cloudproof_aesgcm 0.1.5

Cosmian AES256GCM library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

use cosmian_crypto_core::{
    Aes256Gcm as Aes256GcmRust, CryptoCoreError, Dem, FixedSizeCBytes, Instantiable, Nonce,
    SymmetricKey,
};

use crate::error::AesGcmError;

/// The `encrypt` function parameters are:
///
/// Arguments:
///
/// * `key`: 32-byte array
/// * `nonce`: 12-byte array
/// * `plaintext`: the data to encrypt
/// * `authenticated_data`: an additional data that is authenticated during
///   encryption
///
/// Returns:
///
/// the ciphertext if succeeds
pub fn encrypt(
    key: &[u8],
    nonce: &[u8],
    plaintext: &[u8],
    authenticated_data: &[u8],
) -> Result<Vec<u8>, AesGcmError> {
    let key: [u8; Aes256GcmRust::KEY_LENGTH] = key
        .try_into()
        .expect("AESGCM invalid key length, expected 32 bytes");
    let nonce: [u8; Aes256GcmRust::NONCE_LENGTH] = nonce
        .try_into()
        .expect("AESGCM invalid nonce length, expected 12 bytes");

    let key =
        SymmetricKey::try_from_bytes(key).expect("could not convert key to SymmetricKey instance");
    let nonce = Nonce::try_from_bytes(nonce).expect("could not convert nonce to Nonce instance");
    Ok(Aes256GcmRust::new(&key).encrypt(&nonce, plaintext, Some(authenticated_data))?)
}

/// The `decrypt` function parameters are:
///
/// Arguments:
///
/// * `key`: 32-byte array
/// * `nonce`: 12-byte array
/// * `ciphertext`: the data to encrypt
/// * `authenticated_data`: an additional data used during encryption
///
/// Returns:
///
/// the ciphertext if succeeds
pub fn decrypt(
    key: &[u8],
    nonce: &[u8],
    ciphertext: &[u8],
    authenticated_data: &[u8],
) -> Result<Vec<u8>, AesGcmError> {
    if ciphertext.len() < Aes256GcmRust::MAC_LENGTH {
        return Err(AesGcmError::CryptoCore(
            CryptoCoreError::CiphertextTooSmallError {
                ciphertext_len: ciphertext.len(),
                min: Aes256GcmRust::MAC_LENGTH as u64,
            },
        ));
    }
    let key: [u8; Aes256GcmRust::KEY_LENGTH] = key
        .try_into()
        .expect("AES256 GCM invalid key length, expected 32 bytes");
    let nonce: [u8; Aes256GcmRust::NONCE_LENGTH] = nonce
        .try_into()
        .expect("AES256 GCM invalid nonce length, expected 12 bytes");

    let key =
        SymmetricKey::try_from_bytes(key).expect("could not convert key to SymmetricKey instance");
    let nonce = Nonce::try_from_bytes(nonce).expect("could not convert nonce to Nonce instance");
    Ok(Aes256GcmRust::new(&key).decrypt(&nonce, ciphertext, Some(authenticated_data))?)
}

#[cfg(test)]
mod tests {
    use cosmian_crypto_core::Aes256Gcm;

    use crate::core::aesgcm::{decrypt, encrypt};

    #[test]
    fn test_encrypt_decrypt() {
        let key = vec![42_u8; Aes256Gcm::KEY_LENGTH];
        let nonce = vec![42_u8; Aes256Gcm::NONCE_LENGTH];
        let plaintext = b"plaintext";
        let authenticated_data = b"authenticated_data";
        let ciphertext = encrypt(&key, &nonce, plaintext, authenticated_data).unwrap();
        let cleartext = decrypt(&key, &nonce, &ciphertext, authenticated_data).unwrap();
        assert_eq!(plaintext.to_vec(), cleartext);
    }
}