From 6df14964c19b09ef64cae81241cc2b9d748f252f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Thu, 10 Feb 2022 19:52:54 +0300 Subject: [PATCH 1/3] update cipher v0.4 crates --- Cargo.lock | 73 ++++++++++++--------- pkcs5/Cargo.toml | 8 +-- pkcs5/src/pbes2/encryption.rs | 116 ++++++++++++++-------------------- 3 files changed, 94 insertions(+), 103 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f5261f236..ff1f3a35b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,14 +4,13 @@ version = 3 [[package]] name = "aes" -version = "0.7.5" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e8b47f52ea9bae42228d07ec09eb676433d7c4ed1ebdf0f1d1c29ed446f1ab8" +checksum = "0f6c3373fb58bb23c6ed0f191f915f0e9459c6929fc430c0d74b8237c521953a" dependencies = [ "cfg-if", - "cipher", + "cipher 0.4.0", "cpufeatures", - "opaque-debug", ] [[package]] @@ -80,21 +79,14 @@ dependencies = [ ] [[package]] -name = "block-modes" -version = "0.8.1" +name = "block-padding" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2cb03d1bed155d89dce0f845b7899b18a9a163e148fd004e1c28421a783e2d8e" +checksum = "5808df4b2412175c4db3afb115c83d8d0cd26ca4f30a042026cddef8580e526a" dependencies = [ - "block-padding", - "cipher", + "generic-array", ] -[[package]] -name = "block-padding" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d696c370c750c948ada61c69a0ee2cbbb9c50b1019ddb86d9317157a99c2cae" - [[package]] name = "bstr" version = "0.2.17" @@ -128,6 +120,15 @@ dependencies = [ "rustc_version", ] +[[package]] +name = "cbc" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "531051805c8ee7ea043a698cf0682318e76d8189c0445d4da2b9abb512024b98" +dependencies = [ + "cipher 0.4.0", +] + [[package]] name = "cfg-if" version = "1.0.0" @@ -143,6 +144,16 @@ dependencies = [ "generic-array", ] +[[package]] +name = "cipher" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4f3e8c9be82c31c331bc9db0fd70a1068f8a288d980b2414dcaa25ab17ac1e0" +dependencies = [ + "crypto-common", + "inout", +] + [[package]] name = "clap" version = "2.34.0" @@ -252,9 +263,9 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "683d6b536309245c849479fba3da410962a43ed8e51c26b729208ec0ac2798d0" +checksum = "a4600d695eb3f6ce1cd44e6e291adceb2cc3ab12f20a33777ecd0bf6eba34e06" dependencies = [ "generic-array", ] @@ -305,13 +316,11 @@ dependencies = [ [[package]] name = "des" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac41dd49fb554432020d52c875fc290e110113f864c6b1b525cd62c7e7747a5d" +checksum = "d961b09f113791a8b11d677b9ccfdf2a8f79c2bd49e8ab8ef9fdfadcae683528" dependencies = [ - "byteorder", - "cipher", - "opaque-debug", + "cipher 0.4.0", ] [[package]] @@ -398,6 +407,16 @@ dependencies = [ "digest", ] +[[package]] +name = "inout" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e1f03d4ab4d5dc9ec2d219f86c15d2a15fc08239d1cd3b2d6a19717c0a2f443" +dependencies = [ + "block-padding", + "generic-array", +] + [[package]] name = "instant" version = "0.1.12" @@ -507,12 +526,6 @@ version = "11.