Skip to content

Commit

Permalink
fix hybridized encapsulation
Browse files Browse the repository at this point in the history
  • Loading branch information
@tbrezot
tbrezot committed Feb 11, 2025
1 parent 59ec744 commit 06da809
Show file tree
Hide file tree
Showing 3 changed files with 105 additions and 76 deletions.
44 changes: 26 additions & 18 deletions examples/decrypt.rs
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,37 @@
use cosmian_cover_crypt::EncryptedHeader;
use std::{fs::File, io::Read};

const USK: &str = "AqKlPbW5wr7hZN9mSA+pAji3YhvGRS4HAoK5S2TMrsINUsIRMnwtk4O1e42r1uRqoThmyP5SWdH0tRVf1thZ/wQMAgQJAQCYiWntbXfpfAjYeg+JMceEXvcZLGSsukmojjnZATSiAgEEAQBuWr/epW3eb/0sL1kRIW1xUpK6AAkMCtxD8rPaLH8gCgEFAQE18MBlszeHsvUbW5iZkjsZV0Pi9ZrUsNlvyfa5IJVlBrYQcLzGu3/zU2zqnVcjlfS7eF6Qbf8wYodEQdyZC3EHdm7qrNA2xiTVKR3WsXkSaOZ1ezKhAX4Hp5fGMiljTCzUjXjJaJOpQ8jABlxCS6ZRSr7wu5a6TaLJPZvlMrvRcOAxtXVyF3JWxhqaHd5qWZ+ZAoIMCjzbRZBFhVTSIaZFxziGeWisGh94PWXoqEZDT3kpa6Ajo6eUNoeKNWKyXCDWyZO7Ln6FOQi6JMqDPyAXHcVrhpexHuAQrT7HsVT1k13yflXmCzt2ZCCkVHOEHz7Gf8PXcVJGj7Ihiys5S4XiYBemrDNDMMekZADBPG7BR465SUdshQuldIRgB/lFd06UTRjWQq1oQ/BjjguSdOwzm3a0n9IJEcL8dq7ixOPwyywVztuoqv/4Ams2qCC7V+98nhSVjLsplJaYpHZjEcXRSgB5tAzZTte7Ss5rdserP6Fgu+pZA8ALFOzlNpSouJ2hOVOXIPGBW/yldg7SHPCMJ9iMMCIocyQpvQ+iww6QZ+jTBQEbDUO6sfFSedyJjwTrEc8oBO7aVPYHWo+KdEPmgT9qHg6TnF5JgEMnTtzjxEDLdszRneNHrCTVGtxHaehWQaV7hz4KY/ZlDGmLZfZIk+A2GSx0N97WRe4bCdFLf2+nY6SLT1MbrE1ElzWjwLYXOltna0omGQSBgvg6DSmpZoEmpt7bDLXXoGYDL76miHaRQBKSdD6aOLiATja1HRtQGA9Bim11k1tVJpK0zDEWPFxlDCkwFflcjv1GmXkCPxmsaCGlx2midVgGNOlWW6rzjNGYGJQZsIyiS/ILt3ARbbYaTYg4gQk2GfdoC9QWY75hCO0BP2DcGswEY3UAbkzVjAoDZ0Q6xpcnoyGiBUUcq+IqP44kLWsRqnfpUoeXhm9xIxnFa9hnspnxRx5SjEiKOzFjbo4IJLulRucQtRXGBdRms1mYxTsDeOZ0L0NxbTKqLY/3Bx02BdTDwvYFj5XXqaEagtdmDJ1EIua6qFLVRq3Ab6jbkoMRqFqcJ+9oNd4kuJdipm55cfpbXG0pKD8UFymStHvVFZ7TWC+ZgqZAWMOCuJXnf/+WNXizGreDrcFYlLGDjja0nr7UqGsJgrqITTqrMlTMl0bEYgU7jSTsRiFVdcHpdBSlJs