Skip to content

Cipher traits #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
FerralCoder merged 11 commits into from
Oct 15, 2025
Merged

Cipher traits #69

FerralCoder merged 11 commits into from
Oct 15, 2025
+1,944 −15

Conversation

@rusty1968
Copy link
Collaborator

@rusty1968 rusty1968 commented Oct 14, 2025

Add Symmetric Cipher Support to OpenPRoT HAL

Summary

Introduces symmetric cipher capabilities with HAL traits and RustCrypto reference implementation.

Changes

HAL Cipher Traits

  • Core cipher traits: SymmetricCipher, CipherInit, CipherOp, CipherStatus
  • AEAD support: AeadCipherOp for authenticated encryption
  • Utilities: BlockAligned container, cipher mode markers
  • Zero-copy serialization via zerocopy, comprehensive error handling

RustCrypto reference Implementation

  • AES-256-CTR using RustCrypto (aes v0.8.4, ctr v0.9.2)
  • Single-use contexts, NIST test vectors, no_std compatible
  • Reference implementation for future hardware integrations

@rusty1968
feat(hal): Add symmetric cipher traits
aa29b33 
Add cipher traits for the OpenPRoT blocking HAL:
- SymmetricCipher: Type definitions for keys, nonces, plaintext, ciphertext
- CipherInit: Initialize cipher contexts with keys and modes
- CipherOp: Encrypt/decrypt operations with error handling
- CipherStatus: Hardware status monitoring (ready, idle, output available)
- CipherMode markers: BlockCipherMode, AeadCipherMode, StreamCipherMode
- SecureCipherOp: State cleanup and zeroization
- BlockAligned: Container for block-aligned data
- AeadCipherOp: Authenticated encryption with associated data

Features:
- Zero-copy serialization via zerocopy crate
- Error mapping with ErrorKind enum
- Support for software and hardware implementations

Provides foundation for cipher implementations across OpenPRoT.
@rusty1968
feat(platform): Add RustCrypto AES-CTR cipher implementation
04c7646 
Add AES-256-CTR cipher implementation using RustCrypto as reference
implementation of the HAL cipher traits.

Implementation:
- AES-256-CTR using aes v0.8.4 and ctr v0.9.2 crates
- Single-use contexts for security
- Test suite with NIST test vectors
- no_std compatibility for embedded systems
- Zero-copy operations

Dependencies:
- aes = "0.8.4" (AES block cipher)
- ctr = "0.9.2" (CTR mode)
- cipher = "0.4.4" (Cipher traits)
- generic-array = "0.14.7" (Fixed arrays)

Serves as both functional cipher and reference for implementing
HAL cipher traits with other libraries or hardware accelerators.
@rusty1968
docs(hal): Fix Vec<u8> references in cipher documentation
2c42c69 
Replace Vec<u8> suggestions with no_std alternatives like [u8; N]
and custom containers. Removes heap allocation references from
embedded systems documentation.
@rusty1968
docs(hal): Fix broken intra-doc links
d4abb39 
Replace problematic intra-doc links with code formatting
to resolve rustdoc warnings in digest and i2c_device modules.
@rusty1968
refactor: remove unused buffer module from rustcrypto platform
1be6bff 
The buffer module provided FixedPlainText and FixedCipherText wrapper types
but was not used by the current AES-CTR cipher implementation, which uses
simple [u8; 256] arrays directly. Removing it simplifies the crate and
follows YAGNI principles.

- Remove buffer module declaration from lib.rs
- Remove buffer type re-exports (BufferError, FixedCipherText, etc.)
- Delete unused buffer.rs file

All cipher tests continue to pass with this simplification.
@rusty1968
fix: allow unwrap() in cipher test code for cleaner assertions
f3196e9 
Add #[allow(clippy::unwrap_used)] attribute to the cipher test module to
permit unwrap() calls in test code while maintaining strict safety in
production code.

This follows Rust best practices where:
- Production code remains panic-free (no unwrap/expect/panic)
- Test code can use unwrap() for fail-fast behavior and cleaner assertions
- Tests are meant to panic immediately when assumptions are violated

All clippy warnings about unwrap usage are now resolved while preserving
test readability and maintaining security guidelines for production code.
@rusty1968
security: eliminate unsafe array indexing in cipher HAL
0451018 
Replace all direct array indexing with safe .get() and .get_mut() methods
in the BlockAligned container implementation to prevent potential panics
and meet strict security requirements.

**Production code fixes:**
- from_slice_padded(): Use get_mut(i) instead of blocks[i]
- push_block(): Use get_mut(block_count) instead of blocks[block_count]
- get_block(): Use get(index) instead of &blocks[index]

**Test code fixes:**
- Replace blocks[0] and blocks[1] with safe .get() calls
- Replace third_block[0] with safe .get() access

**Security improvements:**
- Zero panic risk: All array access now bounds-checked
- Proper error handling: Failed access returns errors instead of panicking
- Compliance: Follows security guidelines forbidding direct indexing

All tests pass and clippy indexing warnings are eliminated while
maintaining full functionality and performance.
@rusty1968
docs: fix unclosed HTML tags in rustdoc comments
9be8593 
Add backticks around type references to prevent rustdoc from interpreting
them as HTML tags:
- `Option<u8>` instead of Option<u8>
- `Option<enum>` instead of Option<enum>

This eliminates the rustdoc warnings:
- warning: unclosed HTML tag `u8`
- warning: unclosed HTML tag `enum`

The type references are now properly formatted as code in the generated
documentation.
@rusty1968
fix: resolve clippy warnings in cipher HAL
d55b0a5 
Address clippy warnings for safer and more idiomatic code:

**get_first warnings:**
- Replace `.get(0)` with `.first()` for accessing first array elements
- More expressive and idiomatic Rust code

**arithmetic_side_effects warnings:**
- Replace `+=` with `.saturating_add()` for safe increment
- Replace `*` with `.saturating_mul()` for safe multiplication
- Prevents potential overflow in arithmetic operations

**Security improvements:**
- Arithmetic operations now cannot overflow/panic
- Follows security guidelines for overflow-safe operations
- All tests continue to pass with improved safety

These changes align with the project's strict safety requirements while
maintaining full functionality and performance.
@rusty1968
fix: allow unwrap() in RustCrypto cipher test code
642cb8b 
Add #[allow(clippy::unwrap_used)] attribute to the RustCrypto cipher test
module to permit unwrap() calls in test code while maintaining strict
safety in production code.

This matches the pattern established in the HAL cipher tests where:
- Production code remains panic-free (no unwrap/expect/panic)
- Test code can use unwrap() for fail-fast behavior and cleaner assertions
- Tests are meant to panic immediately when assumptions are violated

Resolves clippy warnings about unwrap usage in the comprehensive AES-CTR
test suite while preserving test readability and maintaining security
guidelines for production code.
@rusty1968
style: fix comment formatting in RustCrypto cipher tests
c248898 
Apply cargo fmt formatting to correct comment spacing from double space
to single space after // in the clippy allow attribute:

- `#[allow(clippy::unwrap_used)]  // Allow unwrap...`
+ `#[allow(clippy::unwrap_used)] // Allow unwrap...`

This ensures consistent formatting according to Rust style guidelines
and passes `cargo fmt --check` validation.
@FerralCoder FerralCoder merged commit c53eddb into OpenPRoT:main Oct 15, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FerralCoder FerralCoder FerralCoder approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rusty1968 @FerralCoder