Merge pull request #32 from goto-opensource/feature/aes-ctr-ciphers

aes ctr ciphers

Author: TobTheRock

README.md

@@ -13,23 +13,24 @@ It is in it's current form a subset of the specification.
 There is an alternative implementation under [goto-opensource/secure-frame-ts](https://github.com/goto-opensource/secure-frame-ts)
 
 ## Differences from the sframe draft
-* Aes-CTR is not implemented
 * ratcheting is not implemented
 * keyIds are used as senderIds
+* no metadata authentication 
 
 ## Supported crypto libraries
 Currently two crypto libraries are supported:
 - [ring](https://crates.io/crates/ring) 
     - is enabled per default with the feature `ring`
     - supports compilation to Wasm32
+    - Aes-CTR mode ciphers are not supported
 - [openssl](https://crates.io/crates/openssl)
     - is enabled with the feature `openssl`
         - To build e.g. use `cargo build --features openssl --no-default-features`
     - uses rust bindings to OpenSSL.
     - Per default the OpenSSL library is locally compiled and then statically linked. The build process requires a C compiler, `perl` (and `perl-core`), and `make`. For further options see the [openssl crate documentation](https://docs.rs/openssl/0.10.55/openssl/). 
     - Compilation to Wasm32 is [not yet supported](https://github.com/sfackler/rust-openssl/issues/1016)
 
-Both cannot be enabled at the same time, thus on conflict `sframe` fallsback to using `ring`. 
+Both cannot be enabled at the same time, thus on conflict `sframe` issues a compiler error. 
 ## License
 Licensed under either of Apache License, Version 2.0 or MIT license at your option.
 

src/crypto/aead.rs

@@ -39,7 +39,8 @@ mod test {
             crypto::{
                 aead::AeadEncrypt,
                 cipher_suite::{CipherSuite, CipherSuiteVariant},
-                key_expansion::{ExpandAsSecret, KeyMaterial},
+                key_expansion::KeyExpansion,
+                secret::Secret,
             },
             header::{Header, HeaderFields},
         };
@@ -52,9 +53,7 @@ mod test {
             thread_rng().fill(data.as_mut_slice());
             let header = Header::default();
             let cipher_suite = CipherSuite::from(CipherSuiteVariant::AesGcm256Sha512);
-            let secret = KeyMaterial(KEY_MATERIAL.as_bytes())
-                .expand_as_secret(&cipher_suite)
-                .unwrap();
+            let secret = Secret::expand_from(&cipher_suite, KEY_MATERIAL.as_bytes()).unwrap();
 
             let _tag = cipher_suite
                 .encrypt(
@@ -67,7 +66,9 @@ mod test {
         }
 
         mod test_vectors {
-            use crate::test_vectors::get_test_vector;
+
+            use crate::crypto::key_expansion::KeyExpansion;
+            use crate::test_vectors::{get_test_vector, TestVector};
 
             use crate::{
                 crypto::{
@@ -83,10 +84,7 @@ mod test {
                 let test_vector = get_test_vector(&variant.to_string());
                 let cipher_suite = CipherSuite::from(variant);
 
-                let secret = Secret {
-                    key: test_vector.key.clone(),
-                    salt: test_vector.salt.clone(),
-                };
+                let secret = prepare_secret(&cipher_suite, test_vector);
 
                 for enc in &test_vector.encryptions {
                     let mut data = test_vector.plain_text.clone();
@@ -112,10 +110,7 @@ mod test {
                 let test_vector = get_test_vector(&variant.to_string());
                 let cipher_suite = CipherSuite::from(variant);
 
-                let secret = Secret {
-                    key: test_vector.key.clone(),
-                    salt: test_vector.salt.clone(),
-                };
+                let secret = prepare_secret(&cipher_suite, test_vector);
 
                 for enc in &test_vector.encryptions {
                     let header = Header::with_frame_count(
@@ -133,6 +128,14 @@ mod test {
                 }
             }
 
