gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2025-12-12 07:40:30 -08:00
Code Issues Packages Projects Releases Wiki Activity

address feedback

Browse Source
This commit is contained in:
Jan Winkelmann (keks)
2025-02-27 11:30:51 +01:00
parent b84e0beae8
commit 01a1408044
5 changed files with 61 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cipher-traits/src/algorithms.rs
View File

@@ -1,6 +1,7 @@
pub mod keyed_hash_incorrect_hmac_blake2b {
use crate::primitives::keyed_hash::*;
// These constants describe how they are used here, not what the algorithm defines.
pub const KEY_LEN: usize = 32;
pub const OUT_LEN: usize = 32;
@@ -10,6 +11,7 @@ pub mod keyed_hash_incorrect_hmac_blake2b {
pub mod keyed_hash_blake2b {
use crate::primitives::keyed_hash::*;
// These constants describe how they are used here, not what the algorithm defines.
pub const KEY_LEN: usize = 32;
pub const OUT_LEN: usize = 32;
@@ -19,6 +21,7 @@ pub mod keyed_hash_blake2b {
pub mod keyed_hash_shake256 {
use crate::primitives::keyed_hash::*;
// These constants describe how they are used here, not what the algorithm defines.
pub const KEY_LEN: usize = 32;
pub const OUT_LEN: usize = 32;
@@ -28,6 +31,7 @@ pub mod keyed_hash_shake256 {
pub mod aead_chacha20poly1305 {
use crate::primitives::aead::*;
// See https://datatracker.ietf.org/doc/html/rfc7539#section-2.8
pub const KEY_LEN: usize = 32;
pub const NONCE_LEN: usize = 12;
pub const TAG_LEN: usize = 16;
@@ -38,6 +42,7 @@ pub mod aead_chacha20poly1305 {
pub mod aead_xchacha20poly1305 {
use crate::primitives::aead::*;
// See https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha-03
pub const KEY_LEN: usize = 32;
pub const NONCE_LEN: usize = 24;
pub const TAG_LEN: usize = 16;
@@ -48,7 +53,7 @@ pub mod aead_xchacha20poly1305 {
pub mod kem_kyber512 {
use crate::primitives::kem::*;
// page 33 of https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf
// page 39 of https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf
// (which is ml-kem instead of kyber, but it's the same)
pub const SK_LEN: usize = 1632;
pub const PK_LEN: usize = 800;

29
cipher-traits/src/primitives/aead.rs
View File

@@ -1,3 +1,4 @@
use rosenpass_to::{ops::copy_slice, To as _};
use thiserror::Error;
pub trait Aead<const KEY_LEN: usize, const NONCE_LEN: usize, const TAG_LEN: usize> {
@@ -33,6 +34,28 @@ pub trait AeadWithNonceInCiphertext<
const TAG_LEN: usize,
>: Aead<KEY_LEN, NONCE_LEN, TAG_LEN>
{
fn encrypt_with_nonce_in_ctxt(
&self,
ciphertext: &mut [u8],
key: &[u8; KEY_LEN],
nonce: &[u8; NONCE_LEN],
ad: &[u8],
plaintext: &[u8],
) -> Result<(), Error> {
// The comparison looks complicated, but we need to do it this way to prevent
// over/underflows.
if ciphertext.len() < NONCE_LEN + TAG_LEN
|| ciphertext.len() - TAG_LEN - NONCE_LEN < plaintext.len()
{
return Err(Error::InvalidLengths);
}
let (n, rest) = ciphertext.split_at_mut(NONCE_LEN);
copy_slice(nonce).to(n);
self.encrypt(rest, key, nonce, ad, plaintext)
}
fn decrypt_with_nonce_in_ctxt(
&self,
plaintext: &mut [u8],
@@ -40,7 +63,11 @@ pub trait AeadWithNonceInCiphertext<
ad: &[u8],
ciphertext: &[u8],
) -> Result<(), Error> {
if ciphertext.len() < plaintext.len() + TAG_LEN + NONCE_LEN {
// The comparison looks complicated, but we need to do it this way to prevent
// over/underflows.
if ciphertext.len() < NONCE_LEN + TAG_LEN
|| ciphertext.len() - TAG_LEN - NONCE_LEN < plaintext.len()
{
return Err(Error::InvalidLengths);
}