Add support for CBC without padding (#210)

Motivation: As described in #209, I personally need this to migrate an oracle driver from a third party crypto lib to swift-crypto. I think other users might benefit from this addition too. Modifications: I've added an overload to the encrypt and decrypt methods of AES._CBC, allowing the user to configure if padding should be added or not. With noPadding set to true, an error will be thrown if the plaintext isn't a multiple of the block size. I've added the corresponding inline documentation. I've also added tests to ensure both encrypting and decrypting without padding work as expected. Although those tests might not be sufficient enough, because I couldn't find good resources online. I've created a bunch of random hex strings and encrypted/decrypted them using another implementation of paddingless CBC and checked if I receive the expected results. To further validate the feature, I've tested it as part of the authentication in oracle-nio, which worked in all test scenarios I've been running. Result: After merging this, it will be possible to use CBC without padding. This closes #209
apple · Dec 5, 2023 · b793a1e · b793a1e
1 parent f4b21db
commit b793a1e
Show file tree

Hide file tree

Showing 2 changed files with 130 additions and 2 deletions.
diff --git a/Sources/_CryptoExtras/AES/AES_CBC.swift b/Sources/_CryptoExtras/AES/AES_CBC.swift
@@ -40,12 +40,30 @@ extension AES {
         ///   - iv: The initialization vector.
         /// - Returns: The encrypted ciphertext.
         public static func encrypt<Plaintext: DataProtocol>(_ plaintext: Plaintext, using key: SymmetricKey, iv: AES._CBC.IV) throws -> Data {
+            try self.encrypt(plaintext, using: key, iv: iv, noPadding: false)
+        }
+
+        /// Encrypts data using AES-CBC.
+        ///
+        /// - Parameters:
+        ///   - plaintext: The message to encrypt.
+        ///   - key: A encryption key.
+        ///   - iv: The initialization vector.
+        ///   - noPadding: If set to `true`, padding won't be added.
+        /// - Returns: The encrypted ciphertext.
+        ///
+        /// - Note: If `noPadding` is set to `true`, `plainText` has to be a multiple of the blockSize (16 bytes). Otherwise an error will be thrown.
+        public static func encrypt<Plaintext: DataProtocol>(_ plaintext: Plaintext, using key: SymmetricKey, iv: AES._CBC.IV, noPadding: Bool) throws -> Data {
             guard [128, 192, 256].contains(key.bitCount) else {
                 throw CryptoKitError.incorrectKeySize
             }
 
             let requiresFullPaddingBlock = (plaintext.count % AES._CBC.blockSize) == 0
 
+            if noPadding && !requiresFullPaddingBlock {
+                throw CryptoKitError.incorrectParameterSize
+            }
+
             var ciphertext = Data()
             ciphertext.reserveCapacity(plaintext.count + Self.blockSize)  // Room for padding.
 
@@ -60,7 +78,7 @@ extension AES {
                 plaintext = plaintext.dropFirst(Self.blockSize)
             }
 
-            if requiresFullPaddingBlock {
+            if requiresFullPaddingBlock && !noPadding {
                 var block = Block.paddingBlock
                 try Self.encryptBlockInPlace(&block, priorCiphertextBlock: previousBlock, using: key)
                 ciphertext.append(contentsOf: block)
@@ -84,6 +102,18 @@ extension AES {
         ///   - iv: The initialization vector.
         /// - Returns: The decrypted message.
         public static func decrypt<Ciphertext: DataProtocol>(_ ciphertext: Ciphertext, using key: SymmetricKey, iv: AES._CBC.IV) throws -> Data {
+            try self.decrypt(ciphertext, using: key, iv: iv, noPadding: false)
+        }
+
+        /// Decrypts data using AES-CBC.
+        ///
+        /// - Parameters:
+        ///   - ciphertext: The encrypted ciphertext.
+        ///   - key: A decryption key.
+        ///   - iv: The initialization vector.
+        ///   - noPadding: If this is set to `true`, padding won't be removed.
+        /// - Returns: The decrypted message.
+        public static func decrypt<Ciphertext: DataProtocol>(_ ciphertext: Ciphertext, using key: SymmetricKey, iv: AES._CBC.IV, noPadding: Bool) throws -> Data {
             guard [128, 192, 256].contains(key.bitCount) else {
                 throw CryptoKitError.incorrectKeySize
             }
@@ -103,7 +133,9 @@ extension AES {
                 ciphertext = ciphertext.dropFirst(Self.blockSize)
             }
 
-            try plaintext.trimPadding()
+            if !noPadding {
+                try plaintext.trimPadding()
+            }
             return plaintext
         }
     }