1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

//https://github.com/maidsafe/rust_sodium/blob/master/src/crypto/stream/stream_macros.rs
//! Secret-key encryption
//! ----------------------------------------------------------------
//! |`crypto_stream`           |primitive     |KEYBYTES |NONCEBYTES|
//! |--------------------------|--------------|---------|----------|
//! |`crypto_stream_xsalsa20`  |`XSalsa20/20` |32       |24        |
//! ----------------------------------------------------------------

use std::iter::repeat;
pub mod xsalsa20;

/// `stream()` produces a `len`-byte stream `c` as a function of a secret key `k` and a nonce `n`.
pub fn stream(length: usize, nonce: &xsalsa20::StreamNonce, key: &xsalsa20::StreamKey) -> Vec<u8> {
    let mut cipher: Vec<u8> = repeat(0u8).take(length).collect();
    xsalsa20::stream(&mut cipher, &nonce, &key);
    cipher
}

/// `stream_xor()` encrypts a message `m` using a secret key `k` and a nonce `n`.
/// The `stream_xor()` function returns the ciphertext `c`.
///
/// `stream_xor()` guarantees that the ciphertext has the same length as the plaintext,
/// and is the plaintext xor the output of `stream()`.
/// Consequently `stream_xor()` can also be used to decrypt.
pub fn stream_xor(message: &[u8], nonce: &xsalsa20::StreamNonce, key: &xsalsa20::StreamKey) -> Vec<u8> {
    let mut cipher: Vec<u8> = repeat(0u8).take(message.len()).collect();
    xsalsa20::stream_xor(&mut cipher, &message, &nonce, &key);
    cipher
}


//https://github.com/maidsafe/rust_sodium/blob/master/src/crypto/stream/xsalsa20.rs
#[test]
fn test_xsalsa20_1() {
    // corresponding to tests/stream3.c and tests/stream7.cpp from NaCl
    let firstkey = [0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51,
                            0x19, 0x7a, 0x9a, 0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64,
                            0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89];

    let nonce = [0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73, 0xcd, 0x62, 0xbd,
                           0xa8, 0x75, 0xfc, 0x73, 0xd6, 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a,
                           0x0b, 0x37];

    let rs = stream(32, &nonce, &firstkey);

    let rs_expected = vec![0xee, 0xa6, 0xa7, 0x25, 0x1c, 0x1e, 0x72, 0x91, 0x6d, 0x11, 0xc2,
                               0xcb, 0x21, 0x4d, 0x3c, 0x25, 0x25, 0x39, 0x12, 0x1d, 0x8e, 0x23,
                               0x4e, 0x65, 0x2d, 0x65, 0x1f, 0xa4, 0xc8, 0xcf, 0xf8, 0x80];
    assert!(rs == rs_expected);
}

#[test]
fn test_xsalsa20_2() {
    // corresponding to tests/stream4.c and tests/stream8.cpp from NaCl
    let firstkey = [0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51,
                            0x19, 0x7a, 0x9a, 0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64,
                            0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89];

    let nonce = [0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73, 0xcd, 0x62, 0xbd,
                           0xa8, 0x75, 0xfc, 0x73, 0xd6, 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a,
                           0x0b, 0x37];

    let m = &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                  0, 0, 0, 0, 0, 0xbe, 0x07, 0x5f, 0xc5, 0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13,
                  0x16, 0xeb, 0xeb, 0x0c, 0x7b, 0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4,
                  0x4b, 0x66, 0x84, 0x9b, 0x64, 0x24, 0x4f, 0xfc, 0xe5, 0xec, 0xba, 0xaf, 0x33,
                  0xbd, 0x75, 0x1a, 0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29, 0x6c, 0xdc,
                  0x3c, 0x01, 0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce, 0x31, 0x4a, 0xdb,
                  0x31, 0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d, 0xce, 0xea, 0x3a, 0x7f,
                  0xa1, 0x34, 0x80, 0x57, 0xe2, 0xf6, 0x55, 0x6a, 0xd6, 0xb1, 0x31, 0x8a, 0x02,
                  0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde, 0x04, 0x89, 0x77, 0xeb, 0x48, 0xf5,
                  0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c, 0x60, 0x90, 0x2e, 0x52, 0xf0, 0xa0, 0x89,
                  0xbc, 0x76, 0x89, 0x70, 0x40, 0xe0, 0x82, 0xf9, 0x37, 0x76, 0x38, 0x48, 0x64,
                  0x5e, 0x07, 0x05];

        let c = stream_xor(m, &nonce, &firstkey);

        let c_expected = [0x8e, 0x99, 0x3b, 0x9f, 0x48, 0x68, 0x12, 0x73, 0xc2, 0x96, 0x50, 0xba,
                          0x32, 0xfc, 0x76, 0xce, 0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4,
                          0x47, 0x6f, 0xb8, 0xc5, 0x31, 0xa1, 0x18, 0x6a, 0xc0, 0xdf, 0xc1, 0x7c,
                          0x98, 0xdc, 0xe8, 0x7b, 0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72,
                          0x71, 0xd2, 0xc2, 0x0f, 0x9b, 0x92, 0x8f, 0xe2, 0x27, 0x0d, 0x6f, 0xb8,
                          0x63, 0xd5, 0x17, 0x38, 0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a,
                          0xb9, 0x32, 0x16, 0x45, 0x48, 0xe5, 0x26, 0xae, 0x90, 0x22, 0x43, 0x68,
                          0x51, 0x7a, 0xcf, 0xea, 0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda,
                          0x99, 0x83, 0x2b, 0x61, 0xca, 0x01, 0xb6, 0xde, 0x56, 0x24, 0x4a, 0x9e,
                          0x88, 0xd5, 0xf9, 0xb3, 0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6,
                          0x59, 0x9b, 0x1f, 0x65, 0x4c, 0xb4, 0x5a, 0x74, 0xe3, 0x55, 0xa5];

        assert!(&c[32..] == &c_expected[..]);
}


//   #[test]
//     fn test_encrypt_decrypt() {
//         use randombytes::randombytes;
//         assert!(::init());
//         for i in 0..1024usize {
//             let k = gen_key();
//             let n = gen_nonce();
//             let m = randombytes(i);
//             let c = stream_xor(&m, &n, &k);
//             let m2 = stream_xor(&c, &n, &k);
//             assert!(m == m2);
//         }
//     }

//     #[test]
//     fn test_stream_xor() {
//         use randombytes::randombytes;
//         assert!(::init());
//         for i in 0..1024usize {
//             let k = gen_key();
//             let n = gen_nonce();
//             let m = randombytes(i);
//             let mut c = m.clone();
//             let s = stream(c.len(), &n, &k);
//             for (e, v) in c.iter_mut().zip(s.iter()) {
//                 *e ^= *v;
//             }
//             let c2 = stream_xor(&m, &n, &k);
//             assert!(c == c2);
//         }
// }