add new operations: AES Key Wrap/Unwrap With Padding

src/core/operations/AESKeyWrapWithPadding.mjs

@@ -0,0 +1,101 @@
+/**
+ * @author aosterhage [aaron.osterhage@gmail.com]
+ * @copyright Crown Copyright 2025
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
+import Utils from "../Utils.mjs";
+import forge from "node-forge";
+import { aesKeyWrap } from "../lib/AESKeyWrap.mjs";
+import { toHexFast } from "../lib/Hex.mjs";
+
+/**
+ * AES Key Wrap With Padding operation
+ */
+class AESKeyWrapWithPadding extends Operation {
+
+    /**
+     * AESKeyWrapWithPadding constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "AES Key Wrap With Padding";
+        this.module = "Ciphers";
+        this.description = "A key wrapping algorithm defined in RFC 3394 combined with a padding convention defined in RFC 5649.<br><br>The padding convention defined in RFC 5649 eliminates the requirement that the length of the key to be wrapped be a multiple of 64 bits, allowing a key of any practical length to be wrapped.";
+        this.infoURL = "https://wikipedia.org/wiki/Key_wrap";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Key (KEK)",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+            },
+            {
+                "name": "Input",
+                "type": "option",
+                "value": ["Hex", "Raw"]
+            },
+            {
+                "name": "Output",
+                "type": "option",
+                "value": ["Hex", "Raw"]
+            },
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const kek = Utils.convertToByteString(args[0].string, args[0].option),
+            inputType = args[1],
+            outputType = args[2];
+
+        if (kek.length !== 16 && kek.length !== 24 && kek.length !== 32) {
+            throw new OperationError("KEK must be either 16, 24, or 32 bytes (currently " + kek.length + " bytes)");
+        }
+
+        input = Utils.convertToByteString(input, inputType);
+        if (input.length <= 0) {
+            throw new OperationError("input must be > 0 bytes");
+        }
+
+        // Construct the "Alternative Initial Value" (AIV).
+        const aiv = "\xa6\x59\x59\xa6" + Utils.byteArrayToChars(Utils.intToByteArray(input.length, 4, "big"));;
+
+        // Pad the input as needed.
+        const isMultipleOf8 = (input.length % 8) === 0;
+        const paddedLength = input.length + (isMultipleOf8 ? 0 : (8 - (input.length % 8)));
+        input = input.padEnd(paddedLength, "\0");
+
+        let output;
+
+        if (paddedLength === 8) {
+            // Special case where the padded input is one 64-bit block.
+
+            // Get the cipher ready and disable PKCS#7 padding.
+            const cipher = forge.cipher.createCipher("AES-ECB", kek);
+            cipher.mode.pad = false;
+
+            cipher.start();
+            cipher.update(forge.util.createBuffer(aiv + input));
+            cipher.finish();
+            output = cipher.output.getBytes();
+        } else {
+            // Otherwise, follow the wrapping process from RFC 3394 (AESKeyWrap operation).
+            output = aesKeyWrap(input, kek, aiv);
+        }
+
+        return outputType === "Hex" ? toHexFast(Utils.strToArrayBuffer(output)) : output;
+    }
+
+}
+
+export default AESKeyWrapWithPadding;