openpgp: Make AEAD interface functions fallible.

- Some backends may want to propagate their internal errors to the caller. - Modify all functions to return Results and their clients to either propagate the error or handle it.
author: Wiktor Kwapisiewicz <wiktor@metacode.biz> 2022-10-27 09:09:41 +0200
committer: Wiktor Kwapisiewicz <wiktor@metacode.biz> 2022-12-21 10:50:45 +0100
commit: 88f9a613baa2bd844b1ef9a3caea82562418725e (patch)
tree: f61a16d431fa606a76c02d61a7d3d555b1a94033
parent: d2e89927ce5ff0ecbd5a2edd0a94d6a81fd731b8 (diff)
5 files changed, 71 insertions, 55 deletions
diff --git a/openpgp/src/crypto/aead.rs b/openpgp/src/crypto/aead.rs
index 9d43c1a5..6b35fec1 100644
--- a/openpgp/src/crypto/aead.rs
+++ b/openpgp/src/crypto/aead.rs
@@ -51,14 +51,13 @@ pub(crate) fn chunk_size_usize(chunk_size: u64) -> Result<usize> {
 /// [sealed]: https://rust-lang.github.io/api-guidelines/future-proofing.html#sealed-traits-protect-against-downstream-implementations-c-sealed
 pub trait Aead : seal::Sealed {
     /// Adds associated data `ad`.
-    fn update(&mut self, ad: &[u8]);
+    fn update(&mut self, ad: &[u8]) -> Result<()>;
 
     /// Encrypts one block `src` to `dst`.
-    fn encrypt(&mut self, dst: &mut [u8], src: &[u8]);
-    /// Decrypts one block `src` to `dst`.
+    fn encrypt(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()>;
 
     /// Produce the digest.
-    fn digest(&mut self, digest: &mut [u8]);
+    fn digest(&mut self, digest: &mut [u8]) -> Result<()>;
 
     /// Length of the digest in bytes.
     fn digest_size(&self) -> usize;
@@ -391,10 +390,10 @@ impl<'a, S: Schedule> Decryptor<'a, S> {
                         self.aead.context(self.sym_algo, &self.key, iv,
                                           CipherOp::Decrypt)
                             .map(|mut aead| {
-                                aead.update(ad);
-                                aead
+                                aead.update(ad)?;
+                                Ok::<Box<dyn Aead>, anyhow::Error>(aead)
                             })
-                    })?;
+                    })??;
 
                 // Decrypt the chunk and check the tag.
                 let to_decrypt = chunk.len() - self.digest_size;
@@ -442,10 +441,10 @@ impl<'a, S: Schedule> Decryptor<'a, S> {
                         self.aead.context(self.sym_algo, &self.key, iv,
                                           CipherOp::Decrypt)
                             .map(|mut aead| {
-                                aead.update(ad);
-                                aead
+                                aead.update(ad)?;
+                                Ok::<Box<dyn Aead>, anyhow::Error>(aead)
                             })
-                    })?;
+                    })??;
 
                 let final_digest = self.source.data(final_digest_size)?;
 
@@ -660,22 +659,22 @@ impl<W: io::Write, S: Schedule> Encryptor<W, S> {
                         self.aead.context(self.sym_algo, &self.key, iv,
                                           CipherOp::Encrypt)
                             .map(|mut aead| {
-                                aead.update(ad);
-                                aead
+                                aead.update(ad)?;
+                                Ok::<Box<dyn Aead>, anyhow::Error>(aead)
                             })
-                    })?;
+                    })??;
 
                 let inner = self.inner.as_mut().unwrap();
 
                 // Encrypt the chunk.
-                aead.encrypt(&mut self.scratch, &self.buffer);
+                aead.encrypt(&mut self.scratch, &self.buffer)?;
                 self.bytes_encrypted += self.scratch.len() as u64;
                 self.chunk_index += 1;
                 crate::vec_truncate(&mut self.buffer, 0);
                 inner.write_all(&self.scratch)?;
 
