chore: drop openssl in favor of a rust aes implementation

stefandeml · Jul 26, 2018 · aded904 · aded904
1 parent 55b3cfb
commit aded904
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 41 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -9,7 +9,6 @@ rand = "0.4"
 ring = "0.12"
 libc = "0.2"
 merkle_light = { git = "https://github.com/dignifiedquire/merkle_light", branch = "master" }
-openssl = "*"
 failure = "0.1"
 bellman = "0.1"
 byteorder = "1"
@@ -22,6 +21,8 @@ log = "0.4"
 env_logger = "0.5"
 indicatif = "0.9"
 colored = "1.6"
+aes = "0.1"
+block-modes = "0.1"
 
 [dependencies.pairing]
 version = "0.14.2"

diff --git a/src/crypto/aes.rs b/src/crypto/aes.rs
@@ -1,54 +1,31 @@
+use aes::block_cipher_trait::generic_array::GenericArray;
+use aes::Aes256;
+use block_modes::block_padding::ZeroPadding;
+use block_modes::{BlockMode, BlockModeIv, Cbc};
 use error::Result;
-use openssl::symm::{Cipher, Crypter, Mode};
 
 pub fn encode(key: &[u8], plaintext: &[u8]) -> Result<Vec<u8>> {
-    if key.len() != 32 {
-        panic!("invalid key length");
-    }
-
-    let iv = vec![0u8; 16];
-
-    // Create a cipher context for encryption.
-    let mut encrypter = Crypter::new(
-        Cipher::aes_256_cbc(),
-        Mode::Encrypt,
-        key,
-        Some(iv.as_slice()),
-    )?;
-    encrypter.pad(false);
+    assert_eq!(key.len(), 32, "invalid key length");
 
-    let block_size = Cipher::aes_256_cbc().block_size();
-    let mut ciphertext = vec![0; plaintext.len() + block_size];
+    let iv = GenericArray::from_slice(&[0u8; 16]);
+    let mut mode = Cbc::<Aes256, ZeroPadding>::new_varkey(key, iv).expect("invalid key");
 
-    let mut count = encrypter.update(plaintext, &mut ciphertext)?;
-    count += encrypter.finalize(&mut ciphertext[count..])?;
-    ciphertext.truncate(count);
+    let mut ciphertext = plaintext.to_vec();
+    mode.encrypt_nopad(&mut ciphertext)
+        .expect("failed to encrypt");
 
     Ok(ciphertext)
 }
 
 pub fn decode(key: &[u8], ciphertext: &[u8]) -> Result<Vec<u8>> {
-    if key.len() != 32 {
-        panic!("invalid key length")
-    }
-
-    let iv = vec![0u8; 16];
-    // Create a cipher context for decryption.
-    let mut decrypter = Crypter::new(
-        Cipher::aes_256_cbc(),
-        Mode::Decrypt,
-        key,
-        Some(iv.as_slice()),
-    )?;
-    decrypter.pad(false);
+    assert_eq!(key.len(), 32, "invalid key length");
+    let iv = GenericArray::from_slice(&[0u8; 16]);
 
-    let block_size = Cipher::aes_256_cbc().block_size();
-    let mut plaintext = vec![0; ciphertext.len() + block_size];
+    let mut mode = Cbc::<Aes256, ZeroPadding>::new_varkey(key, iv).expect("invalid key");
 
-    // Decrypt 2 chunks of ciphertexts successively.
-    let mut count = decrypter.update(ciphertext, &mut plaintext)?;
-    count += decrypter.finalize(&mut plaintext[count..])?;
-    plaintext.truncate(count);
+    let mut plaintext = ciphertext.to_vec();
+    mode.decrypt_nopad(&mut plaintext)
+        .expect("failed to decrypt");
 
     Ok(plaintext)
 }

diff --git a/src/lib.rs b/src/lib.rs
@@ -13,15 +13,16 @@ extern crate failure;
 #[macro_use]
 extern crate lazy_static;
 
+extern crate aes;
 extern crate bellman;
 extern crate blake2_rfc;
+extern crate block_modes;
 extern crate byteorder;
 extern crate libc;
 extern crate memmap;
 extern crate merkle_light;
 extern crate num_bigint;
 extern crate num_traits;
-extern crate openssl;
 extern crate pairing;
 extern crate rand;
 extern crate ring;