[KeyVault] - AES-CBC-PAD cryptography support (#14144)

## What - Add AESCBCPAD basic crypto support (just encrypt / decrypt for now) locally ## Why We're working towards implementing as many algorithms as we can locally without implementing our own cryptography. This commit allows us to perform encryption and decryption locally using AES symmetric keys. ## Callouts - Wrap / unwrap currently not implemented locally. I'm investigating whether node8 crypto can support it. Right now, it appears that while the underlying wrap/unwrap algorithms do not require an IV, node crypto does and will error if one is not supplied. While that investigation is ongoing we at least can support encrypt / decrypt locally - Since key export is not available I generate my own key and import it. Because of the recorder I had to make it as predictable and consistent as possible for tests - Node crypto doesn't have support for multiple padding modes as far as I can see, it only has auto padding enabled or disabled. Therefore it's not trivial to implement AESCBC (zero-padded).
Azure · Mar 12, 2021 · 6d578c1 · 6d578c1
1 parent 7a2bd80
commit 6d578c1
Show file tree

Hide file tree

Showing 24 changed files with 2,222 additions and 93 deletions.
diff --git a/sdk/keyvault/keyvault-keys/CHANGELOG.md b/sdk/keyvault/keyvault-keys/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## 4.2.0-beta.5 (Unreleased)
 
+- Added local cryptography support for encryption / decryption for `A128CBCPAD`, `A192CBCPAD`, and `A256CBCPAD`.
+- For AES-CBC encryption we will now generate an IV if the user did not pass it in, making `iv` optional for those parameters.
 
 ## 4.2.0-beta.4 (2021-03-09)
 

diff --git a/sdk/keyvault/keyvault-keys/package.json b/sdk/keyvault/keyvault-keys/package.json
@@ -36,8 +36,9 @@
   "browser": {
     "os": false,
     "process": false,
-    "./dist-esm/keyvault-keys/src/cryptography/hash.js": "./dist-esm/keyvault-keys/src/cryptography/hash.browser.js",
-    "./dist-esm/keyvault-keys/src/cryptography/rsaCryptographyProvider.js": "./dist-esm/keyvault-keys/src/cryptography/rsaCryptographyProvider.browser.js"
+    "./dist-esm/keyvault-keys/src/cryptography/crypto.js": "./dist-esm/keyvault-keys/src/cryptography/crypto.browser.js",
+    "./dist-esm/keyvault-keys/src/cryptography/rsaCryptographyProvider.js": "./dist-esm/keyvault-keys/src/cryptography/rsaCryptographyProvider.browser.js",
+    "./dist-esm/keyvault-keys/src/cryptography/aesCryptographyProvider.js": "./dist-esm/keyvault-keys/src/cryptography/aesCryptographyProvider.browser.js"
   },
   "scripts": {
     "audit": "node ../../../common/scripts/rush-audit.js && rimraf node_modules package-lock.json && npm i --package-lock-only 2>&1 && npm audit",

diff --git a/...th_pkcs_padding_128_localremote_tests/recording_encrypts_locally_and_decrypts_remotely.js b/...th_pkcs_padding_128_localremote_tests/recording_encrypts_locally_and_decrypts_remotely.js