                 // Write digest.
-                aead.digest(&mut self.scratch[..self.digest_size]);
+                aead.digest(&mut self.scratch[..self.digest_size])?;
                 inner.write_all(&self.scratch[..self.digest_size])?;
             }
         }
@@ -689,21 +688,21 @@ impl<W: io::Write, S: Schedule> Encryptor<W, S> {
                         self.aead.context(self.sym_algo, &self.key, iv,
                                           CipherOp::Encrypt)
                             .map(|mut aead| {
-                                aead.update(ad);
-                                aead
+                                aead.update(ad)?;
+                                Ok::<Box<dyn Aead>, anyhow::Error>(aead)
                             })
-                    })?;
+                    })??;
 
                 let inner = self.inner.as_mut().unwrap();
 
                 // Encrypt the chunk.
-                aead.encrypt(&mut self.scratch, chunk);
+                aead.encrypt(&mut self.scratch, chunk)?;
                 self.bytes_encrypted += self.scratch.len() as u64;
                 self.chunk_index += 1;
                 inner.write_all(&self.scratch)?;
 
                 // Write digest.
-                aead.digest(&mut self.scratch[..self.digest_size]);
+                aead.digest(&mut self.scratch[..self.digest_size])?;
                 inner.write_all(&self.scratch[..self.digest_size])?;
             } else {
                 // Stash for later.
@@ -724,14 +723,14 @@ impl<W: io::Write, S: Schedule> Encryptor<W, S> {
                         self.aead.context(self.sym_algo, &self.key, iv,
                                           CipherOp::Encrypt)
                             .map(|mut aead| {
-                                aead.update(ad);
-                                aead
+                                aead.update(ad)?;
+                                Ok::<Box<dyn Aead>, anyhow::Error>(aead)
                             })
-                    })?;
+                    })??;
 
                 // Encrypt the chunk.
                 unsafe { self.scratch.set_len(self.buffer.len()) }
-                aead.encrypt(&mut self.scratch, &self.buffer);
+                aead.encrypt(&mut self.scratch, &self.buffer)?;
                 self.bytes_encrypted += self.scratch.len() as u64;
                 self.chunk_index += 1;
                 crate::vec_truncate(&mut self.buffer, 0);
@@ -739,7 +738,7 @@ impl<W: io::Write, S: Schedule> Encryptor<W, S> {
 
                 // Write digest.
                 unsafe { self.scratch.set_len(self.digest_size) }
-                aead.digest(&mut self.scratch[..self.digest_size]);
+                aead.digest(&mut self.scratch[..self.digest_size])?;
                 inner.write_all(&self.scratch[..self.digest_size])?;
             }
 
@@ -750,11 +749,11 @@ impl<W: io::Write, S: Schedule> Encryptor<W, S> {
                     self.aead.context(self.sym_algo, &self.key, iv,
                                       CipherOp::Encrypt)
                         .map(|mut aead| {
-                            aead.update(ad);
-                            aead
+                            aead.update(ad)?;
+                            Ok::<Box<dyn Aead>, anyhow::Error>(aead)
                         })
-                })?;
-            aead.digest(&mut self.scratch[..self.digest_size]);
+                })??;
+            aead.digest(&mut self.scratch[..self.digest_size])?;
             inner.write_all(&self.scratch[..self.digest_size])?;
 
