diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2023-05-16 13:11:39 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2023-05-22 11:03:16 +0200 |
commit | d088cdb56f525beb1306a8145362a13e11704bf6 (patch) | |
tree | e373f819e861221474200c2b38f8a962ccb15108 | |
parent | 480ab2440afca45313425013c12e847adc31d871 (diff) |
openpgp: Implement OCB mode using the Nettle backend.
- Nettle 3.9 and up support the authenticated encryption mode OCB.
-rw-r--r-- | Cargo.lock | 5 | ||||
-rw-r--r-- | openpgp/Cargo.toml | 2 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/nettle.rs | 18 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/nettle/aead.rs | 56 |
4 files changed, 75 insertions, 6 deletions
@@ -1552,14 +1552,15 @@ dependencies = [ [[package]] name = "nettle" -version = "7.2.2" +version = "7.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91ff5d538c014cb58ab701db16e28aa66fbbb8b472bf65821d0e84f72aae6d4f" +checksum = "b9fdccf3eae7b161910d2daa2f0155ca35041322e8fe5c5f1f2c9d0b12356336" dependencies = [ "getrandom 0.2.9", "libc", "nettle-sys", "thiserror", + "typenum", ] [[package]] diff --git a/openpgp/Cargo.toml b/openpgp/Cargo.toml index 6e1c950b..bfae2c4b 100644 --- a/openpgp/Cargo.toml +++ b/openpgp/Cargo.toml @@ -38,7 +38,7 @@ lalrpop-util = ">=0.17, <0.20" lazy_static = "1.4.0" libc = "0.2.66" memsec = { version = ">=0.5, <0.7", default-features = false } -nettle = { version = "7.2.2", optional = true } +nettle = { version = "7.3", optional = true } once_cell = "1" regex = "1" regex-syntax = "0.6" diff --git a/openpgp/src/crypto/backend/nettle.rs b/openpgp/src/crypto/backend/nettle.rs index d2d8750a..62c62f4b 100644 --- a/openpgp/src/crypto/backend/nettle.rs +++ b/openpgp/src/crypto/backend/nettle.rs @@ -14,9 +14,10 @@ pub mod symmetric; pub fn backend() -> String { let (major, minor) = nettle::version(); format!( - "Nettle {}.{} (Cv448: {:?})", + "Nettle {}.{} (Cv448: {:?}, OCB: {:?})", major, minor, nettle::curve448::IS_SUPPORTED, + nettle::aead::OCB_IS_SUPPORTED, ) } @@ -65,7 +66,9 @@ impl AEADAlgorithm { match &self { EAX => true, - OCB | Private(_) | Unknown(_) + OCB + => nettle::aead::OCB_IS_SUPPORTED, + Private(_) | Unknown(_) => false, } } @@ -84,6 +87,17 @@ impl AEADAlgorithm { SymmetricAlgorithm::Camellia256 => true, _ => false, }, + AEADAlgorithm::OCB => + match algo { + SymmetricAlgorithm::AES128 | + SymmetricAlgorithm::AES192 | + SymmetricAlgorithm::AES256 | + SymmetricAlgorithm::Twofish | + SymmetricAlgorithm::Camellia128 | + SymmetricAlgorithm::Camellia192 | + SymmetricAlgorithm::Camellia256 => true, + _ => false, + }, _ => false } } diff --git a/openpgp/src/crypto/backend/nettle/aead.rs b/openpgp/src/crypto/backend/nettle/aead.rs index 486269b1..76303715 100644 --- a/openpgp/src/crypto/backend/nettle/aead.rs +++ b/openpgp/src/crypto/backend/nettle/aead.rs @@ -1,7 +1,14 @@ //! Implementation of AEAD using Nettle cryptographic library. use std::cmp::Ordering; -use nettle::{aead::{self, Aead as _}, cipher}; +use nettle::{ + aead::{ + self, + Aead as _, + typenum::consts::U16, + }, + cipher, +}; use crate::{Error, Result}; @@ -110,6 +117,53 @@ impl AEADAlgorithm { }, _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), }, + + AEADAlgorithm::OCB => match sym_algo { + SymmetricAlgorithm::AES128 => { + let mut ctx = + aead::Ocb::<cipher::Aes128, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::AES192 => { + let mut ctx = + aead::Ocb::<cipher::Aes192, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::AES256 => { + let mut ctx = + aead::Ocb::<cipher::Aes256, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Twofish => { + let mut ctx = + aead::Ocb::<cipher::Twofish, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Camellia128 => { + let mut ctx = + aead::Ocb::<cipher::Camellia128, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Camellia192 => { + let mut ctx = + aead::Ocb::<cipher::Camellia192, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Camellia256 => { + let mut ctx = + aead::Ocb::<cipher::Camellia256, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), + }, + _ => Err(Error::UnsupportedAEADAlgorithm(*self).into()), } } |