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" -[[package]] -name = "opaque-debug" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" - [[package]] name = "pbkdf2" version = "0.10.0" @@ -555,7 +568,7 @@ name = "pkcs5" version = "0.5.0-pre" dependencies = [ "aes", - "block-modes", + "cbc", "der", "des", "hex-literal", @@ -833,7 +846,7 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c0fbb5f676da676c260ba276a8f43a8dc67cf02d1438423aeb1c677a7212686" dependencies = [ - "cipher", + "cipher 0.3.0", ] [[package]] diff --git a/pkcs5/Cargo.toml b/pkcs5/Cargo.toml index 0ac6b341b..4de0e5e60 100644 --- a/pkcs5/Cargo.toml +++ b/pkcs5/Cargo.toml @@ -19,14 +19,14 @@ der = { version = "=0.6.0-pre.1", features = ["oid"], path = "../der" } spki = { version = "=0.6.0-pre.0", path = "../spki" } # optional dependencies -aes = { version = "0.7", optional = true } -block-modes = { version = "0.8", optional = true, default-features = false } +cbc = { version = "0.1", optional = true } +aes = { version = "0.8", optional = true, default-features = false } +des = { version = "0.8", optional = true, default-features = false } hmac = { version = "0.12", optional = true, default-features = false } pbkdf2 = { version = "0.10", optional = true, default-features = false } scrypt = { version = "0.8", optional = true, default-features = false } sha-1 = { version = "0.10", optional = true, default-features = false } sha2 = { version = "0.10", optional = true, default-features = false } -des = { version = "0.7", optional = true, default-features = false } [dev-dependencies] hex-literal = "0.3" @@ -35,7 +35,7 @@ hex-literal = "0.3" alloc = [] 3des = ["pbes2", "des"] des-insecure = ["pbes2", "des"] -pbes2 = ["aes", "block-modes", "hmac", "pbkdf2", "scrypt", "sha2"] +pbes2 = ["aes", "cbc", "hmac", "pbkdf2", "scrypt", "sha2"] sha1 = ["pbes2", "sha-1"] [package.metadata.docs.rs] diff --git a/pkcs5/src/pbes2/encryption.rs b/pkcs5/src/pbes2/encryption.rs index cff64fe89..0175e9eee 100644 --- a/pkcs5/src/pbes2/encryption.rs +++ b/pkcs5/src/pbes2/encryption.rs @@ -2,7 +2,9 @@ use super::{EncryptionScheme, Kdf, Parameters, Pbkdf2Params, Pbkdf2Prf, ScryptParams}; use crate::{Error, Result}; -use block_modes::{block_padding::Pkcs7, BlockMode, Cbc}; +use cbc::cipher::{ + block_padding::Pkcs7, BlockCipher, BlockDecryptMut, BlockEncryptMut, KeyInit, KeyIvInit, +}; use hmac::{ digest::{ block_buffer::Eager, @@ -15,22 +17,44 @@ use hmac::{ use pbkdf2::pbkdf2; use scrypt::scrypt; -type Aes128Cbc = Cbc; -type Aes192Cbc = Cbc; -type Aes256Cbc = Cbc; - -#[cfg(feature = "des-insecure")] -type DesCbc = Cbc; -#[cfg(feature = "3des")] -type DesEde3Cbc = Cbc; - /// Maximum size of a derived encryption key const MAX_KEY_LEN: usize = 32; +fn cbc_encrypt<'a, C>( + es: EncryptionScheme<'_>, + key: EncryptionKey, + iv: &[u8], + buffer: &'a mut [u8], + pos: usize, +) -> Result<&'a [u8]> +where + C: BlockEncryptMut + BlockCipher + KeyInit, +{ + cbc::Encryptor::::new_from_slices(key.as_slice(), iv) + .map_err(|_| es.to_alg_params_invalid())? + .encrypt_padded_mut::(buffer, pos) + .map_err(|_| Error::EncryptFailed) +} + +fn cbc_decrypt<'a, C>( + es: EncryptionScheme<'_>, + key: EncryptionKey, + iv: &[u8], + buffer: &'a mut [u8], +) -> Result<&'a [u8]> +where + C: BlockDecryptMut + BlockCipher + KeyInit, +{ + cbc::Decryptor::::new_from_slices(key.as_slice(), iv) + .map_err(|_| es.to_alg_params_invalid())? + .decrypt_padded_mut::(buffer) + .map_err(|_| Error::EncryptFailed) +} + pub