From 9f8a010b88ec50fb325a7850d67d0217cd7a20f6 Mon Sep 17 00:00:00 2001 From: Artyom Pavlov Date: Tue, 20 Jul 2021 15:46:24 +0000 Subject: [PATCH] Move crypto_box to the nacl-compat repo (#350) --- .github/workflows/crypto_box.yml | 89 ------- .github/workflows/workspace.yml | 2 +- Cargo.lock | 146 ++--------- Cargo.toml | 1 - README.md | 2 - crypto_box/CHANGELOG.md | 63 ----- crypto_box/Cargo.toml | 47 ---- crypto_box/LICENSE-APACHE | 201 ---------------- crypto_box/LICENSE-MIT | 25 -- crypto_box/README.md | 54 ----- crypto_box/src/lib.rs | 400 ------------------------------- crypto_box/tests/lib.rs | 231 ------------------ 12 files changed, 17 insertions(+), 1244 deletions(-) delete mode 100644 .github/workflows/crypto_box.yml delete mode 100644 crypto_box/CHANGELOG.md delete mode 100644 crypto_box/Cargo.toml delete mode 100644 crypto_box/LICENSE-APACHE delete mode 100644 crypto_box/LICENSE-MIT delete mode 100644 crypto_box/README.md delete mode 100644 crypto_box/src/lib.rs delete mode 100644 crypto_box/tests/lib.rs diff --git a/.github/workflows/crypto_box.yml b/.github/workflows/crypto_box.yml deleted file mode 100644 index 2944aee5..00000000 --- a/.github/workflows/crypto_box.yml +++ /dev/null @@ -1,89 +0,0 @@ -name: crypto_box - -on: - pull_request: - paths: - - "crypto_box/**" - - "Cargo.*" - push: - branches: master - -defaults: - run: - working-directory: crypto_box - -env: - CARGO_INCREMENTAL: 0 - RUSTFLAGS: "-Dwarnings" - -jobs: -# # TODO: test no_std builds when rust-lang/cargo#7916 is on stable -# build: -# runs-on: ubuntu-latest -# strategy: -# matrix: -# rust: -# - 1.49.0 # MSRV -# - stable -# target: -# - thumbv7em-none-eabi -# - wasm32-unknown-unknown -# steps: -# - uses: actions/checkout@v1 -# - uses: actions-rs/toolchain@v1 -# with: -# profile: minimal -# toolchain: ${{ matrix.rust }} -# target: ${{ matrix.target }} -# override: true -# - run: cargo build --no-default-features --release --target ${{ matrix.target }} - - test: - runs-on: ubuntu-latest - strategy: - matrix: - rust: - - 1.49.0 # MSRV - - stable - steps: - - uses: actions/checkout@v1 - - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: ${{ matrix.rust }} - override: true - - run: cargo test --release - - # TODO(tarcieri): re-unify this with `test` when MSRV is 1.51+ - heapless: - runs-on: ubuntu-latest - strategy: - matrix: - rust: - - 1.51.0 # MSRV for `heapless` - - stable - steps: - - uses: actions/checkout@v1 - - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: ${{ matrix.rust }} - override: true - - run: cargo test --release --features heapless - - clippy: - runs-on: ubuntu-latest - strategy: - matrix: - rust: - - 1.49.0 # MSRV - - stable - steps: - - uses: actions/checkout@v1 - - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: ${{ matrix.rust }} - components: clippy - override: true - - run: cargo clippy -- -D warnings diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml index 2e433951..7e6962ae 100644 --- a/.github/workflows/workspace.yml +++ b/.github/workflows/workspace.yml @@ -37,7 +37,7 @@ jobs: components: clippy override: true profile: minimal - - run: cargo clippy --all --exclude crypto_box --all-features -- -D warnings + - run: cargo clippy --all --all-features -- -D warnings codecov: runs-on: ubuntu-latest diff --git a/Cargo.lock b/Cargo.lock index e5a8995d..24fa1e55 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -11,7 +11,7 @@ dependencies = [ "blobby", "generic-array", "heapless", - "rand_core 0.6.3", + "rand_core", ] [[package]] @@ -126,9 +126,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chacha20" -version = "0.7.1" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fee7ad89dc1128635074c268ee661f90c3f7e83d9fd12910608c36b47d6c3412" +checksum = "ea8756167ea0aca10e066cdbe7813bd71d2f24e69b0bc7b50509590cef2ce0b9" dependencies = [ "cfg-if", "cipher", @@ -189,28 +189,15 @@ dependencies = [ [[package]] name = "crypto-mac" -version = "0.11.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25fab6889090c8133f3deb8f73ba3c65a7f456f66436fc012a1b1e272b1e103e" +checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714" dependencies = [ "cipher", "generic-array", "subtle", ] -[[package]] -name = "crypto_box" -version = "0.6.1" -dependencies = [ - "chacha20", - "chacha20poly1305", - "rand_core 0.6.3", - "salsa20", - "x25519-dalek", - "xsalsa20poly1305", - "zeroize", -] - [[package]] name = "ctr" version = "0.8.0" @@ -220,19 +207,6 @@ dependencies = [ "cipher", ] -[[package]] -name = "curve25519-dalek" -version = "3.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "639891fde0dbea823fc3d798a0fdf9d2f9440a42d64a78ab3488b0ca025117b3" -dependencies = [ - "byteorder", - "digest", - "rand_core 0.5.1", - "subtle", - "zeroize", -] - [[package]] name = "dbl" version = "0.3.1" @@ -253,15 +227,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "digest" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" -dependencies = [ - "generic-array", -] - [[package]] name = "eax" version = "0.4.1" @@ -307,9 +272,9 @@ dependencies = [ [[package]] name = "ghash" -version = "0.4.2" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7bbd60caa311237d508927dbba7594b483db3ef05faa55172fcf89b1bcda7853" +checksum = "b442c439366184de619215247d24e908912b175e824a530253845ac4c251a5c1" dependencies = [ "opaque-debug", "polyval", @@ -430,9 +395,9 @@ dependencies = [ [[package]] name = "poly1305" -version = "0.7.