wolfcrypt 0.2.0

RustCrypto trait implementations backed by wolfCrypt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

//! ChaCha20 stream cipher (wolfCrypt native API).

use super::*;
use crate::error::len_as_u32;

/// ChaCha20 stream cipher (256-bit key, 96-bit nonce), implementing
/// `StreamCipher` and `KeyIvInit`.
///
/// Uses wolfCrypt's native `wc_Chacha_Process`, which XORs the input with the
/// ChaCha20 keystream. Because XOR is self-inverse, the same operation handles
/// both encryption and decryption.
pub struct WolfChaCha20 {
    ctx: wolfcrypt_rs::ChaCha,
}

// SAFETY: ChaCha contains no thread-local state; it is safe to move to
// another thread.
unsafe impl Send for WolfChaCha20 {}

impl Drop for WolfChaCha20 {
    fn drop(&mut self) {
        // ChaCha is stack-allocated with no wc_Free equivalent, but we zero
        // the state for defence-in-depth.
        // SAFETY: We have exclusive access (&mut self). We zero the raw bytes
        // of the struct using write_bytes, which does not read the memory and
        // thus avoids UB from padding or uninitialized bytes.
        unsafe {
            core::ptr::write_bytes(
                &mut self.ctx as *mut wolfcrypt_rs::ChaCha as *mut u8,
                0,
                core::mem::size_of::<wolfcrypt_rs::ChaCha>(),
            );
        }
    }
}

impl KeySizeUser for WolfChaCha20 {
    type KeySize = typenum::U32; // 256-bit key
}

impl IvSizeUser for WolfChaCha20 {
    type IvSize = typenum::U12; // 96-bit nonce
}

impl KeyIvInit for WolfChaCha20 {
    fn new(key: &GenericArray<u8, typenum::U32>, nonce: &GenericArray<u8, typenum::U12>) -> Self {
        let mut ctx = wolfcrypt_rs::ChaCha::zeroed();

        // SAFETY: `ctx` is freshly zeroed; key is a valid 32-byte slice.
        let rc = unsafe {
            wolfcrypt_rs::wc_Chacha_SetKey(&mut ctx as *mut wolfcrypt_rs::ChaCha, key.as_ptr(), 32)
        };
        assert_eq!(rc, 0, "wc_Chacha_SetKey failed (invalid key length)");

        // SAFETY: `ctx` was keyed by wc_Chacha_SetKey; nonce is a valid 12-byte slice.
        let rc = unsafe {
            wolfcrypt_rs::wc_Chacha_SetIV(&mut ctx as *mut wolfcrypt_rs::ChaCha, nonce.as_ptr(), 0)
        };
        assert_eq!(rc, 0, "wc_Chacha_SetIV failed (invalid IV)");

        Self { ctx }
    }
}

impl StreamCipher for WolfChaCha20 {
    fn try_apply_keystream_inout(
        &mut self,
        buf: cipher_trait::inout::InOutBuf<'_, '_, u8>,
    ) -> Result<(), StreamCipherError> {
        let len = buf.len();
        let (in_ptr, out_ptr) = buf.into_raw();

        // SAFETY: `ctx` is keyed; in_ptr/out_ptr from InOutBuf are valid.
        let rc = unsafe {
            wolfcrypt_rs::wc_Chacha_Process(
                &mut self.ctx as *mut wolfcrypt_rs::ChaCha,
                out_ptr,
                in_ptr,
                len_as_u32(len),
            )
        };
        if rc == 0 {
            Ok(())
        } else {
            Err(StreamCipherError)
        }
    }
}