+            fn prepare_secret(cipher_suite: &CipherSuite, test_vector: &TestVector) -> Secret {
+                if cipher_suite.is_ctr_mode() {
+                    Secret::expand_from(cipher_suite, &test_vector.key_material).unwrap()
+                } else {
+                    Secret::from_test_vector(test_vector)
+                }
+            }
+
             #[test]
             fn encrypt_test_vector_aes_gcm_128_sha256() {
                 encrypt_test_vector(CipherSuiteVariant::AesGcm128Sha256);
@@ -152,6 +155,47 @@ mod test {
             fn should_decrypt_test_vectors_aes_gcm_256_sha512() {
                 decrypt_test_vector(CipherSuiteVariant::AesGcm256Sha512);
             }
+
+            #[cfg(feature = "openssl")]
+            mod aes_ctr {
+                use crate::CipherSuiteVariant;
+
+                use super::{decrypt_test_vector, encrypt_test_vector};
+
+                #[test]
+                fn should_encrypt_test_vectors_aes_ctr_64_hmac_sha256_64() {
+                    encrypt_test_vector(CipherSuiteVariant::AesCtr128HmacSha256_64);
+                }
+
+                #[test]
+                fn should_decrypt_test_vectors_aes_ctr_64_hmac_sha256_64() {
+                    decrypt_test_vector(CipherSuiteVariant::AesCtr128HmacSha256_64);
+                }
+
+                #[test]
+                fn should_encrypt_test_vectors_aes_ctr_64_hmac_sha256_32() {
+                    encrypt_test_vector(CipherSuiteVariant::AesCtr128HmacSha256_32);
+                }
+
+                #[test]
+                fn should_decrypt_test_vectors_aes_ctr_64_hmac_sha256_32() {
+                    decrypt_test_vector(CipherSuiteVariant::AesCtr128HmacSha256_32);
+                }
+
+                #[test]
+                // AesCtr128HmacSha256_80 is not available in the test vectors
+                #[ignore]
+                fn should_encrypt_test_vectors_aes_ctr_64_hmac_sha256_80() {
+                    encrypt_test_vector(CipherSuiteVariant::AesCtr128HmacSha256_32);
+                }
+
+                #[test]
+                // AesCtr128HmacSha256_80 is not available in the test vectors
+                #[ignore]
+                fn should_decrypt_test_vectors_aes_ctr_64_hmac_sha256_80() {
+                    decrypt_test_vector(CipherSuiteVariant::AesCtr128HmacSha256_32);
+                }
+            }
         }
     }
 }

src/crypto/cipher_suite.rs

@@ -8,9 +8,12 @@
 #[cfg_attr(test, derive(strum_macros::Display))]
 pub enum CipherSuiteVariant {
     // /// counter mode is [not implemented in ring](https://github.com/briansmith/ring/issues/656)
-    // AesCtr128HmacSha256_80,
-    // AesCtr128HmacSha256_64,
-    // AesCtr128HmacSha256_32,
+    #[cfg(feature = "openssl")]
+    AesCtr128HmacSha256_80,
+    #[cfg(feature = "openssl")]
+    AesCtr128HmacSha256_64,
+    #[cfg(feature = "openssl")]
+    AesCtr128HmacSha256_32,
     /// encryption: AES GCM 128, key expansion: HKDF with SHA256
     AesGcm128Sha256,
     /// encryption: AES GCM 256, key expansion: HKDF with SHA512
@@ -29,9 +32,31 @@ pub struct CipherSuite {
 impl From<CipherSuiteVariant> for CipherSuite {
     fn from(variant: CipherSuiteVariant) -> Self {
         match variant {
-            // CipherSuiteVariant::AesCtr128HmacSha256_80 => unimplemented!(),
-            // CipherSuiteVariant::AesCtr128HmacSha256_64 => unimplemented!(),
-            // CipherSuiteVariant::AesCtr128HmacSha256_32 => unimplemented!(),
+            #[cfg(feature = "openssl")]
+            CipherSuiteVariant::AesCtr128HmacSha256_80 => CipherSuite {
+                variant,
+                hash_len: 32,
+                key_len: 16,
+                nonce_len: 12,
+                auth_tag_len: 10,
+            },
+
+            #[cfg(feature = "openssl")]
+            CipherSuiteVariant::AesCtr128HmacSha256_64 => CipherSuite {
+                variant,
+                hash_len: 32,
+                key_len: 16,
+                nonce_len: 12,
+                auth_tag_len: 8,
+            },
+            #[cfg(feature = "openssl")]
+            CipherSuiteVariant::AesCtr128HmacSha256_32 => CipherSuite {
+                variant,
+                hash_len: 32,
+                key_len: 16,
+                nonce_len: 12,
+                auth_tag_len: 4,
+            },
             CipherSuiteVariant::AesGcm128Sha256 => CipherSuite {
                 variant,
                 hash_len: 32,
@@ -49,3 +74,16 @@ impl From<CipherSuiteVariant> for CipherSuite {
         }
     }
 }
+
+impl CipherSuite {
+    #[cfg(any(feature = "openssl", test))]
+    pub(crate) fn is_ctr_mode(&self) -> bool {
+        match self.variant {
+            #[cfg(feature = "openssl")]
+            CipherSuiteVariant::AesCtr128HmacSha256_80
+            | CipherSuiteVariant::AesCtr128HmacSha256_64
+            | CipherSuiteVariant::AesCtr128HmacSha256_32 => true,
+            CipherSuiteVariant::AesGcm128Sha256 | CipherSuiteVariant::AesGcm256Sha512 => false,
+        }
+    }
+}

src/crypto/key_expansion.rs

@@ -4,47 +4,82 @@
 use super::{cipher_suite::CipherSuite, secret::Secret};
 use crate::error::Result;
 
-#[derive(Debug, Default, Clone, Copy)]
-pub struct KeyMaterial<'a>(pub &'a [u8]);
-
-pub trait ExpandAsSecret {
-    fn expand_as_secret(&self, cipher_suite: &CipherSuite) -> Result<Secret>;
+pub trait KeyExpansion {
+    fn expand_from<T>(cipher_suite: &CipherSuite, key_material: T) -> Result<Secret>
+    where
+        T: AsRef<[u8]>;
 }
 
