diff options
Diffstat (limited to 'openpgp/src/crypto/symmetric.rs')
-rw-r--r-- | openpgp/src/crypto/symmetric.rs | 143 |
1 files changed, 28 insertions, 115 deletions
diff --git a/openpgp/src/crypto/symmetric.rs b/openpgp/src/crypto/symmetric.rs index 771a9e41..27738993 100644 --- a/openpgp/src/crypto/symmetric.rs +++ b/openpgp/src/crypto/symmetric.rs @@ -5,126 +5,39 @@ use std::cmp; use std::fmt; use crate::Result; -use crate::Error; use crate::SymmetricAlgorithm; use crate::vec_truncate; use buffered_reader::BufferedReader; -use nettle::cipher::{self, Cipher}; -use nettle::mode::{self, Mode}; - -impl SymmetricAlgorithm { - /// Length of a key for this algorithm in bytes. Fails if Sequoia - /// does not support this algorithm. - pub fn key_size(self) -> Result<usize> { - match self { - SymmetricAlgorithm::TripleDES => Ok(cipher::Des3::KEY_SIZE), - SymmetricAlgorithm::CAST5 => Ok(cipher::Cast128::KEY_SIZE), - // RFC4880, Section 9.2: Blowfish (128 bit key, 16 rounds) - SymmetricAlgorithm::Blowfish => Ok(16), - SymmetricAlgorithm::AES128 => Ok(cipher::Aes128::KEY_SIZE), - SymmetricAlgorithm::AES192 => Ok(cipher::Aes192::KEY_SIZE), - SymmetricAlgorithm::AES256 => Ok(cipher::Aes256::KEY_SIZE), - SymmetricAlgorithm::Twofish => Ok(cipher::Twofish::KEY_SIZE), - SymmetricAlgorithm::Camellia128 => Ok(cipher::Camellia128::KEY_SIZE), - SymmetricAlgorithm::Camellia192 => Ok(cipher::Camellia192::KEY_SIZE), - SymmetricAlgorithm::Camellia256 => Ok(cipher::Camellia256::KEY_SIZE), - _ => Err(Error::UnsupportedSymmetricAlgorithm(self).into()), - } - } - - /// Length of a block for this algorithm in bytes. Fails if - /// Sequoia does not support this algorithm. - pub fn block_size(self) -> Result<usize> { - match self { - SymmetricAlgorithm::TripleDES => Ok(cipher::Des3::BLOCK_SIZE), - SymmetricAlgorithm::CAST5 => Ok(cipher::Cast128::BLOCK_SIZE), - SymmetricAlgorithm::Blowfish => Ok(cipher::Blowfish::BLOCK_SIZE), - SymmetricAlgorithm::AES128 => Ok(cipher::Aes128::BLOCK_SIZE), - SymmetricAlgorithm::AES192 => Ok(cipher::Aes192::BLOCK_SIZE), - SymmetricAlgorithm::AES256 => Ok(cipher::Aes256::BLOCK_SIZE), - SymmetricAlgorithm::Twofish => Ok(cipher::Twofish::BLOCK_SIZE), - SymmetricAlgorithm::Camellia128 => Ok(cipher::Camellia128::BLOCK_SIZE), - SymmetricAlgorithm::Camellia192 => Ok(cipher::Camellia192::BLOCK_SIZE), - SymmetricAlgorithm::Camellia256 => Ok(cipher::Camellia256::BLOCK_SIZE), - _ => Err(Error::UnsupportedSymmetricAlgorithm(self).into()), - } - } - - /// Creates a Nettle context for encrypting in CFB mode. - pub(crate) fn make_encrypt_cfb(self, key: &[u8]) -> Result<Box<dyn Mode>> { - match self { - SymmetricAlgorithm::TripleDES => - Ok(Box::new( - mode::Cfb::<cipher::Des3>::with_encrypt_key(&key[..])?)), - SymmetricAlgorithm::CAST5 => - Ok(Box::new( - mode::Cfb::<cipher::Cast128>::with_encrypt_key(&key[..])?)), - SymmetricAlgorithm::Blowfish => - Ok(Box::new( - mode::Cfb::<cipher::Blowfish>::with_encrypt_key(&key[..])?)), - SymmetricAlgorithm::AES128 => - Ok(Box::new( - mode::Cfb::<cipher::Aes128>::with_encrypt_key(&key[..])