Trait arx_kw::ArxKW

pub trait ArxKW {
    type Key;
    pub fn encrypt(
        key: &Self::Key, 
        plaintext: &[u8]
    ) -> Result<(Vec<u8>, AuthTag), ArxKwError>;
    pub fn decrypt(
        key: &Self::Key, 
        ciphertext: &[u8], 
        authentication_tag: &AuthTag
    ) -> Result<Vec<u8>, ArxKwError>;

    pub fn encrypt_blob(
        key: &Self::Key, 
        plaintext: &[u8]
    ) -> Result<Vec<u8>, ArxKwError> { ... }
    pub fn decrypt_blob(
        key: &Self::Key, 
        blob: &[u8]
    ) -> Result<Vec<u8>, ArxKwError> { ... }
}

Provides encryption and decryption capabilites

The ArxKW trait requires a fixed-length array reference for keys and authentication tags but the ciphertext and plaintext inputs can be slices (their lengths are verified to be valid if used with the E and G variants).

The ArxKW::encrypt_blob and ArxKW::decrypt_blob are preferable to ArxKW::encrypt and ArxKW::decrypt in most cases, as they eliminate the need to manually manage authentication tags without a performance penalty, keeping with the spirit of ARX-KW (which was designed with removing the burden of nonce and block counter management as a primary goal.)

Associated Types

type Key

The type of data which is used as a key for the type that impls this trait. Note that this is not the same for all variants of ARX-KW. all of the currently-defined variants use the same-sized keys

Loading content...

Required methods

pub fn encrypt(
    key: &Self::Key,
    plaintext: &[u8]
) -> Result<(Vec<u8>, AuthTag), ArxKwError>

Encrypts the plaintext using ARX-KW and returns the encrypted ciphertext and an AuthTag

The authentication tag can be stored/transported alongside it and is needed (along with the key used to encrypt the plaintext) in order to decrypt the wrapped key.

Errors

Returns an error if the key or plaintext is of invalid length or if the end of the ChaCha cipher is reached unexpectedly.

pub fn decrypt(
    key: &Self::Key,
    ciphertext: &[u8],
    authentication_tag: &AuthTag
) -> Result<Vec<u8>, ArxKwError>

Attempts to decrypt the ciphertext using ARX-KW and returns the decrypted plaintext if successful. As ARX-KW is a form of authenticated encryption, the authenticity of the decrypted text is verified if the function returns an Ok value. which can be stored/transported alongside it.

Errors

Returns an error if the key or ciphertext is of invalid length or if the end of the ChaCha cipher is reached unexpectedly.

Loading content...

Provided methods

pub fn encrypt_blob(
    key: &Self::Key,
    plaintext: &[u8]
) -> Result<Vec<u8>, ArxKwError>

Encrypts the plaintext and returns a Vec<u8> containing both the authentication tag and the ciphertext.

While ARX-KW by design eliminates the need for nonce management, it can be further used to eliminate the complexity of managing authentication tags as well without incurring a large storage overhead. The encrypt_blob and decrypt_blob methods allow for this abstraction; the ciphertext and authentication tag can be treated as one opaque "blob" of bytes and so authentication and decryption of that blob can be done with just the key, eliminating the need to separately store a nonce or authentication tag. This gives a user-friendly interface to deterministic and authenticated encryption.

Errors

Returns an error if the key or plaintext is of invalid length or if the end of the [X]ChaCha stream is reached unexpectedly

 extern crate arx_kw;
 use arx_kw::{ArxKW,gx::GX,assert_ct_eq,ConstantTimeEq};
 extern crate hex;
 use hex::FromHex;

 let key = <[u8; 32]>::from_hex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f")?; // The key being used to encrypt the plaintext
 let plaintext = <[u8; 32]>::from_hex("deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef")?; // The key that we are trying to encrypt, as plaintext
 // The expected output: a "blob" consisting of the authentication tag followed by ciphertext. This can be treated as one opaque piece of data when using encrypt_blob and decrypt_blob
 let blob_expected = <[u8; 48]>::from_hex("016325cf6a3c4b2e3b039675e1ccbc652f83f391c97f3606ccd5709c6ee15d66cd7e65a2aeb7dc3066636e8f6b0d39c3")?;   
 let blob = GX::encrypt_blob(&key, &plaintext)?; // The output of encrypt_blob, a Vec<u8>
 assert_ct_eq!(blob, &blob_expected);

pub fn decrypt_blob(key: &Self::Key, blob: &[u8]) -> Result<Vec<u8>, ArxKwError>

Decrypts a blob containing an authentication tag followed by the corresponding ciphertext

If decryption is successful, returns a Vec<u8> containing the decrypted plaintext.

While ARX-KW by design eliminates the need for nonce management, it can be further used to eliminate the complexity of managing authentication tags as well without incurring a large storage overhead. The encrypt_blob and decrypt_blob methods allow for this abstraction; the ciphertext and authentication tag can be treated as one opaque "blob" of bytes and so authentication and decryption of that blob can be done with just the key, eliminating the need to separately store a nonce or authentication tag. This gives a user-friendly interface to deterministic and authenticated encryption.

Errors

Returns an error if the key or ciphertext is of invalid length, the authentication tag does not match the ciphertext that follows it, or if the end of the [X]ChaCha stream is reached unexpectedly

extern crate arx_kw;
use arx_kw::{ArxKW,e::E,assert_ct_eq,ConstantTimeEq};
extern crate hex;
use hex::FromHex;

let key = <[u8; 48]>::from_hex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f")?;
let blob = <[u8; 48]>::from_hex("c4f21d3b4dbcc566c3a73bbc59790f2fe6457d24abaf7c2ebdb91416a18366d31a66db61a4e45c9f42a119c353bb1eb1")?;
let plaintext_expected = <[u8;32]>::from_hex("deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef")?;
let plaintext = E::decrypt_blob(&key, &blob)?;
assert_ct_eq!(plaintext, &plaintext_expected);

Loading content...

Implementors

impl ArxKW for E

type Key = [u8; 48]

pub fn encrypt(
    key: &Self::Key,
    plaintext: &[u8]
) -> Result<(Vec<u8>, AuthTag), ArxKwError>

pub fn decrypt(
    key: &Self::Key,
    ciphertext: &[u8],
    authentication_tag: &AuthTag
) -> Result<Vec<u8>, ArxKwError>

impl ArxKW for EX

type Key = [u8; 48]

pub fn encrypt(
    key: &Self::Key,
    plaintext: &[u8]
) -> Result<(Vec<u8>, AuthTag), ArxKwError>

pub fn decrypt(
    key: &Self::Key,
    ciphertext: &[u8],
    authentication_tag: &AuthTag
) -> Result<Vec<u8>, ArxKwError>

impl ArxKW for G

type Key = [u8; 32]

pub fn encrypt(
    key: &Self::Key,
    plaintext: &[u8]
) -> Result<(Vec<u8>, AuthTag), ArxKwError>

pub fn decrypt(
    key: &Self::Key,
    ciphertext: &[u8],
    authentication_tag: &AuthTag
) -> Result<Vec<u8>, ArxKwError>

impl ArxKW for GX

type Key = [u8; 32]

pub fn encrypt(
    key: &Self::Key,
    plaintext: &[u8]
) -> Result<(Vec<u8>, AuthTag), ArxKwError>

pub fn decrypt(
    key: &Self::Key,
    ciphertext: &[u8],
    authentication_tag: &AuthTag
) -> Result<Vec<u8>, ArxKwError>

Loading content...