Skip to content

Commit

Permalink
Happy CI
Browse files Browse the repository at this point in the history
  • Loading branch information
@skmcgrail
skmcgrail committed Apr 8, 2024
1 parent 08e0cc5 commit 61ad25d
Show file tree
Hide file tree
Showing 4 changed files with 72 additions and 44 deletions.
4 changes: 2 additions & 2 deletions aws-lc-rs/src/rsa.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
//!
//! // The maximum size plaintext can be determined by calling `OaepPublicEncryptingKey::max_plaintext_size`
//! let message = b"hello world";
//! let mut ciphertext = vec![0u8; public_key.max_ciphertext_size()]; // Output will be the size of the RSA key length in bytes rounded up.
//! let mut ciphertext = vec![0u8; public_key.ciphertext_size()]; // Output will be the size of the RSA key length in bytes rounded up.
//!
//! // Encrypt a message with the public key without the optional label provided.
//! let ciphertext = public_key.encrypt(&OAEP_SHA256_MGF1SHA256, message, &mut ciphertext, None)?;
Expand All @@ -51,7 +51,7 @@
//! let private_key = OaepPrivateDecryptingKey::new(private_key)?;
//!
//! // Decrypt a message with the private key.
//! let mut plaintext = vec![0u8; private_key.key_size_bytes()];
//! let mut plaintext = vec![0u8; private_key.min_output_size()];
//! let plaintext = private_key.decrypt(&OAEP_SHA256_MGF1SHA256, ciphertext, &mut plaintext, None)?;
//!
//! assert_eq!(message, plaintext);
Expand Down
60 changes: 34 additions & 26 deletions aws-lc-rs/src/rsa/encryption.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,32 +261,32 @@ pub struct OaepPublicEncryptingKey {
}

impl OaepPublicEncryptingKey {
/// Construcsts an `OaepPublicEncryptingKey` from a `PublicEncryptingKey`.
/// Constructs an `OaepPublicEncryptingKey` from a `PublicEncryptingKey`.
/// # Errors
/// * `Unspecified`: Any error that occurs while attempting to construct an RSA-OAEP public key.
pub fn new(public_key: PublicEncryptingKey) -> Result<Self, Unspecified> {
Ok(Self { public_key })
}

/// Encrypts the contents in `plaintext` and writes the corresponding ciphertext to `output`.
/// Encrypts the contents in `plaintext` and writes the corresponding ciphertext to `ciphertext`.
/// Returns the subslice of `ciphertext` containing the ciphertext output.
///
/// # Max Plaintext Length
/// The provided length of `plaintext` must be at most [`Self::max_plaintext_size`].
///
/// # Sizing `output`
/// For `OAEP_SHA1_MGF1SHA1`, `OAEP_SHA256_MGF1SHA256`, `OAEP_SHA384_MGF1SHA384`, `OAEP_SHA512_MGF1SHA512` the
/// length of `output` must be the RSA key size in bytes. The RSA key size in bytes can be retrieved using
/// [`Self::key_size`].
/// For `OAEP_SHA1_MGF1SHA1`, `OAEP_SHA256_MGF1SHA256`, `OAEP_SHA384_MGF1SHA384`, `OAEP_SHA512_MGF1SHA512` The
/// length of `output` must be greater then or equal to [`Self::ciphertext_size`].
///
/// # Errors
/// * `Unspecified` for any error that occurs while encrypting `plaintext`.
pub fn encrypt<'output>(
pub fn encrypt<'ciphertext>(
&self,
algorithm: &'static OaepAlgorithm,
plaintext: &[u8],
output: &'output mut [u8],
ciphertext: &'ciphertext mut [u8],
label: Option<&[u8]>,
) -> Result<&'output mut [u8], Unspecified> {
) -> Result<&'ciphertext mut [u8], Unspecified> {
let pkey_ctx = LcPtr::new(unsafe { EVP_PKEY_CTX_new(*self.public_key.0, null_mut()) })?;

if 1 != unsafe { EVP_PKEY_encrypt_init(*pkey_ctx) } {
Expand All @@ -300,12 +300,12 @@ impl OaepPublicEncryptingKey {
label,
)?;

let mut out_len = output.len();
let mut out_len = ciphertext.len();

if 1 != indicator_check!(unsafe {
EVP_PKEY_encrypt(
*pkey_ctx,
output.as_mut_ptr(),
ciphertext.as_mut_ptr(),
&mut out_len,
plaintext.as_ptr(),
plaintext.len(),
Expand All @@ -314,7 +314,7 @@ impl OaepPublicEncryptingKey {
return Err(Unspecified);
};

