Skip to content

Commit

Permalink
src: simplify AESCipherTraits::AdditionalConfig
Browse files Browse the repository at this point in the history
Instead of a giant switch statement and a lot of duplicate code, add the
NID and the block cipher mode of operation to the VARIANTS list and use
those fields to perform configuration appropriately.

PR-URL: #53890
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
  • Loading branch information
tniessen authored Jul 25, 2024
1 parent 2cd9687 commit 8c006d2
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 86 deletions.
99 changes: 27 additions & 72 deletions src/crypto/crypto_aes.cc
Original file line number Diff line number Diff line change
Expand Up @@ -476,83 +476,38 @@ Maybe<bool> AESCipherTraits::AdditionalConfig(
params->variant =
static_cast<AESKeyVariant>(args[offset].As<Uint32>()->Value());

AESCipherMode cipher_op_mode;
int cipher_nid;

#define V(name, _, mode, nid) \
case kKeyVariantAES_##name: { \
cipher_op_mode = mode; \
cipher_nid = nid; \
break; \
}
switch (params->variant) {
case kKeyVariantAES_CTR_128:
if (!ValidateIV(env, mode, args[offset + 1], params) ||
!ValidateCounter(env, args[offset + 2], params)) {
return Nothing<bool>();
}
cipher_nid = NID_aes_128_ctr;
break;
case kKeyVariantAES_CTR_192:
if (!ValidateIV(env, mode, args[offset + 1], params) ||
!ValidateCounter(env, args[offset + 2], params)) {
return Nothing<bool>();
}
cipher_nid = NID_aes_192_ctr;
break;
case kKeyVariantAES_CTR_256:
if (!ValidateIV(env, mode, args[offset + 1], params) ||
!ValidateCounter(env, args[offset + 2], params)) {
return Nothing<bool>();
}
cipher_nid = NID_aes_256_ctr;
break;
case kKeyVariantAES_CBC_128:
if (!ValidateIV(env, mode, args[offset + 1], params))
return Nothing<bool>();
cipher_nid = NID_aes_128_cbc;
break;
case kKeyVariantAES_CBC_192:
if (!ValidateIV(env, mode, args[offset + 1], params))
return Nothing<bool>();
cipher_nid = NID_aes_192_cbc;
break;
case kKeyVariantAES_CBC_256:
if (!ValidateIV(env, mode, args[offset + 1], params))
return Nothing<bool>();
cipher_nid = NID_aes_256_cbc;
break;
case kKeyVariantAES_KW_128:
UseDefaultIV(params);
cipher_nid = NID_id_aes128_wrap;
break;
case kKeyVariantAES_KW_192:
UseDefaultIV(params);
cipher_nid = NID_id_aes192_wrap;
break;
case kKeyVariantAES_KW_256:
UseDefaultIV(params);
cipher_nid = NID_id_aes256_wrap;
break;
case kKeyVariantAES_GCM_128:
if (!ValidateIV(env, mode, args[offset + 1], params) ||
!ValidateAuthTag(env, mode, cipher_mode, args[offset + 2], params) ||
!ValidateAdditionalData(env, mode, args[offset + 3], params)) {
return Nothing<bool>();
}
cipher_nid = NID_aes_128_gcm;
break;
case kKeyVariantAES_GCM_192:
if (!ValidateIV(env, mode, args[offset + 1], params) ||
!ValidateAuthTag(env, mode, cipher_mode, args[offset + 2], params) ||
!ValidateAdditionalData(env, mode, args[offset + 3], params)) {
VARIANTS(V)
default:
UNREACHABLE();
}
#undef V

