Support AES IGE
This is a special snowflake used only by Telegram apparently. Closes #523
This commit is contained in:
Steven Fackler
parent
a1122197f8
commit
d353b36681
|
|
@ -76,6 +76,13 @@ pub enum point_conversion_form_t {
|
|||
POINT_CONVERSION_HYBRID = 6,
|
||||
}
|
||||
|
||||
#[repr(C)]
|
||||
pub struct AES_KEY {
|
||||
// There is some business with AES_LONG which is there to ensure the values here are 32 bits
|
||||
rd_key: [u32; 4 * (AES_MAXNR as usize + 1)],
|
||||
rounds: c_int,
|
||||
}
|
||||
|
||||
#[repr(C)]
|
||||
pub struct GENERAL_NAME {
|
||||
pub type_: c_int,
|
||||
|
|
@ -114,6 +121,12 @@ pub type PasswordCallback = unsafe extern fn(buf: *mut c_char, size: c_int,
|
|||
rwflag: c_int, user_data: *mut c_void)
|
||||
-> c_int;
|
||||
|
||||
pub const AES_ENCRYPT: c_int = 1;
|
||||
pub const AES_DECRYPT: c_int = 0;
|
||||
|
||||
pub const AES_MAXNR: c_int = 14;
|
||||
pub const AES_BLOCK_SIZE: c_int = 16;
|
||||
|
||||
pub const BIO_TYPE_NONE: c_int = 0;
|
||||
|
||||
pub const BIO_CTRL_EOF: c_int = 2;
|
||||
|
|
@ -1368,6 +1381,10 @@ pub fn ERR_GET_REASON(l: c_ulong) -> c_int {
|
|||
}
|
||||
|
||||
extern {
|
||||
pub fn AES_set_encrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int;
|
||||
pub fn AES_set_decrypt_key(userKey: *const c_uchar, bits: c_int, key: *mut AES_KEY) -> c_int;
|
||||
pub fn AES_ige_encrypt(in_: *const c_uchar, out: *mut c_uchar, length: size_t, key: *const AES_KEY, ivec: *mut c_uchar, enc: c_int);
|
||||
|
||||
pub fn ASN1_INTEGER_set(dest: *mut ASN1_INTEGER, value: c_long) -> c_int;
|
||||
pub fn ASN1_GENERALIZEDTIME_free(tm: *mut ASN1_GENERALIZEDTIME);
|
||||
pub fn ASN1_GENERALIZEDTIME_print(b: *mut BIO, tm: *const ASN1_GENERALIZEDTIME) -> c_int;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,115 @@
|
|||
//! Low level AES functionality
|
||||
//!
|
||||
//! The `symm` module should be used in preference to this module in most cases.
|
||||
use ffi;
|
||||
use std::mem;
|
||||
use libc::c_int;
|
||||
|
||||
use symm::Mode;
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct KeyError(());
|
||||
|
||||
pub struct AesKey(ffi::AES_KEY);
|
||||
|
||||
impl AesKey {
|
||||
/// Prepares a key for encryption.
|
||||
///
|
||||
/// # Failure
|
||||
///
|
||||
/// Returns an error if the key is not 128, 192, or 256 bits.
|
||||
pub fn new_encrypt(key: &[u8]) -> Result<AesKey, KeyError> {
|
||||
unsafe {
|
||||
assert!(key.len() <= c_int::max_value() as usize / 8);
|
||||
|
||||
let mut aes_key = mem::uninitialized();
|
||||
let r = ffi::AES_set_encrypt_key(key.as_ptr() as *const _,
|
||||
key.len() as c_int * 8,
|
||||
&mut aes_key);
|
||||
if r == 0 {
|
||||
Ok(AesKey(aes_key))
|
||||
} else {
|
||||
Err(KeyError(()))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// Prepares a key for decryption.
|
||||
///
|
||||
/// # Failure
|
||||
///
|
||||
/// Returns an error if the key is not 128, 192, or 256 bits.
