From 9befa566ec3ef4594fd7ffb2cbdf5b34d9705e16 Mon Sep 17 00:00:00 2001
From: Divy Srivastava <dj.srivastava23@gmail.com>
Date: Tue, 5 Sep 2023 22:31:50 -0700
Subject: fix(ext/node): implement AES GCM cipher (#20368)

Adds support for AES-GCM 128/256 bit keys in `node:crypto` and
`setAAD()`, `setAuthTag()` and `getAuthTag()`

Uses https://github.com/littledivy/aead-gcm-stream

Fixes https://github.com/denoland/deno/issues/19836
https://github.com/denoland/deno/issues/20353
---
 ext/node/ops/crypto/mod.rs | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

(limited to 'ext/node/ops/crypto/mod.rs')

diff --git a/ext/node/ops/crypto/mod.rs b/ext/node/ops/crypto/mod.rs
index c0b4f55f8..ce2ff0ebc 100644
--- a/ext/node/ops/crypto/mod.rs
+++ b/ext/node/ops/crypto/mod.rs
@@ -235,6 +235,20 @@ pub fn op_node_create_cipheriv(
   )
 }
 
+#[op(fast)]
+pub fn op_node_cipheriv_set_aad(
+  state: &mut OpState,
+  rid: u32,
+  aad: &[u8],
+) -> bool {
+  let context = match state.resource_table.get::<cipher::CipherContext>(rid) {
+    Ok(context) => context,
+    Err(_) => return false,
+  };
+  context.set_aad(aad);
+  true
+}
+
 #[op(fast)]
 pub fn op_node_cipheriv_encrypt(
   state: &mut OpState,
@@ -256,7 +270,7 @@ pub fn op_node_cipheriv_final(
   rid: u32,
   input: &[u8],
   output: &mut [u8],
-) -> Result<(), AnyError> {
+) -> Result<Option<Vec<u8>>, AnyError> {
   let context = state.resource_table.take::<cipher::CipherContext>(rid)?;
   let context = Rc::try_unwrap(context)
     .map_err(|_| type_error("Cipher context is already in use"))?;
@@ -278,6 +292,20 @@ pub fn op_node_create_decipheriv(
   )
 }
 
+#[op(fast)]
+pub fn op_node_decipheriv_set_aad(
+  state: &mut OpState,
+  rid: u32,
+  aad: &[u8],
+) -> bool {
+  let context = match state.resource_table.get::<cipher::DecipherContext>(rid) {
+    Ok(context) => context,
+    Err(_) => return false,
+  };
+  context.set_aad(aad);
+  true
+}
+
 #[op(fast)]
 pub fn op_node_decipheriv_decrypt(
   state: &mut OpState,
@@ -299,11 +327,12 @@ pub fn op_node_decipheriv_final(
   rid: u32,
   input: &[u8],
   output: &mut [u8],
+  auth_tag: &[u8],
 ) -> Result<(), AnyError> {
   let context = state.resource_table.take::<cipher::DecipherContext>(rid)?;
   let context = Rc::try_unwrap(context)
     .map_err(|_| type_error("Cipher context is already in use"))?;
-  context.r#final(input, output)
+  context.r#final(input, output, auth_tag)
 }
 
 #[op]
-- 
cgit v1.2.3