?)), - SymmetricAlgorithm::AES192 => - Ok(Box::new( - mode::Cfb::<cipher::Aes192>::with_encrypt_key(&key[..])?)), - SymmetricAlgorithm::AES256 => - Ok(Box::new( - mode::Cfb::<cipher::Aes256>::with_encrypt_key(&key[..])?)), - SymmetricAlgorithm::Twofish => - Ok(Box::new( - mode::Cfb::<cipher::Twofish>::with_encrypt_key(&key[..])?)), - SymmetricAlgorithm::Camellia128 => - Ok(Box::new( - mode::Cfb::<cipher::Camellia128>::with_encrypt_key(&key[..])?)), - SymmetricAlgorithm::Camellia192 => - Ok(Box::new( - mode::Cfb::<cipher::Camellia192>::with_encrypt_key(&key[..])?)), - SymmetricAlgorithm::Camellia256 => - Ok(Box::new( - mode::Cfb::<cipher::Camellia256>::with_encrypt_key(&key[..])?)), - _ => Err(Error::UnsupportedSymmetricAlgorithm(self).into()), - } - } - - /// Creates a Nettle context for decrypting in CFB mode. - pub(crate) fn make_decrypt_cfb(self, key: &[u8]) -> Result<Box<dyn Mode>> { - match self { - SymmetricAlgorithm::TripleDES => - Ok(Box::new( - mode::Cfb::<cipher::Des3>::with_decrypt_key(&key[..])?)), - SymmetricAlgorithm::CAST5 => - Ok(Box::new( - mode::Cfb::<cipher::Cast128>::with_decrypt_key(&key[..])?)), - SymmetricAlgorithm::Blowfish => - Ok(Box::new( - mode::Cfb::<cipher::Blowfish>::with_decrypt_key(&key[..])?)), - SymmetricAlgorithm::AES128 => - Ok(Box::new( - mode::Cfb::<cipher::Aes128>::with_decrypt_key(&key[..])?)), - SymmetricAlgorithm::AES192 => - Ok(Box::new( - mode::Cfb::<cipher::Aes192>::with_decrypt_key(&key[..])?)), - SymmetricAlgorithm::AES256 => - Ok(Box::new( - mode::Cfb::<cipher::Aes256>::with_decrypt_key(&key[..])?)), - SymmetricAlgorithm::Twofish => - Ok(Box::new( - mode::Cfb::<cipher::Twofish>::with_decrypt_key(&key[..])?)), - SymmetricAlgorithm::Camellia128 => - Ok(Box::new( - mode::Cfb::<cipher::Camellia128>::with_decrypt_key(&key[..])?)), - SymmetricAlgorithm::Camellia192 => - Ok(Box::new( - mode::Cfb::<cipher::Camellia192>::with_decrypt_key(&key[..])?)), - SymmetricAlgorithm::Camellia256 => - Ok(Box::new( - mode::Cfb::<cipher::Camellia256>::with_decrypt_key(&key[..])?)), - _ => Err(Error::UnsupportedSymmetricAlgorithm(self).into()) - } - } +/// Block cipher mode of operation. +/// +/// Block modes govern how a block cipher processes data spanning multiple blocks. +pub(crate) trait Mode { + /// Block size of the underlying cipher in bytes. + fn block_size(&self) -> usize; + + /// Encrypt a single block `src` using the initialization vector `iv` to + /// a ciphertext block `dst`. Both `iv` and dst` are updated. + /// The buffer `iv`, `dst` and `src` are expected to be at least as large as + /// the block size of the underlying cipher. + fn encrypt( + &mut self, + iv: &mut [u8], + dst: &mut [u8], + src: &[u8], + ) -> Result<()>; + + /// Decrypt a single ciphertext block `src` using the initialization vector + /// `iv` to a plaintext block `dst`. Both `iv` and dst` are updated. + /// The buffer `iv`, `dst` and `src` are expected to be at least as large as + /// the block size of the underlying cipher. + fn decrypt( + &mut self, + iv: &mut [u8], + dst: &mut [u8], + src: &[u8], + ) -> Result<()>; } /// A `Read`er for decrypting symmetrically encrypted data. |