Implement belt dwp

.github/workflows/belt-dwp.yml

@@ -0,0 +1,69 @@
+name: belt-dwp
+
+on:
+  pull_request:
+    paths:
+      - ".github/workflows/belt-dwp.yml"
+      - "belt-dwp/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+defaults:
+  run:
+    working-directory: belt-dwp
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.85.0 # MSRV
+          - stable
+        target:
+          - armv7a-none-eabi
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          targets: ${{ matrix.target }}
+      - run: cargo build --no-default-features --release --target ${{ matrix.target }}
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          # 32-bit Linux
+          - target: i686-unknown-linux-gnu
+            rust: 1.85.0 # MSRV
+            deps: sudo apt update && sudo apt install gcc-multilib
+          - target: i686-unknown-linux-gnu
+            rust: stable
+            deps: sudo apt update && sudo apt install gcc-multilib
+
+          # 64-bit Linux
+          - target: x86_64-unknown-linux-gnu
+            rust: 1.85.0 # MSRV
+          - target: x86_64-unknown-linux-gnu
+            rust: stable
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          targets: ${{ matrix.target }}
+      - run: ${{ matrix.deps }}
+      - run: cargo test --target ${{ matrix.target }} --release --no-default-features --lib
+      - run: cargo test --target ${{ matrix.target }} --release
+      - run: cargo test --target ${{ matrix.target }} --release --features heapless
+      - run: cargo test --target ${{ matrix.target }} --release --all-features
+      - run: cargo build --target ${{ matrix.target }} --benches

Cargo.toml

@@ -5,6 +5,7 @@ members = [
     "aes-gcm-siv",
     "aes-siv",
     "ascon-aead",
+    "belt-dwp",
     "ccm",
     "chacha20poly1305",
     "deoxys",
@@ -28,3 +29,5 @@ ctr = { git = "https://github.com/RustCrypto/block-modes.git" }
 ghash = { git = "https://github.com/RustCrypto/universal-hashes.git" }
 
 pmac = { git = "https://github.com/RustCrypto/MACs.git" }
+
+belt-ctr = { git = "https://github.com/RustCrypto/block-modes.git" }

belt-dwp/Cargo.toml

@@ -0,0 +1,39 @@
+[package]
+name = "belt-dwp"
+version = "0.1.0"
+description = "Pure Rust implementation of the Belt-DWP authenticated encryption algorithm (STB 34.101.31-2020)"
+edition = "2024"
+license = "Apache-2.0 OR MIT"
+readme = "README.md"
+documentation = "https://docs.rs/belt-dwp"
+repository = "https://github.com/RustCrypto/AEADs/tree/master/belt-dwp"
+keywords = ["aead", "belt-dwp"]
+categories = ["cryptography", "no-std"]
+rust-version = "1.85"
+
+[dependencies]
+aead = { version = "0.6.0-rc.0", default-features = false }
+zeroize = { version = "1.7", default-features = false, optional = true }
+universal-hash = { version = "0.6.0-rc.0" }
+opaque-debug = { version = "0.3" }
+subtle = { version = "2", default-features = false }
+
+belt-block = { version = "0.2.0-pre.2" }
+belt-ctr = { version = "0.2.0-pre" }
+
+[dev-dependencies]
+hex-literal = "1"
+
+[features]
+default = ["alloc", "os_rng"]
+alloc = ["aead/alloc"]
+arrayvec = ["aead/arrayvec"]
+bytes = ["aead/bytes"]
+os_rng = ["aead/os_rng", "rand_core"]
+heapless = ["aead/heapless"]
+rand_core = ["aead/rand_core"]
+reduced-round = []
+zeroize = ["dep:zeroize", "belt-ctr/zeroize"]
+
+[package.metadata.docs.rs]
+all-features = true

belt-dwp/README.md

@@ -0,0 +1,57 @@
+# RustCrypto: BeltDwp
+
+[![crate][crate-image]][crate-link]
+[![Docs][docs-image]][docs-link]
+![Apache2/MIT licensed][license-image]
+![Rust Version][rustc-image]
+[![Project Chat][chat-image]][chat-link]
+[![Build Status][build-image]][build-link]
+
+Pure Rust implementation of **BeltDwp** ([STB 34.101.31-2020][1]): an
+[Authenticated Encryption with Associated Data (AEAD)][2].
+
+## About
+
+BeltDwp is republic of Belarus standard for authenticated encryption with associated data.
+
+## Security Notes
+
+No security audits of this crate have ever been performed, and it has not been thoroughly assessed to ensure its operation is constant-time on common CPU architectures.
+
+USE AT YOUR OWN RISK!
+
+## License
+
+Licensed under either of:
+
+* [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
+* [MIT license](http://opensource.org/licenses/MIT)
+
+at your option.
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted
+for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
+dual licensed as above, without any additional terms or conditions.
+
+[//]: # (badges)
+
+[crate-image]: https://buildstats.info/crate/belt-dwp
+[crate-link]: https://crates.io/crates/belt-dwp
+[docs-image]: https://docs.rs/belt-dwp/badge.svg
+[docs-link]: https://docs.rs/belt-dwp/
+[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg
+[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
+[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260038-AEADs
+[downloads-image]: https://img.shields.io/crates/d/chacha20poly1305.svg
+[build-image]: https://github.com/RustCrypto/AEADs/workflows/belt-dwp/badge.svg?branch=master&event=push
+[build-link]: https://github.com/RustCrypto/AEADs/actions
+
+[//]: # (general links)
+
+[1]: https://apmi.bsu.by/assets/files/std/belt-spec372.pdf
+[2]: https://en.wikipedia.org/wiki/Authenticated_encryption
+[3]: https://github.com/RustCrypto/stream-ciphers/tree/master/belt-dwp
+[4]: https://github.com/RustCrypto/universal-hashes/tree/master/belt-dwp

belt-dwp/src/gf.rs

@@ -0,0 +1,46 @@
+use aead::array::{Array, ArraySize};
+
+mod utils;
+
+pub(crate) mod gf128_soft64;
+
+pub trait GfElement {
+    type N: ArraySize;
+
+    fn new() -> Self;
+    fn into_bytes(self) -> Array<u8, Self::N>;
+    fn mul_sum(&mut self, a: &Array<u8, Self::N>, b: &Array<u8, Self::N>);
+}
+
+/// Tests from Appendix A, table 18 of [STB 34.101.31-2020](https://apmi.bsu.by/assets/files/std/belt-spec372.pdf)
+#[test]
+fn test_a18() {
+    use crate::gf::gf128_soft64::Element;
+    use aead::consts::U16;
+    use hex_literal::hex;
+
+    type Block = Array<u8, U16>;
+
+    let test_vectors = [
+        (
+            hex!("34904055 11BE3297 1343724C 5AB793E9"),
+            hex!("22481783 8761A9D6 E3EC9689 110FB0F3"),
+            hex!("0001D107 FC67DE40 04DC2C80 3DFD95C3"),
+        ),
+        (
+            hex!("703FCCF0 95EE8DF1 C1ABF8EE 8DF1C1AB"),
+            hex!("2055704E 2EDB48FE 87E74075 A5E77EB1"),
+            hex!("4A5C9593 8B3FE8F6 74D59BC1 EB356079"),
+        ),
+    ];
+    for (u, v, w) in test_vectors {
+        let a = Block::try_from(&u[..]).unwrap();
+        let b = Block::try_from(&v[..]).unwrap();
+        let c = Block::try_from(&w[..]).unwrap();
+
+        let mut elem = Element::new();
+        elem.mul_sum(&a, &b);
+
+        assert_eq!(c, elem.into_bytes());
+    }
+}