1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-25 16:49:18 -05:00

fix(ext/node): add aes256 algorithm support (#22198)

Towards #21804
This commit is contained in:
Asher Gomez 2024-02-01 14:43:24 +11:00 committed by GitHub
parent 02c65fad45
commit 6512be458f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 53 additions and 2 deletions

View file

@ -118,6 +118,16 @@ Deno.test({
"dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087",
"0ac1d7e8655254c6814b46753932df88",
],
[
["aes256", 32, 16],
"dc95c078a2408989ad48a2149284208708c374848c228233c2b34f332bd2e9d38b70c515a6663d38cdb8e6532b266491",
"2e62607a5e8b715e4cb229a12169f2b2",
],
[
["aes-256-cbc", 32, 16],
"dc95c078a2408989ad48a2149284208708c374848c228233c2b34f332bd2e9d38b70c515a6663d38cdb8e6532b266491",
"2e62607a5e8b715e4cb229a12169f2b2",
],
] as const;
for (
const [[alg, keyLen, ivLen], expectedUpdate, expectedFinal] of table
@ -186,6 +196,14 @@ Deno.test({
["aes-256-ecb", 32, 0],
"dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a214928420877c45b49560579dd1ffc7ec626de2a968",
],
[
["aes256", 32, 16],
"dc95c078a2408989ad48a2149284208708c374848c228233c2b34f332bd2e9d38b70c515a6663d38cdb8e6532b2664915d0dcc192580aee9ef8a8568193f1b44bfca557c6bab7dc79da07ffd42191b2659e6bee99cb2a6a7299f0e9a21686fc7",
],
[
["aes-256-cbc", 32, 16],
"dc95c078a2408989ad48a2149284208708c374848c228233c2b34f332bd2e9d38b70c515a6663d38cdb8e6532b2664915d0dcc192580aee9ef8a8568193f1b44bfca557c6bab7dc79da07ffd42191b2659e6bee99cb2a6a7299f0e9a21686fc7",
],
] as const;
for (
const [[alg, keyLen, ivLen], input] of table

View file

@ -25,7 +25,8 @@ enum Cipher {
Aes256Ecb(Box<ecb::Encryptor<aes::Aes256>>),
Aes128Gcm(Box<Aes128Gcm>),
Aes256Gcm(Box<Aes256Gcm>),
// TODO(kt3k): add more algorithms Aes192Cbc, Aes256Cbc, etc.
Aes256Cbc(Box<cbc::Encryptor<aes::Aes256>>),
// TODO(kt3k): add more algorithms Aes192Cbc, etc.
}
enum Decipher {
@ -35,7 +36,8 @@ enum Decipher {
Aes256Ecb(Box<ecb::Decryptor<aes::Aes256>>),
Aes128Gcm(Box<Aes128Gcm>),
Aes256Gcm(Box<Aes256Gcm>),
// TODO(kt3k): add more algorithms Aes192Cbc, Aes256Cbc, Aes128GCM, etc.
Aes256Cbc(Box<cbc::Decryptor<aes::Aes256>>),
// TODO(kt3k): add more algorithms Aes192Cbc, Aes128GCM, etc.
}
pub struct CipherContext {
@ -141,6 +143,9 @@ impl Cipher {
Aes256Gcm(Box::new(cipher))
}
"aes256" | "aes-256-cbc" => {
Aes256Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into())))
}
_ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))),
})
}
@ -194,6 +199,12 @@ impl Cipher {
output[..input.len()].copy_from_slice(input);
cipher.encrypt(output);
}
Aes256Cbc(encryptor) => {
assert!(input.len() % 16 == 0);
for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
encryptor.encrypt_block_b2b_mut(input.into(), output.into());
}
}
}
}
@ -228,6 +239,12 @@ impl Cipher {
}
Aes128Gcm(cipher) => Ok(Some(cipher.finish().to_vec())),
Aes256Gcm(cipher) => Ok(Some(cipher.finish().to_vec())),
Aes256Cbc(encryptor) => {
let _ = (*encryptor)
.encrypt_padded_b2b_mut::<Pkcs7>(input, output)
.map_err(|_| type_error("Cannot pad the input data"))?;
Ok(None)
}
}
}
}
@ -260,6 +277,9 @@ impl Decipher {
Aes256Gcm(Box::new(decipher))
}
"aes256" | "aes-256-cbc" => {
Aes256Cbc(Box::new(cbc::Decryptor::new(key.into(), iv.into())))
}
_ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))),
})
}
@ -313,6 +333,12 @@ impl Decipher {
output[..input.len()].copy_from_slice(input);
decipher.decrypt(output);
}
Aes256Cbc(decryptor) => {
assert!(input.len() % 16 == 0);
for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
decryptor.decrypt_block_b2b_mut(input.into(), output.into());
}
}
}
}
@ -369,6 +395,13 @@ impl Decipher {
Err(type_error("Failed to authenticate data"))
}
}
Aes256Cbc(decryptor) => {
assert!(input.len() == 16);
let _ = (*decryptor)
.decrypt_padded_b2b_mut::<Pkcs7>(input, output)
.map_err(|_| type_error("Cannot unpad the input data"))?;
Ok(())
}
}
}
}