generic_ecies/
curve25519aes128_cbchmac.rs

1//! Instantiation of ECIES with the following parameters:
2//!
3//! * Curve25519 as the elliptic curve
4//! * AES128 in CBC mode as the symmetric cipher
5//! * HMAC-SHA256 as the message authentication code
6//!
7//! ## Example of usage
8//! ```rust
9//! # let mut rng = rand_dev::DevRng::new();
10//! use generic_ecies::curve25519aes128_cbchmac as ecies;
11//! // Use EdDSA key as openssl generates it instead of Curve25519 private scalar
12//! let eddsa_private_key_bytes = b"eddsa priv key is any 32 bytes^^";
13//! let private_key = ecies::PrivateKey::from_eddsa_pkey_bytes(eddsa_private_key_bytes).unwrap();
14//! let public_key = private_key.public_key();
15//!
16//! // Encrypt
17//! let message = b"Lenin was a communist";
18//! let mut encrypted_message = public_key.encrypt(message, &mut rng).unwrap();
19//!
20//! // Decrypt
21//! let parsed_message = ecies::EncryptedMessage::from_bytes(&mut encrypted_message).unwrap();
22//! let decrypted_message = private_key.decrypt_in_place(parsed_message).unwrap();
23//! assert_eq!(decrypted_message, message);
24//! ```
25
26/// The ciphersuite for curve25519+aes128_cbc+hmacsha256
27#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord)]
28pub struct Curve25519Aes128cbcHmacsha256;
29
30type S = Curve25519Aes128cbcHmacsha256;
31
32impl super::Suite for S {
33    type E = generic_ec::curves::Ed25519;
34    type Mac = hmac::Hmac<sha2::Sha256>;
35    type Enc = cbc::Encryptor<aes::Aes128>;
36    type Dec = cbc::Decryptor<aes::Aes128>;
37}
38
39/// Private key of this suite, a scalar of Curve25519
40pub type PrivateKey = crate::PrivateKey<S>;
41/// Public key of this suite, a point on Curve25519
42pub type PublicKey = crate::PublicKey<S>;
43/// Message encrypted with this ciphersuite
44pub type EncryptedMessage<'m> = crate::EncryptedMessage<'m, S>;
45
46impl PublicKey {
47    /// Encrypt the message bytes in place; specialization for
48    /// `curve25519aes128_cbchmac`. Uses PKCS7 padding.
49    ///
50    /// - `message` - the buffer containing the message to encrypt, plus enough
51    ///   space for padding
52    /// - `data_len` - length of the message in the buffer
53    ///
54    /// Given a message `m`, the size of the buffer should be at least `m.len() +
55    /// pad_size(m.len())`. If the buffer size is too small, the function will
56    /// return [`crate::EncError::PadError`]
57    ///
58    /// You can interact with the encrypted bytes through the returned
59    /// [`EncryptedMessage`], but be careful that changing them will invalidate
60    /// the mac.
61    ///
62    /// Convenient alias for [`PublicKey::block_encrypt_in_place`]
63    pub fn encrypt_in_place<'m>(
64        &self,
65        message: &'m mut [u8],
66        data_len: usize,
67        rng: &mut (impl rand_core::RngCore + rand_core::CryptoRng),
68    ) -> Result<EncryptedMessage<'m>, crate::EncError> {
69        self.block_encrypt_in_place(message, data_len, rng)
70    }
71
72    /// Encrypt the message bytes into a new buffer. Uses PKCS7 padding.
73    /// Returnes the encoded bytes of [`EncryptedMessage`]. Specialization for
74    /// `curve25519aes128_cbchmac`
75    ///
76    /// Convenient alias for [`PublicKey::block_encrypt`]
77    pub fn encrypt(
78        &self,
79        message: &[u8],
80        rng: &mut (impl rand_core::RngCore + rand_core::CryptoRng),
81    ) -> Result<Vec<u8>, crate::EncError> {
82        self.block_encrypt(message, rng)
83    }
84}
85
86impl PrivateKey {
87    /// Decrypt the message bytes in place; specialization for
88    /// `curve25519aes128_cbchmac`. Uses PKCS7 padding.
89    ///
90    /// When you have a buffer of bytes to decrypt, you first need to parse it
91    /// with `EncryptedMessage::from_bytes`, and then decrypt the structure
92    /// using this funciton. It will modify the bytes in the buffer and return a
93    /// slice to them.
94    ///
95    /// Convenient alias for [`PrivateKey::block_decrypt_in_place`]
96    pub fn decrypt_in_place<'m>(
97        &self,
98        message: EncryptedMessage<'m>,
99    ) -> Result<&'m mut [u8], crate::DecError> {
100        self.block_decrypt_in_place(message)
101    }
102
103    /// Decrypt the message bytes into a new buffer; specialization for
104    /// `curve25519aes128_cbchmac`. Uses PKCS7 padding.
105    ///
106    /// When you have a buffer of bytes to decrypt, you first need to parse it
107    /// with `EncryptedMessage::from_bytes`, and then decrypt the structure
108    /// using this funciton. It will copy the message bytes into a new buffer
109    /// and return a [`Vec`] containing them.
110    ///
111    /// Convenient alias for [`PrivateKey::block_decrypt`]
112    pub fn decrypt(&self, message: &EncryptedMessage<'_>) -> Result<Vec<u8>, crate::DecError> {
113        self.block_decrypt(message)
114    }
115}
116
117#[cfg(test)]
118crate::common::make_tests!("block");