1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
//! Implementation of AEAD using Nettle cryptographic library.
use std::cmp::Ordering;
use nettle::{aead, cipher};
use crate::{Error, Result};
use crate::crypto::aead::{Aead, CipherOp};
use crate::crypto::mem::secure_cmp;
use crate::seal;
use crate::types::{AEADAlgorithm, SymmetricAlgorithm};
/// Disables authentication checks.
///
/// This is DANGEROUS, and is only useful for debugging problems with
/// malformed AEAD-encrypted messages.
const DANGER_DISABLE_AUTHENTICATION: bool = false;
impl<T: nettle::aead::Aead> seal::Sealed for T {}
impl<T: nettle::aead::Aead> Aead for T {
fn update(&mut self, ad: &[u8]) -> Result<()> {
self.update(ad);
Ok(())
}
fn encrypt(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> {
self.encrypt(dst, src);
Ok(())
}
fn decrypt_verify(&mut self, dst: &mut [u8], src: &[u8], digest: &[u8]) -> Result<()> {
self.decrypt(dst, src);
let mut chunk_digest = vec![0u8; self.digest_size()];
self.digest(&mut chunk_digest);
if secure_cmp(&chunk_digest[..], digest)
!= Ordering::Equal && ! DANGER_DISABLE_AUTHENTICATION
{
return Err(Error::ManipulatedMessage.into());
}
Ok(())
}
fn digest(&mut self, digest: &mut [u8]) -> Result<()> {
self.digest(digest);
Ok(())
}
fn digest_size(&self) -> usize {
self.digest_size()
}
}
impl AEADAlgorithm {
pub(crate) fn context(
&self,
sym_algo: SymmetricAlgorithm,
key: &[u8],
nonce: &[u8],
_op: CipherOp,
) -> Result<Box<dyn Aead>> {
match self {
AEADAlgorithm::EAX => match sym_algo {
SymmetricAlgorithm::AES128 => Ok(Box::new(
aead::Eax::<cipher::Aes128>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::AES192 => Ok(Box::new(
aead::Eax::<cipher::Aes192>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::AES256 => Ok(Box::new(
aead::Eax::<cipher::Aes256>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::Twofish => Ok(Box::new(
aead::Eax::<cipher::Twofish>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::Camellia128 => Ok(Box::new(
aead::Eax::<cipher::Camellia128>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::Camellia192 => Ok(Box::new(
aead::Eax::<cipher::Camellia192>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::Camellia256 => Ok(Box::new(
aead::Eax::<cipher::Camellia256>::with_key_and_nonce(key, nonce)?,
)),
_ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
},
AEADAlgorithm::GCM => match sym_algo {
SymmetricAlgorithm::AES128 => Ok(Box::new(
aead::Gcm::<cipher::Aes128>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::AES192 => Ok(Box::new(
aead::Gcm::<cipher::Aes192>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::AES256 => Ok(Box::new(
aead::Gcm::<cipher::Aes256>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::Twofish => Ok(Box::new(
aead::Gcm::<cipher::Twofish>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::Camellia128 => Ok(Box::new(
aead::Gcm::<cipher::Camellia128>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::Camellia192 => Ok(Box::new(
aead::Gcm::<cipher::Camellia192>::with_key_and_nonce(key, nonce)?,
)),
SymmetricAlgorithm::Camellia256 => Ok(Box::new(
aead::Gcm::<cipher::Camellia256>::with_key_and_nonce(key, nonce)?,
)),
_ => Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
},
_ => Err(Error::UnsupportedAEADAlgorithm(*self).into()),
}
}
}
|