AEAD support and several types fixes. Temporary use forked version of libc, until the fix is merged.

Author: Gleb Pomykalov

Cargo.toml

@@ -16,7 +16,7 @@ exclude     = [
 ]
 
 [dependencies]
-libc = { git = "https://github.com/rust-lang/libc" }
+libc = { git = "https://github.com/glebpom/libc", rev = "crypto-api-constant-types-fix" }
 bitflags = "1.0"
 cfg-if = "0.1.0"
 void = "1.0.2"

src/sys/socket/mod.rs

@@ -721,7 +721,7 @@ pub enum ControlMessage<'a> {
         target_os = "android",
         target_os = "linux",
     ))]
-    AlgSetOp(&'a c_int),
+    AlgSetOp(&'a u32),
     /// Set the length of associated authentication data (AAD) (applicable only to AEAD algoritms)
     /// for `AF_ALG` crypto API.
     /// AF_ALG is only supported on linux and android.
@@ -731,7 +731,7 @@ pub enum ControlMessage<'a> {
         target_os = "android",
         target_os = "linux",
     ))]
-    AlgSetAeadAssoclen(&'a c_int),
+    AlgSetAeadAssoclen(&'a u32),
 
 }
 
@@ -1199,7 +1199,7 @@ pub trait GetSockOpt : Copy {
 
 /// Represents a socket option that can be accessed or set. Used as an argument
 /// to `setsockopt`
-pub trait SetSockOpt : Copy {
+pub trait SetSockOpt : Clone {
     type Val;
 
     #[doc(hidden)]

src/sys/socket/sockopt.rs

@@ -148,10 +148,6 @@ macro_rules! sockopt_impl {
         sockopt_impl!(SetOnly, $name, $level, $flag, usize, SetUsize);
     };
 
-    (SetOnly, $name:ident, $level:path, $flag:path, [u8]) => {
-        sockopt_impl!(SetOnly, $name, $level, $flag, [u8], SetBytes<[u8]>);
-    };
-
     (Both, $name:ident, $level:path, $flag:path, bool) => {
         sockopt_impl!(Both, $name, $level, $flag, bool, GetBool, SetBool);
     };
@@ -223,7 +219,6 @@ cfg_if! {
     if #[cfg(any(target_os = "android", target_os = "linux"))] {
         sockopt_impl!(SetOnly, Ipv6AddMembership, libc::IPPROTO_IPV6, libc::IPV6_ADD_MEMBERSHIP, super::Ipv6MembershipRequest);
         sockopt_impl!(SetOnly, Ipv6DropMembership, libc::IPPROTO_IPV6, libc::IPV6_DROP_MEMBERSHIP, super::Ipv6MembershipRequest);
-        sockopt_impl!(SetOnly, AlgSetKey, libc::SOL_ALG, libc::ALG_SET_KEY, Vec<u8>);
     } else if #[cfg(any(target_os = "dragonfly",
                         target_os = "freebsd",
                         target_os = "ios",
@@ -312,6 +307,55 @@ sockopt_impl!(Both, Ipv4RecvIf, libc::IPPROTO_IP, libc::IP_RECVIF, bool);
 sockopt_impl!(Both, Ipv4RecvDstAddr, libc::IPPROTO_IP, libc::IP_RECVDSTADDR, bool);
 
 
+#[cfg(any(target_os = "android", target_os = "linux"))]
+#[derive(Copy, Clone, Debug)]
+pub struct AlgSetAeadAuthSize;
+
+// ALG_SET_AEAD_AUTH_SIZE read the length from passed `option_len`
+// See https://elixir.bootlin.com/linux/v4.4/source/crypto/af_alg.c#L222
+#[cfg(any(target_os = "android", target_os = "linux"))]
+impl SetSockOpt for AlgSetAeadAuthSize {
+    type Val = usize;
+
+    fn set(&self, fd: RawFd, val: &usize) -> Result<()> {
+        unsafe {
+            let res = libc::setsockopt(fd,
+                                       libc::SOL_ALG,
+                                       libc::ALG_SET_AEAD_AUTHSIZE,
+                                       ::std::ptr::null(),
+                                       *val as libc::socklen_t);
+            Errno::result(res).map(drop)
+        }
+    }
+}
+
+#[cfg(any(target_os = "android", target_os = "linux"))]
+#[derive(Clone, Debug)]
+pub struct AlgSetKey<T>(::std::marker::PhantomData<T>);
+
+#[cfg(any(target_os = "android", target_os = "linux"))]
+impl<T> Default for AlgSetKey<T> {
+    fn default() -> Self {
+        AlgSetKey(Default::default())
+    }
+}
+
+#[cfg(any(target_os = "android", target_os = "linux"))]
+impl<T> SetSockOpt for AlgSetKey<T> where T: AsRef<[u8]> + Clone {
+    type Val = T;
+
+    fn set(&self, fd: RawFd, val: &T) -> Result<()> {
+        unsafe {
+            let res = libc::setsockopt(fd,
+                                       libc::SOL_ALG,
+                                       libc::ALG_SET_KEY,
+                                       val.as_ref().as_ptr() as *const _,
+                                       val.as_ref().len() as libc::socklen_t);
+            Errno::result(res).map(drop)
+        }
+    }
+}
+
 /*
  *
  * ===== Accessor helpers =====
@@ -372,25 +416,6 @@ unsafe impl<T> Get<T> for GetStruct<T> {
     }
 }
 