Ok(&mut output[..out_len])
Ok(&mut ciphertext[..out_len])
}

/// Returns the RSA key size in bytes.
Expand Down Expand Up @@ -345,18 +345,17 @@ impl OaepPublicEncryptingKey {
self.key_size_bytes() - 2 * hash_len - 2
}

/// Returns the max ciphertext size that will be output by the `Self::encrypt`.
/// Returns the max ciphertext size that will be output by `Self::encrypt`.
#[must_use]
pub fn max_ciphertext_size(&self) -> usize {
pub fn ciphertext_size(&self) -> usize {
self.key_size_bytes()
}
}

impl Debug for OaepPublicEncryptingKey {
fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
f.debug_struct("OaepPublicEncryptingKey")
.field("public_key", &self.public_key)
.finish()
.finish_non_exhaustive()
}
}

Expand All @@ -366,28 +365,32 @@ pub struct OaepPrivateDecryptingKey {
}

impl OaepPrivateDecryptingKey {
/// Construcsts an `OaepPrivateDecryptingKey` from a `PrivateDecryptingKey`.
/// Constructs an `OaepPrivateDecryptingKey` from a `PrivateDecryptingKey`.
/// # Errors
/// * `Unspecified`: Any error that occurs while attempting to construct an RSA-OAEP public key.
pub fn new(private_key: PrivateDecryptingKey) -> Result<Self, Unspecified> {
Ok(Self { private_key })
}

/// Decrypts the contents in `ciphertext` and writes the corresponding plaintext to `output`.
/// Decrypts the contents in `ciphertext` and writes the corresponding plaintext to `plaintext`.
/// Returns the subslice of `plaintext` containing the plaintext output.
///
/// # Max Ciphertext Length
/// The provided length of `ciphertext` must be [`Self::key_size_bytes`].
///
/// # Sizing `output`
/// For `OAEP_SHA1_MGF1SHA1`, `OAEP_SHA256_MGF1SHA256`, `OAEP_SHA384_MGF1SHA384`, `OAEP_SHA512_MGF1SHA512`. The
/// length of `output` must be equal to [`Self::key_size`].
/// length of `output` must be greater then or equal to [`Self::min_output_size`].
///
/// # Errors
/// * `Unspecified` for any error that occurs while decrypting `ciphertext`.
pub fn decrypt<'output>(
pub fn decrypt<'plaintext>(
&self,
algorithm: &'static OaepAlgorithm,
ciphertext: &[u8],
output: &'output mut [u8],
plaintext: &'plaintext mut [u8],
label: Option<&[u8]>,
) -> Result<&'output mut [u8], Unspecified> {
) -> Result<&'plaintext mut [u8], Unspecified> {
let pkey_ctx = LcPtr::new(unsafe { EVP_PKEY_CTX_new(*self.private_key.0, null_mut()) })?;

if 1 != unsafe { EVP_PKEY_decrypt_init(*pkey_ctx) } {
Expand All @@ -401,12 +404,12 @@ impl OaepPrivateDecryptingKey {
label,
)?;

let mut out_len = output.len();
let mut out_len = plaintext.len();

if 1 != indicator_check!(unsafe {
EVP_PKEY_decrypt(
*pkey_ctx,
output.as_mut_ptr(),
plaintext.as_mut_ptr(),
&mut out_len,
ciphertext.as_ptr(),
ciphertext.len(),
Expand All @@ -415,7 +418,7 @@ impl OaepPrivateDecryptingKey {
return Err(Unspecified);
};

