1use crate::compiler::prelude::*;
2use aes::cipher::{
3 AsyncStreamCipher, BlockEncryptMut, KeyIvInit, StreamCipher,
4 block_padding::{AnsiX923, Iso7816, Iso10126, Pkcs7},
5 generic_array::GenericArray,
6};
7use aes_siv::{Aes128SivAead, Aes256SivAead};
8use cfb_mode::Encryptor as Cfb;
9use chacha20poly1305::{ChaCha20Poly1305, KeyInit, XChaCha20Poly1305, aead::Aead};
10use crypto_secretbox::XSalsa20Poly1305;
11use ctr::{Ctr64BE, Ctr64LE};
12use ofb::Ofb;
13
14type Aes128Cbc = cbc::Encryptor<aes::Aes128>;
15type Aes192Cbc = cbc::Encryptor<aes::Aes192>;
16type Aes256Cbc = cbc::Encryptor<aes::Aes256>;
17
18pub(crate) fn get_key_bytes<const N: usize>(key: Value) -> ExpressionResult<[u8; N]> {
19 let bytes = key.try_bytes()?;
20 if bytes.len() != N {
21 return Err(format!(
22 "Invalid key size. Expected {} bytes. Found {} bytes",
23 N,
24 bytes.len()
25 )
26 .into());
27 }
28
29 Ok(bytes.as_ref().try_into().unwrap())
31}
32
33pub(crate) fn get_iv_bytes<const N: usize>(iv: Value) -> ExpressionResult<[u8; N]> {
34 let bytes = iv.try_bytes()?;
35 if bytes.len() != N {
36 return Err(format!(
37 "Invalid iv size. Expected {} bytes. Found {} bytes",
38 N,
39 bytes.len()
40 )
41 .into());
42 }
43
44 Ok(bytes.as_ref().try_into().unwrap())
46}
47
48macro_rules! encrypt {
49 ($algorithm:ty, $plaintext:expr_2021, $key:expr_2021, $iv:expr_2021) => {{
50 let mut buffer = vec![0; $plaintext.len()];
51 <$algorithm>::new(
52 &GenericArray::from(get_key_bytes($key)?),
53 &GenericArray::from(get_iv_bytes($iv)?),
54 )
55 .encrypt_b2b($plaintext.as_ref(), buffer.as_mut())
56 .expect("key/iv sizes were already checked");
57 buffer
58 }};
59}
60
61macro_rules! encrypt_padded {
62 ($algorithm:ty, $padding:ty, $plaintext:expr_2021, $key:expr_2021, $iv:expr_2021) => {{
63 <$algorithm>::new(
64 &GenericArray::from(get_key_bytes($key)?),
65 &GenericArray::from(get_iv_bytes($iv)?),
66 )
67 .encrypt_padded_vec_mut::<$padding>($plaintext.as_ref())
68 }};
69}
70
71macro_rules! encrypt_keystream {
72 ($algorithm:ty, $plaintext:expr_2021, $key:expr_2021, $iv:expr_2021) => {{
73 let mut buffer = vec![0; $plaintext.len()];
74 <$algorithm>::new(
75 &GenericArray::from(get_key_bytes($key)?),
76 &GenericArray::from(get_iv_bytes($iv)?),
77 )
78 .apply_keystream_b2b($plaintext.as_ref(), buffer.as_mut())
79 .expect("key/iv sizes were already checked");
80 buffer
81 }};
82}
83
84macro_rules! encrypt_stream {
85 ($algorithm:ty, $plaintext:expr_2021, $key:expr_2021, $iv:expr_2021) => {{
86 <$algorithm>::new(&GenericArray::from(get_key_bytes($key)?))
