grain-128aeadv2 0.1.2

Implementation of Grain-128AEADv2 stream cipher.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313

#![no_std]
#![cfg_attr(docsrs, feature(doc_cfg))]
#![doc(
    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg",
    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg"
)]
#![deny(unsafe_code)]
#![warn(missing_docs)]



//! ## Quickstart
//!
//! Basic usage (with default `vec` feature):
//!
//! If you don't want to use the module to generate the keys :
#![cfg_attr(feature = "vec", doc = "```")]
#![cfg_attr(not(feature = "vec"), doc = "```ignore")]
//! use grain_128aeadv2::{
//!     Grain128, Key, Nonce,
//!     aead::{KeyInit, AeadCore}
//! };
//!
//! // PLEASE use a RANDOM key/nonce (don't copy-paste this...)
//! let key = [12, 33, 91, 88, 1, 0, 132, 11, 231, 28, 1, 3, 5, 1, 5, 1];
//! let nonce = [91, 88, 1, 0, 132, 11, 231, 1, 23, 32, 22, 33];
//! let cipher = Grain128::new(&key.into());
//!
//! let (ciphertext, tag) = cipher.encrypt_aead(
//!     &nonce.into(),
//!     b"Some additionnal data",
//!     b"this is a secret message"
//! );
//!
//! let plaintext = cipher.decrypt_aead(
//!     &nonce.into(),
//!     b"Some additionnal data",
//!     &ciphertext,
//!     &tag
//! ).expect("Tag verification failed");
//!
//! assert_eq!(&plaintext, b"this is a secret message"); 
//!
//! ```
//! With randomly sampled keys and nonces (requires `getrandom` feature):
//!
#![cfg_attr(all(feature = "vec", feature = "getrandom"), doc = "```")]
#![cfg_attr(not(all(feature = "vec", feature = "getrandom")), doc = "```ignore")]
//! use grain_128aeadv2::{Grain128, aead::{Aead, AeadCore, KeyInit}};
//!
//! let key = Grain128::generate_key().expect("Unable to generate key");
//! let cipher = Grain128::new(&key);
//!
//! // A nonce must be USED ONLY ONCE !
//! let nonce = Grain128::generate_nonce().expect("Unable to generate nonce");
//! let (ciphertext, tag) = cipher.encrypt_aead(
//!     &nonce,
//!     b"Some additionnal data",
//!     b"this is a secret message"
//! );
//!
//! let plaintext = cipher.decrypt_aead(
//!     &nonce,
//!     b"Some additionnal data",
//!     &ciphertext,
//!     &tag
//! ).expect("Tag verification failed");
//!
//! assert_eq!(&plaintext, b"this is a secret message"); 
//! ```
//!
//! ## In-place encryption (`arrayvec` or `alloc`)
//!
//! The [`AeadInOut::encrypt_in_place`] and [`AeadInOut::decrypt_in_place`]
//! methods accept any type that impls the [`aead::Buffer`] trait which
//! contains the plaintext for encryption or ciphertext for decryption.
//!
//! Enabling the `arrayvec` feature of this crate will provide an impl of
//! [`aead::Buffer`] for `arrayvec::ArrayVec` (re-exported from the [`aead`] crate as
//! [`aead::arrayvec::ArrayVec`]).
//! Enabling the `alloc` feature of this crate will provide an impl of
//! [`aead::Buffer`] for `Vec`.
//!
//! It can then be passed as the `buffer` parameter to the in-place encrypt
//! and decrypt methods:
//!
#![cfg_attr(all(feature = "getrandom", feature = "arrayvec"), doc = "```")]
#![cfg_attr(
    not(all(feature = "getrandom", feature = "arrayvec")),
    doc = "```ignore"
)]
//! use grain_128aeadv2::{
//!     Grain128, Key, Nonce,
//!     aead::{AeadCore, AeadInOut, KeyInit, arrayvec::ArrayVec}
//! };
//!
//! let key = Grain128::generate_key().expect("Unable to generate key");
//! let cipher = Grain128::new(&key);
//!
//! // A nonce must be USED ONLY ONCE !
//! let nonce = Grain128::generate_nonce().expect("Unable to generate nonce");
//! // Take care : 8 bytes overhead to store the tag
//! let mut buffer: ArrayVec<u8, 24> = ArrayVec::new();
//! buffer.try_extend_from_slice(b"a secret message").unwrap();
//!
//! // Perform in place encryption inside 'buffer'
//! cipher.encrypt_in_place(&nonce, b"Some AD", &mut buffer).expect("Unable to encrypt");
//!
//! // Perform in place decryption
//! cipher.decrypt_in_place(&nonce, b"Some AD", &mut buffer).expect("Tag verification failed");
//!
//! assert_eq!(buffer.as_ref(), b"a secret message");
//! ```
#![cfg_attr(all(feature = "getrandom", feature = "alloc"), doc = "```")]
#![cfg_attr(
    not(all(feature = "getrandom", feature = "alloc")),
    doc = "```ignore"
)]
//! use grain_128aeadv2::{
//!     Grain128, Key, Nonce,
//!     aead::{AeadCore, AeadInOut, KeyInit, arrayvec::ArrayVec}
//! };
//!
//! let key = Grain128::generate_key().expect("Unable to generate key");
//! let cipher = Grain128::new(&key);
//!
//! // A nonce must be USED ONLY ONCE !
//! let nonce = Grain128::generate_nonce().expect("Unable to generate nonce");
//! // Take care : 8 bytes overhead to store the tag
//! let mut buffer: Vec<u8> = vec![];
//! buffer.extend_from_slice(b"a secret message");
//!
//! // Perform in place encryption inside 'buffer'
//! cipher.encrypt_in_place(&nonce, b"Some AD", &mut buffer).expect("Unable to encrypt");
//!
//! // Perform in place decryption
//! cipher.decrypt_in_place(&nonce, b"Some AD", &mut buffer).expect("Tag verification failed");
//!
//! assert_eq!(&buffer, b"a secret message");
//! ```