-pub const SFRAME_HKDF_SALT: &[u8] = "SFrame10".as_bytes();
-pub const SFRAME_HKDF_KEY_EXPAND_INFO: &[u8] = "key".as_bytes();
-pub const SFRAME_HDKF_SALT_EXPAND_INFO: &[u8] = "salt".as_bytes();
+pub const SFRAME_HKDF_SALT: &[u8] = b"SFrame10";
+pub const SFRAME_HKDF_KEY_EXPAND_INFO: &[u8] = b"key";
+pub const SFRAME_HDKF_SALT_EXPAND_INFO: &[u8] = b"salt";
+
+#[cfg(feature = "openssl")]
+pub const SFRAME_HKDF_SUB_SALT: &[u8] = b"SFrame10 AES CTR AEAD";
+#[cfg(feature = "openssl")]
+pub const SFRAME_HKDF_SUB_ENC_EXPAND_INFO: &[u8] = b"enc";
+#[cfg(feature = "openssl")]
+pub const SFRAME_HDKF_SUB_AUTH_EXPAND_INFO: &[u8] = b"auth";
 
 #[cfg(test)]
 mod test {
+    use crate::crypto::cipher_suite::CipherSuite;
+    use crate::crypto::secret::Secret;
     use crate::test_vectors::get_test_vector;
 
-    use crate::{
-        crypto::{
-            cipher_suite::{CipherSuite, CipherSuiteVariant},
-            key_expansion::KeyMaterial,
-        },
-        util::test::assert_bytes_eq,
-    };
+    use crate::{crypto::cipher_suite::CipherSuiteVariant, util::test::assert_bytes_eq};
 
-    use super::ExpandAsSecret;
+    use super::KeyExpansion;
 
-    fn derive_correct_keys(variant: CipherSuiteVariant) {
+    fn derive_correct_base_keys(variant: CipherSuiteVariant) {
         let test_vector = get_test_vector(&variant.to_string());
-        let secret = KeyMaterial(&test_vector.key_material)
-            .expand_as_secret(&CipherSuite::from(variant))
-            .unwrap();
+        let secret =
+            Secret::expand_from(&CipherSuite::from(variant), &test_vector.key_material).unwrap();
+
         assert_bytes_eq(&secret.key, &test_vector.key);
         assert_bytes_eq(&secret.salt, &test_vector.salt);
     }
 
     #[test]
     fn derive_correct_keys_aes_gcm_128_sha256() {
-        derive_correct_keys(CipherSuiteVariant::AesGcm128Sha256);
+        derive_correct_base_keys(CipherSuiteVariant::AesGcm128Sha256);
     }
 
     #[test]
     fn derive_correct_keys_aes_gcm_256_sha512() {
-        derive_correct_keys(CipherSuiteVariant::AesGcm256Sha512);
+        derive_correct_base_keys(CipherSuiteVariant::AesGcm256Sha512);
+    }
+
+    #[cfg(feature = "openssl")]
+    mod aes_ctr {
+        use super::*;
+
+        fn derive_correct_sub_keys(variant: CipherSuiteVariant) {
+            let test_vector = get_test_vector(&variant.to_string());
+            let cipher_suite = CipherSuite::from(variant);
+            let secret = Secret::expand_from(&cipher_suite, &test_vector.key_material).unwrap();
+
+            assert_bytes_eq(&secret.salt, &test_vector.salt);
+            // the subkeys stored in secret.key and secret.auth are not included in the test vectors
+            assert_eq!(secret.auth.unwrap().len(), cipher_suite.hash_len);
+            assert_eq!(secret.key.len(), cipher_suite.key_len);
+        }
+
+        #[test]
+        fn derive_correct_keys_aes_ctr_128_hmac_sha256_64() {
+            derive_correct_sub_keys(CipherSuiteVariant::AesCtr128HmacSha256_64);
+        }
+
+        #[test]
+        fn derive_correct_keys_aes_ctr_128_hmac_sha256_32() {
+            derive_correct_sub_keys(CipherSuiteVariant::AesCtr128HmacSha256_32);
+        }
+
+        #[test]
+        // AesCtr128HmacSha256_80 is not available in the test vectors
+        #[ignore]
+        fn derive_correct_keys_aes_ctr_128_hmac_sha256_80() {
+            derive_correct_sub_keys(CipherSuiteVariant::AesCtr128HmacSha256_80);
+        }
     }
 }

src/crypto/mod.rs

@@ -13,7 +13,7 @@ if #[cfg(all(not(feature = "openssl"), feature = "ring"))]{
 else if #[cfg(all(feature = "openssl", not(feature = "ring")))] {
     mod openssl;
 } else {
-    // fallback to ring
+    compile_error!("Cannot configure multiple crypto backends at the same time.");
     mod ring;
 }
 }