87 .encrypt(&GenericArray::from(get_iv_bytes($iv)?), $plaintext.as_ref())
88 .expect("key/iv sizes were already checked")
89 }};
90}
91
92pub(crate) fn is_valid_algorithm(algorithm: &str) -> bool {
93 matches!(
94 algorithm,
95 "AES-256-CFB"
96 | "AES-192-CFB"
97 | "AES-128-CFB"
98 | "AES-256-OFB"
99 | "AES-192-OFB"
100 | "AES-128-OFB"
101 | "AES-256-CTR"
102 | "AES-192-CTR"
103 | "AES-128-CTR"
104 | "AES-256-CTR-LE"
105 | "AES-192-CTR-LE"
106 | "AES-128-CTR-LE"
107 | "AES-256-CTR-BE"
108 | "AES-192-CTR-BE"
109 | "AES-128-CTR-BE"
110 | "AES-256-CBC-PKCS7"
111 | "AES-192-CBC-PKCS7"
112 | "AES-128-CBC-PKCS7"
113 | "AES-256-CBC-ANSIX923"
114 | "AES-192-CBC-ANSIX923"
115 | "AES-128-CBC-ANSIX923"
116 | "AES-256-CBC-ISO7816"
117 | "AES-192-CBC-ISO7816"
118 | "AES-128-CBC-ISO7816"
119 | "AES-256-CBC-ISO10126"
120 | "AES-192-CBC-ISO10126"
121 | "AES-128-CBC-ISO10126"
122 | "AES-128-SIV"
123 | "AES-256-SIV"
124 | "CHACHA20-POLY1305"
125 | "XCHACHA20-POLY1305"
126 | "XSALSA20-POLY1305"
127 )
128}
129
130fn encrypt(plaintext: Value, algorithm: &str, key: Value, iv: Value) -> Resolved {
131 let plaintext = plaintext.try_bytes()?;
132 let ciphertext = match algorithm {
133 "AES-256-CFB" => encrypt!(Cfb::<aes::Aes256>, plaintext, key, iv),
134 "AES-192-CFB" => encrypt!(Cfb::<aes::Aes192>, plaintext, key, iv),
135 "AES-128-CFB" => encrypt!(Cfb::<aes::Aes128>, plaintext, key, iv),
136 "AES-256-OFB" => encrypt_keystream!(Ofb::<aes::Aes256>, plaintext, key, iv),
137 "AES-192-OFB" => encrypt_keystream!(Ofb::<aes::Aes192>, plaintext, key, iv),
138 "AES-128-OFB" => encrypt_keystream!(Ofb::<aes::Aes128>, plaintext, key, iv),
139 "AES-256-CTR" | "AES-256-CTR-LE" => {
140 encrypt_keystream!(Ctr64LE::<aes::Aes256>, plaintext, key, iv)
141 }
142 "AES-192-CTR" | "AES-192-CTR-LE" => {
143 encrypt_keystream!(Ctr64LE::<aes::Aes192>, plaintext, key, iv)
144 }
145 "AES-128-CTR" | "AES-128-CTR-LE" => {
146 encrypt_keystream!(Ctr64LE::<aes::Aes128>, plaintext, key, iv)
147 }
148 "AES-256-CTR-BE" => encrypt_keystream!(Ctr64BE::<aes::Aes256>, plaintext, key, iv),
149 "AES-192-CTR-BE" => encrypt_keystream!(Ctr64BE::<aes::Aes192>, plaintext, key, iv),
150 "AES-128-CTR-BE" => encrypt_keystream!(Ctr64BE::<aes::Aes128>, plaintext, key, iv),
151 "AES-256-CBC-PKCS7" => encrypt_padded!(Aes256Cbc, Pkcs7, plaintext, key, iv),
152 "AES-192-CBC-PKCS7" => encrypt_padded!(Aes192Cbc, Pkcs7, plaintext, key, iv),
153 "AES-128-CBC-PKCS7" => encrypt_padded!(Aes128Cbc, Pkcs7, plaintext, key, iv),
154 "AES-256-CBC-ANSIX923" => encrypt_padded!(Aes256Cbc, AnsiX923, plaintext, key, iv),
155 "AES-192-CBC-ANSIX923" => encrypt_padded!(Aes192Cbc, AnsiX923, plaintext, key, iv),
156 "AES-128-CBC-ANSIX923" => encrypt_padded!(Aes128Cbc, AnsiX923, plaintext, key, iv),
157 "AES-256-CBC-ISO7816" => encrypt_padded!(Aes256Cbc, Iso7816, plaintext, key, iv),
158 "AES-192-CBC-ISO7816" => encrypt_padded!(Aes192Cbc, Iso7816, plaintext, key, iv),
159 "AES-128-CBC-ISO7816" => encrypt_padded!(Aes128Cbc, Iso7816, plaintext, key, iv),
160 "AES-256-CBC-ISO10126" => encrypt_padded!(Aes256Cbc, Iso10126, plaintext, key, iv),