50AzlMD3FXYuQliEVlh6yrPmLAZ7qhue6wRmGpbQW7PCXJryapsn1HXeMklICmKT3Kaw4pueCoAOurz+6BgbzCg+upscCGqYQGmZspvzWQpIDTrlkppLpyXWcVXPtqIhBLcdTIC5hghiXXqQmZOLSAsB4Bom56MNGpa8thFSG7iTHVimmTYQEFSO5yQbWHX9UjqnjpfPY1b4GldwwwYFzWTfdxL9xpuYqFDUmltbxVPF6jFnE6YmyRgMnLDei7vJCHNKlVHgspkhc7f456rdTLFT3cU162UxfEDKRmCReYs+R6ekc0OoKLNj1IpdsHrfGYiw1JKfQnJcSiziBTAGlSCUs6a7DnlMshc4ODsG1Mmr+hilsGwal6cRyjySW5JJj2E6MEJ5A0AdUlw9jXXE6DhYDjpaWZC2UJwg+MjhkTi2OVseVXwkn3VVoCVPxknjVsSzIwNQH4nlxWB0p0OR8xPwIai3nKG9uYQBsgHjJKJnpBALT4DZobK/ZqAd/hVc0CZ696xyO0j24nGa5Dk5GoGUaTqelsYVp5mF6au7M4d5y4ZTk0TSkptnWqReSju2miWErls7MAQiooxY/2u7uXjYzRi+pAZqJ2U7+Aj+6RGxDVC804V9TXHiMzqCVGRi9jDDnGb1ClT9yKEmu0YDx2pxrol+SZW/pzSBiAMlwyTRJMc/jaWkoZtBXkGmv4K5Apc0tlT8UI0LTrqNS0f/HniMWsF8I5VcfSwopxRM1VFQ/btACbdoCDis2YPSP1KgvEjTuruwPEG8hiTlaEx5Ozg5iWuT6zhuKKjrWQgOQKiThTeaAsQ3L0rOR1uwO3pizYqrHFg80QubuwTrJwxolmbj2xCWQ4njhhPNKweRMaW69gi9uzRrqGgmi3smlTyKCizmzWBA/jF8n7TwQmaf8igrR1rTLzH+oqE8sMSWlzXxDgLLvIr+CGkkN0d4bpfqH4W5zyetYKECT4ZwgSEB+SryRXi1jHdJ4RejJkKKXsGGGQDI23ee2sdySsCakSby9JQSJ3fYIKTihlHE2IuAkKWLZrGwJDF59rnA5zWexQjdYGViTVD5/byxlDHZxEiaumYTDif+Csetu7iMZRd3vQGa2oj85xrhq8jh17g9ahaBSAKSTmFVjWHrWKjHnUsV8Jc+qyzVPFTbvmjqkRKjlbYf2RbscUw3dimu1QLxMaQlwSPIfrOi9Hbf77xPb8gQ9LD/KZtdY4p8Z7UlLcXVCaoO54msU5w87jL//5L4RZWFn6vG3yY/L4japmFZSwMcRXl0jCWsQSAtgouOXKmB52fGF6Li/Tr8hsg8wBunMiHqpDCc5Ck/cpjp2oFuLqXp+BqzxFcfW0K+WFPfljmwFgDmS7Pv07TtP1vsAbnV20ZDZ4d3tmtXvlgvMJYV5XdQnUgwNoVJcMD4X1z7yrtByQwu5FUrGhW5mAghdEFP7hmZZyyUwluKjmdTCcv4cVjyCiNgVst1l4tsFGbVXxgLQVz0pil+18t+m5P1GFNX0XBYeGyJnrr97SAvWhNd4jMVYVfz+AagkKDyWxzTsmKHhmKr5kaTOUDquLBzBrJ/ujgy2JAZFMrWfonbRlj216inIxvWcGLOWjaFmGeXsnrzMByE8yjcj8H3sXATcDPBg7tXG6ghITxhhCrx6xRlTnsv7cTGjrsT7WXFMwMZy6ugCRnW7ZUt4JVbFGWmN0O73BZyyhLolnOFRkq4JSrReGAwFzt5q3cPGTkqjMr4ylg3zpW3lpxoC2FfHFqbspDOikUz7Eav/zvUb7mf26zVjxlM+qVqKbtskJS9IKc8+6yWyEEqJqGczhdOJERrrjgrPaHb+kUpiihPUStHMBZk40ELKRmfVQx5SWmI5rVrFjxdCDpDP1rs3BPNu6MHKkBfajYWlWzeFggXXCiaMjyoh0d1TlzfLbSyGjng1B1H7t3sTHex2IdxPKZIPYwm6v8OcuyQ4H4bxbyuUC1Edqq8fjhQEr3QGW4oDKT3VN5jGH+CMIrYrCaEq5fOnoOuL6FngyqFCQOT8D9CHsd5XdaUo+oL/B7jbCDQIBCQEAcEBZgDzYZB4V2KXy3HanVcYt8qnMPm2jHCJnWeDJUAABAQEAmGpt0ftYSLRgeXVKrDiQDIK3hPBKi3pqXE38hfzblA8CBQkBAScxMbUYFI9+tRQ2NpZoRk4geEvZGrHLPYJsCNVWcmkL1EUkLZIAXENkaCOAirSRNvcyO+EcaaGXlRMwsvYO8He7/Il3DUGgOyOpUenERTSZtUAJkRaEKxU2HYYkOAYIuNe1BQuwbiecPKNP6np1mwp1LydjI4E1EdSm+2wqLDBb+FqJZKoS6VAtYyyoSkrIw8xyrKV/eUeVHkUj2op62YlCVqubHuICHsNmHktlfEWXHKqRc/zNYsRq66a++dk/JklhnDxhWkzHOcAM91lpu7RdJttofwWyQihehByhkRxmFjAyiMaRjjBG2LieafLEkZCaXFJG16uqVWhisQugNGU2oxxOf/Yn6+h0xySeaHVGxuLCFjWjktaGz1lrFpg5LLzMg6k67nKUHguj1+sh8VNKn4u/qhaf9wOWAGs4k/U0H2XFAE0KwfM5aqg0MndXkacTWzVQmzoy1Ro/jUGsNjplX+dU//Y70URTI3iXuwPOmdheYZaW5Tw3M9kjAuqkTwq0RYZe5WiAZqMhvisDbKLNNytewtegYuNIyRNqaBtEYjezVlcriHvEoKQR5wU5GbOMFOx8hlgzD8cS+ZAlNyxChWWmIKRJmfFTgjs072gAWVWZ2iheroaY0SgcXDquffIo4zxDE+NNRBKuffuUodSEwZlnO6h6ELcDYdK2AWzCE6c0Q1sxuuZGHHd2rxNi0lQF19GNbzZgSdSamCOklhMhi2hcFbiWjIsO2HScE+yRvYouFNkCzgeFeXsf3jphe4QhMmBw4pt5D/bExvIQj5R37WXJJ0a+CmRozhTEMhqJJ8Z1yieFHiDHgZVDHQa1daKzRhhVCOuFwQSHBXGHe0FX8xAPx4BShjpsy9OjLahv+Tg7O0I37oaSBVifFSHDFoKipsuCYkxjGrULPxFRj/DF3Aam3aOSWLo5OtBFuXqUIVQZNvakZFkgz2xhDDMxmjEADoFFmDWLEoo4hEkv5rUc34OrCLxIswq7c+aBGryfxlfDdvzDEsC21qiSmRweR0u/CzJND0xApeKeMYrKXJp02ZKpaOgLhDXNUqR18WKmcyA8NlYCozho9qkHuOegBamtsTgCmkDL73JX5EJT+1QDiwI/vHFrrrdFq6JwEli5Crtqq9SncuTMgjfBlKgSOca2iAh9ZRYDCNWa9wm2z+pz63cqERaxR+NX46whR6dftRg5LVvEC5qOttccjhJe9fat9ppPVuPJXxs/SycXqUYkhkB00vh4YomzAwedoplVT2RPSBWE4HNZHzB6wNVtrwtJoWFN17F1rwkT9Ax40hGSjjUG6uci1EKEmnIEndc2cIbDq3HK/fwIC8s5qSsAPykU1EYiTaSIfxVz0xw/snaHslqvKseI87QxSaespzWcFBNVy3hSLLC0pubLs+YuCMUvUFq4nEPDTcaXwWqbbTe1jUNiU/N457VBFMyR65Ky2cQhsDyeuDTKLmqwClQ37PbFFae9nQCb9WEDdWk5oSRhZYHDzbqtrDJTtlZVjrhlA6NBLOIBHgBeZ7OG5GloQaqk8ZcCaLfMGEREsOg1NeCV/jETa0LOPSVSu7sS4jjMxRUETAM+gqYYEapBK1GCJBmYAgTJ9PVRj9DJa6BE8fEdPqqfUEgeRpO2NTONsJpsFIIhKbQ++fTHKEw9z8On9ppK0TS7ZiJQE2V94xCUZwG6tdls3gwuRxMmyaQ2WVuUHWdsuoW20wmmumZIQhAtsJCaEgRP/koRK7CkalE1+HRihci8azgwi8SyBClXcnyeeENTNsdKHhWNTjxBM6MnF0Qb0VRuDKsEWANvCaaqf9YnFvU5/3iWzdyP/kwKG7I1oKWvrnMbWzsZsxgMRsZe1DOvi5d+wAIanAsymhQV6Kyi4LNHP+pkhzFqCtkslwkfWXqXuZRgSKPM1IcW6sNULfKaj+HKV+QkpwASY4jC5+DMUee5A0ia0IiCQ/kRkCeKf3k8OuMY3zIytFgzLTZ2RgNfmoXEjjh17JA6/vN35pM0GCSXxCXKBXKh39eeTXm6GIA9gFsfcPtcFvyQofpTqksK1ka12wl6nUIN5syJcZWhJCWYHpyq5YgJ/xOXGyYt8owVSuoFKPkSoZkiasJJ4iuJ2DvJKPm6eEgiMTSpCvd1ePsxoAadu3QHXSYeyvpIUSZQWhaLUTsngfy95gEXw9hd4BdDQ8N8MvW0XKcMLgGaPHun2qpoGUocgQNFOOeLrXA9jghXQ9yUQcTECdodJHRI09RGG7XAu6RWeNdUuwlMLtOG0NrJ3RFzPFBKmpnEyKg9yax9nYamTCEm0lQxr1u2bEpQrZsG5CMEsURY7CdLB2CTCJE/iWkHBDvN33BI28UOpgWEWVVQAKEihIRBHeM04purKqq6/IqzRDSxOLE4m+Vx+wRsO0NjALjJaQykMOdCMWGwVTOpxqihLFa2aEZg3vF+0qhKGCRACdMasldLJnaFs7U9KoK3PPDNSmVazbRYhrRcYmnAP6eVXehSk+vIQfm50/YEHesPqBR6FRarbhwBEzZNVAgsQtRP38iH4bqQbAlj5Es04iI/2drMQFV8mxrGMDN2EMdTZNkzuKWqNGIs7+ePkTKT6LERGMZxBjKOfDwNa5JaXJJKelCEF2p0FbfPMpCjaAkm5XYcAZUybodAokGrtBsBgXay6tzBDWaJlYdp/IdYsCyNMAodg7HLf5rEgAwSK8G0TziyEsGbIVMlQ6hueJeg0FhJJFPMnuIgGaDDDSMwhIsXDiERCSyqwqFYWiXK9HwNURZv3zuXn7DCMpphQyxnpbKA3QC6BlckafERLINxpauPVPZCZkGK77wJYnoQI1okFWYoOHgur/qOWhOvJTWAwbsTMEetkyMshGVpGpU7+BqqI/GKfCmlfgYtLCJ6QRsYLrohOLO3+9sP66kuSSNsptx9+PuBlQEJwnQs34kqguOKPQQSoNofhmikIVUd4GHKqykmlfihiYGTiSxQlgMzzqsuE4VGT7DGjVERniXPVqFN1PQPROAWxvePjmFf0ulufBoSqDZ2uKV+VMkhDzGdcKAeE+Wr6MYYJrspU+Yd4lzOoYpVDBCF7jaFJqk0Djes+iwIsKBnv6OB4RVXc/ViGUh5jGcyqA1yie5YlUHugQJD5eVTuHXpPJf5pUzT6b6XwZiXFXTqZW+4wKLyUpdt6gpZwS9F3f1Lw3FWXYCLkVxHotQujpw9B3vaMJuP9EgVDQ6byvJ88aygQvzE/uEhRu5+ijZNAQIBAMM3XzlwJTi8kXJA/7MTFAqtvL9k2mFLbM8KaCCW41oEAQkBAHmVm8+HWnsPe27dGVA7o+irD2uLWacKmbVIR3BM+KMNAQMBAOFiKA8IjyBvio2y20OO5VIzGQ4PCIAZ49wQlm3YUtsIAgIJAQBloqG8YSadZOuFtYnakRr9CC86+EgFwEyLfPCloezqBQIDCQEAyUVwj0MkWJYZG9Weja3vkiRIdOMJ2a/FuJZ0PK/OXQ0AAQB2yikxgct8K9BCr65zq+odoXuK0KC2G91/z4gjFu1yAVRk2CHZOTCOhthtJH/zNaWLSKeFEqcpr3eEmxSQb1Ro";

