finish inout migration

Author: baloo

aes-gcm-siv/Cargo.toml

@@ -17,7 +17,7 @@ categories = ["cryptography", "no-std"]
 rust-version = "1.85"
 
 [dependencies]
-aead = { version = "0.6.0-rc.0", default-features = false }
+aead = { version = "0.6.0-rc.0", default-features = false, features = ["inout"] }
 aes = { version = "=0.9.0-pre.3", optional = true }
 cipher = "=0.5.0-pre.8"
 ctr = "0.10.0-pre.2"

aes-gcm-siv/src/lib.rs

@@ -83,13 +83,13 @@ pub use aead::{self, AeadCore, AeadInOut, Error, Key, KeyInit, KeySizeUser};
 #[cfg(feature = "aes")]
 pub use aes;
 
-use aead::{inout::InOutBuf, PostfixTagged};
+use aead::{PostfixTagged, inout::InOutBuf};
 use cipher::{
+    BlockCipherEncrypt, BlockSizeUser, InnerIvInit, StreamCipherCore,
     array::Array,
     consts::{U12, U16},
-    BlockCipherEncrypt, BlockSizeUser, InnerIvInit, StreamCipherCore,
 };
-use polyval::{universal_hash::UniversalHash, Polyval};
+use polyval::{Polyval, universal_hash::UniversalHash};
 
 /// AES is optional to allow swapping in hardware-specific backends.
 #[cfg(feature = "aes")]
@@ -278,10 +278,10 @@ where
         }
 
         self.polyval.update_padded(associated_data);
-        self.polyval.update_padded(buffer);
+        self.polyval.update_padded(buffer.get_in());
 
         let tag = self.finish_tag(associated_data.len(), buffer.len());
-        init_ctr(&self.enc_cipher, &tag).apply_keystream_partial(buffer.into());
+        init_ctr(&self.enc_cipher, &tag).apply_keystream_partial(buffer);
 
         Ok(tag)
     }
@@ -291,7 +291,7 @@ where
     pub(crate) fn decrypt_inout_detached(
         mut self,
         associated_data: &[u8],
-        buffer: InOutBuf<'_, '_, u8>,
+        mut buffer: InOutBuf<'_, '_, u8>,
         tag: &Tag,
     ) -> Result<(), Error> {
         if buffer.len() as u64 > C_MAX || associated_data.len() as u64 > A_MAX {
@@ -301,8 +301,8 @@ where
         self.polyval.update_padded(associated_data);
 
         // TODO(tarcieri): interleave decryption and authentication
-        init_ctr(&self.enc_cipher, tag).apply_keystream_partial(buffer.into());
-        self.polyval.update_padded(buffer);
+        init_ctr(&self.enc_cipher, tag).apply_keystream_partial(buffer.reborrow());
+        self.polyval.update_padded(buffer.get_in());
 
         let expected_tag = self.finish_tag(associated_data.len(), buffer.len());
 
@@ -312,7 +312,7 @@ where
         } else {
             // On MAC verify failure, re-encrypt the plaintext buffer to
             // prevent accidental exposure.
-            init_ctr(&self.enc_cipher, tag).apply_keystream_partial(buffer.into());
+            init_ctr(&self.enc_cipher, tag).apply_keystream_partial(buffer);
             Err(Error)
         }
     }

aes-gcm/Cargo.toml

@@ -17,7 +17,7 @@ categories = ["cryptography", "no-std"]
 rust-version = "1.85"
 
 [dependencies]
-aead = { version = "0.6.0-rc.0", default-features = false }
+aead = { version = "0.6.0-rc.0", default-features = false, features = ["inout"] }
 aes = { version = "=0.9.0-pre.3", optional = true }
 cipher = "=0.5.0-pre.8"
 ctr = "0.10.0-pre.2"

aes-gcm/src/lib.rs

@@ -270,7 +270,7 @@ where
         &self,
         nonce: &Nonce<NonceSize>,
         associated_data: &[u8],
-        buffer: InOutBuf<'_, '_, u8>,
+        mut buffer: InOutBuf<'_, '_, u8>,
     ) -> Result<Tag<TagSize>, Error> {
         if buffer.len() as u64 > P_MAX || associated_data.len() as u64 > A_MAX {
             return Err(Error);
@@ -280,9 +280,9 @@ where
 
         // TODO(tarcieri): interleave encryption with GHASH
         // See: <https://github.com/RustCrypto/AEADs/issues/74>
-        ctr.apply_keystream_partial(buffer.into());
+        ctr.apply_keystream_partial(buffer.reborrow());
 