161 "AES-192-CBC-ISO10126" => encrypt_padded!(Aes192Cbc, Iso10126, plaintext, key, iv),
162 "AES-128-CBC-ISO10126" => encrypt_padded!(Aes128Cbc, Iso10126, plaintext, key, iv),
163 "AES-128-SIV" => encrypt_stream!(Aes128SivAead, plaintext, key, iv),
164 "AES-256-SIV" => encrypt_stream!(Aes256SivAead, plaintext, key, iv),
165 "CHACHA20-POLY1305" => encrypt_stream!(ChaCha20Poly1305, plaintext, key, iv),
166 "XCHACHA20-POLY1305" => encrypt_stream!(XChaCha20Poly1305, plaintext, key, iv),
167 "XSALSA20-POLY1305" => encrypt_stream!(XSalsa20Poly1305, plaintext, key, iv),
168 other => return Err(format!("Invalid algorithm: {other}").into()),
169 };
170
171 Ok(Value::Bytes(Bytes::from(ciphertext)))
172}
173
174#[derive(Clone, Copy, Debug)]
175pub struct Encrypt;
176
177impl Function for Encrypt {
178 fn identifier(&self) -> &'static str {
179 "encrypt"
180 }
181
182 fn usage(&self) -> &'static str {
183 indoc! {"
184 Encrypts a string with a symmetric encryption algorithm.
185
186 Supported Algorithms:
187
188 * AES-256-CFB (key = 32 bytes, iv = 16 bytes)
189 * AES-192-CFB (key = 24 bytes, iv = 16 bytes)
190 * AES-128-CFB (key = 16 bytes, iv = 16 bytes)
191 * AES-256-OFB (key = 32 bytes, iv = 16 bytes)
192 * AES-192-OFB (key = 24 bytes, iv = 16 bytes)
193 * AES-128-OFB (key = 16 bytes, iv = 16 bytes)
194 * AES-128-SIV (key = 32 bytes, iv = 16 bytes)
195 * AES-256-SIV (key = 64 bytes, iv = 16 bytes)
196 * Deprecated - AES-256-CTR (key = 32 bytes, iv = 16 bytes)
197 * Deprecated - AES-192-CTR (key = 24 bytes, iv = 16 bytes)
198 * Deprecated - AES-128-CTR (key = 16 bytes, iv = 16 bytes)
199 * AES-256-CTR-LE (key = 32 bytes, iv = 16 bytes)
200 * AES-192-CTR-LE (key = 24 bytes, iv = 16 bytes)
201 * AES-128-CTR-LE (key = 16 bytes, iv = 16 bytes)
202 * AES-256-CTR-BE (key = 32 bytes, iv = 16 bytes)
203 * AES-192-CTR-BE (key = 24 bytes, iv = 16 bytes)
204 * AES-128-CTR-BE (key = 16 bytes, iv = 16 bytes)
205 * AES-256-CBC-PKCS7 (key = 32 bytes, iv = 16 bytes)
206 * AES-192-CBC-PKCS7 (key = 24 bytes, iv = 16 bytes)
207 * AES-128-CBC-PKCS7 (key = 16 bytes, iv = 16 bytes)
208 * AES-256-CBC-ANSIX923 (key = 32 bytes, iv = 16 bytes)
209 * AES-192-CBC-ANSIX923 (key = 24 bytes, iv = 16 bytes)
210 * AES-128-CBC-ANSIX923 (key = 16 bytes, iv = 16 bytes)
211 * AES-256-CBC-ISO7816 (key = 32 bytes, iv = 16 bytes)
212 * AES-192-CBC-ISO7816 (key = 24 bytes, iv = 16 bytes)
213 * AES-128-CBC-ISO7816 (key = 16 bytes, iv = 16 bytes)
214 * AES-256-CBC-ISO10126 (key = 32 bytes, iv = 16 bytes)
215 * AES-192-CBC-ISO10126 (key = 24 bytes, iv = 16 bytes)
216 * AES-128-CBC-ISO10126 (key = 16 bytes, iv = 16 bytes)
217 * CHACHA20-POLY1305 (key = 32 bytes, iv = 12 bytes)
218 * XCHACHA20-POLY1305 (key = 32 bytes, iv = 24 bytes)
219 * XSALSA20-POLY1305 (key = 32 bytes, iv = 24 bytes)
220 "}
221 }
222
223 fn category(&self) -> &'static str {
224 Category::Cryptography.as_ref()
225 }
226
227 fn internal_failure_reasons(&self) -> &'static [&'static str] {
228 &[
229 "`algorithm` is not a supported algorithm.",
230 "`key` length does not match the key size required for the algorithm specified.",
