diff options
Diffstat (limited to 'openpgp/src/crypto')
-rw-r--r-- | openpgp/src/crypto/aead.rs | 2 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/botan.rs | 2 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/botan/aead.rs | 1 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/cng.rs | 7 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/cng/aead.rs | 109 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/nettle.rs | 13 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/nettle/aead.rs | 46 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/openssl.rs | 21 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/openssl/aead.rs | 34 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/rust.rs | 15 | ||||
-rw-r--r-- | openpgp/src/crypto/backend/rust/aead.rs | 98 |
11 files changed, 327 insertions, 21 deletions
diff --git a/openpgp/src/crypto/aead.rs b/openpgp/src/crypto/aead.rs index 686cd18d..b6fcc578 100644 --- a/openpgp/src/crypto/aead.rs +++ b/openpgp/src/crypto/aead.rs @@ -81,6 +81,7 @@ impl AEADAlgorithm { EAX => Ok(16), // According to RFC4880bis, Section 5.16.2. OCB => Ok(16), + GCM => Ok(16), _ => Err(Error::UnsupportedAEADAlgorithm(*self).into()), } } @@ -95,6 +96,7 @@ impl AEADAlgorithm { // least 15 octets long". GnuPG hardcodes 15 in // openpgp_aead_algo_info. OCB => Ok(15), + GCM => Ok(12), _ => Err(Error::UnsupportedAEADAlgorithm(*self).into()), } } diff --git a/openpgp/src/crypto/backend/botan.rs b/openpgp/src/crypto/backend/botan.rs index 02ec4268..975d6196 100644 --- a/openpgp/src/crypto/backend/botan.rs +++ b/openpgp/src/crypto/backend/botan.rs @@ -61,7 +61,7 @@ impl AEADAlgorithm { pub(crate) fn is_supported_by_backend(&self) -> bool { use self::AEADAlgorithm::*; match &self { - EAX | OCB + EAX | OCB | GCM => true, Private(_) | Unknown(_) => false, diff --git a/openpgp/src/crypto/backend/botan/aead.rs b/openpgp/src/crypto/backend/botan/aead.rs index c7f4bbf2..90db20d6 100644 --- a/openpgp/src/crypto/backend/botan/aead.rs +++ b/openpgp/src/crypto/backend/botan/aead.rs @@ -33,6 +33,7 @@ impl AEADAlgorithm { match self { AEADAlgorithm::EAX => Ok("EAX"), AEADAlgorithm::OCB => Ok("OCB"), + AEADAlgorithm::GCM => Ok("GCM"), _ => Err(Error::UnsupportedAEADAlgorithm(self).into()), } } diff --git a/openpgp/src/crypto/backend/cng.rs b/openpgp/src/crypto/backend/cng.rs index 607b0414..3ded3f5b 100644 --- a/openpgp/src/crypto/backend/cng.rs +++ b/openpgp/src/crypto/backend/cng.rs @@ -61,9 +61,10 @@ impl AEADAlgorithm { pub(crate) fn is_supported_by_backend(&self) -> bool { use self::AEADAlgorithm::*; match &self { - EAX - => true, - OCB | Private(_) | Unknown(_) + EAX => true, + OCB => false, + GCM => true, + Private(_) | Unknown(_) => false, } } diff --git a/openpgp/src/crypto/backend/cng/aead.rs b/openpgp/src/crypto/backend/cng/aead.rs index 9659812f..6ca59472 100644 --- a/openpgp/src/crypto/backend/cng/aead.rs +++ b/openpgp/src/crypto/backend/cng/aead.rs @@ -1,5 +1,5 @@ //! Implementation of AEAD using Windows CNG API. -use std::cmp::Ordering; +use std::cmp::{self, Ordering}; use crate::{Error, Result}; use crate::crypto::aead::{Aead, CipherOp}; @@ -8,8 +8,8 @@ use crate::seal; use crate::types::{AEADAlgorithm, SymmetricAlgorithm}; use cipher::generic_array::{GenericArray, ArrayLength}; -use cipher::generic_array::typenum::{U16, U128, U192, U256}; -use