use chacha::KeyStream;
use crate::{util,ArxKW,ArxKwError,AuthTag,ConstantTimeEq};
pub struct EX {}
impl EX {
#[cfg(not(tarpaulin_include))]
#[must_use] pub const fn key_length() -> usize {
48
}
}
impl ArxKW for EX {
type Key = [u8; Self::key_length()];
fn encrypt(key: &Self::Key, plaintext: &[u8]) -> Result<(Vec<u8>, AuthTag), ArxKwError> {
let (k1, k2) = array_refs![key,16,32];
let authentication_tag = util::sip_array_keyed(k1, plaintext);
let nonce = construct_nonce(&authentication_tag);
let mut stream = util::xchacha8::new(k2,&nonce);
let mut ciphertext = plaintext.to_vec();
stream.xor_read(&mut ciphertext).map_err(|e| ArxKwError::ChaChaError(format!("Reached end of stream: {:?} X",e)))?;
Ok((ciphertext,authentication_tag))
}
fn decrypt(key: &Self::Key, ciphertext: &[u8], authentication_tag: &AuthTag) -> Result<Vec<u8>, ArxKwError> {
let (k1,k2) = array_refs![key,16,32];
let nonce = construct_nonce(authentication_tag);
let mut p_prime = ciphertext.to_vec();
let mut stream = util::xchacha8::new(k2,&nonce);
stream.xor_read(&mut p_prime).map_err(|e| ArxKwError::ChaChaError(format!("Reached end of stream: {:?} X",e)))?;
let t_prime = util::sip_array_keyed(k1, &p_prime);
if bool::from(t_prime.ct_eq(authentication_tag)) {
return Ok(p_prime);
}
Err(ArxKwError::BadTags(t_prime, *authentication_tag))
}
}
const NONCE_INIT_EX: [u8;24] = [0x61, 0x72, 0x62, 0x69, 0x74, 0x72, 0x45, 0x58,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0];
#[must_use]
#[inline]
#[cfg(not(tarpaulin_include))]
pub fn construct_nonce(authentication_tag: &AuthTag) -> [u8;24] {
let mut nonce = NONCE_INIT_EX;
nonce[8..24].clone_from_slice(authentication_tag.as_ref());
nonce
}
#[cfg(test)]
mod tests {
extern crate hex;
use super::*;
use anyhow::Result;
use hex::FromHex;
use crate::{assert_ct_eq,ConstantTimeEq};
#[test]
fn test_encrypt() -> Result<()> {
let k = <[u8; 48]>::from_hex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f")?;
let p = <[u8; 32]>::from_hex("deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef")?;
let t_expected = AuthTag(<[u8; 16]>::from_hex("c4f21d3b4dbcc566c3a73bbc59790f2f")?);
let c_expected = <[u8; 32]>::from_hex("02a55ab1d7f549db160e8ecb33e1c6d65a05d0ebaba54dc0712285787c8a62db")?;
let (c,t) = EX::encrypt(array_ref![k,0,48], &p)?;
assert_eq!(&c.to_vec(), &c_expected);
assert_ct_eq!(&t, &t_expected);
Ok(())
}
#[test]
fn test_encrypt_blob() -> Result<()> {
let k = <[u8; 48]>::from_hex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f")?;
let p = <[u8; 32]>::from_hex("deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef")?;
let blob_expected = <[u8;48]>::from_hex("c4f21d3b4dbcc566c3a73bbc59790f2f02a55ab1d7f549db160e8ecb33e1c6d65a05d0ebaba54dc0712285787c8a62db")?;
let blob = EX::encrypt_blob(&k, &p)?;
assert_ct_eq!(blob, &blob_expected);
Ok(())
}
#[test]
fn test_decrypt_blob() -> Result<()> {
let blob = <[u8;48]>::from_hex("c4f21d3b4dbcc566c3a73bbc59790f2f02a55ab1d7f549db160e8ecb33e1c6d65a05d0ebaba54dc0712285787c8a62db")?;
let k = <[u8; 48]>::from_hex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f")?;
let p_expected = <[u8; 32]>::from_hex("deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef")?;
let p = EX::decrypt_blob(&k, &blob)?;
assert_ct_eq!(p, &p_expected);
Ok(())
}
#[test]
fn test_decrypt() -> Result<()> {
let k = <[u8; 48]>::from_hex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f")?;
let p_expected = <[u8; 32]>::from_hex("deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef")?;
let t = AuthTag(<[u8; 16]>::from_hex("c4f21d3b4dbcc566c3a73bbc59790f2f")?);
let c = <[u8; 32]>::from_hex("02a55ab1d7f549db160e8ecb33e1c6d65a05d0ebaba54dc0712285787c8a62db")?;
let p = EX::decrypt(&k, &c, &t)?;
assert_eq!(p, p_expected);
Ok(())
}
#[test]
fn test_bad_decrypt() -> Result<()> {
let k = <[u8; 48]>::from_hex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f")?;
let t_bad = AuthTag(<[u8; 16]>::from_hex("aaf21d3b4dbcc566c3a73bbc59790f2f")?); let c = <[u8; 32]>::from_hex("02a55ab1d7f549db160e8ecb33e1c6d65a05d0ebaba54dc0712285787c8a62db")?;
let res = EX::decrypt(&k, &c, &t_bad);
assert!(res.is_err());
Ok(())
}
}