16485823596

Committed 24 Jul 2025 01:49AM UTC coverage: 51.716% (-0.05%) from 51.764%

Build # 16485823596

Build Type

push

github

Committed by

web-flow

Commit Message

[develop] backports (#570)

* fix: some methods in node:crypto cause panic (#567)

* fix: make initial/max heap size configurable for main/event worker (#568)

Coverage Stats

37 of 82 new or added lines in 3 files covered. (45.12%)

4 existing lines in 3 files now uncovered.

18245 of 35279 relevant lines covered (51.72%)

5527.74 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/ext/node/ops/crypto/cipher.rs

// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.

use aes::cipher::block_padding::Pkcs7;
use aes::cipher::BlockDecryptMut;
use aes::cipher::BlockEncryptMut;
use aes::cipher::KeyIvInit;
use aes::cipher::KeySizeUser;
use deno_core::Resource;
use digest::generic_array::GenericArray;
use digest::KeyInit;

use std::borrow::Cow;
use std::cell::RefCell;
use std::rc::Rc;

type Tag = Option<Vec<u8>>;

type Aes128Gcm = aead_gcm_stream::AesGcm<aes::Aes128>;
type Aes256Gcm = aead_gcm_stream::AesGcm<aes::Aes256>;

enum Cipher {
  Aes128Cbc(Box<cbc::Encryptor<aes::Aes128>>),
  Aes128Ecb(Box<ecb::Encryptor<aes::Aes128>>),
  Aes192Ecb(Box<ecb::Encryptor<aes::Aes192>>),
  Aes256Ecb(Box<ecb::Encryptor<aes::Aes256>>),
  Aes128Gcm(Box<Aes128Gcm>),
  Aes256Gcm(Box<Aes256Gcm>),
  Aes256Cbc(Box<cbc::Encryptor<aes::Aes256>>),
  // TODO(kt3k): add more algorithms Aes192Cbc, etc.
}

enum Decipher {
  Aes128Cbc(Box<cbc::Decryptor<aes::Aes128>>),
  Aes128Ecb(Box<ecb::Decryptor<aes::Aes128>>),
  Aes192Ecb(Box<ecb::Decryptor<aes::Aes192>>),
  Aes256Ecb(Box<ecb::Decryptor<aes::Aes256>>),
  Aes128Gcm(Box<Aes128Gcm>),
  Aes256Gcm(Box<Aes256Gcm>),
  Aes256Cbc(Box<cbc::Decryptor<aes::Aes256>>),
  // TODO(kt3k): add more algorithms Aes192Cbc, Aes128GCM, etc.
}

pub struct CipherContext {
  cipher: Rc<RefCell<Cipher>>,
}

pub struct DecipherContext {
  decipher: Rc<RefCell<Decipher>>,
}

#[derive(Debug, thiserror::Error)]
pub enum CipherContextError {
  #[error("Cipher context is already in use")]
  ContextInUse,
  #[error("{0}")]
  Resource(deno_core::error::AnyError),
  #[error(transparent)]
  Cipher(#[from] CipherError),
}

impl CipherContext {
  pub fn new(
    algorithm: &str,
    key: &[u8],
    iv: &[u8],
  ) -> Result<Self, CipherContextError> {
    Ok(Self {
      cipher: Rc::new(RefCell::new(Cipher::new(algorithm, key, iv)?)),
    })
  }

  pub fn set_aad(&self, aad: &[u8]) {
    self.cipher.borrow_mut().set_aad(aad);
  }

  pub fn encrypt(&self, input: &[u8], output: &mut [u8]) {
    self.cipher.borrow_mut().encrypt(input, output);
  }

  pub fn take_tag(self) -> Tag {
    Rc::try_unwrap(self.cipher).ok()?.into_inner().take_tag()
  }

  pub fn r#final(
    self,
    auto_pad: bool,
    input: &[u8],
    output: &mut [u8],
  ) -> Result<Tag, CipherContextError> {
    Rc::try_unwrap(self.cipher)
      .map_err(|_| CipherContextError::ContextInUse)?
      .into_inner()
      .r#final(auto_pad, input, output)
      .map_err(Into::into)
  }
}

#[derive(Debug, thiserror::Error)]
pub enum DecipherContextError {
  #[error("Decipher context is already in use")]
  ContextInUse,
  #[error("{0}")]
  Resource(deno_core::error::AnyError),
  #[error(transparent)]
  Decipher(#[from] DecipherError),
}

impl DecipherContext {
  pub fn new(
    algorithm: &str,
    key: &[u8],
    iv: &[u8],
  ) -> Result<Self, DecipherContextError> {
    Ok(Self {
      decipher: Rc::new(RefCell::new(Decipher::new(algorithm, key, iv)?)),
    })
  }

  pub fn set_aad(&self, aad: &[u8]) {
    self.decipher.borrow_mut().set_aad(aad);
  }

  pub fn decrypt(&self, input: &[u8], output: &mut [u8]) {
    self.decipher.borrow_mut().decrypt(input, output);
  }

  pub fn r#final(
    self,
    auto_pad: bool,
    input: &[u8],
    output: &mut [u8],
    auth_tag: &[u8],
  ) -> Result<(), DecipherContextError> {
    Rc::try_unwrap(self.decipher)
      .map_err(|_| DecipherContextError::ContextInUse)?
      .into_inner()
      .r#final(auto_pad, input, output, auth_tag)
      .map_err(Into::into)
  }
}

impl Resource for CipherContext {
  fn name(&self) -> Cow<str> {
    "cryptoCipher".into()
  }
}

impl Resource for DecipherContext {
  fn name(&self) -> Cow<str> {
    "cryptoDecipher".into()
  }
}

