Using GCM Nonce pattern for CBC, CFB, and CTR

maschall · maschall · commit cc3709d4e23a · 2024-09-20T19:46:08.000-04:00
diff --git a/Sources/_CryptoExtras/AES/AES_CBC.swift b/Sources/_CryptoExtras/AES/AES_CBC.swift
@@ -20,6 +20,7 @@ extension AES {
     /// suite.
     public enum _CBC {
         private static var blockSize: Int { 16 }
+        static let nonceByteCount = 16
 
         private static func encryptBlockInPlace(
             _ plaintext: inout Block,
@@ -67,7 +68,7 @@ extension AES {
             var ciphertext = Data()
             ciphertext.reserveCapacity(plaintext.count + Self.blockSize)  // Room for padding.
 
-            var previousBlock = Block(iv)
+            var previousBlock = Block(blockBytes: iv)
             var plaintext = plaintext[...]
 
             while plaintext.count > 0 {
@@ -121,7 +122,7 @@ extension AES {
             var plaintext = Data()
             plaintext.reserveCapacity(ciphertext.count)
 
-            var previousBlock = Block(iv)
+            var previousBlock = Block(blockBytes: iv)
             var ciphertext = ciphertext[...]
 
             while ciphertext.count > 0 {
@@ -141,57 +142,6 @@ extension AES {
     }
 }
 
-extension AES._CBC {
-    /// An initialization vector.
-    public struct IV: Sendable {
-        // AES CBC uses a 128-bit IV.
-        var ivBytes: (
-            UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8,
-            UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8, UInt8
-        )
-
-        public init() {
-            var rng = SystemRandomNumberGenerator()
-            let (first, second) = (rng.next(), rng.next())
-
-            self.ivBytes = (
-                UInt8(truncatingIfNeeded: first),
-                UInt8(truncatingIfNeeded: first >> 8),
-                UInt8(truncatingIfNeeded: first >> 16),
-                UInt8(truncatingIfNeeded: first >> 24),
-                UInt8(truncatingIfNeeded: first >> 32),
-                UInt8(truncatingIfNeeded: first >> 40),
-                UInt8(truncatingIfNeeded: first >> 48),
-                UInt8(truncatingIfNeeded: first >> 56),
-                UInt8(truncatingIfNeeded: second),
-                UInt8(truncatingIfNeeded: second >> 8),
-                UInt8(truncatingIfNeeded: second >> 16),
-                UInt8(truncatingIfNeeded: second >> 24),
-                UInt8(truncatingIfNeeded: second >> 32),
-                UInt8(truncatingIfNeeded: second >> 40),
-                UInt8(truncatingIfNeeded: second >> 48),
-                UInt8(truncatingIfNeeded: second >> 56)
-            )
-        }
-
-        public init<IVBytes: Collection>(ivBytes: IVBytes) throws where IVBytes.Element == UInt8 {
-            // We support a 128-bit IV.
-            guard ivBytes.count == 16 else {
-                throw CryptoKitError.incorrectKeySize
-            }
-
-            self.ivBytes = (
-                0, 0, 0, 0, 0, 0, 0, 0,
-                0, 0, 0, 0, 0, 0, 0, 0
-            )
-
-            withUnsafeMutableBytes(of: &self.ivBytes) { bytesPtr in
-                bytesPtr.copyBytes(from: ivBytes)
-            }
-        }
-    }
-}
-
 extension Data {
     fileprivate mutating func trimPadding() throws {
         guard let paddingBytes = self.last else {
diff --git a/Sources/_CryptoExtras/AES/AES_CFB.swift b/Sources/_CryptoExtras/AES/AES_CFB.swift
@@ -20,6 +20,8 @@ typealias AESCFBImpl = OpenSSLAESCFBImpl
 
