bring ocb3 and deoxys

Author: baloo

Cargo.lock

@@ -7,10 +7,12 @@ members = [
     "ascon-aead",
     "ccm",
     "chacha20poly1305",
-    #"deoxys",
+    "deoxys",
     "eax",
-    #"ocb3",
+    "ocb3",
     "xaes-256-gcm",
+
+    "benches",
 ]
 resolver = "2"
 

Cargo.toml

@@ -8,8 +8,6 @@ edition = "2021"
 publish = false
 rust-version = "1.56"
 
-[workspace]
-
 [dependencies]
 criterion = "0.4.0"
 rand = "0.9.0"

benches/Cargo.toml

@@ -3,7 +3,7 @@ use aead::{
     consts::{U15, U16, U17, U32, U48},
 };
 
-use crate::DeoxysBcType;
+use crate::{DeoxysBcType, DeoxysKey, Tweak};
 
 const H_PERM: [u8; 16] = [1, 6, 11, 12, 5, 10, 15, 0, 9, 14, 3, 4, 13, 2, 7, 8];
 
@@ -46,10 +46,10 @@ pub trait DeoxysBcInternal {
     type TweakKeySize: ArraySize;
 
     fn key_schedule(
-        tweak: &[u8; 16],
-        subkeys: &Array<[u8; 16], Self::SubkeysSize>,
-    ) -> Array<[u8; 16], Self::SubkeysSize> {
-        let mut subtweakeys: Array<[u8; 16], Self::SubkeysSize> = Default::default();
+        tweak: &Tweak,
+        subkeys: &Array<DeoxysKey, Self::SubkeysSize>,
+    ) -> Array<DeoxysKey, Self::SubkeysSize> {
+        let mut subtweakeys: Array<DeoxysKey, Self::SubkeysSize> = Default::default();
         let mut tweak = *tweak;
 
         // First key
@@ -59,7 +59,7 @@ pub trait DeoxysBcInternal {
 
         // Other keys
         for (stk, sk) in subtweakeys[1..].iter_mut().zip(subkeys[1..].iter()) {
-            h_substitution(&mut tweak);
+            h_substitution((&mut tweak).into());
 
             for i in 0..16 {
                 stk[i] = sk[i] ^ tweak[i];
@@ -78,8 +78,8 @@ impl DeoxysBcInternal for DeoxysBc256 {
 impl DeoxysBcType for DeoxysBc256 {
     type KeySize = U16;
 
-    fn precompute_subkeys(key: &Array<u8, Self::KeySize>) -> Array<[u8; 16], Self::SubkeysSize> {
-        let mut subkeys: Array<[u8; 16], Self::SubkeysSize> = Default::default();
+    fn precompute_subkeys(key: &Array<u8, Self::KeySize>) -> Array<DeoxysKey, Self::SubkeysSize> {
+        let mut subkeys: Array<DeoxysKey, Self::SubkeysSize> = Default::default();
 
         let mut tk2 = [0u8; 16];
 
@@ -116,8 +116,8 @@ impl DeoxysBcInternal for DeoxysBc384 {
 impl DeoxysBcType for DeoxysBc384 {
     type KeySize = U32;
 
-    fn precompute_subkeys(key: &Array<u8, Self::KeySize>) -> Array<[u8; 16], Self::SubkeysSize> {
-        let mut subkeys: Array<[u8; 16], Self::SubkeysSize> = Default::default();
+    fn precompute_subkeys(key: &Array<u8, Self::KeySize>) -> Array<DeoxysKey, Self::SubkeysSize> {
+        let mut subkeys: Array<DeoxysKey, Self::SubkeysSize> = Default::default();
 
         let mut tk3 = [0u8; 16];
         let mut tk2 = [0u8; 16];

deoxys/src/deoxys_bc.rs

@@ -116,7 +116,7 @@ use aead::{
     PostfixTagged,
     array::{Array, ArraySize},
     consts::U16,
-    inout::InOutBuf,
+    inout::{InOut, InOutBuf},
 };
 use core::marker::PhantomData;
 
@@ -140,6 +140,12 @@ pub type Nonce<NonceSize> = Array<u8, NonceSize>;
 /// Deoxys tags
 pub type Tag = Array<u8, U16>;
 
+type Block = Array<u8, U16>;
+
+type Tweak = Array<u8, U16>;
+
+type DeoxysKey = Array<u8, U16>;
+
 /// Deoxys encryption modes.
 /// This type contains the public API for a Deoxys mode, like Deoxys-I and Deoxys-II.
 pub trait DeoxysMode<B>: modes::DeoxysModeInternal<B>
@@ -151,21 +157,21 @@ where
 
