diff options
author | Nikhil Benesch <nikhil.benesch@gmail.com> | 2020-12-13 20:06:16 -0500 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2021-01-05 15:05:27 +0100 |
commit | 54b76abe3d42a0037d12609a4448a81ed547f06d (patch) | |
tree | 357be1add88308a2bca7bf7b6d36ccc4392b8bf7 /openpgp/src/packet/skesk.rs | |
parent | 2786957fd6c03ec18d2bd5765c46b6aceb549e1a (diff) |
openpgp: Make crypto backends responsible for IV.
- Adjust the interface of crypto::symmetric::Mode so that the crypto
backend is responsible for managing the IV rather than the caller.
- The new API is one step towards facilitating a RustCrypto backend
for Sequoia (see #333), as RustCrypto does not expose the IV
modifications to the caller.
- As a bonus, this commit introduces proper support for ECB mode.
Previously callers that wanted ECB mode would request CBC mode, then
hackily zero out the IV on each call. Nettle actually has proper
support for ECB mode, just via a slightly different API.
Diffstat (limited to 'openpgp/src/packet/skesk.rs')
-rw-r--r-- | openpgp/src/packet/skesk.rs | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/openpgp/src/packet/skesk.rs b/openpgp/src/packet/skesk.rs index 36b98323..44cbdee1 100644 --- a/openpgp/src/packet/skesk.rs +++ b/openpgp/src/packet/skesk.rs @@ -170,9 +170,9 @@ impl SKESK4 { // Derive key and make a cipher. let key = s2k.derive_key(password, esk_algo.key_size()?)?; - let mut cipher = esk_algo.make_encrypt_cfb(&key[..])?; let block_size = esk_algo.block_size()?; - let mut iv = vec![0u8; block_size]; + let iv = vec![0u8; block_size]; + let mut cipher = esk_algo.make_encrypt_cfb(&key[..], iv)?; // We need to prefix the cipher specifier to the session key. let mut psk: SessionKey = vec![0; 1 + session_key.len()].into(); @@ -182,7 +182,7 @@ impl SKESK4 { for (pt, ct) in psk[..].chunks(block_size) .zip(esk.chunks_mut(block_size)) { - cipher.encrypt(&mut iv[..], ct, pt)?; + cipher.encrypt(ct, pt)?; } SKESK4::new(esk_algo, s2k, Some(esk.into())) @@ -256,15 +256,15 @@ impl SKESK4 { // Use the derived key to decrypt the ESK. Unlike SEP & // SEIP we have to use plain CFB here. let blk_sz = self.sym_algo.block_size()?; - let mut iv = vec![0u8; blk_sz]; - let mut dec = self.sym_algo.make_decrypt_cfb(&key[..])?; + let iv = vec![0u8; blk_sz]; + let mut dec = self.sym_algo.make_decrypt_cfb(&key[..], iv)?; let mut plain: SessionKey = vec![0u8; esk.len()].into(); let cipher = &esk[..]; for (pl, ct) in plain[..].chunks_mut(blk_sz).zip(cipher.chunks(blk_sz)) { - dec.decrypt(&mut iv[..], pl, ct)?; + dec.decrypt(pl, ct)?; } // Get the algorithm from the front. |