1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
use crate::{generate,util,lqb,ArxKW,ArxKwError,InvalidLengthError,AuthTag};
pub struct G;
impl G {
#[must_use]
pub const fn key_length() -> usize {
32
}
#[must_use]
pub const fn max_input_length() -> usize {
64
}
}
impl ArxKW for G {
type Key = [u8; Self::key_length()];
fn encrypt(key: &Self::Key, plaintext: &[u8]) -> Result<(Vec<u8>, AuthTag), ArxKwError> {
if plaintext.len() > Self::max_input_length() {
Err(ArxKwError::InvalidLength(InvalidLengthError::UpTo(plaintext.len(), 64_usize)))
} else {
let (k1,k2) = generate::subkeys(key)?;
let authentication_tag = util::sip_array_keyed(&k1, plaintext);
let ciphertext = lqb::chacha8_encrypt(&k2, &authentication_tag, plaintext)?;
Ok((ciphertext, authentication_tag))
}
}
fn decrypt(key: &Self::Key, ciphertext: &[u8], authentication_tag: &AuthTag) -> Result<Vec<u8>, ArxKwError> {
if ciphertext.len() > 64 {
Err(ArxKwError::InvalidLength(InvalidLengthError::UpTo(ciphertext.len(), 64)))
} else {
let (k1,k2) = generate::subkeys(key)?;
let p_prime = lqb::chacha8_encrypt(&k2, authentication_tag, ciphertext)?;
let t_prime = util::sip_array_keyed(&k1, &p_prime);
if &t_prime == authentication_tag {
Ok(p_prime)
}
else {
Err(ArxKwError::BadTags(t_prime, *authentication_tag))
}
}
}
}
#[cfg(test)]
mod tests {
use hex::FromHex;
use anyhow::Result;
use super::{G,ArxKW};
#[test]
fn test_encrypt() -> Result<()> {
let k = <[u8;32]>::from_hex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f")?;
let p = <[u8;32]>::from_hex("deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef")?;
let t_expected = <[u8;16]>::from_hex("016325cf6a3c4b2e3b039675e1ccbc65")?;
let c_expected = <[u8;32]>::from_hex("f63830f5148a039b6aacc4b9b6bc281d7704d906e4b5d91e045a62cdfc25eb10")?;
let (c,t) = G::encrypt(&k,&p)?;
assert_eq!(c, c_expected);
assert_eq!(t, t_expected);
Ok(())
}
#[test]
fn test_decrypt() -> Result<()> {
let k = <[u8;32]>::from_hex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f")?;
let p_expected = <[u8;32]>::from_hex("deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef")?;
let t_expected = <[u8;16]>::from_hex("016325cf6a3c4b2e3b039675e1ccbc65")?;
let c = <[u8;32]>::from_hex("f63830f5148a039b6aacc4b9b6bc281d7704d906e4b5d91e045a62cdfc25eb10")?;
let p = G::decrypt(&k,&c,&t_expected)?;
assert_eq!(p, p_expected);
Ok(())
}
}