mozilla
diff --git a/‎src/aead.rs‎
Lines changed: 15 additions & 262 deletions b/‎src/aead.rs‎
Lines changed: 15 additions & 262 deletions
@@ -4,270 +4,18 @@
 // option. This file may not be copied, modified, or distributed
 // except according to those terms.
 
-use std::{
-    fmt,
-    os::raw::{c_char, c_int, c_uint},
-    ptr::null_mut,
-};
+use std::{os::raw::c_int, ptr::null_mut};
 
 use crate::{
-    constants::{Cipher, Version},
-    err::{sec::SEC_ERROR_BAD_DATA, Error, Res},
-    experimental_api,
+    err::{Error, Res},
     p11::{
-        self, Context, PK11SymKey, PK11_AEADOp, PK11_CreateContextBySymKey, CKA_DECRYPT,
-        CKA_ENCRYPT, CKA_NSS_MESSAGE, CKG_GENERATE_COUNTER_XOR, CKG_NO_GENERATE, CKM_AES_GCM,
+        self, Context, PK11_AEADOp, PK11_CreateContextBySymKey, CKA_DECRYPT, CKA_ENCRYPT,
+        CKA_NSS_MESSAGE, CKG_GENERATE_COUNTER_XOR, CKG_NO_GENERATE, CKM_AES_GCM,
         CKM_CHACHA20_POLY1305, CK_ATTRIBUTE_TYPE, CK_GENERATOR_FUNCTION, CK_MECHANISM_TYPE,
     },
-    prtypes::{PRUint16, PRUint64, PRUint8},
-    scoped_ptr, secstatus_to_res,
-    ssl::SSLAeadContext,
-    SECItemBorrowed, SymKey,
+    secstatus_to_res, SECItemBorrowed, SymKey,
 };
 
