Skip to content

Commit

Permalink
src: remove redundant AESCipherMode
Browse files Browse the repository at this point in the history
For each supported variant of AES, we already have OpenSSL's associated
NID, so we can simply retrieve the block cipher mode of operation from
the NID.

PR-URL: #54438
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
  • Loading branch information
tniessen authored Aug 27, 2024
1 parent c00ea01 commit 74ea78d
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 35 deletions.
28 changes: 13 additions & 15 deletions src/crypto/crypto_aes.cc
Original file line number Diff line number Diff line change
Expand Up @@ -471,12 +471,9 @@ Maybe<bool> AESCipherTraits::AdditionalConfig(
params->variant =
static_cast<AESKeyVariant>(args[offset].As<Uint32>()->Value());

AESCipherMode cipher_op_mode;
int cipher_nid;

#define V(name, _, mode, nid) \
#define V(name, _, nid) \
case kKeyVariantAES_##name: { \
cipher_op_mode = mode; \
cipher_nid = nid; \
break; \
}
Expand All @@ -487,15 +484,22 @@ Maybe<bool> AESCipherTraits::AdditionalConfig(
}
#undef V

if (cipher_op_mode != AESCipherMode::KW) {
params->cipher = EVP_get_cipherbynid(cipher_nid);
if (params->cipher == nullptr) {
THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env);
return Nothing<bool>();
}

int cipher_op_mode = EVP_CIPHER_mode(params->cipher);
if (cipher_op_mode != EVP_CIPH_WRAP_MODE) {
if (!ValidateIV(env, mode, args[offset + 1], params)) {
return Nothing<bool>();
}
if (cipher_op_mode == AESCipherMode::CTR) {
if (cipher_op_mode == EVP_CIPH_CTR_MODE) {
if (!ValidateCounter(env, args[offset + 2], params)) {
return Nothing<bool>();
}
} else if (cipher_op_mode == AESCipherMode::GCM) {
} else if (cipher_op_mode == EVP_CIPH_GCM_MODE) {
if (!ValidateAuthTag(env, mode, cipher_mode, args[offset + 2], params) ||
!ValidateAdditionalData(env, mode, args[offset + 3], params)) {
return Nothing<bool>();
Expand All @@ -505,12 +509,6 @@ Maybe<bool> AESCipherTraits::AdditionalConfig(
UseDefaultIV(params);
}

params->cipher = EVP_get_cipherbynid(cipher_nid);
if (params->cipher == nullptr) {
THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env);
return Nothing<bool>();
}

if (params->iv.size() <
static_cast<size_t>(EVP_CIPHER_iv_length(params->cipher))) {
THROW_ERR_CRYPTO_INVALID_IV(env);
Expand All @@ -527,7 +525,7 @@ WebCryptoCipherStatus AESCipherTraits::DoCipher(
const AESCipherConfig& params,
const ByteSource& in,
ByteSource* out) {
#define V(name, fn, _, __) \
#define V(name, fn, _) \
case kKeyVariantAES_##name: \
return fn(env, key_data.get(), cipher_mode, params, in, out);
switch (params.variant) {
Expand All @@ -541,7 +539,7 @@ WebCryptoCipherStatus AESCipherTraits::DoCipher(
void AES::Initialize(Environment* env, Local<Object> target) {
AESCryptoJob::Initialize(env, target);

#define V(name, _, __, ___) NODE_DEFINE_CONSTANT(target, kKeyVariantAES_##name);
#define V(name, _, __) NODE_DEFINE_CONSTANT(target, kKeyVariantAES_##name);
VARIANTS(V)
#undef V
}
Expand Down
33 changes: 13 additions & 20 deletions src/crypto/crypto_aes.h
Original file line number Diff line number Diff line change
Expand Up @@ -15,29 +15,22 @@ constexpr size_t kAesBlockSize = 16;
constexpr unsigned kNoAuthTagLength = static_cast<unsigned>(-1);
constexpr const char* kDefaultWrapIV = "\xa6\xa6\xa6\xa6\xa6\xa6\xa6\xa6";

enum class AESCipherMode {
CTR,
CBC,
GCM,
KW,
};

#define VARIANTS(V) \
V(CTR_128, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_128_ctr) \
V(CTR_192, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_192_ctr) \
V(CTR_256, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_256_ctr) \
V(CBC_128, AES_Cipher, AESCipherMode::CBC, NID_aes_128_cbc) \
V(CBC_192, AES_Cipher, AESCipherMode::CBC, NID_aes_192_cbc) \
V(CBC_256, AES_Cipher, AESCipherMode::CBC, NID_aes_256_cbc) \
V(GCM_128, AES_Cipher, AESCipherMode::GCM, NID_aes_128_gcm) \
V(GCM_192, AES_Cipher, AESCipherMode::GCM, NID_aes_192_gcm) \
V(GCM_256, AES_Cipher, AESCipherMode::GCM, NID_aes_256_gcm) \
V(KW_128, AES_Cipher, AESCipherMode::KW, NID_id_aes128_wrap) \
V(KW_192, AES_Cipher, AESCipherMode::KW, NID_id_aes192_wrap) \
V(KW_256, AES_Cipher, AESCipherMode::KW, NID_id_aes256_wrap)
V(CTR_128, AES_CTR_Cipher, NID_aes_128_ctr) \
V(CTR_192, AES_CTR_Cipher, NID_aes_192_ctr) \
V(CTR_256, AES_CTR_Cipher, NID_aes_256_ctr) \
V(CBC_128, AES_Cipher, NID_aes_128_cbc) \
V(CBC_192, AES_Cipher, NID_aes_192_cbc) \
V(CBC_256, AES_Cipher, NID_aes_256_cbc) \
V(GCM_128, AES_Cipher, NID_aes_128_gcm) \
V(GCM_192, AES_Cipher, NID_aes_192_gcm) \
V(GCM_256, AES_Cipher, NID_aes_256_gcm) \
V(KW_128, AES_Cipher, NID_id_aes128_wrap) \
V(KW_192, AES_Cipher, NID_id_aes192_wrap) \
V(KW_256, AES_Cipher, NID_id_aes256_wrap)

enum AESKeyVariant {
#define V(name, _, __, ___) kKeyVariantAES_##name,
#define V(name, _, __) kKeyVariantAES_##name,
VARIANTS(V)
#undef V
};
Expand Down

0 comments on commit 74ea78d

Please sign in to comment.