#[derive(Debug, thiserror::Error)]
pub enum CipherError {
  #[error("IV length must be 12 bytes")]
  InvalidIvLength,
  #[error("Invalid key length")]
  InvalidKeyLength,
  #[error("Invalid initialization vector")]
  InvalidInitializationVector,
  #[error("Cannot pad the input data")]
  CannotPadInputData,
  #[error("Unknown cipher {0}")]
  UnknownCipher(String),
}

impl Cipher {
  fn new(
    algorithm_name: &str,
    key: &[u8],
    iv: &[u8],
  ) -> Result<Self, CipherError> {
    use Cipher::*;
    Ok(match algorithm_name {
      "aes-128-cbc" => {
        Aes128Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into())))
      }
      "aes-128-ecb" => Aes128Ecb(Box::new(ecb::Encryptor::new(key.into()))),
      "aes-192-ecb" => Aes192Ecb(Box::new(ecb::Encryptor::new(key.into()))),
      "aes-256-ecb" => Aes256Ecb(Box::new(ecb::Encryptor::new(key.into()))),
      "aes-128-gcm" => {
        if key.len() != aes::Aes128::key_size() {
          return Err(CipherError::InvalidIvLength);
        }

        let cipher =
          aead_gcm_stream::AesGcm::<aes::Aes128>::new(key.into(), iv);

        Aes128Gcm(Box::new(cipher))
      }
      "aes-256-gcm" => {
        if key.len() != aes::Aes256::key_size() {
          return Err(CipherError::InvalidIvLength);
        }

        let cipher =
          aead_gcm_stream::AesGcm::<aes::Aes256>::new(key.into(), iv);

        Aes256Gcm(Box::new(cipher))
      }
      "aes256" | "aes-256-cbc" => {
        if key.len() != 32 {
          return Err(CipherError::InvalidKeyLength);
        }
        if iv.len() != 16 {
          return Err(CipherError::InvalidInitializationVector);
        }

        Aes256Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into())))
      }
      _ => return Err(CipherError::UnknownCipher(algorithm_name.to_string())),
    })
  }

  fn set_aad(&mut self, aad: &[u8]) {
    use Cipher::*;
    match self {
      Aes128Gcm(cipher) => {
        cipher.set_aad(aad);
      }
      Aes256Gcm(cipher) => {
        cipher.set_aad(aad);
      }
      _ => {}
    }
  }

  /// encrypt encrypts the data in the middle of the input.
  fn encrypt(&mut self, input: &[u8], output: &mut [u8]) {
    use Cipher::*;
    match self {
      Aes128Cbc(encryptor) => {
        assert!(input.len() % 16 == 0);
        for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
          encryptor.encrypt_block_b2b_mut(input.into(), output.into());
        }
      }
      Aes128Ecb(encryptor) => {
        assert!(input.len() % 16 == 0);
        for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
          encryptor.encrypt_block_b2b_mut(input.into(), output.into());
        }
      }
      Aes192Ecb(encryptor) => {
        assert!(input.len() % 16 == 0);
        for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
          encryptor.encrypt_block_b2b_mut(input.into(), output.into());
        }
      }
      Aes256Ecb(encryptor) => {
        assert!(input.len() % 16 == 0);
        for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
          encryptor.encrypt_block_b2b_mut(input.into(), output.into());
        }
      }
      Aes128Gcm(cipher) => {
        output[..input.len()].copy_from_slice(input);
        cipher.encrypt(output);
      }
      Aes256Gcm(cipher) => {
        output[..input.len()].copy_from_slice(input);
        cipher.encrypt(output);
      }
      Aes256Cbc(encryptor) => {
        assert!(input.len() % 16 == 0);
        for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
          encryptor.encrypt_block_b2b_mut(input.into(), output.into());
        }
      }
    }
  }

  /// r#final encrypts the last block of the input data.
  fn r#final(
    self,
    auto_pad: bool,
    input: &[u8],
    output: &mut [u8],
  ) -> Result<Tag, CipherError> {
    assert!(input.len() < 16);
    use Cipher::*;
    match (self, auto_pad) {
      (Aes128Cbc(encryptor), true) => {
        let _ = (*encryptor)
          .encrypt_padded_b2b_mut::<Pkcs7>(input, output)
          .map_err(|_| CipherError::CannotPadInputData)?;
        Ok(None)
      }
      (Aes128Cbc(mut encryptor), false) => {
        encryptor.encrypt_block_b2b_mut(
          GenericArray::from_slice(input),
          GenericArray::from_mut_slice(output),
        );
        Ok(None)
      }
      (Aes128Ecb(encryptor), true) => {
        let _ = (*encryptor)
          .encrypt_padded_b2b_mut::<Pkcs7>(input, output)
          .map_err(|_| CipherError::CannotPadInputData)?;
        Ok(None)
      }
      (Aes128Ecb(mut encryptor), false) => {
        encryptor.encrypt_block_b2b_mut(
          GenericArray::from_slice(input),
          GenericArray::from_mut_slice(output),
        );
        Ok(None)
      }
      (Aes192Ecb(encryptor), true) => {
        let _ = (*encryptor)
          .encrypt_padded_b2b_mut::<Pkcs7>(input, output)
          .map_err(|_| CipherError::CannotPadInputData)?;
        Ok(None)
      }
      (Aes192Ecb(mut encryptor), false) => {
        encryptor.encrypt_block_b2b_mut(
          GenericArray::from_slice(input),
          GenericArray::from_mut_slice(output),
        );
        Ok(None)
      }
      (Aes256Ecb(encryptor), true) => {
        let _ = (*encryptor)
          .encrypt_padded_b2b_mut::<Pkcs7>(input, output)
          .map_err(|_| CipherError::CannotPadInputData)?;
        Ok(None)
      }
      (Aes256Ecb(mut encryptor), false) => {
        encryptor.encrypt_block_b2b_mut(
          GenericArray::from_slice(input),
          GenericArray::from_mut_slice(output),
        );
        Ok(None)
      }
      (Aes128Gcm(cipher), _) => Ok(Some(cipher.finish().to_vec())),
      (Aes256Gcm(cipher), _) => Ok(Some(cipher.finish().to_vec())),
      (Aes256Cbc(encryptor), true) => {
        let _ = (*encryptor)
          .encrypt_padded_b2b_mut::<Pkcs7>(input, output)
          .map_err(|_| CipherError::CannotPadInputData)?;
        Ok(None)
      }
      (Aes256Cbc(mut encryptor), false) => {
        encryptor.encrypt_block_b2b_mut(
          GenericArray::from_slice(input),
          GenericArray::from_mut_slice(output),
        );
        Ok(None)
      }
    }
  }