-/// Trait for AEAD (Authenticated Encryption with Associated Data) operations.
-///
-/// This trait provides a common interface for both real and null AEAD implementations,
-/// eliminating code duplication and allowing for consistent usage patterns.
-pub trait AeadTrait {
-    /// Create a new AEAD instance.
-    ///
-    /// # Errors
-    ///
-    /// Returns `Error` when the underlying crypto operations fail.
-    fn new(version: Version, cipher: Cipher, secret: &SymKey, prefix: &str) -> Res<Self>
-    where
-        Self: Sized;
-
-    /// Get the expansion size (authentication tag length) for this AEAD.
-    fn expansion(&self) -> usize;
-
-    /// Encrypt plaintext with associated data.
-    ///
-    /// # Errors
-    ///
-    /// Returns `Error` when encryption fails.
-    fn encrypt<'a>(
-        &self,
-        count: u64,
-        aad: &[u8],
-        input: &[u8],
-        output: &'a mut [u8],
-    ) -> Res<&'a [u8]>;
-
-    /// Encrypt plaintext in place with associated data.
-    ///
-    /// # Errors
-    ///
-    /// Returns `Error` when encryption fails.
-    fn encrypt_in_place<'a>(&self, count: u64, aad: &[u8], data: &'a mut [u8])
-        -> Res<&'a mut [u8]>;
-
-    /// Decrypt ciphertext with associated data.
-    ///
-    /// # Errors
-    ///
-    /// Returns `Error` when decryption or authentication fails.
-    fn decrypt<'a>(
-        &self,
-        count: u64,
-        aad: &[u8],
-        input: &[u8],
-        output: &'a mut [u8],
-    ) -> Res<&'a [u8]>;
-
-    /// Decrypt ciphertext in place with associated data.
-    ///
-    /// # Errors
-    ///
-    /// Returns `Error` when decryption or authentication fails.
-    fn decrypt_in_place<'a>(&self, count: u64, aad: &[u8], data: &'a mut [u8])
-        -> Res<&'a mut [u8]>;
-}
-
-experimental_api!(SSL_MakeAead(
-    version: PRUint16,
-    cipher: PRUint16,
-    secret: *mut PK11SymKey,
-    label_prefix: *const c_char,
-    label_prefix_len: c_uint,
-    ctx: *mut *mut SSLAeadContext,
-));
-experimental_api!(SSL_AeadEncrypt(
-    ctx: *const SSLAeadContext,
-    counter: PRUint64,
-    aad: *const PRUint8,
-    aad_len: c_uint,
-    input: *const PRUint8,
-    input_len: c_uint,
-    output: *const PRUint8,
-    output_len: *mut c_uint,
-    max_output: c_uint
-));
-experimental_api!(SSL_AeadDecrypt(
-    ctx: *const SSLAeadContext,
-    counter: PRUint64,
-    aad: *const PRUint8,
-    aad_len: c_uint,
-    input: *const PRUint8,
-    input_len: c_uint,
-    output: *const PRUint8,
-    output_len: *mut c_uint,
-    max_output: c_uint
-));
-experimental_api!(SSL_DestroyAead(ctx: *mut SSLAeadContext));
-scoped_ptr!(AeadContext, SSLAeadContext, SSL_DestroyAead);
-
-pub struct RealAead {
-    ctx: AeadContext,
-}
-
-impl RealAead {
-    unsafe fn from_raw(
-        version: Version,
-        cipher: Cipher,
-        secret: *mut PK11SymKey,
-        prefix: &str,
-    ) -> Res<Self> {
-        let p = prefix.as_bytes();
-        let mut ctx: *mut SSLAeadContext = null_mut();
-        SSL_MakeAead(
-            version,
-            cipher,
-            secret,
-            p.as_ptr().cast(),
-            c_uint::try_from(p.len())?,
-            &mut ctx,
-        )?;
-        Ok(Self {
-            ctx: AeadContext::from_ptr(ctx)?,
-        })
-    }
-}
-
-impl AeadTrait for RealAead {
-    fn new(version: Version, cipher: Cipher, secret: &SymKey, prefix: &str) -> Res<Self> {
-        let s: *mut PK11SymKey = **secret;
-        unsafe { Self::from_raw(version, cipher, s, prefix) }
-    }
-
-    fn expansion(&self) -> usize {
-        16
-    }
-
-    fn encrypt<'a>(
-        &self,
-        count: u64,
-        aad: &[u8],
-        input: &[u8],
-        output: &'a mut [u8],
-    ) -> Res<&'a [u8]> {
-        let mut l: c_uint = 0;
-        unsafe {
-            SSL_AeadEncrypt(
-                *self.ctx,
-                count,
-                aad.as_ptr(),
-                c_uint::try_from(aad.len())?,
-                input.as_ptr(),
-                c_uint::try_from(input.len())?,
-                output.as_mut_ptr(),
-                &mut l,
-                c_uint::try_from(output.len())?,
-            )
-        }?;
-        Ok(&output[..l.try_into()?])
-    }
-
-    fn encrypt_in_place<'a>(
-        &self,
-        count: u64,
-        aad: &[u8],
-        data: &'a mut [u8],
-    ) -> Res<&'a mut [u8]> {
-        if data.len() < self.expansion() {
-            return Err(Error::from(SEC_ERROR_BAD_DATA));
-        }
-
-        let mut l: c_uint = 0;
-        unsafe {
-            SSL_AeadEncrypt(
-                *self.ctx,
-                count,
-                aad.as_ptr(),
-                c_uint::try_from(aad.len())?,
-                data.as_ptr(),
-                c_uint::try_from(data.len() - self.expansion())?,
-                data.as_mut_ptr(),
-                &mut l,
-                c_uint::try_from(data.len())?,
-            )
-        }?;
-        debug_assert_eq!(usize::try_from(l)?, data.len());
-        Ok(data)
-    }
-
-    fn decrypt<'a>(
-        &self,
-        count: u64,
-        aad: &[u8],
-        input: &[u8],
-        output: &'a mut [u8],
-    ) -> Res<&'a [u8]> {
-        let mut l: c_uint = 0;
-        unsafe {
-            // Note that NSS insists upon having extra space available for decryption, so
-            // the buffer for `output` should be the same length as `input`, even though
-            // the final result will be shorter.
-            SSL_AeadDecrypt(
-                *self.ctx,
-                count,
-                aad.as_ptr(),
-                c_uint::try_from(aad.len())?,
-                input.as_ptr(),
-                c_uint::try_from(input.len())?,
-                output.as_mut_ptr(),
-                &mut l,
-                c_uint::try_from(output.len())?,
-            )
-        }?;
-        Ok(&output[..l.try_into()?])
-    }
-
-    fn decrypt_in_place<'a>(
-        &self,
-        count: u64,
-        aad: &[u8],
-        data: &'a mut [u8],
-    ) -> Res<&'a mut [u8]> {
-        let mut l: c_uint = 0;
-        unsafe {
-            // Note that NSS insists upon having extra space available for decryption, so
-            // the buffer for `output` should be the same length as `input`, even though
-            // the final result will be shorter.
-            SSL_AeadDecrypt(
-                *self.ctx,
-                count,
-                aad.as_ptr(),
-                c_uint::try_from(aad.len())?,
-                data.as_ptr(),
-                c_uint::try_from(data.len())?,
-                data.as_mut_ptr(),
-                &mut l,
-                c_uint::try_from(data.len())?,
-            )
-        }?;
-        debug_assert_eq!(usize::try_from(l)?, data.len() - self.expansion());
-        Ok(&mut data[..l.try_into()?])
-    }
-}
-
-impl fmt::Debug for RealAead {
-    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        write!(f, "[AEAD Context]")
-    }
-}
-
 /// All the nonces are the same length.  Exploit that.
 pub const NONCE_LEN: usize = 12;
 
