diff --git a/crates/api-desc/CHANGELOG.md b/crates/api-desc/CHANGELOG.md index 9bc283d3..224ede85 100644 --- a/crates/api-desc/CHANGELOG.md +++ b/crates/api-desc/CHANGELOG.md @@ -4,6 +4,7 @@ ### Patch +- Add `crypto::gcm::tag_length()` function - Use `*const u8` instead of `*mut u8` for opaque data ## 0.1.3 diff --git a/crates/api-desc/src/crypto/gcm.rs b/crates/api-desc/src/crypto/gcm.rs index 1704f51c..64098e8a 100644 --- a/crates/api-desc/src/crypto/gcm.rs +++ b/crates/api-desc/src/crypto/gcm.rs @@ -42,6 +42,12 @@ pub(crate) fn new() -> Item { support: usize, } }, + item! { + /// Returns the supported tag length. + /// + /// The tag argument to [`encrypt()`] and [`decrypt()`] must be of that length. + fn tag_length "cgt" {} -> { len: usize } + }, item! { /// Encrypts and authenticates a clear text with associated data given a key and IV. fn encrypt "cge" { @@ -69,7 +75,7 @@ pub(crate) fn new() -> Item { /// The cipher text. cipher: *mut u8, - /// The 16 bytes authentication tag. + /// The authentication tag (see [`super::tag_length()`]). tag: *mut u8, } -> { /// Zero on success, bitwise complement of [`Error`](crate::crypto::Error) @@ -92,7 +98,7 @@ pub(crate) fn new() -> Item { /// The length of the additional authenticated data. aad_len: usize, - /// The 16 bytes authentication tag. + /// The authentication tag (see [`super::tag_length()`]). tag: *const u8, /// The length of the cipher (and clear) text. diff --git a/crates/board/CHANGELOG.md b/crates/board/CHANGELOG.md index f5ab9c38..1f8e17a9 100644 --- a/crates/board/CHANGELOG.md +++ b/crates/board/CHANGELOG.md @@ -4,6 +4,7 @@ ### Major +- Make the tag length configurable for `crypto::aead::Api` - Change crypto API to mention `Keysize`, `BlockSize`, and `OutputSize` ### Minor @@ -59,4 +60,4 @@ ## 0.1.0 - + diff --git a/crates/board/src/crypto.rs b/crates/board/src/crypto.rs index 4210cab1..d1c67ae2 100644 --- a/crates/board/src/crypto.rs +++ b/crates/board/src/crypto.rs @@ -26,8 +26,8 @@ pub mod ecc; /// Cryptography interface. pub trait Api { - type Aes128Ccm: aead::Api; - type Aes256Gcm: aead::Api; + type Aes128Ccm: aead::Api; + type Aes256Gcm: aead::Api; type HmacSha256: Support + Hmac; type HmacSha384: Support + Hmac; @@ -45,12 +45,12 @@ pub trait Hmac: KeyInit + Update + FixedOutput + MacMarker {} impl Hash for T {} impl Hmac for T {} -pub struct UnsupportedHash + 'static, Output: ArrayLength + 'static> { +pub struct UnsupportedHash, Output: ArrayLength> { _never: !, _block: Block, _output: Output, } -pub struct UnsupportedHmac + 'static, Output: ArrayLength + 'static> { +pub struct UnsupportedHmac, Output: ArrayLength> { _never: !, _key: Key, _output: Output, @@ -79,11 +79,11 @@ macro_rules! software { impl Api for UnsupportedCrypto { software! { #[cfg(feature = "software-crypto-aes128-ccm")] - type Aes128Ccm = ccm::Ccm | Unsupported; + type Aes128Ccm = ccm::Ccm | aead::Unsupported; } software! { #[cfg(feature = "software-crypto-aes256-gcm")] - type Aes256Gcm = aes_gcm::Aes256Gcm | Unsupported; + type Aes256Gcm = aes_gcm::Aes256Gcm | aead::Unsupported; } software! { @@ -127,31 +127,31 @@ impl Api for Unsupported { impl BlockSizeUser for UnsupportedHash where - B: ArrayLength + 'static, - O: ArrayLength + 'static, + B: ArrayLength, + O: ArrayLength, { type BlockSize = B; } impl OutputSizeUser for UnsupportedHash where - B: ArrayLength + 'static, - O: ArrayLength + 'static, + B: ArrayLength, + O: ArrayLength, { type OutputSize = O; } impl HashMarker for UnsupportedHash where - B: ArrayLength + 'static, - O: ArrayLength + 'static, + B: ArrayLength, + O: ArrayLength, { } impl Default for UnsupportedHash where - B: ArrayLength + 'static, - O: ArrayLength + 'static, + B: ArrayLength, + O: ArrayLength, { fn default() -> Self { unreachable!