fix(sdk-api): add explicit AES-GCM tagLength and clear salt on session destroy

WCN-32: Address PR review feedback:
- Explicitly set tagLength: 128 on AES-GCM encrypt/decrypt calls
- Clear argon2SaltB64 in EncryptionSession.destroy() for consistent cleanup

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: pranavjain97

modules/sdk-api/src/encryptV2.ts

@@ -101,12 +101,16 @@ export function hkdfDeriveAesKey(hkdfKey: CryptoKey, hkdfSalt: Uint8Array, usage
 }
 
 export async function aesGcmEncrypt(key: CryptoKey, iv: Uint8Array, plaintext: string): Promise<Uint8Array> {
-  const ct = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, new TextEncoder().encode(plaintext));
+  const ct = await crypto.subtle.encrypt(
+    { name: 'AES-GCM', iv, tagLength: 128 },
+    key,
+    new TextEncoder().encode(plaintext)
+  );
   return new Uint8Array(ct);
 }
 
 export async function aesGcmDecrypt(key: CryptoKey, iv: Uint8Array, ct: Uint8Array): Promise<string> {
-  const plaintext = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, key, ct);
+  const plaintext = await crypto.subtle.decrypt({ name: 'AES-GCM', iv, tagLength: 128 }, key, ct);
   return new TextDecoder().decode(plaintext);
 }
 

modules/sdk-api/src/encryptionSession.ts

@@ -21,7 +21,7 @@ import {
  */
 export class EncryptionSession {
   private hkdfKey: CryptoKey | null;
-  private readonly argon2SaltB64: string;
+  private argon2SaltB64: string | null;
   private readonly memorySize: number;
   private readonly iterations: number;
   private readonly parallelism: number;
@@ -53,7 +53,7 @@ export class EncryptionSession {
     if (!envelope.hkdfSalt) {
       throw new Error('envelope was not encrypted with a session; use decryptV2 instead');
     }
-    if (envelope.salt !== this.argon2SaltB64) {
+    if (envelope.salt !== this.getSaltOrThrow()) {
       throw new Error('envelope was not encrypted with this session');
     }
     const iv = new Uint8Array(Buffer.from(envelope.iv, 'base64'));
@@ -65,22 +65,30 @@ export class EncryptionSession {
 
   destroy(): void {
     this.hkdfKey = null;
+    this.argon2SaltB64 = null;
   }
 
   private getKeyOrThrow(): CryptoKey {
-    if (this.hkdfKey === null) {
+    if (this.hkdfKey === null || this.argon2SaltB64 === null) {
       throw new Error('EncryptionSession has been destroyed');
     }
     return this.hkdfKey;
   }
 
+  private getSaltOrThrow(): string {
+    if (this.argon2SaltB64 === null) {
+      throw new Error('EncryptionSession has been destroyed');
+    }
+    return this.argon2SaltB64;
+  }
+
   private buildEnvelope(hkdfSalt: Uint8Array, iv: Uint8Array, ct: Uint8Array): V2Envelope {
     return {
       v: 2,
       m: this.memorySize,
       t: this.iterations,
       p: this.parallelism,
-      salt: this.argon2SaltB64,
+      salt: this.getSaltOrThrow(),
       hkdfSalt: Buffer.from(hkdfSalt).toString('base64'),
       iv: Buffer.from(iv).toString('base64'),
       ct: Buffer.from(ct).toString('base64'),