[−][src]Function arx_kw::ex::construct_nonce
#[must_use]pub fn construct_nonce(authentication_tag: &AuthTag) -> [u8; 24]
Concatenates an authentication tag to the EX prefix and returns the resulting intermediate nonce
There is probably not much of a reason to use this outside of this library unless you're writing a new ARX-KW implementation.
Please read:
I am making it public largely to provide a look into how ARX-KW works (and because I already wrote documentation and doctests for it).
Because the nonce is created and consumed within the key wrapping process itself (as opposed to the authentication tag, stored alongside the wrapped key) and the API exposed by this crate uses fixed length (ie checked at compile time) input for keys and authentication tags which are of different size than that of the nonce, I hope (perhaps naïvely) that misuse of this function is too awkward to take place. That said, it is useful as an example and could be re-used in another crate looking to implement ARX-KW---EX.
With that out of the way:
The prefix is the ASCII encoding of the string arbitrEX
, or 0x6172626974724558, as defined
for ARX-KW-8-2-4-EX in the paper by Sato Shinichi.
The value returned is a fixed-length array of 192 bits suitable for use as a nonce with
the XChaCha8
stream cipher when using the EX variant of ARX-KW
let mut t = AuthTag([0u8; 16]); for i in (0u8..16u8) { t.0[i as usize] = i; } let nonce = construct_nonce(&t); assert_eq!(nonce, [0x61,0x72,0x62,0x69,0x74,0x72,0x45,0x58,0x0,0x1,0x2,0x3,0x4,0x5,0x6,0x7,0x8,0x9,0xa,0xb,0xc,0xd,0xe,0xf]);
Using T and N from the test vectors for EX included in the ARX-KW paper:
extern crate hex; use hex::FromHex; use arx_kw::{ ex::construct_nonce, AuthTag, ConstantTimeEq, assert_ct_eq }; let authentication_tag = AuthTag(<[u8;16]>::from_hex("c4f21d3b4dbcc566c3a73bbc59790f2f")?); let nonce_expected = <[u8;24]>::from_hex("6172626974724558c4f21d3b4dbcc566c3a73bbc59790f2f")?; let nonce = construct_nonce(&authentication_tag); assert_ct_eq!(nonce, &nonce_expected); Ok(())