             Ok(inner)
diff --git a/openpgp/src/crypto/backend/cng/aead.rs b/openpgp/src/crypto/backend/cng/aead.rs
index fb95b150..7389c1f0 100644
--- a/openpgp/src/crypto/backend/cng/aead.rs
+++ b/openpgp/src/crypto/backend/cng/aead.rs
@@ -89,18 +89,23 @@ macro_rules! impl_aead {
     ($($type: ty),*) => {
         $(
         impl Aead for EaxOnline<$type, Encrypt> {
-            fn update(&mut self, ad: &[u8]) { self.update_assoc(ad) }
+            fn update(&mut self, ad: &[u8]) -> Result<()> {
+                self.update_assoc(ad);
+                Ok(())
+            }
             fn digest_size(&self) -> usize {
                 <eax::Tag as GenericArrayExt<_, _>>::LEN
             }
-            fn digest(&mut self, digest: &mut [u8]) {
+            fn digest(&mut self, digest: &mut [u8]) -> Result<()> {
                 let tag = self.tag_clone();
                 digest[..tag.len()].copy_from_slice(&tag[..]);
+                Ok(())
             }
-            fn encrypt(&mut self, dst: &mut [u8], src: &[u8]) {
+            fn encrypt(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> {
                 let len = core::cmp::min(dst.len(), src.len());
                 dst[..len].copy_from_slice(&src[..len]);
-                EaxOnline::<$type, Encrypt>::encrypt(self, &mut dst[..len])
+                EaxOnline::<$type, Encrypt>::encrypt(self, &mut dst[..len]);
+                Ok(())
             }
             fn decrypt_verify(&mut self, _dst: &mut [u8], _src: &[u8], _digest: &[u8]) -> Result<()> {
                 panic!("AEAD decryption called in the encryption context")
@@ -110,15 +115,19 @@ macro_rules! impl_aead {
         )*
         $(
         impl Aead for EaxOnline<$type, Decrypt> {
-            fn update(&mut self, ad: &[u8]) { self.update_assoc(ad) }
+            fn update(&mut self, ad: &[u8]) -> Result<()> {
+                self.update_assoc(ad);
+                Ok(())
+            }
             fn digest_size(&self) -> usize {
                 <eax::Tag as GenericArrayExt<_, _>>::LEN
             }
-            fn digest(&mut self, digest: &mut [u8]) {
+            fn digest(&mut self, digest: &mut [u8]) -> Result<()> {
                 let tag = self.tag_clone();
                 digest[..tag.len()].copy_from_slice(&tag[..]);
+                Ok(())
             }
-            fn encrypt(&mut self, _dst: &mut [u8], _src: &[u8]) {
+            fn encrypt(&mut self, _dst: &mut [u8], _src: &[u8]) -> Result<()> {
                 panic!("AEAD encryption called in the decryption context")
             }
             fn decrypt_verify(&mut self, dst: &mut [u8], src: &[u8], digest: &[u8]) -> Result<()> {
diff --git a/openpgp/src/crypto/backend/nettle/aead.rs b/openpgp/src/crypto/backend/nettle/aead.rs
index 000d3156..3cdbc42e 100644
--- a/openpgp/src/crypto/backend/nettle/aead.rs
+++ b/openpgp/src/crypto/backend/nettle/aead.rs
@@ -18,11 +18,13 @@ const DANGER_DISABLE_AUTHENTICATION: bool = false;
 
 impl<T: nettle::aead::Aead> seal::Sealed for T {}
 impl<T: nettle::aead::Aead> Aead for T {
-    fn update(&mut self, ad: &[u8]) {
-        self.update(ad)
+    fn update(&mut self, ad: &[u8]) -> Result<()> {
+        self.update(ad);
+        Ok(())
     }
-    fn encrypt(&mut self, dst: &mut [u8], src: &[u8]) {
-        self.encrypt(dst, src)
+    fn encrypt(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> {
+        self.encrypt(dst, src);
+        Ok(())
     }
     fn decrypt_verify(&mut self, dst: &mut [u8], src: &[u8], digest: &[u8]) -> Result<()> {
         self.decrypt(dst, src);
@@ -36,8 +38,9 @@ impl<T: nettle::aead::Aead> Aead for T {
             }
         Ok(())
     }
-    fn digest(&mut self, digest: &mut [u8]) {
-        self.digest(digest)
+    fn digest(&mut self, digest: &mut [u8]) -> Result<()> {
+        self.digest(digest);
+        Ok(())
     }
     fn digest_size(&self) -> usize {
         self.digest_size()
diff --git a/openpgp/src/crypto/backend/rust/aead.rs b/openpgp/src/crypto/backend/rust/aead.rs
index f4dbc198..e58583a1 100644
--- a/openpgp/src/crypto/backend/rust/aead.rs
+++ b/openpgp/src/crypto/backend/rust/aead.rs
@@ -45,23 +45,26 @@ where
     Cipher: BlockCipher<BlockSize = U16> + NewBlockCipher + Clone,
     Cipher::ParBlocks: ArrayLength<Block<Cipher>>,
 {
-    fn update(&mut self, ad: &[u8]) {
-        self.update_assoc(ad)
+    fn update(&mut self, ad: &[u8]) -> Result<()> {
+        self.update_assoc(ad);
+        Ok(())
     }
 
     fn digest_size(&self) -> usize {
         eax::Tag::LEN
     }
 
-    fn digest(&mut self, digest: &mut [u8]) {
+    fn digest(&mut self, digest: &mut [u8]) -> Result<()> {
         let tag = self.tag_clone();
         digest[..tag.len()].copy_from_slice(&tag[..]);
+        Ok(())
     }
 