231 "`iv` length does not match the `iv` size required for the algorithm specified.",
232 ]
233 }
234
235 fn return_kind(&self) -> u16 {
236 kind::BYTES
237 }
238
239 fn parameters(&self) -> &'static [Parameter] {
240 const PARAMETERS: &[Parameter] = &[
241 Parameter::required("plaintext", kind::BYTES, "The string to encrypt."),
242 Parameter::required("algorithm", kind::BYTES, "The algorithm to use."),
243 Parameter::required("key", kind::BYTES, "The key in raw bytes (not encoded) for encryption. The length must match the algorithm requested."),
244 Parameter::required("iv", kind::BYTES, "The IV in raw bytes (not encoded) for encryption. The length must match the algorithm requested.
245A new IV should be generated for every message. You can use `random_bytes` to generate a cryptographically secure random value."),
246 ];
247 PARAMETERS
248 }
249
250 fn examples(&self) -> &'static [Example] {
251 &[
252 example! {
253 title: "Encrypt value using AES-256-CFB",
254 source: indoc! {r#"
255 iv = "0123456789012345" # typically you would call random_bytes(16)
256 key = "01234567890123456789012345678912"
257 encrypted_message = encrypt!("data", "AES-256-CFB", key: key, iv: iv)
258 encode_base64(encrypted_message)
259 "#},
260 result: Ok("c/dIOA=="),
261 },
262 example! {
263 title: "Encrypt value using AES-128-CBC-PKCS7",
264 source: indoc! {r#"
265 iv = "1234567890123456" # typically you would call random_bytes(16)
266 key = "16_byte_keyxxxxx"
267 encrypted_message = encrypt!("super secret message", "AES-128-CBC-PKCS7", key: key, iv: iv)
268 encode_base64(encrypted_message)
269 "#},
270 result: Ok("GBw8Mu00v0Kc38+/PvsVtGgWuUJ+ZNLgF8Opy8ohIYE="),
271 },
272 ]
273 }
274
275 fn compile(
276 &self,
277 state: &state::TypeState,
278 _ctx: &mut FunctionCompileContext,
279 arguments: ArgumentList,
280 ) -> Compiled {
281 let plaintext = arguments.required("plaintext");
282 let algorithm = arguments.required("algorithm");
283 let key = arguments.required("key");
284 let iv = arguments.required("iv");
285
286 if let Some(algorithm) = algorithm.resolve_constant(state) {
287 let algorithm_str = algorithm
288 .try_bytes_utf8_lossy()
289 .expect("already checked type")
290 .as_ref()
291 .to_uppercase();
292 if !is_valid_algorithm(&algorithm_str) {
293 return Err(function::Error::InvalidArgument {
294 keyword: "algorithm",
295 value: algorithm,
296 error: "Invalid algorithm",
297 }
298 .into());
299 }
300 }
301
302 Ok(EncryptFn {
303 plaintext,
304 algorithm,
305 key,
306 iv,
307 }
308 .as_expr())
309 }
310}
311
312#[derive(Debug, Clone)]
313struct EncryptFn {
314 plaintext: Box<dyn Expression>,
315 algorithm: Box<dyn Expression>,
316 key: Box<dyn Expression>,
317 iv: Box<dyn Expression>,
318}
319
320impl FunctionExpression for EncryptFn {
321 fn resolve(&self, ctx: &mut Context) -> Resolved {
322 let plaintext = self.plaintext.resolve(ctx)?;
323 let algorithm = self.algorithm.resolve(ctx)?;
324 let key = self.key.resolve(ctx)?;
325 let iv = self.iv.resolve(ctx)?;
326
327 let algorithm = algorithm.try_bytes_utf8_lossy()?.as_ref().to_uppercase();
