1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
//! Bindings to the reference (slow, unsafe) implementation of AEZ.
//!
//! **Warning**:
//!
//! > This version is slow and susceptible to side-channel attacks.
//! > Do not use for any purpose other than to understand AEZ.
//!
//! We only use it to compare outputs between `zears` and `aezref`.
use std::ffi::*;
unsafe extern "C" {
fn Decrypt(
key: *const c_uchar,
keybytes: c_uint,
nonce: *const c_uchar,
noncebytes: c_uint,
ad: *const *const c_uchar,
adbytes: *const c_uint,
veclen: c_uint,
abytes: c_uint,
ciphertext: *const c_uchar,
cipherbytes: c_uint,
message: *mut c_uchar,
) -> c_int;
fn Encrypt(
key: *const c_uchar,
keybytes: c_uint,
nonce: *const c_uchar,
noncebytes: c_uint,
ad: *const *const c_uchar,
adbytes: *const c_uint,
veclen: c_uint,
abytes: c_uint,
message: *const c_uchar,
messagebytes: c_uint,
ciphertext: *mut c_uchar,
);
}
/// Encrypt the given `message` using the given `key`, `nonce` and associated data items `ad`.
///
/// The ciphertext will be written to `ciphertext`.
///
/// The number of authentication bytes will be inferred from the length difference between
/// `message` and `ciphertext`
///
/// This function will panic if
///
/// * any of the given byte strings is longer than [`c_uint::MAX`] (usually 2^32 - 1)
/// * the ciphertext buffer is smaller than the message buffer
pub fn encrypt(key: &[u8], nonce: &[u8], ad: &[&[u8]], message: &[u8], ciphertext: &mut [u8]) {
assert!(ciphertext.len() >= message.len());
let adlens: Vec<c_uint> = ad
.into_iter()
.map(|x| x.len().try_into().expect("associated data item too long"))
.collect();
let ad = ad.into_iter().map(|x| x.as_ptr()).collect::<Vec<_>>();
let abytes = ciphertext.len() - message.len();
unsafe {
Encrypt(
key.as_ptr(),
key.len().try_into().expect("key too long"),
nonce.as_ptr(),
nonce.len().try_into().expect("nonce too long"),
ad.as_ptr(),
adlens.as_ptr(),
ad.len().try_into().expect("too many associated data items"),
abytes.try_into().expect("too many authentication bytes"),
message.as_ptr(),
message.len().try_into().expect("message too long"),
ciphertext.as_mut_ptr(),
)
}
}
/// Decrypt the given `ciphertext` using the given `key`, `nonce` and associated data items `ad`.
///
/// The plaintext message will be written to `message`.
///
/// The number of authentication bytes will be inferred from the length difference between
/// `message` and `ciphertext`.
///
/// If the authentication bytes do not match the expected bytes (i.e. the ciphertext has been
/// modified, or the wrong key/nonce/ad is provided), `Err(())` is returned. Otherwise, `Ok(())` is
/// returned.
///
/// This function will panic if
///
/// * any of the given byte strings is longer than [`c_uint::MAX`] (usually 2^32 - 1)
/// * the ciphertext buffer is smaller than the message buffer
pub fn decrypt(
key: &[u8],
nonce: &[u8],
ad: &[&[u8]],
ciphertext: &[u8],
message: &mut [u8],
) -> Result<(), ()> {
assert!(ciphertext.len() >= message.len());
let adlens: Vec<c_uint> = ad
.into_iter()
.map(|x| x.len().try_into().expect("associated data item too long"))
.collect();
let ad = ad.into_iter().map(|x| x.as_ptr()).collect::<Vec<_>>();
let abytes = ciphertext.len() - message.len();
let result = unsafe {
Decrypt(
key.as_ptr(),
key.len().try_into().expect("key too long"),
nonce.as_ptr(),
nonce.len().try_into().expect("nonce too long"),
ad.as_ptr(),
adlens.as_ptr(),
ad.len().try_into().expect("too many associated data items"),
abytes.try_into().expect("too many authentication bytes"),
ciphertext.as_ptr(),
ciphertext.len().try_into().expect("message too long"),
message.as_mut_ptr(),
)
};
match result {
0 => Ok(()),
-1 => Err(()),
_ => panic!("unexpected return from Decrypt"),
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn it_works() {
let mut ciphertext = [0u8; 10];
encrypt(
b"foo",
b"bar",
&[b"ad 1", b"ad two"],
b"hey",
&mut ciphertext,
);
let mut message = [0u8; 3];
decrypt(
b"foo",
b"bar",
&[b"ad 1", b"ad two"],
&ciphertext,
&mut message,
)
.unwrap();
assert_eq!(&message, b"hey");
}
}
|