-/// Setter for bytes.
-struct SetBytes<'a, T> where T: 'a + AsRef<[u8]> {
-    ptr: &'a T,
-}
-
-unsafe impl<'a, T> Set<'a, T> for SetBytes<'a, T> where T: AsRef<[u8]> {
-    fn new(ptr: &'a T) -> SetBytes<'a, T> {
-        SetBytes { ptr }
-    }
-
-    fn ffi_ptr(&self) -> *const c_void {
-        self.ptr.as_ref() as *const _ as *const c_void
-    }
-
-    fn ffi_len(&self) -> socklen_t {
-        self.ptr.as_ref().len() as socklen_t
-    }
-}
-
 /// Setter for an arbitrary `struct`.
 struct SetStruct<'a, T: 'static> {
     ptr: &'a T,

test/sys/test_socket.rs

@@ -188,7 +188,7 @@ pub fn test_scm_rights() {
 
 #[cfg(any(target_os = "linux", target_os= "android"))]
 #[test]
-pub fn test_af_alg_cmsg() {
+pub fn test_af_alg_cipher() {
     use libc;
     use nix::sys::uio::IoVec;
     use nix::unistd::read;
@@ -221,7 +221,7 @@ pub fn test_af_alg_cmsg() {
         panic!("unexpected SockAddr");
     }
 
-    setsockopt(sock, AlgSetKey, &key).expect("setsockopt");
+    setsockopt(sock, AlgSetKey::default(), &key).expect("setsockopt");
     let session_socket = accept(sock).expect("accept failed");
 
     let msgs = [ControlMessage::AlgSetOp(&libc::ALG_OP_ENCRYPT), ControlMessage::AlgSetIv(iv.as_slice())];
@@ -248,6 +248,76 @@ pub fn test_af_alg_cmsg() {
     assert_eq!(decrypted, payload);
 }
 
+#[cfg(any(target_os = "linux", target_os= "android"))]
+#[test]
+pub fn test_af_alg_aead() {
+    use libc;
+    use nix::sys::uio::IoVec;
+    use nix::unistd::read;
+    use nix::sys::socket::{socket, sendmsg, bind, accept, setsockopt,
+                           AddressFamily, SockType, SockFlag, SockAddr,
+                           ControlMessage, MsgFlags};
+    use nix::sys::socket::sockopt::{AlgSetKey, AlgSetAeadAuthSize};
+
+    let auth_size = 4usize;
+    let assoc_size = 16u32;
+
+    let alg_type = "aead";
+    let alg_name = "gcm(aes)";
+    // 256-bits secret key
+    let key = vec![0u8; 32];
+    // 12-bytes IV
+    let iv_len = 12;
+    let iv = vec![1u8; iv_len];
+    // 256-bytes plain payload
+    let payload_len = 256;
+    let mut payload = vec![2u8; payload_len + (assoc_size as usize)];
+
+    for i in 0..assoc_size {
+        payload[i as usize] = 10;
+    }
+
+    let sock = socket(AddressFamily::Alg, SockType::SeqPacket, SockFlag::empty(), None)
+        .expect("socket failed");
+
+    let sockaddr = SockAddr::new_alg(alg_type, alg_name);
+    bind(sock, &sockaddr).expect("bind failed");
+
+    setsockopt(sock, AlgSetKey::default(), &key).expect("setsockopt AlgSetKey");
+    setsockopt(sock, AlgSetAeadAuthSize, &auth_size).expect("setsockopt AlgSetAeadAuthSize");
+    let session_socket = accept(sock).expect("accept failed");
+
+    let msgs = [
+        ControlMessage::AlgSetOp(&libc::ALG_OP_ENCRYPT),
+        ControlMessage::AlgSetIv(iv.as_slice()),
+        ControlMessage::AlgSetAeadAssoclen(&assoc_size)];
+    let iov = IoVec::from_slice(&payload);
+    sendmsg(session_socket, &[iov], &msgs, MsgFlags::empty(), None).expect("sendmsg encrypt");
+
+    // allocate buffer for encrypted data
+    let mut encrypted = vec![0u8; (assoc_size as usize) + payload_len + auth_size];
+    let num_bytes = read(session_socket, &mut encrypted).expect("read encrypt");
+    assert_eq!(num_bytes, payload_len + auth_size + (assoc_size as usize));
+
+    let iov = IoVec::from_slice(&encrypted);
+
+    let iv = vec![1u8; iv_len];
+
+    let msgs = [
+        ControlMessage::AlgSetOp(&libc::ALG_OP_DECRYPT),
+        ControlMessage::AlgSetIv(iv.as_slice()),
+        ControlMessage::AlgSetAeadAssoclen(&assoc_size),
+    ];
+    sendmsg(session_socket, &[iov], &msgs, MsgFlags::empty(), None).expect("sendmsg decrypt");
+
+    // allocate buffer for decrypted data
+    let mut decrypted = vec![0u8; payload_len + (assoc_size as usize)];
+    let num_bytes = read(session_socket, &mut decrypted).expect("read decrypt");
+
+    assert_eq!(num_bytes, payload_len + (assoc_size as usize));
+    assert_eq!(decrypted, payload);
+}
+
 /// Tests that passing multiple fds using a single `ControlMessage` works.
 // Disable the test on emulated platforms due to a bug in QEMU versions <
 // 2.12.0.  https://bugs.launchpad.net/qemu/+bug/1701808