gmssl-rs 0.1.0

Safe, idiomatic Rust wrapper for the GmSSL cryptographic library (SM2/SM3/SM4/SM9/ZUC/X.509)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

// ZUC stream cipher tests.

use super::*;

/// ZUC round-trip encrypt/decrypt.
#[test]
fn test_zuc_roundtrip() {
    let key = [0x01u8; 16];
    let iv = [0x02u8; 16];
    let plaintext = b"ZUC stream cipher test message for encryption and decryption!";

    // Encrypt (same as decrypt for stream cipher)
    let ct = Zuc::process(&key, &iv, plaintext);
    let pt = Zuc::process(&key, &iv, &ct);

    assert_eq!(&pt[..], &plaintext[..]);
}

/// ZUC with random data round-trip.
#[test]
fn test_zuc_long_data() {
    let key = [0x42u8; 16];
    let iv = [0x24u8; 16];

    // 1KB of data
    let plaintext = vec![0xAAu8; 1024];
    let ct = Zuc::process(&key, &iv, &plaintext);
    let pt = Zuc::process(&key, &iv, &ct);

    assert_eq!(pt, plaintext);
    // Ciphertext should differ from plaintext
    assert_ne!(ct, plaintext);
}

/// ZUC with different keys produces different output.
#[test]
fn test_zuc_different_keys() {
    let iv = [0x02u8; 16];
    let plaintext = b"same plaintext";

    let ct1 = Zuc::process(&[0x01u8; 16], &iv, plaintext);
    let ct2 = Zuc::process(&[0xFFu8; 16], &iv, plaintext);

    assert_ne!(ct1, ct2);
}

/// ZUC keystream generation.
#[test]
fn test_zuc_keystream() {
    let mut zuc = Zuc::new(&[0x01u8; 16], &[0x02u8; 16]);
    let words1 = zuc.generate_keystream(4);
    let words2 = zuc.generate_keystream(4);

    // Successive keystream blocks should differ
    assert_ne!(words1, words2);
    assert_eq!(words1.len(), 4);
    assert_eq!(words2.len(), 4);
}

/// ZUC MAC computation.
#[test]
fn test_zuc_mac() {
    let key = [0x01u8; 16];
    let iv = [0x02u8; 16];

    let mut mac_ctx = ZucMac::new(&key, &iv);
    mac_ctx.update(b"message for MAC");
    let mac1 = mac_ctx.finish(b"", 0);

    // Same key/iv/data = same MAC
    let mut mac_ctx = ZucMac::new(&key, &iv);
    mac_ctx.update(b"message for MAC");
    let mac2 = mac_ctx.finish(b"", 0);

    assert_eq!(mac1, mac2);

    // Different data = different MAC
    let mut mac_ctx = ZucMac::new(&key, &iv);
    mac_ctx.update(b"different message");
    let mac3 = mac_ctx.finish(b"", 0);

    assert_ne!(mac1, mac3);
}

/// ZUC-256 round-trip.
#[test]
fn test_zuc256_roundtrip() {
    let key = [0x01u8; 32];
    let iv = [0x02u8; 23];
    let plaintext = b"ZUC-256 test";

    let mut zuc = Zuc256::new(&key, &iv);
    let ct = zuc.encrypt(plaintext);

    let mut zuc = Zuc256::new(&key, &iv);
    let pt = zuc.encrypt(&ct);

    assert_eq!(&pt[..], &plaintext[..]);
}

/// ZUC streaming encryptor round-trip.
#[test]
fn test_zuc_streaming() {
    let key = [0x01u8; 16];
    let iv = [0x02u8; 16];
    let plaintext = b"streaming ZUC test data for encryption";

    // Encrypt
    let mut enc = ZucEncryptor::new(&key, &iv).unwrap();
    let mut ct = Vec::new();
    ct.extend_from_slice(&enc.update(&plaintext[..10]).unwrap());
    ct.extend_from_slice(&enc.update(&plaintext[10..]).unwrap());
    ct.extend_from_slice(&enc.finish().unwrap());

    // Decrypt
    let mut dec = ZucEncryptor::new(&key, &iv).unwrap();
    let mut pt = Vec::new();
    pt.extend_from_slice(&dec.update(&ct).unwrap());
    pt.extend_from_slice(&dec.finish().unwrap());

    assert_eq!(&pt, plaintext);
}