  fn take_tag(self) -> Tag {
    use Cipher::*;
    match self {
      Aes128Gcm(cipher) => Some(cipher.finish().to_vec()),
      Aes256Gcm(cipher) => Some(cipher.finish().to_vec()),
      _ => None,
    }
  }
}

#[derive(Debug, thiserror::Error)]
pub enum DecipherError {
  #[error("IV length must be 12 bytes")]
  InvalidIvLength,
  #[error("Invalid key length")]
  InvalidKeyLength,
  #[error("Invalid initialization vector")]
  InvalidInitializationVector,
  #[error("Cannot unpad the input data")]
  CannotUnpadInputData,
  #[error("Failed to authenticate data")]
  DataAuthenticationFailed,
  #[error("setAutoPadding(false) not supported for Aes128Gcm yet")]
  SetAutoPaddingFalseAes128GcmUnsupported,
  #[error("setAutoPadding(false) not supported for Aes256Gcm yet")]
  SetAutoPaddingFalseAes256GcmUnsupported,
  #[error("Unknown cipher {0}")]
  UnknownCipher(String),
}

impl Decipher {
  fn new(
    algorithm_name: &str,
    key: &[u8],
    iv: &[u8],
  ) -> Result<Self, DecipherError> {
    use Decipher::*;
    Ok(match algorithm_name {
      "aes-128-cbc" => {
        Aes128Cbc(Box::new(cbc::Decryptor::new(key.into(), iv.into())))
      }
      "aes-128-ecb" => Aes128Ecb(Box::new(ecb::Decryptor::new(key.into()))),
      "aes-192-ecb" => Aes192Ecb(Box::new(ecb::Decryptor::new(key.into()))),
      "aes-256-ecb" => Aes256Ecb(Box::new(ecb::Decryptor::new(key.into()))),
      "aes-128-gcm" => {
        if key.len() != aes::Aes128::key_size() {
          return Err(DecipherError::InvalidIvLength);
        }

        let decipher =
          aead_gcm_stream::AesGcm::<aes::Aes128>::new(key.into(), iv);

        Aes128Gcm(Box::new(decipher))
      }
      "aes-256-gcm" => {
        if key.len() != aes::Aes256::key_size() {
          return Err(DecipherError::InvalidIvLength);
        }

        let decipher =
          aead_gcm_stream::AesGcm::<aes::Aes256>::new(key.into(), iv);

        Aes256Gcm(Box::new(decipher))
      }
      "aes256" | "aes-256-cbc" => {
        if key.len() != 32 {
          return Err(DecipherError::InvalidKeyLength);
        }
        if iv.len() != 16 {
          return Err(DecipherError::InvalidInitializationVector);
        }

        Aes256Cbc(Box::new(cbc::Decryptor::new(key.into(), iv.into())))
      }
      _ => {
        return Err(DecipherError::UnknownCipher(algorithm_name.to_string()))
      }
    })
  }

  fn set_aad(&mut self, aad: &[u8]) {
    use Decipher::*;
    match self {
      Aes128Gcm(decipher) => {
        decipher.set_aad(aad);
      }
      Aes256Gcm(decipher) => {
        decipher.set_aad(aad);
      }
      _ => {}
    }
  }

  /// decrypt decrypts the data in the middle of the input.
  fn decrypt(&mut self, input: &[u8], output: &mut [u8]) {
    use Decipher::*;
    match self {
      Aes128Cbc(decryptor) => {
        assert!(input.len() % 16 == 0);
        for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
          decryptor.decrypt_block_b2b_mut(input.into(), output.into());
        }
      }
      Aes128Ecb(decryptor) => {
        assert!(input.len() % 16 == 0);
        for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
          decryptor.decrypt_block_b2b_mut(input.into(), output.into());
        }
      }
      Aes192Ecb(decryptor) => {
        assert!(input.len() % 16 == 0);
        for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
          decryptor.decrypt_block_b2b_mut(input.into(), output.into());
        }
      }
      Aes256Ecb(decryptor) => {
        assert!(input.len() % 16 == 0);
        for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
          decryptor.decrypt_block_b2b_mut(input.into(), output.into());
        }
      }
      Aes128Gcm(decipher) => {
        output[..input.len()].copy_from_slice(input);
        decipher.decrypt(output);
      }
      Aes256Gcm(decipher) => {
        output[..input.len()].copy_from_slice(input);
        decipher.decrypt(output);
      }
      Aes256Cbc(decryptor) => {
        assert!(input.len() % 16 == 0);
        for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {
          decryptor.decrypt_block_b2b_mut(input.into(), output.into());
        }
      }
    }
  }

