diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2023-05-16 13:11:39 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2023-05-22 11:03:16 +0200 |
| commit | d088cdb56f525beb1306a8145362a13e11704bf6 (patch) | |
| tree | e373f819e861221474200c2b38f8a962ccb15108 /openpgp/src/crypto | |
| parent | 480ab2440afca45313425013c12e847adc31d871 (diff) | |
openpgp: Implement OCB mode using the Nettle backend.
- Nettle 3.9 and up support the authenticated encryption mode OCB.
Diffstat (limited to 'openpgp/src/crypto')
| -rw-r--r-- | openpgp/src/crypto/backend/nettle.rs | 18 | ||||
| -rw-r--r-- | openpgp/src/crypto/backend/nettle/aead.rs | 56 |
2 files changed, 71 insertions, 3 deletions
diff --git a/openpgp/src/crypto/backend/nettle.rs b/openpgp/src/crypto/backend/nettle.rs index d2d8750a..62c62f4b 100644 --- a/openpgp/src/crypto/backend/nettle.rs +++ b/openpgp/src/crypto/backend/nettle.rs @@ -14,9 +14,10 @@ pub mod symmetric; pub fn backend() -> String { let (major, minor) = nettle::version(); format!( - "Nettle {}.{} (Cv448: {:?})", + "Nettle {}.{} (Cv448: {:?}, OCB: {:?})", major, minor, nettle::curve448::IS_SUPPORTED, + nettle::aead::OCB_IS_SUPPORTED, ) } @@ -65,7 +66,9 @@ impl AEADAlgorithm { match &self { EAX => true, - OCB | Private(_) | Unknown(_) + OCB + => nettle::aead::OCB_IS_SUPPORTED, + Private(_) | Unknown(_) => false, } } @@ -84,6 +87,17 @@ impl AEADAlgorithm { SymmetricAlgorithm::Camellia256 => true, _ => false, }, + AEADAlgorithm::OCB => + match algo { + SymmetricAlgorithm::AES128 | + SymmetricAlgorithm::AES192 | + SymmetricAlgorithm::AES256 | + SymmetricAlgorithm::Twofish | + SymmetricAlgorithm::Camellia128 | + SymmetricAlgorithm::Camellia192 | + SymmetricAlgorithm::Camellia256 => true, + _ => false, + }, _ => false } } diff --git a/openpgp/src/crypto/backend/nettle/aead.rs b/openpgp/src/crypto/backend/nettle/aead.rs index 486269b1..76303715 100644 --- a/openpgp/src/crypto/backend/nettle/aead.rs +++ b/openpgp/src/crypto/backend/nettle/aead.rs @@ -1,7 +1,14 @@ //! Implementation of AEAD using Nettle cryptographic library. use std::cmp::Ordering; -use nettle::{aead::{self, Aead as _}, cipher}; +use nettle::{ + aead::{ + self, + Aead as _, + typenum::consts::U16, + }, + cipher, +}; use crate::{Error, Result}; @@ -110,6 +117,53 @@ impl AEADAlgorithm { }, _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), }, + + AEADAlgorithm::OCB => match sym_algo { + SymmetricAlgorithm::AES128 => { + let mut ctx = + aead::Ocb::<cipher::Aes128, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::AES192 => { + let mut ctx = + aead::Ocb::<cipher::Aes192, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::AES256 => { + let mut ctx = + aead::Ocb::<cipher::Aes256, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Twofish => { + let mut ctx = + aead::Ocb::<cipher::Twofish, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Camellia128 => { + let mut ctx = + aead::Ocb::<cipher::Camellia128, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Camellia192 => { + let mut ctx = + aead::Ocb::<cipher::Camellia192, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Camellia256 => { + let mut ctx = + aead::Ocb::<cipher::Camellia256, U16>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), + }, + _ => Err(Error::UnsupportedAEADAlgorithm(*self).into()), } } |