From 5efae447a4c3bf2c45c0b6e3ec9165b232bde65b Mon Sep 17 00:00:00 2001 From: Lino Le Van <11367844+lino-levan@users.noreply.github.com> Date: Wed, 27 Dec 2023 12:54:52 +0100 Subject: [PATCH] fix(ext/node): Implement `aes-192-ecb` and `aes-256-ecb` (#21710) --- .../unit_node/crypto/crypto_cipher_test.ts | 18 ++++++ ext/node/ops/crypto/cipher.rs | 58 +++++++++++++++++++ 2 files changed, 76 insertions(+) diff --git a/cli/tests/unit_node/crypto/crypto_cipher_test.ts b/cli/tests/unit_node/crypto/crypto_cipher_test.ts index 52a9b06ec7..9dfcb2eb46 100644 --- a/cli/tests/unit_node/crypto/crypto_cipher_test.ts +++ b/cli/tests/unit_node/crypto/crypto_cipher_test.ts @@ -108,6 +108,16 @@ Deno.test({ "66e94bd4ef8a2c3b884cfa59ca342b2e66e94bd4ef8a2c3b884cfa59ca342b2e66e94bd4ef8a2c3b884cfa59ca342b2e", "baf823258ca2e6994f638daa3515e986", ], + [ + ["aes-192-ecb", 24, 0], + "aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7", + "2e0f33b51bb184654311ead507ea55fc", + ], + [ + ["aes-256-ecb", 32, 0], + "dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087", + "0ac1d7e8655254c6814b46753932df88", + ], ] as const; for ( const [[alg, keyLen, ivLen], expectedUpdate, expectedFinal] of table @@ -168,6 +178,14 @@ Deno.test({ ["aes-128-ecb", 16, 0], "66e94bd4ef8a2c3b884cfa59ca342b2e66e94bd4ef8a2c3b884cfa59ca342b2e66e94bd4ef8a2c3b884cfa59ca342b2e66e94bd4ef8a2c3b884cfa59ca342b2e66e94bd4ef8a2c3b884cfa59ca342b2ec29a917cbaf72fa9bc32129bb0d17663", ], + [ + ["aes-192-ecb", 24, 0], + "aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7ab40eb56b6fc2aacf2e9254685cce891", + ], + [ + ["aes-256-ecb", 32, 0], + "dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a214928420877c45b49560579dd1ffc7ec626de2a968", + ], ] as const; for ( const [[alg, keyLen, ivLen], input] of table diff --git a/ext/node/ops/crypto/cipher.rs b/ext/node/ops/crypto/cipher.rs index 717c127528..26fb551259 100644 --- a/ext/node/ops/crypto/cipher.rs +++ b/ext/node/ops/crypto/cipher.rs @@ -21,6 +21,8 @@ type Aes256Gcm = aead_gcm_stream::AesGcm; enum Cipher { Aes128Cbc(Box>), Aes128Ecb(Box>), + Aes192Ecb(Box>), + Aes256Ecb(Box>), Aes128Gcm(Box), Aes256Gcm(Box), // TODO(kt3k): add more algorithms Aes192Cbc, Aes256Cbc, etc. @@ -29,6 +31,8 @@ enum Cipher { enum Decipher { Aes128Cbc(Box>), Aes128Ecb(Box>), + Aes192Ecb(Box>), + Aes256Ecb(Box>), Aes128Gcm(Box), Aes256Gcm(Box), // TODO(kt3k): add more algorithms Aes192Cbc, Aes256Cbc, Aes128GCM, etc. @@ -121,6 +125,8 @@ impl Cipher { Aes128Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into()))) } "aes-128-ecb" => Aes128Ecb(Box::new(ecb::Encryptor::new(key.into()))), + "aes-192-ecb" => Aes192Ecb(Box::new(ecb::Encryptor::new(key.into()))), + "aes-256-ecb" => Aes256Ecb(Box::new(ecb::Encryptor::new(key.into()))), "aes-128-gcm" => { let mut cipher = aead_gcm_stream::AesGcm::::new(key.into()); @@ -168,6 +174,18 @@ impl Cipher { encryptor.encrypt_block_b2b_mut(input.into(), output.into()); } } + Aes192Ecb(encryptor) => { + assert!(input.len() % 16 == 0); + for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) { + encryptor.encrypt_block_b2b_mut(input.into(), output.into()); + } + } + Aes256Ecb(encryptor) => { + assert!(input.len() % 16 == 0); + for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) { + encryptor.encrypt_block_b2b_mut(input.into(), output.into()); + } + } Aes128Gcm(cipher) => { output[..input.len()].copy_from_slice(input); cipher.encrypt(output); @@ -196,6 +214,18 @@ impl Cipher { .map_err(|_| type_error("Cannot pad the input data"))?; Ok(None) } + Aes192Ecb(encryptor) => { + let _ = (*encryptor) + .encrypt_padded_b2b_mut::(input, output) + .map_err(|_| type_error("Cannot pad the input data"))?; + Ok(None) + } + Aes256Ecb(encryptor) => { + let _ = (*encryptor) + .encrypt_padded_b2b_mut::(input, output) + .map_err(|_| type_error("Cannot pad the input data"))?; + Ok(None) + } Aes128Gcm(cipher) => Ok(Some(cipher.finish().to_vec())), Aes256Gcm(cipher) => Ok(Some(cipher.finish().to_vec())), } @@ -214,6 +244,8 @@ impl Decipher { Aes128Cbc(Box::new(cbc::Decryptor::new(key.into(), iv.into()))) } "aes-128-ecb" => Aes128Ecb(Box::new(ecb::Decryptor::new(key.into()))), + "aes-192-ecb" => Aes192Ecb(Box::new(ecb::Decryptor::new(key.into()))), + "aes-256-ecb" => Aes256Ecb(Box::new(ecb::Decryptor::new(key.into()))), "aes-128-gcm" => { let mut decipher = aead_gcm_stream::AesGcm::::new(key.into()); @@ -261,6 +293,18 @@ impl Decipher { decryptor.decrypt_block_b2b_mut(input.into(), output.into()); } } + Aes192Ecb(decryptor) => { + assert!(input.len() % 16 == 0); + for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) { + decryptor.decrypt_block_b2b_mut(input.into(), output.into()); + } + } + Aes256Ecb(decryptor) => { + assert!(input.len() % 16 == 0); + for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) { + decryptor.decrypt_block_b2b_mut(input.into(), output.into()); + } + } Aes128Gcm(decipher) => { output[..input.len()].copy_from_slice(input); decipher.decrypt(output); @@ -295,6 +339,20 @@ impl Decipher { .map_err(|_| type_error("Cannot unpad the input data"))?; Ok(()) } + Aes192Ecb(decryptor) => { + assert!(input.len() == 16); + let _ = (*decryptor) + .decrypt_padded_b2b_mut::(input, output) + .map_err(|_| type_error("Cannot unpad the input data"))?; + Ok(()) + } + Aes256Ecb(decryptor) => { + assert!(input.len() == 16); + let _ = (*decryptor) + .decrypt_padded_b2b_mut::(input, output) + .map_err(|_| type_error("Cannot unpad the input data"))?; + Ok(()) + } Aes128Gcm(decipher) => { let tag = decipher.finish(); if tag.as_slice() == auth_tag {