add support for decrypting AES-ECB mode (#6476)

2025-12-19 17:53:39 +00:00 · 2023-10-04 16:58:47 -04:00
parent 7a32837bc7
commit 9212751553
7 changed files with 120 additions and 28 deletions
--- a/libs/common/src/platform/services/web-crypto-function.service.ts
+++ b/libs/common/src/platform/services/web-crypto-function.service.ts
@@ -273,17 +273,37 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
    return p;
  }

-  aesDecryptFast(parameters: DecryptParameters<string>): Promise<string> {
-    const dataBuffer = forge.util.createBuffer(parameters.data);
-    const decipher = forge.cipher.createDecipher("AES-CBC", parameters.encKey);
-    decipher.start({ iv: parameters.iv });
+  aesDecryptFast(parameters: DecryptParameters<string>, mode: "cbc" | "ecb"): Promise<string> {
+    const decipher = (forge as any).cipher.createDecipher(
+      this.toWebCryptoAesMode(mode),
+      parameters.encKey
+    );
+    const options = {} as any;
+    if (mode === "cbc") {
+      options.iv = parameters.iv;
+    }
+    const dataBuffer = (forge as any).util.createBuffer(parameters.data);
+    decipher.start(options);
    decipher.update(dataBuffer);
    decipher.finish();
    const val = decipher.output.toString();
    return Promise.resolve(val);
  }

-  async aesDecrypt(data: Uint8Array, iv: Uint8Array, key: Uint8Array): Promise<Uint8Array> {
+  async aesDecrypt(
+    data: Uint8Array,
+    iv: Uint8Array,
+    key: Uint8Array,
+    mode: "cbc" | "ecb"
+  ): Promise<Uint8Array> {
+    if (mode === "ecb") {
+      // Web crypto does not support AES-ECB mode, so we need to do this in forge.
+      const params = new DecryptParameters<string>();
+      params.data = this.toByteString(data);
+      params.encKey = this.toByteString(key);
+      const result = await this.aesDecryptFast(params, "ecb");
+      return Utils.fromByteStringToArray(result);
+    }
    const impKey = await this.subtle.importKey("raw", key, { name: "AES-CBC" } as any, false, [
      "decrypt",
    ]);
@@ -411,6 +431,10 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
    return algorithm === "sha1" ? "SHA-1" : algorithm === "sha256" ? "SHA-256" : "SHA-512";
  }

+  private toWebCryptoAesMode(mode: "cbc" | "ecb"): string {
+    return mode === "cbc" ? "AES-CBC" : "AES-ECB";
+  }
+
  // ref: https://stackoverflow.com/a/47880734/1090359
  private checkIfWasmSupported(): boolean {
    try {