fn encrypt_in_place<'b>( params: &Parameters<'_>, password: impl AsRef<[u8]>, - buffer: &'b mut [u8], + buf: &'b mut [u8], pos: usize, ) -> Result<&'b [u8]> { let es = params.encryption; @@ -38,39 +62,14 @@ pub fn encrypt_in_place<'b>( if key_size > MAX_KEY_LEN { return Err(es.to_alg_params_invalid()); } - let encryption_key = - EncryptionKey::derive_from_password(password.as_ref(), ¶ms.kdf, key_size)?; + let key = EncryptionKey::derive_from_password(password.as_ref(), ¶ms.kdf, key_size)?; match es { - EncryptionScheme::Aes128Cbc { iv } => { - let cipher = Aes128Cbc::new_from_slices(encryption_key.as_slice(), iv) - .map_err(|_| es.to_alg_params_invalid())?; - cipher - .encrypt(buffer, pos) - .map_err(|_| Error::EncryptFailed) - } - EncryptionScheme::Aes192Cbc { iv } => { - let cipher = Aes192Cbc::new_from_slices(encryption_key.as_slice(), iv) - .map_err(|_| es.to_alg_params_invalid())?; - cipher - .encrypt(buffer, pos) - .map_err(|_| Error::EncryptFailed) - } - EncryptionScheme::Aes256Cbc { iv } => { - let cipher = Aes256Cbc::new_from_slices(encryption_key.as_slice(), iv) - .map_err(|_| es.to_alg_params_invalid())?; - cipher - .encrypt(buffer, pos) - .map_err(|_| Error::EncryptFailed) - } + EncryptionScheme::Aes128Cbc { iv } => cbc_encrypt::(es, key, iv, buf, pos), + EncryptionScheme::Aes192Cbc { iv } => cbc_encrypt::(es, key, iv, buf, pos), + EncryptionScheme::Aes256Cbc { iv } => cbc_encrypt::(es, key, iv, buf, pos), #[cfg(feature = "3des")] - EncryptionScheme::DesEde3Cbc { iv } => { - let cipher = DesEde3Cbc::new_from_slices(encryption_key.as_slice(), iv) - .map_err(|_| es.to_alg_params_invalid())?; - cipher - .encrypt(buffer, pos) - .map_err(|_| Error::EncryptFailed) - } + EncryptionScheme::DesEde3Cbc { iv } => cbc_encrypt::(es, key, iv, buf, pos), #[cfg(feature = "des-insecure")] EncryptionScheme::DesCbc { .. } => Err(Error::UnsupportedAlgorithm { oid: super::DES_CBC_OID, @@ -82,40 +81,19 @@ pub fn encrypt_in_place<'b>( pub fn decrypt_in_place<'a>( params: &Parameters<'_>, password: impl AsRef<[u8]>, - buffer: &'a mut [u8], + buf: &'a mut [u8], ) -> Result<&'a [u8]> { let es = params.encryption; - let encryption_key = - EncryptionKey::derive_from_password(password.as_ref(), ¶ms.kdf, es.key_size())?; + let key = EncryptionKey::derive_from_password(password.as_ref(), ¶ms.kdf, es.key_size())?; match es { - EncryptionScheme::Aes128Cbc { iv } => { - let cipher = Aes128Cbc::new_from_slices(encryption_key.as_slice(), iv) - .map_err(|_| es.to_alg_params_invalid())?; - cipher.decrypt(buffer).map_err(|_| Error::DecryptFailed) - } - EncryptionScheme::Aes192Cbc { iv } => { - let cipher = Aes192Cbc::new_from_slices(encryption_key.as_slice(), iv) - .map_err(|_| es.to_alg_params_invalid())?; - cipher.decrypt(buffer).map_err(|_| Error::DecryptFailed) - } - EncryptionScheme::Aes256Cbc { iv } => { - let cipher = Aes256Cbc::new_from_slices(encryption_key.as_slice(), iv) - .map_err(|_| es.to_alg_params_invalid())?; - cipher.decrypt(buffer).map_err(|_| Error::DecryptFailed) - } + EncryptionScheme::Aes128Cbc { iv } => cbc_decrypt::(es, key, iv, buf), + EncryptionScheme::Aes192Cbc { iv } => cbc_decrypt::(es, key, iv, buf), + EncryptionScheme::Aes256Cbc { iv } => cbc_decrypt::(es, key, iv, buf), #[cfg(feature = "3des")] - EncryptionScheme::DesEde3Cbc { iv } => { - let cipher = DesEde3Cbc::new_from_slices(encryption_key.as_slice(), iv) - .map_err(|_| es.to_alg_params_invalid())?; - cipher.decrypt(buffer).map_err(|_| Error::DecryptFailed) - } + EncryptionScheme::DesEde3Cbc { iv } => cbc_decrypt::(es, key, iv, buf), #[cfg(feature = "des-insecure")] - EncryptionScheme::DesCbc { iv } => { - let cipher = DesCbc::new_from_slices(encryption_key.as_slice(), iv) - .map_err(|_| es.to_alg_params_invalid())?; - cipher.decrypt(buffer).map_err(|_| Error::DecryptFailed) - } + EncryptionScheme::DesCbc { iv } => cbc_decrypt::(es, key, iv, buf), } } From c271b4a114eebda2301c6dda74ebce465667707d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Thu, 10 Feb 2022 19:55:49 +0300 Subject: [PATCH 2/3] update Cargo.lock --- Cargo.lock | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ff1f3a35b..9f9b07d71 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -26,9 +26,9 @@ dependencies = [ [[package]] name = "autocfg" -version = "1.0.1" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "base16ct" @@ -71,9 +71,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "block-buffer" -version = "0.10.1" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03588e54c62ae6d763e2a80090d50353b785795361b4ff5b3bf0a5097fc31c0b" +checksum = "0bf7fe51849ea569fd452f37822f606a5cabb684dc918707a0193fd4664ff324" dependencies = [ "generic-array", ] @@ -325,13 +325,12 @@ dependencies = [ [[package]] name = "digest" -version = "0.10.1" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b697d66081d42af4fba142d56918a3cb21dc8eb63372c6b85d14f44fb9c5979b" +checksum = "8cb780dce4f9a8f5c087362b3a4595936b2019e7c8b30f2c3e9a7e94e6ae9837" dependencies = [ "block-buffer", "crypto-common", - "generic-array", "subtle", ] From 1ee1e090ad1be5252e13e62ab8d50840298f6f99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Thu, 10 Feb 2022 21:06:11 +0300 Subject: [PATCH 3/3] remove where clauses from cbc functions --- pkcs5/src/pbes2/encryption.rs | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/pkcs5/src/pbes2/encryption.rs b/pkcs5/src/pbes2/encryption.rs index 0175e9eee..272366081 100644 --- a/pkcs5/src/pbes2/encryption.rs +++ b/pkcs5/src/pbes2/encryption.rs @@ -20,31 +20,25 @@ use scrypt::scrypt; /// Maximum size of a derived encryption key const MAX_KEY_LEN: usize = 32; -fn cbc_encrypt<'a, C>( +fn cbc_encrypt<'a, C: BlockEncryptMut + BlockCipher + KeyInit>( es: EncryptionScheme<'_>, key: EncryptionKey, iv: &[u8], buffer: &'a mut [u8], pos: usize, -) -> Result<&'a [u8]> -where - C: BlockEncryptMut + BlockCipher + KeyInit, -{ +) -> Result<&'a [u8]> { cbc::Encryptor::::new_from_slices(key.as_slice(), iv) .map_err(|_| es.to_alg_params_invalid())? .encrypt_padded_mut::(buffer, pos) .map_err(|_| Error::EncryptFailed) } -fn cbc_decrypt<'a, C>( +fn cbc_decrypt<'a, C: BlockDecryptMut + BlockCipher + KeyInit>( es: EncryptionScheme<'_>, key: EncryptionKey, iv: &[u8], buffer: &'a mut [u8], -) -> Result<&'a [u8]> -where - C: BlockDecryptMut + BlockCipher + KeyInit, -{ +) -> Result<&'a [u8]> { cbc::Decryptor::::new_from_slices(key.as_slice(), iv) .map_err(|_| es.to_alg_params_invalid())? .decrypt_padded_mut::(buffer)