From 06da809bb52dffcdbbeaaa3595954bd3445b432e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20BR=C3=89ZOT?= Date: Tue, 11 Feb 2025 09:35:21 +0100 Subject: [PATCH] fix hybridized encapsulation --- examples/decrypt.rs | 44 +++++++++++-------- examples/encrypt.rs | 98 ++++++++++++++++++++++++++++-------------- src/core/primitives.rs | 39 ++++++----------- 3 files changed, 105 insertions(+), 76 deletions(-) diff --git a/examples/decrypt.rs b/examples/decrypt.rs index 5c74dd83..ee3056f4 100644 --- a/examples/decrypt.rs +++ b/examples/decrypt.rs @@ -1,29 +1,37 @@ -use cosmian_cover_crypt::EncryptedHeader; +use std::{fs::File, io::Read}; -const USK: &str = "AqKlPbW5wr7hZN9mSA+pAji3YhvGRS4HAoK5S2TMrsINUsIRMnwtk4O1e42r1uRqoThmyP5SWdH0tRVf1thZ/wQMAgQJAQCYiWntbXfpfAjYeg+JMceEXvcZLGSsukmojjnZATSiAgEEAQBuWr/epW3eb/0sL1kRIW1xUpK6AAkMCtxD8rPaLH8gCgEFAQE18MBlszeHsvUbW5iZkjsZV0Pi9ZrUsNlvyfa5IJVlBrYQcLzGu3/zU2zqnVcjlfS7eF6Qbf8wYodEQdyZC3EHdm7qrNA2xiTVKR3WsXkSaOZ1ezKhAX4Hp5fGMiljTCzUjXjJaJOpQ8jABlxCS6ZRSr7wu5a6TaLJPZvlMrvRcOAxtXVyF3JWxhqaHd5qWZ+ZAoIMCjzbRZBFhVTSIaZFxziGeWisGh94PWXoqEZDT3kpa6Ajo6eUNoeKNWKyXCDWyZO7Ln6FOQi6JMqDPyAXHcVrhpexHuAQrT7HsVT1k13yflXmCzt2ZCCkVHOEHz7Gf8PXcVJGj7Ihiys5S4XiYBemrDNDMMekZADBPG7BR465SUdshQuldIRgB/lFd06UTRjWQq1oQ/BjjguSdOwzm3a0n9IJEcL8dq7ixOPwyywVztuoqv/4Ams2qCC7V+98nhSVjLsplJaYpHZjEcXRSgB5tAzZTte7Ss5rdserP6Fgu+pZA8ALFOzlNpSouJ2hOVOXIPGBW/yldg7SHPCMJ9iMMCIocyQpvQ+iww6QZ+jTBQEbDUO6sfFSedyJjwTrEc8oBO7aVPYHWo+KdEPmgT9qHg6TnF5JgEMnTtzjxEDLdszRneNHrCTVGtxHaehWQaV7hz4KY/ZlDGmLZfZIk+A2GSx0N97WRe4bCdFLf2+nY6SLT1MbrE1ElzWjwLYXOltna0omGQSBgvg6DSmpZoEmpt7bDLXXoGYDL76miHaRQBKSdD6aOLiATja1HRtQGA9Bim11k1tVJpK0zDEWPFxlDCkwFflcjv1GmXkCPxmsaCGlx2midVgGNOlWW6rzjNGYGJQZsIyiS/ILt3ARbbYaTYg4gQk2GfdoC9QWY75hCO0BP2DcGswEY3UAbkzVjAoDZ0Q6xpcnoyGiBUUcq+IqP44kLWsRqnfpUoeXhm9xIxnFa9hnspnxRx5SjEiKOzFjbo4IJLulRucQtRXGBdRms1mYxTsDeOZ0L0NxbTKqLY/3Bx02BdTDwvYFj5XXqaEagtdmDJ1EIua6qFLVRq3Ab6jbkoMRqFqcJ+9oNd4kuJdipm55cfpbXG0pKD8UFymStHvVFZ7TWC+ZgqZAWMOCuJXnf/+WNXizGreDrcFYlLGDjja0nr7UqGsJgrqITTqrMlTMl0bEYgU7jSTsRiFVdcHpdBSlJs50AzlMD3FXYuQliEVlh6yrPmLAZ7qhue6wRmGpbQW7PCXJryapsn1HXeMklICmKT3Kaw4pueCoAOurz+6BgbzCg+upscCGqYQGmZspvzWQpIDTrlkppLpyXWcVXPtqIhBLcdTIC5hghiXXqQmZOLSAsB4Bom56MNGpa8thFSG7iTHVimmTYQEFSO5yQbWHX9UjqnjpfPY1b4GldwwwYFzWTfdxL9xpuYqFDUmltbxVPF6jFnE6YmyRgMnLDei7vJCHNKlVHgspkhc7f456rdTLFT3cU162UxfEDKRmCReYs+R6ekc0OoKLNj1IpdsHrfGYiw1JKfQnJcSiziBTAGlSCUs6a7DnlMshc4ODsG1Mmr+hilsGwal6cRyjySW5JJj2E6MEJ5A0AdUlw9jXXE6DhYDjpaWZC2UJwg+MjhkTi2OVseVXwkn3VVoCVPxknjVsSzIwNQH4nlxWB0p0OR8xPwIai3nKG9uYQBsgHjJKJnpBALT4DZobK/ZqAd/hVc0CZ696xyO0j24nGa5Dk5GoGUaTqelsYVp5mF6au7M4d5y4ZTk0TSkptnWqReSju2miWErls7MAQiooxY/2u7uXjYzRi+pAZqJ2U7+Aj+6RGxDVC804V9TXHiMzqCVGRi9jDDnGb1ClT9yKEmu0YDx2pxrol+SZW/pzSBiAMlwyTRJMc/jaWkoZtBXkGmv4K5Apc0tlT8UI0LTrqNS0f/HniMWsF8I5VcfSwopxRM1VFQ/btACbdoCDis2YPSP1KgvEjTuruwPEG8hiTlaEx5Ozg5iWuT6zhuKKjrWQgOQKiThTeaAsQ3L0rOR1uwO3pizYqrHFg80QubuwTrJwxolmbj2xCWQ4njhhPNKweRMaW69gi9uzRrqGgmi3smlTyKCizmzWBA/jF8n7TwQmaf8igrR1rTLzH+oqE8sMSWlzXxDgLLvIr+CGkkN0d4bpfqH4W5zyetYKECT4ZwgSEB+SryRXi1jHdJ4RejJkKKXsGGGQDI23ee2sdySsCakSby9JQSJ3fYIKTihlHE2IuAkKWLZrGwJDF59rnA5zWexQjdYGViTVD5/byxlDHZxEiaumYTDif+Csetu7iMZRd3vQGa2oj85xrhq8jh17g9ahaBSAKSTmFVjWHrWKjHnUsV8Jc+qyzVPFTbvmjqkRKjlbYf2RbscUw3dimu1QLxMaQlwSPIfrOi9Hbf77xPb8gQ9LD/KZtdY4p8Z7UlLcXVCaoO54msU5w87jL//5L4RZWFn6vG3yY/L4japmFZSwMcRXl0jCWsQSAtgouOXKmB52fGF6Li/Tr8hsg8wBunMiHqpDCc5Ck/cpjp2oFuLqXp+BqzxFcfW0K+WFPfljmwFgDmS7Pv07TtP1vsAbnV20ZDZ4d3tmtXvlgvMJYV5XdQnUgwNoVJcMD4X1z7yrtByQwu5FUrGhW5mAghdEFP7hmZZyyUwluKjmdTCcv4cVjyCiNgVst1l4tsFGbVXxgLQVz0pil+18t+m5P1GFNX0XBYeGyJnrr97SAvWhNd4jMVYVfz+AagkKDyWxzTsmKHhmKr5kaTOUDquLBzBrJ/ujgy2JAZFMrWfonbRlj216inIxvWcGLOWjaFmGeXsnrzMByE8yjcj8H3sXATcDPBg7tXG6ghITxhhCrx6xRlTnsv7cTGjrsT7WXFMwMZy6ugCRnW7ZUt4JVbFGWmN0O73BZyyhLolnOFRkq4JSrReGAwFzt5q3cPGTkqjMr4ylg3zpW3lpxoC2FfHFqbspDOikUz7Eav/zvUb7mf26zVjxlM+qVqKbtskJS9IKc8+6yWyEEqJqGczhdOJERrrjgrPaHb+kUpiihPUStHMBZk40ELKRmfVQx5SWmI5rVrFjxdCDpDP1rs3BPNu6MHKkBfajYWlWzeFggXXCiaMjyoh0d1TlzfLbSyGjng1B1H7t