aesp 0.1.2

Library and optional CLI for AES in parallel. Personal project -- use at your own risk.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

mod args;

use args::{Cli, Commands};
use clap::Parser;

use std::fs;
use std::time::Instant;

use thiserror::Error;

#[derive(Debug, Error)]
pub enum CliError {
    #[error("--aad is only valid with --mode gcm")]
    AadInvalidMode,

    #[error("invalid --aad hex: {0}")]
    AadInvalidHex(#[from] std::num::ParseIntError),

    #[error(transparent)]
    Io(#[from] std::io::Error),

    #[error(transparent)]
    Aes(#[from] aesp::Error),
}

fn main() {
    if let Err(e) = aes_cli() {
        eprintln!("error: {e}");
    }
}

fn aes_cli() -> Result<(), CliError> {
    let args = Cli::parse();

    match args.command {
        Commands::Encrypt(enc) => {
            // common args:
            let input_path = enc.common.input; // move ownership
            let output_path = enc.common.output;
            let key_path = enc.common.key;
            let mode = enc.common.mode;

            // read plaintext from input_path
            let plaintext = fs::read(input_path)?;

            // read or generate key
            let key = if enc.gen_key {
                let rand_key = match enc.key_size {
                    args::KeySize::Bits128 => aesp::Key::rand_key_128()?,
                    args::KeySize::Bits192 => aesp::Key::rand_key_192()?,
                    args::KeySize::Bits256 => aesp::Key::rand_key_256()?,
                };
                fs::write(key_path, &rand_key.as_bytes())?;
                rand_key
            } else {
                // read key from key_path
                let key_bytes = fs::read(key_path)?;
                aesp::Key::try_from_slice(&key_bytes)?
            };

            let cipher = aesp::Cipher::new(&key);

            // parse AAD
            let aad: Option<Vec<u8>> = match enc.aad {
                Some(aad_str) => {
                    if mode != args::Mode::ModeGCM {
                        return Err(CliError::AadInvalidMode);
                    }
                    Some(parse_aad(&aad_str)?)
                }
                None => None,
            };

            let start = Instant::now();

            // encrypt plaintext and write output
            let ciphertext = match mode {
                args::Mode::ModeECB => cipher.encrypt_ecb(&plaintext),
                args::Mode::ModeCTR => cipher.encrypt_ctr(&plaintext)?,
                args::Mode::ModeGCM => cipher.encrypt_gcm(&plaintext, aad.as_deref())?,
            };

            let duration = start.elapsed();

            fs::write(output_path, &ciphertext)?;
            println!(
                "Encrypted {} bytes in {} ms",
                plaintext.len(),
                duration.as_millis()
            );
            Ok(())
        }
        Commands::Decrypt(common) => {
            let input_path = common.input; // move ownership
            let output_path = common.output;
            let key_path = common.key;
            let mode = common.mode;

            // read inputs
            let ciphertext = fs::read(input_path)?;
            let key_bytes = fs::read(key_path)?;
            let key = aesp::Key::try_from_slice(&key_bytes)?;

            let cipher = aesp::Cipher::new(&key);

            let start = Instant::now();

            // decrypt ciphertext and write output
            let (plaintext, aad) = match mode {
                args::Mode::ModeECB => (cipher.decrypt_ecb(&ciphertext)?, None),
                args::Mode::ModeCTR => (cipher.decrypt_ctr(&ciphertext)?, None),
                args::Mode::ModeGCM => cipher.decrypt_gcm(&ciphertext)?,
            };

            let duration = start.elapsed();

            fs::write(output_path, &plaintext)?;

            match aad {
                Some(aad) => {
                    print!("AAD = ");
                    for b in &aad {
                        print!("{:02x}", b);
                    }
                    println!();
                }
                None => {}
            }

            println!(
                "Decrypted {} bytes in {} ms",
                plaintext.len(),
                duration.as_millis()
            );

            Ok(())
        }
    }
}

// parse_aad written with LLM assistance:
fn parse_aad(s: &str) -> Result<Vec<u8>, std::num::ParseIntError> {
    let mut hex: String = s.chars().filter(|c| !c.is_whitespace()).collect();

    if hex.len() % 2 == 1 {
        hex.insert(0, '0');
    }

    (0..hex.len())
        .step_by(2)
        .map(|i| u8::from_str_radix(&hex[i..i + 2], 16))
        .collect::<Result<Vec<u8>, _>>()
}