() @@ -160,8 +160,8 @@ where impl Update for UnsupportedHash where - B: ArrayLength + 'static, - O: ArrayLength + 'static, + B: ArrayLength, + O: ArrayLength, { fn update(&mut self, _: &[u8]) { unreachable!() @@ -170,8 +170,8 @@ where impl FixedOutput for UnsupportedHash where - B: ArrayLength + 'static, - O: ArrayLength + 'static, + B: ArrayLength, + O: ArrayLength, { fn finalize_into(self, _: &mut Output) { unreachable!() @@ -180,8 +180,8 @@ where impl FixedOutputReset for UnsupportedHash where - B: ArrayLength + 'static, - O: ArrayLength + 'static, + B: ArrayLength, + O: ArrayLength, { fn finalize_into_reset(&mut self, _: &mut Output) { unreachable!() @@ -190,8 +190,8 @@ where impl Reset for UnsupportedHash where - B: ArrayLength + 'static, - O: ArrayLength + 'static, + B: ArrayLength, + O: ArrayLength, { fn reset(&mut self) { unreachable!() @@ -200,39 +200,39 @@ where impl Support for UnsupportedHash where - B: ArrayLength + 'static, - O: ArrayLength + 'static, + B: ArrayLength, + O: ArrayLength, { const SUPPORT: bool = false; } impl KeySizeUser for UnsupportedHmac where - K: ArrayLength + 'static, - O: ArrayLength + 'static, + K: ArrayLength, + O: ArrayLength, { type KeySize = K; } impl OutputSizeUser for UnsupportedHmac where - K: ArrayLength + 'static, - O: ArrayLength + 'static, + K: ArrayLength, + O: ArrayLength, { type OutputSize = O; } impl MacMarker for UnsupportedHmac where - K: ArrayLength + 'static, - O: ArrayLength + 'static, + K: ArrayLength, + O: ArrayLength, { } impl KeyInit for UnsupportedHmac where - K: ArrayLength + 'static, - O: ArrayLength + 'static, + K: ArrayLength, + O: ArrayLength, { fn new(_: &Key) -> Self { unreachable!() @@ -241,8 +241,8 @@ where impl Update for UnsupportedHmac where - K: ArrayLength + 'static, - O: ArrayLength + 'static, + K: ArrayLength, + O: ArrayLength, { fn update(&mut self, _: &[u8]) { unreachable!() @@ -251,8 +251,8 @@ where impl FixedOutput for UnsupportedHmac where - K: ArrayLength + 'static, - O: ArrayLength + 'static, + K: ArrayLength, + O: ArrayLength, { fn finalize_into(self, _: &mut Output) { unreachable!() @@ -261,8 +261,8 @@ where impl Support for UnsupportedHmac where - K: ArrayLength + 'static, - O: ArrayLength + 'static, + K: ArrayLength, + O: ArrayLength, { const SUPPORT: bool = false; } diff --git a/crates/board/src/crypto/aead.rs b/crates/board/src/crypto/aead.rs index 778de6dc..ab01767d 100644 --- a/crates/board/src/crypto/aead.rs +++ b/crates/board/src/crypto/aead.rs @@ -18,7 +18,7 @@ use generic_array::{ArrayLength, GenericArray}; #[cfg(feature = "internal-aead")] pub use software::*; -use crate::{Error, Support, Unsupported}; +use crate::{Error, Support}; #[derive(Copy, Clone)] pub struct AeadSupport { @@ -33,19 +33,21 @@ impl From for bool { } /// Elliptic-curve cryptography interface. -pub trait Api: Support +pub trait Api: Support where Key: ArrayLength, Iv: ArrayLength, - Tag: ArrayLength, { + /// The tag length. + type Tag: ArrayLength; + /// Encrypts and authenticates a clear text with associated data given a key and IV. /// /// The clear- and cipher-texts must have the same length. If the clear text is