3sTHex2IdxPKZIPYwm6v8OcuyQ4H4bxbyuUC1Edqq8fjhQEr3QGW4oDKT3VN5jGH+CMIrYrCaEq5fOnoOuL6FngyqFCQOT8D9CHsd5XdaUo+oL/B7jbCDQIBCQEAcEBZgDzYZB4V2KXy3HanVcYt8qnMPm2jHCJnWeDJUAABAQEAmGpt0ftYSLRgeXVKrDiQDIK3hPBKi3pqXE38hfzblA8CBQkBAScxMbUYFI9+tRQ2NpZoRk4geEvZGrHLPYJsCNVWcmkL1EUkLZIAXENkaCOAirSRNvcyO+EcaaGXlRMwsvYO8He7/Il3DUGgOyOpUenERTSZtUAJkRaEKxU2HYYkOAYIuNe1BQuwbiecPKNP6np1mwp1LydjI4E1EdSm+2wqLDBb+FqJZKoS6VAtYyyoSkrIw8xyrKV/eUeVHkUj2op62YlCVqubHuICHsNmHktlfEWXHKqRc/zNYsRq66a++dk/JklhnDxhWkzHOcAM91lpu7RdJttofwWyQihehByhkRxmFjAyiMaRjjBG2LieafLEkZCaXFJG16uqVWhisQugNGU2oxxOf/Yn6+h0xySeaHVGxuLCFjWjktaGz1lrFpg5LLzMg6k67nKUHguj1+sh8VNKn4u/qhaf9wOWAGs4k/U0H2XFAE0KwfM5aqg0MndXkacTWzVQmzoy1Ro/jUGsNjplX+dU//Y70URTI3iXuwPOmdheYZaW5Tw3M9kjAuqkTwq0RYZe5WiAZqMhvisDbKLNNytewtegYuNIyRNqaBtEYjezVlcriHvEoKQR5wU5GbOMFOx8hlgzD8cS+ZAlNyxChWWmIKRJmfFTgjs072gAWVWZ2iheroaY0SgcXDquffIo4zxDE+NNRBKuffuUodSEwZlnO6h6ELcDYdK2AWzCE6c0Q1sxuuZGHHd2rxNi0lQF19GNbzZgSdSamCOklhMhi2hcFbiWjIsO2HScE+yRvYouFNkCzgeFeXsf3jphe4QhMmBw4pt5D/bExvIQj5R37WXJJ0a+CmRozhTEMhqJJ8Z1yieFHiDHgZVDHQa1daKzRhhVCOuFwQSHBXGHe0FX8xAPx4BShjpsy9OjLahv+Tg7O0I37oaSBVifFSHDFoKipsuCYkxjGrULPxFRj/DF3Aam3aOSWLo5OtBFuXqUIVQZNvakZFkgz2xhDDMxmjEADoFFmDWLEoo4hEkv5rUc34OrCLxIswq7c+aBGryfxlfDdvzDEsC21qiSmRweR0u/CzJND0xApeKeMYrKXJp02ZKpaOgLhDXNUqR18WKmcyA8NlYCozho9qkHuOegBamtsTgCmkDL73JX5EJT+1QDiwI/vHFrrrdFq6JwEli5Crtqq9SncuTMgjfBlKgSOca2iAh9ZRYDCNWa9wm2z+pz63cqERaxR+NX46whR6dftRg5LVvEC5qOttccjhJe9fat9ppPVuPJXxs/SycXqUYkhkB00vh4YomzAwedoplVT2RPSBWE4HNZHzB6wNVtrwtJoWFN17F1rwkT9Ax40hGSjjUG6uci1EKEmnIEndc2cIbDq3HK/fwIC8s5qSsAPykU1EYiTaSIfxVz0xw/snaHslqvKseI87QxSaespzWcFBNVy3hSLLC0pubLs+YuCMUvUFq4nEPDTcaXwWqbbTe1jUNiU/N457VBFMyR65Ky2cQhsDyeuDTKLmqwClQ37PbFFae9nQCb9WEDdWk5oSRhZYHDzbqtrDJTtlZVjrhlA6NBLOIBHgBeZ7OG5GloQaqk8ZcCaLfMGEREsOg1NeCV/jETa0LOPSVSu7sS4jjMxRUETAM+gqYYEapBK1GCJBmYAgTJ9PVRj9DJa6BE8fEdPqqfUEgeRpO2NTONsJpsFIIhKbQ++fTHKEw9z8On9ppK0TS7ZiJQE2V94xCUZwG6tdls3gwuRxMmyaQ2WVuUHWdsuoW20wmmumZIQhAtsJCaEgRP/koRK7CkalE1+HRihci8azgwi8SyBClXcnyeeENTNsdKHhWNTjxBM6MnF0Qb0VRuDKsEWANvCaaqf9YnFvU5/3iWzdyP/kwKG7I1oKWvrnMbWzsZsxgMRsZe1DOvi5d+wAIanAsymhQV6Kyi4LNHP+pkhzFqCtkslwkfWXqXuZRgSKPM1IcW6sNULfKaj+HKV+QkpwASY4jC5+DMUee5A0ia0IiCQ/kRkCeKf3k8OuMY3zIytFgzLTZ2RgNfmoXEjjh17JA6/vN35pM0GCSXxCXKBXKh39eeTXm6GIA9gFsfcPtcFvyQofpTqksK1ka12wl6nUIN5syJcZWhJCWYHpyq5YgJ/xOXGyYt8owVSuoFKPkSoZkiasJJ4iuJ2DvJKPm6eEgiMTSpCvd1ePsxoAadu3QHXSYeyvpIUSZQWhaLUTsngfy95gEXw9hd4BdDQ8N8MvW0XKcMLgGaPHun2qpoGUocgQNFOOeLrXA9jghXQ9yUQcTECdodJHRI09RGG7XAu6RWeNdUuwlMLtOG0NrJ3RFzPFBKmpnEyKg9yax9nYamTCEm0lQxr1u2bEpQrZsG5CMEsURY7CdLB2CTCJE/iWkHBDvN33BI28UOpgWEWVVQAKEihIRBHeM04purKqq6/IqzRDSxOLE4m+Vx+wRsO0NjALjJaQykMOdCMWGwVTOpxqihLFa2aEZg3vF+0qhKGCRACdMasldLJnaFs7U9KoK3PPDNSmVazbRYhrRcYmnAP6eVXehSk+vIQfm50/YEHesPqBR6FRarbhwBEzZNVAgsQtRP38iH4bqQbAlj5Es04iI/2drMQFV8mxrGMDN2EMdTZNkzuKWqNGIs7+ePkTKT6LERGMZxBjKOfDwNa5JaXJJKelCEF2p0FbfPMpCjaAkm5XYcAZUybodAokGrtBsBgXay6tzBDWaJlYdp/IdYsCyNMAodg7HLf5rEgAwSK8G0TziyEsGbIVMlQ6hueJeg0FhJJFPMnuIgGaDDDSMwhIsXDiERCSyqwqFYWiXK9HwNURZv3zuXn7DCMpphQyxnpbKA3QC6BlckafERLINxpauPVPZCZkGK77wJYnoQI1okFWYoOHgur/qOWhOvJTWAwbsTMEetkyMshGVpGpU7+BqqI/GKfCmlfgYtLCJ6QRsYLrohOLO3+9sP66kuSSNsptx9+PuBlQEJwnQs34kqguOKPQQSoNofhmikIVUd4GHKqykmlfihiYGTiSxQlgMzzqsuE4VGT7DGjVERniXPVqFN1PQPROAWxvePjmFf0ulufBoSqDZ2uKV+VMkhDzGdcKAeE+Wr6MYYJrspU+Yd4lzOoYpVDBCF7jaFJqk0Djes+iwIsKBnv6OB4RVXc/ViGUh5jGcyqA1yie5YlUHugQJD5eVTuHXpPJf5pUzT6b6XwZiXFXTqZW+4wKLyUpdt6gpZwS9F3f1Lw3FWXYCLkVxHotQujpw9B3vaMJuP9EgVDQ6byvJ88aygQvzE/uEhRu5+ijZNAQIBAMM3XzlwJTi8kXJA/7MTFAqtvL9k2mFLbM8KaCCW41oEAQkBAHmVm8+HWnsPe27dGVA7o+irD2uLWacKmbVIR3BM+KMNAQMBAOFiKA8IjyBvio2y20OO5VIzGQ4PCIAZ49wQlm3YUtsIAgIJAQBloqG8YSadZOuFtYnakRr9CC86+EgFwEyLfPCloezqBQIDCQEAyUVwj0MkWJYZG9Weja3vkiRIdOMJ2a/FuJZ0PK/OXQ0AAQB2yikxgct8K9BCr65zq+odoXuK0KC2G91/z4gjFu1yAVRk2CHZOTCOhthtJH/zNaWLSKeFEqcpr3eEmxSQb1Ro"; - -const HEADER: &str = "/m73Gzm5LhMZmNEpFubAuQJUu3QzyOH1fJCrJynNWprMuzGViQ1nlE6v111VBxt8cnpYD8oR1TAHUBBFm2f0Tpz11KNRhs1KeNLW8Pjs4c9bAQH8CAAVK0PKJXcjuDokdVD1WBYkCZEEXmG508jhFJT7UJ/PiggCLI+hcubhLo+9PVQPCSpkYBmoQQNpDhsKMnRku3NyGnQJHF/3du5LOB5me5ln9BphUiIAWVg6u6UMnD5+TqzLzxqGM85cbh4GloEs/0DvlHv2Uy1GLo51JnvUIysh7TiShikYfE5EH3FQWSJIdrZLhmbUKW3Np47AEfFgNXfu3FWlgbrzbkfnRN7HHBXWJIwlzp+A1xstcO7zHzs0AzwJ8hlk2O111uDW3ppQguKHfwIg1v1LtFxA4pB0SQ207e18yrd91KKIBpSywOgbc9zDKXxD+BA3MFj1xjvlRqzkQCYwrAP4RDYkzZ2V0z8Xwmbkl6jabI6jTKyYlU3s1ZLxxemKxWChWb0VYb4v9l8GAXlO0V+iSplwVFZOOsrWiCFwd521TSQwTVBNnDQJcz0bX9wPrK8HiOKZyVZB8RfPWbH7PhY+2yrvn+QF+GZRKckXU34kJgZBZ9nn3leRo1buvg/RGPw9vMmueLnhmfJhVTSDLnlQ7v+jIHMR3mxsW7SJ7e5YWITkSb3VqFyzdSINc39FzRxNbEXuSkpyqD9DV2LVXmUlVJwmGjiUCB+z/K9j2d0i1SFRLAjG3J3gQl68lexn0WJF47dK9l9PyuCYWa1vmY2+SZW5oJq/fkbX1FUuWcGgtFWoHHCR89e7m2eD20kwVmirjaGgIIwifXXNjrGckoDT82TZTBidnqIZFy1nF4CztBJMrjhPa1a2j2bSJWpS/qjmuUJrkFs7gozNm/cvJfIoek994AwGy9t9Z1WcpL90k9CCdzSpxoaOeV3747SzMUN7fbCfeGg/LqxmBjTViTFEpAWCz50vYqS48nutf4wxcilvFxtvJD6/iH/7dh1x48Q6E/DZ8bAQWml4Usd/g/cu3WR327H5qxazUL28vGDZGi/S4hBtvs6rhk+utZXgbwsHe1/+d4Bdv+PjZkRpgl4tOJl5wtgdgmIQNbZZfegIs51NKF9+OzxasbMoJ9ZY674juZrIwuPafGE63oRldT+v5A8HAMSsO8O+5awKekyoHXooPlD/e0rfw/c0tGHprGNNM0fh1VThll7ZhYfvZlH0sAFxqTlln2xnx3Uw4s6g25iJRs8m7NC4rbWo93fNki+7Fo615YLFvcH4dlVay3705nTjnqbwhxsnYczWpSWtey/1VmPmUxWFxUXfya73Rc242ZbSZzmD2GLAeAHY7QYhQJZzbV6/iC+f+c8hqbE0F1K1xG8UMoA/sXPnfHHZfEMSEcTpR5x6tX4UdB3kfGDM9L0cVkX6b2uvt20C3LHCvVQYn/Fi7iSzRS64tRIqHnk88Sj+9b0/uFigpTh6fjcgRfLr1Ys58qhl/BoBx4JyvGpDKcjGHVBnHcXAY+RguQHUTabqdOBXSKK49ZzSRlTSPdKjYOSqTAY5kfjwYzwMh9HiFdnyV3mXYYukDUjB/3XQO6JPgYsF8oVsnEuzKX6kGw/FN0apflTfQcVOx9wgxge3A10fAA=="; +use cosmian_cover_crypt::{traits::PkeAc, XEnc}; +use cosmian_crypto_core::{bytes_ser_de::Deserializer, Aes256Gcm}; fn main() { - use base64::{ - alphabet::STANDARD, - engine::{GeneralPurpose, GeneralPurposeConfig}, - Engine, - }; use cosmian_cover_crypt::api::Covercrypt; use cosmian_cover_crypt::UserSecretKey; use cosmian_crypto_core::bytes_ser_de::Serializable; - let config: GeneralPurposeConfig = GeneralPurposeConfig::default(); - let transcoder: GeneralPurpose = GeneralPurpose::new(&STANDARD, config); - let