328 encrypt(plaintext, algorithm.as_str(), key, iv)
329 }
330
331 fn type_def(&self, _state: &state::TypeState) -> TypeDef {
332 TypeDef::bytes().fallible()
333 }
334}
335
336#[cfg(test)]
337mod tests {
338 use super::*;
339 use crate::value;
340
341 test_function![
342 encrypt => Encrypt;
343
344 aes_256_cfb {
345 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-256-CFB", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
346 want: Ok(value!(b"\xd13\x92\x81\x9a^\x0e=<\x88\xdc\xe7/:]\x90\x08S\x84q")),
347 tdef: TypeDef::bytes().fallible(),
348 }
349
350 aes_192_cfb {
351 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-192-CFB", key: "24_bytes_xxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
352 want: Ok(value!(b"U\xbd6\xdbZ\xbfa}&8\xebog\x19\x99xE\xffL\xf1")),
353 tdef: TypeDef::bytes().fallible(),
354 }
355
356 aes_128_cfb {
357 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-128-CFB", key: "16_bytes_xxxxxxx", iv: "16_bytes_xxxxxxx"],
358 want: Ok(value!(b"\xfd\xf9\xef\x1f@e\xef\xd0Z\xc3\x0c'\xad]\x0e\xd2\x0bZK4")),
359 tdef: TypeDef::bytes().fallible(),
360 }
361 aes_256_ofb {
362 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-256-OFB", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
363 want: Ok(value!(b"\xd13\x92\x81\x9a^\x0e=<\x88\xdc\xe7/:]\x90\xfe(\x89k")),
364 tdef: TypeDef::bytes().fallible(),
365 }
366
367 aes_192_ofb {
368 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-192-OFB", key: "24_bytes_xxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
369 want: Ok(value!(b"U\xbd6\xdbZ\xbfa}&8\xebog\x19\x99x\xe4\xf4J\x1f")),
370 tdef: TypeDef::bytes().fallible(),
371 }
372
373 aes_128_ofb {
374 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-128-OFB", key: "16_bytes_xxxxxxx", iv: "16_bytes_xxxxxxx"],
375 want: Ok(value!(b"\xfd\xf9\xef\x1f@e\xef\xd0Z\xc3\x0c'\xad]\x0e\xd2Qi\xe9\xf4")),
376 tdef: TypeDef::bytes().fallible(),
377 }
378
379 aes_256_ctr_le {
380 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-256-CTR-LE", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
381 want: Ok(value!(b"\xd13\x92\x81\x9a^\x0e=<\x88\xdc\xe7/:]\x90\x9a\x99\xa7\xb6")),
382 tdef: TypeDef::bytes().fallible(),
383 }
384
385 aes_192_ctr_le {
386 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-192-CTR-LE", key: "24_bytes_xxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
387 want: Ok(value!(b"U\xbd6\xdbZ\xbfa}&8\xebog\x19\x99x\x88\xb69n")),
388 tdef: TypeDef::bytes().fallible(),
389 }
390
391 aes_128_ctr_le {
392 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-128-CTR-LE", key: "16_bytes_xxxxxxx", iv: "16_bytes_xxxxxxx"],
393 want: Ok(value!(b"\xfd\xf9\xef\x1f@e\xef\xd0Z\xc3\x0c'\xad]\x0e\xd2v\x04\x05\xee")),
394 tdef: TypeDef::bytes().fallible(),
395 }
396
397 aes_256_ctr_be {
398 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-256-CTR-BE", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
399 want: Ok(value!(b"\xd13\x92\x81\x9a^\x0e=<\x88\xdc\xe7/:]\x90k\xea\x1c\t")),
400 tdef: TypeDef::bytes().fallible(),
401 }
402
403 aes_192_ctr_be {