const HEADER: &str = "/m73Gzm5LhMZmNEpFubAuQJUu3QzyOH1fJCrJynNWprMuzGViQ1nlE6v111VBxt8cnpYD8oR1TAHUBBFm2f0Tpz11KNRhs1KeNLW8Pjs4c9bAQH8CAAVK0PKJXcjuDokdVD1WBYkCZEEXmG508jhFJT7UJ/PiggCLI+hcubhLo+9PVQPCSpkYBmoQQNpDhsKMnRku3NyGnQJHF/3du5LOB5me5ln9BphUiIAWVg6u6UMnD5+TqzLzxqGM85cbh4GloEs/0DvlHv2Uy1GLo51JnvUIysh7TiShikYfE5EH3FQWSJIdrZLhmbUKW3Np47AEfFgNXfu3FWlgbrzbkfnRN7HHBXWJIwlzp+A1xstcO7zHzs0AzwJ8hlk2O111uDW3ppQguKHfwIg1v1LtFxA4pB0SQ207e18yrd91KKIBpSywOgbc9zDKXxD+BA3MFj1xjvlRqzkQCYwrAP4RDYkzZ2V0z8Xwmbkl6jabI6jTKyYlU3s1ZLxxemKxWChWb0VYb4v9l8GAXlO0V+iSplwVFZOOsrWiCFwd521TSQwTVBNnDQJcz0bX9wPrK8HiOKZyVZB8RfPWbH7PhY+2yrvn+QF+GZRKckXU34kJgZBZ9nn3leRo1buvg/RGPw9vMmueLnhmfJhVTSDLnlQ7v+jIHMR3mxsW7SJ7e5YWITkSb3VqFyzdSINc39FzRxNbEXuSkpyqD9DV2LVXmUlVJwmGjiUCB+z/K9j2d0i1SFRLAjG3J3gQl68lexn0WJF47dK9l9PyuCYWa1vmY2+SZW5oJq/fkbX1FUuWcGgtFWoHHCR89e7m2eD20kwVmirjaGgIIwifXXNjrGckoDT82TZTBidnqIZFy1nF4CztBJMrjhPa1a2j2bSJWpS/qjmuUJrkFs7gozNm/cvJfIoek994AwGy9t9Z1WcpL90k9CCdzSpxoaOeV3747SzMUN7fbCfeGg/LqxmBjTViTFEpAWCz50vYqS48nutf4wxcilvFxtvJD6/iH/7dh1x48Q6E/DZ8bAQWml4Usd/g/cu3WR327H5qxazUL28vGDZGi/S4hBtvs6rhk+utZXgbwsHe1/+d4Bdv+PjZkRpgl4tOJl5wtgdgmIQNbZZfegIs51NKF9+OzxasbMoJ9ZY674juZrIwuPafGE63oRldT+v5A8HAMSsO8O+5awKekyoHXooPlD/e0rfw/c0tGHprGNNM0fh1VThll7ZhYfvZlH0sAFxqTlln2xnx3Uw4s6g25iJRs8m7NC4rbWo93fNki+7Fo615YLFvcH4dlVay3705nTjnqbwhxsnYczWpSWtey/1VmPmUxWFxUXfya73Rc242ZbSZzmD2GLAeAHY7QYhQJZzbV6/iC+f+c8hqbE0F1K1xG8UMoA/sXPnfHHZfEMSEcTpR5x6tX4UdB3kfGDM9L0cVkX6b2uvt20C3LHCvVQYn/Fi7iSzRS64tRIqHnk88Sj+9b0/uFigpTh6fjcgRfLr1Ys58qhl/BoBx4JyvGpDKcjGHVBnHcXAY+RguQHUTabqdOBXSKK49ZzSRlTSPdKjYOSqTAY5kfjwYzwMh9HiFdnyV3mXYYukDUjB/3XQO6JPgYsF8oVsnEuzKX6kGw/FN0apflTfQcVOx9wgxge3A10fAA==";
use cosmian_cover_crypt::{traits::PkeAc, XEnc};
use cosmian_crypto_core::{bytes_ser_de::Deserializer, Aes256Gcm};

