diff --git a/attestation-agent/deps/crypto/src/native/aes256ctr.rs b/attestation-agent/deps/crypto/src/native/aes256ctr.rs index e3554c89a..2995c7fa9 100644 --- a/attestation-agent/deps/crypto/src/native/aes256ctr.rs +++ b/attestation-agent/deps/crypto/src/native/aes256ctr.rs @@ -8,14 +8,14 @@ use anyhow::*; use openssl::symm::Cipher; -pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result> { let cipher = Cipher::aes_256_ctr(); openssl::symm::decrypt(cipher, key, Some(iv), encrypted_data) .map_err(|e| anyhow!(e.to_string())) } -pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result> { let cipher = Cipher::aes_256_ctr(); let ciphertext = openssl::symm::encrypt(cipher, key, Some(iv), data).map_err(|e| anyhow!(e.to_string()))?; @@ -40,8 +40,8 @@ mod tests { b"16bytes ivlength" )] fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) { - let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed"); - let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed"); + let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed"); + let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed"); assert_eq!(plaintext, plaintext_de); } } diff --git a/attestation-agent/deps/crypto/src/native/aes256gcm.rs b/attestation-agent/deps/crypto/src/native/aes256gcm.rs index 3e1c11a8a..a9ab06610 100644 --- a/attestation-agent/deps/crypto/src/native/aes256gcm.rs +++ b/attestation-agent/deps/crypto/src/native/aes256gcm.rs @@ -11,8 +11,8 @@ use openssl::symm::Cipher; const TAG_LENGTH: usize = 16; pub fn decrypt_with_aad( - encrypted_data: &[u8], key: &[u8], + encrypted_data: &[u8], iv: &[u8], aad: &[u8], tag: &[u8], @@ -23,7 +23,7 @@ pub fn decrypt_with_aad( .map_err(|e| anyhow!("{e:?}")) } -pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result> { let cipher = Cipher::aes_256_gcm(); if encrypted_data.len() < TAG_LENGTH { bail!("Illegal length of ciphertext"); @@ -34,7 +34,7 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> .map_err(|e| anyhow!(e.to_string())) } -pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result> { let cipher = Cipher::aes_256_gcm(); let mut tag = [0u8; TAG_LENGTH]; let mut ciphertext = openssl::symm::encrypt_aead(cipher, key, Some(iv), &[], data, &mut tag) @@ -50,11 +50,11 @@ mod tests { use super::{decrypt, encrypt}; #[rstest] - #[case(b"plaintext1", b"0123456789abcdefghijklmnopqrstuv", b"unique nonce")] - #[case(b"plaintext2", b"hijklmnopqrstuv0123456789abcdefg", b"unique2nonce")] - fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) { - let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed"); - let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed"); + #[case(b"0123456789abcdefghijklmnopqrstuv", b"plaintext1", b"unique nonce")] + #[case(b"hijklmnopqrstuv0123456789abcdefg", b"plaintext2", b"unique2nonce")] + fn en_decrypt(#[case] key: &[u8], #[case] plaintext: &[u8], #[case] iv: &[u8]) { + let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed"); + let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed"); assert_eq!(plaintext, plaintext_de); } } diff --git a/attestation-agent/deps/crypto/src/rust/aes256ctr.rs b/attestation-agent/deps/crypto/src/rust/aes256ctr.rs index f086d5e62..b96a3a289 100644 --- a/attestation-agent/deps/crypto/src/rust/aes256ctr.rs +++ b/attestation-agent/deps/crypto/src/rust/aes256ctr.rs @@ -12,7 +12,7 @@ use ctr::{ Ctr128BE, }; -pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result> { let mut decryptor = Ctr128BE::::new(key.into(), iv.into()); let mut buf = Vec::new(); buf.resize(encrypted_data.len(), b' '); @@ -22,7 +22,7 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> Ok(buf) } -pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result> { let mut encryptor = Ctr128BE::::new(key.into(), iv.into()); let mut ciphertext = data.to_vec(); encryptor.apply_keystream(&mut