fastcrypto 0.1.9

Common cryptographic library used at Mysten Labs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309

// Copyright (c) 2022, Mysten Labs, Inc.
// SPDX-License-Identifier: Apache-2.0

//! This module contains implementations of various AES modes.
//!
//! # Example
//! ```
//! # use fastcrypto::aes::*;
//! # use crate::fastcrypto::traits::Generate;
//! use rand::thread_rng;
//! let plaintext = b"Hello, world!";
//! let key = AesKey::generate(&mut thread_rng());
//! let iv = InitializationVector::generate(&mut thread_rng());
//! let cipher = Aes256Ctr::new(key);
//! let ciphertext = cipher.encrypt(&iv, plaintext);
//! let decrypted = cipher.decrypt(&iv, &ciphertext).unwrap();
//! assert_eq!(decrypted, plaintext);
//! ```

use crate::{
    error::FastCryptoError,
    traits::{AllowedRng, Generate, ToFromBytes},
};
use aes::cipher::{
    BlockCipher, BlockDecrypt, BlockDecryptMut, BlockEncrypt, BlockEncryptMut, BlockSizeUser,
    KeyInit, KeyIvInit, KeySizeUser, StreamCipher,
};
use aes_gcm::{AeadCore, AeadInPlace};
use fastcrypto_derive::{SilentDebug, SilentDisplay};
use generic_array::{ArrayLength, GenericArray};
use serde::de::DeserializeOwned;
use serde::{Deserialize, Serialize};
use std::fmt::Debug;
use std::marker::PhantomData;
use typenum::U16;
use zeroize::{Zeroize, ZeroizeOnDrop};

/// Trait impl'd by encryption keys in symmetric cryptography
///
pub trait EncryptionKey:
    ToFromBytes + Serialize + DeserializeOwned + Send + Sync + Sized + Generate
{
}

/// Trait impl'd by nonces and IV's used in symmetric cryptography
///
pub trait Nonce:
    ToFromBytes + Serialize + DeserializeOwned + Send + Sync + Sized + Generate
{
}

/// Trait impl'd by symmetric ciphers.
///
pub trait Cipher {
    type IVType: Nonce;

    /// Encrypt `plaintext` using the given IV and return the result.
    fn encrypt(&self, iv: &Self::IVType, plaintext: &[u8]) -> Vec<u8>;

    /// Decrypt `ciphertext` using the given IV and return the result. An error may be returned in
    /// CBC-mode if the ciphertext is not correctly padded, but in other modes this method always
    /// return Ok.
    fn decrypt(&self, iv: &Self::IVType, ciphertext: &[u8]) -> Result<Vec<u8>, FastCryptoError>;
}

/// Trait impl'd by symmetric ciphers for authenticated encryption.
///
pub trait AuthenticatedCipher {
    type IVType: Nonce;

    /// Encrypt `plaintext` using the given IV and authentication data and return the result.
    fn encrypt_authenticated(&self, iv: &Self::IVType, aad: &[u8], plaintext: &[u8]) -> Vec<u8>;

    /// Decrypt `ciphertext` using the given IV and authentication data and return the result.
    /// An error is returned if the authentication data does not match the supplied ciphertext.
    fn decrypt_authenticated(
        &self,
        iv: &Self::IVType,
        aad: &[u8],
        ciphertext: &[u8],
    ) -> Result<Vec<u8>, FastCryptoError>;
}

impl<AC: AuthenticatedCipher> Cipher for AC {
    type IVType = AC::IVType;

    fn encrypt(&self, iv: &Self::IVType, plaintext: &[u8]) -> Vec<u8> {
        self.encrypt_authenticated(iv, &[], plaintext)
    }

    fn decrypt(&self, iv: &Self::IVType, ciphertext: &[u8]) -> Result<Vec<u8>, FastCryptoError> {
        self.decrypt_authenticated(iv, &[], ciphertext)
    }
}