-        let full_tag = self.compute_tag(mask, associated_data, buffer);
+        let full_tag = self.compute_tag(mask, associated_data, buffer.get_in());
         Ok(Tag::try_from(&full_tag[..TagSize::to_usize()]).expect("tag size mismatch"))
     }
 
@@ -301,11 +301,11 @@ where
 
         // TODO(tarcieri): interleave encryption with GHASH
         // See: <https://github.com/RustCrypto/AEADs/issues/74>
-        let expected_tag = self.compute_tag(mask, associated_data, buffer);
+        let expected_tag = self.compute_tag(mask, associated_data, buffer.get_in());
 
         use subtle::ConstantTimeEq;
         if expected_tag[..TagSize::to_usize()].ct_eq(tag).into() {
-            ctr.apply_keystream_partial(buffer.into());
+            ctr.apply_keystream_partial(buffer);
             Ok(())
         } else {
             Err(Error)

aes-gcm/tests/common/mod.rs

@@ -92,7 +92,7 @@ macro_rules! tests {
             let cipher = <$aead>::new(&key);
             assert!(
                 cipher
-                    .decrypt_inout_detached(&nonce, &[], &mut buffer, &tag)
+                    .decrypt_inout_detached(&nonce, &[], (buffer.as_mut_slice()).into(), &tag)
                     .is_err()
             );
 

aes-siv/src/siv.rs

@@ -213,7 +213,7 @@ where
         // TODO(tarcieri): add offset param to `encrypt_inout_detached`
         buffer.as_mut().copy_within(..pt_len, IV_SIZE);
 
-        let tag = self.encrypt_inout_detached(headers, &mut buffer.as_mut()[IV_SIZE..])?;
+        let tag = self.encrypt_inout_detached(headers, (&mut buffer.as_mut()[IV_SIZE..]).into())?;
         buffer.as_mut()[..IV_SIZE].copy_from_slice(tag.as_slice());
         Ok(())
     }
@@ -227,15 +227,15 @@ where
     pub fn encrypt_inout_detached<I, T>(
         &mut self,
         headers: I,
-        plaintext: InOutBuf<'_, '_, u8>,
+        mut plaintext: InOutBuf<'_, '_, u8>,
     ) -> Result<Tag, Error>
     where
         I: IntoIterator<Item = T>,
         T: AsRef<[u8]>,
     {
         // Compute the synthetic IV for this plaintext
-        let siv_tag = s2v(&mut self.mac, headers, plaintext)?;
-        self.xor_with_keystream(siv_tag, plaintext);
+        let siv_tag = s2v(&mut self.mac, headers, plaintext.get_in())?;
+        self.xor_with_keystream(siv_tag, plaintext.get_out());
         Ok(siv_tag)
     }
 
@@ -271,7 +271,7 @@ where
         }
 
         let siv_tag = Tag::try_from(&buffer.as_ref()[..IV_SIZE]).expect("tag size mismatch");
-        self.decrypt_inout_detached(headers, &mut buffer.as_mut()[IV_SIZE..], &siv_tag)?;
+        self.decrypt_inout_detached(headers, (&mut buffer.as_mut()[IV_SIZE..]).into(), &siv_tag)?;
 
         let pt_len = buffer.len() - IV_SIZE;
 
@@ -290,22 +290,22 @@ where
     pub fn decrypt_inout_detached<I, T>(
         &mut self,
         headers: I,
-        ciphertext: InOutBuf<'_, '_, u8>,
+        mut ciphertext: InOutBuf<'_, '_, u8>,
         siv_tag: &Tag,
     ) -> Result<(), Error>
     where
         I: IntoIterator<Item = T>,
         T: AsRef<[u8]>,
     {
-        self.xor_with_keystream(*siv_tag, ciphertext);
-        let computed_siv_tag = s2v(&mut self.mac, headers, ciphertext)?;
+        self.xor_with_keystream(*siv_tag, ciphertext.get_out());
+        let computed_siv_tag = s2v(&mut self.mac, headers, ciphertext.get_in())?;
 
         // Note: `CtOutput` provides constant-time equality
         if CtOutput::<M>::new(computed_siv_tag) == CtOutput::new(*siv_tag) {
             Ok(())
         } else {
             // Re-encrypt the decrypted plaintext to avoid revealing it
-            self.xor_with_keystream(*siv_tag, ciphertext);
+            self.xor_with_keystream(*siv_tag, ciphertext.get_out());
             Err(Error)
         }
     }

aes-siv/tests/aead.rs

@@ -40,7 +40,7 @@ macro_rules! tests {
 
                 let cipher = <$aead>::new(&key);
                 let tag = cipher
-                    .encrypt_inout_detached(&nonce, vector.aad, &mut buffer)
+                    .encrypt_inout_detached(&nonce, vector.aad, buffer.as_mut_slice().into())
                     .unwrap();
                 let (expected_tag, expected_ciphertext) = vector.ciphertext.split_at(16);
                 assert_eq!(expected_tag, &tag[..]);
@@ -75,7 +75,7 @@ macro_rules! tests {
                 let mut buffer = vector.ciphertext[16..].to_vec();
 
