From a7abcb232d5e12e41d818f9a789405f3b18e8eaa Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Thu, 16 Feb 2023 11:01:17 +0100
Subject: Draft: openpgp: Implement OCB mode using the Nettle backend.

  - We first need to merge and release the changes to nettle-sys and
    nettle-rs.
---
 Cargo.lock                                |  9 ++++-----
 openpgp/Cargo.toml                        |  2 +-
 openpgp/src/crypto/backend/nettle.rs      | 15 +++++++++++++-
 openpgp/src/crypto/backend/nettle/aead.rs | 33 ++++++++++++++++++++++++++++++-
 4 files changed, 51 insertions(+), 8 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 4537f8ab..98870326 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1629,21 +1629,20 @@ dependencies = [
 
 [[package]]
 name = "nettle"
-version = "7.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91ff5d538c014cb58ab701db16e28aa66fbbb8b472bf65821d0e84f72aae6d4f"
+version = "7.1.0"
+source = "git+https://gitlab.com/sequoia-pgp/nettle-rs?branch=justus/ocb#f2d6d7f088c97a84dcfbdc8a4d10aad1efb0bee3"
 dependencies = [
  "getrandom 0.2.6",
  "libc",
  "nettle-sys",
  "thiserror",
+ "typenum",
 ]
 
 [[package]]
 name = "nettle-sys"
 version = "2.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b13b685c7883e3a32196ccf3ce594947ec37ace43d74e157de7ca03d3fe62d17"
+source = "git+https://gitlab.com/sequoia-pgp/nettle-sys?branch=justus/ocb#61e99ad29d46fe40685d99bc7c86f45f958a92ec"
 dependencies = [
  "bindgen",
  "cc",
diff --git a/openpgp/Cargo.toml b/openpgp/Cargo.toml
index 39b56b3d..f967eaf1 100644
--- a/openpgp/Cargo.toml
+++ b/openpgp/Cargo.toml
@@ -38,7 +38,7 @@ lalrpop-util = ">=0.17"
 lazy_static = "1.4.0"
 libc = "0.2.66"
 memsec = { version = ">=0.5", default-features = false }
-nettle = { version = "7.2.2", optional = true }
+nettle = { git = "https://gitlab.com/sequoia-pgp/nettle-rs", branch = "justus/ocb", optional = true }
 once_cell = "1"
 regex = "1"
 regex-syntax = "0.6"
diff --git a/openpgp/src/crypto/backend/nettle.rs b/openpgp/src/crypto/backend/nettle.rs
index d2d8750a..b449f8a1 100644
--- a/openpgp/src/crypto/backend/nettle.rs
+++ b/openpgp/src/crypto/backend/nettle.rs
@@ -65,7 +65,9 @@ impl AEADAlgorithm {
         match &self {
             EAX
                 => true,
-            OCB | Private(_) | Unknown(_)
+            OCB
+                => nettle::aead::OCB_IS_SUPPORTED,
+            Private(_) | Unknown(_)
                 => false,
         }
     }
@@ -84,6 +86,17 @@ impl AEADAlgorithm {
                     SymmetricAlgorithm::Camellia256 => true,
                     _ => false,
                 },
+            AEADAlgorithm::OCB =>
+                match algo {
+                    SymmetricAlgorithm::AES128 |
+                    SymmetricAlgorithm::AES192 |
+                    SymmetricAlgorithm::AES256 |
+                    SymmetricAlgorithm::Twofish |
+                    SymmetricAlgorithm::Camellia128 |
+                    SymmetricAlgorithm::Camellia192 |
+                    SymmetricAlgorithm::Camellia256 => true,
+                    _ => false,
+                },
             _ => false
         }
     }
diff --git a/openpgp/src/crypto/backend/nettle/aead.rs b/openpgp/src/crypto/backend/nettle/aead.rs
index 486269b1..d2c492c3 100644
--- a/openpgp/src/crypto/backend/nettle/aead.rs
+++ b/openpgp/src/crypto/backend/nettle/aead.rs
@@ -1,7 +1,14 @@
 //! Implementation of AEAD using Nettle cryptographic library.
 use std::cmp::Ordering;
 
-use nettle::{aead::{self, Aead as _}, cipher};
+use nettle::{
+    aead::{
+        self,
+        Aead as _,
+        typenum::consts::U16,
+    },
+    cipher,
+};
 
 use crate::{Error, Result};
 
@@ -110,6 +117,30 @@ impl AEADAlgorithm {
                 },
                 _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
             },
+            AEADAlgorithm::OCB => match sym_algo {
+                SymmetricAlgorithm::AES128 => Ok(Box::new(
+                    aead::Ocb::<cipher::Aes128, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::AES192 => Ok(Box::new(
+                    aead::Ocb::<cipher::Aes192, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::AES256 => Ok(Box::new(
+                    aead::Ocb::<cipher::Aes256, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::Twofish => Ok(Box::new(
+                    aead::Ocb::<cipher::Twofish, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::Camellia128 => Ok(Box::new(
+                    aead::Ocb::<cipher::Camellia128, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::Camellia192 => Ok(Box::new(
+                    aead::Ocb::<cipher::Camellia192, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                SymmetricAlgorithm::Camellia256 => Ok(Box::new(
+                    aead::Ocb::<cipher::Camellia256, U16>::with_key_and_nonce(key, nonce)?,
+                )),
+                _ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
+            },
             _ => Err(Error::UnsupportedAEADAlgorithm(*self).into()),
         }
     }
-- 
cgit v1.2.3