/// Struct wrapping an instance of a `generic_array::GenericArray<u8, N>`.
#[derive(Clone, Serialize, Deserialize, SilentDebug, SilentDisplay, ZeroizeOnDrop)]
#[serde(bound = "N: ArrayLength<u8>")]
pub struct GenericByteArray<N: ArrayLength<u8>> {
    // We use GenericArrays because they are used by the underlying crates.
    bytes: GenericArray<u8, N>,
}

impl<N: ArrayLength<u8>> AsRef<[u8]> for GenericByteArray<N> {
    fn as_ref(&self) -> &[u8] {
        self.bytes.as_ref()
    }
}

impl<N> ToFromBytes for GenericByteArray<N>
where
    N: ArrayLength<u8> + Debug,
{
    fn from_bytes(bytes: &[u8]) -> Result<Self, FastCryptoError> {
        match bytes.len() == N::USIZE {
            true => Ok(GenericByteArray {
                bytes: GenericArray::clone_from_slice(bytes),
            }),
            false => Err(FastCryptoError::InputLengthWrong(N::USIZE)),
        }
    }

    fn as_bytes(&self) -> &[u8] {
        &self.bytes
    }
}

impl<N> Generate for GenericByteArray<N>
where
    N: ArrayLength<u8> + Debug,
{
    fn generate<R: AllowedRng>(rng: &mut R) -> AesKey<N> {
        let mut bytes = GenericArray::<u8, N>::default();
        rng.fill_bytes(&mut bytes);
        GenericByteArray { bytes }
    }
}

impl<N> Zeroize for GenericByteArray<N>
where
    N: ArrayLength<u8>,
{
    fn zeroize(&mut self) {
        self.bytes.zeroize();
    }
}

/// A key of `N` bytes used with AES ciphers.
pub type AesKey<N> = GenericByteArray<N>;
impl<N> EncryptionKey for AesKey<N> where N: ArrayLength<u8> + Debug {}

/// An `N` byte initialization vector used with AES ciphers.
pub type InitializationVector<N> = GenericByteArray<N>;
impl<N> Nonce for InitializationVector<N> where N: ArrayLength<u8> + Debug {}

///
/// Aes in CTR mode
///
pub struct AesCtr<Aes: KeySizeUser>(AesKey<Aes::KeySize>);

impl<Aes: KeySizeUser> AesCtr<Aes> {
    pub fn new(key: AesKey<Aes::KeySize>) -> Self {
        Self(key)
    }
}

impl<Aes> Cipher for AesCtr<Aes>
where
    Aes: KeySizeUser
        + KeyInit
        + BlockCipher
        + BlockSizeUser<BlockSize = U16>
        + BlockEncrypt
        + BlockDecrypt,
{
    type IVType = InitializationVector<U16>;

    fn encrypt(&self, iv: &Self::IVType, plaintext: &[u8]) -> Vec<u8> {
        let mut buffer: Vec<u8> = vec![0; plaintext.len()];
        let mut cipher = ctr::Ctr128BE::<Aes>::new(&self.0.bytes, &iv.bytes);
        cipher.apply_keystream_b2b(plaintext, &mut buffer).unwrap();
        buffer
    }

    fn decrypt(&self, iv: &Self::IVType, ciphertext: &[u8]) -> Result<Vec<u8>, FastCryptoError> {
        let mut buffer: Vec<u8> = vec![0; ciphertext.len()];
        let mut cipher = ctr::Ctr128BE::<Aes>::new(&self.0.bytes, &iv.bytes);
        cipher.apply_keystream_b2b(ciphertext, &mut buffer).unwrap();
        Ok(buffer)
    }
}

/// AES128 in CTR-mode.
pub type Aes128Ctr = AesCtr<aes::Aes128>;

/// AES192 in CTR-mode.
pub type Aes192Ctr = AesCtr<aes::Aes192>;

/// AES256 in CTR-mode.
pub type Aes256Ctr = AesCtr<aes::Aes256>;