                 <$aead>::new(&key)
-                    .decrypt_inout_detached(&nonce, vector.aad, &mut buffer, &tag)
+                    .decrypt_inout_detached(&nonce, vector.aad, buffer.as_mut_slice().into(), &tag)
                     .unwrap();
 
                 assert_eq!(vector.plaintext, buffer.as_slice());

ascon-aead/Cargo.toml

@@ -15,7 +15,7 @@ categories = ["cryptography", "no-std"]
 rust-version = "1.85"
 
 [dependencies]
-aead = { version = "0.6.0-rc.0", default-features = false }
+aead = { version = "0.6.0-rc.0", default-features = false, features = ["inout"] }
 subtle = { version = "2", default-features = false }
 zeroize = { version = "1.6", optional = true, default-features = false, features = ["derive"] }
 ascon = "0.4"

ascon-aead/src/asconcore.rs

@@ -2,11 +2,12 @@
 // SPDX-License-Identifier: Apache-2.0 OR MIT
 
 use aead::{
-    Error,
-    array::{Array, ArraySize, typenum::Unsigned},
+    array::{typenum::Unsigned, Array, ArraySize},
     consts::{U16, U20},
+    inout::InOutBuf,
+    Error,
 };
-use ascon::{State, pad};
+use ascon::{pad, State};
 use subtle::ConstantTimeEq;
 
 /// Clear bytes from a 64 bit word.
@@ -337,30 +338,30 @@ impl<'a, P: Parameters> AsconCore<'a, P> {
         tag
     }
 
-    pub(crate) fn encrypt_inplace(
+    pub(crate) fn encrypt_inout(
         &mut self,
-        message: &mut [u8],
+        mut message: InOutBuf<'_, '_, u8>,
         associated_data: &[u8],
     ) -> Array<u8, U16> {
         self.process_associated_data(associated_data);
-        self.process_encrypt_inplace(message);
+        self.process_encrypt_inplace(message.get_out());
         Array::from(self.process_final())
     }
 
-    pub(crate) fn decrypt_inplace(
+    pub(crate) fn decrypt_inout(
         &mut self,
-        ciphertext: &mut [u8],
+        mut ciphertext: InOutBuf<'_, '_, u8>,
         associated_data: &[u8],
         expected_tag: &Array<u8, U16>,
     ) -> Result<(), Error> {
         self.process_associated_data(associated_data);
-        self.process_decrypt_inplace(ciphertext);
+        self.process_decrypt_inplace(ciphertext.get_out());
 
         let tag = self.process_final();
         if bool::from(tag.ct_eq(expected_tag)) {
             Ok(())
         } else {
-            ciphertext.fill(0);
+            ciphertext.get_out().fill(0);
             Err(Error)
         }
     }

ascon-aead/src/lib.rs

@@ -106,14 +106,14 @@ pub use zeroize;
 
 pub use aead::{self, Error, Key, Nonce, Tag};
 use aead::{
-    AeadCore, AeadInOut, KeyInit, KeySizeUser, PostfixTagged,
     consts::{U16, U20},
     inout::InOutBuf,
+    AeadCore, AeadInOut, KeyInit, KeySizeUser, PostfixTagged,
 };
 
 mod asconcore;
 
-use asconcore::{AsconCore, Parameters, Parameters80pq, Parameters128, Parameters128a};
+use asconcore::{AsconCore, Parameters, Parameters128, Parameters128a, Parameters80pq};
 
 /// Ascon generic over some Parameters
 ///
@@ -158,7 +158,7 @@ impl<P: Parameters> AeadInOut for Ascon<P> {
         }
 
         let mut core = AsconCore::<P>::new(&self.key, nonce);
-        Ok(core.encrypt_inplace(buffer, associated_data))
+        Ok(core.encrypt_inout(buffer, associated_data))
     }
 
     fn decrypt_inout_detached(
@@ -176,7 +176,7 @@ impl<P: Parameters> AeadInOut for Ascon<P> {
         }
 
         let mut core = AsconCore::<P>::new(&self.key, nonce);
-        core.decrypt_inplace(buffer, associated_data, tag)
+        core.decrypt_inout(buffer, associated_data, tag)
     }
 }