omitted, then /// the cipher text is encrypted in place. fn encrypt( key: &Array, iv: &Array, aad: &[u8], clear: Option<&[u8]>, cipher: &mut [u8], - tag: &mut Array, + tag: &mut Array, ) -> Result<(), Error>; /// Decrypts and authenticates a cipher text with associated data given a key and IV. @@ -53,31 +55,39 @@ where /// The cipher- and clear-texts must have the same length. If the cipher text is omitted, then /// the clear text is decrypted in place. fn decrypt( - key: &Array, iv: &Array, aad: &[u8], cipher: Option<&[u8]>, tag: &Array, - clear: &mut [u8], + key: &Array, iv: &Array, aad: &[u8], cipher: Option<&[u8]>, + tag: &Array, clear: &mut [u8], ) -> Result<(), Error>; } pub type Array = GenericArray; -impl Support for Unsupported { +pub struct Unsupported> { + _never: !, + _tag: Tag, +} + +impl> Support for Unsupported { const SUPPORT: AeadSupport = AeadSupport { no_copy: false, in_place_no_copy: false }; } -impl Api for Unsupported +impl> Api for Unsupported where Key: ArrayLength, Iv: ArrayLength, - Tag: ArrayLength, { + type Tag = Tag; + fn encrypt( - _: &Array, _: &Array, _: &[u8], _: Option<&[u8]>, _: &mut [u8], _: &mut Array, + _: &Array, _: &Array, _: &[u8], _: Option<&[u8]>, _: &mut [u8], + _: &mut Array, ) -> Result<(), Error> { unreachable!() } fn decrypt( - _: &Array, _: &Array, _: &[u8], _: Option<&[u8]>, _: &Array, _: &mut [u8], + _: &Array, _: &Array, _: &[u8], _: Option<&[u8]>, _: &Array, + _: &mut [u8], ) -> Result<(), Error> { unreachable!() } @@ -94,18 +104,19 @@ mod software { const SUPPORT: AeadSupport = AeadSupport { no_copy: false, in_place_no_copy: true }; } - impl Api for T + impl Api for T where T: KeyInit + AeadInPlace, T: KeySizeUser, - T: AeadCore, + T: AeadCore, Key: ArrayLength, Iv: ArrayLength, - Tag: ArrayLength, { + type Tag = T::TagSize; + fn encrypt( key: &Array, iv: &Array, aad: &[u8], clear: Option<&[u8]>, cipher: &mut [u8], - tag: &mut Array, + tag: &mut Array, ) -> Result<(), Error> { let aead = T::new(key); if let Some(clear) = clear { @@ -118,8 +129,8 @@ mod software { } fn decrypt( - key: &Array, iv: &Array, aad: &[u8], cipher: Option<&[u8]>, tag: &Array, - clear: &mut [u8], + key: &Array, iv: &Array, aad: &[u8], cipher: Option<&[u8]>, + tag: &Array, clear: &mut [u8], ) -> Result<(), Error> { let aead = T::new(key); if let Some(cipher) = cipher { diff --git a/crates/prelude/CHANGELOG.md b/crates/prelude/CHANGELOG.md index 10ef3d2c..08588f81 100644 --- a/crates/prelude/CHANGELOG.md +++ b/crates/prelude/CHANGELOG.md @@ -1,6 +1,10 @@ # Changelog -## 0.2.1-git +## 0.3.0-git + +### Major + +- Make the AES256-GCM tag variable length ### Minor diff --git a/crates/prelude/Cargo.lock b/crates/prelude/Cargo.lock index 12407d50..1e68f4b7 100644 --- a/crates/prelude/Cargo.lock +++ b/crates/prelude/Cargo.lock @@ -277,7 +277,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "aead", "const-default", diff --git a/crates/prelude/Cargo.toml b/crates/prelude/Cargo.toml index 8f53f93c..c5674836 100644 --- a/crates/prelude/Cargo.toml +++ b/crates/prelude/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" authors = ["Julien Cretin "] license = "Apache-2.0" publish = true diff --git a/crates/prelude/src/crypto/gcm.rs b/crates/prelude/src/crypto/gcm.rs index 624bfef8..07775e13 100644 --- a/crates/prelude/src/crypto/gcm.rs +++ b/crates/prelude/src/crypto/gcm.rs @@ -36,7 +36,7 @@ pub struct Support { pub struct Cipher { pub text: Vec, - pub tag: [u8; 16], + pub