From efc238ea79441563b04cf85a01e9afc411d06cf6 Mon Sep 17 00:00:00 2001 From: Xynnn007 Date: Wed, 11 Dec 2024 10:54:36 +0800 Subject: [PATCH] aa/crypto: change the crypto function parameter order This patch changes the decrypt and encrypt function's parameter order. Now they all follow `key`, `data`, `iv`, `aad`(if any) and `tag` (if any). This is to align with the upper functions. Signed-off-by: Xynnn007 --- .../deps/crypto/src/native/aes256ctr.rs | 8 ++++---- .../deps/crypto/src/native/aes256gcm.rs | 16 ++++++++-------- .../deps/crypto/src/rust/aes256ctr.rs | 14 +++++++------- .../deps/crypto/src/rust/aes256gcm.rs | 16 ++++++++-------- 4 files changed, 27 insertions(+), 27 deletions(-) diff --git a/attestation-agent/deps/crypto/src/native/aes256ctr.rs b/attestation-agent/deps/crypto/src/native/aes256ctr.rs index e3554c89a..2995c7fa9 100644 --- a/attestation-agent/deps/crypto/src/native/aes256ctr.rs +++ b/attestation-agent/deps/crypto/src/native/aes256ctr.rs @@ -8,14 +8,14 @@ use anyhow::*; use openssl::symm::Cipher; -pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result> { let cipher = Cipher::aes_256_ctr(); openssl::symm::decrypt(cipher, key, Some(iv), encrypted_data) .map_err(|e| anyhow!(e.to_string())) } -pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result> { let cipher = Cipher::aes_256_ctr(); let ciphertext = openssl::symm::encrypt(cipher, key, Some(iv), data).map_err(|e| anyhow!(e.to_string()))?; @@ -40,8 +40,8 @@ mod tests { b"16bytes ivlength" )] fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) { - let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed"); - let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed"); + let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed"); + let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed"); assert_eq!(plaintext, plaintext_de); } } diff --git a/attestation-agent/deps/crypto/src/native/aes256gcm.rs b/attestation-agent/deps/crypto/src/native/aes256gcm.rs index 3e1c11a8a..a9ab06610 100644 --- a/attestation-agent/deps/crypto/src/native/aes256gcm.rs +++ b/attestation-agent/deps/crypto/src/native/aes256gcm.rs @@ -11,8 +11,8 @@ use openssl::symm::Cipher; const TAG_LENGTH: usize = 16; pub fn decrypt_with_aad( - encrypted_data: &[u8], key: &[u8], + encrypted_data: &[u8], iv: &[u8], aad: &[u8], tag: &[u8], @@ -23,7 +23,7 @@ pub fn decrypt_with_aad( .map_err(|e| anyhow!("{e:?}")) } -pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result> { let cipher = Cipher::aes_256_gcm(); if encrypted_data.len() < TAG_LENGTH { bail!("Illegal length of ciphertext"); @@ -34,7 +34,7 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> .map_err(|e| anyhow!(e.to_string())) } -pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result> { let cipher = Cipher::aes_256_gcm(); let mut tag = [0u8; TAG_LENGTH]; let mut ciphertext = openssl::symm::encrypt_aead(cipher, key, Some(iv), &[], data, &mut tag) @@ -50,11 +50,11 @@ mod tests { use super::{decrypt, encrypt}; #[rstest] - #[case(b"plaintext1", b"0123456789abcdefghijklmnopqrstuv", b"unique nonce")] - #[case(b"plaintext2", b"hijklmnopqrstuv0123456789abcdefg", b"unique2nonce")] - fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) { - let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed"); - let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed"); + #[case(b"0123456789abcdefghijklmnopqrstuv", b"plaintext1", b"unique nonce")] + #[case(b"hijklmnopqrstuv0123456789abcdefg", b"plaintext2", b"unique2nonce")] + fn en_decrypt(#[case] key: &[u8], #[case] plaintext: &[u8], #[case] iv: &[u8]) { + let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed"); + let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed"); assert_eq!