if (cipher_op_mode != AESCipherMode::KW) {
if (!ValidateIV(env, mode, args[offset + 1], params)) {
return Nothing<bool>();
}
if (cipher_op_mode == AESCipherMode::CTR) {
if (!ValidateCounter(env, args[offset + 2], params)) {
return Nothing<bool>();
}
cipher_nid = NID_aes_192_gcm;
break;
case kKeyVariantAES_GCM_256:
if (!ValidateIV(env, mode, args[offset + 1], params) ||
!ValidateAuthTag(env, mode, cipher_mode, args[offset + 2], params) ||
} else if (cipher_op_mode == AESCipherMode::GCM) {
if (!ValidateAuthTag(env, mode, cipher_mode, args[offset + 2], params) ||
!ValidateAdditionalData(env, mode, args[offset + 3], params)) {
return Nothing<bool>();
}
cipher_nid = NID_aes_256_gcm;
break;
default:
UNREACHABLE();
}
} else {
UseDefaultIV(params);
}

params->cipher = EVP_get_cipherbynid(cipher_nid);
Expand All @@ -577,8 +532,8 @@ WebCryptoCipherStatus AESCipherTraits::DoCipher(
const AESCipherConfig& params,
const ByteSource& in,
ByteSource* out) {
#define V(name, fn) \
case kKeyVariantAES_ ## name: \
#define V(name, fn, _, __) \
case kKeyVariantAES_##name: \
return fn(env, key_data.get(), cipher_mode, params, in, out);
switch (params.variant) {
VARIANTS(V)
Expand All @@ -591,7 +546,7 @@ WebCryptoCipherStatus AESCipherTraits::DoCipher(
void AES::Initialize(Environment* env, Local<Object> target) {
AESCryptoJob::Initialize(env, target);

#define V(name, _) NODE_DEFINE_CONSTANT(target, kKeyVariantAES_ ## name);
#define V(name, _, __, ___) NODE_DEFINE_CONSTANT(target, kKeyVariantAES_##name);
VARIANTS(V)
#undef V
}
Expand Down
35 changes: 21 additions & 14 deletions src/crypto/crypto_aes.h
Original file line number Diff line number Diff line change
Expand Up @@ -15,22 +15,29 @@ constexpr size_t kAesBlockSize = 16;
constexpr unsigned kNoAuthTagLength = static_cast<unsigned>(-1);
constexpr const char* kDefaultWrapIV = "\xa6\xa6\xa6\xa6\xa6\xa6\xa6\xa6";

#define VARIANTS(V) \
V(CTR_128, AES_CTR_Cipher) \
V(CTR_192, AES_CTR_Cipher) \
V(CTR_256, AES_CTR_Cipher) \
V(CBC_128, AES_Cipher) \
V(CBC_192, AES_Cipher) \
V(CBC_256, AES_Cipher) \
V(GCM_128, AES_Cipher) \
V(GCM_192, AES_Cipher) \
V(GCM_256, AES_Cipher) \
V(KW_128, AES_Cipher) \
V(KW_192, AES_Cipher) \
V(KW_256, AES_Cipher)
enum class AESCipherMode {
CTR,
CBC,
GCM,
KW,
};

#define VARIANTS(V) \
V(CTR_128, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_128_ctr) \
V(CTR_192, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_192_ctr) \
V(CTR_256, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_256_ctr) \
V(CBC_128, AES_Cipher, AESCipherMode::CBC, NID_aes_128_cbc) \
V(CBC_192, AES_Cipher, AESCipherMode::CBC, NID_aes_192_cbc) \
V(CBC_256, AES_Cipher, AESCipherMode::CBC, NID_aes_256_cbc) \
V(GCM_128, AES_Cipher, AESCipherMode::GCM, NID_aes_128_gcm) \
V(GCM_192, AES_Cipher, AESCipherMode::GCM, NID_aes_192_gcm) \
V(GCM_256, AES_Cipher, AESCipherMode::GCM, NID_aes_256_gcm) \
V(KW_128, AES_Cipher, AESCipherMode::KW, NID_id_aes128_wrap) \
V(KW_192, AES_Cipher, AESCipherMode::KW, NID_id_aes192_wrap) \
V(KW_256, AES_Cipher, AESCipherMode::KW, NID_id_aes256_wrap)

enum AESKeyVariant {
#define V(name, _) kKeyVariantAES_ ## name,
#define V(name, _, __, ___) kKeyVariantAES_##name,
VARIANTS(V)
#undef V
};
Expand Down

0 comments on commit 8c006d2

Please sign in to comment.