Replace crates related to the 256-CBC and 128-CTR mode to other crates

SeungMin Lee · sgkim126 · commit fc5b5dd02f79 · 2020-02-07T09:16:53.000+09:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -15,6 +15,10 @@ sha3 = "0.8.2"
 ripemd160 = "0.8.0"
 digest = "0.8"
 blake2 = "0.8.1"
+block-modes = "0.3.3"
+aes = "0.3.2"
+ctr = "0.3.2"
+hex = "0.4.0"
 
 [dev-dependencies]
 rand = "0.6.1"
diff --git a/src/aes.rs b/src/aes.rs
@@ -14,68 +14,45 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
+use aes::{Aes128, Aes256};
+use block_modes::block_padding::Pkcs7;
+use block_modes::InvalidKeyIvLength;
+use block_modes::{BlockMode, Cbc};
+use ctr;
+use ctr::stream_cipher::generic_array::GenericArray;
+use ctr::stream_cipher::{NewStreamCipher, SyncStreamCipher, SyncStreamCipherSeek};
 use primitives::H256;
-use rcrypto::aes::KeySize::KeySize256;
-use rcrypto::aes::{cbc_decryptor, cbc_encryptor};
-use rcrypto::aessafe::AesSafe128Encryptor;
-use rcrypto::blockmodes::{CtrMode, PkcsPadding};
-use rcrypto::buffer::{BufferResult, ReadBuffer, RefReadBuffer, RefWriteBuffer, WriteBuffer};
-pub use rcrypto::symmetriccipher::SymmetricCipherError;
-use rcrypto::symmetriccipher::{Decryptor, Encryptor};
 
 use super::error::SymmError;
 
-fn is_underflow(result: BufferResult) -> bool {
-    match result {
-        BufferResult::BufferUnderflow => true,
-        BufferResult::BufferOverflow => false,
-    }
-}
-
-// AES-256/CBC/Pkcs encryption.
-pub fn encrypt(data: &[u8], key: &H256, iv: &u128) -> Result<Vec<u8>, SymmetricCipherError> {
-    let mut encryptor = cbc_encryptor(KeySize256, key, &iv.to_be_bytes(), PkcsPadding);
-
-    let mut final_result = Vec::<u8>::new();
-    let mut read_buffer = RefReadBuffer::new(data);
-    let mut buffer = [0; 4096];
-    let mut write_buffer = RefWriteBuffer::new(&mut buffer);
 
+type Aes256Cbc = Cbc<Aes256, Pkcs7>;
+type Aes128Ctr = ctr::Ctr128<Aes128>;
 
-    let mut finish = false;
-    while !finish {
-        finish = is_underflow(encryptor.encrypt(&mut read_buffer, &mut write_buffer, true)?);
-        final_result.extend(write_buffer.take_read_buffer().take_remaining().iter().cloned());
-    }
+// AES-256/CBC/Pkcs encryption.
+pub fn encrypt(data: &[u8], key: &H256, iv: &u128) -> Result<Vec<u8>, InvalidKeyIvLength> {
+    let cipher = Aes256Cbc::new_var(&key, &iv.to_be_bytes())?;
+    let result = cipher.encrypt_vec(data);
 
-    Ok(final_result)
+    Ok(result)
 }
 
 // AES-256/CBC/Pkcs decryption.
-pub fn decrypt(encrypted_data: &[u8], key: &H256, iv: &u128) -> Result<Vec<u8>, SymmetricCipherError> {
-    let mut decryptor = cbc_decryptor(KeySize256, key, &iv.to_be_bytes(), PkcsPadding);
-
-    let mut final_result = Vec::<u8>::new();
-    let mut read_buffer = RefReadBuffer::new(encrypted_data);
-    let mut buffer = [0; 4096];
-    let mut write_buffer = RefWriteBuffer::new(&mut buffer);
-
-    let mut finish = false;
-    while !finish {
-        finish = is_underflow(decryptor.decrypt(&mut read_buffer, &mut write_buffer, true)?);
-        final_result.extend(write_buffer.take_read_buffer().take_remaining().iter().cloned());
-    }
+pub fn decrypt(encrypted_data: &[u8], key: &H256, iv: &u128) -> Result<Vec<u8>, InvalidKeyIvLength> {
+    let cipher = Aes256Cbc::new_var(&key, &iv.to_be_bytes())?;
+    let result = cipher.decrypt_vec(&encrypted_data.to_vec()).unwrap();
 
-    Ok(final_result)
+    Ok(result)
 }
 
 /// Encrypt a message (CTR mode).
 ///
 /// Key (`k`) length and initialisation vector (`iv`) length have to be 16 bytes each.
 /// An error is returned if the input lengths are invalid.
 pub fn encrypt_128_ctr(k: &[u8], iv: &[u8], plain: &[u8], dest: &mut [u8]) -> Result<(), SymmError> {
-    let mut encryptor = CtrMode::new(AesSafe128Encryptor::new(k), iv.to_vec());
-    encryptor.encrypt(&mut RefReadBuffer::new(plain), &mut RefWriteBuffer::new(dest), true)?;
+    let mut cipher = Aes128Ctr::new(&GenericArray::from_slice(k), &GenericArray::from_slice(iv));
+    dest.copy_from_slice(plain);
+    cipher.apply_keystream(dest);
     Ok(())
 }
 
