Skip to content

Commit 56a6f6d

Browse files
randombitrandombit
authored
chore: Prefer using named constants instead of integer literals (#146)
1 parent 2c6f239 commit 56a6f6d

File tree

2 files changed

+10
-6
lines changed
  • backend/rs/ic_vetkeys/src/utils
  • frontend/ic_vetkeys/src/utils

2 files changed

+10
-6
lines changed

backend/rs/ic_vetkeys/src/utils/mod.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -605,7 +605,7 @@ impl IbeCiphertext {
605605

606606
let domain_sep = IbeDomainSep::MaskMsg(msg.len());
607607

608-
let shake_seed = derive_symmetric_key(seed, &domain_sep.to_string(), 32);
608+
let shake_seed = derive_symmetric_key(seed, &domain_sep.to_string(), IBE_SEED_BYTES);
609609

610610
let mut mask = derive_ibe_ctext_mask(&shake_seed, msg.len());
611611

frontend/ic_vetkeys/src/utils/utils.ts

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -445,6 +445,9 @@ export class VetKey {
445445
}
446446
}
447447

448+
// The size of the nonce used for encryption by DerivedKeyMaterial
449+
const DerivedKeyMaterialNonceLength = 12;
450+
448451
export class DerivedKeyMaterial {
449452
readonly #hkdf: CryptoKey;
450453

@@ -523,7 +526,9 @@ export class DerivedKeyMaterial {
523526
const gcmKey = await this.deriveAesGcmCryptoKey(domainSep);
524527

525528
// The nonce must never be reused with a given key
526-
const nonce = globalThis.crypto.getRandomValues(new Uint8Array(12));
529+
const nonce = globalThis.crypto.getRandomValues(
530+
new Uint8Array(DerivedKeyMaterialNonceLength),
531+
);
527532

528533
const ciphertext = new Uint8Array(
529534
await globalThis.crypto.subtle.encrypt(
@@ -546,17 +551,16 @@ export class DerivedKeyMaterial {
546551
message: Uint8Array,
547552
domainSep: Uint8Array | string,
548553
): Promise<Uint8Array> {
549-
const NonceLength = 12;
550554
const TagLength = 16;
551555

552-
if (message.length < NonceLength + TagLength) {
556+
if (message.length < DerivedKeyMaterialNonceLength + TagLength) {
553557
throw new Error(
554558
"Invalid ciphertext, too short to possibly be valid",
555559
);
556560
}
557561

558-
const nonce = message.slice(0, NonceLength); // first 12 bytes are the nonce
559-
const ciphertext = message.slice(NonceLength); // remainder GCM ciphertext
562+
const nonce = message.slice(0, DerivedKeyMaterialNonceLength); // first 12 bytes are the nonce
563+
const ciphertext = message.slice(DerivedKeyMaterialNonceLength); // remainder GCM ciphertext
560564

561565
const gcmKey = await this.deriveAesGcmCryptoKey(domainSep);
562566

0 commit comments

Comments
 (0)