feat: openssl aead implemenation

Author: Tobias Waurick

src/crypto/openssl/aead.rs

@@ -15,15 +15,29 @@ use crate::{
     error::SframeError,
 };
 
+const NONCE_LEN: usize = 12;
+
 pub struct Tag(Vec<u8>);
+
+impl Tag {
+    fn new(len: usize) -> Self {
+        Tag(vec![0; len])
+    }
+}
+
 impl AsRef<[u8]> for Tag {
     fn as_ref(&self) -> &[u8] {
-        self.0.as_ref()
+        &self.0
+    }
+}
+
+impl AsMut<[u8]> for Tag {
+    fn as_mut(&mut self) -> &mut [u8] {
+        &mut self.0
     }
 }
 
 impl AeadEncrypt for CipherSuite {
-    // TODO
     type AuthTag = Tag;
     fn encrypt<IoBuffer, Aad>(
         &self,
@@ -36,7 +50,29 @@ impl AeadEncrypt for CipherSuite {
         IoBuffer: AsMut<[u8]> + ?Sized,
         Aad: AsRef<[u8]> + ?Sized,
     {
-        todo!()
+        let io_buffer = io_buffer.as_mut();
+
+        let cipher = self.variant.into();
+        let nonce = secret.create_nonce::<NONCE_LEN>(&frame_count);
+        let mut tag = Tag::new(self.auth_tag_len);
+
+        let out = openssl::symm::encrypt_aead(
+            cipher,
+            &secret.key,
+            Some(&nonce),
+            aad_buffer.as_ref(),
+            io_buffer,
+            tag.as_mut(),
+        )
+        .map_err(|_| SframeError::EncryptionFailure)?;
+
+        debug_assert!(
+            out.len() == io_buffer.len(),
+            "For a symmetric encryption it is given that the output has the same length as the input"
+        );
+        io_buffer.copy_from_slice(&out[..io_buffer.len()]);
+
+        Ok(tag)
     }
 }
 
@@ -52,6 +88,43 @@ impl AeadDecrypt for CipherSuite {
         IoBuffer: AsMut<[u8]> + ?Sized,
         Aad: AsRef<[u8]> + ?Sized,
     {
-        todo!()
+        let io_buffer = io_buffer.as_mut();
+        if io_buffer.len() < self.auth_tag_len {
+            return Err(SframeError::DecryptionFailure);
+        }
+
+        let cipher = self.variant.into();
+        let nonce = secret.create_nonce::<NONCE_LEN>(&frame_count);
+
+        let encrypted_len = io_buffer.len() - self.auth_tag_len;
+        let encrypted_data = &io_buffer[..encrypted_len];
+        let tag = &io_buffer[encrypted_len..];
+
+        let out = openssl::symm::decrypt_aead(
+            cipher,
+            &secret.key,
+            Some(&nonce),
+            aad_buffer.as_ref(),
+            encrypted_data,
+            tag,
+        )
+        .map_err(|_| SframeError::EncryptionFailure)?;
+
+        debug_assert!(
+            out.len() == encrypted_len,
+            "For a symmetric encryption it is given that the output has the same length as the input"
+        );
+        io_buffer[..encrypted_len].copy_from_slice(&out);
+
+        Ok(&mut io_buffer[..encrypted_len])
+    }
+}
+
+impl From<CipherSuiteVariant> for openssl::symm::Cipher {
+    fn from(variant: CipherSuiteVariant) -> Self {
+        match variant {
+            CipherSuiteVariant::AesGcm128Sha256 => openssl::symm::Cipher::aes_128_gcm(),
+            CipherSuiteVariant::AesGcm256Sha512 => openssl::symm::Cipher::aes_256_gcm(),
+        }
     }
 }

src/crypto/openssl/key_expansion.rs

@@ -62,7 +62,7 @@ fn expand_key(
     let mut ctx = init_openssl_ctx(cipher_suite)?;
 
     ctx.set_hkdf_mode(openssl::pkey_ctx::HkdfMode::EXPAND_ONLY)?;
-    ctx.set_hkdf_key(&prk)?;
+    ctx.set_hkdf_key(prk)?;
     ctx.add_hkdf_info(info)?;
 
     let mut key = vec![0; key_len];
@@ -77,15 +77,15 @@ fn init_openssl_ctx(
     let mut ctx = openssl::pkey_ctx::PkeyCtx::new_id(openssl::pkey::Id::HKDF)?;
     ctx.derive_init()?;
 
-    let digest = cipher_suite.into();
+    let digest = cipher_suite.variant.into();
     ctx.set_hkdf_md(digest)?;
 
     Ok(ctx)
 }
 
-impl Into<&'static openssl::md::MdRef> for &CipherSuite {
-    fn into(self) -> &'static openssl::md::MdRef {
-        match self.variant {
+impl From<CipherSuiteVariant> for &'static openssl::md::MdRef {
+    fn from(variant: CipherSuiteVariant) -> Self {
+        match variant {
             CipherSuiteVariant::AesGcm128Sha256 => openssl::md::Md::sha256(),
             CipherSuiteVariant::AesGcm256Sha512 => openssl::md::Md::sha512(),
         }