  /// r#final decrypts the last block of the input data.
  fn r#final(
    self,
    auto_pad: bool,
    input: &[u8],
    output: &mut [u8],
    auth_tag: &[u8],
  ) -> Result<(), DecipherError> {
    use Decipher::*;
    match (self, auto_pad) {
      (Aes128Cbc(decryptor), true) => {
        assert!(input.len() == 16);
        let _ = (*decryptor)
          .decrypt_padded_b2b_mut::<Pkcs7>(input, output)
          .map_err(|_| DecipherError::CannotUnpadInputData)?;
        Ok(())
      }
      (Aes128Cbc(mut decryptor), false) => {
        decryptor.decrypt_block_b2b_mut(
          GenericArray::from_slice(input),
          GenericArray::from_mut_slice(output),
        );
        Ok(())
      }
      (Aes128Ecb(decryptor), true) => {
        assert!(input.len() == 16);
        let _ = (*decryptor)
          .decrypt_padded_b2b_mut::<Pkcs7>(input, output)
          .map_err(|_| DecipherError::CannotUnpadInputData)?;
        Ok(())
      }
      (Aes128Ecb(mut decryptor), false) => {
        decryptor.decrypt_block_b2b_mut(
          GenericArray::from_slice(input),
          GenericArray::from_mut_slice(output),
        );
        Ok(())
      }
      (Aes192Ecb(decryptor), true) => {
        assert!(input.len() == 16);
        let _ = (*decryptor)
          .decrypt_padded_b2b_mut::<Pkcs7>(input, output)
          .map_err(|_| DecipherError::CannotUnpadInputData)?;
        Ok(())
      }
      (Aes192Ecb(mut decryptor), false) => {
        decryptor.decrypt_block_b2b_mut(
          GenericArray::from_slice(input),
          GenericArray::from_mut_slice(output),
        );
        Ok(())
      }
      (Aes256Ecb(decryptor), true) => {
        assert!(input.len() == 16);
        let _ = (*decryptor)
          .decrypt_padded_b2b_mut::<Pkcs7>(input, output)
          .map_err(|_| DecipherError::CannotUnpadInputData)?;
        Ok(())
      }
      (Aes256Ecb(mut decryptor), false) => {
        decryptor.decrypt_block_b2b_mut(
          GenericArray::from_slice(input),
          GenericArray::from_mut_slice(output),
        );
        Ok(())
      }
      (Aes128Gcm(decipher), true) => {
        let tag = decipher.finish();
        if tag.as_slice() == auth_tag {
          Ok(())
        } else {
          Err(DecipherError::DataAuthenticationFailed)
        }
      }
      (Aes128Gcm(_), false) => {
        Err(DecipherError::SetAutoPaddingFalseAes128GcmUnsupported)
      }
      (Aes256Gcm(decipher), true) => {
        let tag = decipher.finish();
        if tag.as_slice() == auth_tag {
          Ok(())
        } else {
          Err(DecipherError::DataAuthenticationFailed)
        }
      }
      (Aes256Gcm(_), false) => {
        Err(DecipherError::SetAutoPaddingFalseAes256GcmUnsupported)
      }
      (Aes256Cbc(decryptor), true) => {
        assert!(input.len() == 16);
        let _ = (*decryptor)
          .decrypt_padded_b2b_mut::<Pkcs7>(input, output)
          .map_err(|_| DecipherError::CannotUnpadInputData)?;
        Ok(())
      }
      (Aes256Cbc(mut decryptor), false) => {
        decryptor.decrypt_block_b2b_mut(
          GenericArray::from_slice(input),
          GenericArray::from_mut_slice(output),
        );
        Ok(())
      }
    }
  }
}

