aria 0.2.0

Pure Rust implementation of the ARIA Encryption Algorithm
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

//! Pure Rust implementation of the [ARIA] block cipher ([RFC 5794]).
//!
//! # ⚠️ Security Warning: Hazmat!
//!
//! This crate implements only the low-level block cipher function, and is intended
//! for use for implementing higher-level constructions *only*. It is NOT
//! intended for direct use in applications.
//!
//! USE AT YOUR OWN RISK!
//!
//! # Examples
//! ```
//! use aria::cipher::{Array, BlockCipherDecrypt, BlockCipherEncrypt, KeyInit};
//! use aria::Aria128;
//!
//! let key = Array::from([0u8; 16]);
//! let mut block = Array::from([0u8; 16]);
//! // Initialize cipher
//! let cipher = Aria128::new(&key);
//!
//! let block_copy = block;
//! // Encrypt block in-place
//! cipher.encrypt_block(&mut block);
//! // And decrypt it back
//! cipher.decrypt_block(&mut block);
//! assert_eq!(block, block_copy);
//! ```
//!
//! [ARIA]: https://en.wikipedia.org/wiki/ARIA_(cipher)
//! [RFC 5794]: https://tools.ietf.org/html/rfc5794

#![no_std]
#![doc(
    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg",
    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/26acc39f/logo.svg"
)]
#![deny(unsafe_code)]
#![cfg_attr(docsrs, feature(doc_cfg))]
#![warn(missing_docs, rust_2018_idioms)]

mod consts;

pub use cipher;

use cipher::{
    Block, BlockCipherDecBackend, BlockCipherDecClosure, BlockCipherDecrypt, BlockCipherEncBackend,
    BlockCipherEncClosure, BlockCipherEncrypt, BlockSizeUser, ParBlocksSizeUser,
    consts::{U1, U16},
    inout::InOut,
};

#[cfg(feature = "zeroize")]
use cipher::zeroize::{Zeroize, ZeroizeOnDrop};

mod aria128;
mod aria192;
mod aria256;
mod utils;

use utils::{fe, fo, sl2};

/// Generic implementation of the ARIA block cipher.
///
/// It can be initialized only with `RK` being equal to 13 (ARIA-128),
/// 15 (ARIA-192), or 17 (ARIA-256).
#[derive(Clone)]
pub struct Aria<const RK: usize> {
    /// Encrypting subkeys.
    ek: [u128; RK],
    /// Encrypting subkeys.
    dk: [u128; RK],
}

impl<const RK: usize> BlockSizeUser for Aria<RK> {
    type BlockSize = U16;
}

impl<const RK: usize> ParBlocksSizeUser for Aria<RK> {
    type ParBlocksSize = U1;
}

impl<const RK: usize> BlockCipherEncrypt for Aria<RK> {
    #[inline]
    fn encrypt_with_backend(&self, f: impl BlockCipherEncClosure<BlockSize = Self::BlockSize>) {
        f.call(self)
    }
}

impl<const RK: usize> BlockCipherEncBackend for Aria<RK> {
    #[inline]
    fn encrypt_block(&self, mut block: InOut<'_, '_, Block<Self>>) {
        let mut p0 = u128::from_be_bytes((*block.get_in()).into());
        let mut p1;

        for i in (0..RK - 3).step_by(2) {
            p1 = fo(p0 ^ self.ek[i]);
            p0 = fe(p1 ^ self.ek[i + 1]);
        }

        let p1 = fo(p0 ^ self.ek[RK - 3]);
        let c = sl2(p1 ^ self.ek[RK - 2]) ^ self.ek[RK - 1];

        block.get_out().copy_from_slice(&c.to_be_bytes());
    }
}

impl<const RK: usize> BlockCipherDecrypt for Aria<RK> {
    #[inline]
    fn decrypt_with_backend(&self, f: impl BlockCipherDecClosure<BlockSize = Self::BlockSize>) {
        f.call(self)
    }
}

impl<const RK: usize> BlockCipherDecBackend for Aria<RK> {
    #[inline]
    fn decrypt_block(&self, mut block: InOut<'_, '_, Block<Self>>) {
        let mut c0 = u128::from_be_bytes((*block.get_in()).into());
        let mut c1;

        for i in (0..RK - 3).step_by(2) {
            c1 = fo(c0 ^ self.dk[i]);
            c0 = fe(c1 ^ self.dk[i + 1]);
        }

        let c1 = fo(c0 ^ self.dk[RK - 3]);
        let p = sl2(c1 ^ self.dk[RK - 2]) ^ self.dk[RK - 1];

        block.get_out().copy_from_slice(&p.to_be_bytes());
    }
}

impl<const RK: usize> Drop for Aria<RK> {
    fn drop(&mut self) {
        #[cfg(feature = "zeroize")]
        {
            self.ek.zeroize();
            self.dk.zeroize();
        }
    }
}

#[cfg(feature = "zeroize")]
impl<const RK: usize> ZeroizeOnDrop for Aria<RK> {}

/// ARIA-128 block cipher instance.
pub type Aria128 = Aria<13>;
/// ARIA-192 block cipher instance.
pub type Aria192 = Aria<15>;
/// ARIA-256 block cipher instance.
pub type Aria256 = Aria<17>;