@@ -15,15 +15,29 @@ use crate::{
15
15
error:: SframeError ,
16
16
} ;
17
17
18
+ const NONCE_LEN : usize = 12 ;
19
+
18
20
pub struct Tag ( Vec < u8 > ) ;
21
+
22
+ impl Tag {
23
+ fn new ( len : usize ) -> Self {
24
+ Tag ( vec ! [ 0 ; len] )
25
+ }
26
+ }
27
+
19
28
impl AsRef < [ u8 ] > for Tag {
20
29
fn as_ref ( & self ) -> & [ u8 ] {
21
- self . 0 . as_ref ( )
30
+ & self . 0
31
+ }
32
+ }
33
+
34
+ impl AsMut < [ u8 ] > for Tag {
35
+ fn as_mut ( & mut self ) -> & mut [ u8 ] {
36
+ & mut self . 0
22
37
}
23
38
}
24
39
25
40
impl AeadEncrypt for CipherSuite {
26
- // TODO
27
41
type AuthTag = Tag ;
28
42
fn encrypt < IoBuffer , Aad > (
29
43
& self ,
@@ -36,7 +50,29 @@ impl AeadEncrypt for CipherSuite {
36
50
IoBuffer : AsMut < [ u8 ] > + ?Sized ,
37
51
Aad : AsRef < [ u8 ] > + ?Sized ,
38
52
{
39
- todo ! ( )
53
+ let io_buffer = io_buffer. as_mut ( ) ;
54
+
55
+ let cipher = self . variant . into ( ) ;
56
+ let nonce = secret. create_nonce :: < NONCE_LEN > ( & frame_count) ;
57
+ let mut tag = Tag :: new ( self . auth_tag_len ) ;
58
+
59
+ let out = openssl:: symm:: encrypt_aead (
60
+ cipher,
61
+ & secret. key ,
62
+ Some ( & nonce) ,
63
+ aad_buffer. as_ref ( ) ,
64
+ io_buffer,
65
+ tag. as_mut ( ) ,
66
+ )
67
+ . map_err ( |_| SframeError :: EncryptionFailure ) ?;
68
+
69
+ debug_assert ! (
70
+ out. len( ) == io_buffer. len( ) ,
71
+ "For a symmetric encryption it is given that the output has the same length as the input"
72
+ ) ;
73
+ io_buffer. copy_from_slice ( & out[ ..io_buffer. len ( ) ] ) ;
74
+
75
+ Ok ( tag)
40
76
}
41
77
}
42
78
@@ -52,6 +88,43 @@ impl AeadDecrypt for CipherSuite {
52
88
IoBuffer : AsMut < [ u8 ] > + ?Sized ,
53
89
Aad : AsRef < [ u8 ] > + ?Sized ,
54
90
{
55
- todo ! ( )
91
+ let io_buffer = io_buffer. as_mut ( ) ;
92
+ if io_buffer. len ( ) < self . auth_tag_len {
93
+ return Err ( SframeError :: DecryptionFailure ) ;
94
+ }
95
+
96
+ let cipher = self . variant . into ( ) ;
97
+ let nonce = secret. create_nonce :: < NONCE_LEN > ( & frame_count) ;
98
+
99
+ let encrypted_len = io_buffer. len ( ) - self . auth_tag_len ;
100
+ let encrypted_data = & io_buffer[ ..encrypted_len] ;
101
+ let tag = & io_buffer[ encrypted_len..] ;
102
+
103
+ let out = openssl:: symm:: decrypt_aead (
104
+ cipher,
105
+ & secret. key ,
106
+ Some ( & nonce) ,
107
+ aad_buffer. as_ref ( ) ,
108
+ encrypted_data,
109
+ tag,
110
+ )
111
+ . map_err ( |_| SframeError :: EncryptionFailure ) ?;
112
+
113
+ debug_assert ! (
114
+ out. len( ) == encrypted_len,
115
+ "For a symmetric encryption it is given that the output has the same length as the input"
116
+ ) ;
117
+ io_buffer[ ..encrypted_len] . copy_from_slice ( & out) ;
118
+
119
+ Ok ( & mut io_buffer[ ..encrypted_len] )
120
+ }
121
+ }
122
+
123
+ impl From < CipherSuiteVariant > for openssl:: symm:: Cipher {
124
+ fn from ( variant : CipherSuiteVariant ) -> Self {
125
+ match variant {
126
+ CipherSuiteVariant :: AesGcm128Sha256 => openssl:: symm:: Cipher :: aes_128_gcm ( ) ,
127
+ CipherSuiteVariant :: AesGcm256Sha512 => openssl:: symm:: Cipher :: aes_256_gcm ( ) ,
128
+ }
56
129
}
57
130
}
0 commit comments