AES256GCM missing in libsodium.js

[stnmtz]

Hi there,

we would love to see AES256GCM support in libsodium.js. We've added some AES256 wrappers for libsodium.js by ourselves, but we're stuck because it seems libsodium for emscription does not return the respective symbols. It seems the emscripten-symbols.def of libsodium disable the generation due to:

_crypto_aead_aes256gcm_abytes 0 0
_crypto_aead_aes256gcm_beforenm 0 0
_crypto_aead_aes256gcm_decrypt 0 0
_crypto_aead_aes256gcm_decrypt_afternm 0 0
_crypto_aead_aes256gcm_decrypt_detached 0 0
_crypto_aead_aes256gcm_decrypt_detached_afternm 0 0
_crypto_aead_aes256gcm_encrypt 0 0
_crypto_aead_aes256gcm_encrypt_afternm 0 0
_crypto_aead_aes256gcm_encrypt_detached 0 0
_crypto_aead_aes256gcm_encrypt_detached_afternm 0 0
_crypto_aead_aes256gcm_is_available 0 0
_crypto_aead_aes256gcm_keybytes 0 0
_crypto_aead_aes256gcm_keygen 0 0
_crypto_aead_aes256gcm_messagebytes_max 0 0
_crypto_aead_aes256gcm_npubbytes 0 0
_crypto_aead_aes256gcm_nsecbytes 0 0
_crypto_aead_aes256gcm_statebytes 0 0

• Why are those aes256gcm functions disabled in the emscripten-symbols.def file? Would it be possible to enable them or is there a bigger issue related to aes256gcm in emscripten?
• Even if AES256GCM support is not enabled in libsodium.js, the crypto_aead_aes256gcm_is_available should at least be available, returning a hardcoded false. So that the possibility of using AES256GCM can be checked, correct?

Cheers

[jedisct1]

According to the documentation, AES-GCM is not and will not be available on platforms that don't provide hardware AES support. So, it will never be the case on JavaScript.

But _crypto_aead_aes256gcm_is_available can indeed be added, even if it will always return 0.

[jedisct1]

_crypto_aead_aes256gcm_is_available has been added!

[stnmtz]

According to the documentation, AES-GCM is not and will not be available on platforms that don't provide hardware AES support.

I guessed so for libsodium.js, but was hoping that libsodium.js might reach the underlying JS runtime with a possible support (like webcrypto). Additionally, I didn't find any docs which of the libsodium interfaces are missing in libsodium.js. The emscripten-symbols.def seems to do the trick, once you know where you need to look :)

So, it will never be the case on JavaScript.

Would you be open for a contribution that libsodium.js wrappers call the JS runtime's implementation of AES256GCM (e.g. webcrypto) as a fallback? It feels kind of hacky and I hate switching the XChaCha ciphers to an old AES algorithm, but official recommendations in Germany state AES256 as the ONLY recommended symmetric cipher :( (02.02.24, Page 42, https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=10)

On a side note: Is there any link between libsodium.js version and the corresponding libsodium version?

[jedisct1]

Hi Thomas,

The functions available in libsodium.js are defined in this directory, with one JSON file per function.

Would you be open for a contribution that libsodium.js wrappers call the JS runtime's implementation of AES256GCM (e.g. webcrypto) as a fallback?

Some non-browser JavaScript runtimes don't support WebCrypto, so that has to be checked, but why not. It can probably be implemented directly in JSON files. The _beforenm_ functions will require storing a copy of the secret key, but that should be doable.

On a side note: Is there any link between libsodium.js version and the corresponding libsodium version?

Not really, because libsodium.js doesn't expose all the libsodium features, so its version gets bumped up whenever the JavaScript wrappers themselves do something new or differently.