aes ofb implementation + test

src/nks/hcvault/key_handle.rs

@@ -280,10 +280,22 @@ impl KeyHandle for NksProvider {
                                 decrypted_data.truncate(count + rest);
                                 Ok(decrypted_data)
                             }
-                            // SymmetricMode::Ofb => {
-                            //     // AES OFB encryption
-                            //     // ...
-                            // }
+                            SymmetricMode::Ofb => {
+                                let cipher = match length {
+                                    KeyBits::Bits128 => Cipher::aes_128_ofb(),
+                                    KeyBits::Bits192 => Cipher::aes_192_ofb(),
+                                    KeyBits::Bits256 => Cipher::aes_256_ofb(),
+                                    _ => return Err(SecurityModuleError::UnsupportedAlgorithm),
+                                };
+                                let key = openssl_base64::decode_block(&self.private_key).unwrap();
+                                let (iv, encrypted_data) = _encrypted_data.split_at(cipher.iv_len().unwrap());
+                                let mut crypter = Crypter::new(cipher, Mode::Decrypt, &key, Some(iv)).unwrap();
+                                let mut decrypted_data = vec![0; encrypted_data.len() + cipher.block_size()];
+                                let count = crypter.update(encrypted_data, &mut decrypted_data).unwrap();
+                                let rest = crypter.finalize(&mut decrypted_data[count..]).unwrap();
+                                decrypted_data.truncate(count + rest);
+                                Ok(decrypted_data)
+                            }
                             SymmetricMode::Ctr => {
                                 let cipher = match length {
                                     KeyBits::Bits128 => Cipher::aes_128_ctr(),
@@ -507,10 +519,25 @@ impl KeyHandle for NksProvider {
                                 result.extend(encrypted_data);
                                 Ok(result)
                             }
-                            // SymmetricMode::Ofb => {
-                            //     // AES OFB encryption
-                            //     // ...
-                            // }
+                            SymmetricMode::Ofb => {
+                                let cipher = match length {
+                                    KeyBits::Bits128 => Cipher::aes_128_ofb(),
+                                    KeyBits::Bits192 => Cipher::aes_192_ofb(),
+                                    KeyBits::Bits256 => Cipher::aes_256_ofb(),
+                                    _ => return Err(SecurityModuleError::UnsupportedAlgorithm),
+                                };
+                                let key = openssl_base64::decode_block(&self.private_key).unwrap();
+                                let mut iv = vec![0; cipher.iv_len().unwrap()];
+                                openssl::rand::rand_bytes(&mut iv).unwrap();
+                                let mut crypter = Crypter::new(cipher, Mode::Encrypt, &key, Some(&iv)).unwrap();
+                                let mut encrypted_data = vec![0; _data.len() + cipher.block_size()];
+                                let count = crypter.update(_data, &mut encrypted_data).unwrap();
+                                let rest = crypter.finalize(&mut encrypted_data[count..]).unwrap();
+                                encrypted_data.truncate(count + rest);
+                                let mut result = iv;
+                                result.extend(encrypted_data);
+                                Ok(result)
+                            }
                             SymmetricMode::Ctr => {
                                 let cipher = match length {
                                     KeyBits::Bits128 => Cipher::aes_128_ctr(),

src/tests/nks/key_handle_tests.rs

@@ -284,3 +284,31 @@ fn test_encrypt_and_decrypt_aes_cfb() {
         assert_eq!(data, decrypted_data.as_slice())
     }
 }
+
+#[test]
+fn test_encrypt_and_decrypt_aes_ofb() {
+    for &key_size in &[KeyBits::Bits128, KeyBits::Bits192, KeyBits::Bits256] {
+        let mut provider = NksProvider::new("aes_ofb".to_string());
+
+        provider.config = Some(crate::tests::nks::provider_handle_tests::get_config("aes_ofb", Some(key_size)).unwrap());
+
+        provider
+            .initialize_module()
+            .expect("Failed to initialize module");
+
+        if let Some(nks_config) = provider.config.as_ref().unwrap().as_any().downcast_ref::<NksConfig>() {
+            provider
+                .load_key(&format!("test_aes_ofb_key_{}", key_size as u8), Box::new(nks_config.clone()))
+                .expect("Failed to load AES key");
+        } else {
+            println!("Failed to downcast to NksConfig");
+        }
+
+        let data = b"Hello, World!";
+        let encrypted_data = provider.encrypt_data(data).expect("Failed to encrypt data");
+        let decrypted_data = provider
+            .decrypt_data(&encrypted_data)
+            .expect("Failed to decrypt data");
+        assert_eq!(data, decrypted_data.as_slice())
+    }
+}

src/tests/nks/provider_handle_tests.rs

@@ -78,7 +78,7 @@ fn test_create_ecdh_key() {
 #[test]
 fn test_create_aes_key() {
     for &key_size in &[KeyBits::Bits128, KeyBits::Bits192, KeyBits::Bits256] {
-        for &aes_mode in &["aes_gcm", "aes_ccm", "aes_ecb", "aes_cbc", "aes_ctr", "aes_cfb"] {
+        for &aes_mode in &["aes_gcm", "aes_ccm", "aes_ecb", "aes_cbc", "aes_ctr", "aes_cfb", "aes_ofb"] {
             let mut provider = NksProvider::new("test_key".to_string());
 
             provider.config = Some(get_config(aes_mode, Some(key_size)).unwrap());
@@ -158,7 +158,7 @@ fn test_load_ecdh_key() {
 #[test]
 fn test_load_aes_key() {
     for &key_size in &[KeyBits::Bits128, KeyBits::Bits192, KeyBits::Bits256] {
-        for &aes_mode in &["aes_gcm", "aes_ccm", "aes_ecb", "aes_cbc", "aes_ctr", "aes_cfb"] {
+        for &aes_mode in &["aes_gcm", "aes_ccm", "aes_ecb", "aes_cbc", "aes_ctr", "aes_cfb", "aes_ofb"] {
             let mut provider = NksProvider::new("test_key".to_string());
 
             provider.config = Some(get_config(aes_mode, Some(key_size)).unwrap());
@@ -294,6 +294,17 @@ pub fn get_config(key_type: &str, key_size: Option<KeyBits>) -> Option<Arc<dyn P
                 Some(BlockCiphers::Aes(SymmetricMode::Cfb, key_size)),
             ))
         },
+        "aes_ofb" => {
+            let key_size = key_size.unwrap_or(KeyBits::Bits256); // Default to 256 bits if no size is provided
+            Some(NksConfig::new(
+                "".to_string(),
+                "https://localhost:5000/".to_string(),
+                None,
+                Hash::Sha2(256.into()),
+                vec![KeyUsage::Decrypt],
+                Some(BlockCiphers::Aes(SymmetricMode::Cfb, key_size)),
+            ))
+        },
         _ => None,
     }
 }