     /// Encrypts the data in place with the specified parameters
     /// Returns the tag
-    fn encrypt_in_place(
+    fn encrypt_inout(
         nonce: &Array<u8, Self::NonceSize>,
         associated_data: &[u8],
-        buffer: &mut [u8],
-        subkeys: &Array<[u8; 16], B::SubkeysSize>,
-    ) -> [u8; 16];
+        buffer: InOutBuf<'_, '_, u8>,
+        subkeys: &Array<DeoxysKey, B::SubkeysSize>,
+    ) -> Tag;
 
     /// Decrypts the data in place with the specified parameters
     /// Returns an error if the tag verification fails
-    fn decrypt_in_place(
+    fn decrypt_inout(
         nonce: &Array<u8, Self::NonceSize>,
         associated_data: &[u8],
-        buffer: &mut [u8],
+        buffer: InOutBuf<'_, '_, u8>,
         tag: &Tag,
-        subkeys: &Array<[u8; 16], B::SubkeysSize>,
+        subkeys: &Array<DeoxysKey, B::SubkeysSize>,
     ) -> Result<(), aead::Error>;
 }
 
@@ -176,47 +182,43 @@ pub trait DeoxysBcType: deoxys_bc::DeoxysBcInternal {
     type KeySize: ArraySize;
 
     /// Precompute the subkeys
-    fn precompute_subkeys(key: &Array<u8, Self::KeySize>) -> Array<[u8; 16], Self::SubkeysSize>;
+    fn precompute_subkeys(key: &Array<u8, Self::KeySize>) -> Array<DeoxysKey, Self::SubkeysSize>;
 
     /// Encrypts a block of data in place.
-    fn encrypt_in_place(
-        block: &mut [u8; 16],
-        tweak: &[u8; 16],
-        subkeys: &Array<[u8; 16], Self::SubkeysSize>,
+    fn encrypt_inout(
+        mut block: InOut<'_, '_, Block>,
+        tweak: &Tweak,
+        subkeys: &Array<DeoxysKey, Self::SubkeysSize>,
     ) {
         let keys = Self::key_schedule(tweak, subkeys);
 
-        for (b, k) in block.iter_mut().zip(keys[0].iter()) {
-            *b ^= k;
-        }
+        block.xor_in2out(&keys[0]);
 
         for k in &keys[1..] {
-            aes::hazmat::cipher_round(block.into(), k.into());
+            aes::hazmat::cipher_round(block.get_out(), k);
         }
     }
 
     /// Decrypts a block of data in place.
-    fn decrypt_in_place(
-        block: &mut [u8; 16],
-        tweak: &[u8; 16],
-        subkeys: &Array<[u8; 16], Self::SubkeysSize>,
+    fn decrypt_inout(
+        mut block: InOut<'_, '_, Block>,
+        tweak: &Tweak,
+        subkeys: &Array<DeoxysKey, Self::SubkeysSize>,
     ) {
         let mut keys = Self::key_schedule(tweak, subkeys);
 
         let r = keys.len();
 
-        for (b, k) in block.iter_mut().zip(keys[r - 1].iter()) {
-            *b ^= k;
-        }
+        block.xor_in2out(&keys[r - 1]);
 
-        aes::hazmat::inv_mix_columns(block.into());
+        aes::hazmat::inv_mix_columns(block.get_out());
 
         for k in keys[..r - 1].iter_mut().rev() {
-            aes::hazmat::inv_mix_columns(k.into());
-            aes::hazmat::equiv_inv_cipher_round(block.into(), (&*k).into());
+            aes::hazmat::inv_mix_columns(k);
+            aes::hazmat::equiv_inv_cipher_round(block.get_out(), k);
         }
 
-        aes::hazmat::mix_columns(block.into());
+        aes::hazmat::mix_columns(block.get_out());
     }
 }
 
@@ -228,7 +230,7 @@ where
     M: DeoxysMode<B>,
     B: DeoxysBcType,
 {
-    subkeys: Array<[u8; 16], B::SubkeysSize>,
+    subkeys: Array<DeoxysKey, B::SubkeysSize>,
     mode: PhantomData<M>,
 }
 
@@ -280,7 +282,7 @@ where
         associated_data: &[u8],
         buffer: InOutBuf<'_, '_, u8>,
     ) -> Result<Tag, Error> {
-        Ok(Tag::from(M::encrypt_in_place(
+        Ok(Tag::from(M::encrypt_inout(
             nonce,
             associated_data,
             buffer,
@@ -295,7 +297,7 @@ where
         buffer: InOutBuf<'_, '_, u8>,
         tag: &Tag,
     ) -> Result<(), Error> {
-        M::decrypt_in_place(nonce, associated_data, buffer, tag, &self.subkeys)
+        M::decrypt_inout(nonce, associated_data, buffer, tag, &self.subkeys)
     }
 }
 
