use crate::{Error, Result};
use crate::crypto::aead::{Aead, CipherOp};
use crate::types::{AEADAlgorithm, SymmetricAlgorithm};
use openssl::cipher::Cipher;
use openssl::cipher_ctx::CipherCtx;
struct OpenSslContext {
ctx: CipherCtx,
finalized: bool,
}
impl Aead for OpenSslContext {
fn update(&mut self, ad: &[u8]) -> Result<()> {
self.ctx.cipher_update(ad, None)?;
Ok(())
}
fn encrypt(&mut self, dst: &mut [u8], src: &[u8]) -> Result<()> {
if dst.len() != src.len() {
return Err(
Error::InvalidArgument("src and dst need to be of the same length".into()).into(),
);
}
let size = unsafe { self.ctx.cipher_update_unchecked(src, Some(dst))? };
unsafe { self.ctx.cipher_final_unchecked(&mut dst[size..])? };
self.finalized = true;
Ok(())
}
fn decrypt_verify(&mut self, dst: &mut [u8], src: &[u8], digest: &[u8]) -> Result<()> {
if dst.len() != src.len() {
return Err(
Error::InvalidArgument("src and dst need to be of the same length".into()).into(),
);
}
let size = unsafe { self.ctx.cipher_update_unchecked(src, Some(dst))? };
self.ctx.set_tag(digest)?;
unsafe { self.ctx.cipher_final_unchecked(&mut dst[size..])? };
Ok(())
}
fn digest(&mut self, digest: &mut [u8]) -> Result<()> {
if !self.finalized {
unsafe { self.ctx.cipher_final_unchecked(&mut [])? };
}
self.ctx.tag(digest)?;
Ok(())
}
fn digest_size(&self) -> usize {
self.ctx.block_size()
}
}
impl crate::seal::Sealed for OpenSslContext {}
impl AEADAlgorithm {
pub(crate) fn context(
&self,
sym_algo: SymmetricAlgorithm,
key: &[u8],
nonce: &[u8],
op: CipherOp,
) -> Result<Box<dyn Aead>> {
match self {
AEADAlgorithm::OCB => {
let cipher = match sym_algo {
SymmetricAlgorithm::AES128 => Cipher::aes_128_ocb(),
SymmetricAlgorithm::AES192 => Cipher::aes_192_ocb(),
SymmetricAlgorithm::AES256 => Cipher::aes_256_ocb(),
_ => return Err(Error::UnsupportedSymmetricAlgorithm(sym_algo).into()),
};
let mut ctx = CipherCtx::new()?;
match op {
CipherOp::Encrypt => ctx.encrypt_init(Some(cipher), Some(key), Some(nonce))?,
CipherOp::Decrypt => ctx.decrypt_init(Some(cipher), Some(key), Some(nonce))?,
}
ctx.set_padding(false);
Ok(Box::new(OpenSslContext {
ctx,
finalized: false,
}))
}
_ => Err(Error::UnsupportedAEADAlgorithm(*self).into()),
}
}
}