WIP: create encrypt with IV methods in SymmetricCipherFacade

2025-12-07 13:49:47 +00:00 · 2025-12-01 17:38:06 +01:00 · 2025-12-01 17:38:06 +01:00 · 73d7ddf371
commit 73d7ddf371
parent 96c1e1d940
3 changed files with 26 additions and 3 deletions
--- a/packages/tutanota-crypto/lib/encryption/symmetric/AesCbcFacade.ts
+++ b/packages/tutanota-crypto/lib/encryption/symmetric/AesCbcFacade.ts
@ -28,7 +28,7 @@ export class AesCbcFacade {
 	encrypt(
 		key: AesKey,
 		plainText: Uint8Array,
-		hasRandomIvToPrepend: boolean,
+		mustPrependIv: boolean,
 		iv: Uint8Array,
 		padding: boolean,
 		cipherVersion: SymmetricCipherVersion,
@ -40,7 +40,7 @@ export class AesCbcFacade {
 		)

 		let unauthenticatedCiphertext
-		if (hasRandomIvToPrepend) {
+		if (mustPrependIv) {
 			//version byte is not included into authentication tag for legacy reasons
 			unauthenticatedCiphertext = concat(iv, cipherText)
 		} else {
--- a/packages/tutanota-crypto/lib/encryption/symmetric/SymmetricCipherFacade.ts
+++ b/packages/tutanota-crypto/lib/encryption/symmetric/SymmetricCipherFacade.ts
@ -42,6 +42,29 @@ export class SymmetricCipherFacade {
 		return this.encrypt(key, bytes, true, SymmetricCipherVersion.UnusedReservedUnauthenticated, true)
 	}

+	/**
+	 * Encrypts a byte array with AES in CBC mode with a custom IV.
+	 *
+	 * Forces encryption without authentication. The custom IV is prepended to the returned CBC ciphertext.
+	 *
+	 * @deprecated
+	 */
+	encryptValueDeprecatedUnauthenticated(key: AesKey, bytes: Uint8Array, iv: Uint8Array): Uint8Array {
+		// TODO
+		return this.aesCbcFacade.encrypt(key, bytes, true, iv, true, SymmetricCipherVersion.AesCbcThenHmac)
+	}
+
+	/**
+	 * Encrypts a byte array with AES in CBC mode with a custom IV.
+	 *
+	 * Forces encryption without authentication. The custom IV is prepended to the returned CBC ciphertext.
+	 *
+	 * @deprecated
+	 */
+	encryptDatabaseKeyDeprecatedUnauthenticated(key: AesKey, bytes: Uint8Array, iv: Uint8Array): Uint8Array {
+		return this.aesCbcFacade.encrypt(key, bytes, true, iv, true, SymmetricCipherVersion.UnusedReservedUnauthenticated, true)
+	}
+
 	/**
 	 * Decrypts byte array with AES in CBC mode.
 	 *
--- a/packages/tutanota-crypto/lib/encryption/symmetric/SymmetricKeyDeriver.ts
+++ b/packages/tutanota-crypto/lib/encryption/symmetric/SymmetricKeyDeriver.ts
@ -26,7 +26,7 @@ export class SymmetricKeyDeriver {
 		switch (symmetricCipherVersion) {
 			case SymmetricCipherVersion.UnusedReservedUnauthenticated:
 				//we allow unauthenticated encryption of search index
-				if (keyLength !== AesKeyLength.Aes128 && skipAuthentication === false) {
+				if (keyLength !== AesKeyLength.Aes128 && !skipAuthentication) {
 					throw new CryptoError("key length " + keyLength + " is incompatible with cipherVersion " + symmetricCipherVersion)
 				}
 				return { encryptionKey: key, authenticationKey: null }