feat(node): crypto.{Cipheriv,Decipheriv}.setAutoPadding()

cli/tests/node_compat/config.jsonc

@@ -248,6 +248,7 @@
       "test-crypto-dh.js",
       "test-crypto-hkdf.js",
       "test-crypto-hmac.js",
+      "test-crypto-padding-aes256.js",
       "test-crypto-prime.js",
       "test-crypto-secret-keygen.js",
       "test-crypto-stream.js",

cli/tests/node_compat/test/parallel/test-crypto-padding-aes256.js

@@ -0,0 +1,67 @@
+// deno-fmt-ignore-file
+// deno-lint-ignore-file
+
+// Copyright Joyent and Node contributors. All rights reserved. MIT license.
+// Taken from Node 18.12.1
+// This file is automatically generated by `tools/node_compat/setup.ts`. Do not modify this file manually.
+
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+'use strict';
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const crypto = require('crypto');
+
+const iv = Buffer.from('00000000000000000000000000000000', 'hex');
+const key = Buffer.from('0123456789abcdef0123456789abcdef' +
+                        '0123456789abcdef0123456789abcdef', 'hex');
+
+function encrypt(val, pad) {
+  const c = crypto.createCipheriv('aes256', key, iv);
+  c.setAutoPadding(pad);
+  return c.update(val, 'utf8', 'latin1') + c.final('latin1');
+}
+
+function decrypt(val, pad) {
+  const c = crypto.createDecipheriv('aes256', key, iv);
+  c.setAutoPadding(pad);
+  return c.update(val, 'latin1', 'utf8') + c.final('utf8');
+}
+
+// echo 0123456789abcdef0123456789abcdef \
+// | openssl enc -e -aes256 -nopad -K <key> -iv <iv> \
+// | openssl enc -d -aes256 -nopad -K <key> -iv <iv>
+let plaintext = '0123456789abcdef0123456789abcdef'; // Multiple of block size
+let encrypted = encrypt(plaintext, false);
+let decrypted = decrypt(encrypted, false);
+assert.strictEqual(decrypted, plaintext);
+
+// echo 0123456789abcdef0123456789abcde \
+// | openssl enc -e -aes256 -K <key> -iv <iv> \
+// | openssl enc -d -aes256 -K <key> -iv <iv>
+plaintext = '0123456789abcdef0123456789abcde'; // not a multiple
+encrypted = encrypt(plaintext, true);
+decrypted = decrypt(encrypted, true);
+assert.strictEqual(decrypted, plaintext);

cli/tests/unit_node/crypto/crypto_cipher_test.ts

@@ -3,7 +3,11 @@ import crypto from "node:crypto";
 import { Buffer } from "node:buffer";
 import { Readable } from "node:stream";
 import { buffer, text } from "node:stream/consumers";
-import { assertEquals, assertThrows } from "@test_util/std/assert/mod.ts";
+import {
+  assertEquals,
+  assertStrictEquals,
+  assertThrows,
+} from "@test_util/std/assert/mod.ts";
 
 const rsaPrivateKey = Deno.readTextFileSync(
   new URL("../testdata/rsa_private.pem", import.meta.url),
@@ -256,3 +260,100 @@ Deno.test({
     );
   },
 });
+
+function setAutoPaddingTest(
+  { algorithm, keyLength, pad }: {
+    algorithm: string;
+    keyLength: number;
+    pad: boolean;
+  },
+) {
+  const key = crypto.randomBytes(keyLength);
+  const iv = algorithm.endsWith("ecb") ? null : crypto.randomBytes(16);
+  const data = pad
+    ? "0123456789abcdef0123456789abcde" // Not a multiple of block size
+    : "0123456789abcdef0123456789abcdef"; // Multiple of block size
+
+  const cipher = crypto.createCipheriv(algorithm, key, iv);
+  cipher.setAutoPadding(pad);
+  const encrypted = cipher.update(data, "utf8", "latin1") +
+    cipher.final("latin1");
+
+  const decipher = crypto.createDecipheriv(algorithm, key, iv);
+  decipher.setAutoPadding(pad);
+  const decrypted = decipher.update(encrypted, "latin1", "utf8") +
+    decipher.final("utf8");
+
+  assertStrictEquals(decrypted, data);
+}
+
+/**
+ * @todo(iuioiua) Add `*-gcm` algorithms once `Cipher.getAuthTag()` and
+ * `Decipher.setAuthTag()` are implemented.
+ */
+[
+  {
+    algorithm: "aes-128-cbc",
+    keyLength: 16,
+    pad: false,
+  },
+  {
+    algorithm: "aes-128-cbc",
+    keyLength: 16,
+    pad: true,
+  },
+  {
+    algorithm: "aes-128-ecb",
+    keyLength: 16,
+    pad: false,
+  },
+  {
+    algorithm: "aes-128-ecb",
+    keyLength: 16,
+    pad: true,
+  },
+  {
+    algorithm: "aes-192-ecb",
+    keyLength: 24,
+    pad: false,
+  },
+  {
+    algorithm: "aes-192-ecb",
+    keyLength: 24,
+    pad: true,
+  },
+  {
+    algorithm: "aes256",
+    keyLength: 32,
+    pad: false,
+  },
+  {
+    algorithm: "aes256",
+    keyLength: 32,
+    pad: true,
+  },
+  {
+    algorithm: "aes-256-cbc",
+    keyLength: 32,
+    pad: false,
+  },
+  {
+    algorithm: "aes-256-cbc",
+    keyLength: 32,
+    pad: true,
+  },
+  {
+    algorithm: "aes-256-ecb",
+    keyLength: 32,
+    pad: false,
+  },
+  {
+    algorithm: "aes-256-ecb",
+    keyLength: 32,
+    pad: true,
+  },
+].forEach((options) => {
+  Deno.test(`cipher.setAutoPadding() and decipher.setAutoPadding() - ${options.algorithm} ${options.pad ? "with" : "without"} padding`, () => {
+    setAutoPaddingTest(options);
+  });
+});