Merge 917e52c882 into e4a16e91fa

2025-01-21 04:52:26 -05:00 · 2025-01-20 11:03:12 +08:00 · 2025-01-20 11:03:12 +08:00 · a1a519a4f4
commit a1a519a4f4
parent e4a16e91fa 917e52c882
6 changed files with 58 additions and 3 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -2032,6 +2032,7 @@ dependencies = [
 "bytes",
 "cbc",
 "const-oid",
+ "ctr",
 "data-encoding",
 "deno_core",
 "deno_error",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -122,6 +122,7 @@ cbc = { version = "=0.1.2", features = ["alloc"] }
 chrono = { version = "0.4", default-features = false, features = ["std", "serde"] }
 color-print = "0.3.5"
 console_static_text = "=0.8.1"
+ctr = { version = "0.9.2", features = ["alloc"] }
 dashmap = "5.5.3"
 data-encoding = "2.3.3"
 data-url = "=0.3.1"
--- a/ext/crypto/Cargo.toml
+++ b/ext/crypto/Cargo.toml
@ -20,7 +20,7 @@ aes-kw = { version = "0.2.1", features = ["alloc"] }
 base64.workspace = true
 cbc.workspace = true
 const-oid = "0.9.0"
-ctr = "0.9.1"
+ctr.workspace = true
 curve25519-dalek = "4.1.3"
 deno_core.workspace = true
 deno_error.workspace = true
--- a/ext/node/Cargo.toml
+++ b/ext/node/Cargo.toml
@ -27,6 +27,7 @@ brotli.workspace = true
 bytes.workspace = true
 cbc.workspace = true
 const-oid = "0.9.5"
+ctr.workspace = true
 data-encoding.workspace = true
 deno_core.workspace = true
 deno_error.workspace = true
--- a/ext/node/ops/crypto/cipher.rs
+++ b/ext/node/ops/crypto/cipher.rs
@ -8,6 +8,7 @@ use aes::cipher::block_padding::Pkcs7;
 use aes::cipher::BlockDecryptMut;
 use aes::cipher::BlockEncryptMut;
 use aes::cipher::KeyIvInit;
+use aes::cipher::StreamCipher;
 use deno_core::Resource;
 use digest::generic_array::GenericArray;
 use digest::KeyInit;
@ -25,6 +26,8 @@ enum Cipher {
  Aes128Gcm(Box<Aes128Gcm>),
  Aes256Gcm(Box<Aes256Gcm>),
  Aes256Cbc(Box<cbc::Encryptor<aes::Aes256>>),
+  Aes128Ctr(Box<ctr::Ctr128BE<aes::Aes128>>),
+  Aes256Ctr(Box<ctr::Ctr128BE<aes::Aes256>>),
  // TODO(kt3k): add more algorithms Aes192Cbc, etc.
 }

@ -36,6 +39,8 @@ enum Decipher {
  Aes128Gcm(Box<Aes128Gcm>),
  Aes256Gcm(Box<Aes256Gcm>),
  Aes256Cbc(Box<cbc::Decryptor<aes::Aes256>>),
+  Aes256Ctr(Box<ctr::Ctr128BE<aes::Aes256>>),
+  Aes128Ctr(Box<ctr::Ctr128BE<aes::Aes128>>),
  // TODO(kt3k): add more algorithms Aes192Cbc, Aes128GCM, etc.
 }

