Skip to content

Commit

Permalink
Support AES-GCM-SIV on BoringSSL (#12294)
Browse files Browse the repository at this point in the history
  • Loading branch information
@alex
alex authored Jan 19, 2025
1 parent 9343b49 commit 2fe2b5a
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 1 deletion.
6 changes: 6 additions & 0 deletions src/rust/cryptography-openssl/src/aead.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ use foreign_types_shared::{ForeignType, ForeignTypeRef};

pub enum AeadType {
ChaCha20Poly1305,
Aes128GcmSiv,
Aes256GcmSiv,
}

foreign_types::foreign_type! {
Expand All @@ -27,6 +29,10 @@ impl AeadCtx {
let aead = match aead {
// SAFETY: No preconditions.
AeadType::ChaCha20Poly1305 => unsafe { ffi::EVP_aead_chacha20_poly1305() },
// SAFETY: No preconditions.
AeadType::Aes128GcmSiv => unsafe { ffi::EVP_aead_aes_128_gcm_siv() },
// SAFETY: No preconditions.
AeadType::Aes256GcmSiv => unsafe { ffi::EVP_aead_aes_256_gcm_siv() },
};

// SAFETY: We're passing a valid key and aead.
Expand Down
20 changes: 19 additions & 1 deletion src/rust/src/backend/aead.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1051,6 +1051,9 @@ impl AesOcb3 {
name = "AESGCMSIV"
)]
struct AesGcmSiv {
#[cfg(CRYPTOGRAPHY_IS_BORINGSSL)]
ctx: EvpAead,
#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))]
ctx: EvpCipherAead,
}

Expand All @@ -1072,7 +1075,22 @@ impl AesGcmSiv {
};

cfg_if::cfg_if! {
if #[cfg(not(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER))] {
if #[cfg(CRYPTOGRAPHY_IS_BORINGSSL)] {
let _ = cipher_name;
let aead_type = match key.as_bytes().len() {
16 => cryptography_openssl::aead::AeadType::Aes128GcmSiv,
32 => cryptography_openssl::aead::AeadType::Aes256GcmSiv,
_ => return Err(CryptographyError::from(
exceptions::UnsupportedAlgorithm::new_err((
"Only 128-bit and 256-bit keys are supported for AES-GCM-SIV with BoringSSL",
exceptions::Reasons::UNSUPPORTED_CIPHER,
)),
))
};
Ok(AesGcmSiv {
ctx: EvpAead::new(aead_type, key.as_bytes(), 16)?,
})
} else if #[cfg(not(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER))] {
let _ = cipher_name;
Err(CryptographyError::from(
exceptions::UnsupportedAlgorithm::new_err((
Expand Down
17 changes: 17 additions & 0 deletions tests/hazmat/primitives/test_aead.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import pytest

from cryptography.exceptions import InvalidTag, UnsupportedAlgorithm, _Reasons
from cryptography.hazmat.bindings._rust import openssl as rust_openssl
from cryptography.hazmat.primitives.ciphers.aead import (
AESCCM,
AESGCM,
Expand Down Expand Up @@ -919,6 +920,12 @@ def test_vectors(self, backend, subtests):
ct = binascii.unhexlify(vector["ciphertext"])
tag = binascii.unhexlify(vector["tag"])
pt = binascii.unhexlify(vector.get("plaintext", b""))

# BoringSSL only supports AES-GCM-SIV with 128- and 256-bit
# keys
if len(key) == 24 and rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL:
continue

aesgcmsiv = AESGCMSIV(key)
computed_ct = aesgcmsiv.encrypt(nonce, pt, aad)
assert computed_ct[:-16] == ct
Expand All @@ -941,6 +948,12 @@ def test_vectors_invalid(self, backend, subtests):
nonce = binascii.unhexlify(vector["iv"])
aad = binascii.unhexlify(vector.get("aad", b""))
ct = binascii.unhexlify(vector["ciphertext"])

# BoringSSL only supports AES-GCM-SIV with 128- and 256-bit
# keys
if len(key) == 24 and rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL:
continue

aesgcmsiv = AESGCMSIV(key)
with pytest.raises(InvalidTag):
badkey = AESGCMSIV(AESGCMSIV.generate_key(256))
Expand Down Expand Up @@ -974,6 +987,10 @@ def test_bad_key(self, backend):
with pytest.raises(ValueError):
AESGCMSIV(b"0" * 31)

if rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL:
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
AESGCMSIV(b"0" * 24)

def test_bad_generate_key(self, backend):
with pytest.raises(TypeError):
AESGCMSIV.generate_key(object()) # type:ignore[arg-type]
Expand Down

0 comments on commit 2fe2b5a

Please sign in to comment.