diff options
| author | Divy Srivastava <dj.srivastava23@gmail.com> | 2021-10-11 20:07:51 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-11 16:37:51 +0200 |
| commit | 3b2cb8e7113b19344209eddc8bc1bd447fcec4ea (patch) | |
| tree | 616169290b703184047ad7beb4b9c79011a2a6ef /ext/crypto/lib.rs | |
| parent | 426ebf854a82c63cdaa2413fbd1b005025dba95b (diff) | |
feat(ext/crypto): implement AES-CBC encryption & decryption (#12123)
* initial stuff
* stuff
* merge stuff
* cleanup
* fmt
* length
* update lockfile
* decrypt
* fixy
* clippy hello?
* hmm
* fixs
* fix lint
* add AesCbcParams
* fixes
* fixy
* lockfile fixy
* fix dumb assertions
* re run CI
* rerun CI
* rerun CI
Diffstat (limited to 'ext/crypto/lib.rs')
| -rw-r--r-- | ext/crypto/lib.rs | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs index 6376aedbb..6b67185dd 100644 --- a/ext/crypto/lib.rs +++ b/ext/crypto/lib.rs @@ -19,6 +19,7 @@ use std::convert::TryInto; use std::num::NonZeroU32; use std::rc::Rc; +use block_modes::BlockMode; use lazy_static::lazy_static; use num_traits::cast::FromPrimitive; use rand::rngs::OsRng; @@ -892,8 +893,12 @@ pub async fn op_crypto_derive_bits( pub struct EncryptArg { key: KeyData, algorithm: Algorithm, + // RSA-OAEP hash: Option<CryptoHash>, label: Option<ZeroCopyBuf>, + // AES-CBC + iv: Option<ZeroCopyBuf>, + length: Option<usize>, } pub async fn op_crypto_encrypt_key( @@ -945,6 +950,46 @@ pub async fn op_crypto_encrypt_key( .into(), ) } + Algorithm::AesCbc => { + let key = &*args.key.data; + let length = args + .length + .ok_or_else(|| type_error("Missing argument length".to_string()))?; + let iv = args + .iv + .ok_or_else(|| type_error("Missing argument iv".to_string()))?; + + // 2-3. + let ciphertext = match length { + 128 => { + // Section 10.3 Step 2 of RFC 2315 https://www.rfc-editor.org/rfc/rfc2315 + type Aes128Cbc = + block_modes::Cbc<aes::Aes128, block_modes::block_padding::Pkcs7>; + + let cipher = Aes128Cbc::new_from_slices(key, &iv)?; + cipher.encrypt_vec(data) + } + 192 => { + // Section 10.3 Step 2 of RFC 2315 https://www.rfc-editor.org/rfc/rfc2315 + type Aes192Cbc = + block_modes::Cbc<aes::Aes192, block_modes::block_padding::Pkcs7>; + + let cipher = Aes192Cbc::new_from_slices(key, &iv)?; + cipher.encrypt_vec(data) + } + 256 => { + // Section 10.3 Step 2 of RFC 2315 https://www.rfc-editor.org/rfc/rfc2315 + type Aes256Cbc = + block_modes::Cbc<aes::Aes256, block_modes::block_padding::Pkcs7>; + + let cipher = Aes256Cbc::new_from_slices(key, &iv)?; + cipher.encrypt_vec(data) + } + _ => unreachable!(), + }; + + Ok(ciphertext.into()) + } _ => Err(type_error("Unsupported algorithm".to_string())), } } @@ -1451,8 +1496,12 @@ pub async fn op_crypto_import_key( pub struct DecryptArg { key: KeyData, algorithm: Algorithm, + // RSA-OAEP hash: Option<CryptoHash>, label: Option<ZeroCopyBuf>, + // AES-CBC + iv: Option<ZeroCopyBuf>, + length: Option<usize>, } pub async fn op_crypto_decrypt_key( @@ -1503,6 +1552,47 @@ pub async fn op_crypto_decrypt_key( .into(), ) } + Algorithm::AesCbc => { + let key = &*args.key.data; + let length = args + .length + .ok_or_else(|| type_error("Missing argument length".to_string()))?; + let iv = args + .iv + .ok_or_else(|| type_error("Missing argument iv".to_string()))?; + + // 2. + let plaintext = match length { + 128 => { + // Section 10.3 Step 2 of RFC 2315 https://www.rfc-editor.org/rfc/rfc2315 + type Aes128Cbc = + block_modes::Cbc<aes::Aes128, block_modes::block_padding::Pkcs7>; + let cipher = Aes128Cbc::new_from_slices(key, &iv)?; + + cipher.decrypt_vec(data)? + } + 192 => { + // Section 10.3 Step 2 of RFC 2315 https://www.rfc-editor.org/rfc/rfc2315 + type Aes192Cbc = + block_modes::Cbc<aes::Aes192, block_modes::block_padding::Pkcs7>; + let cipher = Aes192Cbc::new_from_slices(key, &iv)?; + + cipher.decrypt_vec(data)? + } + 256 => { + // Section 10.3 Step 2 of RFC 2315 https://www.rfc-editor.org/rfc/rfc2315 + type Aes256Cbc = + block_modes::Cbc<aes::Aes256, block_modes::block_padding::Pkcs7>; + let cipher = Aes256Cbc::new_from_slices(key, &iv)?; + + cipher.decrypt_vec(data)? + } + _ => unreachable!(), + }; + + // 6. + Ok(plaintext.into()) + } _ => Err(type_error("Unsupported algorithm".to_string())), } } |