Skip to content

Commit

Permalink
Use nonce as IV for Aes256Cbc mechanism
Browse files Browse the repository at this point in the history
  • Loading branch information
robin-nitrokey committed Mar 1, 2024
1 parent 6492aba commit 22bd804
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 6 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Change store implementations to use littlefs2’s `DynFilesystem` trait instead
of being generic over the storage implementation.
- Add `nonce` argument to `wrap_key` and `unwrap_key` syscalls.
- Use nonce as IV for Aes256Cbc mechanism.

### Fixed

Expand Down
12 changes: 10 additions & 2 deletions src/client/mechanisms.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,24 @@ pub trait Aes256Cbc: CryptoClient {
&'c mut self,
key: KeyId,
message: &[u8],
iv: &[u8],
) -> ClientResult<'c, reply::Decrypt, Self> {
self.decrypt(Mechanism::Aes256Cbc, key, message, &[], &[], &[])
self.decrypt(Mechanism::Aes256Cbc, key, message, &[], iv, &[])
}

fn wrap_key_aes256cbc(
&mut self,
wrapping_key: KeyId,
key: KeyId,
iv: Option<&[u8; 16]>,
) -> ClientResult<'_, reply::WrapKey, Self> {
self.wrap_key(Mechanism::Aes256Cbc, wrapping_key, key, &[], None)
self.wrap_key(
Mechanism::Aes256Cbc,
wrapping_key,
key,
&[],
iv.and_then(|iv| ShortData::from_slice(iv).ok()),
)
}
}

Expand Down
23 changes: 19 additions & 4 deletions src/mechanisms/aes256cbc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,15 @@ impl Encrypt for super::Aes256Cbc {
.try_into()
.map_err(|_| Error::InternalError)?;

let zero_iv = [0u8; 16];
let cipher = Aes256CbcEnc::new_from_slices(&symmetric_key, &zero_iv).unwrap();
let iv = if let Some(nonce) = &request.nonce {
nonce
.as_slice()
.try_into()
.map_err(|_| Error::MechanismParamInvalid)?
} else {
[0u8; 16]
};
let cipher = Aes256CbcEnc::new_from_slices(&symmetric_key, &iv).unwrap();

// buffer must have enough space for message+padding
let mut buffer = request.message.clone();
Expand Down Expand Up @@ -117,8 +124,16 @@ impl Decrypt for super::Aes256Cbc {
.try_into()
.map_err(|_| Error::InternalError)?;

let zero_iv = [0u8; 16];
let cipher = Aes256CbcDec::new_from_slices(&symmetric_key, &zero_iv).unwrap();
let iv = if request.nonce.is_empty() {
[0u8; 16]
} else {
request
.nonce
.as_slice()
.try_into()
.map_err(|_| Error::MechanismParamInvalid)?
};
let cipher = Aes256CbcDec::new_from_slices(&symmetric_key, &iv).unwrap();

// buffer must have enough space for message+padding
let mut buffer = request.message.clone();
Expand Down

0 comments on commit 22bd804

Please sign in to comment.