From 9516eb1ea2e6795a269114fd221171571da8185c Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Tue, 8 Feb 2022 15:55:10 +0100
Subject: WIP: openpgp: Implement OCB mode.

---
 Cargo.lock                                |  7 +++----
 openpgp/Cargo.toml                        |  2 +-
 openpgp/src/crypto/backend/nettle.rs      |  4 +++-
 openpgp/src/crypto/backend/nettle/aead.rs | 33 ++++++++++++++++++++++++++++++-
 openpgp/src/serialize/stream.rs           |  5 +++++
 5 files changed, 44 insertions(+), 7 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 02bc4181..2398ac2d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1794,20 +1794,19 @@ dependencies = [
 [[package]]
 name = "nettle"
 version = "7.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c511dff9452c522101505be4b5bbe07afd4f4565c65ca7d8118d4b804bd6a199"
+source = "git+https://gitlab.com/sequoia-pgp/nettle-rs?branch=justus/ocb#f2d6d7f088c97a84dcfbdc8a4d10aad1efb0bee3"
 dependencies = [
  "getrandom 0.2.6",
  "libc",
  "nettle-sys",
  "thiserror",
+ "typenum",
 ]
 
 [[package]]
 name = "nettle-sys"
 version = "2.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b13b685c7883e3a32196ccf3ce594947ec37ace43d74e157de7ca03d3fe62d17"
+source = "git+https://gitlab.com/sequoia-pgp/nettle-sys?branch=justus/ocb#61e99ad29d46fe40685d99bc7c86f45f958a92ec"
 dependencies = [
  "bindgen",
  "cc",
diff --git a/openpgp/Cargo.toml b/openpgp/Cargo.toml
index 0407d482..0a164285 100644
--- a/openpgp/Cargo.toml
+++ b/openpgp/Cargo.toml
@@ -38,7 +38,7 @@ lalrpop-util = ">=0.17"
 lazy_static = "1.4.0"
 libc = "0.2.66"
 memsec = { version = ">=0.5", default-features = false }
-nettle = { version = "7.0.2", optional = true }
+nettle = { git = "https://gitlab.com/sequoia-pgp/nettle-rs", branch = "justus/ocb", optional = true }
 regex = "1"
 regex-syntax = "0.6"
 sha1collisiondetection = { version = "0.2.3", default-features = false, features = ["std"] }
diff --git a/openpgp/src/crypto/backend/nettle.rs b/openpgp/src/crypto/backend/nettle.rs
index 1cd601c2..b07d8da7 100644
--- a/openpgp/src/crypto/backend/nettle.rs
+++ b/openpgp/src/crypto/backend/nettle.rs
@@ -62,9 +62,11 @@ impl AEADAlgorithm {
         match &self {
             EAX
                 => true,
+            OCB
+                => nettle::aead::OCB_IS_SUPPORTED,
             GCM
                 => true,
-            OCB | Private(_) | Unknown(_)
+            Private(_) | Unknown(_)
                 => false,
         }
     }
diff --git a/openpgp/src/crypto/backend/nettle/aead.rs b/openpgp/src/crypto/backend/nettle/aead.rs
index e7fff77e..860c6b60 100644
--- a/openpgp/src/crypto/backend/nettle/aead.rs
+++ b/openpgp/src/crypto/backend/nettle/aead.rs
@@ -1,7 +1,14 @@
 //! Implementation of AEAD using Nettle cryptographic library.
+
 use std::cmp::Ordering;
 
-use nettle::{aead, cipher};
+use nettle::{
+    aead::{
+        self,
+        typenum::consts::U16,
+    },
+    cipher,
+};
 
 use crate::{Error, Result};
 
@@ -80,6 +87,30 @@ impl AEADAlgorithm {
                 )),
                 _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
             },
+            AEADAlgorithm::OCB => match sym_algo {
+                SymmetricAlgorithm::AES128 => Ok(Box::new(
+                    aead::Ocb::<cipher::Aes128, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::AES192 => Ok(Box::new(
+                    aead::Ocb::<cipher::Aes192, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::AES256 => Ok(Box::new(
+                    aead::Ocb::<cipher::Aes256, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::Twofish => Ok(Box::new(
+                    aead::Ocb::<cipher::Twofish, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::Camellia128 => Ok(Box::new(
+                    aead::Ocb::<cipher::Camellia128, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::Camellia192 => Ok(Box::new(
+                    aead::Ocb::<cipher::Camellia192, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::Camellia256 => Ok(Box::new(
+                    aead::Ocb::<cipher::Camellia256, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
+            },
             AEADAlgorithm::GCM => match sym_algo {
                 SymmetricAlgorithm::AES128 => Ok(Box::new(
                     aead::Gcm::<cipher::Aes128>::with_key_and_nonce(key, nonce)?,
diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs
index 51130af8..42b46d88 100644
--- a/openpgp/src/serialize/stream.rs
+++ b/openpgp/src/serialize/stream.rs
@@ -3407,6 +3407,11 @@ mod test {
         test_aead_messages(AEADAlgorithm::EAX)
     }
 
+    #[test]
+    fn aead_ocb() -> Result<()> {
+        test_aead_messages(AEADAlgorithm::OCB)
+    }
+
     #[test]
     fn aead_gcm() -> Result<()> {
         test_aead_messages(AEADAlgorithm::GCM)
-- 
cgit v1.2.3