diff options
Diffstat (limited to 'openpgp/src/crypto/backend/rust/aead.rs')
| -rw-r--r-- | openpgp/src/crypto/backend/rust/aead.rs | 98 |
1 files changed, 95 insertions, 3 deletions
diff --git a/openpgp/src/crypto/backend/rust/aead.rs b/openpgp/src/crypto/backend/rust/aead.rs index e306c8a1..248b5cb7 100644 --- a/openpgp/src/crypto/backend/rust/aead.rs +++ b/openpgp/src/crypto/backend/rust/aead.rs @@ -3,8 +3,8 @@ use std::cmp; use std::cmp::Ordering; -use cipher::{BlockCipher, BlockEncrypt, KeyInit, Unsigned}; -use cipher::consts::U16; +use cipher::{BlockCipher, BlockEncrypt, BlockSizeUser, KeyInit, Unsigned}; +use cipher::consts::{U12, U16}; use eax::online::{Eax, Encrypt, Decrypt}; use generic_array::GenericArray; @@ -87,6 +87,58 @@ where Op: eax::online::CipherOp, {} +struct Gcm<Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt> { + cipher: aes_gcm::AesGcm<Cipher, U12>, + nonce: GenericArray<u8, U12>, + aad: Vec<u8>, +} + +impl<Cipher> Aead for Gcm<Cipher> +where + Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt, +{ + fn digest_size(&self) -> usize { + TagLen::USIZE + } + + fn encrypt_seal(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> { + debug_assert_eq!(dst.len(), src.len() + self.digest_size()); + use aes_gcm::AeadInPlace; + + let len = cmp::min(dst.len(), src.len()); + dst[..len].copy_from_slice(&src[..len]); + let tag = + self.cipher.encrypt_in_place_detached(&self.nonce, &self.aad, + &mut dst[..len])?; + debug_assert_eq!(dst[len..].len(), tag.len()); + let tag_len = cmp::min(dst[len..].len(), tag.len()); + dst[len..len + tag_len].copy_from_slice(&tag[..tag_len]); + Ok(()) + } + + fn decrypt_verify(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> { + debug_assert_eq!(dst.len() + self.digest_size(), src.len()); + use aes_gcm::AeadInPlace; + + // Split src into ciphertext and digest. + let len = src.len().saturating_sub(self.digest_size()); + let digest = &src[len..]; + let src = &src[..len]; + + debug_assert_eq!(dst.len(), src.len()); + let len = core::cmp::min(dst.len(), src.len()); + dst[..len].copy_from_slice(&src[..len]); + self.cipher.decrypt_in_place_detached(&self.nonce, &self.aad, dst, + digest.try_into()?)?; + Ok(()) + } +} + +impl<'a, Cipher> seal::Sealed for Gcm<Cipher> +where + Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt, +{} + impl AEADAlgorithm { pub(crate) fn context( &self, @@ -165,7 +217,47 @@ impl AEADAlgorithm { | SymmetricAlgorithm::Unencrypted => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), }, - AEADAlgorithm::OCB | AEADAlgorithm::Private(_) | AEADAlgorithm::Unknown(_) => + + AEADAlgorithm::OCB => + Err(Error::UnsupportedAEADAlgorithm(*self).into()), + + AEADAlgorithm::GCM => { + use aes_gcm::{AesGcm, Nonce}; + match sym_algo { + SymmetricAlgorithm::AES128 => { + let nonce = Nonce::try_from_slice(nonce)?; + let cipher = + AesGcm::<aes::Aes128, U12>::new_from_slice(key)?; + Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() })) + }, + SymmetricAlgorithm::AES192 => { + let nonce = Nonce::try_from_slice(nonce)?; + let cipher = + AesGcm::<aes::Aes192, U12>::new_from_slice(key)?; + Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() })) + }, + SymmetricAlgorithm::AES256 => { + let nonce = Nonce::try_from_slice(nonce)?; + let cipher = + AesGcm::<aes::Aes256, U12>::new_from_slice(key)?; + Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() })) + }, + | SymmetricAlgorithm::IDEA + | SymmetricAlgorithm::TripleDES + | SymmetricAlgorithm::CAST5 + | SymmetricAlgorithm::Blowfish + | SymmetricAlgorithm::Twofish + | SymmetricAlgorithm::Camellia128 + | SymmetricAlgorithm::Camellia192 + | SymmetricAlgorithm::Camellia256 + | SymmetricAlgorithm::Private(_) + | SymmetricAlgorithm::Unknown(_) + | SymmetricAlgorithm::Unencrypted => + Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), + } + }, + + AEADAlgorithm::Private(_) | AEADAlgorithm::Unknown(_) => Err(Error::UnsupportedAEADAlgorithm(*self).into()), } } |