@@ -322,3 +324,115 @@ where
     B: DeoxysBcType,
 {
 }
+
+#[cfg(all(feature = "alloc", test))]
+mod tests {
+    //! this module is here to test the inout behavior which is not currently exposed.
+    //! it will be once we port over to the API made in RustCrypto/traits#1793.
+    //!
+    //! This is to drop once https://github.com/RustCrypto/traits/pull/1797 is made available.
+    //!
+    //! It duplicates test vectors from `tests/deoxys_i_128.rs` and provides a mock buffer backing
+    //! for InOut.
+
+    extern crate alloc;
+
+    use alloc::{vec, vec::Vec};
+    use hex_literal::hex;
+
+    use super::*;
+
+    struct MockBuffer {
+        in_buf: Vec<u8>,
+        out_buf: Vec<u8>,
+    }
+
+    impl From<&[u8]> for MockBuffer {
+        fn from(buf: &[u8]) -> Self {
+            Self {
+                in_buf: buf.to_vec(),
+                out_buf: vec![0u8; buf.len()],
+            }
+        }
+    }
+
+    impl MockBuffer {
+        /// Get an [`InOutBuf`] from a [`MockBuffer`]
+        pub fn to_in_out_buf(&mut self) -> InOutBuf<'_, '_, u8> {
+            InOutBuf::new(self.in_buf.as_slice(), self.out_buf.as_mut_slice())
+                .expect("Invariant violation")
+        }
+    }
+
+    impl AsRef<[u8]> for MockBuffer {
+        fn as_ref(&self) -> &[u8] {
+            &self.out_buf
+        }
+    }
+
+    #[test]
+    fn test_deoxys_i_128_5() {
+        let plaintext = hex!("5a4c652cb880808707230679224b11799b5883431292973215e9bd03cf3bc32fe4");
+        let mut buffer = MockBuffer::from(&plaintext[..]);
+
+        let aad = Vec::new();
+
+        let key = hex!("101112131415161718191a1b1c1d1e1f");
+        let key = Array(key);
+
+        let nonce = hex!("202122232425262728292a2b2c2d2e2f");
+        let nonce = Array::try_from(&nonce[..8]).unwrap();
+
+        let ciphertext_expected =
+            hex!("cded5a43d3c76e942277c2a1517530ad66037897c985305ede345903ed7585a626");
+
+        let tag_expected: [u8; 16] = hex!("cbf5faa6b8398c47f4278d2019161776");
+
+        type M = modes::DeoxysI<deoxys_bc::DeoxysBc256>;
+        let cipher = DeoxysI128::new(&key);
+        let tag: Tag = M::encrypt_inout(&nonce, &aad, buffer.to_in_out_buf(), &cipher.subkeys);
+
+        let ciphertext = buffer.as_ref();
+        assert_eq!(ciphertext, ciphertext_expected);
+        assert_eq!(tag, tag_expected);
+
+        let mut buffer = MockBuffer::from(buffer.as_ref());
+        M::decrypt_inout(&nonce, &aad, buffer.to_in_out_buf(), &tag, &cipher.subkeys)
+            .expect("decryption failed");
+
+        assert_eq!(&plaintext[..], buffer.as_ref());
+    }
+
+    #[test]
+    fn test_deoxys_ii_128_5() {
+        let plaintext = hex!("06ac1756eccece62bd743fa80c299f7baa3872b556130f52265919494bdc136db3");
+        let mut buffer = MockBuffer::from(&plaintext[..]);
+
+        let aad = Vec::new();
+
+        let key = hex!("101112131415161718191a1b1c1d1e1f");
+        let key = Array(key);
+
+        let nonce = hex!("202122232425262728292a2b2c2d2e2f");
+        let nonce = Array::try_from(&nonce[..15]).unwrap();
+
+        let ciphertext_expected =
+            hex!("82bf241958b324ed053555d23315d3cc20935527fc970ff34a9f521a95e302136d");
+
+        let tag_expected: [u8; 16] = hex!("0eadc8612d5208c491e93005195e9769");
+
+        type M = modes::DeoxysII<deoxys_bc::DeoxysBc256>;
+        let cipher = DeoxysII128::new(&key);
+        let tag: Tag = M::encrypt_inout(&nonce, &aad, buffer.to_in_out_buf(), &cipher.subkeys);
+
+        let ciphertext = buffer.as_ref();
+        assert_eq!(ciphertext, ciphertext_expected);
+        assert_eq!(tag, tag_expected);
+
+        let mut buffer = MockBuffer::from(buffer.as_ref());
+        M::decrypt_inout(&nonce, &aad, buffer.to_in_out_buf(), &tag, &cipher.subkeys)
+            .expect("decryption failed");
+
+        assert_eq!(&plaintext[..], buffer.as_ref());
+    }
+}