#[cfg(feature = "vec")]
extern crate alloc;
#[cfg(feature = "vec")]
use alloc::vec::Vec;

pub use aead::{self, Tag, AeadCore, AeadInOut, Error, Key, KeyInit, KeySizeUser, Nonce, array::Array, inout::InOutBuf, consts::{U1, U8, U12, U16}, Buffer};
use aead::TagPosition;

#[cfg(feature = "zeroize")]
pub use zeroize;


mod grain_core;
mod fsr;
mod utils;
mod traits;

use grain_core::GrainCore;


/// Grain-128AEADv2 cipher.
#[cfg_attr(feature = "zeroize", derive(zeroize::Zeroize, zeroize::ZeroizeOnDrop))]
pub struct Grain128 {
    pub(crate) key: u128,
}


// Implement to define key/iv size 
impl KeySizeUser for Grain128{
    type KeySize = U16;
}

impl KeyInit for Grain128 {
    fn new(key: &Key<Self>) -> Self {

        let mut key_int: u128 = 0;
        for i in 0..key.len() {
            key_int |= (key[i] as u128) << (i * 8);
        }

        Grain128 { key: key_int}
    }
}


impl AeadCore for Grain128 {
    type NonceSize = U12;
    type TagSize = U8;
    const TAG_POSITION: TagPosition = TagPosition::Postfix;
}


#[cfg(feature = "vec")]
impl Grain128 {
    /// Init a new grain128-AEADv2 cipher for the given nonce
    /// and encrypts the plaintext. One may provide associated
    /// data that will be authenticated too.
    ///
    /// ```
    /// use grain_128aeadv2::{Grain128, KeyInit};
    /// 
    /// let key = b"my secret key !!";
    /// let cipher = Grain128::new(key.into());
    ///
    /// // A nonce must be USED ONLY ONCE !
    /// let (ciphertext, tag) = cipher.encrypt_aead(
    ///     b"super nonce!".into(),
    ///     b"this is associated data",
    ///     b"my secret"
    /// );
    /// ```
    pub fn encrypt_aead(&self, nonce: &Nonce<Self>, associated_data: &[u8], plaintext: &[u8]) -> (Vec<u8>, Tag<Self>){
        let mut nonce_int: u128 = 0;
        for i in 0..nonce.len() {
            nonce_int |= (nonce[i] as u128) << (i * 8);
        }

        let mut cipher = GrainCore::new(self.key, nonce_int);

        let (ct, tag) = cipher.encrypt_aead(associated_data, plaintext);

        (ct, Tag::<Self>::from(tag))
    }

    /// Init a new grain128-AEADv2 cipher for the given nonce
    /// and decrypts the ciphertext. You need to provide the 
    /// associated data if any.
    ///
    /// ```
    /// use grain_128aeadv2::{Grain128, KeyInit};
    /// 
    /// let key = b"my secret key !!";
    /// let cipher = Grain128::new(key.into());
    ///
    /// // A nonce must be USED ONLY ONCE !
    /// let (ciphertext, tag) = cipher.encrypt_aead(
    ///     b"super nonce!".into(),
    ///     b"this is associated data",
    ///     b"my secret"
    /// );
    /// let decrypted = cipher.decrypt_aead(
    ///     b"super nonce!".into(),
    ///     b"this is associated data",
    ///     &ciphertext,
    ///     &tag
    /// ).expect("Unable to decrypt");
    ////
    /// assert_eq!(decrypted, b"my secret");
    /// ```
    pub fn decrypt_aead(&self, nonce: &Nonce<Self>, associated_data: &[u8], ciphertext: &[u8], expected_tag: &Tag<Self>) -> Result<Vec<u8>, Error> {
        let mut nonce_int: u128 = 0;
        for i in 0..nonce.len() {
            nonce_int |= (nonce[i] as u128) << (i * 8);
        }

        let mut cipher = GrainCore::new(self.key, nonce_int);

        cipher.decrypt_aead(associated_data, ciphertext, expected_tag.as_slice())
    }
}


impl AeadInOut for Grain128 {
    fn encrypt_inout_detached(
        &self,
        nonce: &Nonce<Self>,
        associated_data: &[u8],
        buffer: InOutBuf<'_, '_, u8>,
    ) -> Result<Tag<Self>, Error> {

        let mut nonce_int: u128 = 0;
        for i in 0..nonce.len() {
            nonce_int |= (nonce[i] as u128) << (i * 8);
        }

        let mut cipher = GrainCore::new(self.key, nonce_int);

        let tag = Tag::<Self>::from(cipher.encrypt_auth_aead_inout(associated_data, buffer));

        Ok(tag)
    }

    fn decrypt_inout_detached(
        &self,
        nonce: &Nonce<Self>,
        associated_data: &[u8],
        mut buffer: InOutBuf<'_, '_, u8>,
        tag: &Tag<Self>,
    ) -> Result<(), Error> {

        let mut nonce_int: u128 = 0;
        for i in 0..nonce.len() {
            nonce_int |= (nonce[i] as u128) << (i * 8);
        }

        let mut cipher = GrainCore::new(self.key, nonce_int);

        let decrypt_res = cipher.decrypt_auth_aead_inout(associated_data, buffer.reborrow(), tag.as_slice());

        match decrypt_res {
            Ok(()) => Ok(()),
            _ => {
                // Avoid leaking the decrypted ciphertext
                buffer.get_out().fill(0);
                // Then return the error
                Err(Error)
            }
        }
        

    }
}