You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by ms...@apache.org on 2020/06/05 17:35:32 UTC
[incubator-teaclave] branch master updated: [cli] Add flag to
output CMAC (#339)
This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/master by this push:
new 18a8641 [cli] Add flag to output CMAC (#339)
18a8641 is described below
commit 18a864169605fdb697ce1befc72da280c8957e77
Author: Qinkun Bao <qi...@gmail.com>
AuthorDate: Fri Jun 5 13:35:25 2020 -0400
[cli] Add flag to output CMAC (#339)
---
cli/src/main.rs | 54 +++++++++++++++++++++++++++++++++++++++++-------------
crypto/src/lib.rs | 45 ++++++++++++++++++++++++++++++---------------
2 files changed, 71 insertions(+), 28 deletions(-)
diff --git a/cli/src/main.rs b/cli/src/main.rs
index c0068a1..ff94e41 100644
--- a/cli/src/main.rs
+++ b/cli/src/main.rs
@@ -23,6 +23,8 @@ use structopt::StructOpt;
use teaclave_crypto::{AesGcm128Key, AesGcm256Key, TeaclaveFile128Key};
+const FILE_AUTH_TAG_LENGTH: usize = 16;
+type CMac = [u8; FILE_AUTH_TAG_LENGTH];
type KeyVec = Vec<u8>; // Need define a type to use parse derive macro
fn decode_hex(src: &str) -> Result<Vec<u8>, hex::FromHexError> {
@@ -51,6 +53,10 @@ struct EncryptDecryptOpt {
/// Path of output file
#[structopt(short, long = "output-file")]
output_file: PathBuf,
+
+ /// Whether to print cmac
+ #[structopt(short, long)]
+ cmac_flag: bool,
}
#[derive(Debug, StructOpt)]
@@ -71,69 +77,91 @@ struct Opt {
command: Command,
}
-fn decrypt(opt: EncryptDecryptOpt) -> Result<()> {
+fn decrypt(opt: EncryptDecryptOpt) -> Result<CMac> {
let key = opt.key;
+ let mut cmac: CMac = [0u8; FILE_AUTH_TAG_LENGTH];
match opt.algorithm.as_str() {
AesGcm128Key::SCHEMA => {
let iv = opt.iv.expect("IV is required.");
let key = AesGcm128Key::new(&key, &iv)?;
let mut content = fs::read(opt.input_file)?;
- key.decrypt(&mut content)?;
+ let res = key.decrypt(&mut content)?;
+ cmac.copy_from_slice(&res);
fs::write(opt.output_file, content)?;
}
AesGcm256Key::SCHEMA => {
let iv = opt.iv.expect("IV is required.");
let key = AesGcm256Key::new(&key, &iv)?;
let mut content = fs::read(opt.input_file)?;
- key.decrypt(&mut content)?;
+ let res = key.decrypt(&mut content)?;
+ cmac.copy_from_slice(&res);
fs::write(opt.output_file, content)?;
}
TeaclaveFile128Key::SCHEMA => {
let key = TeaclaveFile128Key::new(&key)?;
let mut content = vec![];
- key.decrypt(opt.input_file, &mut content)?;
+ let res = key.decrypt(opt.input_file, &mut content)?;
+ cmac.copy_from_slice(&res);
fs::write(opt.output_file, content)?;
}
_ => bail!("Invalid crypto algorithm"),
}
- Ok(())
+ Ok(cmac)
}
-fn encrypt(opt: EncryptDecryptOpt) -> Result<()> {
+fn encrypt(opt: EncryptDecryptOpt) -> Result<CMac> {
let key = opt.key;
+ let mut cmac: CMac = [0u8; FILE_AUTH_TAG_LENGTH];
match opt.algorithm.as_str() {
AesGcm128Key::SCHEMA => {
let iv = opt.iv.expect("IV is required.");
let key = AesGcm128Key::new(&key, &iv)?;
let mut content = fs::read(opt.input_file)?;
- key.encrypt(&mut content)?;
+ let res = key.encrypt(&mut content)?;
+ cmac.copy_from_slice(&res);
fs::write(opt.output_file, content)?;
}
AesGcm256Key::SCHEMA => {
let iv = opt.iv.expect("IV is required.");
let key = AesGcm256Key::new(&key, &iv)?;
let mut content = fs::read(opt.input_file)?;
- key.encrypt(&mut content)?;
+ let res = key.encrypt(&mut content)?;
+ cmac.copy_from_slice(&res);
fs::write(opt.output_file, content)?;
}
TeaclaveFile128Key::SCHEMA => {
let key = TeaclaveFile128Key::new(&key)?;
let content = fs::read(opt.input_file)?;
- key.encrypt(opt.output_file, &content)?;
+ let res = key.encrypt(opt.output_file, &content)?;
+ cmac.copy_from_slice(&res);
}
_ => bail!("Invalid crypto algorithm"),