ciphertext); @@ -36,18 +36,18 @@ mod tests { #[rstest] #[case( - b"plaintext1", b"0123456789abcdefghijklmnopqrstuv", + b"plaintext1", b"16bytes ivlength" )] #[case( - b"plaintext2", b"hijklmnopqrstuv0123456789abcdefg", + b"plaintext2", b"16bytes ivlength" )] - fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) { - let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed"); - let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed"); + fn en_decrypt(#[case] key: &[u8], #[case] plaintext: &[u8], #[case] iv: &[u8]) { + let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed"); + let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed"); assert_eq!(plaintext, plaintext_de); } } diff --git a/attestation-agent/deps/crypto/src/rust/aes256gcm.rs b/attestation-agent/deps/crypto/src/rust/aes256gcm.rs index d8dde91df..8dd6191da 100644 --- a/attestation-agent/deps/crypto/src/rust/aes256gcm.rs +++ b/attestation-agent/deps/crypto/src/rust/aes256gcm.rs @@ -8,8 +8,8 @@ use aes_gcm::{aead::Aead, AeadInPlace, Aes256Gcm, Key, KeyInit, Nonce}; use anyhow::*; pub fn decrypt_with_aad( - encrypted_data: &[u8], key: &[u8], + encrypted_data: &[u8], iv: &[u8], aad: &[u8], tag: &[u8], @@ -25,7 +25,7 @@ pub fn decrypt_with_aad( Ok(plaintext) } -pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result> { let decrypting_key = Key::::from_slice(key); let cipher = Aes256Gcm::new(decrypting_key); let nonce = Nonce::from_slice(iv); @@ -36,7 +36,7 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> Ok(plain_text) } -pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result> { let encrypting_key = Key::::from_slice(key); let cipher = Aes256Gcm::new(encrypting_key); let nonce = Nonce::from_slice(iv); @@ -54,11 +54,11 @@ mod tests { use super::{decrypt, encrypt}; #[rstest] - #[case(b"plaintext1", b"0123456789abcdefghijklmnopqrstuv", b"unique nonce")] - #[case(b"plaintext2", b"hijklmnopqrstuv0123456789abcdefg", b"unique2nonce")] - fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) { - let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed"); - let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed"); + #[case(b"0123456789abcdefghijklmnopqrstuv", b"plaintext1", b"unique nonce")] + #[case(b"hijklmnopqrstuv0123456789abcdefg", b"plaintext2", b"unique2nonce")] + fn en_decrypt(#[case] key: &[u8], #[case] plaintext: &[u8], #[case] iv: &[u8]) { + let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed"); + let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed"); assert_eq!(plaintext, plaintext_de); } } diff --git a/attestation-agent/deps/crypto/src/symmetric.rs b/attestation-agent/deps/crypto/src/symmetric.rs index 0f7f1c5e2..3e0e474cc 100644 --- a/attestation-agent/deps/crypto/src/symmetric.rs +++ b/attestation-agent/deps/crypto/src/symmetric.rs @@ -43,8 +43,8 @@ pub fn decrypt( wrap_type: WrapType, ) -> Result> { match wrap_type { - WrapType::Aes256Gcm => aes256gcm::decrypt(&ciphertext, &key, &iv), - WrapType::Aes256Ctr => aes256ctr::decrypt(&ciphertext, &key, &iv), + WrapType::Aes256Gcm => aes256gcm::decrypt(&key, &ciphertext, &iv), + WrapType::Aes256Ctr => aes256ctr::decrypt(&key, &ciphertext, &iv), } } @@ -56,7 +56,7 @@ pub fn aes256gcm_decrypt( aad: Vec, tag: Vec, ) -> Result> { - aes256gcm::decrypt_with_aad(&ciphertext, &key, &iv, &aad, &tag) + aes256gcm::decrypt_with_aad(&key, &ciphertext, &iv, &aad, &tag) } /// Encrypt the given `plaintext`. @@ -70,7 +70,7 @@ pub fn encrypt( wrap_type: WrapType, ) -> Result> { match wrap_type { - WrapType::Aes256Gcm => aes256gcm::encrypt(&plaintext, &key, &iv), - WrapType::Aes256Ctr => aes256ctr::encrypt(&plaintext, &key, &iv), + WrapType::Aes256Gcm => aes256gcm::encrypt(&key, &plaintext, &iv), + WrapType::Aes256Ctr => aes256ctr::encrypt(&key, &plaintext, &iv), } }