404 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-192-CTR-BE", key: "24_bytes_xxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
405 want: Ok(value!(b"U\xbd6\xdbZ\xbfa}&8\xebog\x19\x99x\x8a\xb3C\xfd")),
406 tdef: TypeDef::bytes().fallible(),
407 }
408
409 aes_128_ctr_be {
410 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-128-CTR-BE", key: "16_bytes_xxxxxxx", iv: "16_bytes_xxxxxxx"],
411 want: Ok(value!(b"\xfd\xf9\xef\x1f@e\xef\xd0Z\xc3\x0c'\xad]\x0e\xd2\xae\x15v\xab")),
412 tdef: TypeDef::bytes().fallible(),
413 }
414
415 aes_256_cbc_pkcs7 {
416 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-256-CBC-PKCS7", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
417 want: Ok(value!(b"\x80-9O\x1c\xf1,R\x02\xa0\x0e\x17G\xd8B\xf4\xf9q\xf3\x0c\xcaK\x03h\xbc\xb2\xe8vU\x12\x10\xb3")),
418 tdef: TypeDef::bytes().fallible(),
419 }
420
421 aes_192_cbc_pkcs7 {
422 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-192-CBC-PKCS7", key: "24_bytes_xxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
423 want: Ok(value!(b"\xfaG\x97OVj\xd4\xf5\x80\x1c\x9f}\xac,:t\xfb\xca\xe5\xf1\x8c\x08\xed\\\xf5\xff\xef\xf8\xe9\n\x9c*")),
424 tdef: TypeDef::bytes().fallible(),
425 }
426
427 aes_128_cbc_pkcs7 {
428 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-128-CBC-PKCS7", key: "16_bytes_xxxxxxx", iv: "16_bytes_xxxxxxx"],
429 want: Ok(value!(b"\x94R\xb5\xfeE\xd9)N1\xd3\xfe\xe66E\x05\x9ch\xae\xf6\x82\rD\xfdH\xd3T8n\xa7\xec\x98W")),
430 tdef: TypeDef::bytes().fallible(),
431 }
432
433 aes_256_cbc_ansix923 {
434 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-256-CBC-ANSIX923", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
435 want: Ok(value!(b"\x80-9O\x1c\xf1,R\x02\xa0\x0e\x17G\xd8B\xf4\xd9vj\x15\n&\x92\xea\xee\x03 \xeb\x9e\x8f\x97\x90")),
436 tdef: TypeDef::bytes().fallible(),
437 }
438
439 aes_192_cbc_ansix923 {
440 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-192-CBC-ANSIX923", key: "24_bytes_xxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
441 want: Ok(value!(b"\xfaG\x97OVj\xd4\xf5\x80\x1c\x9f}\xac,:t\xbc\xaf\xbd\xdf0\x10\xdc\xe7\x10Lk\xe4\x03;\xa2\xf5")),
442 tdef: TypeDef::bytes().fallible(),
443 }
444
445 aes_128_cbc_ansix923 {
446 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-128-CBC-ANSIX923", key: "16_bytes_xxxxxxx", iv: "16_bytes_xxxxxxx"],
447 want: Ok(value!(b"\x94R\xb5\xfeE\xd9)N1\xd3\xfe\xe66E\x05\x9cEnq\x0f9\x02\xfe/T\x0f\xc5\x18r\x95\"\xe3")),
448 tdef: TypeDef::bytes().fallible(),
449 }
450
451 aes_256_cbc_iso7816 {
452 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-256-CBC-ISO7816", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
453 want: Ok(value!(b"\x80-9O\x1c\xf1,R\x02\xa0\x0e\x17G\xd8B\xf4\x84\x12\xeb\xe6i\xef\xbcN\xe85\\HnV\xb2\x92")),
454 tdef: TypeDef::bytes().fallible(),
455 }
456
457 aes_192_cbc_iso7816 {
458 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-192-CBC-ISO7816", key: "24_bytes_xxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
459 want: Ok(value!(b"\xfaG\x97OVj\xd4\xf5\x80\x1c\x9f}\xac,:t%lnCr;N\xbcq\xfeE\xb4\x83a \x9b")),
460 tdef: TypeDef::bytes().fallible(),
