1// Copyright (C) 2019 ProtonTech AG
 2
 3package packet
 4
 5import "math/bits"
 6
 7// CipherSuite contains a combination of Cipher and Mode
 8type CipherSuite struct {
 9	// The cipher function
10	Cipher CipherFunction
11	// The AEAD mode of operation.
12	Mode AEADMode
13}
14
15// AEADConfig collects a number of AEAD parameters along with sensible defaults.
16// A nil AEADConfig is valid and results in all default values.
17type AEADConfig struct {
18	// The AEAD mode of operation.
19	DefaultMode AEADMode
20	// Amount of octets in each chunk of data
21	ChunkSize uint64
22}
23
24// Mode returns the AEAD mode of operation.
25func (conf *AEADConfig) Mode() AEADMode {
26	// If no preference is specified, OCB is used (which is mandatory to implement).
27	if conf == nil || conf.DefaultMode == 0 {
28		return AEADModeOCB
29	}
30
31	mode := conf.DefaultMode
32	if mode != AEADModeEAX && mode != AEADModeOCB && mode != AEADModeGCM {
33		panic("AEAD mode unsupported")
34	}
35	return mode
36}
37
38// ChunkSizeByte returns the byte indicating the chunk size. The effective
39// chunk size is computed with the formula uint64(1) << (chunkSizeByte + 6)
40// limit to 16 = 4 MiB
41// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
42func (conf *AEADConfig) ChunkSizeByte() byte {
43	if conf == nil || conf.ChunkSize == 0 {
44		return 12 // 1 << (12 + 6) == 262144 bytes
45	}
46
47	chunkSize := conf.ChunkSize
48	exponent := bits.Len64(chunkSize) - 1
49	switch {
50	case exponent < 6:
51		exponent = 6
52	case exponent > 16:
53		exponent = 16
54	}
55
56	return byte(exponent - 6)
57}
58
59// decodeAEADChunkSize returns the effective chunk size. In 32-bit systems, the
60// maximum returned value is 1 << 30.
61func decodeAEADChunkSize(c byte) int {
62	size := uint64(1 << (c + 6))
63	if size != uint64(int(size)) {
64		return 1 << 30
65	}
66	return int(size)
67}