cipher::Unsigned; +use cipher::generic_array::typenum::{U12, U16, U128, U192, U256}; +use cipher::{BlockCipher, BlockEncrypt, BlockSizeUser, KeyInit, Unsigned}; use eax::online::{Eax, Encrypt, Decrypt}; use win_crypto_ng::symmetric::{BlockCipherKey, Aes}; @@ -106,19 +106,60 @@ impl AEADAlgorithm { }, _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), }, - _ => Err(Error::UnsupportedAEADAlgorithm(self.clone()).into()), + + AEADAlgorithm::OCB => + Err(Error::UnsupportedAEADAlgorithm(*self).into()), + + AEADAlgorithm::GCM => { + use aes_gcm::{AesGcm, Nonce}; + match sym_algo { + SymmetricAlgorithm::AES128 => { + let nonce = Nonce::try_from_slice(nonce)?; + let cipher = + AesGcm::<BlockCipherKey<Aes, U128>, U12>::new_from_slice(key)?; + Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() })) + }, + SymmetricAlgorithm::AES192 => { + let nonce = Nonce::try_from_slice(nonce)?; + let cipher = + AesGcm::<BlockCipherKey<Aes, U192>, U12>::new_from_slice(key)?; + Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() })) + }, + SymmetricAlgorithm::AES256 => { + let nonce = Nonce::try_from_slice(nonce)?; + let cipher = + AesGcm::<BlockCipherKey<Aes, U256>, U12>::new_from_slice(key)?; + Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() })) + }, + | SymmetricAlgorithm::IDEA + | SymmetricAlgorithm::TripleDES + | SymmetricAlgorithm::CAST5 + | SymmetricAlgorithm::Blowfish + | SymmetricAlgorithm::Twofish + | SymmetricAlgorithm::Camellia128 + | SymmetricAlgorithm::Camellia192 + | SymmetricAlgorithm::Camellia256 + | SymmetricAlgorithm::Private(_) + | SymmetricAlgorithm::Unknown(_) + | SymmetricAlgorithm::Unencrypted => + Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), + } + }, + + AEADAlgorithm::Private(_) | AEADAlgorithm::Unknown(_) => + Err(Error::UnsupportedAEADAlgorithm(*self).into()), } } } -type EaxTagLen = U16; +type TagLen = U16; macro_rules! impl_aead { ($($type: ty),*) => { $( - impl Aead for Eax<$type, Encrypt, EaxTagLen> { + impl Aead for Eax<$type, Encrypt, TagLen> { fn digest_size(&self) -> usize { - EaxTagLen::USIZE + TagLen::USIZE } fn encrypt_seal(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> { debug_assert_eq!(dst.len(), src.len() + self.digest_size()); @@ -139,7 +180,7 @@ macro_rules! impl_aead { $( impl Aead for Eax<$type, Decrypt> { fn digest_size(&self) -> usize { - EaxTagLen::USIZE + TagLen::USIZE } fn encrypt_seal(&mut self, _dst: &mut [u8], _src: &[u8]) -> Result<()> { panic!("AEAD encryption called in the decryption context") @@ -171,3 +212,55 @@ macro_rules! impl_aead { } impl_aead!(BlockCipherKey<Aes, U128>, BlockCipherKey<Aes, U192>, BlockCipherKey<Aes, U256>); + +struct Gcm<Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt> { + cipher: aes_gcm::AesGcm<Cipher, U12>, + nonce: GenericArray<u8, U12>, + aad: Vec<u8>, +} + +impl<Cipher> Aead for Gcm<Cipher> +where + Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt, +{ + fn digest_size(&self) -> usize { + TagLen::USIZE + } + + fn encrypt_seal(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> { + debug_assert_eq!(dst.len(), src.len() + self.digest_size()); + use aes_gcm::AeadInPlace; + + let len = cmp::min(dst.len(), src.len()); + dst[..len].copy_from_slice(&src[..len]); + let tag = + self.cipher.encrypt_in_place_detached(&self.nonce, &self.aad, + &mut dst[..len])?; + debug_assert_eq!