signcryption 0.1.3

Library implementing the Toorani-Beheshti signcryption scheme instantiated over Ristretto255 or Ed25519
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

use signcryption::*;
use rand::{rngs::OsRng, RngCore};
use libsodium_sys::crypto_generichash_state as HashState;

const SENDER_ID: [u8; 6] = *b"sender";
const RECIPIENT_ID: [u8; 9] = *b"recipient";
const INFO: [u8; 24] = [88u8; 24];

#[test]
fn before_valid() {
  for curve in [Curve::Ed25519, Curve::Ristretto255] {
    let mut state = SignState::default();
    let mut crypt_key = [0u8; SHAREDBYTES];
    let mut info = [0u8; 24];
    
    let alice = Keypair::new(curve);
    let bob = Keypair::new(curve);
    let msg = b"test";
  
    OsRng.fill_bytes(&mut info);
    sign_before(
      &mut state, &mut crypt_key, &SENDER_ID, &RECIPIENT_ID, &INFO, 
      &alice.expose_secret(), &bob.public, msg, curve
    ).unwrap();
  }
}

#[test]
fn before_invalid_incompatible_curve() {
  let mut state = SignState::default();
  let mut crypt_key = [0u8; SHAREDBYTES];
  let mut info = [0u8; 24];
  
  let alice = Keypair::new(Curve::Ed25519);
  let bob = Keypair::new(Curve::Ed25519);
  let msg = b"test";

  OsRng.fill_bytes(&mut info);
  assert!(sign_before(
    &mut state, &mut crypt_key, &SENDER_ID, &RECIPIENT_ID, &INFO, 
    &alice.expose_secret(), &bob.public, msg, Curve::Ristretto255
  ).is_err());
}

#[test]
fn before_invalid_oversized_aad() {
  let mut state = SignState::default();
  let mut crypt_key = [0u8; SHAREDBYTES];
  let mut info = [0u8; 256]; //oversize
  
  let alice = Keypair::new(Curve::Ed25519);
  let bob = Keypair::new(Curve::Ed25519);
  let msg = b"test";

  OsRng.fill_bytes(&mut info);
  let res = sign_before(
    &mut state, &mut crypt_key, &SENDER_ID, &RECIPIENT_ID, &info,
    &alice.expose_secret(), &bob.public, msg, Curve::Ed25519
  );
  assert_eq!(res, Err(SignCryptError::InvalidLength));
}

#[test]
fn after_valid_ristretto255() {
  let mut state = SignState{
    h: HashState {opaque: [0x48, 0xc9, 0xbd, 0xf2, 0x67, 0xe6, 0x9, 0x6a, 0x3b, 0xa7, 0xca, 0x84, 0x85, 0xae, 0x67, 0xbb, 0x2b, 0xf8, 0x94, 0xfe, 0x72, 0xf3, 0x6e, 0x3c, 0xf1, 0x36, 0x1d, 0x5f, 0x3a, 0xf5, 0x4f, 0xa5, 0xd1, 0x82, 0xe6, 0xad, 0x7f, 0x52, 0xe, 0x51, 0x1f, 0x6c, 0x3e, 0x2b, 0x8c, 0x68, 0x5, 0x9b, 0x6b, 0xbd, 0x41, 0xfb, 0xab, 0xd9, 0x83, 0x1f, 0x79, 0x21, 0x7e, 0x13, 0x19, 0xcd, 0xe0, 0x5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x73, 0x69, 0x67, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0xf6, 0x2b, 0x20, 0x3a, 0x4c, 0x8, 0xcc, 0x21, 0xc, 0x94, 0xea, 0xbb, 0xe5, 0x4e, 0x75, 0xc2, 0xce, 0x75, 0xfd, 0xe1, 0x74, 0x4, 0xc2, 0xd9, 0x1b, 0x8, 0xa6, 0xb0, 0x2a, 0x1, 0xdd, 0x3a, 0x6, 0x73, 0x65, 0x6e, 0x64, 0x65, 0x72, 0x9, 0x72, 0x65, 0x63, 0x69, 0x70, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,] }, 
    nonce: [0xe2, 0xc6, 0x71, 0xf8, 0xb0, 0x3d, 0x8b, 0x68, 0x57, 0xff, 0x77, 0x37, 0xb8, 0x6d, 0xfe, 0xac, 0x85, 0xda, 0x84, 0x8e, 0x8, 0xcf, 0xee, 0x4e, 0x2a, 0xde, 0x5, 0x3f, 0x92, 0xe, 0x99, 0x6,],
    r: [0xf6, 0x2b, 0x20, 0x3a, 0x4c, 0x8, 0xcc, 0x21, 0xc, 0x94, 0xea, 0xbb, 0xe5, 0x4e, 0x75, 0xc2, 0xce, 0x75, 0xfd, 0xe1, 0x74, 0x4, 0xc2, 0xd9, 0x1b, 0x8, 0xa6, 0xb0, 0x2a, 0x1, 0xdd, 0x3a,],
    challenge: [0u8; 32],
  };
  let sk: [u8; 32] = [79, 226, 166, 132, 224, 230, 197, 227, 112, 202, 13, 137, 245, 226, 203, 13, 161, 226, 236, 212, 2, 143, 162, 211, 149, 251, 202, 78, 51, 242, 88, 5];
  let expected_sig: [u8; SIGNBYTES] = [246, 43, 32, 58, 76, 8, 204, 33, 12, 148, 234, 187, 229, 78, 117, 194, 206, 117, 253, 225, 116, 4, 194, 217, 27, 8, 166, 176, 42, 1, 221, 58, 191, 198, 30, 209, 52, 151, 103, 22, 65, 187, 184, 11, 55, 118, 250, 171, 158, 163, 162, 49, 215, 185, 221, 126, 203, 190, 249, 18, 21, 127, 32, 5];
  let mut sig = [0u8; SIGNBYTES];
  let ciphertext = [0xff, 0xe9, 0x60, 0x5e, 0x12, 0xae, 0xbc, 0xb1, 0x7d, 0xab, 0x9d, 0x11, 0xbc, 0x9, 0x97, 0xba, 0xc5, 0x44, 0x4d, 0xc5];
  
