src: remove redundant AESCipherMode

For each supported variant of AES, we already have OpenSSL's associated NID, so we can simply retrieve the block cipher mode of operation from the NID. PR-URL: https://github.com/nodejs/node/pull/54438 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
2024-11-21 10:59:27 +00:00 · 2024-08-27 10:17:21 +02:00 · 2024-08-27 10:17:21 +02:00 · 74ea78ddc6
commit 74ea78ddc6
parent c00ea01f2b
2 changed files with 26 additions and 35 deletions
--- a/src/crypto/crypto_aes.cc
+++ b/src/crypto/crypto_aes.cc
@ -471,12 +471,9 @@ Maybe<bool> AESCipherTraits::AdditionalConfig(
  params->variant =
      static_cast<AESKeyVariant>(args[offset].As<Uint32>()->Value());

-  AESCipherMode cipher_op_mode;
  int cipher_nid;
-
-#define V(name, _, mode, nid)                                                  \
+#define V(name, _, nid)                                                        \
  case kKeyVariantAES_##name: {                                                \
-    cipher_op_mode = mode;                                                     \
    cipher_nid = nid;                                                          \
    break;                                                                     \
  }
@ -487,15 +484,22 @@ Maybe<bool> AESCipherTraits::AdditionalConfig(
  }
 #undef V

-  if (cipher_op_mode != AESCipherMode::KW) {
+  params->cipher = EVP_get_cipherbynid(cipher_nid);
+  if (params->cipher == nullptr) {
+    THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env);
+    return Nothing<bool>();
+  }
+
+  int cipher_op_mode = EVP_CIPHER_mode(params->cipher);
+  if (cipher_op_mode != EVP_CIPH_WRAP_MODE) {
    if (!ValidateIV(env, mode, args[offset + 1], params)) {
      return Nothing<bool>();
    }
-    if (cipher_op_mode == AESCipherMode::CTR) {
+    if (cipher_op_mode == EVP_CIPH_CTR_MODE) {
      if (!ValidateCounter(env, args[offset + 2], params)) {
        return Nothing<bool>();
      }
-    } else if (cipher_op_mode == AESCipherMode::GCM) {
+    } else if (cipher_op_mode == EVP_CIPH_GCM_MODE) {
      if (!ValidateAuthTag(env, mode, cipher_mode, args[offset + 2], params) ||
          !ValidateAdditionalData(env, mode, args[offset + 3], params)) {
        return Nothing<bool>();
@ -505,12 +509,6 @@ Maybe<bool> AESCipherTraits::AdditionalConfig(
    UseDefaultIV(params);
  }

-  params->cipher = EVP_get_cipherbynid(cipher_nid);
-  if (params->cipher == nullptr) {
-    THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env);
-    return Nothing<bool>();
-  }
-
  if (params->iv.size() <
      static_cast<size_t>(EVP_CIPHER_iv_length(params->cipher))) {
    THROW_ERR_CRYPTO_INVALID_IV(env);
@ -527,7 +525,7 @@ WebCryptoCipherStatus AESCipherTraits::DoCipher(
    const AESCipherConfig& params,
    const ByteSource& in,
    ByteSource* out) {
-#define V(name, fn, _, __)                                                     \
+#define V(name, fn, _)                                                         \
  case kKeyVariantAES_##name:                                                  \
    return fn(env, key_data.get(), cipher_mode, params, in, out);
  switch (params.variant) {
@ -541,7 +539,7 @@ WebCryptoCipherStatus AESCipherTraits::DoCipher(
 void AES::Initialize(Environment* env, Local<Object> target) {
  AESCryptoJob::Initialize(env, target);

-#define V(name, _, __, ___) NODE_DEFINE_CONSTANT(target, kKeyVariantAES_##name);
+#define V(name, _, __) NODE_DEFINE_CONSTANT(target, kKeyVariantAES_##name);
  VARIANTS(V)
 #undef V
 }
--- a/src/crypto/crypto_aes.h
+++ b/src/crypto/crypto_aes.h
@ -15,29 +15,22 @@ constexpr size_t kAesBlockSize = 16;
 constexpr unsigned kNoAuthTagLength = static_cast<unsigned>(-1);
 constexpr const char* kDefaultWrapIV = "\xa6\xa6\xa6\xa6\xa6\xa6\xa6\xa6";

-enum class AESCipherMode {
-  CTR,
-  CBC,
-  GCM,
-  KW,
-};
-
 #define VARIANTS(V)                                                            \
-  V(CTR_128, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_128_ctr)              \
-  V(CTR_192, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_192_ctr)              \
-  V(CTR_256, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_256_ctr)              \
-  V(CBC_128, AES_Cipher, AESCipherMode::CBC, NID_aes_128_cbc)                  \
-  V(CBC_192, AES_Cipher, AESCipherMode::CBC, NID_aes_192_cbc)                  \
-  V(CBC_256, AES_Cipher, AESCipherMode::CBC, NID_aes_256_cbc)                  \
-  V(GCM_128, AES_Cipher, AESCipherMode::GCM, NID_aes_128_gcm)                  \
-  V(GCM_192, AES_Cipher, AESCipherMode::GCM, NID_aes_192_gcm)                  \
-  V(GCM_256, AES_Cipher, AESCipherMode::GCM, NID_aes_256_gcm)                  \
-  V(KW_128, AES_Cipher, AESCipherMode::KW, NID_id_aes128_wrap)                 \
-  V(KW_192, AES_Cipher, AESCipherMode::KW, NID_id_aes192_wrap)                 \
-  V(KW_256, AES_Cipher, AESCipherMode::KW, NID_id_aes256_wrap)
+  V(CTR_128, AES_CTR_Cipher, NID_aes_128_ctr)                                  \
+  V(CTR_192, AES_CTR_Cipher, NID_aes_192_ctr)                                  \
+  V(CTR_256, AES_CTR_Cipher, NID_aes_256_ctr)                                  \
+  V(CBC_128, AES_Cipher, NID_aes_128_cbc)                                      \
+  V(CBC_192, AES_Cipher, NID_aes_192_cbc)                                      \
+  V(CBC_256, AES_Cipher, NID_aes_256_cbc)                                      \
+  V(GCM_128, AES_Cipher, NID_aes_128_gcm)                                      \
+  V(GCM_192, AES_Cipher, NID_aes_192_gcm)                                      \
+  V(GCM_256, AES_Cipher, NID_aes_256_gcm)                                      \
+  V(KW_128, AES_Cipher, NID_id_aes128_wrap)                                    \
+  V(KW_192, AES_Cipher, NID_id_aes192_wrap)                                    \
+  V(KW_256, AES_Cipher, NID_id_aes256_wrap)

 enum AESKeyVariant {
-#define V(name, _, __, ___) kKeyVariantAES_##name,
+#define V(name, _, __) kKeyVariantAES_##name,
  VARIANTS(V)
 #undef V
 };