 extension AES {
     public enum _CFB {
+        static let nonceByteCount = 16
+      
         @inlinable
         public static func encrypt<Plaintext: DataProtocol>(
             _ plaintext: Plaintext,
@@ -41,31 +43,3 @@ extension AES {
         }
     }
 }
-
-extension AES._CFB {
-    public struct IV: Sendable {
-        // AES CFB uses a 128-bit IV.
-        private var ivBytes: (UInt64, UInt64)
-
-        public init() {
-            var rng = SystemRandomNumberGenerator()
-            self.ivBytes = (rng.next(), rng.next())
-        }
-
-        public init<IVBytes: Collection>(ivBytes: IVBytes) throws where IVBytes.Element == UInt8 {
-            guard ivBytes.count == 16 else {
-                throw CryptoKitError.incorrectParameterSize
-            }
-
-            self.ivBytes = (0, 0)
-
-            Swift.withUnsafeMutableBytes(of: &self.ivBytes) { bytesPtr in
-                bytesPtr.copyBytes(from: ivBytes)
-            }
-        }
-
-        mutating func withUnsafeMutableBytes<ReturnType>(_ body: (UnsafeMutableRawBufferPointer) throws -> ReturnType) rethrows -> ReturnType {
-            return try Swift.withUnsafeMutableBytes(of: &self.ivBytes, body)
-        }
-    }
-}
diff --git a/Sources/_CryptoExtras/AES/AES_CTR.swift b/Sources/_CryptoExtras/AES/AES_CTR.swift
@@ -19,8 +19,9 @@ import Foundation
 typealias AESCTRImpl = OpenSSLAESCTRImpl
 
 extension AES {
-
     public enum _CTR {
+        static let nonceByteCount = 12
+      
         @inlinable
         public static func encrypt<Plaintext: DataProtocol>(
             _ plaintext: Plaintext,
@@ -42,41 +43,3 @@ extension AES {
         }
     }
 }
-
-extension AES._CTR {
-    public struct Nonce: Sendable {
-        // AES CTR uses a 128-bit counter. It's most usual to use a 96-bit nonce
-        // and a 32-bit counter at the end, so we support that specific mode of
-        // operation here.
-        private var nonceBytes: (
-            UInt64, UInt32, UInt32
-        )
-
-        public init() {
-            var rng = SystemRandomNumberGenerator()
-            self.nonceBytes = (
-                rng.next(), rng.next(), rng.next()
-            )
-        }
-
-        public init<NonceBytes: Collection>(nonceBytes: NonceBytes) throws where NonceBytes.Element == UInt8 {
-            // We support a 96-bit nonce (with a 32-bit counter, initialized to 0) or a full 128-bit
-            // expression.
-            guard nonceBytes.count == 12 || nonceBytes.count == 16 else {
-                throw CryptoKitError.incorrectParameterSize
-            }
-
-            self.nonceBytes = (
-                0, 0, 0
-            )
-
-            Swift.withUnsafeMutableBytes(of: &self.nonceBytes) { bytesPtr in
-                bytesPtr.copyBytes(from: nonceBytes)
-            }
-        }
-
-        mutating func withUnsafeMutableBytes<ReturnType>(_ body: (UnsafeMutableRawBufferPointer) throws -> ReturnType) rethrows -> ReturnType {
-            return try Swift.withUnsafeMutableBytes(of: &self.nonceBytes, body)
-        }
-    }
-}
diff --git a/Sources/_CryptoExtras/AES/Block Function.swift b/Sources/_CryptoExtras/AES/Block Function.swift
@@ -131,9 +131,10 @@ extension AES {
         init(_ blockBytes: BlockBytes) {
             self.blockBytes = blockBytes
         }
-
-        init(_ iv: AES._CBC.IV) {
-            self.blockBytes = iv.ivBytes
+        
+        init<BlockBytes: Sequence>(blockBytes: BlockBytes) where BlockBytes.Element == UInt8 {
+            let blockBytes: [UInt8] = Array(blockBytes)
+            self.init(blockBytes: blockBytes)
         }
 
         init<BlockBytes: Collection>(blockBytes: BlockBytes) where BlockBytes.Element == UInt8 {
diff --git a/Sources/_CryptoExtras/AES/Nonces.swift b/Sources/_CryptoExtras/AES/Nonces.swift
diff --git a/Sources/_CryptoExtras/AES/Nonces.swift.gyb b/Sources/_CryptoExtras/AES/Nonces.swift.gyb

Original file line number	Diff line number	Diff line change
`@@ -131,9 +131,10 @@ extension AES {`
`131`	`131`	`init(_ blockBytes: BlockBytes) {`
`132`	`132`	`self.blockBytes = blockBytes`
`133`	`133`	`}`
`134`		`-`
`135`		`- init(_ iv: AES._CBC.IV) {`
`136`		`- self.blockBytes = iv.ivBytes`
	`134`	`+`
	`135`	`+ init<BlockBytes: Sequence>(blockBytes: BlockBytes) where BlockBytes.Element == UInt8 {`
	`136`	`+ let blockBytes: [UInt8] = Array(blockBytes)`
	`137`	`+ self.init(blockBytes: blockBytes)`
`137`	`138`	`}`
`138`	`139`
`139`	`140`	`init<BlockBytes: Collection>(blockBytes: BlockBytes) where BlockBytes.Element == UInt8 {`