tag: Vec, } /// Whether AES-256-GCM is supported. @@ -54,21 +54,27 @@ pub fn support() -> Support { } } +/// Returns the supported tag length. +pub fn tag_length() -> usize { + let api::tag_length::Results { len } = unsafe { api::tag_length() }; + len +} + /// Encrypts and authenticates a cleartext. pub fn encrypt(key: &[u8; 32], iv: &[u8; 12], aad: &[u8], clear: &[u8]) -> Result { let mut text = vec![0; clear.len()]; - let tag = encrypt_mut(key, iv, aad, clear, &mut text)?; + let mut tag = vec![0; tag_length()]; + encrypt_mut(key, iv, aad, clear, &mut text, &mut tag)?; Ok(Cipher { text, tag }) } /// Encrypts and authenticates a cleartext to a ciphertext. pub fn encrypt_mut( - key: &[u8; 32], iv: &[u8; 12], aad: &[u8], clear: &[u8], cipher: &mut [u8], -) -> Result<[u8; 16], Error> { - if clear.len() != cipher.len() { + key: &[u8; 32], iv: &[u8; 12], aad: &[u8], clear: &[u8], cipher: &mut [u8], tag: &mut [u8], +) -> Result<(), Error> { + if clear.len() != cipher.len() || tag.len() != tag_length() { return Err(Error::InvalidArgument); } - let mut tag = [0; 16]; let params = api::encrypt::Params { key: key.as_ptr(), iv: iv.as_ptr(), @@ -81,14 +87,16 @@ pub fn encrypt_mut( }; let api::encrypt::Results { res } = unsafe { api::encrypt(params) }; Error::to_result(res)?; - Ok(tag) + Ok(()) } /// Encrypts and authenticates a buffer in place. pub fn encrypt_in_place( - key: &[u8; 32], iv: &[u8; 12], aad: &[u8], buffer: &mut [u8], -) -> Result<[u8; 16], Error> { - let mut tag = [0; 16]; + key: &[u8; 32], iv: &[u8; 12], aad: &[u8], buffer: &mut [u8], tag: &mut [u8], +) -> Result<(), Error> { + if tag.len() != tag_length() { + return Err(Error::InvalidArgument); + } let params = api::encrypt::Params { key: key.as_ptr(), iv: iv.as_ptr(), @@ -101,7 +109,7 @@ pub fn encrypt_in_place( }; let api::encrypt::Results { res } = unsafe { api::encrypt(params) }; Error::to_result(res)?; - Ok(tag) + Ok(()) } /// Decrypts and authenticates a ciphertext. @@ -115,9 +123,9 @@ pub fn decrypt( /// Decrypts and authenticates a ciphertext to a cleartext. pub fn decrypt_mut( - key: &[u8; 32], iv: &[u8; 12], aad: &[u8], tag: &[u8; 16], cipher: &[u8], clear: &mut [u8], + key: &[u8; 32], iv: &[u8; 12], aad: &[u8], tag: &[u8], cipher: &[u8], clear: &mut [u8], ) -> Result<(), Error> { - if cipher.len() != clear.len() { + if cipher.len() != clear.len() || tag.len() != tag_length() { return Err(Error::InvalidArgument); } let params = api::decrypt::Params { @@ -137,8 +145,11 @@ pub fn decrypt_mut( /// Decrypts and authenticates a ciphertext. pub fn decrypt_in_place( - key: &[u8; 32], iv: &[u8; 12], aad: &[u8], tag: &[u8; 16], buffer: &mut [u8], + key: &[u8; 32], iv: &[u8; 12], aad: &[u8], tag: &[u8], buffer: &mut [u8], ) -> Result<(), Error> { + if tag.len() != tag_length() { + return Err(Error::InvalidArgument); + } let params = api::decrypt::Params { key: key.as_ptr(), iv: iv.as_ptr(), @@ -184,6 +195,8 @@ mod rust_crypto { impl aead::AeadCore for Key { type NonceSize = aead::consts::U12; + // This is the maximum tag size. We can't know at compile-time the actual supported tag + // length. This means we pad with zeros the tag. The user must truncate the tag. type TagSize = aead::consts::U16; type CiphertextOverhead = aead::consts::U0; } @@ -195,12 +208,14 @@ mod rust_crypto { let payload = plaintext.into(); let len = payload.msg.len(); let mut result = vec![0; len + 16]; - let tag = encrypt_mut( + let mut tag = [0; 