Skip to main content

Crate obcrypt

Crate obcrypt 

Source
Expand description

Bytes-in / bytes-out cryptographic core of the oboron protocol.

obcrypt implements oboron’s authenticated core encryption schemes operating on raw byte slices. It does not encode the output (no base64, no base32) and does not validate UTF-8 — plaintext bytes pass through unchanged.

Keys do have a canonical text form: hex (128 lowercase characters). Key::from_hex / Key::to_hex handle that — see Key for rationale.

For the full string-in / string-out oboron protocol — with obtext encoding and format strings — see the oboron crate, which depends on this one. The unauthenticated and obfuscation schemes live in the separate obu layer.

§Quick start

use obcrypt::{encrypt, decrypt, Key, Scheme};

let key = Key::random();
let ct = encrypt(b"secret data", Scheme::Dsiv, &key)?;
let pt = decrypt(&ct, Scheme::Dsiv, &key)?;
assert_eq!(pt, b"secret data");

§Schemes

SchemePropertiesAlgorithmKey material
Scheme::DsivdeterministicAES-SIVfull 64-byte master
Scheme::DgcmsivdeterministicAES-GCM-SIVHKDF-derived
Scheme::PsivprobabilisticAES-SIVfull 64-byte master
Scheme::PgcmsivprobabilisticAES-GCM-SIVHKDF-derived

All four are authenticated: decrypt returns Error::DecryptionFailed on tampering, a wrong key, or the wrong scheme. Deterministic variants (dsiv, dgcmsiv) leak plaintext equality (same plaintext + key → same output); use a probabilistic variant when that isn’t acceptable.

Plus testing-only schemes behind the mock feature flag — mock1 (identity) and mock2 (reverse), which perform no encryption and are not selectable through Scheme::from_str.

§Output format

The output is exactly the scheme’s AEAD output — there is no scheme marker. The scheme is supplied by the caller to both encrypt and decrypt (oboron’s no-marker model: supplying the wrong scheme fails the authentication check). Per-scheme byte layouts:

  • deterministic: siv-tag || ciphertext (dsiv) or ciphertext || tag (dgcmsiv).
  • probabilistic: a fresh nonce is prepended.

§API

Each operation has an owned form (returns a fresh Vec<u8>) and an _into form (appends to a caller buffer; zero extra allocation on the AEAD path):

Keys come last; data first. The per-scheme primitives live under schemes for callers that already know the scheme statically.

§Security model

Symmetric authenticated encryption over a 64-byte master key.

  • Authenticity: every scheme is authenticated via the AEAD tag.
  • Determinism: deterministic variants leak plaintext equality.
  • Key derivation: the SIV schemes use the master key directly; the GCM-SIV schemes derive a 32-byte key with HKDF-Expand over the master (HMAC-SHA-256, info gcmsiv, shared by both GCM-SIV schemes; Extract is skipped, as the master is already a uniform pseudorandom key).
  • Nonce handling: probabilistic schemes draw a fresh nonce per call from the OS RNG. AES-SIV and AES-GCM-SIV are nonce-misuse resistant — even under accidental reuse they degrade only to the equality-leak property of the deterministic variants.
  • Side channels: obcrypt relies on the underlying aes-siv, aes-gcm-siv, and hkdf crates for constant-time primitives where applicable; no extra side-channel hardening is added here.
  • Key zeroization: Key is ZeroizeOnDrop; derived GCM-SIV subkeys are held in Zeroizing buffers.

See SECURITY.md for the full threat model and reporting policy.

§Cargo features

  • default = ["dgcmsiv", "pgcmsiv", "dsiv", "psiv"] — every production scheme.
  • Per-scheme: dgcmsiv, pgcmsiv, dsiv, psiv.
  • mock — adds the testing-only mock1 / mock2 schemes (no encryption; not parseable from a string).

Schemes are individually gated so binary size scales with the schemes you actually use.

Modules§

schemes
Per-scheme raw cryptographic primitives.

Structs§

Key
64-byte symmetric master key for obcrypt operations.

Enums§

Error
All errors that can occur in obcrypt operations.
Scheme
Scheme identifier — selects the algorithm + properties.

Functions§

decrypt
Decrypt scheme_output under scheme, returning the plaintext.
decrypt_into
Decrypt scheme_output under scheme, appending the plaintext to out.
encrypt
Encrypt plaintext under scheme, returning the scheme output bytes.
encrypt_into
Encrypt plaintext under scheme, appending the output to out.
generate_key
Generate a cryptographically secure random 64-byte Key.