(dst[len..].len(), tag.len()); + let tag_len = cmp::min(dst[len..].len(), tag.len()); + dst[len..len + tag_len].copy_from_slice(&tag[..tag_len]); + Ok(()) + } + + fn decrypt_verify(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> { + debug_assert_eq!(dst.len() + self.digest_size(), src.len()); + use aes_gcm::AeadInPlace; + + // Split src into ciphertext and digest. + let len = src.len().saturating_sub(self.digest_size()); + let digest = &src[len..]; + let src = &src[..len]; + + debug_assert_eq!(dst.len(), src.len()); + let len = core::cmp::min(dst.len(), src.len()); + dst[..len].copy_from_slice(&src[..len]); + self.cipher.decrypt_in_place_detached(&self.nonce, &self.aad, dst, + digest.try_into()?)?; + Ok(()) + } +} + +impl<'a, Cipher> seal::Sealed for Gcm<Cipher> +where + Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt, +{} diff --git a/openpgp/src/crypto/backend/nettle.rs b/openpgp/src/crypto/backend/nettle.rs index 62c62f4b..7109fa3a 100644 --- a/openpgp/src/crypto/backend/nettle.rs +++ b/openpgp/src/crypto/backend/nettle.rs @@ -68,6 +68,8 @@ impl AEADAlgorithm { => true, OCB => nettle::aead::OCB_IS_SUPPORTED, + GCM + => true, Private(_) | Unknown(_) => false, } @@ -98,6 +100,17 @@ impl AEADAlgorithm { SymmetricAlgorithm::Camellia256 => true, _ => false, }, + AEADAlgorithm::GCM => + match algo { + SymmetricAlgorithm::AES128 | + SymmetricAlgorithm::AES192 | + SymmetricAlgorithm::AES256 | + SymmetricAlgorithm::Twofish | + SymmetricAlgorithm::Camellia128 | + SymmetricAlgorithm::Camellia192 | + SymmetricAlgorithm::Camellia256 => true, + _ => false, + }, _ => false } } diff --git a/openpgp/src/crypto/backend/nettle/aead.rs b/openpgp/src/crypto/backend/nettle/aead.rs index 76303715..c44defb3 100644 --- a/openpgp/src/crypto/backend/nettle/aead.rs +++ b/openpgp/src/crypto/backend/nettle/aead.rs @@ -164,6 +164,52 @@ impl AEADAlgorithm { _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), }, + AEADAlgorithm::GCM => match sym_algo { + SymmetricAlgorithm::AES128 => { + let mut ctx = + aead::Gcm::<cipher::Aes128>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::AES192 => { + let mut ctx = + aead::Gcm::<cipher::Aes192>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::AES256 => { + let mut ctx = + aead::Gcm::<cipher::Aes256>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Twofish => { + let mut ctx = + aead::Gcm::<cipher::Twofish>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Camellia128 => { + let mut ctx = + aead::Gcm::<cipher::Camellia128>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Camellia192 => { + let mut ctx = + aead::Gcm::<cipher::Camellia192>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + SymmetricAlgorithm::Camellia256 => { + let mut ctx = + aead::Gcm::<cipher::Camellia256>::with_key_and_nonce(key, nonce)?; + ctx.update(aad); + Ok(Box::new(ctx)) + }, + _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), + }, + _ => Err(Error::UnsupportedAEADAlgorithm(*self).into()), } } diff --git a/openpgp/src/crypto/backend/openssl.rs b/openpgp/src/crypto/backend/openssl.rs index 4923fc79..1c077cf2 100644 --- a/openpgp/src/crypto/backend/openssl.rs +++ b/openpgp/src/crypto/backend/openssl.rs @@ -65,12 +65,19 @@ impl AEADAlgorithm { } pub(crate) fn is_supported_by_backend(&self) -> bool { - *self == AEADAlgorithm::OCB + match self { + AEADAlgorithm::EAX => false, + AEADAlgorithm::OCB => true, + AEADAlgorithm::GCM => true, + AEADAlgorithm::Private(_) | + AEADAlgorithm::Unknown(_) => false, + } } #[cfg(test)] pub(crate) fn supports_symmetric_algo(&self, algo: &SymmetricAlgorithm) -> bool { match &self { + AEADAlgorithm::EAX => false, AEADAlgorithm::OCB => match algo { // OpenSSL supports OCB only with AES @@ -80,7 +87,17 @@ impl AEADAlgorithm { SymmetricAlgorithm::AES256 => true, _ => false, }, - _ => false + AEADAlgorithm::GCM => + match algo { + // OpenSSL supports GCM only with AES + // see: https://wiki.openssl.org/index.php/GCM + SymmetricAlgorithm::AES128 | + SymmetricAlgorithm::AES192 | + SymmetricAlgorithm::AES256 => true, + _ => false, + }, + AEADAlgorithm::Private(_) | + AEADAlgorithm::Unknown(_) => false, } } } diff --git a/openpgp/src/crypto/backend/openssl/aead.rs b/openpgp/src/crypto/backend/openssl/aead.rs index cf68fa66..84ce3c7e 100644 --- a/openpgp/src/crypto/backend/openssl/aead.rs +++ b/openpgp/src/crypto/backend/openssl/aead.rs @@ -94,7 +94,39 @@ impl AEADAlgorithm { ctx, digest_size: self.digest_size()?, })) - } + }, + AEADAlgorithm::GCM => { + let cipher = match sym_algo { + SymmetricAlgorithm::AES128 => Cipher::aes_128_gcm(), + SymmetricAlgorithm::AES192 => Cipher::aes_192_gcm(), + SymmetricAlgorithm::AES256 => Cipher::aes_256_gcm(), + _ => return Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), + }; + let mut ctx = CipherCtx::new()?; + match op { + CipherOp::Encrypt => + ctx.encrypt_init(Some(cipher), Some(key), None)?, + + CipherOp::Decrypt => + ctx.decrypt_init(Some(cipher), Some(key), None)?, + } + // We have to set the IV length before supplying the + // IV. Otherwise, it will be silently truncated. + ctx.set_iv_length(self.nonce_size()?)?; + match op { + CipherOp::Encrypt => + ctx.encrypt_init(None, None, Some(nonce))?, + + CipherOp::Decrypt => + ctx.decrypt_init(None, None, Some(nonce))?, + } + ctx.set_padding(false); + ctx.cipher_update(aad, None)?; + Ok(Box::new(OpenSslContext { + ctx, + digest_size: self.digest_size()?, + })) + }, _ => Err(Error::UnsupportedAEADAlgorithm(*self).into()), } } diff --git a/openpgp/src/crypto/backend/rust.rs b/openpgp/src/crypto/backend/rust.rs index 0be0ea2e..8dd85559 100644 --- a/openpgp/src/crypto/backend/rust.rs +++ b/openpgp/src/crypto/backend/rust.rs @@ -102,9 +102,10 @@ impl AEADAlgorithm { pub(crate) fn is_supported_by_backend(&self) -> bool { use self::AEADAlgorithm::*; match &self { - EAX - => true, - OCB | Private(_) | Unknown(_) + EAX => true, + OCB => false, + GCM => true, + Private(_) | Unknown(_) => false, } } @@ -124,6 +125,14 @@ impl AEADAlgorithm { SymmetricAlgorithm::Camellia256 => true, _ => false, }, + + AEADAlgorithm::GCM => + match algo { + SymmetricAlgorithm::AES128 | + SymmetricAlgorithm::AES192 | + SymmetricAlgorithm::AES256 => true, + _ => false, + }, _ => false } } diff --git a/openpgp/src/crypto/backend/rust/aead.rs b/openpgp/src/crypto/backend/rust/aead.rs index e306c8a1..248b5cb7 100644 --- a/openpgp/src/crypto/backend/rust/aead.rs +++ b/openpgp/src/crypto/backend/rust/aead.rs @@ -3,8 +3,8 @@ use std::cmp; use std::cmp::Ordering; -use cipher::{BlockCipher, BlockEncrypt, KeyInit, Unsigned}; -use cipher::consts::U16; +use cipher::{BlockCipher, BlockEncrypt, BlockSizeUser, KeyInit, Unsigned}; +use