diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index fe38d985..494c22b8 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -19,6 +19,7 @@ env: jobs: build: + if: false # benches are broken until https://github.com/RustCrypto/AEADs/pull/665 merges runs-on: ubuntu-latest strategy: matrix: diff --git a/Cargo.lock b/Cargo.lock index 43fb66bd..7e7a691a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -38,7 +38,6 @@ name = "aes-gcm" version = "0.11.0-pre.2" dependencies = [ "aead", - "aead-stream", "aes", "cipher", "ctr", @@ -53,7 +52,6 @@ name = "aes-gcm-siv" version = "0.12.0-pre.2" dependencies = [ "aead", - "aead-stream", "aes", "cipher", "ctr", @@ -67,7 +65,6 @@ name = "aes-siv" version = "0.8.0-pre.2" dependencies = [ "aead", - "aead-stream", "aes", "blobby 0.3.1", "cipher", @@ -100,7 +97,6 @@ name = "ascon-aead" version = "0.4.2" dependencies = [ "aead", - "aead-stream", "ascon", "hex-literal", "subtle", @@ -151,7 +147,6 @@ name = "ccm" version = "0.5.0" dependencies = [ "aead", - "aead-stream", "aes", "cipher", "ctr", @@ -181,7 +176,6 @@ name = "chacha20poly1305" version = "0.11.0-pre.2" dependencies = [ "aead", - "aead-stream", "chacha20", "cipher", "poly1305", @@ -249,7 +243,6 @@ name = "deoxys" version = "0.1.0" dependencies = [ "aead", - "aead-stream", "aes", "hex-literal", "subtle", @@ -272,7 +265,6 @@ name = "eax" version = "0.5.0" dependencies = [ "aead", - "aead-stream", "aes", "cipher", "cmac", diff --git a/deoxys/src/deoxys_bc.rs b/deoxys/src/deoxys_bc.rs index 05945024..2bb76462 100644 --- a/deoxys/src/deoxys_bc.rs +++ b/deoxys/src/deoxys_bc.rs @@ -3,7 +3,7 @@ use aead::{ consts::{U15, U16, U17, U32, U48}, }; -use crate::DeoxysBcType; +use crate::{DeoxysBcType, DeoxysKey, Tweak}; const H_PERM: [u8; 16] = [1, 6, 11, 12, 5, 10, 15, 0, 9, 14, 3, 4, 13, 2, 7, 8]; @@ -46,10 +46,10 @@ pub trait DeoxysBcInternal { type TweakKeySize: ArraySize; fn key_schedule( - tweak: &[u8; 16], - subkeys: &Array<[u8; 16], Self::SubkeysSize>, - ) -> Array<[u8; 16], Self::SubkeysSize> { - let mut subtweakeys: Array<[u8; 16], Self::SubkeysSize> = Default::default(); + tweak: &Tweak, + subkeys: &Array, + ) -> Array { + let mut subtweakeys: Array = Default::default(); let mut tweak = *tweak; // First key @@ -59,7 +59,7 @@ pub trait DeoxysBcInternal { // Other keys for (stk, sk) in subtweakeys[1..].iter_mut().zip(subkeys[1..].iter()) { - h_substitution(&mut tweak); + h_substitution((&mut tweak).into()); for i in 0..16 { stk[i] = sk[i] ^ tweak[i]; @@ -78,8 +78,8 @@ impl DeoxysBcInternal for DeoxysBc256 { impl DeoxysBcType for DeoxysBc256 { type KeySize = U16; - fn precompute_subkeys(key: &Array) -> Array<[u8; 16], Self::SubkeysSize> { - let mut subkeys: Array<[u8; 16], Self::SubkeysSize> = Default::default(); + fn precompute_subkeys(key: &Array) -> Array { + let mut subkeys: Array = Default::default(); let mut tk2 = [0u8; 16]; @@ -116,8 +116,8 @@ impl DeoxysBcInternal for DeoxysBc384 { impl DeoxysBcType for DeoxysBc384 { type KeySize = U32; - fn precompute_subkeys(key: &Array) -> Array<[u8; 16], Self::SubkeysSize> { - let mut subkeys: Array<[u8; 16], Self::SubkeysSize> = Default::default(); + fn precompute_subkeys(key: &Array) -> Array { + let mut subkeys: Array = Default::default(); let mut tk3 = [0u8; 16]; let mut tk2 = [0u8; 16]; diff --git a/deoxys/src/lib.rs b/deoxys/src/lib.rs index 2ea45a76..63df0f7b 100644 --- a/deoxys/src/lib.rs +++ b/deoxys/src/lib.rs @@ -139,6 +139,12 @@ pub type Nonce = Array; /// Deoxys tags pub type Tag = Array; +type Block = Array; + +type Tweak = Array; + +type DeoxysKey = Array; + /// Deoxys encryption modes. /// This type contains the public API for a Deoxys mode, like Deoxys-I and Deoxys-II. pub trait DeoxysMode: modes::DeoxysModeInternal @@ -154,8 +160,8 @@ where nonce: &Array, associated_data: &[u8], buffer: &mut [u8], - subkeys: &Array<[u8; 16], B::SubkeysSize>, - ) -> [u8; 16]; + subkeys: &Array, + ) -> Tag; /// Decrypts the data in place with the specified parameters /// Returns an error if the tag verification fails @@ -164,7 +170,7 @@ where associated_data: &[u8], buffer: &mut [u8], tag: &Tag, - subkeys: &Array<[u8; 16], B::SubkeysSize>, + subkeys: &Array, ) -> Result<(), aead::Error>; } @@ -175,13 +181,13 @@ pub trait DeoxysBcType: deoxys_bc::DeoxysBcInternal { type KeySize: ArraySize; /// Precompute the subkeys - fn precompute_subkeys(key: &Array) -> Array<[u8; 16], Self::SubkeysSize>; + fn precompute_subkeys(key: &Array) -> Array; /// Encrypts a block of data in place. fn encrypt_in_place( - block: &mut [u8; 16], - tweak: &[u8; 16], - subkeys: &Array<[u8; 16], Self::SubkeysSize>, + block: &mut Block, + tweak: &Tweak, + subkeys: &Array, ) { let keys = Self::key_schedule(tweak, subkeys); @@ -190,15 +196,15 @@ pub trait DeoxysBcType: deoxys_bc::DeoxysBcInternal { } for k in &keys[1..] { - aes::hazmat::cipher_round(block.into(), k.into()); + aes::hazmat::cipher_round(block, k); } } /// Decrypts a block of data in place. fn decrypt_in_place( - block: &mut [u8; 16], - tweak: &[u8; 16], - subkeys: &Array<[u8; 16], Self::SubkeysSize>, + block: &mut Block, + tweak: &Tweak, + subkeys: &Array, ) { let mut keys = Self::key_schedule(tweak, subkeys); @@ -208,14 +214,14 @@ pub trait DeoxysBcType: deoxys_bc::DeoxysBcInternal { *b ^= k; } - aes::hazmat::inv_mix_columns(block.into()); + aes::hazmat::inv_mix_columns(block); for k in keys[..r - 1].iter_mut().rev() { - aes::hazmat::inv_mix_columns(k.into()); - aes::hazmat::equiv_inv_cipher_round(block.into(), (&*k).into()); + aes::hazmat::inv_mix_columns(k); + aes::hazmat::equiv_inv_cipher_round(block, k); } - aes::hazmat::mix_columns(block.into()); + aes::hazmat::mix_columns(block); } } @@ -227,7 +233,7 @@ where M: DeoxysMode, B: DeoxysBcType, { - subkeys: Array<[u8; 16], B::SubkeysSize>, + subkeys: Array, mode: PhantomData, } diff --git a/deoxys/src/modes.rs b/deoxys/src/modes.rs index 7453bea5..d02d586a 100644 --- a/deoxys/src/modes.rs +++ b/deoxys/src/modes.rs @@ -1,4 +1,4 @@ -use super::{DeoxysBcType, DeoxysMode}; +use super::{Block, DeoxysBcType, DeoxysKey, DeoxysMode, Tag, Tweak}; use aead::{ array::Array, consts::{U8, U15, U16}, @@ -13,6 +13,8 @@ const TWEAK_TAG: u8 = 0x10; const TWEAK_M_LAST: u8 = 0x40; const TWEAK_CHKSUM: u8 = 0x50; +type Checksum = Array; + /// Implementation of the Deoxys-I mode of operation. pub struct DeoxysI { _ptr: