Repo of no-std crates for my personal embedded projects
Clearer context naming, remove redundant trait
+30
-58
+30
-58
sachy-crypto/src/lib.rs
+30
-58
sachy-crypto/src/lib.rs
···
1
1
#![no_std]
2
2
3
-
use core::ops::{AddAssign, BitXor};
3
+
use core::ops::BitXor;
4
4
5
5
use chacha20poly1305::{AeadInOut, ChaCha20Poly1305, KeyInit, aead};
6
6
use dhkem::{
···
120
120
}
121
121
}
122
122
123
-
/// Low-level Transport implementation.
124
-
///
125
-
/// This trait provides a particular "flavor" of transport, as there are
126
-
/// different ways the specifics of the construction can be implemented.
127
-
trait TransportPrimitive<A>
128
-
where
129
-
A: AeadInOut,
130
-
{
131
-
/// Type used as the Trasnport counter.
132
-
type Counter: AddAssign + Copy + Default + Eq;
133
-
134
-
/// Value to use when incrementing the Transport counter (i.e. one)
135
-
const COUNTER_INCR: Self::Counter;
136
-
137
-
/// Maximum number of messages allowed to be sent via Transport
138
-
const COUNTER_MAX: Self::Counter;
139
-
}
140
-
141
123
pub struct SendingState<'a> {
142
124
transport: &'a TransportState,
143
125
counter: u64,
···
149
131
msg: &mut dyn aead::Buffer,
150
132
associated_data: &[u8],
151
133
) -> Result<(), ProtoError> {
152
-
if self.counter.ct_eq(&TransportState::COUNTER_MAX).into() {
134
+
if self.counter.ct_eq(&u64::MAX).into() {
153
135
return Err(ProtoError);
154
136
}
155
137
156
-
let counter = self.counter.to_be_bytes();
157
-
158
138
self.transport.aead.encrypt_in_place(
159
-
&self.transport.mix_nonce(&counter, Role::Sender),
139
+
&self
140
+
.transport
141
+
.mix_nonce(&self.counter.to_be_bytes(), Role::Sender),
160
142
associated_data,
161
143
msg,
162
144
)?;
163
145
164
-
self.counter = self.counter.wrapping_add(TransportState::COUNTER_INCR);
146
+
self.counter = self.counter.wrapping_add(1);
165
147
166
148
Ok(())
167
149
}
···
178
160
msg: &mut dyn aead::Buffer,
179
161
associated_data: &[u8],
180
162
) -> Result<(), ProtoError> {
181
-
if self.counter.ct_eq(&TransportState::COUNTER_MAX).into() {
163
+
if self.counter.ct_eq(&u64::MAX).into() {
182
164
return Err(ProtoError);
183
165
}
184
-
185
-
let counter = self.counter.to_be_bytes();
186
166
187
167
self.transport.aead.decrypt_in_place(
188
-
&self.transport.mix_nonce(&counter, Role::Receiver),
168
+
&self
169
+
.transport
170
+
.mix_nonce(&self.counter.to_be_bytes(), Role::Receiver),
189
171
associated_data,
190
172
msg,
191
173
)?;
192
174
193
-
self.counter = self.counter.wrapping_add(TransportState::COUNTER_INCR);
175
+
self.counter = self.counter.wrapping_add(1);
194
176
195
177
Ok(())
196
178
}
197
179
}
198
180
199
-
impl TransportPrimitive<ChaCha20Poly1305> for TransportState {
200
-
type Counter = u64;
201
-
202
-
const COUNTER_INCR: Self::Counter = 1;
203
-
204
-
const COUNTER_MAX: Self::Counter = u64::MAX;
205
-
}
206
-
207
181
#[repr(align(4))]
208
182
pub struct TransportState {
209
183
aead: ChaCha20Poly1305,
210
-
first: aead::Nonce<ChaCha20Poly1305>,
211
-
second: aead::Nonce<ChaCha20Poly1305>,
184
+
client: aead::Nonce<ChaCha20Poly1305>,
185
+
server: aead::Nonce<ChaCha20Poly1305>,
212
186
role: Role,
213
187
}
214
188
···
222
196
let kdf = noncer.extract::<sha2::Sha256>(Some(psk));
223
197
224
198
let mut key = [0u8; 32];
225
-
226
-
let mut first = aead::Nonce::<ChaCha20Poly1305>::default();
227
-
let mut second = aead::Nonce::<ChaCha20Poly1305>::default();
199
+
let mut client = aead::Nonce::<ChaCha20Poly1305>::default();
200
+
let mut server = aead::Nonce::<ChaCha20Poly1305>::default();
228
201
229
202
kdf.expand(b"SachY-Crypt0", &mut key)
230
203
.map_err(|_| ProtoError)?;
231
-
232
-
kdf.expand(b"N*nceOne", &mut first)
204
+
kdf.expand(b"NonceClient*", &mut client)
233
205
.map_err(|_| ProtoError)?;
234
-
kdf.expand(b"N#nceTwo", &mut second)
206
+
kdf.expand(b"NonceServer#", &mut server)
235
207
.map_err(|_| ProtoError)?;
236
208
237
209
Ok(Self {
238
210
aead: ChaCha20Poly1305::new(&key.into()),
239
-
first,
240
-
second,
211
+
client,
212
+
server,
241
213
role,
242
214
})
243
215
}
···
262
234
263
235
// Handshake ROLE XOR Transport ROLE selects either one or other nonce context,
264
236
// (0) for first context, (1) for second context
265
-
// Sending: Client ^ Sender = 0 (select first)
266
-
// Receiving: Server ^ Receiver = 0 (select first)
267
-
// Sending: Server ^ Sender = 1 (select second)
268
-
// Receiving: Client ^ Receiver = 1 (select second)
237
+
// Sending: Client ^ Sender = 0 (select first/client context)
238
+
// Receiving: Server ^ Receiver = 0 (select first/client context)
239
+
// Sending: Server ^ Sender = 1 (select second/server context)
240
+
// Receiving: Client ^ Receiver = 1 (select second/server context)
269
241
if context_select.ct_eq(&0).into() {
270
-
&self.first
242
+
&self.client
271
243
} else {
272
-
&self.second
244
+
&self.server
273
245
}
274
246
}
275
247
···
403
375
assert_eq!(&buffer1, &buffer2);
404
376
405
377
// Both Transports have derived base nonces for each context.
406
-
// First context nonces will not match Second context nonces.
407
-
assert_eq!(alice.first, bob.first);
408
-
assert_eq!(alice.second, bob.second);
409
-
assert_ne!(alice.first, alice.second);
410
-
assert_ne!(bob.first, bob.second);
378
+
// Client context nonces will not match Server context nonces.
379
+
assert_eq!(alice.client, bob.client);
380
+
assert_eq!(alice.server, bob.server);
381
+
assert_ne!(alice.client, alice.server);
382
+
assert_ne!(bob.client, bob.server);
411
383
412
384
Ok(())
413
385
}