feat(ext/node): add crypto.createCipheriv #18091
Conversation
3a92185
to
28fcb0a
Compare
28fcb0a
to
a964d5d
Compare
a964d5d
to
a8fabf6
Compare
ext/node/Cargo.toml
Outdated
| aes = "0.8.2" | ||
| cbc = "0.1.2" |
There was a problem hiding this comment.
Consider moving these two to root Cargo.toml and using aes.workspace = true here (make sure to update other references in various Cargo.toml files)
| state.resource_table.add( | ||
| match cipher::CipherContext::new(algorithm, key, iv) { | ||
| Ok(context) => context, | ||
| Err(_) => return 0, | ||
| }, | ||
| ) |
There was a problem hiding this comment.
Appears that this resource will never be dropped which will cause the same issue as here: #18140
There was a problem hiding this comment.
Not sure this is the correct way to implement it, but Cipheriv.prototype.final method calls Deno.close(this.context) which closes the cipher resource, and the test cases pass without disabling the sanitizer
There was a problem hiding this comment.
Ah! Makes sense, thanks for clarifying.
ext/node/crypto/cipher.rs
Outdated
| use std::cell::RefCell; | ||
| use std::rc::Rc; | ||
|
|
||
| pub enum Cipher { |
There was a problem hiding this comment.
Maybe no need to make it pub?
ext/node/crypto/cipher.rs
Outdated
| // TODO(kt3k): add more algorithms Aes192Cbc, Aes256Cbc, Aes128ECB, Aes128GCM, etc. | ||
| } | ||
|
|
||
| pub enum Decipher { |
ext/node/crypto/cipher.rs
Outdated
| } | ||
|
|
||
| pub struct CipherContext { | ||
| pub cipher: Rc<RefCell<Cipher>>, |
There was a problem hiding this comment.
ditto (I'm pointing to L24 only)
ext/node/crypto/cipher.rs
Outdated
| } | ||
|
|
||
| pub struct DecipherContext { | ||
| pub decipher: Rc<RefCell<Decipher>>, |
There was a problem hiding this comment.
ditto (I'm pointing to L28 only)
ext/node/crypto/cipher.rs
Outdated
| } | ||
|
|
||
| impl Cipher { | ||
| pub fn new( |
ext/node/crypto/cipher.rs
Outdated
| }) | ||
| } | ||
|
|
||
| pub fn encrypt(&mut self, input: &[u8], output: &mut [u8]) { |
| for (let i = 0; i < input.length; i += 16) { | ||
| ops.op_node_cipheriv_encrypt( | ||
| this.context, | ||
| input.subarray(i, i + 16), | ||
| output.subarray(i, i + 16), | ||
| ); | ||
| } | ||
| return outputEncoding === "buffer" | ||
| ? output | ||
| : output.toString(outputEncoding); |
There was a problem hiding this comment.
Maybe this could done in Rust, subarrays are much cheaper there.
if (outputEncoding === "buffer") ops.op_node_encrypt_block(...);There was a problem hiding this comment.
Moved the iteration over chunks to the rust side
| let context = match state.resource_table.get::<cipher::CipherContext>(rid) { | ||
| Ok(context) => context, | ||
| Err(_) => return false, | ||
| }; |
There was a problem hiding this comment.
This should just consume the resource i.e resource_table.take. We don't need to call core.close from JS
There was a problem hiding this comment.
Added op_node_cipheriv_final which is called at the end of encryption and consumes the resource. (op_node_cipheriv_encrypt was used both for the last and middle encryptions, but that was probably confusing)
298abd1
to
76ed25d
Compare
| @@ -14,7 +14,7 @@ description = "Web Cryptography API implementation for Deno" | |||
| path = "lib.rs" | |||
|
|
|||
| [dependencies] | |||
| aes = "0.8.1" | |||
There was a problem hiding this comment.
cbc crate is now in workspace scope too. cbc.workspace = true
|
Tagged the commit as |
This PR implements very basic feature of
crypto.createCipherivwith only 'aes-128-cbc' algorithm support.The behaviors/values of
cipheriv.updateandcipheriv.finalare aligned to Node.js.(The below works in the same way in this branch and Node for example)
The following features will be added in the follow up PRs:
Decipherivstream.Transforminterface supportaes-128-gcm, etc)closes #17848