Reserve space for tag in noise encryption wrapper

This prevents a potential re-allocation in the crypto library itself, which needs some space to write a tag after encrypting. Bug: b/394018656 Change-Id: Id7df79d6e3c4f569985166a5d6f4d06663516d41
project-oak · Mar 7, 2025 · 90c5509 · 90c5509
1 parent 30b03b1
commit 90c5509
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/oak_crypto/src/noise_handshake/mod.rs b/oak_crypto/src/noise_handshake/mod.rs
@@ -92,6 +92,11 @@ fn aes_gcm_256_encrypt(
     nonce: &[u8; NONCE_LEN],
     plaintext: &[u8],
 ) -> Result<Vec<u8>, Error> {
+    // The crypto library will include a small tag at the end after encrypting.
+    // We can avoid potential re-alloc in the crypto library by ensuring that
+    // there's enough space for the tag when we allocate the buffer here.
+    const ADDITIONAL_TAG_SPACE: usize = 32;
+
     const PADDING_GRANULARITY: usize = 32;
     static_assertions::const_assert!(PADDING_GRANULARITY < 256);
     static_assertions::const_assert!((PADDING_GRANULARITY & (PADDING_GRANULARITY - 1)) == 0);
@@ -113,7 +118,7 @@ fn aes_gcm_256_encrypt(
     // multiple of PADDED_GRANULARITY.
     padded_size = (padded_size + PADDING_GRANULARITY - 1) & !(PADDING_GRANULARITY - 1);
 
-    let mut padded_encrypt_data = Vec::with_capacity(padded_size);
+    let mut padded_encrypt_data = Vec::with_capacity(padded_size + ADDITIONAL_TAG_SPACE);
     padded_encrypt_data.extend_from_slice(plaintext);
     padded_encrypt_data.resize(padded_size, 0u8);
     let num_zeros = padded_size - plaintext.len() - 1;