SIV Doesnt work on Node, because of overwrite of slice Function in Node Buffer Impl

Question

SIV Doesnt work on Node, because of overwrite of slice Function in Node Buffer Impl

jojoa opened this issue a year ago · 2 comments

Hi, as the Node Buffer Implenetation .slice doesnt copy the array but just returns a new reference to same memory space the SIV decrypt breaks, when you give a Node Buffer to the decrypt func, as the tag(last byte and the first with the counter) will be altered by the decryption logic, and the the byte compare fails. It can be solved by using the Uint8 Array Function directly in the aes logic on line 46 as Uint8Array.prototype.slice.call(tag). If you want i could open a PR for fix in the next Days

Answer 1 · 2023-08-11T09:59:21.000Z

We only support Uint8Array-s because of reasons like that. If you're using Buffer, you're doing it wrong. Convert buffer to u8a first: Uint8Array.from(buffer). Buffers are not cross-platform-compatible, there are no buffers in web.

Answer 2 · 2023-08-11T10:48:24.000Z

In fact, by using Buffer, you may be having some security issues. For example, if you store private key in a buffer, it's likely globally accessible to all node.js functions through global buffer.