PhantomData, @@ -30,9 +32,9 @@ where { fn compute_ad_tag( associated_data: &[u8], - tweak: &mut [u8; 16], - subkeys: &Array<[u8; 16], B::SubkeysSize>, - tag: &mut [u8; 16], + tweak: &mut Tweak, + subkeys: &Array, + tag: &mut Tag, ) { if !associated_data.is_empty() { tweak[0] = TWEAK_AD; @@ -42,7 +44,7 @@ where tweak[8..].copy_from_slice(&(index as u64).to_be_bytes()); if ad.len() == 16 { - let mut block = [0u8; 16]; + let mut block = Block::default(); block.copy_from_slice(ad); B::encrypt_in_place(&mut block, tweak, subkeys); @@ -54,7 +56,7 @@ where // Last block tweak[0] = TWEAK_AD_LAST; - let mut block = [0u8; 16]; + let mut block = Block::default(); block[0..ad.len()].copy_from_slice(ad); block[ad.len()] = 0x80; @@ -84,11 +86,11 @@ where nonce: &Array, associated_data: &[u8], buffer: &mut [u8], - subkeys: &Array<[u8; 16], B::SubkeysSize>, - ) -> [u8; 16] { - let mut tag = [0u8; 16]; - let mut checksum = [0u8; 16]; - let mut tweak = [0u8; 16]; + subkeys: &Array, + ) -> Tag { + let mut tag = Tag::default(); + let mut checksum = Checksum::default(); + let mut tweak = Tweak::default(); // Associated Data >::compute_ad_tag( @@ -121,12 +123,13 @@ where *c ^= d; } - B::encrypt_in_place(<&mut [u8; 16]>::try_from(data).unwrap(), &tweak, subkeys); + let data: &mut Block = data.try_into().unwrap(); + B::encrypt_in_place(data, tweak.as_ref(), subkeys); } else { // Last block checksum tweak[0] = (tweak[0] & 0xf) | TWEAK_M_LAST; - let mut block = [0u8; 16]; + let mut block = Block::default(); block[0..data.len()].copy_from_slice(data); block[data.len()] = 0x80; @@ -138,7 +141,7 @@ where block.fill(0); // Last block encryption - B::encrypt_in_place(&mut block, &tweak, subkeys); + B::encrypt_in_place(&mut block, tweak.as_ref(), subkeys); for (d, b) in data.iter_mut().zip(block.iter()) { *d ^= b; @@ -151,7 +154,7 @@ where tweak[8..].copy_from_slice(&((index + 1) as u64).to_be_bytes()); tweak[8] = (tweak[8] & 0xf) | tmp; - B::encrypt_in_place(&mut checksum, &tweak, subkeys); + B::encrypt_in_place(&mut checksum, tweak.as_ref(), subkeys); for (t, c) in tag.iter_mut().zip(checksum.iter()) { *t ^= c; @@ -168,7 +171,7 @@ where tweak[8..].copy_from_slice(&((buffer.len() / 16) as u64).to_be_bytes()); tweak[8] = (tweak[8] & 0xf) | tmp; - B::encrypt_in_place(&mut checksum, &tweak, subkeys); + B::encrypt_in_place(&mut checksum, tweak.as_ref(), subkeys); for (t, c) in tag.iter_mut().zip(checksum.iter()) { *t ^= c; @@ -182,12 +185,12 @@ where nonce: &Array, associated_data: &[u8], buffer: &mut [u8], - tag: &Array, - subkeys: &Array<[u8; 16], B::SubkeysSize>, + tag: &Tag, + subkeys: &Array, ) -> Result<(), aead::Error> { - let mut computed_tag = [0u8; 16]; - let mut checksum = [0u8; 16]; - let mut tweak = [0u8; 16]; + let mut computed_tag = Tag::default(); + let mut checksum = Checksum::default(); + let mut tweak = Tweak::default(); // Associated Data >::compute_ad_tag( @@ -216,8 +219,8 @@ where tweak[8] = (tweak[8] & 0xf) | tmp; if data.len() == 16 { - let data = <&mut [u8; 16]>::try_from(data).unwrap(); - B::decrypt_in_place(data, &tweak, subkeys); + let data: &mut Block = data.try_into().unwrap(); + B::decrypt_in_place(data, tweak.as_ref(), subkeys); for (c, d) in checksum.iter_mut().zip(data.iter()) { *c ^= d; @@ -226,8 +229,8 @@ where // Last block checksum tweak[0] = (tweak[0] & 0xf) | TWEAK_M_LAST; - let mut block = [0u8; 16]; - B::encrypt_in_place(&mut block, &tweak, subkeys); + let mut block = Block::default(); + B::encrypt_in_place(&mut block, tweak.as_ref(), subkeys); for (d, b) in data.iter_mut().zip(block.iter()) { *d ^= b; @@ -249,7 +252,7 @@ where tweak[8..].copy_from_slice(&((index + 1) as u64).to_be_bytes()); tweak[8] = (tweak[8] & 0xf) | tmp; - B::encrypt_in_place(&mut checksum, &tweak, subkeys); + B::encrypt_in_place(&mut checksum, tweak.as_ref(), subkeys); for (t, c) in computed_tag.iter_mut().zip(checksum.iter()) { *t ^= c; @@ -266,7 +269,7 @@ where tweak[8..].copy_from_slice(&((buffer.len() / 16) as u64).to_be_bytes()); tweak[8] = (tweak[8] & 0xf) | tmp; - B::encrypt_in_place(&mut checksum, &tweak, subkeys); + B::encrypt_in_place(&mut checksum, tweak.as_ref(), subkeys); for (t, c) in computed_tag.iter_mut().zip(checksum.iter()) { *t ^= c; @@ -287,9 +290,9 @@ where { fn authenticate_message( buffer: &[u8], - tweak: &mut [u8; 16], - subkeys: &Array<[u8; 16], B::SubkeysSize>, - tag: &mut [u8; 16], + tweak: &mut Tweak, + subkeys: &Array, + tag: &mut Tag, ) { if !buffer.is_empty() { tweak[0] = TWEAK_M; @@ -299,7 +302,7 @@ where tweak[8..].copy_from_slice(&(index as u64).to_be_bytes()); if data.len() == 16 { - let mut block = [0u8; 16]; + let mut block = Block::default(); block.copy_from_slice(data); B::encrypt_in_place(&mut block, tweak, subkeys); @@ -311,7 +314,7 @@ where // Last block tweak[0] = TWEAK_M_LAST; - let mut block = [0u8; 16]; + let mut block = Block::default(); block[0..data.len()].copy_from_slice(data); block[data.len()] = 0x80; @@ -328,9 +331,9 @@ where fn encrypt_decrypt_message( buffer: &mut [u8], - tweak: &mut [u8; 16], - subkeys: &Array<[u8; 16], B::SubkeysSize>, - tag: &Array, + tweak: &mut Tweak, + subkeys: &Array, + tag: &Tag, nonce: &Array, ) { if !buffer.is_empty() { @@ -345,7 +348,7 @@ where *t ^= i } - let mut block = [0u8; 16]; + let mut block = Block::default(); block[1..].copy_from_slice(nonce); B::encrypt_in_place(&mut block, tweak, subkeys); @@ -373,10 +376,10 @@ where nonce: &Array, associated_data: &[u8], buffer: &mut [u8], - subkeys: &Array<[u8; 16], B::SubkeysSize>, - ) -> [u8; 16] { - let mut tag = [0u8; 16]; - let mut tweak = [0u8; 16]; + subkeys: &Array, + ) -> Tag { + let mut tag = Tag::default(); + let mut tweak = Tweak::default(); // Associated Data >::compute_ad_tag( @@ -394,7 +397,7 @@ where B::encrypt_in_place(&mut tag, &tweak, subkeys); // Message encryption - Self::encrypt_decrypt_message(buffer, &mut tweak, subkeys, &tag.into(), nonce); + Self::encrypt_decrypt_message(buffer, &mut tweak, subkeys, &tag, nonce); tag } @@ -403,11 +406,11 @@ where nonce: &Array, associated_data: &[u8], buffer: &mut [u8], - tag: &Array, - subkeys: &Array<[u8; 16], B::SubkeysSize>, + tag: &Tag, + subkeys: &Array, ) -> Result<(), aead::Error> { - let mut computed_tag = [0u8; 16]; - let mut tweak = [0u8; 16]; + let mut computed_tag = Tag::default(); + let mut tweak = Tweak::default(); // Associated Data >::compute_ad_tag(