sarkara 0.8.0

A Post-Quantum cryptography library.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

//! General RIV Authenticated Encryption.

use std::marker::PhantomData;
use seckey::Bytes;
use ::stream::StreamCipher;
use ::auth::NonceMac;
use ::hash::GenericHash;
use super::{ AeadCipher, DecryptFail };


/// General RIV Authenticated Encryption.
///
/// # Example(encrypt/decrypt)
/// ```
/// # extern crate rand;
/// # extern crate sarkara;
/// # fn main() {
/// use rand::{ Rng, thread_rng };
/// use sarkara::aead::{ RivGeneral, AeadCipher };
/// use sarkara::stream::HC256;
/// use sarkara::auth::HMAC;
/// use sarkara::hash::Blake2b;
///
/// type HRHB = RivGeneral<HC256, HMAC<Blake2b>, Blake2b>;
///
/// // ...
/// # let mut rng = thread_rng();
/// # let mut pass = vec![0; HRHB::KEY_LENGTH];
/// # let mut nonce = vec![0; HRHB::NONCE_LENGTH];
/// # let mut data = vec![0; 1024];
/// # rng.fill_bytes(&mut pass);
/// # rng.fill_bytes(&mut nonce);
/// # rng.fill_bytes(&mut data);
///
/// let ciphertext = HRHB::new(&pass)
///     .with_aad(&nonce)
///     .encrypt(&nonce, &data);
/// let plaintext = HRHB::new(&pass)
///     .with_aad(&nonce)
///     .decrypt(&nonce, &ciphertext)
///     .unwrap();
/// assert_eq!(plaintext, data);
/// # }
/// ```
#[derive(Debug, Clone)]
pub struct RivGeneral<C, M, H> {
    cipher: C,
    mac: M,
    hash: PhantomData<H>,
    aad: Vec<u8>
}

impl<C, M, H> AeadCipher for RivGeneral<C, M, H>
    where
        C: StreamCipher,
        M: NonceMac + Clone,
        H: GenericHash
{
    fn new(key: &[u8]) -> Self where Self: Sized {
        assert_eq!(key.len(), Self::KEY_LENGTH);
        let mac_key = H::default()
            .with_size(M::KEY_LENGTH)
            .hash::<Bytes>(key);
        let mut mac = M::new(&mac_key);
        mac.with_size(C::NONCE_LENGTH);
        RivGeneral {
            cipher: C::new(key),
            mac: mac,
            hash: PhantomData,
            aad: Vec::new()
        }
    }

    const KEY_LENGTH: usize = C::KEY_LENGTH;
    const TAG_LENGTH: usize = C::NONCE_LENGTH;
    const NONCE_LENGTH: usize = M::NONCE_LENGTH;

    #[inline]
    fn with_aad(&mut self, aad: &[u8]) -> &mut Self {
        self.aad = aad.into();
        self
    }

    fn encrypt(&self, nonce: &[u8], data: &[u8]) -> Vec<u8> {
        assert_eq!(nonce.len(), Self::NONCE_LENGTH);
        let mut mac = self.mac.clone();
        mac.with_nonce(nonce);

        let mut aad_and_data = Vec::with_capacity(self.aad.len() + data.len());
        aad_and_data.extend_from_slice(&self.aad);
        aad_and_data.extend_from_slice(data);
        let mut tag = mac.result::<Vec<u8>>(&aad_and_data);
        let mut output = self.cipher.process(&tag, data);
        let xorkey = mac.result::<Bytes>(&output);

        for (b, &x) in tag.iter_mut().zip(xorkey.iter()) {
            *b ^= x;
        }

        output.append(&mut tag);
        output
    }

    fn decrypt(&self, nonce: &[u8], data: &[u8]) -> Result<Vec<u8>, DecryptFail> {
        assert_eq!(nonce.len(), Self::NONCE_LENGTH);
        if data.len() < Self::TAG_LENGTH { Err(DecryptFail::LengthError)? };

        let mut mac = self.mac.clone();
        mac.with_nonce(nonce);

        let (data, tag) = data.split_at(data.len() - Self::TAG_LENGTH);
        let mut xorkey = mac.result::<Bytes>(data);

        for (b, &x) in xorkey.iter_mut().zip(tag) {
            *b ^= x;
        }

        let output = self.cipher.process(&xorkey, data);
        let mut aad_and_data = Vec::with_capacity(self.aad.len() + output.len());
        aad_and_data.extend_from_slice(&self.aad);
        aad_and_data.extend_from_slice(&output);
        if mac.verify(&aad_and_data, &xorkey) {
            Ok(output)
        } else {
            Err(DecryptFail::AuthenticationFail)
        }
    }
}