Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add AEAD open_separate_gather method #242

Merged
merged 1 commit into from
Oct 25, 2023
Merged

feat: add AEAD open_separate_gather method #242

merged 1 commit into from
Oct 25, 2023

Conversation

camshaft
Copy link
Collaborator

@camshaft camshaft commented Oct 12, 2023
edited
Loading

Description of changes:

In #206, we added a method that avoids copying data into a target buffer when performing an AEAD sealing operation.

This PR adds a corresponding method for AEAD opening. It works by decrypting the provided ciphertext into a destination output cleartext slice.

Note that I moved all of the EVP calls to associated methods on the UnboundKey, rather than being spread across the aead module as well as aead::aes_gcm.

Testing:

I've refactored the AEAD tests a bit to test all of the supported permutations of sealer and opener functions, since the current form was getting more complicated. Note that SIV algorithms don't currently support scatter/gather operations.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@camshaft camshaft requested a review from a team as a code owner October 12, 2023 19:28
@skmcgrail skmcgrail self-requested a review October 12, 2023 22:35
justsmth
justsmth reviewed Oct 16, 2023
View reviewed changes
aws-lc-rs/src/aead/aes_gcm.rs Outdated
Comment on lines 96 to 101
#[inline]
#[allow(clippy::needless_pass_by_value)]
pub(crate) fn aead_open_separate_gather(
key: &AeadCtx,
nonce: Nonce,
aad: Aad<&[u8]>,
Copy link
Contributor

@justsmth justsmth Oct 16, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since at this level all we care about is the AAD byte-slice, should the function just take a byte-slice and avoid needing the #[allow(clippy:xxx)]?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah that's fine with me

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've cleaned up the code to be associated methods on UnboundKey, which gets rid of all of the wrapper functions. I've also removed the clippy allows where possible.

aws-lc-rs/src/aead.rs Show resolved Hide resolved
justsmth
justsmth previously approved these changes Oct 17, 2023
View reviewed changes
@skmcgrail
Copy link
Member

Working on rebasing this on latest main

@codecov-commenter
Copy link

codecov-commenter commented Oct 24, 2023
edited
Loading

Codecov Report

Attention: 18 lines in your changes are missing coverage. Please review.

Comparison is base (5175e85) 95.62% compared to head (bca9190) 95.61%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #242      +/-   ##
==========================================
- Coverage   95.62%   95.61%   -0.02%     
==========================================
  Files          49       50       +1     
  Lines        6744     6699      -45     
==========================================
- Hits         6449     6405      -44     
+ Misses        295      294       -1
Files Coverage Δ
aws-lc-rs/src/aead.rs 100.00% <100.00%> (+1.01%) ⬆️
aws-lc-rs/src/aead/rand_nonce.rs 94.11% <100.00%> (+0.36%) ⬆️
aws-lc-rs/src/test.rs 93.05% <0.00%> (-0.30%) ⬇️
aws-lc-rs/src/aead/tls.rs 82.94% <53.84%> (+1.28%) ⬆️
aws-lc-rs/src/aead/unbound_key.rs 97.21% <97.21%> (ø)

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@camshaft @skmcgrail
feat: add AEAD open_separate_gather method
bca9190 
Co-authored-by: Sean McGrail <mcgrails@amazon.com>
@skmcgrail
Copy link
Member

I think I got everything update inline with the spirit of the changes for UnboundKey. There were many conflicts, so I mostly re-did everything instead of trying to reason about the rebase/merge conflicts.

@camshaft
Copy link
Collaborator Author

The changes look good to me! Thanks for the rebase

@justsmth justsmth merged commit af20912 into aws:main Oct 25, 2023
75 of 80 checks passed
@camshaft camshaft deleted the aead-gather branch October 25, 2023 13:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justsmth justsmth justsmth approved these changes

@skmcgrail skmcgrail skmcgrail approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@camshaft @skmcgrail @codecov-commenter @justsmth