fn main() {
use base64::{
alphabet::STANDARD,
engine::{GeneralPurpose, GeneralPurposeConfig},
Engine,
};
use cosmian_cover_crypt::api::Covercrypt;
use cosmian_cover_crypt::UserSecretKey;
use cosmian_crypto_core::bytes_ser_de::Serializable;

let config: GeneralPurposeConfig = GeneralPurposeConfig::default();
let transcoder: GeneralPurpose = GeneralPurpose::new(&STANDARD, config);

let cc = Covercrypt::default();
let usk = UserSecretKey::deserialize(&transcoder.decode(USK.as_bytes()).unwrap()).unwrap();
let encrypted_header =
EncryptedHeader::deserialize(&transcoder.decode(HEADER.as_bytes()).unwrap()).unwrap();
for _ in 0..100 {
encrypted_header
.decrypt(&cc, &usk, None)

let usk = UserSecretKey::deserialize(&{
let mut bytes = Vec::new();
File::open("usk.txt")
.unwrap()
.read_to_end(&mut bytes)
.unwrap();
bytes
})
.unwrap();

let ctx = {
let mut bytes = Vec::new();
File::open("ctx.txt")
.unwrap()
.read_to_end(&mut bytes)
.unwrap();
let mut de = Deserializer::new(&bytes);
(de.read::<XEnc>().unwrap(), de.read_vec().unwrap())
};

for _ in 0..1_000_000 {
PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::decrypt(&cc, &usk, &ctx)
.expect("cannot decrypt hybrid header");
}
}
98 changes: 66 additions & 32 deletions examples/encrypt.rs
View file
Original file line number Diff line number Diff line change
@@ -1,51 +1,85 @@
use std::{
fs::File,
io::{Read, Write},
};

use cosmian_cover_crypt::{
api::Covercrypt, AccessPolicy, EncryptedHeader, MasterPublicKey, MasterSecretKey,
api::Covercrypt, cc_keygen, traits::PkeAc, AccessPolicy, MasterPublicKey, MasterSecretKey,
UserSecretKey, XEnc,
};
use cosmian_crypto_core::{
bytes_ser_de::{Deserializer, Serializable, Serializer},
Aes256Gcm,
};

