gost-modes 0.5.0

Block cipher modes of operation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

use crate::utils::{xor_set1, xor_set2};
use cipher::{
    AsyncStreamCipher, Block, BlockCipher, BlockEncrypt, FromBlockCipher, NewBlockCipher,
};
use core::ops::Sub;
use generic_array::{
    typenum::{
        type_operators::{IsGreater, IsGreaterOrEqual, IsLessOrEqual},
        Diff, Unsigned, U0, U255,
    },
    ArrayLength, GenericArray,
};

type BlockSize<C> = <C as BlockCipher>::BlockSize;

type Tail<C, M> = GenericArray<u8, Diff<M, <C as BlockCipher>::BlockSize>>;

/// Cipher feedback (CFB) mode of operation as defined in GOST R 34.13-2015
///
/// Type parameters:
/// - `C`: block cipher.
/// - `M`: nonce length in bytes. Default: block size.
/// - `S`: number of block bytes used for message encryption. Default: block size.
///
/// With default parameters this mode is fully equivalent to the `Cfb` mode defined
/// in the `cfb-mode` crate.
#[derive(Clone)]
pub struct GostCfb<C, M = BlockSize<C>, S = BlockSize<C>>
where
    C: BlockCipher + BlockEncrypt + NewBlockCipher,
    C::BlockSize: IsLessOrEqual<U255>,
    M: Unsigned + ArrayLength<u8> + IsGreaterOrEqual<C::BlockSize> + Sub<C::BlockSize>,
    S: Unsigned + ArrayLength<u8> + IsGreater<U0> + IsLessOrEqual<C::BlockSize>,
    Diff<M, C::BlockSize>: ArrayLength<u8>,
{
    cipher: C,
    block: GenericArray<u8, S>,
    tail: Tail<C, M>,
    pos: u8,
}

impl<C, M, S> GostCfb<C, M, S>
where
    C: BlockCipher + BlockEncrypt + NewBlockCipher,
    C::BlockSize: IsLessOrEqual<U255>,
    M: Unsigned + ArrayLength<u8> + IsGreaterOrEqual<C::BlockSize> + Sub<C::BlockSize>,
    S: Unsigned + ArrayLength<u8> + IsGreater<U0> + IsLessOrEqual<C::BlockSize>,
    Diff<M, C::BlockSize>: ArrayLength<u8>,
{
    fn gen_block(&mut self) {
        let s = S::USIZE;
        let ts = self.tail.len();
        let mut block: Block<C> = Default::default();
        if ts <= s {
            let d = s - ts;
            block[..ts].copy_from_slice(&self.tail);
            block[ts..].copy_from_slice(&self.block[..d]);
            self.tail = GenericArray::clone_from_slice(&self.block[d..]);
        } else {
            let d = ts - s;
            let mut tail: Tail<C, M> = Default::default();
            tail[..d].copy_from_slice(&self.tail[s..]);
            tail[d..].copy_from_slice(&self.block);
            block = GenericArray::clone_from_slice(&self.tail[..s]);
            self.tail = tail;
        }
        self.cipher.encrypt_block(&mut block);
        self.block.copy_from_slice(&block[..s]);
    }
}

impl<C, M, S> FromBlockCipher for GostCfb<C, M, S>
where
    C: BlockCipher + BlockEncrypt + NewBlockCipher,
    C::BlockSize: IsLessOrEqual<U255>,
    M: Unsigned + ArrayLength<u8> + IsGreaterOrEqual<C::BlockSize> + Sub<C::BlockSize>,
    S: Unsigned + ArrayLength<u8> + IsGreater<U0> + IsLessOrEqual<C::BlockSize>,
    Diff<M, C::BlockSize>: ArrayLength<u8>,
{
    type BlockCipher = C;
    type NonceSize = M;

    fn from_block_cipher(cipher: C, nonce: &GenericArray<u8, M>) -> Self {
        let bs = C::BlockSize::USIZE;
        let mut full_block = Block::<C>::clone_from_slice(&nonce[..bs]);
        cipher.encrypt_block(&mut full_block);
        Self {
            cipher,
            block: GenericArray::clone_from_slice(&full_block[..S::USIZE]),
            tail: GenericArray::clone_from_slice(&nonce[bs..]),
            pos: 0,
        }
    }
}

impl<C, M, S> AsyncStreamCipher for GostCfb<C, M, S>
where
    C: BlockCipher + BlockEncrypt + NewBlockCipher,
    C::BlockSize: IsLessOrEqual<U255>,
    M: Unsigned + ArrayLength<u8> + IsGreaterOrEqual<C::BlockSize> + Sub<C::BlockSize>,
    S: Unsigned + ArrayLength<u8> + IsGreater<U0> + IsLessOrEqual<C::BlockSize>,
    Diff<M, C::BlockSize>: ArrayLength<u8>,
{
    fn encrypt(&mut self, mut data: &mut [u8]) {
        let s = S::USIZE;
        let pos = self.pos as usize;

        if data.len() < s - pos {
            let n = data.len();
            xor_set1(data, &mut self.block[pos..pos + n]);
            self.pos += n as u8;
            return;
        } else if pos != 0 {
            let (l, r) = { data }.split_at_mut(s - pos);
            data = r;
            xor_set1(l, &mut self.block[pos..s]);
            self.gen_block()
        }

        let mut iter = data.chunks_exact_mut(s);
        for chunk in &mut iter {
            xor_set1(chunk, &mut self.block[..s]);
            self.gen_block();
        }
        let rem = iter.into_remainder();
        xor_set1(rem, &mut self.block[..rem.len()]);
        self.pos = rem.len() as u8;
    }

    fn decrypt(&mut self, mut data: &mut [u8]) {
        let s = S::USIZE;
        let pos = self.pos as usize;

        if data.len() < s - pos {
            let n = data.len();
            xor_set2(data, &mut self.block[pos..pos + n]);
            self.pos += n as u8;
            return;
        } else if pos != 0 {
            let (l, r) = { data }.split_at_mut(s - pos);
            data = r;
            xor_set2(l, &mut self.block[pos..]);
            self.gen_block()
        }

        let mut iter = data.chunks_exact_mut(s);
        for chunk in &mut iter {
            xor_set2(chunk, &mut self.block);
            self.gen_block();
        }
        let rem = iter.into_remainder();
        xor_set2(rem, &mut self.block[..rem.len()]);
        self.pos = rem.len() as u8;
    }
}