1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 use crate::d2d_connection_context_v1::{Aes256Key as RawAes256Key, AesCbcIv};
16 use crypto_provider::aead::AeadError;
17 use crypto_provider::aes::cbc::DecryptionError;
18
19 /// Encrypt message of length N with AES-CBC-256
encrypt_cbc< R: rand::Rng + rand::CryptoRng, A: crypto_provider::aes::cbc::AesCbcPkcs7Padded, >( key: &RawAes256Key, message: &[u8], rng: &mut R, ) -> (Vec<u8>, AesCbcIv)20 pub(crate) fn encrypt_cbc<
21 R: rand::Rng + rand::CryptoRng,
22 A: crypto_provider::aes::cbc::AesCbcPkcs7Padded,
23 >(
24 key: &RawAes256Key,
25 message: &[u8],
26 rng: &mut R,
27 ) -> (Vec<u8>, AesCbcIv) {
28 let iv: AesCbcIv = rng.gen();
29 let ciphertext = A::encrypt(&key[..].try_into().unwrap(), &iv, message);
30 (ciphertext, iv)
31 }
32
33 /// Decrypt message of length N with AES-CBC-256
decrypt_cbc<A: crypto_provider::aes::cbc::AesCbcPkcs7Padded>( key: &RawAes256Key, ciphertext: &[u8], iv: &AesCbcIv, ) -> Result<Vec<u8>, DecryptionError>34 pub(crate) fn decrypt_cbc<A: crypto_provider::aes::cbc::AesCbcPkcs7Padded>(
35 key: &RawAes256Key,
36 ciphertext: &[u8],
37 iv: &AesCbcIv,
38 ) -> Result<Vec<u8>, DecryptionError> {
39 A::decrypt(&key[..].try_into().unwrap(), iv, ciphertext)
40 }
41
42 // TODO: Implement caching of these ciphers per connection so we don't recreate on each computation.
encrypt_gcm_siv< A: crypto_provider::aead::AesGcmSiv + crypto_provider::aead::AeadInit<crypto_provider::aes::Aes256Key>, >( key: &RawAes256Key, plaintext: &[u8], aad: &[u8], nonce: &A::Nonce, ) -> Result<Vec<u8>, AeadError>43 pub(crate) fn encrypt_gcm_siv<
44 A: crypto_provider::aead::AesGcmSiv
45 + crypto_provider::aead::AeadInit<crypto_provider::aes::Aes256Key>,
46 >(
47 key: &RawAes256Key,
48 plaintext: &[u8],
49 aad: &[u8],
50 nonce: &A::Nonce,
51 ) -> Result<Vec<u8>, AeadError> {
52 let converted_key = key.as_slice().try_into().unwrap();
53 let encrypter = A::new(&converted_key);
54 encrypter.encrypt(plaintext, aad, nonce)
55 }
56
decrypt_gcm_siv< A: crypto_provider::aead::AesGcmSiv + crypto_provider::aead::AeadInit<crypto_provider::aes::Aes256Key>, >( key: &RawAes256Key, ciphertext: &[u8], aad: &[u8], nonce: &A::Nonce, ) -> Result<Vec<u8>, AeadError>57 pub(crate) fn decrypt_gcm_siv<
58 A: crypto_provider::aead::AesGcmSiv
59 + crypto_provider::aead::AeadInit<crypto_provider::aes::Aes256Key>,
60 >(
61 key: &RawAes256Key,
62 ciphertext: &[u8],
63 aad: &[u8],
64 nonce: &A::Nonce,
65 ) -> Result<Vec<u8>, AeadError> {
66 let converted_key = key.as_slice().try_into().unwrap();
67 let decrypter = A::new(&converted_key);
68 decrypter.decrypt(ciphertext, aad, nonce)
69 }
70