1	// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
2
3	use aes::cipher::block_padding::Pkcs7;
4	use aes::cipher::BlockDecryptMut;
5	use aes::cipher::BlockEncryptMut;
6	use aes::cipher::KeyIvInit;
7	use aes::cipher::KeySizeUser;
8	use deno_core::Resource;
9	use digest::generic_array::GenericArray;
10	use digest::KeyInit;
11
12	use std::borrow::Cow;
13	use std::cell::RefCell;
14	use std::rc::Rc;
15
16	type Tag = Option<Vec<u8>>;
17
18	type Aes128Gcm = aead_gcm_stream::AesGcm<aes::Aes128>;
19	type Aes256Gcm = aead_gcm_stream::AesGcm<aes::Aes256>;
20
21	enum Cipher {
22	Aes128Cbc(Box<cbc::Encryptor<aes::Aes128>>),
23	Aes128Ecb(Box<ecb::Encryptor<aes::Aes128>>),
24	Aes192Ecb(Box<ecb::Encryptor<aes::Aes192>>),
25	Aes256Ecb(Box<ecb::Encryptor<aes::Aes256>>),
26	Aes128Gcm(Box<Aes128Gcm>),
27	Aes256Gcm(Box<Aes256Gcm>),
28	Aes256Cbc(Box<cbc::Encryptor<aes::Aes256>>),
29	// TODO(kt3k): add more algorithms Aes192Cbc, etc.
30	}
31
32	enum Decipher {
33	Aes128Cbc(Box<cbc::Decryptor<aes::Aes128>>),
34	Aes128Ecb(Box<ecb::Decryptor<aes::Aes128>>),
35	Aes192Ecb(Box<ecb::Decryptor<aes::Aes192>>),
36	Aes256Ecb(Box<ecb::Decryptor<aes::Aes256>>),
37	Aes128Gcm(Box<Aes128Gcm>),
38	Aes256Gcm(Box<Aes256Gcm>),
39	Aes256Cbc(Box<cbc::Decryptor<aes::Aes256>>),
40	// TODO(kt3k): add more algorithms Aes192Cbc, Aes128GCM, etc.
41	}
42
43	pub struct CipherContext {
44	cipher: Rc<RefCell<Cipher>>,
45	}
46
47	pub struct DecipherContext {
48	decipher: Rc<RefCell<Decipher>>,
49	}
50
51	#[derive(Debug, thiserror::Error)]
52	pub enum CipherContextError {
53	#[error("Cipher context is already in use")]
54	ContextInUse,
55	#[error("{0}")]
56	Resource(deno_core::error::AnyError),
57	#[error(transparent)]
58	Cipher(#[from] CipherError),
59	}
60
61	impl CipherContext {
62	pub fn new(	×
63	algorithm: &str,	×
64	key: &[u8],	×
65	iv: &[u8],	×
66	) -> Result<Self, CipherContextError> {	×
67	Ok(Self {	×
68	cipher: Rc::new(RefCell::new(Cipher::new(algorithm, key, iv)?)),	×
69	})
70	}	×
71
72	pub fn set_aad(&self, aad: &[u8]) {	×
73	self.cipher.borrow_mut().set_aad(aad);	×
74	}	×
75
76	pub fn encrypt(&self, input: &[u8], output: &mut [u8]) {	×
77	self.cipher.borrow_mut().encrypt(input, output);	×
78	}	×
79
80	pub fn take_tag(self) -> Tag {	×
81	Rc::try_unwrap(self.cipher).ok()?.into_inner().take_tag()	×
82	}	×
83
84	pub fn r#final(	×
85	self,	×
86	auto_pad: bool,	×
87	input: &[u8],	×
88	output: &mut [u8],	×
89	) -> Result<Tag, CipherContextError> {	×
90	Rc::try_unwrap(self.cipher)	×
91	.map_err(\|_\| CipherContextError::ContextInUse)?	×
92	.into_inner()	×
93	.r#final(auto_pad, input, output)	×
94	.map_err(Into::into)	×
95	}	×
96	}
97
98	#[derive(Debug, thiserror::Error)]
99	pub enum DecipherContextError {
100	#[error("Decipher context is already in use")]
101	ContextInUse,
102	#[error("{0}")]
103	Resource(deno_core::error::AnyError),
104	#[error(transparent)]
105	Decipher(#[from] DecipherError),
106	}
107
108	impl DecipherContext {
109	pub fn new(	×
110	algorithm: &str,	×
111	key: &[u8],	×
112	iv: &[u8],	×
113	) -> Result<Self, DecipherContextError> {	×
114	Ok(Self {	×
115	decipher: Rc::new(RefCell::new(Decipher::new(algorithm, key, iv)?)),	×
116	})
117	}	×
118
119	pub fn set_aad(&self, aad: &[u8]) {	×
120	self.decipher.borrow_mut().set_aad(aad);	×
121	}	×
122
123	pub fn decrypt(&self, input: &[u8], output: &mut [u8]) {	×
124	self.decipher.borrow_mut().decrypt(input, output);	×
125	}	×
126
127	pub fn r#final(	×
128	self,	×
129	auto_pad: bool,	×
130	input: &[u8],	×
131	output: &mut [u8],	×
132	auth_tag: &[u8],	×
133	) -> Result<(), DecipherContextError> {	×
134	Rc::try_unwrap(self.decipher)	×
135	.map_err(\|_\| DecipherContextError::ContextInUse)?	×
136	.into_inner()	×
137	.r#final(auto_pad, input, output, auth_tag)	×
138	.map_err(Into::into)	×
139	}	×
140	}
141
142	impl Resource for CipherContext {
143	fn name(&self) -> Cow<str> {	×
144	"cryptoCipher".into()	×
145	}	×
146	}
147
148	impl Resource for DecipherContext {
149	fn name(&self) -> Cow<str> {	×
150	"cryptoDecipher".into()	×
151	}	×
152	}
153
154	#[derive(Debug, thiserror::Error)]
155	pub enum CipherError {
156	#[error("IV length must be 12 bytes")]
157	InvalidIvLength,
158	#[error("Invalid key length")]
159	InvalidKeyLength,
160	#[error("Invalid initialization vector")]
161	InvalidInitializationVector,
162	#[error("Cannot pad the input data")]
