From 0bb055f581171149bec96c9c9127f011119a9af7 Mon Sep 17 00:00:00 2001 From: Masih Yeganeh Date: Wed, 11 Mar 2020 21:26:27 +0330 Subject: [PATCH 1/3] Handles variable-length nonce --- aes-gcm/src/ctr.rs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/aes-gcm/src/ctr.rs b/aes-gcm/src/ctr.rs index 20be3e9f..f00420ad 100644 --- a/aes-gcm/src/ctr.rs +++ b/aes-gcm/src/ctr.rs @@ -35,10 +35,14 @@ where B::ParBlocks: ArrayLength>, { /// Instantiate a new CTR instance - pub fn new(nonce: &GenericArray) -> Self { + pub fn new(nonce: &[u8]) -> Self { let mut counter_block = GenericArray::default(); - counter_block[..12].copy_from_slice(nonce.as_slice()); - counter_block[15] = 1; + if nonce.len() == 12 { + counter_block[..12].copy_from_slice(nonce); + counter_block[15] = 1; + } else { + counter_block[..].copy_from_slice(nonce); + } Self { block_cipher: PhantomData, From d868d636208c37e7bd4ebc4169554ef574166e98 Mon Sep 17 00:00:00 2001 From: Masih Yeganeh Date: Wed, 11 Mar 2020 21:33:40 +0330 Subject: [PATCH 2/3] Handles variable-length nonce --- aes-gcm/src/lib.rs | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/aes-gcm/src/lib.rs b/aes-gcm/src/lib.rs index 6a928ddf..ee25698f 100644 --- a/aes-gcm/src/lib.rs +++ b/aes-gcm/src/lib.rs @@ -183,13 +183,12 @@ where B: BlockCipher, B::ParBlocks: ArrayLength>, { - type NonceSize = U12; type TagSize = U16; type CiphertextOverhead = U0; fn encrypt_in_place_detached( &self, - nonce: &GenericArray, + nonce: &[u8], associated_data: &[u8], buffer: &mut [u8], ) -> Result { @@ -197,9 +196,19 @@ where return Err(Error); } + // Handles variable-length nonce + let nonce = if nonce.len() != 12 { + let ghash = &mut self.ghash.clone(); + ghash.update_padded(nonce); + let nonce = ghash.result_reset().into_bytes().to_vec(); + nonce + } else { + nonce.to_vec() + }; + // TODO(tarcieri): interleave encryption with GHASH // See: - let mut ctr = Ctr32::new(nonce); + let mut ctr = Ctr32::new(nonce.as_ref()); ctr.seek(1); ctr.apply_keystream(&self.cipher, buffer); @@ -212,7 +221,7 @@ where fn decrypt_in_place_detached( &self, - nonce: &GenericArray, + nonce: &[u8], associated_data: &[u8], buffer: &mut [u8], tag: &Tag, @@ -221,10 +230,20 @@ where return Err(Error); } + // Handles variable-length nonce + let nonce = if nonce.len() != 12 { + let ghash = &mut self.ghash.clone(); + ghash.update_padded(nonce); + let nonce = ghash.result_reset().into_bytes().to_vec(); + nonce + } else { + nonce.to_vec() + }; + // TODO(tarcieri): interleave encryption with GHASH // See: let mut expected_tag = compute_tag(&mut self.ghash.clone(), associated_data, buffer); - let mut ctr = Ctr32::new(nonce); + let mut ctr = Ctr32::new(nonce.as_ref()); ctr.apply_keystream(&self.cipher, expected_tag.as_mut_slice()); use subtle::ConstantTimeEq; From 2b661266b078cb74aa0220ccced5992129ae5017 Mon Sep 17 00:00:00 2001 From: Masih Yeganeh Date: Wed, 11 Mar 2020 22:23:07 +0330 Subject: [PATCH 3/3] Delete unused U12 --- aes-gcm/src/ctr.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aes-gcm/src/ctr.rs b/aes-gcm/src/ctr.rs index f00420ad..e6d63854 100644 --- a/aes-gcm/src/ctr.rs +++ b/aes-gcm/src/ctr.rs @@ -1,7 +1,7 @@ //! Counter mode implementation use block_cipher_trait::generic_array::{ - typenum::{Unsigned, U12, U16}, + typenum::{Unsigned, U16}, ArrayLength, GenericArray, }; use block_cipher_trait::BlockCipher;