Ok(&mut output[..out_len])
Ok(&mut plaintext[..out_len])
}

/// Returns the RSA key size in bytes.
Expand All @@ -429,13 +432,18 @@ impl OaepPrivateDecryptingKey {
pub fn key_size_bits(&self) -> usize {
self.private_key.key_size_bits()
}

/// Returns the minimum plaintext buffer size required for `Self::decrypt`.
#[must_use]
pub fn min_output_size(&self) -> usize {
self.key_size_bytes()
}
}

impl Debug for OaepPrivateDecryptingKey {
fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
f.debug_struct("OaepPrivateDecryptingKey")
.field("private_key", &self.private_key)
.finish()
.finish_non_exhaustive()
}
}

Expand Down
12 changes: 12 additions & 0 deletions aws-lc-rs/src/rsa/key.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,18 @@ pub enum KeySize {

#[allow(clippy::len_without_is_empty)]
impl KeySize {
/// Returns the size of the key in bytes.
#[inline]
#[must_use]
pub fn len(self) -> usize {
match self {
Self::Rsa2048 => 256,
Self::Rsa3072 => 384,
Self::Rsa4096 => 512,
Self::Rsa8192 => 1024,
}
}

/// Returns the key size in bits.
#[inline]
pub(super) fn bits(self) -> i32 {
Expand Down
40 changes: 24 additions & 16 deletions aws-lc-rs/tests/rsa_test.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,14 @@ fn rsa_test_public_key_coverage() {
);
}

#[test]
fn keysize_len() {
assert_eq!(KeySize::Rsa2048.len(), 256);
assert_eq!(KeySize::Rsa3072.len(), 384);
assert_eq!(KeySize::Rsa4096.len(), 512);
assert_eq!(KeySize::Rsa8192.len(), 1024);
}

macro_rules! generate_encode_decode {
($name:ident, $size:expr) => {
#[test]
Expand Down Expand Up @@ -477,13 +485,13 @@ macro_rules! round_trip_algorithm {

// fixed message, None (empty label)
{
let mut ciphertext = vec![0u8; public_key.max_ciphertext_size()];
let mut ciphertext = vec![0u8; public_key.ciphertext_size()];

let ciphertext = public_key
.encrypt($alg, MESSAGE, ciphertext.as_mut(), None)
.expect("encrypted");

let mut plaintext = vec![0u8; private_key.key_size_bytes()];
let mut plaintext = vec![0u8; private_key.min_output_size()];

let plaintext = private_key
.decrypt($alg, ciphertext, &mut plaintext, None)
Expand All @@ -494,13 +502,13 @@ macro_rules! round_trip_algorithm {

// fixed message, Some(&[0u8; 0])
{
let mut ciphertext = vec![0u8; public_key.max_ciphertext_size()];
let mut ciphertext = vec![0u8; public_key.ciphertext_size()];

let ciphertext = public_key
.encrypt($alg, MESSAGE, ciphertext.as_mut(), Some(&[0u8; 0]))
.expect("encrypted");

let mut plaintext = vec![0u8; private_key.key_size_bytes()];
let mut plaintext = vec![0u8; private_key.min_output_size()];

let plaintext = private_key
.decrypt($alg, ciphertext, &mut plaintext, Some(&[0u8; 0]))
Expand All @@ -511,15 +519,15 @@ macro_rules! round_trip_algorithm {

// fixed message, Some(label)
{
let mut ciphertext = vec![0u8; public_key.max_ciphertext_size()];
let mut ciphertext = vec![0u8; public_key.ciphertext_size()];

let label: &[u8] = br"Testing Data Label";

let ciphertext = public_key
.encrypt($alg, MESSAGE, ciphertext.as_mut(), Some(label))
.expect("encrypted");

let mut plaintext = vec![0u8; private_key.key_size_bytes()];
let mut plaintext = vec![0u8; private_key.min_output_size()];

