Add the SM4 block cipher, also a no-padding option for block ciphers.

This adds an implementation of the SM4 block cipher, and operations to encrypt and decrypt using it with CBC,ECB,CFB,OFB,CTR modes. Also, a "no padding" option is added for AES,DES,3DES and SM4 decryption in ECB/CBC modes. This variant does not attempt to validate the last block as being PKCS#7 padded. This is useful, both since other padding schemes exist, and also for decrypting data where the final block is missing.
2025-04-22 07:46:16 -04:00 · 2021-03-24 00:58:54 +01:00 · 2021-03-24 00:58:54 +01:00 · 6155634d3b
commit 6155634d3b
parent 5029356514
9 changed files with 821 additions and 7 deletions
--- a/src/core/operations/AESDecrypt.mjs
+++ b/src/core/operations/AESDecrypt.mjs
@ -22,7 +22,7 @@ class AESDecrypt extends Operation {

        this.name = "AES Decrypt";
        this.module = "Ciphers";
-        this.description = "Advanced Encryption Standard (AES) is a U.S. Federal Information Processing Standard (FIPS). It was selected after a 5-year process where 15 competing designs were evaluated.<br><br><b>Key:</b> The following algorithms will be used based on the size of the key:<ul><li>16 bytes = AES-128</li><li>24 bytes = AES-192</li><li>32 bytes = AES-256</li></ul><br><br><b>IV:</b> The Initialization Vector should be 16 bytes long. If not entered, it will default to 16 null bytes.<br><br><b>Padding:</b> In CBC and ECB mode, PKCS#7 padding will be used.<br><br><b>GCM Tag:</b> This field is ignored unless 'GCM' mode is used.";
+        this.description = "Advanced Encryption Standard (AES) is a U.S. Federal Information Processing Standard (FIPS). It was selected after a 5-year process where 15 competing designs were evaluated.<br><br><b>Key:</b> The following algorithms will be used based on the size of the key:<ul><li>16 bytes = AES-128</li><li>24 bytes = AES-192</li><li>32 bytes = AES-256</li></ul><br><br><b>IV:</b> The Initialization Vector should be 16 bytes long. If not entered, it will default to 16 null bytes.<br><br><b>Padding:</b> In CBC and ECB mode, PKCS#7 padding will be used as a default.<br><br><b>GCM Tag:</b> This field is ignored unless 'GCM' mode is used.";
        this.infoURL = "https://wikipedia.org/wiki/Advanced_Encryption_Standard";
        this.inputType = "string";
        this.outputType = "string";
@ -66,6 +66,14 @@ class AESDecrypt extends Operation {
                    {
                        name: "ECB",
                        off: [5, 6]
+                    },
+                    {
+                        name: "CBC/NoPadding",
+                        off: [5, 6]
+                    },
+                    {
+                        name: "ECB/NoPadding",
+                        off: [5, 6]
                    }
                ]
            },
@ -104,7 +112,7 @@ class AESDecrypt extends Operation {
    run(input, args) {
        const key = Utils.convertToByteString(args[0].string, args[0].option),
            iv = Utils.convertToByteString(args[1].string, args[1].option),
-            mode = args[2],
+            mode = args[2].substring(0, 3),
            inputType = args[3],
            outputType = args[4],
            gcmTag = Utils.convertToByteString(args[5].string, args[5].option),
@ -122,6 +130,12 @@ The following algorithms will be used based on the size of the key:
        input = Utils.convertToByteString(input, inputType);

        const decipher = forge.cipher.createDecipher("AES-" + mode, key);
+        /* Allow for a "no padding" mode */
+        if (args[2].endsWith("NoPadding")) {
+            decipher.mode.unpad = function(output, options) {
+                return true;
+            };
+        }
        decipher.start({
            iv: iv.length === 0 ? "" : iv,
            tag: mode === "GCM" ? gcmTag : undefined,
--- a/src/core/operations/DESDecrypt.mjs
+++ b/src/core/operations/DESDecrypt.mjs
@ -22,7 +22,7 @@ class DESDecrypt extends Operation {