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4fe800695325da85083cd23b56826fccb2e2dc29b218e7811a6f33bc93f414be" +checksum = "9fcffab1f78ebbdf4b93b68c1ffebc24037eedf271edaca795732b24e5e4e349" dependencies = [ "cpufeatures", "opaque-debug", @@ -441,9 +406,9 @@ dependencies = [ [[package]] name = "polyval" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e597450cbf209787f0e6de80bf3795c6b2356a380ee87837b545aded8dbc1823" +checksum = "a6ba6a405ef63530d6cb12802014b22f9c5751bd17cdcddbe9e46d5c8ae83287" dependencies = [ "cfg-if", "cpufeatures", @@ -457,30 +422,6 @@ version = "0.5.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" -[[package]] -name = "proc-macro2" -version = "1.0.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0d8caf72986c1a598726adc988bb5984792ef84f5ee5aa50209145ee8077038" -dependencies = [ - "unicode-xid", -] - -[[package]] -name = "quote" -version = "1.0.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "rand_core" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" - [[package]] name = "rand_core" version = "0.6.3" @@ -501,9 +442,9 @@ dependencies = [ [[package]] name = "salsa20" -version = "0.8.0" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c7c5f10864beba947e1a1b43f3ef46c8cc58d1c2ae549fa471713e8ff60787a" +checksum = "ecbd2eb639fd7cab5804a0837fe373cc2172d15437e804c054a9fb885cb923b0" dependencies = [ "cipher", "zeroize", @@ -536,46 +477,17 @@ version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" -[[package]] -name = "syn" -version = "1.0.73" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f71489ff30030d2ae598524f61326b902466f72a0fb1a8564c001cc63425bcc7" -dependencies = [ - "proc-macro2", - "quote", - "unicode-xid", -] - -[[package]] -name = "synstructure" -version = "0.12.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "474aaa926faa1603c40b7885a9eaea29b444d1cb2850cb7c0e37bb1a4182f4fa" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "unicode-xid", -] - [[package]] name = "typenum" version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "879f6906492a7cd215bfa4cf595b600146ccfac0c79bcbd1f3000162af5e8b06" -[[package]] -name = "unicode-xid" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" - [[package]] name = "universal-hash" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8326b2c654932e3e4f9196e69d08fdf7cfd718e1dc6f66b347e6024a0c961402" +checksum = "9f214e8f697e925001e66ec2c6e37a4ef93f0f78c2eed7814394e10c62025b05" dependencies = [ "generic-array", "subtle", @@ -614,24 +526,13 @@ version = "0.10.2+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" -[[package]] -name = "x25519-dalek" -version = "1.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a0c105152107e3b96f6a00a65e86ce82d9b125230e1c4302940eca58ff71f4f" -dependencies = [ - "curve25519-dalek", - "rand_core 0.5.1", - "zeroize", -] - [[package]] name = "xsalsa20poly1305" version = "0.7.2" dependencies = [ "aead", "poly1305", - "rand_core 0.6.3", + "rand_core", "salsa20", "subtle", "zeroize", @@ -642,18 +543,3 @@ name = "zeroize" version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4756f7db3f7b5574938c3eb1c117038b8e07f95ee6718c0efad4ac21508f1efd" -dependencies = [ - "zeroize_derive", -] - -[[package]] -name = "zeroize_derive" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2c1e130bebaeab2f23886bf9acbaca14b092408c452543c857f66399cd6dab1" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "synstructure", -] diff --git a/Cargo.toml b/Cargo.toml index 1074873d..f1928947 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,7 +5,6 @@ members = [ "aes-siv", "ccm", "chacha20poly1305", - "crypto_box", "deoxys", "eax", "mgm", diff --git a/README.md b/README.md index 2d4222ea..92e240df 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,6 @@ crate. | [`aes-siv`] | [AES-SIV] | [![crates.io](https://img.shields.io/crates/v/aes-siv.svg)](https://crates.io/crates/aes-siv) | [![Documentation](https://docs.rs/aes-siv/badge.svg)](https://docs.rs/aes-siv) | 1.49 | | [`ccm`] | [CCM] | [![crates.io](https://img.shields.io/crates/v/ccm.svg)](https://crates.io/crates/ccm) | [![Documentation](https://docs.rs/ccm/badge.svg)](https://docs.rs/ccm) | 1.41 | | [`chacha20poly1305`] | [(X)ChaCha20Poly1305] | [![crates.io](https://img.shields.io/crates/v/chacha20poly1305.svg)](https://crates.io/crates/chacha20poly1305) | [![Documentation](https://docs.rs/chacha20poly1305/badge.svg)](https://docs.rs/chacha20poly1305) | 1.49 | -| [`crypto_box`] | [Curve25519XSalsa20Poly1305] | [![crates.io](https://img.shields.io/crates/v/crypto_box.svg)](https://crates.io/crates/crypto_box) | [![Documentation](https://docs.rs/crypto_box/badge.svg)](https://docs.rs/crypto_box) | 1.49 | | [`deoxys`] | [Deoxys-I/II] | [![crates.io](https://img.shields.io/crates/v/deoxys.svg)](https://crates.io/crates/deoxys) | [![Documentation](https://docs.rs/deoxys/badge.svg)](https://docs.rs/deoxys) | 1.50 | | [`eax`] | [EAX] | [![crates.io](https://img.shields.io/crates/v/eax.svg)](https://crates.io/crates/eax) | [![Documentation](https://docs.rs/eax/badge.svg)](https://docs.rs/eax) | 1.41 | | [`mgm`] | [MGM] | [![crates.io](https://img.shields.io/crates/v/mgm.svg)](https://crates.io/crates/mgm) | [![Documentation](https://docs.rs/mgm/badge.svg)](https://docs.rs/mgm) | 1.41 | @@ -69,7 +68,6 @@ dual licensed as above, without any additional terms or conditions. [`ccm`]: https://github.com/RustCrypto/AEADs/tree/master/ccm [`chacha20poly1305`]: https://github.com/RustCrypto/AEADs/tree/master/chacha20poly1305 [`deoxys`]: https://github.com/RustCrypto/AEADs/tree/master/deoxys -[`crypto_box`]: https://github.com/RustCrypto/AEADs/tree/master/crypto_box [`eax`]: https://github.com/RustCrypto/AEADs/tree/master/eax [`mgm`]: https://github.com/RustCrypto/AEADs/tree/master/mgm [`xsalsa20poly1305`]: https://github.com/RustCrypto/AEADs/tree/master/xsalsa20poly1305 diff --git a/crypto_box/CHANGELOG.md b/crypto_box/CHANGELOG.md deleted file mode 100644 index f9dc88d5..00000000 --- a/crypto_box/CHANGELOG.md +++ /dev/null @@ -1,63 +0,0 @@ -# Changelog -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -## 0.6.1 (2021-07-20) -### Changed -- Pin `zeroize` dependency to v1.3 ([#349]) - -[#349]: https://github.com/RustCrypto/AEADs/pull/349 - -## 0.6.0 (2021-04-29) -### Changed -- Bump `chacha20poly1305` crate dependency to v0.8 ([#290]) -- Bump `xsalsa20poly1305` crate dependency to v0.7 ([#291]) -- Bump `rand_core` crate dependency to v0.6 ([#292]) - -### SECURITY -- Fix XChaCha20Poly1305 key derivation ([#295]) - -[#290]: https://github.com/RustCrypto/AEADs/pull/290 -[#291]: https://github.com/RustCrypto/AEADs/pull/291 -[#292]: https://github.com/RustCrypto/AEADs/pull/292 -[#295]: https://github.com/RustCrypto/AEADs/pull/295 - -## 0.5.0 (2020-10-16) -### Added -- `ChaChaBox` ([#225]) - -### Changed -- Replace `block-cipher`/`stream-cipher` with `cipher` crate ([#229]) -- Bump `xsalsa20poly1305` dependency to v0.6 ([#229]) - -[#229]: https://github.com/RustCrypto/AEADs/pull/229 -[#225]: https://github.com/RustCrypto/AEADs/pull/225 - -## 0.4.0 (2020-09-17) -### Added -- Optional `std` feature; disabled by default ([#217]) - -### Changed -- Upgrade `xsalsa20poly1305` to v0.5 ([#218]) - -[#218]: https://github.com/RustCrypto/AEADs/pull/218 -[#217]: https://github.com/RustCrypto/AEADs/pull/217 - -## 0.3.0 (2020-08-18) -### Changed -- Bump `x25519-dalek` dependency to 1.0 ([#194]) - -[#194]: https://github.com/RustCrypto/AEADs/pull/194 - -## 0.2.0 (2020-06-06) -### Changed -- Bump `aead` crate dependency to v0.3; MSRV 1.41+ ([#146]) -- Bump `xsalsa20poly1305` dependency to v0.4 ([#164]) - -[#146]: https://github.com/RustCrypto/AEADs/pull/146 -[#164]: https://github.com/RustCrypto/AEADs/pull/164 - -## 0.1.0 (2020-02-25) -- Initial release diff --git a/crypto_box/Cargo.toml b/crypto_box/Cargo.toml deleted file mode 100644 index cee2e677..00000000 --- a/crypto_box/Cargo.toml +++ /dev/null @@ -1,47 +0,0 @@ -[package] -name = "crypto_box" -version = "0.6.1" -description = """ -Pure Rust implementation of NaCl's crypto_box public-key authenticated -encryption primitive which combines the X25519 Elliptic Curve Diffie-Hellman -function and the XSalsa20Poly1305 authenticated encryption cipher -""" -authors = ["RustCrypto Developers"] -edition = "2018" -license = "Apache-2.0 OR MIT" -readme = "README.md" -documentation = "https://docs.rs/crypto_box" -homepage = "https://github.com/RustCrypto/AEADs" -repository = "https://github.com/RustCrypto/AEADs/tree/master/crypto_box" -categories = ["cryptography", "no-std"] -keywords = ["nacl", "libsodium", "public-key", "x25519", "xsalsa20poly1305"] - -[dependencies] -chacha20 = { version = "0.7.1", features = ["expose-core", "hchacha"] } -rand_core = "0.6" -salsa20 = { version = "0.8", features = ["hsalsa20"] } -x25519-dalek = { version = "1", default-features = false } -zeroize = { version = "=1.3", default-features = false } - -[dependencies.chacha20poly1305] -version = "0.8" -default-features = false -features = ["xchacha20poly1305"] -path = "../chacha20poly1305" - -[dependencies.xsalsa20poly1305] -version = "0.7" -default-features = false -features = ["rand_core"] -path = "../xsalsa20poly1305" - -[dev-dependencies] -rand_core = { version = "0.6", features = ["std"] } - -[features] -default = ["alloc", "u64_backend"] -std = ["rand_core/std", "xsalsa20poly1305/std"] -alloc = ["xsalsa20poly1305/alloc"] -heapless = ["xsalsa20poly1305/heapless"] -u32_backend = ["x25519-dalek/u32_backend"] -u64_backend = ["x25519-dalek/u64_backend"] diff --git a/crypto_box/LICENSE-APACHE b/crypto_box/LICENSE-APACHE deleted file mode 100644 index 78173fa2..00000000 --- a/crypto_box/LICENSE-APACHE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - -Copyright [yyyy] [name of copyright owner] - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/crypto_box/LICENSE-MIT b/crypto_box/LICENSE-MIT deleted file mode 100644 index 2726e14a..00000000 --- a/crypto_box/LICENSE-MIT +++ /dev/null @@ -1,25 +0,0 @@ -Copyright (c) 2020 The RustCrypto Project Developers - -Permission is hereby granted, free of charge, to any -person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the -Software without restriction, including without -limitation the rights to use, copy, modify, merge, -publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software -is furnished to do so, subject to the following -conditions: - -The above copyright notice and this permission notice -shall be included in all copies or substantial portions -of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF -ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED -TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A -PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT -SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR -IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE. diff --git a/crypto_box/README.md b/crypto_box/README.md deleted file mode 100644 index d1dd6870..00000000 --- a/crypto_box/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# RustCrypto: `crypto_box` - -[![crate][crate-image]][crate-link] -[![Docs][docs-image]][docs-link] -![Apache2/MIT licensed][license-image] -![Rust Version][rustc-image] -[![CodeCov Status][codecov-image]][codecov-link] -[![Project Chat][chat-image]][chat-link] -[![Build Status][build-image]][build-link] - -Pure Rust implementation of [NaCl]'s [`crypto_box`] primitive, providing -public-key authenticated encryption which combines the [X25519] Diffie-Hellman -function and the [XSalsa20Poly1305] authenticated encryption cipher into an -Elliptic Curve Integrated Encryption Scheme ([ECIES]). - -[Documentation][docs-link] - -## License - -Licensed under either of: - - * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) - * [MIT license](http://opensource.org/licenses/MIT) - -at your option. - -### Contribution - -Unless you explicitly state otherwise, any contribution intentionally submitted -for inclusion in the work by you, as defined in the Apache-2.0 license, shall be -dual licensed as above, without any additional terms or conditions. - -[//]: # (badges) - -[crate-image]: https://img.shields.io/crates/v/crypto_box.svg -[crate-link]: https://crates.io/crates/crypto_box -[docs-image]: https://docs.rs/crypto_box/badge.svg -[docs-link]: https://docs.rs/crypto_box/ -[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.49+-blue.svg -[codecov-image]: https://codecov.io/gh/RustCrypto/AEADs/branch/master/graph/badge.svg -[codecov-link]: https://codecov.io/gh/RustCrypto/AEADs -[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg -[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260038-AEADs -[build-image]: https://github.com/RustCrypto/AEADs/workflows/crypto_box/badge.svg?branch=master&event=push -[build-link]: https://github.com/RustCrypto/AEADs/actions - -[//]: # (general links) - -[NaCl]: https://nacl.cr.yp.to/ -[`crypto_box`]: https://nacl.cr.yp.to/box.html -[X25519]: https://cr.yp.to/ecdh.html -[XSalsa20Poly1305]: https://github.com/RustCrypto/AEADs/tree/master/xsalsa20poly1305 -[ECIES]: https://en.wikipedia.org/wiki/Integrated_Encryption_Scheme diff --git a/crypto_box/src/lib.rs b/crypto_box/src/lib.rs deleted file mode 100644 index dc10e095..00000000 --- a/crypto_box/src/lib.rs +++ /dev/null @@ -1,400 +0,0 @@ -//! Pure Rust implementation of the [`crypto_box`] public-key authenticated -//! encryption scheme from [NaCl]-family libraries (e.g. libsodium, TweetNaCl) -//! which combines the [X25519] Diffie-Hellman function and the -//! [XSalsa20Poly1305] authenticated encryption cipher into an Elliptic Curve -//! Integrated Encryption Scheme ([ECIES]). -//! -//! # Introduction -//! -//! Imagine Alice wants something valuable shipped to her. Because it's -//! valuable, she wants to make sure it arrives securely (i.e. hasn't been -//! opened or tampered with) and that it's not a forgery (i.e. it's actually -//! from the sender she's expecting it to be from and nobody's pulling the old -//! switcheroo). -//! -//! One way she can do this is by providing the sender (let's call him Bob) -//! with a high-security box of her choosing. She provides Bob with this box, -//! and something else: a padlock, but a padlock without a key. Alice is -//! keeping that key all to herself. Bob can put items in the box then put the -//! padlock onto it, but once the padlock snaps shut, the box cannot be opened -//! by anyone who doesn't have Alice's private key. -//! -//! Here's the twist though, Bob also puts a padlock onto the box. This padlock -//! uses a key Bob has published to the world, such that if you have one of -//! Bob's keys, you know a box came from him because Bob's keys will open Bob's -//! padlocks (let's imagine a world where padlocks cannot be forged even if you -//! know the key). Bob then sends the box to Alice. -//! -//! In order for Alice to open the box, she needs two keys: her private key -//! that opens her own padlock, and Bob's well-known key. If Bob's key doesn't -//! open the second padlock then Alice knows that this is not the box she was -//! expecting from Bob, it's a forgery. -//! -//! # Usage -//! -//! ```rust -//! use crypto_box::{Box, PublicKey, SecretKey, aead::Aead}; -//! -//! // -//! // Encryption -//! // -//! -//! // Generate a random secret key. -//! // NOTE: It can be serialized as bytes by calling `secret_key.to_bytes()` -//! let mut rng = rand_core::OsRng; -//! let alice_secret_key = SecretKey::generate(&mut rng); -//! -//! // Get the public key for the secret key we just generated -//! let alice_public_key_bytes = alice_secret_key.public_key().as_bytes().clone(); -//! -//! // Obtain your recipient's public key. -//! let bob_public_key = PublicKey::from([ -//! 