@@ -84,8 +61,10 @@ pub fn encrypt_128_ctr(k: &[u8], iv: &[u8], plain: &[u8], dest: &mut [u8]) -> Re
 /// Key (`k`) length and initialisation vector (`iv`) length have to be 16 bytes each.
 /// An error is returned if the input lengths are invalid.
 pub fn decrypt_128_ctr(k: &[u8], iv: &[u8], encrypted: &[u8], dest: &mut [u8]) -> Result<(), SymmError> {
-    let mut encryptor = CtrMode::new(AesSafe128Encryptor::new(k), iv.to_vec());
-    encryptor.decrypt(&mut RefReadBuffer::new(encrypted), &mut RefWriteBuffer::new(dest), true)?;
+    let mut cipher = Aes128Ctr::new(&GenericArray::from_slice(k), &GenericArray::from_slice(iv));
+    dest.copy_from_slice(encrypted);
+    cipher.seek(0);
+    cipher.apply_keystream(dest);
     Ok(())
 }
 
@@ -146,4 +125,32 @@ mod tests {
         let decrypted = decrypt(&encrypted, &key, &iv).unwrap();
         assert_eq!(input, decrypted);
     }
+
+    #[test]
+    fn aes_256_cbc_encrypt_decrypt() {
+        let message = [1, 2, 3, 4, 5, 6, 7, 8];
+        let key = H256([0; 32]);
+        let iv = 0;
+
+        let encrypted_data = encrypt(&message, &key, &iv).ok().unwrap();
+        assert_eq!(encrypted_data, [45, 34, 87, 122, 38, 50, 190, 242, 253, 245, 138, 7, 196, 24, 58, 91]);
+
+        let decrypted_data = decrypt(&encrypted_data[..], &key, &iv).ok().unwrap();
+        assert_eq!(message, &decrypted_data[..]);
+    }
+
+    #[test]
+    fn aes_128_ctr_encrypt_decrypt() {
+        let plaintext = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9];
+        let key = [1; 16];
+        let iv = [1; 16];
+        let mut dest = [0; 10];
+
+        let _ = encrypt_128_ctr(&key, &iv, &plaintext, &mut dest);
+        assert_eq!(dest, [94, 118, 231, 156, 139, 128, 146, 51, 129, 171]);
+
+        let ciphertext = dest;
+        let _ = decrypt_128_ctr(&key, &iv, &ciphertext, &mut dest);
+        assert_eq!(plaintext, dest);
+    }
 }
diff --git a/src/error.rs b/src/error.rs
@@ -47,13 +47,12 @@ quick_error! {
 
 #[allow(deprecated)]
 mod errors {
-    use rcrypto;
     use ring;
 
     quick_error! {
         #[derive(Debug)]
         pub enum SymmError wraps PrivSymmErr {
-            RustCrypto(e: rcrypto::symmetriccipher::SymmetricCipherError) {
+            RustCrypto(e: block_modes::InvalidKeyIvLength) {
                 display("symmetric crypto error")
                     from()
             }
@@ -74,8 +73,8 @@ mod errors {
         }
     }
 
-    impl From<rcrypto::symmetriccipher::SymmetricCipherError> for SymmError {
-        fn from(e: rcrypto::symmetriccipher::SymmetricCipherError) -> SymmError {
+    impl From<block_modes::InvalidKeyIvLength> for SymmError {
+        fn from(e: block_modes::InvalidKeyIvLength) -> SymmError {
             SymmError(PrivSymmErr::RustCrypto(e))
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -47,13 +47,12 @@ quick_error! {`
`47`	`47`
`48`	`48`	`#[allow(deprecated)]`
`49`	`49`	`mod errors {`
`50`		`- use rcrypto;`
`51`	`50`	`use ring;`
`52`	`51`
`53`	`52`	`quick_error! {`
`54`	`53`	`#[derive(Debug)]`
`55`	`54`	`pub enum SymmError wraps PrivSymmErr {`
`56`		`- RustCrypto(e: rcrypto::symmetriccipher::SymmetricCipherError) {`
	`55`	`+ RustCrypto(e: block_modes::InvalidKeyIvLength) {`
`57`	`56`	`display("symmetric crypto error")`
`58`	`57`	`from()`
`59`	`58`	`}`
`@@ -74,8 +73,8 @@ mod errors {`
`74`	`73`	`}`
`75`	`74`	`}`
`76`	`75`
`77`		`- impl From<rcrypto::symmetriccipher::SymmetricCipherError> for SymmError {`
`78`		`- fn from(e: rcrypto::symmetriccipher::SymmetricCipherError) -> SymmError {`
	`76`	`+ impl From<block_modes::InvalidKeyIvLength> for SymmError {`
	`77`	`+ fn from(e: block_modes::InvalidKeyIvLength) -> SymmError {`
`79`	`78`	`SymmError(PrivSymmErr::RustCrypto(e))`
`80`	`79`	`}`
`81`	`80`	`}`