Skip to content

Commit

Permalink
aa/crypto: change the crypto function parameter order
Browse files Browse the repository at this point in the history
This patch changes the decrypt and encrypt function's parameter order.
Now they all follow `key`, `data`, `iv`, `aad`(if any) and `tag` (if
any). This is to align with the upper functions.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
  • Loading branch information
Xynnn007 committed Dec 12, 2024
1 parent a739c05 commit 4547427
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 32 deletions.
8 changes: 4 additions & 4 deletions attestation-agent/deps/crypto/src/native/aes256ctr.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,14 @@
use anyhow::*;
use openssl::symm::Cipher;

pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let cipher = Cipher::aes_256_ctr();

openssl::symm::decrypt(cipher, key, Some(iv), encrypted_data)
.map_err(|e| anyhow!(e.to_string()))
}

pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let cipher = Cipher::aes_256_ctr();
let ciphertext =
openssl::symm::encrypt(cipher, key, Some(iv), data).map_err(|e| anyhow!(e.to_string()))?;
Expand All @@ -40,8 +40,8 @@ mod tests {
b"16bytes ivlength"
)]
fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) {
let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed");
let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed");
let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed");
let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed");
assert_eq!(plaintext, plaintext_de);
}
}
16 changes: 8 additions & 8 deletions attestation-agent/deps/crypto/src/native/aes256gcm.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ use openssl::symm::Cipher;
const TAG_LENGTH: usize = 16;

pub fn decrypt_with_aad(
encrypted_data: &[u8],
key: &[u8],
encrypted_data: &[u8],
iv: &[u8],
aad: &[u8],
tag: &[u8],
Expand All @@ -23,7 +23,7 @@ pub fn decrypt_with_aad(
.map_err(|e| anyhow!("{e:?}"))
}

pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let cipher = Cipher::aes_256_gcm();
if encrypted_data.len() < TAG_LENGTH {
bail!("Illegal length of ciphertext");
Expand All @@ -34,7 +34,7 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>>
.map_err(|e| anyhow!(e.to_string()))
}

pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let cipher = Cipher::aes_256_gcm();
let mut tag = [0u8; TAG_LENGTH];
let mut ciphertext = openssl::symm::encrypt_aead(cipher, key, Some(iv), &[], data, &mut tag)
Expand All @@ -50,11 +50,11 @@ mod tests {
use super::{decrypt, encrypt};

#[rstest]
#[case(b"plaintext1", b"0123456789abcdefghijklmnopqrstuv", b"unique nonce")]
#[case(b"plaintext2", b"hijklmnopqrstuv0123456789abcdefg", b"unique2nonce")]
fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) {
let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed");
let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed");
#[case(b"0123456789abcdefghijklmnopqrstuv", b"plaintext1", b"unique nonce")]
#[case(b"hijklmnopqrstuv0123456789abcdefg", b"plaintext2", b"unique2nonce")]
fn en_decrypt(#[case] key: &[u8], #[case] plaintext: &[u8], #[case] iv: &[u8]) {
let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed");
let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed");
assert_eq!(plaintext, plaintext_de);
}
}
14 changes: 7 additions & 7 deletions attestation-agent/deps/crypto/src/rust/aes256ctr.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use ctr::{
Ctr128BE,
};

pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let mut decryptor = Ctr128BE::<Aes256>::new(key.into(), iv.into());
let mut buf = Vec::new();
buf.resize(encrypted_data.len(), b' ');
Expand All @@ -22,7 +22,7 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>>
Ok(buf)
}

pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let mut encryptor = Ctr128BE::<Aes256>::new(key.into(), iv.into());
let mut ciphertext = data.to_vec();
encryptor.apply_keystream(&mut ciphertext);
Expand All @@ -36,18 +36,18 @@ mod tests {