16]; + encrypt_mut( &self.key, nonce.as_ref(), payload.aad, payload.msg, &mut result[.. len], + &mut tag[.. tag_length()], ) .map_err(|_| aead::Error)?; result[len ..].copy_from_slice(tag.as_ref()); @@ -218,7 +233,7 @@ mod rust_crypto { &self.key, nonce.as_ref(), payload.aad, - tag.try_into().unwrap(), + &tag[.. tag_length()], cipher, &mut clear, ) @@ -231,18 +246,30 @@ mod rust_crypto { fn encrypt_in_place_detached( &self, nonce: &aead::Nonce, associated_data: &[u8], buffer: &mut [u8], ) -> aead::Result> { - encrypt_in_place(&self.key, nonce.as_ref(), associated_data, buffer) - .map(|x| x.into()) - .map_err(|_| aead::Error) + let mut tag = [0; 16]; + encrypt_in_place( + &self.key, + nonce.as_ref(), + associated_data, + buffer, + &mut tag[.. tag_length()], + ) + .map_err(|_| aead::Error)?; + Ok(tag.into()) } fn decrypt_in_place_detached( &self, nonce: &aead::Nonce, associated_data: &[u8], buffer: &mut [u8], tag: &aead::Tag, ) -> aead::Result<()> { - decrypt_in_place(&self.key, nonce.as_ref(), associated_data, tag.as_ref(), buffer) - .map(|x| x.into()) - .map_err(|_| aead::Error) + decrypt_in_place( + &self.key, + nonce.as_ref(), + associated_data, + &tag[.. tag_length()], + buffer, + ) + .map_err(|_| aead::Error) } } } diff --git a/crates/runner-nordic/src/tasks/crypto/ccm.rs b/crates/runner-nordic/src/tasks/crypto/ccm.rs index 32f0fd19..9008541f 100644 --- a/crates/runner-nordic/src/tasks/crypto/ccm.rs +++ b/crates/runner-nordic/src/tasks/crypto/ccm.rs @@ -27,7 +27,9 @@ impl Support for Impl { const SUPPORT: AeadSupport = AeadSupport { no_copy: true, in_place_no_copy: true }; } -impl Api for Impl { +impl Api for Impl { + type Tag = U4; + fn encrypt( key: &Array, iv: &Array, aad: &[u8], clear: Option<&[u8]>, cipher: &mut [u8], tag: &mut Array, diff --git a/crates/scheduler/CHANGELOG.md b/crates/scheduler/CHANGELOG.md index 4effff03..3a7d40cd 100644 --- a/crates/scheduler/CHANGELOG.md +++ b/crates/scheduler/CHANGELOG.md @@ -43,4 +43,4 @@ ## 0.1.0 - + diff --git a/crates/scheduler/src/call/crypto/gcm.rs b/crates/scheduler/src/call/crypto/gcm.rs index 94de7caa..a1a4744f 100644 --- a/crates/scheduler/src/call/crypto/gcm.rs +++ b/crates/scheduler/src/call/crypto/gcm.rs @@ -21,6 +21,7 @@ use crate::{DispatchSchedulerCall, SchedulerCall}; pub fn process(call: Api>) { match call { Api::Support(call) => support(call), + Api::TagLength(call) => tag_length(call), Api::Encrypt(call) => encrypt(call), Api::Decrypt(call) => decrypt(call), } @@ -34,6 +35,12 @@ fn support(call: SchedulerCall) { call.reply(Ok(api::support::Results { support: support.into() })) } +fn tag_length(call: SchedulerCall) { + let api::tag_length::Params {} = call.read(); + let len = (tag_len::() as u32).into(); + call.reply(Ok(api::tag_length::Results { len })) +} + fn encrypt(mut call: SchedulerCall) { let api::encrypt::Params { key, iv, aad, aad_len, length, clear, cipher, tag } = call.read(); let scheduler = call.scheduler(); @@ -44,7 +51,8 @@ fn encrypt(mut call: SchedulerCall) { let aad = memory.get(*aad, *aad_len)?; let clear = memory.get_opt(*clear, *length)?; let cipher = memory.get_mut(*cipher, *length)?; - let tag = memory.get_array_mut::<16>(*tag)?.into(); + let tag_len = tag_len::() as u32; + let tag = memory.get_mut(*tag, tag_len)?.into(); let res = match board::crypto::Aes256Gcm::::encrypt(key, iv, aad, clear, cipher, tag) { Ok(()) => 0u32.into(), Err(_) => u32::MAX.into(), @@ -62,7 +70,8 @@ fn decrypt(mut call: SchedulerCall) { let