let plaintext = private_key
.decrypt($alg, ciphertext, &mut plaintext, Some(label))
Expand All @@ -531,13 +539,13 @@ macro_rules! round_trip_algorithm {
// zero-length message
{
let message: &[u8] = &[1u8; 0];
let mut ciphertext = vec![0u8; public_key.max_ciphertext_size()];
let mut ciphertext = vec![0u8; public_key.ciphertext_size()];

let ciphertext = public_key
.encrypt($alg, message, ciphertext.as_mut(), None)
.expect("encrypted");

let mut plaintext = vec![0u8; private_key.key_size_bytes()];
let mut plaintext = vec![0u8; private_key.min_output_size()];

let plaintext = private_key
.decrypt($alg, ciphertext, &mut plaintext, None)
Expand All @@ -549,13 +557,13 @@ macro_rules! round_trip_algorithm {
// max_plaintext_size message
{
let message = vec![1u8; public_key.max_plaintext_size($alg)];
let mut ciphertext = vec![0u8; public_key.max_ciphertext_size()];
let mut ciphertext = vec![0u8; public_key.ciphertext_size()];

let ciphertext = public_key
.encrypt($alg, &message, ciphertext.as_mut(), None)
.expect("encrypted");

let mut plaintext = vec![0u8; private_key.key_size_bytes()];
let mut plaintext = vec![0u8; private_key.min_output_size()];

let plaintext = private_key
.decrypt($alg, ciphertext, &mut plaintext, None)
Expand All @@ -567,7 +575,7 @@ macro_rules! round_trip_algorithm {
// max_plaintext_size+1 message
{
let message = vec![1u8; public_key.max_plaintext_size($alg) + 1];
let mut ciphertext = vec![0u8; private_key.key_size_bytes()];
let mut ciphertext = vec![0u8; private_key.min_output_size()];

public_key
.encrypt($alg, &message, ciphertext.as_mut(), None)
Expand Down Expand Up @@ -674,14 +682,14 @@ fn encrypting_keypair_debug() {
let private_key = OaepPrivateDecryptingKey::new(private_key).expect("oaep private key");

assert_eq!(
"OaepPrivateDecryptingKey { private_key: PrivateDecryptingKey }",
"OaepPrivateDecryptingKey { .. }",
format!("{:?}", &private_key)
);

let public_key = OaepPublicEncryptingKey::new(public_key).expect("oaep public key");

assert_eq!(
"OaepPublicEncryptingKey { public_key: PublicEncryptingKey }",
"OaepPublicEncryptingKey { .. }",
format!("{:?}", &public_key)
);
}
Expand All @@ -700,7 +708,7 @@ fn clone_then_drop() {
drop(private_key);
drop(public_key);

let mut ciphertext = vec![0u8; oaep_pub_key.max_ciphertext_size()];
let mut ciphertext = vec![0u8; oaep_pub_key.ciphertext_size()];

let ciphertext = oaep_pub_key
.encrypt(&OAEP_SHA256_MGF1SHA256, MESSAGE, ciphertext.as_mut(), None)
Expand Down Expand Up @@ -765,7 +773,7 @@ fn min_encrypt_key() {

let message: &[u8] = br"foo bar baz";

let mut ciphertext = vec![0u8; oaep_parsed_public.max_ciphertext_size()];
let mut ciphertext = vec![0u8; oaep_parsed_public.ciphertext_size()];
let ciphertext = oaep_parsed_public
.encrypt(&OAEP_SHA256_MGF1SHA256, message, &mut ciphertext, None)
.expect("encrypted");
Expand Down Expand Up @@ -802,7 +810,7 @@ fn max_encrypt_key() {

let message: &[u8] = br"foo bar baz";

let mut ciphertext = vec![0u8; oaep_parsed_public.max_ciphertext_size()];
let mut ciphertext = vec![0u8; oaep_parsed_public.ciphertext_size()];
let ciphertext = oaep_parsed_public
.encrypt(&OAEP_SHA256_MGF1SHA256, message, &mut ciphertext, None)
.expect("encrypted");
Expand Down

0 comments on commit 61ad25d

Please sign in to comment.