[−][src]Function arx_kw::gx::construct_nonce

#[must_use]pub fn construct_nonce(authentication_tag: &AuthTag) -> [u8; 24]

Concatenates an authentication tag to the GX prefix defined for ARX-KW-8-2-4-GX and returns the resulting intermediate nonce

Please Read:

There is probably not much of a reason to use this outside of this library unless you're writing a new ARX-KW implementation.

I am making it public largely to provide a look into how ARX-KW works (and because I already wrote documentation and doctests for it).

Because the nonce is created and consumed within the key wrapping process itself (as opposed to the authentication tag, stored alongside the wrapped key) and the API exposed by this crate uses fixed length (ie checked at compile time) input for keys and authentication tags which are of different size than that of the nonce, I hope (perhaps naïvely) that misuse of this function is too awkward to take place. That said, it is useful as an example and could be re-used in another crate looking to implement ARX-KW-8-2-4-GX.

With that out of the way:

The prefix is the ASCII encoding of the string arbitrGX, or 0x6172626974724758, as defined for ARX-KW-8-2-4-GX in the paper by Sato Shinichi.

The value returned is a fixed-length array of 192 bits suitable for use as a nonce with the XChaCha8 stream cipher when using the GX variant of ARX-KW

let mut t = AuthTag([0u8; 16]);
for i in (0u8..16u8) {
    t.0[i as usize] = i;
}
// t contains [0x0, 0x1, 0x2 .. 0xf]

let nonce = construct_nonce(&t);
assert_eq!(nonce,
[0x61,0x72,0x62,0x69,0x74,0x72,0x47,0x58,0x0,0x1,0x2,0x3,0x4,0x5,0x6,0x7,0x8,0x9,0xa,0xb,0xc,0xd,0xe,0xf]);

Using the authentication tag (T) and resulting nonce (N) for GX from the test vectors included in the ARX-KW paper:

 extern crate hex;
 use hex::FromHex;
    AuthTag,
    gx::construct_nonce,
};

let authentication_tag = AuthTag(<[u8;16]>::from_hex("016325cf6a3c4b2e3b039675e1ccbc65")?);
let nonce_expected = <[u8;24]>::from_hex("6172626974724758016325cf6a3c4b2e3b039675e1ccbc65")?;
let nonce = construct_nonce(&authentication_tag);
assert_eq!(nonce,nonce_expected);