#[rstest]
#[case(
b"plaintext1",
b"0123456789abcdefghijklmnopqrstuv",
b"plaintext1",
b"16bytes ivlength"
)]
#[case(
b"plaintext2",
b"hijklmnopqrstuv0123456789abcdefg",
b"plaintext2",
b"16bytes ivlength"
)]
fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) {
let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed");
let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed");
fn en_decrypt(#[case] key: &[u8], #[case] plaintext: &[u8], #[case] iv: &[u8]) {
let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed");
let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed");
assert_eq!(plaintext, plaintext_de);
}
}
16 changes: 8 additions & 8 deletions attestation-agent/deps/crypto/src/rust/aes256gcm.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ use aes_gcm::{aead::Aead, AeadInPlace, Aes256Gcm, Key, KeyInit, Nonce};
use anyhow::*;

pub fn decrypt_with_aad(
encrypted_data: &[u8],
key: &[u8],
encrypted_data: &[u8],
iv: &[u8],
aad: &[u8],
tag: &[u8],
Expand All @@ -25,7 +25,7 @@ pub fn decrypt_with_aad(
Ok(plaintext)
}

pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let decrypting_key = Key::<Aes256Gcm>::from_slice(key);
let cipher = Aes256Gcm::new(decrypting_key);
let nonce = Nonce::from_slice(iv);
Expand All @@ -36,7 +36,7 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>>
Ok(plain_text)
}

pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result<Vec<u8>> {
let encrypting_key = Key::<Aes256Gcm>::from_slice(key);
let cipher = Aes256Gcm::new(encrypting_key);
let nonce = Nonce::from_slice(iv);
Expand All @@ -54,11 +54,11 @@ mod tests {
use super::{decrypt, encrypt};

#[rstest]
#[case(b"plaintext1", b"0123456789abcdefghijklmnopqrstuv", b"unique nonce")]
#[case(b"plaintext2", b"hijklmnopqrstuv0123456789abcdefg", b"unique2nonce")]
fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) {
let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed");
let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed");
#[case(b"0123456789abcdefghijklmnopqrstuv", b"plaintext1", b"unique nonce")]
#[case(b"hijklmnopqrstuv0123456789abcdefg", b"plaintext2", b"unique2nonce")]
fn en_decrypt(#[case] key: &[u8], #[case] plaintext: &[u8], #[case] iv: &[u8]) {
let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed");
let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed");
assert_eq!(plaintext, plaintext_de);
}
}
10 changes: 5 additions & 5 deletions attestation-agent/deps/crypto/src/symmetric.rs
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ pub fn decrypt(
wrap_type: WrapType,
) -> Result<Vec<u8>> {
match wrap_type {
WrapType::Aes256Gcm => aes256gcm::decrypt(&ciphertext, &key, &iv),
WrapType::Aes256Ctr => aes256ctr::decrypt(&ciphertext, &key, &iv),
WrapType::Aes256Gcm => aes256gcm::decrypt(&key, &ciphertext, &iv),
WrapType::Aes256Ctr => aes256ctr::decrypt(&key, &ciphertext, &iv),
}
}

Expand All @@ -56,7 +56,7 @@ pub fn aes256gcm_decrypt(
aad: Vec<u8>,
tag: Vec<u8>,
) -> Result<Vec<u8>> {
aes256gcm::decrypt_with_aad(&ciphertext, &key, &iv, &aad, &tag)
aes256gcm::decrypt_with_aad(&key, &ciphertext, &iv, &aad, &tag)
}

/// Encrypt the given `plaintext`.
Expand All @@ -70,7 +70,7 @@ pub fn encrypt(
wrap_type: WrapType,
) -> Result<Vec<u8>> {
match wrap_type {
WrapType::Aes256Gcm => aes256gcm::encrypt(&plaintext, &key, &iv),
WrapType::Aes256Ctr => aes256ctr::encrypt(&plaintext, &key, &iv),
WrapType::Aes256Gcm => aes256gcm::encrypt(&key, &plaintext, &iv),
WrapType::Aes256Ctr => aes256ctr::encrypt(&key, &plaintext, &iv),
}
}

0 comments on commit 4547427

Please sign in to comment.