@ -211,6 +216,24 @@ impl Cipher {

        Aes256Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into())))
      }
+      "aes-256-ctr" => {
+        if key.len() != 32 {
+          return Err(CipherError::InvalidKeyLength);
+        }
+        if iv.len() != 16 {
+          return Err(CipherError::InvalidInitializationVector);
+        }
+        Aes256Ctr(Box::new(ctr::Ctr128BE::new(key.into(), iv.into())))
+      }
+      "aes-128-ctr" => {
+        if key.len() != 16 {
+          return Err(CipherError::InvalidKeyLength);
+        }
+        if iv.len() != 16 {
+          return Err(CipherError::InvalidInitializationVector);
+        }
+        Aes128Ctr(Box::new(ctr::Ctr128BE::new(key.into(), iv.into())))
+      }
      _ => return Err(CipherError::UnknownCipher(algorithm_name.to_string())),
    })
  }
@ -270,6 +293,12 @@ impl Cipher {
          encryptor.encrypt_block_b2b_mut(input.into(), output.into());
        }
      }
+      Aes256Ctr(encryptor) => {
+        encryptor.apply_keystream_b2b(input, output).unwrap();
+      }
+      Aes128Ctr(encryptor) => {
+        encryptor.apply_keystream_b2b(input, output).unwrap();
+      }
    }
  }

@ -350,6 +379,7 @@ impl Cipher {
        );
        Ok(None)
      }
+      (Aes256Ctr(_) | Aes128Ctr(_), _) => Ok(None),
    }
  }

@ -405,6 +435,12 @@ impl Decipher {
      "aes-128-ecb" => Aes128Ecb(Box::new(ecb::Decryptor::new(key.into()))),
      "aes-192-ecb" => Aes192Ecb(Box::new(ecb::Decryptor::new(key.into()))),
      "aes-256-ecb" => Aes256Ecb(Box::new(ecb::Decryptor::new(key.into()))),
+      "aes-256-ctr" => {
+        Aes256Ctr(Box::new(ctr::Ctr128BE::new(key.into(), iv.into())))
+      }
+      "aes-128-ctr" => {
+        Aes128Ctr(Box::new(ctr::Ctr128BE::new(key.into(), iv.into())))
+      }
      "aes-128-gcm" => {
        let decipher =
          aead_gcm_stream::AesGcm::<aes::Aes128>::new(key.into(), iv);
@ -488,6 +524,12 @@ impl Decipher {
          decryptor.decrypt_block_b2b_mut(input.into(), output.into());
        }
      }
+      Aes256Ctr(decryptor) => {
+        decryptor.apply_keystream_b2b(input, output).unwrap();
+      }
+      Aes128Ctr(decryptor) => {
+        decryptor.apply_keystream_b2b(input, output).unwrap();
+      }
    }
  }

@ -593,6 +635,14 @@ impl Decipher {
        );
        Ok(())
      }
+      (Aes256Ctr(mut decryptor), _) => {
+        decryptor.apply_keystream_b2b(input, output).unwrap();
+        Ok(())
+      }
+      (Aes128Ctr(mut decryptor), _) => {
+        decryptor.apply_keystream_b2b(input, output).unwrap();
+        Ok(())
+      }
    }
  }
 }
--- a/ext/node/polyfills/internal/crypto/cipher.ts
+++ b/ext/node/polyfills/internal/crypto/cipher.ts
@ -187,7 +187,8 @@ export class Cipheriv extends Transform implements Cipher {
    this.#cache = new BlockModeCache(false);
    this.#context = op_node_create_cipheriv(cipher, toU8(key), toU8(iv));
    this.#needsBlockCache =
-      !(cipher == "aes-128-gcm" || cipher == "aes-256-gcm");
+      !(cipher == "aes-128-gcm" || cipher == "aes-256-gcm" ||
+        cipher == "aes-128-ctr" || cipher == "aes-256-ctr");
    if (this.#context == 0) {
      throw new TypeError("Unknown cipher");
    }
@ -345,7 +346,8 @@ export class Decipheriv extends Transform implements Cipher {
    this.#cache = new BlockModeCache(this.#autoPadding);
    this.#context = op_node_create_decipheriv(cipher, toU8(key), toU8(iv));
    this.#needsBlockCache =
-      !(cipher == "aes-128-gcm" || cipher == "aes-256-gcm");
+      !(cipher == "aes-128-gcm" || cipher == "aes-256-gcm" ||
+        cipher == "aes-128-ctr" || cipher == "aes-256-ctr");
    if (this.#context == 0) {
      throw new TypeError("Unknown cipher");
    }