+Encrypt and Decrypt with AES-GCM.
 
 ```js
 let Cipher = require("@root/cipher");
@@ -179,10 +179,12 @@ The _Initialization Vector_ (_IV_) is a _salt_ that prevents known-plaintext
 attacks - meaning that if you encrypt the same message with the same key twice,
 you get a different encrypted output.
 
-The first 16-bytes are for the _IV_. \
-The following bytes are the data. \
+The first 12-bytes (96-bits) are for the _IV_. The following bytes are the data
+and the _Tag_.
+
 If the data is somehow corrupted or truncated, but the first bytes are intact,
-the IV can be used to restore the first partial data.
+it may be possible to use the IV to restore some of the partial data (though
+_Tag_ verification will likely fail).
 
 # LICENSE
 

cipher.js

@@ -4,7 +4,8 @@ let Cipher = module.exports;
 
 let Crypto = globalThis.crypto;
 
-const IV_SIZE = 16;
+const IV_SIZE = 12;
+const TAG_SIZE = 12;
 
 let decoder = new TextDecoder();
 let encoder = new TextEncoder();
@@ -19,7 +20,11 @@ Cipher.create = function (sharedSecret) {
   const NON_EXTRACTABLE = false;
   /** @type {"raw"}*/
   let keyFormat = "raw";
-  let algoOpts = { name: "AES-CBC" };
+  let algoOpts = {
+    name: "AES-GCM",
+    tagLength: TAG_SIZE * 8,
+    // additionalData: null,
+  };
   /** @type {Array<"encrypt" | "decrypt" | "sign" | "verify">} */
   let keyUsages = ["encrypt", "decrypt"];
   /** @type {CryptoKey} */

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@root/cipher",
   "version": "0.1.0",
-  "description": "A simple AES-CBC 128-bit cipher codec (for encrypting and decrypting)",
+  "description": "A simple AES-GCM cipher codec (for encrypting and decrypting)",
   "main": "cipher.js",
   "files": [
       "cipher.js"
@@ -24,8 +24,10 @@
   },
   "keywords": [
     "aes",
-    "cbc",
+    "gcm",
     "128-bit",
+    "192-bit",
+    "256-bit",
     "cipher"
   ],
   "author": "AJ ONeal <aj@therootcompany.com> (https://therootcompany.com/)",

tests/webcrypto.js

@@ -16,12 +16,11 @@ async function test() {
       0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x90, 0xa0, 0xb0,
       0xc0, 0xd0, 0xe0, 0xf0,
     ]);
-    let iv128 = new Uint8Array([
+    let iv96 = new Uint8Array([
       0x01, 0x00, 0x90, 0xa0, 0x05, 0x06, 0x07, 0x08, 0xb0, 0xc0, 0xd0, 0x0f,
-      0xe0, 0x02, 0x03, 0x04,
     ]);
-    let exp64 = "AQCQoAUGBwiwwNAP4AIDBLLnH3xgsW4DmAlTqEw3nDI";
-    let enc64 = await testOne(secret128, iv128);
+    let exp64 = "AQCQoAUGBwiwwNAPAEh1XzzWzTxRk1ePbbFmv4fdg3gDHtM";
+    let enc64 = await testOne(secret128, iv96, SHOW);
 
     Assert.equal(enc64, exp64);
   }
@@ -33,13 +32,12 @@ async function test() {
       0xc0, 0xd0, 0xe0, 0xf0, 0x00, 0x90, 0xa0, 0xb0, 0xc0, 0xd0, 0xe0, 0xf0,
       0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
     ]);
-    // iv is always 16 bytes
-    let iv128 = new Uint8Array([
+    // iv is always 12 bytes
+    let iv96 = new Uint8Array([
       0x01, 0x00, 0x90, 0xa0, 0x05, 0x06, 0x07, 0x08, 0xb0, 0xc0, 0xd0, 0x0f,
-      0xe0, 0x02, 0x03, 0x04,
     ]);
-    let exp64 = "AQCQoAUGBwiwwNAP4AIDBAMOdOmrmBWpKmHe8IDqnJU";
-    let enc64 = await testOne(secret256, iv128);
+    let exp64 = "AQCQoAUGBwiwwNAP71XDYYfrZgBi6VUBfuJHhoLG5FL7pPk";
+    let enc64 = await testOne(secret256, iv96, SHOW);
 
     Assert.equal(enc64, exp64);
   }