/// Generates a new USK and encrypted header and prints them.
fn generate_new(cc: &Covercrypt, _msk: &mut MasterSecretKey, mpk: &MasterPublicKey) {
let access_policy =
AccessPolicy::parse("Department::FIN && Security Level::Top Secret").unwrap();
fn generate_new(cc: &Covercrypt, msk: &mut MasterSecretKey, mpk: &MasterPublicKey) {
let ap = AccessPolicy::parse("DPT::FIN && SEC::TOP").unwrap();

let (_, _header) = EncryptedHeader::generate(cc, mpk, &access_policy, None, None)
.expect("cannot encrypt header");
let usk = cc.generate_user_secret_key(msk, &ap).unwrap();
let ctx = PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::encrypt(cc, mpk, &ap, b"gotcha")
.expect("cannot encrypt!");

// Ensure decryption is OK
PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::decrypt(cc, &usk, &ctx).unwrap();

{
use base64::{
alphabet::STANDARD,
engine::{GeneralPurpose, GeneralPurposeConfig},
Engine,
File::create("./usk.txt")
.unwrap()
.write_all(&usk.serialize().unwrap())
.unwrap();

let usk = UserSecretKey::deserialize(&{
let mut bytes = Vec::new();
File::open("usk.txt")
.unwrap()
.read_to_end(&mut bytes)
.unwrap();
bytes
})
.unwrap();

// Ensure decryption is OK
PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::decrypt(cc, &usk, &ctx).unwrap();

File::create("./ctx.txt")
.unwrap()
.write_all(&{
let mut ser = Serializer::new();
ser.write(&ctx.0).unwrap();
ser.write_vec(&ctx.1).unwrap();
ser.finalize()
})
.unwrap();

let ctx = {
let mut bytes = Vec::new();
File::open("ctx.txt")
.unwrap()
.read_to_end(&mut bytes)
.unwrap();
let mut de = Deserializer::new(&bytes);
(de.read::<XEnc>().unwrap(), de.read_vec().unwrap())
};

use cosmian_crypto_core::bytes_ser_de::Serializable;
let config: GeneralPurposeConfig = GeneralPurposeConfig::default();
let transcoder: GeneralPurpose = GeneralPurpose::new(&STANDARD, config);
println!(
"USK = {}",
transcoder.encode(
cc.generate_user_secret_key(_msk, &access_policy)
.unwrap()
.serialize()
.unwrap()
)
);
println!(
"header = {}",
transcoder.encode(_header.serialize().unwrap())
);
// Ensure decryption is OK
PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::decrypt(cc, &usk, &ctx).unwrap();
}
}

fn main() {
let ap = AccessPolicy::parse("Department::FIN && Security Level::Top Secret").unwrap();

let ap = AccessPolicy::parse("DPT::FIN && SEC::TOP").unwrap();
let cc = Covercrypt::default();
let (mut msk, mpk) = cc.setup().expect("cannot generate master keys");
let (mut _msk, mpk) = cc_keygen(&cc, false).unwrap();

// Un-comment this line to generate new usk.txt and ctx.txt files.
//
// generate_new(&cc, &mut _msk, &mpk);

generate_new(&cc, &mut msk, &mpk);
let ptx = "testing encryption/decryption".as_bytes();