cipher::consts::{U12, U16}; use eax::online::{Eax, Encrypt, Decrypt}; use generic_array::GenericArray; @@ -87,6 +87,58 @@ where Op: eax::online::CipherOp, {} +struct Gcm<Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt> { + cipher: aes_gcm::AesGcm<Cipher, U12>, + nonce: GenericArray<u8, U12>, + aad: Vec<u8>, +} + +impl<Cipher> Aead for Gcm<Cipher> +where + Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt, +{ + fn digest_size(&self) -> usize { + TagLen::USIZE + } + + fn encrypt_seal(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> { + debug_assert_eq!(dst.len(), src.len() + self.digest_size()); + use aes_gcm::AeadInPlace; + + let len = cmp::min(dst.len(), src.len()); + dst[..len].copy_from_slice(&src[..len]); + let tag = + self.cipher.encrypt_in_place_detached(&self.nonce, &self.aad, + &mut dst[..len])?; + debug_assert_eq!(dst[len..].len(), tag.len()); + let tag_len = cmp::min(dst[len..].len(), tag.len()); + dst[len..len + tag_len].copy_from_slice(&tag[..tag_len]); + Ok(()) + } + + fn decrypt_verify(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> { + debug_assert_eq!(dst.len() + self.digest_size(), src.len()); + use aes_gcm::AeadInPlace; + + // Split src into ciphertext and digest. + let len = src.len().saturating_sub(self.digest_size()); + let digest = &src[len..]; + let src = &src[..len]; + + debug_assert_eq!(dst.len(), src.len()); + let len = core::cmp::min(dst.len(), src.len()); + dst[..len].copy_from_slice(&src[..len]); + self.cipher.decrypt_in_place_detached(&self.nonce, &self.aad, dst, + digest.try_into()?)?; + Ok(()) + } +} + +impl<'a, Cipher> seal::Sealed for Gcm<Cipher> +where + Cipher: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt, +{} + impl AEADAlgorithm { pub(crate) fn context( &self, @@ -165,7 +217,47 @@ impl AEADAlgorithm { | SymmetricAlgorithm::Unencrypted => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), }, - AEADAlgorithm::OCB | AEADAlgorithm::Private(_) | AEADAlgorithm::Unknown(_) => + + AEADAlgorithm::OCB => + Err(Error::UnsupportedAEADAlgorithm(*self).into()), + + AEADAlgorithm::GCM => { + use aes_gcm::{AesGcm, Nonce}; + match sym_algo { + SymmetricAlgorithm::AES128 => { + let nonce = Nonce::try_from_slice(nonce)?; + let cipher = + AesGcm::<aes::Aes128, U12>::new_from_slice(key)?; + Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() })) + }, + SymmetricAlgorithm::AES192 => { + let nonce = Nonce::try_from_slice(nonce)?; + let cipher = + AesGcm::<aes::Aes192, U12>::new_from_slice(key)?; + Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() })) + }, + SymmetricAlgorithm::AES256 => { + let nonce = Nonce::try_from_slice(nonce)?; + let cipher = + AesGcm::<aes::Aes256, U12>::new_from_slice(key)?; + Ok(Box::new(Gcm { cipher, nonce: *nonce, aad: aad.to_vec() })) + }, + | SymmetricAlgorithm::IDEA + | SymmetricAlgorithm::TripleDES + | SymmetricAlgorithm::CAST5 + | SymmetricAlgorithm::Blowfish + | SymmetricAlgorithm::Twofish + | SymmetricAlgorithm::Camellia128 + | SymmetricAlgorithm::Camellia192 + | SymmetricAlgorithm::Camellia256 + | SymmetricAlgorithm::Private(_) + | SymmetricAlgorithm::Unknown(_) + | SymmetricAlgorithm::Unencrypted => + Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()), + } + }, + + AEADAlgorithm::Private(_) | AEADAlgorithm::Unknown(_) => Err(Error::UnsupportedAEADAlgorithm(*self).into()), } } |