key = memory.get_array::<32>(*key)?.into(); let iv = memory.get_array::<12>(*iv)?.into(); let aad = memory.get(*aad, *aad_len)?; - let tag = memory.get_array::<16>(*tag)?.into(); + let tag_len = tag_len::() as u32; + let tag = memory.get(*tag, tag_len)?.into(); let cipher = memory.get_opt(*cipher, *length)?; let clear = memory.get_mut(*clear, *length)?; let res = match board::crypto::Aes256Gcm::::decrypt(key, iv, aad, cipher, tag, clear) { @@ -73,3 +82,8 @@ fn decrypt(mut call: SchedulerCall) { }; call.reply(results); } + +const fn tag_len() -> usize { + use typenum::Unsigned; + as board::crypto::aead::Api<_, _>>::Tag::USIZE +} diff --git a/examples/assemblyscript/api.ts b/examples/assemblyscript/api.ts index 365300fa..fa48e4a5 100644 --- a/examples/assemblyscript/api.ts +++ b/examples/assemblyscript/api.ts @@ -340,6 +340,13 @@ // Bit-flag as described by [`super::Support`]. ): usize + // Returns the supported tag length. + // + // The tag argument to [`encrypt()`] and [`decrypt()`] must be of that length. + @external("env", "cgt") + export declare function crypto_gcm_tag_length( + ): usize + // Encrypts and authenticates a clear text with associated data given a key and IV. @external("env", "cge") export declare function crypto_gcm_encrypt( @@ -367,7 +374,7 @@ // The cipher text. cipher: usize, - // The 16 bytes authentication tag. + // The authentication tag (see [`super::tag_length()`]). tag: usize, // Zero on success, bitwise complement of [`Error`](crate::crypto::Error) // otherwise. @@ -388,7 +395,7 @@ // The length of the additional authenticated data. aad_len: usize, - // The 16 bytes authentication tag. + // The authentication tag (see [`super::tag_length()`]). tag: usize, // The length of the cipher (and clear) text. diff --git a/examples/rust/blink/Cargo.lock b/examples/rust/blink/Cargo.lock index 74f15ea0..e1e0b410 100644 --- a/examples/rust/blink/Cargo.lock +++ b/examples/rust/blink/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/blink_periodic/Cargo.lock b/examples/rust/blink_periodic/Cargo.lock index e27bd5d7..5fdf1e4e 100644 --- a/examples/rust/blink_periodic/Cargo.lock +++ b/examples/rust/blink_periodic/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/button/Cargo.lock b/examples/rust/button/Cargo.lock index b451b141..3794434b 100644 --- a/examples/rust/button/Cargo.lock +++ b/examples/rust/button/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/button_abort/Cargo.lock b/examples/rust/button_abort/Cargo.lock index e99bc4c1..a8b7de7f 100644 --- a/examples/rust/button_abort/Cargo.lock +++ b/examples/rust/button_abort/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/ccm/Cargo.lock b/examples/rust/ccm/Cargo.lock index 583ab6f7..1d5cfb14 100644 --- a/examples/rust/ccm/Cargo.lock +++ b/examples/rust/ccm/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/ctap/Cargo.lock b/examples/rust/ctap/Cargo.lock index 9f66ab2b..d70e8ac3 100644 --- a/examples/rust/ctap/Cargo.lock +++ b/examples/rust/ctap/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/ec_test/Cargo.lock b/examples/rust/ec_test/Cargo.lock index cb81bd1a..8190524a 100644 --- a/examples/rust/ec_test/Cargo.lock +++ b/examples/rust/ec_test/Cargo.lock @@ -524,7 +524,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/echo/Cargo.lock b/examples/rust/echo/Cargo.lock index 451df86d..bfc69531 100644 --- a/examples/rust/echo/Cargo.lock +++ b/examples/rust/echo/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/gcm_test/Cargo.lock b/examples/rust/gcm_test/Cargo.lock index 4b8320be..621dffa6 100644 --- a/examples/rust/gcm_test/Cargo.lock +++ b/examples/rust/gcm_test/Cargo.lock @@ -285,7 +285,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "aead", "const-default", diff --git a/examples/rust/gcm_test/src/lib.rs b/examples/rust/gcm_test/src/lib.rs index 502dcb44..00d14bac 100644 --- a/examples/rust/gcm_test/src/lib.rs +++ b/examples/rust/gcm_test/src/lib.rs @@ -17,8 +17,11 @@ #![no_std] wasefire::applet!