0xe8, 0x98, 0xc, 0x86, 0xe0, 0x32, 0xf1, 0xeb, -//! 0x29, 0x75, 0x5, 0x2e, 0x8d, 0x65, 0xbd, 0xdd, -//! 0x15, 0xc3, 0xb5, 0x96, 0x41, 0x17, 0x4e, 0xc9, -//! 0x67, 0x8a, 0x53, 0x78, 0x9d, 0x92, 0xc7, 0x54, -//! ]); -//! -//! // Create a `Box` by performing Diffie-Hellman key agreement between -//! // the two keys. -//! let alice_box = Box::new(&bob_public_key, &alice_secret_key); -//! -//! // Get a random nonce to encrypt the message under -//! let nonce = crypto_box::generate_nonce(&mut rng); -//! -//! // Message to encrypt -//! let plaintext = b"Top secret message we're encrypting"; -//! -//! // Encrypt the message using the box -//! let ciphertext = alice_box.encrypt(&nonce, &plaintext[..]).unwrap(); -//! -//! // -//! // Decryption -//! // -//! -//! // Either side can encrypt or decrypt messages under the Diffie-Hellman key -//! // they agree upon. The example below shows Bob's side. -//! let bob_secret_key = SecretKey::from([ -//! 0xb5, 0x81, 0xfb, 0x5a, 0xe1, 0x82, 0xa1, 0x6f, -//! 0x60, 0x3f, 0x39, 0x27, 0xd, 0x4e, 0x3b, 0x95, -//! 0xbc, 0x0, 0x83, 0x10, 0xb7, 0x27, 0xa1, 0x1d, -//! 0xd4, 0xe7, 0x84, 0xa0, 0x4, 0x4d, 0x46, 0x1b -//! ]); -//! -//! // Deserialize Alice's public key from bytes -//! let alice_public_key = PublicKey::from(alice_public_key_bytes); -//! -//! // Bob can compute the same Box as Alice by performing the reciprocal -//! // key exchange operation. -//! let bob_box = Box::new(&alice_public_key, &bob_secret_key); -//! -//! // Decrypt the message, using the same randomly generated nonce -//! let decrypted_plaintext = bob_box.decrypt(&nonce, &ciphertext[..]).unwrap(); -//! -//! assert_eq!(&plaintext[..], &decrypted_plaintext[..]); -//! ``` -//! -//! ## Choosing `ChaChaBox` vs `SalasaBox` -//! -//! Currently, `crypto_box::Box` is default to use `xsalsa20poly1305` which doesn't support non-empty associated data -//! field. To specify customized AD, you can use `crypto_box::ChaChaBox` instead. -//! -//! ```rust -//! use crypto_box::{ChaChaBox, PublicKey, SecretKey, aead::{Aead, Payload}}; -//! -//! let mut rng = rand_core::OsRng; -//! let alice_secret_key = SecretKey::generate(&mut rng); -//! let alice_public_key_bytes = alice_secret_key.public_key().as_bytes().clone(); -//! let bob_public_key = PublicKey::from([ -//! 0xe8, 0x98, 0xc, 0x86, 0xe0, 0x32, 0xf1, 0xeb, -//! 0x29, 0x75, 0x5, 0x2e, 0x8d, 0x65, 0xbd, 0xdd, -//! 0x15, 0xc3, 0xb5, 0x96, 0x41, 0x17, 0x4e, 0xc9, -//! 0x67, 0x8a, 0x53, 0x78, 0x9d, 0x92, 0xc7, 0x54, -//! ]); -//! let alice_box = ChaChaBox::new(&bob_public_key, &alice_secret_key); -//! let nonce = crypto_box::generate_nonce(&mut rng); -//! -//! // Message to encrypt -//! let plaintext = b"Top secret message we're encrypting".as_ref(); -//! let associated_data = b"customized associated data here".as_ref(); -//! -//! // Encrypt the message using the box -//! let ciphertext = alice_box.encrypt(&nonce, Payload { -//! msg: plaintext, // your message to encrypt -//! aad: associated_data, // not encrypted, but authenticated in tag -//! }).unwrap(); -//! -//! // -//! // Decryption -//! // -//! -//! let bob_secret_key = SecretKey::from([ -//! 0xb5, 0x81, 0xfb, 0x5a, 0xe1, 0x82, 0xa1, 0x6f, -//! 0x60, 0x3f, 0x39, 0x27, 0xd, 0x4e, 0x3b, 0x95, -//! 0xbc, 0x0, 0x83, 0x10, 0xb7, 0x27, 0xa1, 0x1d, -//! 0xd4, 0xe7, 0x84, 0xa0, 0x4, 0x4d, 0x46, 0x1b -//! ]); -//! let alice_public_key = PublicKey::from(alice_public_key_bytes); -//! let bob_box = ChaChaBox::new(&alice_public_key, &bob_secret_key); -//! -//! // Decrypt the message, using the same randomly generated nonce -//! let decrypted_plaintext = bob_box.decrypt(&nonce, Payload { -//! msg: &ciphertext, -//! aad: associated_data, // tag authentication will fail if associated data doesn't match, which fails the decryption -//! }).unwrap(); -//! -//! assert_eq!(&plaintext[..], &decrypted_plaintext[..]); -//! ``` -//! -//! ## In-place Usage (eliminates `alloc` requirement) -//! -//! This crate has an optional `alloc` feature which can be disabled in e.g. -//! microcontroller environments that don't have a heap. -//! -//! The [`AeadInPlace::encrypt_in_place`] and [`AeadInPlace::decrypt_in_place`] -//! methods accept any type that impls the [`aead::Buffer`] trait which -//! contains the plaintext for encryption or ciphertext for decryption. -//! -//! Note that if you enable the `heapless` feature of this crate, -//! you will receive an impl of `aead::Buffer` for [`heapless::Vec`] -//! (re-exported from the `aead` crate as `aead::heapless::Vec`), -//! which can then be passed as the `buffer` parameter to the in-place encrypt -//! and decrypt methods. -//! -//! A `heapless` usage example can be found in the documentation for the -//! `xsalsa20poly1305` crate: -//! -//! -//! -//! [NaCl]: https://nacl.cr.yp.to/ -//! [`crypto_box`]: https://nacl.cr.yp.to/box.html -//! [X25519]: https://cr.yp.to/ecdh.html -//! [XSalsa20Poly1305]: https://nacl.cr.yp.to/secretbox.html -//! [ECIES]: https://en.wikipedia.org/wiki/Integrated_Encryption_Scheme -//! [`heapless::Vec`]: https://docs.rs/heapless/latest/heapless/struct.Vec.html - -#![no_std] -#![doc( - html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", - html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg" -)] -#![warn(missing_docs, rust_2018_idioms)] - -pub use xsalsa20poly1305::{aead, generate_nonce}; - -use chacha20::hchacha; -use chacha20poly1305::XChaCha20Poly1305; -use core::fmt::{self, Debug}; -use rand_core::{CryptoRng, RngCore}; -use salsa20::hsalsa20; -use x25519_dalek::{x25519, X25519_BASEPOINT_BYTES}; -use xsalsa20poly1305::aead::{ - consts::{U0, U16, U24}, - generic_array::GenericArray, - AeadCore, AeadInPlace, Buffer, Error, NewAead, -}; -use xsalsa20poly1305::XSalsa20Poly1305; -use zeroize::{Zeroize, Zeroizing}; - -/// Size of a `crypto_box` public or secret key in bytes. -pub const KEY_SIZE: usize = 32; - -/// Poly1305 tag. -/// -/// Implemented as an alias for [`GenericArray`]. -pub type Tag = GenericArray; - -/// `crypto_box` secret key -#[derive(Clone)] -pub struct SecretKey([u8; KEY_SIZE]); - -impl SecretKey { - /// Generate a random [`SecretKey`]. - pub fn generate(csprng: &mut T) -> Self - where - T: RngCore + CryptoRng, - { - let mut bytes = [0u8; KEY_SIZE]; - csprng.fill_bytes(&mut bytes); - SecretKey(bytes) - } - - /// Get the [`PublicKey`] which corresponds to this [`SecretKey`] - pub fn public_key(&self) -> PublicKey { - PublicKey(x25519(self.0, X25519_BASEPOINT_BYTES)) - } - - /// Get the serialized bytes for this [`SecretKey`] - pub fn to_bytes(&self) -> [u8; KEY_SIZE] { - self.0 - } -} - -impl From<[u8; KEY_SIZE]> for SecretKey { - fn from(bytes: [u8; KEY_SIZE]) -> SecretKey { - SecretKey(bytes) - } -} - -impl Debug for SecretKey { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.write_str("SecretKey(...)") - } -} - -impl Drop for SecretKey { - fn drop(&mut self) { - self.0.zeroize(); - } -} - -/// `crypto_box` public key -#[derive(Clone, Debug, Eq, PartialEq, Hash)] -pub struct PublicKey([u8; KEY_SIZE]); - -impl PublicKey { - /// Borrow this public key as bytes. - pub fn as_bytes(&self) -> &[u8; 32] { - &self.0 - } -} - -impl AsRef<[u8]> for PublicKey { - fn as_ref(&self) -> &[u8] { - &self.0 - } -} - -impl From<&SecretKey> for PublicKey { - fn from(secret_key: &SecretKey) -> PublicKey { - secret_key.public_key() - } -} - -impl From<[u8; KEY_SIZE]> for PublicKey { - fn from(bytes: [u8; KEY_SIZE]) -> PublicKey { - PublicKey(bytes) - } -} - -macro_rules! impl_aead_in_place { - ($box:ty, $nonce_size:ty, $tag_size:ty, $ct_overhead:ty) => { - impl AeadCore for $box { - type NonceSize = $nonce_size; - type TagSize = $tag_size; - type CiphertextOverhead = $ct_overhead; - } - - impl AeadInPlace for $box { - fn encrypt_in_place( - &self, - nonce: &GenericArray, - associated_data: &[u8], - buffer: &mut dyn Buffer, - ) -> Result<(), Error> { - self.0.encrypt_in_place(nonce, associated_data, buffer) - } - - fn encrypt_in_place_detached( - &self, - nonce: &GenericArray, - associated_data: &[u8], - buffer: &mut [u8], - ) -> Result { - self.0 - .encrypt_in_place_detached(nonce, associated_data, buffer) - } - - fn decrypt_in_place( - &self, - nonce: &GenericArray, - associated_data: &[u8], - buffer: &mut dyn Buffer, - ) -> Result<(), Error> { - self.0.decrypt_in_place(nonce, associated_data, buffer) - } - - fn decrypt_in_place_detached( - &self, - nonce: &GenericArray, - associated_data: &[u8], - buffer: &mut [u8], - tag: &Tag, - ) -> Result<(), Error> { - self.0 - .decrypt_in_place_detached(nonce, associated_data, buffer, tag) - } - } - }; -} - -/// Alias for [`SalsaBox`]. -pub type Box = SalsaBox; - -/// Public-key encryption scheme based on the [X25519] Elliptic Curve -/// Diffie-Hellman function and the [XSalsa20Poly1305] authenticated encryption -/// cipher. -/// -/// This type impls the [`aead::Aead`] trait, and otherwise functions as a -/// symmetric Authenticated Encryption with Associated Data (AEAD) cipher -/// once instantiated. -/// -/// [X25519]: https://cr.yp.to/ecdh.html -/// [XSalsa20Poly1305]: https://github.com/RustCrypto/AEADs/tree/master/xsalsa20poly1305 -#[derive(Clone)] -pub struct SalsaBox(XSalsa20Poly1305); - -impl SalsaBox { - /// Create a new [`SalsaBox`], performing X25519 Diffie-Hellman to derive - /// a shared secret from the provided public and secret keys. - pub fn new(public_key: &PublicKey, secret_key: &SecretKey) -> Self { - let shared_secret = Zeroizing::new(x25519(secret_key.0, public_key.0)); - - // Use HSalsa20 to create a uniformly random key from the shared secret - let mut key = hsalsa20( - GenericArray::from_slice(&*shared_secret), - &GenericArray::default(), - ); - - let cipher = XSalsa20Poly1305::new(&key); - key.zeroize(); - - SalsaBox(cipher) - } -} - -impl_aead_in_place!