rustcrypto.rs - mozsearch

Enable keyboard shortcuts

use super::CryptoError;

use aes::cipher::{BlockDecryptMut, BlockEncryptMut, KeyIvInit};

use hmac::Mac;

use p256::elliptic_curve::sec1::FromEncodedPoint;

use rand_core::RngCore;

use sha2::Digest;

use std::convert::TryInto;

pub type Result<T> = std::result::Result<T, CryptoError>;

fn cose_key_to_public(peer: &super::COSEEC2Key) -> Result<p256::PublicKey> {

    // SEC 1 encoded uncompressed point

    let peer = p256::EncodedPoint::from_affine_coordinates(

        peer.x

            .as_slice()

            .try_into()

            .map_err(|_| CryptoError::MalformedInput)?,

        peer.y

            .as_slice()

            .try_into()

            .map_err(|_| CryptoError::MalformedInput)?,

        false,

);

    p256::PublicKey::from_encoded_point(&peer)

        .into_option()

        .ok_or(CryptoError::LibraryFailure)

/// Ephemeral ECDH over P256. Generates an ephemeral P256 key pair. Returns

///  1) the x coordinate of the shared point, and

///  2) the uncompressed SEC 1 encoding of the ephemeral public key.

pub fn ecdhe_p256_raw(peer: &super::COSEEC2Key) -> Result<(Vec<u8>, Vec<u8>)> {

    let peer_public = cose_key_to_public(peer)?;

    let internal_private = p256::ecdh::EphemeralSecret::random(&mut rand_core::OsRng);

    let internal_public = internal_private.public_key().to_sec1_bytes().into_vec();

    let shared_point = internal_private.diffie_hellman(&peer_public);

    Ok((shared_point.raw_secret_bytes().to_vec(), internal_public))

type Aes256CbcEnc = cbc::Encryptor<aes::Aes256>;

type Aes256CbcDec = cbc::Decryptor<aes::Aes256>;

const AES_BLOCK_SIZE: usize = 16;

pub fn encrypt_aes_256_cbc_no_pad(key: &[u8], iv: Option<&[u8]>, data: &[u8]) -> Result<Vec<u8>> {

    let key: [u8; 32] = match key.try_into() {

        Ok(key) => key,

        Err(_) => return Err(CryptoError::LibraryFailure),

};

    let iv = iv.unwrap_or(&[0u8; AES_BLOCK_SIZE]);

    let iv = match iv.try_into() {

        Ok(iv) => iv,

        Err(_) => return Err(CryptoError::LibraryFailure),

};

    // Validate that the data is an exact multiple of the block size since we have no

    // padding available.

    let blocks = data.chunks_exact(AES_BLOCK_SIZE);

    if !blocks.remainder().is_empty() {

        return Err(CryptoError::LibraryFailure);

    let mut encryptor = Aes256CbcEnc::new(&key.into(), iv);

    // Since we now know that `data` is a multiple of `AES_BLOCK_SIZE`, so this will always have the

    // same number of blocks as it.

    let mut ciphertext = vec![0u8; data.len()];

    // XXX: `slice::as_chunks` would be better but it requires an MSRV of 1.88.

    for (input_block, output_block) in blocks

        .into_iter()

        .zip(ciphertext.chunks_exact_mut(AES_BLOCK_SIZE))

        let input: &[u8; AES_BLOCK_SIZE] = input_block.try_into().unwrap();

        let output: &mut [u8; AES_BLOCK_SIZE] = output_block.try_into().unwrap();

        encryptor.encrypt_block_b2b_mut(input.into(), output.into());

        debug_assert_ne!(output, &[0u8; AES_BLOCK_SIZE]);

    Ok(ciphertext)

pub fn decrypt_aes_256_cbc_no_pad(key: &[u8], iv: Option<&[u8]>, data: &[u8]) -> Result<Vec<u8>> {

    let key: [u8; 32] = match key.try_into() {

        Ok(key) => key,

        Err(_) => return Err(CryptoError::LibraryFailure),

};

    let iv = iv.unwrap_or(&[0u8; AES_BLOCK_SIZE]);

    let iv = match iv.try_into() {

        Ok(iv) => iv,

        Err(_) => return Err(CryptoError::LibraryFailure),

};

    // See comments in `encrypt_aes_256_cbc_no_pad` for rationale.

    let blocks = data.chunks_exact(AES_BLOCK_SIZE);

    if !blocks.remainder().is_empty() {

        return Err(CryptoError::LibraryFailure);

    let mut decryptor = Aes256CbcDec::new(&key.into(), iv);

    let mut plaintext = vec![0u8; data.len()];

    for (input_block, output_block) in blocks

        .into_iter()

        .zip(plaintext.chunks_exact_mut(AES_BLOCK_SIZE))

        let input: &[u8; AES_BLOCK_SIZE] = input_block.try_into().unwrap();

        let output: &mut [u8; AES_BLOCK_SIZE] = output_block.try_into().unwrap();

        decryptor.decrypt_block_b2b_mut(input.into(), output.into());

        debug_assert_ne!(output, &[0u8; AES_BLOCK_SIZE]);

    Ok(plaintext)

type HmacSha256 = hmac::Hmac<sha2::Sha256>;

pub fn hmac_sha256(key: &[u8], data: &[u8]) -> Result<Vec<u8>> {

    let mut key = HmacSha256::new_from_slice(key)

        .map_err(|_| CryptoError::Backend(String::from("InvalidLength")))?;

    key.update(data);

    Ok(key.finalize().into_bytes().to_vec())

pub fn sha256(data: &[u8]) -> Result<Vec<u8>> {

    let digest = sha2::Sha256::digest(data);

    Ok(digest.to_vec())

pub fn random_bytes(count: usize) -> Result<Vec<u8>> {

    let mut rng = rand_core::OsRng;

    let mut out = vec![0u8; count];

    rng.try_fill_bytes(out.as_mut_slice())

        .map_err(|_| CryptoError::LibraryFailure)?;

    Ok(out)

#[cfg(test)]

pub fn test_ecdh_p256_raw(

    peer: &super::COSEEC2Key,

    _client_public_x: &[u8],

    _client_public_y: &[u8],

    client_private: &[u8],

) -> Result<Vec<u8>> {

    let peer_public = cose_key_to_public(peer)?;

    let client_private = p256::SecretKey::from_slice(client_private).unwrap();

    let shared_point =

        p256::ecdh::diffie_hellman(client_private.to_nonzero_scalar(), peer_public.as_affine());

    Ok(shared_point.raw_secret_bytes().to_vec())

pub fn gen_p256() -> Result<(Vec<u8>, Vec<u8>)> {

    unimplemented!()

pub fn ecdsa_p256_sha256_sign_raw(_private: &[u8], _data: &[u8]) -> Result<Vec<u8>> {

    unimplemented!()

#[allow(dead_code)]

#[cfg(test)]

pub fn test_ecdsa_p256_sha256_verify_raw(

    _public: &[u8],

    _signature: &[u8],

    _data: &[u8],

) -> Result<()> {

    unimplemented!()