163	CannotPadInputData,
164	#[error("Unknown cipher {0}")]
165	UnknownCipher(String),
166	}
167
168	impl Cipher {
169	fn new(	×
170	algorithm_name: &str,	×
171	key: &[u8],	×
172	iv: &[u8],	×
173	) -> Result<Self, CipherError> {	×
174	use Cipher::*;
175	Ok(match algorithm_name {	×
176	"aes-128-cbc" => {	×
177	Aes128Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into())))	×
178	}
179	"aes-128-ecb" => Aes128Ecb(Box::new(ecb::Encryptor::new(key.into()))),	×
180	"aes-192-ecb" => Aes192Ecb(Box::new(ecb::Encryptor::new(key.into()))),	×
181	"aes-256-ecb" => Aes256Ecb(Box::new(ecb::Encryptor::new(key.into()))),	×
182	"aes-128-gcm" => {	×
NEW 183	if key.len() != aes::Aes128::key_size() {	×
184	return Err(CipherError::InvalidIvLength);	×
185	}	×
186		×
187	let cipher =	×
188	aead_gcm_stream::AesGcm::<aes::Aes128>::new(key.into(), iv);	×
189		×
190	Aes128Gcm(Box::new(cipher))	×
191	}
192	"aes-256-gcm" => {	×
NEW 193	if key.len() != aes::Aes256::key_size() {	×
194	return Err(CipherError::InvalidIvLength);	×
195	}	×
196		×
197	let cipher =	×
198	aead_gcm_stream::AesGcm::<aes::Aes256>::new(key.into(), iv);	×
199		×
200	Aes256Gcm(Box::new(cipher))	×
201	}
202	"aes256" \| "aes-256-cbc" => {	×
203	if key.len() != 32 {	×
204	return Err(CipherError::InvalidKeyLength);	×
205	}	×
206	if iv.len() != 16 {	×
207	return Err(CipherError::InvalidInitializationVector);	×
208	}	×
209		×
210	Aes256Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into())))	×
211	}
212	_ => return Err(CipherError::UnknownCipher(algorithm_name.to_string())),	×
213	})
214	}	×
215
216	fn set_aad(&mut self, aad: &[u8]) {	×
217	use Cipher::*;
218	match self {	×
219	Aes128Gcm(cipher) => {	×
220	cipher.set_aad(aad);	×
221	}	×
222	Aes256Gcm(cipher) => {	×
223	cipher.set_aad(aad);	×
224	}	×
225	_ => {}	×
226	}
227	}	×
228
229	/// encrypt encrypts the data in the middle of the input.
230	fn encrypt(&mut self, input: &[u8], output: &mut [u8]) {	×
231	use Cipher::*;
232	match self {	×
233	Aes128Cbc(encryptor) => {	×
234	assert!(input.len() % 16 == 0);	×
235	for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {	×
236	encryptor.encrypt_block_b2b_mut(input.into(), output.into());	×
237	}	×
238	}
239	Aes128Ecb(encryptor) => {	×
240	assert!(input.len() % 16 == 0);	×
241	for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {	×
242	encryptor.encrypt_block_b2b_mut(input.into(), output.into());	×
243	}	×
244	}
245	Aes192Ecb(encryptor) => {	×
246	assert!(input.len() % 16 == 0);	×
247	for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {	×
248	encryptor.encrypt_block_b2b_mut(input.into(), output.into());	×
249	}	×
250	}
251	Aes256Ecb(encryptor) => {	×
252	assert!(input.len() % 16 == 0);	×
253	for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {	×
254	encryptor.encrypt_block_b2b_mut(input.into(), output.into());	×
255	}	×
256	}
257	Aes128Gcm(cipher) => {	×
258	output[..input.len()].copy_from_slice(input);	×
259	cipher.encrypt(output);	×
260	}	×
261	Aes256Gcm(cipher) => {	×
262	output[..input.len()].copy_from_slice(input);	×
263	cipher.encrypt(output);	×
264	}	×
265	Aes256Cbc(encryptor) => {	×
266	assert!(input.len() % 16 == 0);	×
267	for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {	×
268	encryptor.encrypt_block_b2b_mut(input.into(), output.into());	×
269	}	×
270	}
271	}
272	}	×
273
274	/// r#final encrypts the last block of the input data.
275	fn r#final(	×
276	self,	×
277	auto_pad: bool,	×
278	input: &[u8],	×
279	output: &mut [u8],	×
280	) -> Result<Tag, CipherError> {	×
281	assert!(input.len() < 16);	×
282	use Cipher::*;
283	match (self, auto_pad) {	×
284	(Aes128Cbc(encryptor), true) => {	×
285	let _ = (*encryptor)	×
286	.encrypt_padded_b2b_mut::<Pkcs7>(input, output)	×
287	.map_err(\|_\| CipherError::CannotPadInputData)?;	×
288	Ok(None)	×
289	}
290	(Aes128Cbc(mut encryptor), false) => {	×
291	encryptor.encrypt_block_b2b_mut(	×
292	GenericArray::from_slice(input),	×
293	GenericArray::from_mut_slice(output),	×
294	);	×
295	Ok(None)	×
296	}
297	(Aes128Ecb(encryptor), true) => {	×
298	let _ = (*encryptor)	×
299	.encrypt_padded_b2b_mut::<Pkcs7>(input, output)	×
300	.map_err(\|_\| CipherError::CannotPadInputData)?;	×
301	Ok(None)	×
302	}
303	(Aes128Ecb(mut encryptor), false) => {	×
304	encryptor.encrypt_block_b2b_mut(	×
305	GenericArray::from_slice(input),	×
306	GenericArray::from_mut_slice(output),	×
307	);	×
308	Ok(None)	×