(SalsaBox, U24, U16, U0); - -/// Public-key encryption scheme based on the [X25519] Elliptic Curve -/// Diffie-Hellman function and the [XChaCha20Poly1305] authenticated encryption -/// cipher. -/// -/// This type impls the [`aead::Aead`] trait, and otherwise functions as a -/// symmetric Authenticated Encryption with Associated Data (AEAD) cipher -/// once instantiated. -/// -/// [X25519]: https://cr.yp.to/ecdh.html -/// [XChaCha20Poly1305]: https://github.com/RustCrypto/AEADs/blob/master/chacha20poly1305/ -#[derive(Clone)] -pub struct ChaChaBox(XChaCha20Poly1305); - -impl ChaChaBox { - /// Create a new [`ChaChaBox`], performing X25519 Diffie-Hellman to derive - /// a shared secret from the provided public and secret keys. - pub fn new(public_key: &PublicKey, secret_key: &SecretKey) -> Self { - let shared_secret = Zeroizing::new(x25519(secret_key.0, public_key.0)); - - // Use HChaCha20 to create a uniformly random key from the shared secret - let mut key = hchacha::( - GenericArray::from_slice(&*shared_secret), - &GenericArray::default(), - ); - - let cipher = XChaCha20Poly1305::new(&key); - key.zeroize(); - - ChaChaBox(cipher) - } -} - -impl_aead_in_place!(ChaChaBox, U24, U16, U0); diff --git a/crypto_box/tests/lib.rs b/crypto_box/tests/lib.rs deleted file mode 100644 index b4d4edac..00000000 --- a/crypto_box/tests/lib.rs +++ /dev/null @@ -1,231 +0,0 @@ -//! `crypto_box` test vectors -//! -//! Adapted from PHP Sodium Compat's test vectors: -//! - -use crypto_box::aead::{generic_array::GenericArray, Aead, AeadInPlace, Payload}; -use crypto_box::{ChaChaBox, PublicKey, SalsaBox, SecretKey}; -use std::any::TypeId; - -// Alice's keypair -const ALICE_SECRET_KEY: [u8; 32] = [ - 0x68, 0xf2, 0x8, 0x41, 0x2d, 0x8d, 0xd5, 0xdb, 0x9d, 0xc, 0x6d, 0x18, 0x51, 0x2e, 0x86, 0xf0, - 0xec, 0x75, 0x66, 0x5a, 0xb8, 0x41, 0x37, 0x2d, 0x57, 0xb0, 0x42, 0xb2, 0x7e, 0xf8, 0x9d, 0x4c, -]; -const ALICE_PUBLIC_KEY: [u8; 32] = [ - 0xac, 0x3a, 0x70, 0xba, 0x35, 0xdf, 0x3c, 0x3f, 0xae, 0x42, 0x7a, 0x7c, 0x72, 0x2, 0x1d, 0x68, - 0xf2, 0xc1, 0xe0, 0x44, 0x4, 0xb, 0x75, 0xf1, 0x73, 0x13, 0xc0, 0xc8, 0xb5, 0xd4, 0x24, 0x1d, -]; - -// Bob's keypair -const BOB_SECRET_KEY: [u8; 32] = [ - 0xb5, 0x81, 0xfb, 0x5a, 0xe1, 0x82, 0xa1, 0x6f, 0x60, 0x3f, 0x39, 0x27, 0xd, 0x4e, 0x3b, 0x95, - 0xbc, 0x0, 0x83, 0x10, 0xb7, 0x27, 0xa1, 0x1d, 0xd4, 0xe7, 0x84, 0xa0, 0x4, 0x4d, 0x46, 0x1b, -]; -const BOB_PUBLIC_KEY: [u8; 32] = [ - 0xe8, 0x98, 0xc, 0x86, 0xe0, 0x32, 0xf1, 0xeb, 0x29, 0x75, 0x5, 0x2e, 0x8d, 0x65, 0xbd, 0xdd, - 0x15, 0xc3, 0xb5, 0x96, 0x41, 0x17, 0x4e, 0xc9, 0x67, 0x8a, 0x53, 0x78, 0x9d, 0x92, 0xc7, 0x54, -]; - -const NONCE: &[u8; 24] = &[ - 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73, 0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6, - 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37, -]; - -const PLAINTEXT: &[u8] = &[ - 0xbe, 0x07, 0x5f, 0xc5, 0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16, 0xeb, 0xeb, 0x0c, 0x7b, - 0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4, 0x4b, 0x66, 0x84, 0x9b, 0x64, 0x24, 0x4f, 0xfc, - 0xe5, 0xec, 0xba, 0xaf, 0x33, 0xbd, 0x75, 0x1a, 0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29, - 0x6c, 0xdc, 0x3c, 0x01, 0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce, 0x31, 0x4a, 0xdb, 0x31, - 0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d, 0xce, 0xea, 0x3a, 0x7f, 0xa1, 0x34, 0x80, 0x57, - 0xe2, 0xf6, 0x55, 0x6a, 0xd6, 0xb1, 0x31, 0x8a, 0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde, - 0x04, 0x89, 0x77, 0xeb, 0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c, 0x60, 0x90, 0x2e, 0x52, - 0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40, 0xe0, 0x82, 0xf9, 0x37, 0x76, 0x38, 0x48, 0x64, - 0x5e, 0x07, 0x05, -]; - -#[test] -fn generate_secret_key() { - SecretKey::generate(&mut rand_core::OsRng); -} - -#[test] -fn secret_and_public_keys() { - let secret_key = SecretKey::from(ALICE_SECRET_KEY); - assert_eq!(&secret_key.to_bytes(), &ALICE_SECRET_KEY); - - // Ensure `Debug` impl on `SecretKey` is covered in tests - dbg!(&secret_key); - - assert_eq!(secret_key.public_key().as_bytes(), &ALICE_PUBLIC_KEY); -} - -macro_rules! impl_tests { - ($box:ty, $plaintext:expr, $ciphertext:expr) => { - #[test] - fn encrypt() { - let secret_key = SecretKey::from(ALICE_SECRET_KEY); - let public_key = PublicKey::from(BOB_PUBLIC_KEY); - let nonce = GenericArray::from_slice(NONCE); - - let ciphertext = <$box>::new(&public_key, &secret_key) - .encrypt(nonce, $plaintext) - .unwrap(); - - assert_eq!($ciphertext, &ciphertext[..]); - } - - #[test] - fn encrypt_in_place_detached() { - let secret_key = SecretKey::from(ALICE_SECRET_KEY); - let public_key = PublicKey::from(BOB_PUBLIC_KEY); - let nonce = GenericArray::from_slice(NONCE); - let mut buffer = $plaintext.to_vec(); - - let tag = <$box>::new(&public_key, &secret_key) - .encrypt_in_place_detached(nonce, b"", &mut buffer) - .unwrap(); - - let (expected_tag, expected_ciphertext) = - if TypeId::of::<$box>() == TypeId::of::() { - // xsalsa20poly1035 use prefix tag - $ciphertext.split_at(16) - } else { - // for xchacha20poly1035 and others use standard postfix tag - let (ct, tag) = $ciphertext.split_at($ciphertext.len() - 16); - (tag, ct) - }; - assert_eq!(expected_tag, &tag[..]); - assert_eq!