xref: /third_party/node/src/crypto/crypto_cipher.cc

30 bool IsSupportedAuthenticatedMode(const EVP_CIPHER* cipher) {
31   switch (EVP_CIPHER_mode(cipher)) {
39     return EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305;
46   const EVP_CIPHER* cipher = EVP_CIPHER_CTX_cipher(ctx);
47   return IsSupportedAuthenticatedMode(cipher);
54 // Collects and returns information on the given cipher
62   const EVP_CIPHER* cipher;
65     cipher = EVP_get_cipherbyname(*name);
68     cipher = EVP_get_cipherbynid(nid);
71   if (cipher == nullptr)
74   int mode = EVP_CIPHER_mode(cipher);
75   int iv_length = EVP_CIPHER_iv_length(cipher);
76   int key_length = EVP_CIPHER_key_length(cipher);
77   int block_length = EVP_CIPHER_block_size(cipher);
95   // the cipher in question, returning undefined if they are not.
103     if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr, 1))
151   // OBJ_nid2sn(EVP_CIPHER_nid(cipher)) is used here instead of
152   // EVP_CIPHER_name(cipher) for compatibility with BoringSSL.
158             OBJ_nid2sn(EVP_CIPHER_nid(cipher)))).IsNothing()) {
165           Int32::New(env->isolate(), EVP_CIPHER_nid(cipher))).IsNothing()) {
229     const SSL_CIPHER* cipher = sk_SSL_CIPHER_value(ciphers, i);
230     arr[i] = OneByteString(env->isolate(), SSL_CIPHER_get_name(cipher));
368                             const EVP_CIPHER* cipher,
377   const int mode = EVP_CIPHER_mode(cipher);
382   if (1 != EVP_CipherInit_ex(ctx_.get(), cipher, nullptr,
385                             "Failed to initialize cipher");
388   if (IsSupportedAuthenticatedMode(cipher)) {
401                             "Failed to initialize cipher");
419   const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type);
420   if (cipher == nullptr)
426   int key_len = EVP_BytesToKey(cipher,
436   const int mode = EVP_CIPHER_mode(cipher);
447   CommonInit(cipher_type, cipher, key, key_len, iv,
448              EVP_CIPHER_iv_length(cipher), auth_tag_len);
452   CipherBase* cipher;
453   ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder());
463   // Don't assign to cipher->auth_tag_len_ directly; the value might not
473   cipher->Init(*cipher_type, key_buf, auth_tag_len);
483   const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type);
484   if (cipher == nullptr)
487   const int expected_iv_len = EVP_CIPHER_iv_length(cipher);
488   const bool is_authenticated_mode = IsSupportedAuthenticatedMode(cipher);
491   // Throw if no IV was passed and the cipher requires an IV
495   // Throw if an IV was passed which does not match the cipher's fixed IV length
504   if (EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305) {
515       cipher,
524   CipherBase* cipher;
525   ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder());
526   Environment* env = cipher->env();
546   // Don't assign to cipher->auth_tag_len_ directly; the value might not
556   cipher->InitIv(*cipher_type, key_buf, iv_buf, auth_tag_len);
652   // Check if this cipher operates in an AEAD mode that we support.
659   CipherBase* cipher;
660   ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder());
663   if (cipher->ctx_ ||
664       cipher->kind_ != kCipher ||
665       cipher->auth_tag_len_ == kNoAuthTagLength) {
670       Buffer::Copy(env, cipher->auth_tag_, cipher->auth_tag_len_)
675   CipherBase* cipher;
676   ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder());
679   if (!cipher->ctx_ ||
680       !cipher->IsAuthenticatedMode() ||
681       cipher->kind_ != kDecipher ||
682       cipher->auth_tag_state_ != kAuthTagUnknown) {
692   const int mode = EVP_CIPHER_CTX_mode(cipher->ctx_.get());
696     is_valid = (cipher->auth_tag_len_ == kNoAuthTagLength ||
697                 cipher->auth_tag_len_ == tag_len) &&
702     CHECK(IsSupportedAuthenticatedMode(cipher->ctx_.get()));
703     CHECK_NE(cipher->auth_tag_len_, kNoAuthTagLength);
704     is_valid = cipher->auth_tag_len_ == tag_len;
712   cipher->auth_tag_len_ = tag_len;
713   cipher->auth_tag_state_ = kAuthTagKnown;
714   CHECK_LE(cipher->auth_tag_len_, sizeof(cipher->auth_tag_));
716   memset(cipher->auth_tag_, 0, sizeof(cipher->auth_tag_));
717   auth_tag.CopyTo(cipher->auth_tag_, cipher->auth_tag_len_);
775   CipherBase* cipher;
776   ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder());
786   args.GetReturnValue().Set(cipher->SetAAD(buf, plaintext_len));
850   Decode<CipherBase>(args, [](CipherBase* cipher,
859     UpdateResult r = cipher->Update(data, size, &out);
883   CipherBase* cipher;
884   ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder());
886   bool b = cipher->SetAutoPadding(args.Length() < 1 || args[0]->IsTrue());
955   CipherBase* cipher;
956   ASSIGN_OR_RETURN_UNWRAP(&cipher, args.Holder());
957   if (cipher->ctx_ == nullptr)
963   const bool is_auth_mode = cipher->IsAuthenticatedMode();
964   bool r = cipher->Final(&out);

Indexes created Thu Nov 07 10:32:03 CST 2024