diff options
| author | Asher Gomez <ashersaupingomez@gmail.com> | 2024-02-01 14:43:24 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-01 09:13:24 +0530 |
| commit | 6512be458f84919448616ee88a198c589500243f (patch) | |
| tree | 7db5ec4513f7448e4820c336f7ed7e203455e378 /ext/node/ops/crypto/cipher.rs | |
| parent | 02c65fad45898b79ef9614319061d19d24cfb9ce (diff) | |
fix(ext/node): add `aes256` algorithm support (#22198)
Towards #21804
Diffstat (limited to 'ext/node/ops/crypto/cipher.rs')
| -rw-r--r-- | ext/node/ops/crypto/cipher.rs | 37 |
1 files changed, 35 insertions, 2 deletions
diff --git a/ext/node/ops/crypto/cipher.rs b/ext/node/ops/crypto/cipher.rs index ce741ef01..1072cc8c0 100644 --- a/ext/node/ops/crypto/cipher.rs +++ b/ext/node/ops/crypto/cipher.rs @@ -25,7 +25,8 @@ enum Cipher { Aes256Ecb(Box<ecb::Encryptor<aes::Aes256>>), Aes128Gcm(Box<Aes128Gcm>), Aes256Gcm(Box<Aes256Gcm>), - // TODO(kt3k): add more algorithms Aes192Cbc, Aes256Cbc, etc. + Aes256Cbc(Box<cbc::Encryptor<aes::Aes256>>), + // TODO(kt3k): add more algorithms Aes192Cbc, etc. } enum Decipher { @@ -35,7 +36,8 @@ enum Decipher { Aes256Ecb(Box<ecb::Decryptor<aes::Aes256>>), Aes128Gcm(Box<Aes128Gcm>), Aes256Gcm(Box<Aes256Gcm>), - // TODO(kt3k): add more algorithms Aes192Cbc, Aes256Cbc, Aes128GCM, etc. + Aes256Cbc(Box<cbc::Decryptor<aes::Aes256>>), + // TODO(kt3k): add more algorithms Aes192Cbc, Aes128GCM, etc. } pub struct CipherContext { @@ -141,6 +143,9 @@ impl Cipher { Aes256Gcm(Box::new(cipher)) } + "aes256" | "aes-256-cbc" => { + Aes256Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into()))) + } _ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))), }) } @@ -194,6 +199,12 @@ impl Cipher { output[..input.len()].copy_from_slice(input); cipher.encrypt(output); } + Aes256Cbc(encryptor) => { + assert!(input.len() % 16 == 0); + for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) { + encryptor.encrypt_block_b2b_mut(input.into(), output.into()); + } + } } } @@ -228,6 +239,12 @@ impl Cipher { } Aes128Gcm(cipher) => Ok(Some(cipher.finish().to_vec())), Aes256Gcm(cipher) => Ok(Some(cipher.finish().to_vec())), + Aes256Cbc(encryptor) => { + let _ = (*encryptor) + .encrypt_padded_b2b_mut::<Pkcs7>(input, output) + .map_err(|_| type_error("Cannot pad the input data"))?; + Ok(None) + } } } } @@ -260,6 +277,9 @@ impl Decipher { Aes256Gcm(Box::new(decipher)) } + "aes256" | "aes-256-cbc" => { + Aes256Cbc(Box::new(cbc::Decryptor::new(key.into(), iv.into()))) + } _ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))), }) } @@ -313,6 +333,12 @@ impl Decipher { output[..input.len()].copy_from_slice(input); decipher.decrypt(output); } + Aes256Cbc(decryptor) => { + assert!(input.len() % 16 == 0); + for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) { + decryptor.decrypt_block_b2b_mut(input.into(), output.into()); + } + } } } @@ -369,6 +395,13 @@ impl Decipher { Err(type_error("Failed to authenticate data")) } } + Aes256Cbc(decryptor) => { + assert!(input.len() == 16); + let _ = (*decryptor) + .decrypt_padded_b2b_mut::<Pkcs7>(input, output) + .map_err(|_| type_error("Cannot unpad the input data"))?; + Ok(()) + } } } } |