Add support for CBC without padding

lovetodream commented 7 months ago

This PR adds support for CBC de- and encryption without padding, as discussed in #209

Checklist

[x] I've run tests to see all new and existing tests pass
[x] I've followed the code style of the rest of the project
[x] I've read the Contribution Guidelines
[x] I've updated the documentation if necessary

If you've made changes to `gyb` files

[ ] I've run .script/generate_boilerplate_files_with_gyb and included updated generated files in a commit of this pull request

Motivation:

As described in #209, I personally need this to migrate an oracle driver from a third party crypto lib to swift-crypto. I think other users might benefit from this addition too.

Modifications:

I've added an overload to the encrypt and decrypt methods of AES._CBC, allowing the user to configure if padding should be added or not. With noPadding set to true, an error will be thrown if the plaintext isn't a multiple of the block size. I've added the corresponding inline documentation.

I've also added tests to ensure both encrypting and decrypting without padding work as expected. Although those tests might not be sufficient enough, because I couldn't find good resources online. I've created a bunch of random hex strings and encrypted/decrypted them using another implementation of paddingless CBC and checked if I receive the expected results. To further validate the feature, I've tested it as part of the authentication in oracle-nio, which worked in all test scenarios I've been running.

Result:

After merging this, it will be possible to use CBC without padding. This closes #209

Lukasa commented 7 months ago

@swift-server-bot test this please

Lukasa commented 7 months ago

@swift-server-bot test this please

lovetodream commented 7 months ago

One final suggestion here: these tests encrypt and decrypt only inputs that are a single block in size, or that are not an even multiple. Can you add a few tests that use multi-block-size inputs?

Sure, I've added a few more with 2-16x block sizes

lovetodream commented 7 months ago

Anything left for me to do @Lukasa?

Lukasa commented 7 months ago

Hi @lovetodream, sorry about the delay, I've been swamped. I'll take a look now.

Lukasa commented 7 months ago

@swift-server-bot test this please

Lukasa commented 7 months ago

Nice change, thanks for your hard work!

apple / swift-crypto