A whimsical STROBE based encryption protocol
Some docs, typos
+32
-20
+7
-7
src/handshake.rs
+7
-7
src/handshake.rs
···
13
13
14
14
use crate::{
15
15
Role, WHARRGHARBL_PROTO,
16
-
transport::{AeadNeko, AeadTranport},
16
+
transport::{AeadNeko, AeadTransport},
17
17
};
18
18
19
19
pub struct ClientHandshake<S: NekoSec, K: Kem + ParameterSet> {
···
58
58
Ok(())
59
59
}
60
60
61
-
pub fn receive(&mut self, ciphertext: &[u8]) -> aead::Result<AeadTranport<S>> {
61
+
pub fn receive(&mut self, ciphertext: &[u8]) -> aead::Result<AeadTransport<S>> {
62
62
let decap = self.decap.as_ref().ok_or(aead::Error)?;
63
63
64
64
let tag = ciphertext
···
80
80
Ok(self.finish(shared))
81
81
}
82
82
83
-
fn finish(&mut self, mut shared: SharedKey) -> AeadTranport<S> {
83
+
fn finish(&mut self, mut shared: SharedKey) -> AeadTransport<S> {
84
84
self.neko.key(&shared);
85
85
shared.zeroize();
86
86
···
95
95
96
96
entropy.zeroize();
97
97
98
-
AeadTranport::new(key, outbound, inbound, Role::Sender)
98
+
AeadTransport::new(key, outbound, inbound, Role::Sender)
99
99
}
100
100
}
101
101
···
126
126
&mut self,
127
127
rng: &mut impl CryptoRng,
128
128
buf: &mut dyn Buffer,
129
-
) -> aead::Result<AeadTranport<S>> {
129
+
) -> aead::Result<AeadTransport<S>> {
130
130
let slice = buf.as_ref();
131
131
132
132
let tag = slice
···
154
154
Ok(self.finish(shared))
155
155
}
156
156
157
-
fn finish(&mut self, mut shared: SharedKey) -> AeadTranport<S> {
157
+
fn finish(&mut self, mut shared: SharedKey) -> AeadTransport<S> {
158
158
self.neko.key(&shared);
159
159
shared.zeroize();
160
160
···
169
169
170
170
entropy.zeroize();
171
171
172
-
AeadTranport::new(key, outbound, inbound, Role::Receiver)
172
+
AeadTransport::new(key, outbound, inbound, Role::Receiver)
173
173
}
174
174
}
175
175
+11
-11
src/transport.rs
+11
-11
src/transport.rs
···
72
72
}
73
73
}
74
74
75
-
pub struct AeadTranport<S: NekoSec> {
75
+
pub struct AeadTransport<S: NekoSec> {
76
76
pub(crate) aead: AeadNeko<S>,
77
77
pub(crate) epstein: aead::Nonce<AeadNeko<S>>,
78
78
pub(crate) trump: aead::Nonce<AeadNeko<S>>,
79
79
handshake_role: Role,
80
80
}
81
81
82
-
impl<S: NekoSec> zeroize::Zeroize for AeadTranport<S> {
82
+
impl<S: NekoSec> zeroize::Zeroize for AeadTransport<S> {
83
83
fn zeroize(&mut self) {
84
84
self.aead.zeroize();
85
85
self.epstein.zeroize();
···
87
87
}
88
88
}
89
89
90
-
impl<S: NekoSec> zeroize::ZeroizeOnDrop for AeadTranport<S> {}
90
+
impl<S: NekoSec> zeroize::ZeroizeOnDrop for AeadTransport<S> {}
91
91
92
-
impl<S: NekoSec> Drop for AeadTranport<S> {
92
+
impl<S: NekoSec> Drop for AeadTransport<S> {
93
93
fn drop(&mut self) {
94
94
zeroize::Zeroize::zeroize(self);
95
95
}
96
96
}
97
97
98
-
impl<S: NekoSec> AeadTranport<S> {
98
+
impl<S: NekoSec> AeadTransport<S> {
99
99
pub(crate) fn new(
100
100
key: Key<AeadNeko<S>>,
101
101
outbound: aead::Nonce<AeadNeko<S>>,
···
152
152
}
153
153
154
154
pub struct SendState<'a, S: NekoSec> {
155
-
transport: &'a AeadTranport<S>,
155
+
transport: &'a AeadTransport<S>,
156
156
counter: u64,
157
157
}
158
158
···
174
174
}
175
175
176
176
pub struct RecvState<'a, S: NekoSec> {
177
-
transport: &'a AeadTranport<S>,
177
+
transport: &'a AeadTransport<S>,
178
178
counter: u64,
179
179
}
180
180
···
213
213
let outbound = 123u128.to_ne_bytes();
214
214
let inbound = 234u128.to_ne_bytes();
