src: remove redundant AESCipherMode

For each supported variant of AES, we already have OpenSSL's associated
NID, so we can simply retrieve the block cipher mode of operation from
the NID.

PR-URL: #54438
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>

Author: tniessen

src/crypto/crypto_aes.cc

@@ -476,12 +476,9 @@ Maybe<bool> AESCipherTraits::AdditionalConfig(
   params->variant =
       static_cast<AESKeyVariant>(args[offset].As<Uint32>()->Value());
 
-  AESCipherMode cipher_op_mode;
   int cipher_nid;
-
-#define V(name, _, mode, nid)                                                  \
+#define V(name, _, nid)                                                        \
   case kKeyVariantAES_##name: {                                                \
-    cipher_op_mode = mode;                                                     \
     cipher_nid = nid;                                                          \
     break;                                                                     \
   }
@@ -492,15 +489,22 @@ Maybe<bool> AESCipherTraits::AdditionalConfig(
   }
 #undef V
 
-  if (cipher_op_mode != AESCipherMode::KW) {
+  params->cipher = EVP_get_cipherbynid(cipher_nid);
+  if (params->cipher == nullptr) {
+    THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env);
+    return Nothing<bool>();
+  }
+
+  int cipher_op_mode = EVP_CIPHER_mode(params->cipher);
+  if (cipher_op_mode != EVP_CIPH_WRAP_MODE) {
     if (!ValidateIV(env, mode, args[offset + 1], params)) {
       return Nothing<bool>();
     }
-    if (cipher_op_mode == AESCipherMode::CTR) {
+    if (cipher_op_mode == EVP_CIPH_CTR_MODE) {
       if (!ValidateCounter(env, args[offset + 2], params)) {
         return Nothing<bool>();
       }
-    } else if (cipher_op_mode == AESCipherMode::GCM) {
+    } else if (cipher_op_mode == EVP_CIPH_GCM_MODE) {
       if (!ValidateAuthTag(env, mode, cipher_mode, args[offset + 2], params) ||
           !ValidateAdditionalData(env, mode, args[offset + 3], params)) {
         return Nothing<bool>();
@@ -510,12 +514,6 @@ Maybe<bool> AESCipherTraits::AdditionalConfig(
     UseDefaultIV(params);
   }
 
-  params->cipher = EVP_get_cipherbynid(cipher_nid);
-  if (params->cipher == nullptr) {
-    THROW_ERR_CRYPTO_UNKNOWN_CIPHER(env);
-    return Nothing<bool>();
-  }
-
   if (params->iv.size() <
       static_cast<size_t>(EVP_CIPHER_iv_length(params->cipher))) {
     THROW_ERR_CRYPTO_INVALID_IV(env);
@@ -532,7 +530,7 @@ WebCryptoCipherStatus AESCipherTraits::DoCipher(
     const AESCipherConfig& params,
     const ByteSource& in,
     ByteSource* out) {
-#define V(name, fn, _, __)                                                     \
+#define V(name, fn, _)                                                         \
   case kKeyVariantAES_##name:                                                  \
     return fn(env, key_data.get(), cipher_mode, params, in, out);
   switch (params.variant) {
@@ -546,7 +544,7 @@ WebCryptoCipherStatus AESCipherTraits::DoCipher(
 void AES::Initialize(Environment* env, Local<Object> target) {
   AESCryptoJob::Initialize(env, target);
 
-#define V(name, _, __, ___) NODE_DEFINE_CONSTANT(target, kKeyVariantAES_##name);
+#define V(name, _, __) NODE_DEFINE_CONSTANT(target, kKeyVariantAES_##name);
   VARIANTS(V)
 #undef V
 }

src/crypto/crypto_aes.h

@@ -15,29 +15,22 @@ constexpr size_t kAesBlockSize = 16;
 constexpr unsigned kNoAuthTagLength = static_cast<unsigned>(-1);
 constexpr const char* kDefaultWrapIV = "\xa6\xa6\xa6\xa6\xa6\xa6\xa6\xa6";
 
-enum class AESCipherMode {
-  CTR,
-  CBC,
-  GCM,
-  KW,
-};
-
 #define VARIANTS(V)                                                            \
-  V(CTR_128, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_128_ctr)              \
-  V(CTR_192, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_192_ctr)              \
-  V(CTR_256, AES_CTR_Cipher, AESCipherMode::CTR, NID_aes_256_ctr)              \
-  V(CBC_128, AES_Cipher, AESCipherMode::CBC, NID_aes_128_cbc)                  \
-  V(CBC_192, AES_Cipher, AESCipherMode::CBC, NID_aes_192_cbc)                  \
-  V(CBC_256, AES_Cipher, AESCipherMode::CBC, NID_aes_256_cbc)                  \
-  V(GCM_128, AES_Cipher, AESCipherMode::GCM, NID_aes_128_gcm)                  \
-  V(GCM_192, AES_Cipher, AESCipherMode::GCM, NID_aes_192_gcm)                  \
-  V(GCM_256, AES_Cipher, AESCipherMode::GCM, NID_aes_256_gcm)                  \
-  V(KW_128, AES_Cipher, AESCipherMode::KW, NID_id_aes128_wrap)                 \
-  V(KW_192, AES_Cipher, AESCipherMode::KW, NID_id_aes192_wrap)                 \
-  V(KW_256, AES_Cipher, AESCipherMode::KW, NID_id_aes256_wrap)
+  V(CTR_128, AES_CTR_Cipher, NID_aes_128_ctr)                                  \
+  V(CTR_192, AES_CTR_Cipher, NID_aes_192_ctr)                                  \
+  V(CTR_256, AES_CTR_Cipher, NID_aes_256_ctr)                                  \
+  V(CBC_128, AES_Cipher, NID_aes_128_cbc)                                      \
+  V(CBC_192, AES_Cipher, NID_aes_192_cbc)                                      \
+  V(CBC_256, AES_Cipher, NID_aes_256_cbc)                                      \
+  V(GCM_128, AES_Cipher, NID_aes_128_gcm)                                      \
+  V(GCM_192, AES_Cipher, NID_aes_192_gcm)                                      \
+  V(GCM_256, AES_Cipher, NID_aes_256_gcm)                                      \
+  V(KW_128, AES_Cipher, NID_id_aes128_wrap)                                    \
+  V(KW_192, AES_Cipher, NID_id_aes192_wrap)                                    \
+  V(KW_256, AES_Cipher, NID_id_aes256_wrap)
 
 enum AESKeyVariant {
-#define V(name, _, __, ___) kKeyVariantAES_##name,
+#define V(name, _, __) kKeyVariantAES_##name,
   VARIANTS(V)
 #undef V
 };