  sign_after(&mut state, &mut sig, &sk, &ciphertext, Curve::Ristretto255);
  assert_eq!(sig, expected_sig);
}

#[test]
fn after_invalid_corrupted_hashstate_ristretto255() {
  let mut state = SignState{
    // Corrupted first byte of hash state 
    h: HashState {opaque: [0x00, 0xc9, 0xbd, 0xf2, 0x67, 0xe6, 0x9, 0x6a, 0x3b, 0xa7, 0xca, 0x84, 0x85, 0xae, 0x67, 0xbb, 0x2b, 0xf8, 0x94, 0xfe, 0x72, 0xf3, 0x6e, 0x3c, 0xf1, 0x36, 0x1d, 0x5f, 0x3a, 0xf5, 0x4f, 0xa5, 0xd1, 0x82, 0xe6, 0xad, 0x7f, 0x52, 0xe, 0x51, 0x1f, 0x6c, 0x3e, 0x2b, 0x8c, 0x68, 0x5, 0x9b, 0x6b, 0xbd, 0x41, 0xfb, 0xab, 0xd9, 0x83, 0x1f, 0x79, 0x21, 0x7e, 0x13, 0x19, 0xcd, 0xe0, 0x5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x73, 0x69, 0x67, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0xf6, 0x2b, 0x20, 0x3a, 0x4c, 0x8, 0xcc, 0x21, 0xc, 0x94, 0xea, 0xbb, 0xe5, 0x4e, 0x75, 0xc2, 0xce, 0x75, 0xfd, 0xe1, 0x74, 0x4, 0xc2, 0xd9, 0x1b, 0x8, 0xa6, 0xb0, 0x2a, 0x1, 0xdd, 0x3a, 0x6, 0x73, 0x65, 0x6e, 0x64, 0x65, 0x72, 0x9, 0x72, 0x65, 0x63, 0x69, 0x70, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,] }, 
    nonce: [0xe2, 0xc6, 0x71, 0xf8, 0xb0, 0x3d, 0x8b, 0x68, 0x57, 0xff, 0x77, 0x37, 0xb8, 0x6d, 0xfe, 0xac, 0x85, 0xda, 0x84, 0x8e, 0x8, 0xcf, 0xee, 0x4e, 0x2a, 0xde, 0x5, 0x3f, 0x92, 0xe, 0x99, 0x6,],
    r: [0xf6, 0x2b, 0x20, 0x3a, 0x4c, 0x8, 0xcc, 0x21, 0xc, 0x94, 0xea, 0xbb, 0xe5, 0x4e, 0x75, 0xc2, 0xce, 0x75, 0xfd, 0xe1, 0x74, 0x4, 0xc2, 0xd9, 0x1b, 0x8, 0xa6, 0xb0, 0x2a, 0x1, 0xdd, 0x3a,],
    challenge: [0u8; 32],
  };
  let sk: [u8; 32] = [79, 226, 166, 132, 224, 230, 197, 227, 112, 202, 13, 137, 245, 226, 203, 13, 161, 226, 236, 212, 2, 143, 162, 211, 149, 251, 202, 78, 51, 242, 88, 5];
  let expected_sig: [u8; SIGNBYTES] = [246, 43, 32, 58, 76, 8, 204, 33, 12, 148, 234, 187, 229, 78, 117, 194, 206, 117, 253, 225, 116, 4, 194, 217, 27, 8, 166, 176, 42, 1, 221, 58, 191, 198, 30, 209, 52, 151, 103, 22, 65, 187, 184, 11, 55, 118, 250, 171, 158, 163, 162, 49, 215, 185, 221, 126, 203, 190, 249, 18, 21, 127, 32, 5];
  let mut sig = [0u8; SIGNBYTES];
  let ciphertext = [0xff, 0xe9, 0x60, 0x5e, 0x12, 0xae, 0xbc, 0xb1, 0x7d, 0xab, 0x9d, 0x11, 0xbc, 0x9, 0x97, 0xba, 0xc5, 0x44, 0x4d, 0xc5];
  
  sign_after(&mut state, &mut sig, &sk, &ciphertext, Curve::Ristretto255);
  assert_ne!(sig, expected_sig);
}