-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(ext/node): add crypto.createCipheriv #18091
Conversation
3a92185
to
28fcb0a
Compare
28fcb0a
to
a964d5d
Compare
a964d5d
to
a8fabf6
Compare
ext/node/Cargo.toml
Outdated
aes = "0.8.2" | ||
cbc = "0.1.2" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider moving these two to root Cargo.toml
and using aes.workspace = true
here (make sure to update other references in various Cargo.toml
files)
state.resource_table.add( | ||
match cipher::CipherContext::new(algorithm, key, iv) { | ||
Ok(context) => context, | ||
Err(_) => return 0, | ||
}, | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Appears that this resource will never be dropped which will cause the same issue as here: #18140
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure this is the correct way to implement it, but Cipheriv.prototype.final
method calls Deno.close(this.context)
which closes the cipher resource, and the test cases pass without disabling the sanitizer
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah! Makes sense, thanks for clarifying.
ext/node/crypto/cipher.rs
Outdated
use std::cell::RefCell; | ||
use std::rc::Rc; | ||
|
||
pub enum Cipher { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe no need to make it pub
?
ext/node/crypto/cipher.rs
Outdated
// TODO(kt3k): add more algorithms Aes192Cbc, Aes256Cbc, Aes128ECB, Aes128GCM, etc. | ||
} | ||
|
||
pub enum Decipher { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
ext/node/crypto/cipher.rs
Outdated
} | ||
|
||
pub struct CipherContext { | ||
pub cipher: Rc<RefCell<Cipher>>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto (I'm pointing to L24 only)
ext/node/crypto/cipher.rs
Outdated
} | ||
|
||
pub struct DecipherContext { | ||
pub decipher: Rc<RefCell<Decipher>>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto (I'm pointing to L28 only)
ext/node/crypto/cipher.rs
Outdated
} | ||
|
||
impl Cipher { | ||
pub fn new( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
ext/node/crypto/cipher.rs
Outdated
}) | ||
} | ||
|
||
pub fn encrypt(&mut self, input: &[u8], output: &mut [u8]) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
for (let i = 0; i < input.length; i += 16) { | ||
ops.op_node_cipheriv_encrypt( | ||
this.context, | ||
input.subarray(i, i + 16), | ||
output.subarray(i, i + 16), | ||
); | ||
} | ||
return outputEncoding === "buffer" | ||
? output | ||
: output.toString(outputEncoding); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe this could done in Rust, subarrays are much cheaper there.
if (outputEncoding === "buffer") ops.op_node_encrypt_block(...);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved the iteration over chunks to the rust side
let context = match state.resource_table.get::<cipher::CipherContext>(rid) { | ||
Ok(context) => context, | ||
Err(_) => return false, | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should just consume the resource i.e resource_table.take
. We don't need to call core.close
from JS
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added op_node_cipheriv_final
which is called at the end of encryption and consumes the resource. (op_node_cipheriv_encrypt
was used both for the last and middle encryptions, but that was probably confusing)
298abd1
to
76ed25d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -14,7 +14,7 @@ description = "Web Cryptography API implementation for Deno" | |||
path = "lib.rs" | |||
|
|||
[dependencies] | |||
aes = "0.8.1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cbc crate is now in workspace scope too. cbc.workspace = true
Tagged the commit as |
This PR implements very basic feature of
crypto.createCipheriv
with only 'aes-128-cbc' algorithm support.The behaviors/values of
cipheriv.update
andcipheriv.final
are aligned to Node.js.(The below works in the same way in this branch and Node for example)
The following features will be added in the follow up PRs:
Decipheriv
stream.Transform
interface supportaes-128-gcm
, etc)closes #17848