-    fn encrypt(&mut self, dst: &mut [u8], src: &[u8]) {
+    fn encrypt(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> {
         let len = cmp::min(dst.len(), src.len());
         dst[..len].copy_from_slice(&src[..len]);
-        Self::encrypt(self, &mut dst[..len])
+        Self::encrypt(self, &mut dst[..len]);
+        Ok(())
     }
 
     fn decrypt_verify(&mut self, _dst: &mut [u8], _src: &[u8], _digest: &[u8]) -> Result<()> {
@@ -74,20 +77,22 @@ where
     Cipher: BlockCipher<BlockSize = U16> + NewBlockCipher + Clone,
     Cipher::ParBlocks: ArrayLength<Block<Cipher>>,
 {
-    fn update(&mut self, ad: &[u8]) {
-        self.update_assoc(ad)
+    fn update(&mut self, ad: &[u8]) -> Result<()> {
+        self.update_assoc(ad);
+        Ok(())
     }
 
     fn digest_size(&self) -> usize {
         eax::Tag::LEN
     }
 
-    fn digest(&mut self, digest: &mut [u8]) {
+    fn digest(&mut self, digest: &mut [u8]) -> Result<()> {
         let tag = self.tag_clone();
         digest[..tag.len()].copy_from_slice(&tag[..]);
+        Ok(())
     }
 
-    fn encrypt(&mut self, _dst: &mut [u8], _src: &[u8]) {
+    fn encrypt(&mut self, _dst: &mut [u8], _src: &[u8]) -> Result<()> {
         panic!("AEAD encryption called in the decryption context")
     }
 
diff --git a/openpgp/src/packet/skesk.rs b/openpgp/src/packet/skesk.rs
index fbbd0aac..1a3a74f7 100644
--- a/openpgp/src/packet/skesk.rs
+++ b/openpgp/src/packet/skesk.rs
@@ -462,15 +462,15 @@ impl SKESK5 {
 
         // Prepare associated data.
         let ad = [0xc3, 5, esk_algo.into(), esk_aead.into()];
-        ctx.update(&ad);
+        ctx.update(&ad)?;
 
         // We need to prefix the cipher specifier to the session key.
         let mut esk = vec![0u8; session_key.len()];
-        ctx.encrypt(&mut esk, session_key);
+        ctx.encrypt(&mut esk, session_key)?;
 
         // Digest.
         let mut digest = vec![0u8; esk_aead.digest_size()?];
-        ctx.digest(&mut digest);
+        ctx.digest(&mut digest)?;
 
         SKESK5::new(esk_algo, esk_aead, s2k, iv.into_boxed_slice(), esk.into(),
                     digest.into_boxed_slice())
@@ -499,7 +499,7 @@ impl SKESK5 {
 
             let ad = [0xc3, 5 /* Version.  */, self.symmetric_algo().into(),
                       self.aead_algo.into()];
-            cipher.update(&ad);
+            cipher.update(&ad)?;
             let mut plain: SessionKey = vec![0; esk.len()].into();
             cipher.decrypt_verify(&mut plain, esk, &self.aead_digest[..])?;
             Ok((SymmetricAlgorithm::Unencrypted, plain))
author	Wiktor Kwapisiewicz <wiktor@metacode.biz>	2022-10-27 09:09:41 +0200
committer	Wiktor Kwapisiewicz <wiktor@metacode.biz>	2022-12-21 10:50:45 +0100
commit	88f9a613baa2bd844b1ef9a3caea82562418725e (patch)
tree	f61a16d431fa606a76c02d61a7d3d555b1a94033
parent	d2e89927ce5ff0ecbd5a2edd0a94d6a81fd731b8 (diff)