309	}
310	(Aes192Ecb(encryptor), true) => {	×
311	let _ = (*encryptor)	×
312	.encrypt_padded_b2b_mut::<Pkcs7>(input, output)	×
313	.map_err(\|_\| CipherError::CannotPadInputData)?;	×
314	Ok(None)	×
315	}
316	(Aes192Ecb(mut encryptor), false) => {	×
317	encryptor.encrypt_block_b2b_mut(	×
318	GenericArray::from_slice(input),	×
319	GenericArray::from_mut_slice(output),	×
320	);	×
321	Ok(None)	×
322	}
323	(Aes256Ecb(encryptor), true) => {	×
324	let _ = (*encryptor)	×
325	.encrypt_padded_b2b_mut::<Pkcs7>(input, output)	×
326	.map_err(\|_\| CipherError::CannotPadInputData)?;	×
327	Ok(None)	×
328	}
329	(Aes256Ecb(mut encryptor), false) => {	×
330	encryptor.encrypt_block_b2b_mut(	×
331	GenericArray::from_slice(input),	×
332	GenericArray::from_mut_slice(output),	×
333	);	×
334	Ok(None)	×
335	}
336	(Aes128Gcm(cipher), _) => Ok(Some(cipher.finish().to_vec())),	×
337	(Aes256Gcm(cipher), _) => Ok(Some(cipher.finish().to_vec())),	×
338	(Aes256Cbc(encryptor), true) => {	×
339	let _ = (*encryptor)	×
340	.encrypt_padded_b2b_mut::<Pkcs7>(input, output)	×
341	.map_err(\|_\| CipherError::CannotPadInputData)?;	×
342	Ok(None)	×
343	}
344	(Aes256Cbc(mut encryptor), false) => {	×
345	encryptor.encrypt_block_b2b_mut(	×
346	GenericArray::from_slice(input),	×
347	GenericArray::from_mut_slice(output),	×
348	);	×
349	Ok(None)	×
350	}
351	}
352	}	×
353
354	fn take_tag(self) -> Tag {	×
355	use Cipher::*;
356	match self {	×
357	Aes128Gcm(cipher) => Some(cipher.finish().to_vec()),	×
358	Aes256Gcm(cipher) => Some(cipher.finish().to_vec()),	×
359	_ => None,	×
360	}
361	}	×
362	}
363
364	#[derive(Debug, thiserror::Error)]
365	pub enum DecipherError {
366	#[error("IV length must be 12 bytes")]
367	InvalidIvLength,
368	#[error("Invalid key length")]
369	InvalidKeyLength,
370	#[error("Invalid initialization vector")]
371	InvalidInitializationVector,
372	#[error("Cannot unpad the input data")]
373	CannotUnpadInputData,
374	#[error("Failed to authenticate data")]
375	DataAuthenticationFailed,
376	#[error("setAutoPadding(false) not supported for Aes128Gcm yet")]
377	SetAutoPaddingFalseAes128GcmUnsupported,
378	#[error("setAutoPadding(false) not supported for Aes256Gcm yet")]
379	SetAutoPaddingFalseAes256GcmUnsupported,
380	#[error("Unknown cipher {0}")]
381	UnknownCipher(String),
382	}
383
384	impl Decipher {
385	fn new(	×
386	algorithm_name: &str,	×
387	key: &[u8],	×
388	iv: &[u8],	×
389	) -> Result<Self, DecipherError> {	×
390	use Decipher::*;
391	Ok(match algorithm_name {	×
392	"aes-128-cbc" => {	×
393	Aes128Cbc(Box::new(cbc::Decryptor::new(key.into(), iv.into())))	×
394	}
395	"aes-128-ecb" => Aes128Ecb(Box::new(ecb::Decryptor::new(key.into()))),	×
396	"aes-192-ecb" => Aes192Ecb(Box::new(ecb::Decryptor::new(key.into()))),	×
397	"aes-256-ecb" => Aes256Ecb(Box::new(ecb::Decryptor::new(key.into()))),	×
398	"aes-128-gcm" => {	×
NEW 399	if key.len() != aes::Aes128::key_size() {	×
400	return Err(DecipherError::InvalidIvLength);	×
401	}	×
402		×
403	let decipher =	×
404	aead_gcm_stream::AesGcm::<aes::Aes128>::new(key.into(), iv);	×
405		×
406	Aes128Gcm(Box::new(decipher))	×
407	}
408	"aes-256-gcm" => {	×
NEW 409	if key.len() != aes::Aes256::key_size() {	×
410	return Err(DecipherError::InvalidIvLength);	×
411	}	×
412		×
413	let decipher =	×
414	aead_gcm_stream::AesGcm::<aes::Aes256>::new(key.into(), iv);	×
415		×
416	Aes256Gcm(Box::new(decipher))	×
417	}
418	"aes256" \| "aes-256-cbc" => {	×
419	if key.len() != 32 {	×
420	return Err(DecipherError::InvalidKeyLength);	×
421	}	×
422	if iv.len() != 16 {	×
423	return Err(DecipherError::InvalidInitializationVector);	×
424	}	×
425		×
426	Aes256Cbc(Box::new(cbc::Decryptor::new(key.into(), iv.into())))	×
427	}
428	_ => {
429	return Err(DecipherError::UnknownCipher(algorithm_name.to_string()))	×
430	}
431	})
432	}	×
433
434	fn set_aad(&mut self, aad: &[u8]) {	×
435	use Decipher::*;
436	match self {	×
437	Aes128Gcm(decipher) => {	×
438	decipher.set_aad(aad);	×
439	}	×
440	Aes256Gcm(decipher) => {	×
441	decipher.set_aad(aad);	×
442	}	×
443	_ => {}	×
444	}
445	}	×
446
447	/// decrypt decrypts the data in the middle of the input.
448	fn decrypt(&mut self, input: &[u8], output: &mut [u8]) {	×
449	use Decipher::*;
450	match self {	×
451	Aes128Cbc(decryptor) => {	×
452	assert!(input.len() % 16 == 0);	×
453	for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {	×