        this.name = "DES Decrypt";
        this.module = "Ciphers";
-        this.description = "DES is a previously dominant algorithm for encryption, and was published as an official U.S. Federal Information Processing Standard (FIPS). It is now considered to be insecure due to its small key size.<br><br><b>Key:</b> DES uses a key length of 8 bytes (64 bits).<br>Triple DES uses a key length of 24 bytes (192 bits).<br><br><b>IV:</b> The Initialization Vector should be 8 bytes long. If not entered, it will default to 8 null bytes.<br><br><b>Padding:</b> In CBC and ECB mode, PKCS#7 padding will be used.";
+        this.description = "DES is a previously dominant algorithm for encryption, and was published as an official U.S. Federal Information Processing Standard (FIPS). It is now considered to be insecure due to its small key size.<br><br><b>Key:</b> DES uses a key length of 8 bytes (64 bits).<br>Triple DES uses a key length of 24 bytes (192 bits).<br><br><b>IV:</b> The Initialization Vector should be 8 bytes long. If not entered, it will default to 8 null bytes.<br><br><b>Padding:</b> In CBC and ECB mode, PKCS#7 padding will be used as a default.";
        this.infoURL = "https://wikipedia.org/wiki/Data_Encryption_Standard";
        this.inputType = "string";
        this.outputType = "string";
@ -42,7 +42,7 @@ class DESDecrypt extends Operation {
            {
                "name": "Mode",
                "type": "option",
-                "value": ["CBC", "CFB", "OFB", "CTR", "ECB"]
+                "value": ["CBC", "CFB", "OFB", "CTR", "ECB", "CBC/NoPadding", "ECB/NoPadding"]
            },
            {
                "name": "Input",
@ -65,7 +65,8 @@ class DESDecrypt extends Operation {
    run(input, args) {
        const key = Utils.convertToByteString(args[0].string, args[0].option),
            iv = Utils.convertToByteArray(args[1].string, args[1].option),
-            [,, mode, inputType, outputType] = args;
+            mode = args[2].substring(0, 3),
+            [,,, inputType, outputType] = args;

        if (key.length !== 8) {
            throw new OperationError(`Invalid key length: ${key.length} bytes
@ -83,6 +84,12 @@ Make sure you have specified the type correctly (e.g. Hex vs UTF8).`);
        input = Utils.convertToByteString(input, inputType);