|
||||
pub fn new_decrypt(key: &[u8]) -> Result<AesKey, KeyError> {
|
||||
unsafe {
|
||||
assert!(key.len() <= c_int::max_value() as usize / 8);
|
||||
|
||||
let mut aes_key = mem::uninitialized();
|
||||
let r = ffi::AES_set_decrypt_key(key.as_ptr() as *const _,
|
||||
key.len() as c_int * 8,
|
||||
&mut aes_key);
|
||||
|
||||
if r == 0 {
|
||||
Ok(AesKey(aes_key))
|
||||
} else {
|
||||
Err(KeyError(()))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// Performs AES IGE encryption or decryption
|
||||
///
|
||||
/// # Panics
|
||||
///
|
||||
/// Panics if `in_` is not the same length as `out`, if that length is not a multiple of 16, or if
|
||||
/// `iv` is not at least 32 bytes.
|
||||
pub fn aes_ige(in_: &[u8], out: &mut [u8], key: &AesKey, iv: &mut [u8], mode: Mode) {
|
||||
unsafe {
|
||||
assert!(in_.len() == out.len());
|
||||
assert!(in_.len() % ffi::AES_BLOCK_SIZE as usize == 0);
|
||||
assert!(iv.len() >= ffi::AES_BLOCK_SIZE as usize * 2);
|
||||
|
||||
let mode = match mode {
|
||||
Mode::Encrypt => ffi::AES_ENCRYPT,
|
||||
Mode::Decrypt => ffi::AES_DECRYPT,
|
||||
};
|
||||
ffi::AES_ige_encrypt(in_.as_ptr() as *const _,
|
||||
out.as_mut_ptr() as *mut _,
|
||||
in_.len(),
|
||||
&key.0,
|
||||
iv.as_mut_ptr() as *mut _,
|
||||
mode);
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod test {
|
||||
use hex::FromHex;
|
||||
|
||||
use symm::Mode;
|
||||
use super::*;
|
||||
|
||||
// From https://www.mgp25.com/AESIGE/
|
||||
#[test]
|
||||
fn ige_vector_1() {
|
||||
let raw_key = "000102030405060708090A0B0C0D0E0F";
|
||||
let raw_iv = "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F";
|
||||
let raw_pt = "0000000000000000000000000000000000000000000000000000000000000000";
|
||||
let raw_ct = "1A8519A6557BE652E9DA8E43DA4EF4453CF456B4CA488AA383C79C98B34797CB";
|
||||
|
||||
let key = AesKey::new_encrypt(&Vec::from_hex(raw_key).unwrap()).unwrap();
|
||||
let mut iv = Vec::from_hex(raw_iv).unwrap();
|
||||
let pt = Vec::from_hex(raw_pt).unwrap();
|
||||
let ct = Vec::from_hex(raw_ct).unwrap();
|
||||
|
||||
let mut ct_actual = vec![0; ct.len()];
|
||||
aes_ige(&pt, &mut ct_actual, &key, &mut iv, Mode::Encrypt);
|
||||
assert_eq!(ct_actual, ct);
|
||||
|
||||
let key = AesKey::new_decrypt(&Vec::from_hex(raw_key).unwrap()).unwrap();
|
||||
let mut iv = Vec::from_hex(raw_iv).unwrap();
|
||||
let mut pt_actual = vec![0; pt.len()];
|
||||
aes_ige(&ct, &mut pt_actual, &key, &mut iv, Mode::Decrypt);
|
||||
assert_eq!(pt_actual, pt);
|
||||
}
|
||||
}
|
||||
|
|
@ -24,6 +24,7 @@ mod macros;
|
|||
|
||||
mod bio;
|
||||
mod util;
|
||||
pub mod aes;
|
||||
pub mod asn1;
|
||||
pub mod bn;
|
||||
pub mod crypto;
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ fn main() {
|
|||
.header("openssl/rand.h")
|
||||
.header("openssl/pkcs12.h")
|
||||
.header("openssl/bn.h")
|
||||
.header("openssl/aes.h")
|
||||
.header("openssl/ocsp.h");
|
||||
cfg.type_name(|s, is_struct| {
|
||||
// Add some `*` on some callback parameters to get function pointer to
|
||||
|
|
|
|||
Loading…
Reference in New Issue