diff options
Diffstat (limited to 'nearby/crypto/crypto_provider/src/aead.rs')
-rw-r--r-- | nearby/crypto/crypto_provider/src/aead.rs | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/nearby/crypto/crypto_provider/src/aead.rs b/nearby/crypto/crypto_provider/src/aead.rs new file mode 100644 index 0000000..165272e --- /dev/null +++ b/nearby/crypto/crypto_provider/src/aead.rs @@ -0,0 +1,86 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#[cfg(feature = "alloc")] +extern crate alloc; +#[cfg(feature = "alloc")] +use alloc::vec::Vec; + +/// An implementation of AES-GCM-SIV. +/// +/// An AesGcmSiv impl may be used for encryption and decryption. +pub trait AesGcmSiv: Aead<Nonce = [u8; 12]> {} + +/// An implementation of AES-GCM. +/// +/// An AesGcm impl may be used for encryption and decryption. +pub trait AesGcm: Aead<Nonce = [u8; 12]> {} + +/// Error returned on unsuccessful AEAD operation. +#[derive(Debug)] +pub struct AeadError; + +/// Initializes an AEAD +pub trait AeadInit<K: crate::aes::AesKey> { + /// Instantiates a new instance of the AEAD from key material. + fn new(key: &K) -> Self; +} + +/// Authenticated Encryption with Associated Data (AEAD) algorithm, where `N` is the size of the +/// Nonce. Encrypts and decrypts buffers in-place. +pub trait Aead { + /// The size of the authentication tag, this is appended to the message on the encrypt operation + /// and truncated from the plaintext after decrypting. + const TAG_SIZE: usize; + + /// The cryptographic nonce used by the AEAD. The nonce must be unique for all messages with + /// the same key. This is critically important - nonce reuse may completely undermine the + /// security of the AEAD. Nonces may be predictable and public, so long as they are unique. + type Nonce: AsRef<[u8]>; + + /// The type of the tag, which should always be [u8; Self::TAG_SIZE]. + type Tag: AsRef<[u8]>; + + /// Encrypt the given buffer containing a plaintext message. On success returns the encrypted + /// `msg` and appended auth tag, which will result in a Vec which is `Self::TAG_SIZE` bytes + /// greater than the initial message. + #[cfg(feature = "alloc")] + fn encrypt(&self, msg: &[u8], aad: &[u8], nonce: &Self::Nonce) -> Result<Vec<u8>, AeadError>; + + /// Encrypt the given buffer containing a plaintext message in-place, and returns the tag in the + /// result value. + fn encrypt_detached( + &self, + msg: &mut [u8], + aad: &[u8], + nonce: &Self::Nonce, + ) -> Result<Self::Tag, AeadError>; + + /// Decrypt the message, returning the decrypted plaintext or an error in the event the + /// provided authentication tag does not match the given ciphertext. On success the returned + /// Vec will only contain the plaintext and so will be `Self::TAG_SIZE` bytes less than the + /// initial message. + #[cfg(feature = "alloc")] + fn decrypt(&self, msg: &[u8], aad: &[u8], nonce: &Self::Nonce) -> Result<Vec<u8>, AeadError>; + + /// Decrypt the message in-place, returning an error and leaving the input `msg` unchanged in + /// the event the provided authentication tag does not match the given ciphertext. + fn decrypt_detached( + &self, + msg: &mut [u8], + aad: &[u8], + nonce: &Self::Nonce, + tag: &Self::Tag, + ) -> Result<(), AeadError>; +} |