1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
macro_rules! auth_module (($auth_name:ident,
$verify_name:ident,
$keybytes:expr,
$tagbytes:expr) => (
use libc::c_ulonglong;
use randombytes::randombytes_into;
/// Number of bytes in a `Key`.
pub const KEYBYTES: usize = $keybytes;
/// Number of bytes in a `Tag`.
pub const TAGBYTES: usize = $tagbytes;
new_type! {
/// Authentication `Key`
///
/// When a `Key` goes out of scope its contents
/// will be zeroed out
secret Key(KEYBYTES);
}
new_type! {
/// Authentication `Tag`
///
/// The tag implements the traits `PartialEq` and `Eq` using constant-time
/// comparison functions. See `sodiumoxide::utils::memcmp`
public Tag(TAGBYTES);
}
/// `gen_key()` randomly generates a key for authentication
///
/// THREAD SAFETY: `gen_key()` is thread-safe provided that you have
/// called `sodiumoxide::init()` once before using any other function
/// from sodiumoxide.
pub fn gen_key() -> Key {
let mut k = [0; KEYBYTES];
randombytes_into(&mut k);
Key(k)
}
/// `authenticate()` authenticates a message `m` using a secret key `k`.
/// The function returns an authenticator tag.
pub fn authenticate(m: &[u8],
k: &Key) -> Tag {
unsafe {
let mut tag = [0; TAGBYTES];
$auth_name(tag.as_mut_ptr(),
m.as_ptr(),
m.len() as c_ulonglong,
k.0.as_ptr());
Tag(tag)
}
}
/// `verify()` returns `true` if `tag` is a correct authenticator of message `m`
/// under a secret key `k`. Otherwise it returns false.
pub fn verify(tag: &Tag, m: &[u8],
k: &Key) -> bool {
unsafe {
$verify_name(tag.0.as_ptr(),
m.as_ptr(),
m.len() as c_ulonglong,
k.0.as_ptr()) == 0
}
}
#[cfg(test)]
mod test_m {
use super::*;
#[test]
fn test_auth_verify() {
use randombytes::randombytes;
for i in 0..256usize {
let k = gen_key();
let m = randombytes(i);
let tag = authenticate(&m, &k);
assert!(verify(&tag, &m, &k));
}
}
#[test]
fn test_auth_verify_tamper() {
use randombytes::randombytes;
for i in 0..32usize {
let k = gen_key();
let mut m = randombytes(i);
let Tag(mut tagbuf) = authenticate(&m, &k);
for j in 0..m.len() {
m[j] ^= 0x20;
assert!(!verify(&Tag(tagbuf), &m, &k));
m[j] ^= 0x20;
}
for j in 0..tagbuf.len() {
tagbuf[j] ^= 0x20;
assert!(!verify(&Tag(tagbuf), &m, &k));
tagbuf[j] ^= 0x20;
}
}
}
#[cfg(feature = "serde")]
#[test]
fn test_serialisation() {
use randombytes::randombytes;
use test_utils::round_trip;
for i in 0..256usize {
let k = gen_key();
let m = randombytes(i);
let tag = authenticate(&m, &k);
round_trip(k);
round_trip(tag);
}
}
}
#[cfg(feature = "benchmarks")]
#[cfg(test)]
mod bench_m {
extern crate test;
use randombytes::randombytes;
use super::*;
const BENCH_SIZES: [usize; 14] = [0, 1, 2, 4, 8, 16, 32, 64,
128, 256, 512, 1024, 2048, 4096];
#[bench]
fn bench_auth(b: &mut test::Bencher) {
let k = gen_key();
let ms: Vec<Vec<u8>> = BENCH_SIZES.iter().map(|s| {
randombytes(*s)
}).collect();
b.iter(|| {
for m in ms.iter() {
authenticate(&m, &k);
}
});
}
#[bench]
fn bench_verify(b: &mut test::Bencher) {
let k = gen_key();
let ms: Vec<Vec<u8>> = BENCH_SIZES.iter().map(|s| {
randombytes(*s)
}).collect();
let tags: Vec<Tag> = ms.iter().map(|m| {
authenticate(&m, &k)
}).collect();
b.iter(|| {
for (m, t) in ms.iter().zip(tags.iter()) {
verify(t, &m, &k);
}
});
}
}
));