(); +use alloc::vec; + #[cfg(feature = "rust-crypto")] use aead::{Aead, AeadInPlace, KeyInit, Payload}; +use wasefire::crypto::gcm::tag_length; #[cfg(not(feature = "rust-crypto"))] use wasefire::crypto::gcm::{decrypt, decrypt_in_place, encrypt, encrypt_in_place, Cipher}; #[cfg(feature = "rust-crypto")] @@ -37,42 +40,48 @@ fn main() { fn test_encrypt() { debug!("test_encrypt(): Encrypts the test vectors."); + let tag_len = tag_length(); for &Vector { key, iv, aad, clear, cipher, tag } in TEST_VECTORS { debug!("- {} bytes", clear.len()); #[cfg(feature = "rust-crypto")] let (cipher_, tag_) = { let key = Aes256Gcm::new(key.into()); let mut cipher_ = key.encrypt(iv.into(), Payload { msg: clear, aad }).unwrap(); - let tag_ = cipher_[clear.len() ..].try_into().unwrap(); + let tag_ = cipher_[clear.len() ..][.. tag_len].to_vec(); cipher_.truncate(clear.len()); (cipher_, tag_) }; #[cfg(not(feature = "rust-crypto"))] let Cipher { text: cipher_, tag: tag_ } = encrypt(key, iv, aad, clear).unwrap(); debug::assert_eq(&cipher_[..], cipher); - debug::assert_eq(&tag_, tag); + debug::assert_eq(&tag_[..], &tag[.. tag_len]); } } fn test_encrypt_in_place() { debug!("test_encrypt_in_place(): Encrypts the test vectors in place."); + let tag_len = tag_length(); for &Vector { key, iv, aad, clear, cipher, tag } in TEST_VECTORS { debug!("- {} bytes", clear.len()); let mut cipher_ = clear.to_vec(); + let mut tag_ = vec![0; tag_len]; #[cfg(feature = "rust-crypto")] - let tag_ = { + { let key = Aes256GcmInPlace::new(key.into()); - key.encrypt_in_place_detached(iv.into(), aad, &mut cipher_).unwrap().into() - }; + let tag = key.encrypt_in_place_detached(iv.into(), aad, &mut cipher_).unwrap(); + tag_.copy_from_slice(&tag[.. tag_len]); + } #[cfg(not(feature = "rust-crypto"))] - let tag_ = encrypt_in_place(key, iv, aad, &mut cipher_).unwrap(); + encrypt_in_place(key, iv, aad, &mut cipher_, &mut tag_).unwrap(); debug::assert_eq(&cipher_[..], cipher); - debug::assert_eq(&tag_, tag); + debug::assert_eq(&tag_[..], &tag[.. tag_len]); } } fn test_decrypt() { debug!("test_decrypt(): Decrypts the test vectors."); + #[cfg(not(feature = "rust-crypto"))] + let tag_len = tag_length(); for &Vector { key, iv, aad, clear, cipher, tag } in TEST_VECTORS { debug!("- {} bytes", clear.len()); #[cfg(feature = "rust-crypto")] @@ -84,7 +93,9 @@ fn test_decrypt() { }; #[cfg(not(feature = "rust-crypto"))] let clear_ = { - let cipher = Cipher { text: cipher.to_vec(), tag: *tag }; + let mut tag_ = vec![0; tag_len]; + tag_.copy_from_slice(&tag[.. tag_len]); + let cipher = Cipher { text: cipher.to_vec(), tag: tag_ }; decrypt(key, iv, aad, &cipher).unwrap() }; debug::assert_eq(&clear_[..], clear); @@ -93,6 +104,8 @@ fn test_decrypt() { fn test_decrypt_in_place() { debug!("test_decrypt_in_place(): Decrypts the test vectors in place."); + #[cfg(not(feature = "rust-crypto"))] + let tag_len = tag_length(); for &Vector { key, iv, aad, clear, cipher, tag } in TEST_VECTORS { debug!