}
- Ok(())
+ Ok(cmac)
}
fn main() -> Result<()> {
let args = Opt::from_args();
match args.command {
- Command::Decrypt(opt) => decrypt(opt)?,
- Command::Encrypt(opt) => encrypt(opt)?,
- }
+ Command::Decrypt(opt) => {
+ let flag = opt.cmac_flag;
+ let cmac = decrypt(opt)?;
+ if flag {
+ let cmac_string = hex::encode(cmac);
+ println!("{}", cmac_string);
+ }
+ }
+ Command::Encrypt(opt) => {
+ let flag = opt.cmac_flag;
+ let cmac = encrypt(opt)?;
+ if flag {
+ let cmac_string = hex::encode(cmac);
+ println!("{}", cmac_string);
+ }
+ }
+ };
Ok(())
}
diff --git a/crypto/src/lib.rs b/crypto/src/lib.rs
index bef86b9..a3ecc53 100644
--- a/crypto/src/lib.rs
+++ b/crypto/src/lib.rs
@@ -36,6 +36,8 @@ const AES_GCM_128_IV_LENGTH: usize = 12;
const AES_GCM_256_KEY_LENGTH: usize = 32;
const AES_GCM_256_IV_LENGTH: usize = 12;
const TEACLAVE_FILE_128_ROOT_KEY_LENGTH: usize = 16;
+const CMAC_LENGTH: usize = 16;
+type CMac = [u8; CMAC_LENGTH];
#[derive(Copy, Clone, Debug, Serialize, Deserialize, PartialEq)]
pub struct AesGcm256Key {
@@ -75,15 +77,21 @@ impl AesGcm256Key {
Self::default()
}
- pub fn decrypt(&self, in_out: &mut Vec<u8>) -> Result<()> {
+ pub fn decrypt(&self, in_out: &mut Vec<u8>) -> Result<CMac> {
let plaintext_len = aead_decrypt(&aead::AES_256_GCM, in_out, &self.key, &self.iv)?.len();
+ let mut cmac: CMac = [0u8; CMAC_LENGTH];
+ cmac.copy_from_slice(&in_out[plaintext_len..]);
in_out.truncate(plaintext_len);
-
- Ok(())
+ Ok(cmac)
}
- pub fn encrypt(&self, in_out: &mut Vec<u8>) -> Result<()> {
- aead_encrypt(&aead::AES_256_GCM, in_out, &self.key, &self.iv)
+ pub fn encrypt(&self, in_out: &mut Vec<u8>) -> Result<CMac> {
+ aead_encrypt(&aead::AES_256_GCM, in_out, &self.key, &self.iv)?;
+ let mut cmac: CMac = [0u8; CMAC_LENGTH];
+ let n = in_out.len();
+ let cybertext_len = n - CMAC_LENGTH;
+ cmac.copy_from_slice(&in_out[cybertext_len..]);
+ Ok(cmac)
}
}
@@ -139,15 +147,21 @@ impl AesGcm128Key {
Self::default()
}
- pub fn decrypt(&self, in_out: &mut Vec<u8>) -> Result<()> {
+ pub fn decrypt(&self, in_out: &mut Vec<u8>) -> Result<CMac> {
let plaintext_len = aead_decrypt(&aead::AES_128_GCM, in_out, &self.key, &self.iv)?.len();
+ let mut cmac: CMac = [0u8; CMAC_LENGTH];
+ cmac.copy_from_slice(&in_out[plaintext_len..]);
in_out.truncate(plaintext_len);
-
- Ok(())
+ Ok(cmac)
}
- pub fn encrypt(&self, in_out: &mut Vec<u8>) -> Result<()> {
- aead_encrypt(&aead::AES_128_GCM, in_out, &self.key, &self.iv)
+ pub fn encrypt(&self, in_out: &mut Vec<u8>) -> Result<CMac> {
+ aead_encrypt(&aead::AES_128_GCM, in_out, &self.key, &self.iv)?;
+ let mut cmac: CMac = [0u8; CMAC_LENGTH];
+ let n = in_out.len();
+ let cybertext_len = n - CMAC_LENGTH;
+ cmac.copy_from_slice(&in_out[cybertext_len..]);
+ Ok(cmac)
}
}
@@ -183,22 +197,23 @@ impl TeaclaveFile128Key {
);
let mut key = [0u8; TEACLAVE_FILE_128_ROOT_KEY_LENGTH];
key.copy_from_slice(in_key);
-
Ok(TeaclaveFile128Key { key })
}
- pub fn decrypt<P: AsRef<Path>>(&self, path: P, out: &mut Vec<u8>) -> Result<()> {
+ pub fn decrypt<P: AsRef<Path>>(&self, path: P, out: &mut Vec<u8>) -> Result<CMac> {
use std::io::Read;
let mut file = ProtectedFile::open_ex(path.as_ref(), &self.key)?;
file.read_to_end(out)?;
- Ok(())
+ let cmac = file.current_meta_gmac()?;
+ Ok(cmac)
}
- pub fn encrypt<P: AsRef<Path>>(&self, path: P, content: &[u8]) -> Result<()> {
+ pub fn encrypt<P: AsRef<Path>>(&self, path: P, content: &[u8]) -> Result<CMac> {
use std::io::Write;
let mut file = ProtectedFile::create_ex(path.as_ref(), &self.key)?;
file.write_all(content)?;
- Ok(())
+ let cmac = file.current_meta_gmac()?;
+ Ok(cmac)
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org