Skip to content

Commit

Permalink
Merge #177
Browse files Browse the repository at this point in the history 
177: Create in-place variants for encrypt_auth/decrypt_auth r=jethrogb a=kedars

This is invaluable for embedded systems

Co-authored-by: Kedar Sovani <[email protected]>
  • Loading branch information
@bors @kedars
bors[bot] and kedars authored Feb 7, 2022
2 parents 4fb6294 + 98e59cf commit c5b103f
Show file tree
Hide file tree
Showing 2 changed files with 124 additions and 0 deletions.
64 changes: 64 additions & 0 deletions mbedtls/src/cipher/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,6 +286,19 @@ impl Cipher<Encryption, Authenticated, AdditionalData> {
self.change_state(),
))
}

pub fn encrypt_auth_inplace(
mut self,
ad: &[u8],
data: &mut [u8],
tag: &mut [u8],
) -> Result<(usize, Cipher<Encryption, Authenticated, Finished>)> {
Ok((
self.raw_cipher
.encrypt_auth_inplace(ad, data, tag)?,
self.change_state(),
))
}
}

impl Cipher<Decryption, Authenticated, AdditionalData> {
Expand All @@ -302,6 +315,19 @@ impl Cipher<Decryption, Authenticated, AdditionalData> {
self.change_state(),
))
}

pub fn decrypt_auth_inplace(
mut self,
ad: &[u8],
data: &mut [u8],
tag: &[u8],
) -> Result<(usize, Cipher<Decryption, Authenticated, Finished>)> {
Ok((
self.raw_cipher
.decrypt_auth_inplace(ad, data, tag)?,
self.change_state(),
))
}
}

impl<O: Operation, T: Type> Cipher<O, T, CipherData> {
Expand Down Expand Up @@ -401,6 +427,44 @@ fn ccm() {
assert_eq!(p, p_out);
}

#[test]
fn ccm_inplace() {
// Example vector C.1
let k = [
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e,
0x4f,
];
let iv = [0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16];
let ad = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07];
let mut c = [0x20, 0x21, 0x22, 0x23, 0x0, 0x0, 0x0, 0x0];
let validate_cipher = [0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d];
let validate_plain = [0x20, 0x21, 0x22, 0x23];

let cipher = Cipher::<_, Authenticated, _>::new(
raw::CipherId::Aes,
raw::CipherMode::CCM,
(k.len() * 8) as _,
)
.unwrap();
let cipher = cipher.set_key_iv(&k, &iv).unwrap();
let (data, tag) = c.split_at_mut(4);
cipher
.encrypt_auth_inplace(&ad, data, tag)
.unwrap();
assert_eq!(c, validate_cipher);

let cipher = Cipher::<_, Authenticated, _>::new(
raw::CipherId::Aes,
raw::CipherMode::CCM,
(k.len() * 8) as _,
)
.unwrap();
let cipher = cipher.set_key_iv(&k, &iv).unwrap();
let (data, tag) = c.split_at_mut(4);
cipher.decrypt_auth_inplace(&ad, data, tag).unwrap();
assert_eq!(validate_plain, data);
}

#[test]
fn aes_kw() {
let k = [0x75, 0x75, 0xda, 0x3a, 0x93, 0x60, 0x7c, 0xc2, 0xbf, 0xd8, 0xce, 0xc7, 0xaa, 0xdf, 0xd9, 0xa6];
Expand Down
60 changes: 60 additions & 0 deletions mbedtls/src/cipher/raw/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -387,6 +387,66 @@ impl Cipher {
Ok(plain_len)
}

pub fn encrypt_auth_inplace(
&mut self,
ad: &[u8],
data: &mut [u8],
tag: &mut [u8],
) -> Result<usize> {

let iv = self.inner.iv;
let iv_len = self.inner.iv_size;
let mut olen = data.len();
unsafe {
cipher_auth_encrypt(
&mut self.inner,
iv.as_ptr(),
iv_len,
ad.as_ptr(),
ad.len(),
data.as_ptr(),
data.len(),
data.as_mut_ptr(),
&mut olen,
tag.as_mut_ptr(),
tag.len(),
)
.into_result()?
};

Ok(olen)
}

pub fn decrypt_auth_inplace(
&mut self,
ad: &[u8],
data: &mut [u8],
tag: &[u8],
) -> Result<usize> {

let iv = self.inner.iv;
let iv_len = self.inner.iv_size;
let mut plain_len = data.len();
unsafe {
cipher_auth_decrypt(
&mut self.inner,
iv.as_ptr(),
iv_len,
ad.as_ptr(),
ad.len(),
data.as_ptr(),
data.len(),
data.as_mut_ptr(),
&mut plain_len,
tag.as_ptr(),
tag.len(),
)
.into_result()?
};

Ok(plain_len)
}

fn do_crypto(&mut self, indata: &[u8], outdata: &mut [u8]) -> Result<usize> {
self.reset()?;

Expand Down

0 comments on commit c5b103f

Please sign in to comment.