("- {} bytes", clear.len()); let mut clear_ = cipher.to_vec(); @@ -101,7 +114,7 @@ fn test_decrypt_in_place() { .decrypt_in_place_detached(iv.into(), aad, &mut clear_, tag.into()) .unwrap(); #[cfg(not(feature = "rust-crypto"))] - decrypt_in_place(key, iv, aad, tag, &mut clear_).unwrap(); + decrypt_in_place(key, iv, aad, &tag[.. tag_len], &mut clear_).unwrap(); debug::assert_eq(&clear_[..], clear); } } diff --git a/examples/rust/hash_test/Cargo.lock b/examples/rust/hash_test/Cargo.lock index 5ba1ac9a..230531d5 100644 --- a/examples/rust/hash_test/Cargo.lock +++ b/examples/rust/hash_test/Cargo.lock @@ -535,7 +535,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "aead", "const-default", diff --git a/examples/rust/hello/Cargo.lock b/examples/rust/hello/Cargo.lock index 2eb3818a..a2b23890 100644 --- a/examples/rust/hello/Cargo.lock +++ b/examples/rust/hello/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/hsm/Cargo.lock b/examples/rust/hsm/Cargo.lock index a29b880f..40ec50c5 100644 --- a/examples/rust/hsm/Cargo.lock +++ b/examples/rust/hsm/Cargo.lock @@ -256,7 +256,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/hsm/common/Cargo.lock b/examples/rust/hsm/common/Cargo.lock index aae40780..30f17738 100644 --- a/examples/rust/hsm/common/Cargo.lock +++ b/examples/rust/hsm/common/Cargo.lock @@ -269,7 +269,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/led/Cargo.lock b/examples/rust/led/Cargo.lock index 28806f64..13bb08e5 100644 --- a/examples/rust/led/Cargo.lock +++ b/examples/rust/led/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/memory_game/Cargo.lock b/examples/rust/memory_game/Cargo.lock index fd2691c9..ffe0a212 100644 --- a/examples/rust/memory_game/Cargo.lock +++ b/examples/rust/memory_game/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/panic/Cargo.lock b/examples/rust/panic/Cargo.lock index a0ff4a9e..900d618a 100644 --- a/examples/rust/panic/Cargo.lock +++ b/examples/rust/panic/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/rand/Cargo.lock b/examples/rust/rand/Cargo.lock index b854d923..2e28f36f 100644 --- a/examples/rust/rand/Cargo.lock +++ b/examples/rust/rand/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/rng_test/Cargo.lock b/examples/rust/rng_test/Cargo.lock index edcada1a..b904e7e9 100644 --- a/examples/rust/rng_test/Cargo.lock +++ b/examples/rust/rng_test/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/store/Cargo.lock b/examples/rust/store/Cargo.lock index 0dd03c83..4f26a10b 100644 --- a/examples/rust/store/Cargo.lock +++ b/examples/rust/store/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/store_test/Cargo.lock b/examples/rust/store_test/Cargo.lock index d8503f3f..cb1f73ba 100644 --- a/examples/rust/store_test/Cargo.lock +++ b/examples/rust/store_test/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/sync_test/Cargo.lock b/examples/rust/sync_test/Cargo.lock index 8d3f4a73..a5006720 100644 --- a/examples/rust/sync_test/Cargo.lock +++ b/examples/rust/sync_test/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array", diff --git a/examples/rust/timer_test/Cargo.lock b/examples/rust/timer_test/Cargo.lock index 9cb5a3f6..b418f252 100644 --- a/examples/rust/timer_test/Cargo.lock +++ b/examples/rust/timer_test/Cargo.lock @@ -248,7 +248,7 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "wasefire" -version = "0.2.1-git" +version = "0.3.0-git" dependencies = [ "const-default", "generic-array",