///
/// Aes in CBC mode
///
pub struct AesCbc<Aes: KeySizeUser, Padding> {
    key: AesKey<Aes::KeySize>,
    padding: PhantomData<Padding>,
}

impl<Aes: KeySizeUser, Padding> AesCbc<Aes, Padding> {
    pub fn new(key: AesKey<Aes::KeySize>) -> Self {
        Self {
            key,
            padding: PhantomData,
        }
    }
}

impl<Aes, Padding> Cipher for AesCbc<Aes, Padding>
where
    Aes: KeySizeUser
        + KeyInit
        + BlockCipher
        + BlockSizeUser<BlockSize = U16>
        + BlockEncrypt
        + BlockDecrypt,
    Padding: aes::cipher::block_padding::Padding<U16>,
{
    type IVType = InitializationVector<U16>;

    fn encrypt(&self, iv: &Self::IVType, plaintext: &[u8]) -> Vec<u8> {
        let cipher = cbc::Encryptor::<Aes>::new(&self.key.bytes, &iv.bytes);
        cipher.encrypt_padded_vec_mut::<Padding>(plaintext)
    }

    fn decrypt(&self, iv: &Self::IVType, ciphertext: &[u8]) -> Result<Vec<u8>, FastCryptoError> {
        let cipher = cbc::Decryptor::<Aes>::new(&self.key.bytes, &iv.bytes);
        cipher
            .decrypt_padded_vec_mut::<Padding>(ciphertext)
            .map_err(|_| FastCryptoError::InvalidInput)
    }
}

/// AES128 in CBC-mode using PKCS #7 padding.
pub type Aes128CbcPkcs7 = AesCbc<aes::Aes128, aes::cipher::block_padding::Pkcs7>;

/// AES256 in CBC-mode using PKCS #7 padding.
pub type Aes256CbcPkcs7 = AesCbc<aes::Aes256, aes::cipher::block_padding::Pkcs7>;

/// AES128 in CBC-mode using ISO 10126 padding.
pub type Aes128CbcIso10126 = AesCbc<aes::Aes128, aes::cipher::block_padding::Iso10126>;

/// AES256 in CBC-mode using ISO 10126 padding.
pub type Aes256CbcIso10126 = AesCbc<aes::Aes256, aes::cipher::block_padding::Iso10126>;

/// AES128 in CBC-mode using ANSI X9.23 padding.
pub type Aes128CbcAnsiX923 = AesCbc<aes::Aes128, aes::cipher::block_padding::AnsiX923>;

/// AES256 in CBC-mode using ANSI X9.23 padding.
pub type Aes256CbcAnsiX923 = AesCbc<aes::Aes256, aes::cipher::block_padding::AnsiX923>;

/// AES in GCM mode (authenticated).
pub struct AeadWrapper<A: AeadInPlace>(A);

impl<A: KeyInit + AeadInPlace> AeadWrapper<A> {
    pub fn new(key: AesKey<A::KeySize>) -> Self {
        Self(A::new(&key.bytes))
    }
}

impl<A: AeadInPlace> AuthenticatedCipher for AeadWrapper<A>
where
    <A as AeadCore>::NonceSize: Debug,
{
    type IVType = InitializationVector<<A as AeadCore>::NonceSize>;

    fn encrypt_authenticated(&self, iv: &Self::IVType, aad: &[u8], plaintext: &[u8]) -> Vec<u8> {
        let mut buffer: Vec<u8> = plaintext.to_vec();
        self.0
            .encrypt_in_place(&iv.bytes, aad, &mut buffer)
            .unwrap();
        buffer
    }

    fn decrypt_authenticated(
        &self,
        iv: &Self::IVType,
        aad: &[u8],
        ciphertext: &[u8],
    ) -> Result<Vec<u8>, FastCryptoError> {
        if iv.as_bytes().is_empty() {
            return Err(FastCryptoError::InputTooShort(1));
        }
        let mut buffer: Vec<u8> = ciphertext.to_vec();
        self.0
            .decrypt_in_place(&iv.bytes, aad, &mut buffer)
            .map_err(|_| FastCryptoError::GeneralOpaqueError)?;
        Ok(buffer)
    }
}

/// AES128 in GCM-mode (authenticated) using the given nonce size.
pub type Aes128Gcm<NonceSize> = AeadWrapper<aes_gcm::AesGcm<aes::Aes128, NonceSize>>;

/// AES256 in GCM-mode (authenticated) using the given nonce size.
pub type Aes256Gcm<NonceSize> = AeadWrapper<aes_gcm::AesGcm<aes::Aes256, NonceSize>>;

/// AES256 in GCM-SIV (athenticated) mode with 96 bit nonces.
pub type Aes256GcmSiv = AeadWrapper<aes_gcm_siv::Aes256GcmSiv>;