(plaintext, plaintext_de); } } diff --git a/attestation-agent/deps/crypto/src/rust/aes256ctr.rs b/attestation-agent/deps/crypto/src/rust/aes256ctr.rs index f086d5e62..b96a3a289 100644 --- a/attestation-agent/deps/crypto/src/rust/aes256ctr.rs +++ b/attestation-agent/deps/crypto/src/rust/aes256ctr.rs @@ -12,7 +12,7 @@ use ctr::{ Ctr128BE, }; -pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result> { let mut decryptor = Ctr128BE::::new(key.into(), iv.into()); let mut buf = Vec::new(); buf.resize(encrypted_data.len(), b' '); @@ -22,7 +22,7 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> Ok(buf) } -pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result> { let mut encryptor = Ctr128BE::::new(key.into(), iv.into()); let mut ciphertext = data.to_vec(); encryptor.apply_keystream(&mut ciphertext); @@ -36,18 +36,18 @@ mod tests { #[rstest] #[case( - b"plaintext1", b"0123456789abcdefghijklmnopqrstuv", + b"plaintext1", b"16bytes ivlength" )] #[case( - b"plaintext2", b"hijklmnopqrstuv0123456789abcdefg", + b"plaintext2", b"16bytes ivlength" )] - fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) { - let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed"); - let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed"); + fn en_decrypt(#[case] key: &[u8], #[case] plaintext: &[u8], #[case] iv: &[u8]) { + let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed"); + let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed"); assert_eq!(plaintext, plaintext_de); } } diff --git a/attestation-agent/deps/crypto/src/rust/aes256gcm.rs b/attestation-agent/deps/crypto/src/rust/aes256gcm.rs index d8dde91df..8dd6191da 100644 --- a/attestation-agent/deps/crypto/src/rust/aes256gcm.rs +++ b/attestation-agent/deps/crypto/src/rust/aes256gcm.rs @@ -8,8 +8,8 @@ use aes_gcm::{aead::Aead, AeadInPlace, Aes256Gcm, Key, KeyInit, Nonce}; use anyhow::*; pub fn decrypt_with_aad( - encrypted_data: &[u8], key: &[u8], + encrypted_data: &[u8], iv: &[u8], aad: &[u8], tag: &[u8], @@ -25,7 +25,7 @@ pub fn decrypt_with_aad( Ok(plaintext) } -pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn decrypt(key: &[u8], encrypted_data: &[u8], iv: &[u8]) -> Result> { let decrypting_key = Key::::from_slice(key); let cipher = Aes256Gcm::new(decrypting_key); let nonce = Nonce::from_slice(iv); @@ -36,7 +36,7 @@ pub fn decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result> Ok(plain_text) } -pub fn encrypt(data: &[u8], key: &[u8], iv: &[u8]) -> Result> { +pub fn encrypt(key: &[u8], data: &[u8], iv: &[u8]) -> Result> { let encrypting_key = Key::::from_slice(key); let cipher = Aes256Gcm::new(encrypting_key); let nonce = Nonce::from_slice(iv); @@ -54,11 +54,11 @@ mod tests { use super::{decrypt, encrypt}; #[rstest] - #[case(b"plaintext1", b"0123456789abcdefghijklmnopqrstuv", b"unique nonce")] - #[case(b"plaintext2", b"hijklmnopqrstuv0123456789abcdefg", b"unique2nonce")] - fn en_decrypt(#[case] plaintext: &[u8], #[case] key: &[u8], #[case] iv: &[u8]) { - let ciphertext = encrypt(plaintext, key, iv).expect("encryption failed"); - let plaintext_de = decrypt(&ciphertext, key, iv).expect("decryption failed"); + #[case(b"0123456789abcdefghijklmnopqrstuv", b"plaintext1", b"unique nonce")] + #[case(b"hijklmnopqrstuv0123456789abcdefg", b"plaintext2", b"unique2nonce")] + fn en_decrypt(#[case] key: &[u8], #[case] plaintext: &[u8], #[case] iv: &[u8]) { + let ciphertext = encrypt(key, plaintext, iv).expect("encryption failed"); + let plaintext_de = decrypt(key, &ciphertext, iv).expect("decryption failed"); assert_eq!(plaintext, plaintext_de); } }