(expected_ciphertext, &buffer[..]); - } - - #[test] - fn decrypt() { - let secret_key = SecretKey::from(BOB_SECRET_KEY); - let public_key = PublicKey::from(ALICE_PUBLIC_KEY); - let nonce = GenericArray::from_slice(NONCE); - - let plaintext = <$box>::new(&public_key, &secret_key) - .decrypt(nonce, $ciphertext) - .unwrap(); - - assert_eq!($plaintext, &plaintext[..]); - } - - #[test] - fn decrypt_in_place_detached() { - let secret_key = SecretKey::from(BOB_SECRET_KEY); - let public_key = PublicKey::from(ALICE_PUBLIC_KEY); - let nonce = GenericArray::from_slice(NONCE); - let (tag, mut buffer) = if TypeId::of::<$box>() == TypeId::of::() { - // xsalsa20poly1035 use prefix tag - ( - GenericArray::clone_from_slice(&$ciphertext[..16]), - $ciphertext[16..].to_vec(), - ) - } else { - ( - // for xchacha20poly1035 and others use standard postfix tag - GenericArray::clone_from_slice(&$ciphertext[$ciphertext.len() - 16..]), - $ciphertext[..$ciphertext.len() - 16].to_vec(), - ) - }; - - <$box>::new(&public_key, &secret_key) - .decrypt_in_place_detached(nonce, b"", &mut buffer, &tag) - .unwrap(); - - assert_eq!($plaintext, &buffer[..]); - } - }; -} - -mod xsalsa20poly1305 { - use super::*; - const CIPHERTEXT: &[u8] = &[ - 0xc0, 0x3f, 0x27, 0xd1, 0x88, 0xef, 0x65, 0xc, 0xd1, 0x29, 0x36, 0x91, 0x31, 0x37, 0xbb, - 0x17, 0xed, 0x4c, 0x98, 0xc2, 0x64, 0x89, 0x39, 0xe2, 0xe1, 0xd2, 0xe8, 0x55, 0x47, 0xa, - 0x7b, 0x8c, 0x63, 0x2c, 0xab, 0xfd, 0x5a, 0xb3, 0xb3, 0xc2, 0xd3, 0x13, 0xdc, 0x8c, 0x9e, - 0xcf, 0x5d, 0xa1, 0x73, 0xe1, 0xf9, 0xc3, 0x18, 0xcd, 0xef, 0x1d, 0xce, 0xd6, 0xd2, 0x51, - 0x9e, 0x69, 0x50, 0x85, 0xe6, 0xb5, 0xc4, 0x1, 0xa2, 0xbd, 0x53, 0x31, 0x44, 0x29, 0x86, - 0xc7, 0x7, 0x6d, 0x41, 0x26, 0x25, 0x49, 0x7c, 0x4c, 0xb2, 0xfd, 0x94, 0xc6, 0xf1, 0x3, - 0x96, 0x10, 0x33, 0xb2, 0xc9, 0x30, 0xd7, 0xe8, 0x2e, 0x3, 0x41, 0xf2, 0x9d, 0x38, 0x79, - 0xbd, 0x6a, 0xb9, 0xd8, 0x81, 0xea, 0x3a, 0x1f, 0x36, 0x5d, 0x63, 0x4e, 0x65, 0x3c, 0x6e, - 0x17, 0x1a, 0xac, 0x7f, 0xc1, 0xe7, 0x69, 0x34, 0xd2, 0x3b, 0xe6, 0xf0, 0x4a, 0x54, 0x1, - 0x8, 0x8, 0xdb, 0xf0, 0xf9, 0xbd, 0x30, 0xf6, 0x3b, 0x68, 0xd0, 0x26, - ]; - - impl_tests!(SalsaBox, PLAINTEXT, CIPHERTEXT); -} - -mod xchacha20poly1305 { - use super::*; - const CIPHERTEXT: &[u8] = &[ - 0xa2, 0x97, 0x83, 0x74, 0xed, 0x27, 0x9c, 0xfb, 0xcd, 0x6d, 0x6d, 0xa4, 0x27, 0xe4, 0x2d, - 0x4, 0x97, 0xdf, 0xb9, 0x1f, 0xba, 0x87, 0x65, 0x34, 0x93, 0xf4, 0xc8, 0xf1, 0xdd, 0xd9, - 0x64, 0x17, 0xe7, 0x80, 0x12, 0x55, 0xf9, 0x43, 0xd6, 0xe0, 0x7, 0x85, 0xe4, 0xd2, 0x17, - 0x1b, 0xe2, 0x96, 0x5d, 0xd2, 0xd9, 0x23, 0x5e, 0x5f, 0x7d, 0xa9, 0x8e, 0x7f, 0x5f, 0xe7, - 0x36, 0x66, 0x65, 0x53, 0x20, 0xe0, 0xe0, 0x7, 0xfc, 0x9f, 0x30, 0x6a, 0x43, 0x68, 0x74, - 0xdf, 0x3f, 0x9, 0x53, 0xc8, 0x3a, 0xc5, 0xd7, 0xfb, 0x1e, 0x61, 0x3e, 0x8d, 0xf4, 0x6e, - 0x22, 0x74, 0xab, 0x32, 0xe3, 0xfa, 0x13, 0x6e, 0x1e, 0xad, 0x14, 0x7f, 0x82, 0x33, 0xb3, - 0xd3, 0xff, 0x91, 0xdc, 0x8a, 0xf5, 0xf7, 0x1, 0x8b, 0xd5, 0x6c, 0xbd, 0x72, 0xbe, 0xd7, - 0xda, 0x2d, 0x5b, 0xa3, 0xb9, 0xe0, 0x8f, 0xde, 0xe8, 0xd8, 0x99, 0xed, 0x61, 0x6f, 0xe4, - 0x7b, 0xeb, 0xde, 0xa5, 0xf8, 0x89, 0x25, 0x1f, 0xbc, 0xf8, 0x94, 0x8e, - ]; - - // with customized associated data "associated data here" - const CIPHERTEXT_WITH_AAD: &[u8] = &[ - 0xa2, 0x97, 0x83, 0x74, 0xed, 0x27, 0x9c, 0xfb, 0xcd, 0x6d, 0x6d, 0xa4, 0x27, 0xe4, 0x2d, - 0x4, 0x97, 0xdf, 0xb9, 0x1f, 0xba, 0x87, 0x65, 0x34, 0x93, 0xf4, 0xc8, 0xf1, 0xdd, 0xd9, - 0x64, 0x17, 0xe7, 0x80, 0x12, 0x55, 0xf9, 0x43, 0xd6, 0xe0, 0x7, 0x85, 0xe4, 0xd2, 0x17, - 0x1b, 0xe2, 0x96, 0x5d, 0xd2, 0xd9, 0x23, 0x5e, 0x5f, 0x7d, 0xa9, 0x8e, 0x7f, 0x5f, 0xe7, - 0x36, 0x66, 0x65, 0x53, 0x20, 0xe0, 0xe0, 0x7, 0xfc, 0x9f, 0x30, 0x6a, 0x43, 0x68, 0x74, - 0xdf, 0x3f, 0x9, 0x53, 0xc8, 0x3a, 0xc5, 0xd7, 0xfb, 0x1e, 0x61, 0x3e, 0x8d, 0xf4, 0x6e, - 0x22, 0x74, 0xab, 0x32, 0xe3, 0xfa, 0x13, 0x6e, 0x1e, 0xad, 0x14, 0x7f, 0x82, 0x33, 0xb3, - 0xd3, 0xff, 0x91, 0xdc, 0x8a, 0xf5, 0xf7, 0x1, 0x8b, 0xd5, 0x6c, 0xbd, 0x72, 0xbe, 0xd7, - 0xda, 0x2d, 0x5b, 0xa3, 0xb9, 0xe0, 0x8f, 0xde, 0xe8, 0xd8, 0x99, 0xe, 0xb9, 0xae, 0x37, - 0x9e, 0x6d, 0x3a, 0x56, 0xc6, 0x88, 0x25, 0x8b, 0x61, 0x43, 0xe6, 0x7d, - ]; - - impl_tests!(ChaChaBox, PLAINTEXT, CIPHERTEXT); - - #[test] - fn encrypt_with_aad() { - let secret_key = SecretKey::from(ALICE_SECRET_KEY); - let public_key = PublicKey::from(BOB_PUBLIC_KEY); - let nonce = GenericArray::from_slice(NONCE); - - let ciphertext = ChaChaBox::new(&public_key, &secret_key) - .encrypt( - nonce, - Payload { - msg: PLAINTEXT, - aad: b"associated data here".as_ref(), - }, - ) - .unwrap(); - - let ct_len = ciphertext.len() - 16; // only the ciphertext, excluding the tag - assert_eq!(CIPHERTEXT[..ct_len], ciphertext[..ct_len]); - assert_eq!(CIPHERTEXT_WITH_AAD, &ciphertext[..]); - } - - #[test] - fn decrypt_with_aad() { - let secret_key = SecretKey::from(BOB_SECRET_KEY); - let public_key = PublicKey::from(ALICE_PUBLIC_KEY); - let nonce = GenericArray::from_slice(NONCE); - - let plaintext = ChaChaBox::new(&public_key, &secret_key) - .decrypt( - nonce, - Payload { - msg: CIPHERTEXT_WITH_AAD, - aad: b"associated data here".as_ref(), - }, - ) - .unwrap(); - - assert_eq!(PLAINTEXT, &plaintext[..]); - } -}