// Encrypt header, use loop to increase its wight in the flame graph.
for _ in 0..100 {
EncryptedHeader::generate(&cc, &mpk, &ap, None, None).expect("cannot encrypt header");
PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::encrypt(&cc, &mpk, &ap, ptx)
.expect("cannot encrypt!");
}
}
39 changes: 13 additions & 26 deletions src/core/primitives.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,12 +191,13 @@ fn h_encaps(
subkeys: &[&RightPublicKey],
rng: &mut impl CryptoRngCore,
) -> Result<(Secret<SHARED_SECRET_LENGTH>, XEnc), Error> {
let pq_encs = subkeys
let encs = subkeys
.iter()
.map(|subkey| match subkey {
RightPublicKey::Hybridized { H: _, ek } => {
RightPublicKey::Hybridized { H, ek } => {
let K1 = R25519::session_key(&r, H)?;
let (K2, E) = MlKem512::enc(ek, rng)?;
Ok((K2, E))
Ok((K1, K2, E))
}
RightPublicKey::Classic { .. } => {
Err(Error::Kem("all subkeys should be hybridized".to_string()))
Expand All @@ -209,24 +210,15 @@ fn h_encaps(
let T = {
let mut T = Shake::v256();
c.iter().for_each(|ck| T.update(&ck.to_bytes()));
pq_encs.iter().try_fold(T, |mut T, (E, _)| {
encs.iter().try_fold(T, |mut T, (_, _, E)| {
T.update(&E.serialize()?);
Ok::<_, Error>(T)
})?
};

let encs = subkeys
.iter()
.zip(pq_encs)
.map(|(subkey, (K2, E))| -> Result<_, _> {
println!("key: {:?}", subkey);
let H = match subkey {
RightPublicKey::Hybridized { H, ek: _ } => Ok(H),
RightPublicKey::Classic { .. } => {
Err(Error::Kem("all subkeys should be hybridized".to_string()))
}
}?;
let mut K1 = R25519::session_key(&r, H)?;
let encs = encs
.into_iter()
.map(|(mut K1, K2, E)| -> Result<_, _> {
let F = xor_2(&S, &H_hash(T.clone(), &K1, Some(&K2)));
K1.zeroize();
Ok((E, F))
Expand Down Expand Up @@ -307,18 +299,17 @@ pub fn encaps(
) -> Result<(Secret<SHARED_SECRET_LENGTH>, XEnc), Error> {
let (is_hybridized, mut coordinate_keys) = mpk.select_subkeys(encryption_set)?;

let S = Secret::<SHARED_SECRET_LENGTH>::random(rng);
let r = G_hash(&S)?;
let c = mpk.set_traps(&r);

// Shuffling must be performed *before* generating the encapsulations since
// rights are hashed in-order. If shuffling is performed after generating
// the encapsulations, there would be no way to know in which order to
// perform hashing upon decapsulation.
shuffle(&mut coordinate_keys, rng);

let S = Secret::<SHARED_SECRET_LENGTH>::random(rng);
let r = G_hash(&S)?;
let c = mpk.set_traps(&r);

if is_hybridized {
println!("Hybridized encapsulation");
h_encaps(S, c, r, &coordinate_keys, rng)
} else {
c_encaps(S, c, r, coordinate_keys)
Expand Down Expand Up @@ -350,20 +341,16 @@ fn h_decaps(
// The breadth-first search tries all coordinate subkeys in a chronological
// order.
for secret in usk.secrets.bfs() {
println!("Try");
if let RightSecretKey::Hybridized { sk, dk } = secret {
println!("with key");
let mut K1 = R25519::session_key(sk, A)?;
let K2 = MlKem512::dec(dk, E)?;
let S_ij = xor_in_place(H_hash(T.clone(), &K1, Some(&K2)), F);
let (tag_ij, ss) = J_hash(J.clone(), &S_ij);
if tag == &tag_ij {
println!("HERE");
// Fujisaki-Okamoto
let r = G_hash(&S_ij)?;
let c_ij = usk.set_traps(&r);
if c == &c_ij {
println!("THERE");
if c == c_ij {
K1.zeroize();
return Ok(Some(ss));
}
Expand Down

0 comments on commit 06da809

Please sign in to comment.