        const decipher = forge.cipher.createDecipher("DES-" + mode, key);
+         /* Allow for a "no padding" mode */
+        if (args[2].endsWith("NoPadding")) {
+            decipher.mode.unpad = function(output, options) {
+                return true;
+            };
+        }
        decipher.start({iv: iv});
        decipher.update(forge.util.createBuffer(input));
        const result = decipher.finish();
--- a/src/core/operations/SM4Decrypt.mjs
+++ b/src/core/operations/SM4Decrypt.mjs
@ -0,0 +1,88 @@
+/**
+ * @author swesven
+ * @copyright 2021
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import Utils from "../Utils.mjs";
+import OperationError from "../errors/OperationError.mjs";
+import { toHex } from "../lib/Hex.mjs";
+import { decryptSM4 } from "../lib/SM4.mjs";
+
+/**
+ * SM4 Decrypt operation
+ */
+class SM4Decrypt extends Operation {
+
+    /**
+     * SM4Encrypt constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "SM4 Decrypt";
+        this.module = "Ciphers";
+        this.description = "SM4 is a 128-bit block cipher, currently established as a national standard (GB/T 32907-2016) of China.";
+        this.infoURL = "https://en.wikipedia.org/wiki/SM4_(cipher)";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Key",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+            },
+            {
+                "name": "IV",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+            },
+            {
+                "name": "Mode",
+                "type": "option",
+                "value": ["CBC", "CFB", "OFB", "CTR", "ECB", "CBC/NoPadding", "ECB/NoPadding"]
+            },
+            {
+                "name": "Input",
+                "type": "option",
+                "value": ["Raw", "Hex"]
+            },
+            {
+                "name": "Output",
+                "type": "option",
+                "value": ["Hex", "Raw"]
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const key = Utils.convertToByteArray(args[0].string, args[0].option),
+            iv = Utils.convertToByteArray(args[1].string, args[1].option),
+            [,, mode, inputType, outputType] = args;
+
+        if (key.length !== 16)
+            throw new OperationError(`Invalid key length: ${key.length} bytes
+
+SM4 uses a key length of 16 bytes (128 bits).`);
+        if (iv.length !== 16 && !mode.startsWith("ECB"))
+            throw new OperationError(`Invalid IV length: ${iv.length} bytes
+
+SM4 uses an IV length of 16 bytes (128 bits).
+Make sure you have specified the type correctly (e.g. Hex vs UTF8).`);
+
+        input = Utils.convertToByteArray(input, inputType);
+        const output = decryptSM4(input, key, iv, mode.substring(0, 3), mode.endsWith("NoPadding"));
+        return outputType === "Hex" ? toHex(output) : Utils.byteArrayToUtf8(output);
+    }
+
+}
+
+export default SM4Decrypt;
--- a/src/core/operations/SM4Encrypt.mjs
+++ b/src/core/operations/SM4Encrypt.mjs
@ -0,0 +1,88 @@
+/**
+ * @author swesven
+ * @copyright 2021
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import Utils from "../Utils.mjs";
+import OperationError from "../errors/OperationError.mjs";
+import { toHex } from "../lib/Hex.mjs";
+import { encryptSM4 } from "../lib/SM4.mjs";
+
+/**
+ * SM4 Encrypt operation
+ */
+class SM4Encrypt extends Operation {
+
+    /**
+     * SM4Encrypt constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "SM4 Encrypt";
+        this.module = "Ciphers";
+        this.description = "SM4 is a 128-bit block cipher, currently established as a national standard (GB/T 32907-2016) of China. Multiple block cipher modes are supported. When using CBC or ECB mode, the PKCS#7 padding scheme is used.";
+        this.infoURL = "https://en.wikipedia.org/wiki/SM4_(cipher)";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Key",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+            },
+            {
+                "name": "IV",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+            },
+            {
+                "name": "Mode",
+                "type": "option",
+                "value": ["CBC", "CFB", "OFB", "CTR", "ECB"]
+            },
+            {
+                "name": "Input",
+                "type": "option",
+                "value": ["Raw", "Hex"]
+            },
+            {
+                "name": "Output",
+                "type": "option",
+                "value": ["Hex", "Raw"]
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const key = Utils.convertToByteArray(args[0].string, args[0].option),
+            iv = Utils.convertToByteArray(args[1].string, args[1].option),
+            [,, mode, inputType, outputType] = args;
+
+        if (key.length !== 16)
+            throw new OperationError(`Invalid key length: ${key.length} bytes
+
+SM4 uses a key length of 16 bytes (128 bits).`);
+        if (iv.length !== 16 && !mode.startsWith("ECB"))
+            throw new OperationError(`Invalid IV length: ${iv.length} bytes
+
+SM4 uses an IV length of 16 bytes (128 bits).
+Make sure you have specified the type correctly (e.g. Hex vs UTF8).`);
+
+        input = Utils.convertToByteArray(input, inputType);
+        const output = encryptSM4(input, key, iv, mode.substring(0, 3), mode.endsWith("NoPadding"));
+        return outputType === "Hex" ? toHex(output) : Utils.byteArrayToUtf8(output);
+    }
+
+}
+
+export default SM4Encrypt;
--- a/src/core/operations/TripleDESDecrypt.mjs
+++ b/src/core/operations/TripleDESDecrypt.mjs
@ -42,7 +42,7 @@ class TripleDESDecrypt extends Operation {
            {
                "name": "Mode",
                "type": "option",
-                "value": ["CBC", "CFB", "OFB", "CTR", "ECB"]
+                "value": ["CBC", "CFB", "OFB", "CTR", "ECB", "CBC/NoPadding", "ECB/NoPadding"]
            },
            {
                "name": "Input",
@ -65,7 +65,7 @@ class TripleDESDecrypt extends Operation {
    run(input, args) {
        const key = Utils.convertToByteString(args[0].string, args[0].option),
            iv = Utils.convertToByteArray(args[1].string, args[1].option),
-            mode = args[2],
+            mode = args[2].substring(0, 3),
            inputType = args[3],
            outputType = args[4];

@ -85,6 +85,12 @@ Make sure you have specified the type correctly (e.g. Hex vs UTF8).`);
        input = Utils.convertToByteString(input, inputType);

        const decipher = forge.cipher.createDecipher("3DES-" + mode, key);
+        /* Allow for a "no padding" mode */
+        if (args[2].endsWith("NoPadding")) {
+            decipher.mode.unpad = function(output, options) {
+                return true;
+            };
+        }
        decipher.start({iv: iv});
        decipher.update(forge.util.createBuffer(input));
        const result = decipher.finish();