diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2022-01-25 13:58:30 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2022-02-14 17:14:03 +0100 |
| commit | f32f7d2fba9c70acb768b3c817545479ec2ae721 (patch) | |
| tree | 095774e2f19dccec751b0e22945f4ecbc229d7d5 /openpgp/src/serialize | |
| parent | 6873c811adaa2be86e2bab2b684a80b59fc04c5b (diff) | |
openpgp: Refactor AEAD encryption and decryption.
- Introduce a trait that schedules nonce and additional
authenticated data for each AEAD chunk.
- Factoring that out allows us to support different schemes, and
decouple memory encryption from the OpenPGP schedules.
Diffstat (limited to 'openpgp/src/serialize')
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 8 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream/writer/mod.rs | 18 |
2 files changed, 15 insertions, 11 deletions
diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index 1bd4f047..3de68e64 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -2940,14 +2940,18 @@ impl<'a> Encryptor<'a> { aead.chunk_size as u64, aead.nonce)?; aed.serialize_headers(&mut inner)?; + use crate::crypto::aead::AEDv1Schedule; + let schedule = AEDv1Schedule::new( + aed.symmetric_algo(), aed.aead(), aead.chunk_size, aed.iv())?; + writer::AEADEncryptor::new( inner, Cookie::new(level), aed.symmetric_algo(), aed.aead(), aead.chunk_size, - aed.iv(), - &sk, + schedule, + sk, ) } else { // Write the SEIP packet. diff --git a/openpgp/src/serialize/stream/writer/mod.rs b/openpgp/src/serialize/stream/writer/mod.rs index 6141cfa6..56f38b29 100644 --- a/openpgp/src/serialize/stream/writer/mod.rs +++ b/openpgp/src/serialize/stream/writer/mod.rs @@ -501,29 +501,29 @@ impl<'a, C: 'a> Stackable<'a, C> for Encryptor<'a, C> { /// AEAD encrypting writer. -pub struct AEADEncryptor<'a, C: 'a> { - inner: Generic<aead::Encryptor<BoxStack<'a, C>>, C>, +pub struct AEADEncryptor<'a, C: 'a, S: aead::Schedule> { + inner: Generic<aead::Encryptor<BoxStack<'a, C>, S>, C>, } -assert_send_and_sync!(AEADEncryptor<'_, C> where C); +assert_send_and_sync!(AEADEncryptor<'_, C, S> where C, S: aead::Schedule); #[allow(clippy::new_ret_no_self)] -impl<'a> AEADEncryptor<'a, Cookie> { +impl<'a, S: 'a + aead::Schedule> AEADEncryptor<'a, Cookie, S> { /// Makes an encrypting writer. pub fn new(inner: Message<'a>, cookie: Cookie, cipher: SymmetricAlgorithm, aead: AEADAlgorithm, - chunk_size: usize, iv: &[u8], key: &SessionKey) + chunk_size: usize, schedule: S, key: SessionKey) -> Result<Message<'a>> { Ok(Message::from(Box::new(AEADEncryptor { inner: Generic::new_unboxed( - aead::Encryptor::new(1, cipher, aead, chunk_size, iv, key, + aead::Encryptor::new(cipher, aead, chunk_size, schedule, key, inner.into())?, cookie), }))) } } -impl<'a, C: 'a> fmt::Debug for AEADEncryptor<'a, C> { +impl<'a, C: 'a, S: aead::Schedule> fmt::Debug for AEADEncryptor<'a, C, S> { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { f.debug_struct("writer::AEADEncryptor") .field("inner", &self.inner) @@ -531,7 +531,7 @@ impl<'a, C: 'a> fmt::Debug for AEADEncryptor<'a, C> { } } -impl<'a, C: 'a> io::Write for AEADEncryptor<'a, C> { +impl<'a, C: 'a, S: aead::Schedule> io::Write for AEADEncryptor<'a, C, S> { fn write(&mut self, bytes: &[u8]) -> io::Result<usize> { self.inner.write(bytes) } @@ -541,7 +541,7 @@ impl<'a, C: 'a> io::Write for AEADEncryptor<'a, C> { } } -impl<'a, C: 'a> Stackable<'a, C> for AEADEncryptor<'a, C> { +impl<'a, C: 'a, S: aead::Schedule> Stackable<'a, C> for AEADEncryptor<'a, C, S> { fn into_inner(mut self: Box<Self>) -> Result<Option<BoxStack<'a, C>>> { let inner = self.inner.inner.finish()?; Ok(Some(inner)) |