461 }
462
463 aes_128_cbc_iso7816 {
464 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-128-CBC-ISO7816", key: "16_bytes_xxxxxxx", iv: "16_bytes_xxxxxxx"],
465 want: Ok(value!(b"\x94R\xb5\xfeE\xd9)N1\xd3\xfe\xe66E\x05\x9cWp\xcfu\xba\x86\x01Q\x9fw\x8f\xf2\x12\xba\x9b0")),
466 tdef: TypeDef::bytes().fallible(),
467 }
468
469 aes_256_cbc_iso10126 {
470 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-256-CBC-ISO10126", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
471 want: Ok(value!(b"\x80-9O\x1c\xf1,R\x02\xa0\x0e\x17G\xd8B\xf4\xf9q\xf3\x0c\xcaK\x03h\xbc\xb2\xe8vU\x12\x10\xb3")),
472 tdef: TypeDef::bytes().fallible(),
473 }
474
475 aes_192_cbc_iso10126 {
476 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-192-CBC-ISO10126", key: "24_bytes_xxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
477 want: Ok(value!(b"\xfaG\x97OVj\xd4\xf5\x80\x1c\x9f}\xac,:t\xfb\xca\xe5\xf1\x8c\x08\xed\\\xf5\xff\xef\xf8\xe9\n\x9c*")),
478 tdef: TypeDef::bytes().fallible(),
479 }
480
481 aes_128_cbc_iso10126 {
482 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-128-CBC-ISO10126", key: "16_bytes_xxxxxxx", iv: "16_bytes_xxxxxxx"],
483 want: Ok(value!(b"\x94R\xb5\xfeE\xd9)N1\xd3\xfe\xe66E\x05\x9ch\xae\xf6\x82\rD\xfdH\xd3T8n\xa7\xec\x98W")),
484 tdef: TypeDef::bytes().fallible(),
485 }
486
487 aes_128_siv {
488 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-128-SIV", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
489 want: Ok(value!(b"iMy\xb15\x16\x9dK\x97!\x9d1\x0fq\xe2\x9a\xb2\x15\xb2\xd2\xd0@\x19\xfa(\xffoZ\x17\xac\xe5U\xce\xd4\x81t")),
490 tdef: TypeDef::bytes().fallible(),
491 }
492
493 aes_256_siv {
494 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "AES-256-SIV", key: "64_bytes_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", iv: "16_bytes_xxxxxxx"],
495 want: Ok(value!(b"[\x9b>c\x8c\xb9\xf8\xa4\xb9\xf8\x15\xb0\xf9g \xbf\x84{\x16\xfa\xef\xcd4',O/0\xf6\xcdx\x0b\"A\xb95")),
496 tdef: TypeDef::bytes().fallible(),
497 }
498
499 chacha20_poly1305 {
500 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "CHACHA20-POLY1305", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "12_bytes_xxx"],
501 want: Ok(value!(b"\x14m\xe3\xc9\xbc!\xafu\xe31\xb9\x17\x8f\x9bOo0}n\xf4{$\x95\x0f\xa0\x820\xb7R\xe3.{\xd7?\x96\x10")),
502 tdef: TypeDef::bytes().fallible(),
503 }
504
505 xchacha20_poly1305 {
506 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "XCHACHA20-POLY1305", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "24_bytes_xxxxxxxxxxxxxxx"],
507 want: Ok(value!(b"\x84\xd0S<\\\x88\x019a\xd3\xa17\xdf\xc0\xe0\xd3h\xbcn-\x98\x85@\x19\x08\xc5ki\x18\x10\xdd!T#\x91\xcf")),
508 tdef: TypeDef::bytes().fallible(),
509 }
510
511 xsalsa20_poly1305 {
512 args: func_args![plaintext: value!("morethan1blockofdata"), algorithm: "XSALSA20-POLY1305", key: "32_bytes_xxxxxxxxxxxxxxxxxxxxxxx", iv: "24_bytes_xxxxxxxxxxxxxxx"],
513 want: Ok(value!(b"(\xc8\xb8\x88\x1d\xc0\xc0F\xa5\xc7n\xc8\x05B\t\xceiR\x8f\xaf\xc7\xa8\xeb.\x95(\x14\xe8C\x80[w\x85\xf3\x8dn")),
514 tdef: TypeDef::bytes().fallible(),
515 }
516 ];
517}