@@ -370,7 +118,7 @@ impl Aead {
         })
     }
 
-    pub fn seal(&mut self, aad: &[u8], pt: &[u8]) -> Result<Vec<u8>, Error> {
+    pub fn encrypt(&mut self, aad: &[u8], pt: &[u8]) -> Result<Vec<u8>, Error> {
         crate::init()?;
 
         assert_eq!(self.mode, Mode::Encrypt);
@@ -406,7 +154,12 @@ impl Aead {
         Ok(ct)
     }
 
-    pub fn open(&mut self, aad: &[u8], seq: SequenceNumber, ct: &[u8]) -> Result<Vec<u8>, Error> {
+    pub fn decrypt(
+        &mut self,
+        aad: &[u8],
+        seq: SequenceNumber,
+        ct: &[u8],
+    ) -> Result<Vec<u8>, Error> {
         crate::init()?;
 
         assert_eq!(self.mode, Mode::Decrypt);
@@ -462,11 +215,11 @@ mod test {
         let k = Aead::import_key(algorithm, key).unwrap();
 
         let mut enc = Aead::new(Mode::Encrypt, algorithm, &k, *nonce).unwrap();
-        let ciphertext = enc.seal(aad, pt).unwrap();
+        let ciphertext = enc.encrypt(aad, pt).unwrap();
         assert_eq!(&ciphertext[..], ct);
 
         let mut dec = Aead::new(Mode::Decrypt, algorithm, &k, *nonce).unwrap();
-        let plaintext = dec.open(aad, 0, ct).unwrap();
+        let plaintext = dec.decrypt(aad, 0, ct).unwrap();
         assert_eq!(&plaintext[..], pt);
     }
 
@@ -481,7 +234,7 @@ mod test {
     ) {
         let k = Aead::import_key(algorithm, key).unwrap();
         let mut dec = Aead::new(Mode::Decrypt, algorithm, &k, *nonce).unwrap();
-        let plaintext = dec.open(aad, seq, ct).unwrap();
+        let plaintext = dec.decrypt(aad, seq, ct).unwrap();
         assert_eq!(&plaintext[..], pt);
     }