215
215
216
-
let alice = AeadTranport::<Neko128>::new(
216
+
let alice = AeadTransport::<Neko128>::new(
217
217
shared_secret.into(),
218
218
outbound.into(),
219
219
inbound.into(),
220
220
Role::Sender,
221
221
);
222
-
let bob = AeadTranport::<Neko128>::new(
222
+
let bob = AeadTransport::<Neko128>::new(
223
223
shared_secret.into(),
224
224
outbound.into(),
225
225
inbound.into(),
···
286
286
let outbound = 123u128.to_ne_bytes();
287
287
let inbound = 234u128.to_ne_bytes();
288
288
289
-
let alice = AeadTranport::<Neko128>::new(
289
+
let alice = AeadTransport::<Neko128>::new(
290
290
shared_secret.into(),
291
291
outbound.into(),
292
292
inbound.into(),
293
293
Role::Sender,
294
294
);
295
-
let bob = AeadTranport::<Neko256>::new(
295
+
let bob = AeadTransport::<Neko256>::new(
296
296
shared_secret.into(),
297
297
outbound.into(),
298
298
inbound.into(),
+14
-2
wharrgarbl-neko/src/lib.rs
+14
-2
wharrgarbl-neko/src/lib.rs
···
167
167
self.position += ratchet_bytes;
168
168
}
169
169
170
+
/// Sets a provided key into the cipher state.
170
171
pub fn key(&mut self, data: &NekoKey<Sec>) {
171
172
self.begin_op(ops::KEY);
172
173
173
174
self.overwrite(data);
174
175
}
175
176
177
+
/// Absorbs a nonce value into the cipher state
176
178
pub fn nonce(&mut self, data: &NekoNonce) {
177
179
self.begin_op(ops::NONCE);
178
180
179
181
self.absorb(data);
180
182
}
181
183
182
-
/// Absorb associated data into the cipher. This should include a nonce at least,
183
-
/// along with other data coming from the app.
184
+
/// Absorb associated data into the cipher.
184
185
pub fn ad(&mut self, data: &[u8]) {
185
186
self.begin_op(ops::AD);
186
187
187
188
self.absorb(data);
188
189
}
189
190
191
+
/// Pseudo-random Function. Used to generate new keys/nonces from the
192
+
/// cipher state.
190
193
pub fn prf(&mut self, data: &mut [u8]) {
191
194
self.begin_op(ops::PRF);
192
195
···
195
198
self.squeeze(data);
196
199
}
197
200
201
+
/// Create a message authentication code (MAC). This is used to validate the resulting
202
+
/// state after ingesting/encrypting data.
198
203
pub fn create_mac(&mut self) -> NekoTag {
199
204
self.begin_op(ops::MAC);
200
205
···
207
212
tag
208
213
}
209
214
215
+
/// Validates a provided MAC. After ingesting/decrypting data, the resulting state
216
+
/// of the cipher should be the same as the sender's. The MAC validates that this
217
+
/// is correct. Any differences in length/bits/etc, should result in an invalid MAC.
210
218
pub fn verify_mac(&mut self, data: &NekoTag) -> aead::Result<()> {
211
219
self.begin_op(ops::MAC);
212
220
···
225
233
}
226
234
}
227
235
236
+
/// Takes a cleartext buffer, and encrypts it in place.
228
237
pub fn encrypt(&mut self, data: &mut [u8]) {
229
238
self.begin_op(ops::ENC);
230
239
···
233
242
self.absorb_and_set(data);
234
243
}
235
244
245
+
/// Takes a ciphertext buffer, and decrypts it in place.
236
246
pub fn decrypt(&mut self, data: &mut [u8]) {
237
247
self.begin_op(ops::ENC);
238
248
···
252
262
self.absorb(data);
253
263
}
254
264
265
+
/// Permutes and zeros a portion of the cipher state in order to provide forward secrecy.
266
+
/// The amount of bits zeroed is dependent on the cipher strength (128/256).
255
267
pub fn ratchet(&mut self) {
256
268
self.begin_op(ops::RATCHET);
257
269