454	decryptor.decrypt_block_b2b_mut(input.into(), output.into());	×
455	}	×
456	}
457	Aes128Ecb(decryptor) => {	×
458	assert!(input.len() % 16 == 0);	×
459	for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {	×
460	decryptor.decrypt_block_b2b_mut(input.into(), output.into());	×
461	}	×
462	}
463	Aes192Ecb(decryptor) => {	×
464	assert!(input.len() % 16 == 0);	×
465	for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {	×
466	decryptor.decrypt_block_b2b_mut(input.into(), output.into());	×
467	}	×
468	}
469	Aes256Ecb(decryptor) => {	×
470	assert!(input.len() % 16 == 0);	×
471	for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {	×
472	decryptor.decrypt_block_b2b_mut(input.into(), output.into());	×
473	}	×
474	}
475	Aes128Gcm(decipher) => {	×
476	output[..input.len()].copy_from_slice(input);	×
477	decipher.decrypt(output);	×
478	}	×
479	Aes256Gcm(decipher) => {	×
480	output[..input.len()].copy_from_slice(input);	×
481	decipher.decrypt(output);	×
482	}	×
483	Aes256Cbc(decryptor) => {	×
484	assert!(input.len() % 16 == 0);	×
485	for (input, output) in input.chunks(16).zip(output.chunks_mut(16)) {	×
486	decryptor.decrypt_block_b2b_mut(input.into(), output.into());	×
487	}	×
488	}
489	}
490	}	×
491
492	/// r#final decrypts the last block of the input data.
493	fn r#final(	×
494	self,	×
495	auto_pad: bool,	×
496	input: &[u8],	×
497	output: &mut [u8],	×
498	auth_tag: &[u8],	×
499	) -> Result<(), DecipherError> {	×
500	use Decipher::*;
501	match (self, auto_pad) {	×
502	(Aes128Cbc(decryptor), true) => {	×
503	assert!(input.len() == 16);	×
504	let _ = (*decryptor)	×
505	.decrypt_padded_b2b_mut::<Pkcs7>(input, output)	×
506	.map_err(\|_\| DecipherError::CannotUnpadInputData)?;	×
507	Ok(())	×
508	}
509	(Aes128Cbc(mut decryptor), false) => {	×
510	decryptor.decrypt_block_b2b_mut(	×
511	GenericArray::from_slice(input),	×
512	GenericArray::from_mut_slice(output),	×
513	);	×
514	Ok(())	×
515	}
516	(Aes128Ecb(decryptor), true) => {	×
517	assert!(input.len() == 16);	×
518	let _ = (*decryptor)	×
519	.decrypt_padded_b2b_mut::<Pkcs7>(input, output)	×
520	.map_err(\|_\| DecipherError::CannotUnpadInputData)?;	×
521	Ok(())	×
522	}
523	(Aes128Ecb(mut decryptor), false) => {	×
524	decryptor.decrypt_block_b2b_mut(	×
525	GenericArray::from_slice(input),	×
526	GenericArray::from_mut_slice(output),	×
527	);	×
528	Ok(())	×
529	}
530	(Aes192Ecb(decryptor), true) => {	×
531	assert!(input.len() == 16);	×
532	let _ = (*decryptor)	×
533	.decrypt_padded_b2b_mut::<Pkcs7>(input, output)	×
534	.map_err(\|_\| DecipherError::CannotUnpadInputData)?;	×
535	Ok(())	×
536	}
537	(Aes192Ecb(mut decryptor), false) => {	×
538	decryptor.decrypt_block_b2b_mut(	×
539	GenericArray::from_slice(input),	×
540	GenericArray::from_mut_slice(output),	×
541	);	×
542	Ok(())	×
543	}
544	(Aes256Ecb(decryptor), true) => {	×
545	assert!(input.len() == 16);	×
546	let _ = (*decryptor)	×
547	.decrypt_padded_b2b_mut::<Pkcs7>(input, output)	×
548	.map_err(\|_\| DecipherError::CannotUnpadInputData)?;	×
549	Ok(())	×
550	}
551	(Aes256Ecb(mut decryptor), false) => {	×
552	decryptor.decrypt_block_b2b_mut(	×
553	GenericArray::from_slice(input),	×
554	GenericArray::from_mut_slice(output),	×
555	);	×
556	Ok(())	×
557	}
558	(Aes128Gcm(decipher), true) => {	×
559	let tag = decipher.finish();	×
560	if tag.as_slice() == auth_tag {	×
561	Ok(())	×
562	} else {
563	Err(DecipherError::DataAuthenticationFailed)	×
564	}
565	}
566	(Aes128Gcm(_), false) => {
567	Err(DecipherError::SetAutoPaddingFalseAes128GcmUnsupported)	×
568	}
569	(Aes256Gcm(decipher), true) => {	×
570	let tag = decipher.finish();	×
571	if tag.as_slice() == auth_tag {	×
572	Ok(())	×
573	} else {
574	Err(DecipherError::DataAuthenticationFailed)	×
575	}
576	}
577	(Aes256Gcm(_), false) => {
578	Err(DecipherError::SetAutoPaddingFalseAes256GcmUnsupported)	×
579	}
580	(Aes256Cbc(decryptor), true) => {	×
581	assert!(input.len() == 16);	×
582	let _ = (*decryptor)	×
583	.decrypt_padded_b2b_mut::<Pkcs7>(input, output)	×
584	.map_err(\|_\| DecipherError::CannotUnpadInputData)?;	×
585	Ok(())	×
586	}
587	(Aes256Cbc(mut decryptor), false) => {	×
588	decryptor.decrypt_block_b2b_mut(	×
589	GenericArray::from_slice(input),	×
590	GenericArray::from_mut_slice(output),	×
591	);	×
592	Ok(())	×
593	}
594	}
595	}	×
596	}

supabase / edge-runtime / 16485823596

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous