diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2023-02-28 12:19:05 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2023-02-28 13:20:22 +0100 |
| commit | f6b4b029930ac93fd6b3efed0128940b4b343fe0 (patch) | |
| tree | efefee6c5e48723bfe1b10d6ce179aef478eeac5 /openpgp/src/crypto/backend/cng/aead.rs | |
| parent | 39bf91d6812f499327752803a6ecfada74a9b606 (diff) | |
openpgp: Further simplify AEAD abstraction.
- Hand in the additional authenticated data when constructing the
context.
Diffstat (limited to 'openpgp/src/crypto/backend/cng/aead.rs')
| -rw-r--r-- | openpgp/src/crypto/backend/cng/aead.rs | 105 |
1 files changed, 61 insertions, 44 deletions
diff --git a/openpgp/src/crypto/backend/cng/aead.rs b/openpgp/src/crypto/backend/cng/aead.rs index afc6b7c9..c714efbb 100644 --- a/openpgp/src/crypto/backend/cng/aead.rs +++ b/openpgp/src/crypto/backend/cng/aead.rs @@ -7,7 +7,7 @@ use crate::crypto::mem::secure_cmp; use crate::seal; use crate::types::{AEADAlgorithm, SymmetricAlgorithm}; -use eax::online::{EaxOnline, Encrypt, Decrypt}; +use eax::online::{Eax, Encrypt, Decrypt}; use win_crypto_ng::symmetric::{BlockCipherKey, Aes}; use win_crypto_ng::symmetric::block_cipher::generic_array::{GenericArray, ArrayLength}; use win_crypto_ng::symmetric::block_cipher::generic_array::typenum::{U128, U192, U256}; @@ -42,42 +42,67 @@ impl AEADAlgorithm { &self, sym_algo: SymmetricAlgorithm, key: &[u8], + aad: &[u8], nonce: &[u8], op: CipherOp, ) -> Result<Box<dyn Aead>> { match self { AEADAlgorithm::EAX => match sym_algo { - | SymmetricAlgorithm::AES128 => { - let key = GenericArray::try_from_slice(key)?; - let nonce = GenericArray::try_from_slice(nonce)?; - Ok(match op { - CipherOp::Encrypt => - Box::new(EaxOnline::<BlockCipherKey<Aes, U128>, Encrypt>::with_key_and_nonce(key, nonce)), - CipherOp::Decrypt => - Box::new(EaxOnline::<BlockCipherKey<Aes, U128>, Decrypt>::with_key_and_nonce(key, nonce)), - }) - } - SymmetricAlgorithm::AES192 => { - let key = GenericArray::try_from_slice(key)?; - let nonce = GenericArray::try_from_slice(nonce)?; - Ok(match op { - CipherOp::Encrypt => - Box::new(EaxOnline::<BlockCipherKey<Aes, U192>, Encrypt>::with_key_and_nonce(key, nonce)), - CipherOp::Decrypt => - Box::new(EaxOnline::<BlockCipherKey<Aes, U192>, Decrypt>::with_key_and_nonce(key, nonce)), - }) - } - SymmetricAlgorithm::AES256 => { - let key = GenericArray::try_from_slice(key)?; - let nonce = GenericArray::try_from_slice(nonce)?; - Ok(match op { - CipherOp::Encrypt => - Box::new(EaxOnline::<BlockCipherKey<Aes, U256>, Encrypt>::with_key_and_nonce(key, nonce)), - CipherOp::Decrypt => - Box::new(EaxOnline::<BlockCipherKey<Aes, U256>, Decrypt>::with_key_and_nonce(key, nonce)), - }) - } + SymmetricAlgorithm::AES128 => match op { + CipherOp::Encrypt => { + let mut ctx = + Eax::<BlockCipherKey<Aes, U128>, Encrypt>::with_key_and_nonce( + GenericArray::try_from_slice(key)?, + GenericArray::try_from_slice(nonce)?); + ctx.update_assoc(aad); + Ok(Box::new(ctx)) + }, + CipherOp::Decrypt => { + let mut ctx = + Eax::<BlockCipherKey<Aes, U128>, Decrypt>::with_key_and_nonce( + GenericArray::try_from_slice(key)?, + GenericArray::try_from_slice(nonce)?); + ctx.update_assoc(aad); + Ok(Box::new(ctx)) + }, + }, + SymmetricAlgorithm::AES192 => match op { + CipherOp::Encrypt => { + let mut ctx = + Eax::<BlockCipherKey<Aes, U192>, Encrypt>::with_key_and_nonce( + GenericArray::try_from_slice(key)?, + GenericArray::try_from_slice(nonce)?); + ctx.update_assoc(aad); + Ok(Box::new(ctx)) + }, + CipherOp::Decrypt => { + let mut ctx = + Eax::<BlockCipherKey<Aes, U192>, Decrypt>::with_key_and_nonce( + GenericArray::try_from_slice(key)?, + GenericArray::try_from_slice(nonce)?); + ctx.update_assoc(aad); + Ok(Box::new(ctx)) + }, + }, + SymmetricAlgorithm::AES256 => match op { + CipherOp::Encrypt => { + let mut ctx = + Eax::<BlockCipherKey<Aes, U256>, Encrypt>::with_key_and_nonce( + GenericArray::try_from_slice(key)?, + GenericArray::try_from_slice(nonce)?); + ctx.update_assoc(aad); + Ok(Box::new(ctx)) + }, + CipherOp::Decrypt => { + let mut ctx = + Eax::<BlockCipherKey<Aes, U256>, Decrypt>::with_key_and_nonce( + GenericArray::try_from_slice(key)?, + GenericArray::try_from_slice(nonce)?); + ctx.update_assoc(aad); + Ok(Box::new(ctx)) + }, + }, _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), }, _ => Err(Error::UnsupportedAEADAlgorithm(self.clone()).into()), @@ -88,11 +113,7 @@ impl AEADAlgorithm { macro_rules! impl_aead { ($($type: ty),*) => { $( - impl Aead for EaxOnline<$type, Encrypt> { - fn update(&mut self, ad: &[u8]) -> Result<()> { - self.update_assoc(ad); - Ok(()) - } + impl Aead for Eax<$type, Encrypt> { fn digest_size(&self) -> usize { <eax::Tag as GenericArrayExt<_, _>>::LEN } @@ -100,7 +121,7 @@ macro_rules! impl_aead { debug_assert_eq!(dst.len(), src.len() + self.digest_size()); let len = core::cmp::min(dst.len(), src.len()); dst[..len].copy_from_slice(&src[..len]); - EaxOnline::<$type, Encrypt>::encrypt(self, &mut dst[..len]); + Eax::<$type, Encrypt>::encrypt(self, &mut dst[..len]); let tag = self.tag_clone(); dst[src.len()..].copy_from_slice(&tag[..]); @@ -110,14 +131,10 @@ macro_rules! impl_aead { panic!("AEAD decryption called in the encryption context") } } - impl seal::Sealed for EaxOnline<$type, Encrypt> {} + impl seal::Sealed for Eax<$type, Encrypt> {} )* $( - impl Aead for EaxOnline<$type, Decrypt> { - fn update(&mut self, ad: &[u8]) -> Result<()> { - self.update_assoc(ad); - Ok(()) - } + impl Aead for Eax<$type, Decrypt> { fn digest_size(&self) -> usize { <eax::Tag as GenericArrayExt<_, _>>::LEN } @@ -138,7 +155,7 @@ macro_rules! impl_aead { Ok(()) } } - impl seal::Sealed for EaxOnline<$type, Decrypt> {} + impl seal::Sealed for Eax<$type, Decrypt> {} )* }; } |