cc = Covercrypt::default(); - let usk = UserSecretKey::deserialize(&transcoder.decode(USK.as_bytes()).unwrap()).unwrap(); - let encrypted_header = - EncryptedHeader::deserialize(&transcoder.decode(HEADER.as_bytes()).unwrap()).unwrap(); - for _ in 0..100 { - encrypted_header - .decrypt(&cc, &usk, None) + + let usk = UserSecretKey::deserialize(&{ + let mut bytes = Vec::new(); + File::open("usk.txt") + .unwrap() + .read_to_end(&mut bytes) + .unwrap(); + bytes + }) + .unwrap(); + + let ctx = { + let mut bytes = Vec::new(); + File::open("ctx.txt") + .unwrap() + .read_to_end(&mut bytes) + .unwrap(); + let mut de = Deserializer::new(&bytes); + (de.read::().unwrap(), de.read_vec().unwrap()) + }; + + for _ in 0..1_000_000 { + PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::decrypt(&cc, &usk, &ctx) .expect("cannot decrypt hybrid header"); } } diff --git a/examples/encrypt.rs b/examples/encrypt.rs index d8c82318..5d6ed7b3 100644 --- a/examples/encrypt.rs +++ b/examples/encrypt.rs @@ -1,51 +1,85 @@ +use std::{ + fs::File, + io::{Read, Write}, +}; + use cosmian_cover_crypt::{ - api::Covercrypt, AccessPolicy, EncryptedHeader, MasterPublicKey, MasterSecretKey, + api::Covercrypt, cc_keygen, traits::PkeAc, AccessPolicy, MasterPublicKey, MasterSecretKey, + UserSecretKey, XEnc, +}; +use cosmian_crypto_core::{ + bytes_ser_de::{Deserializer, Serializable, Serializer}, + Aes256Gcm, }; /// Generates a new USK and encrypted header and prints them. -fn generate_new(cc: &Covercrypt, _msk: &mut MasterSecretKey, mpk: &MasterPublicKey) { - let access_policy = - AccessPolicy::parse("Department::FIN && Security Level::Top Secret").unwrap(); +fn generate_new(cc: &Covercrypt, msk: &mut MasterSecretKey, mpk: &MasterPublicKey) { + let ap = AccessPolicy::parse("DPT::FIN && SEC::TOP").unwrap(); - let (_, _header) = EncryptedHeader::generate(cc, mpk, &access_policy, None, None) - .expect("cannot encrypt header"); + let usk = cc.generate_user_secret_key(msk, &ap).unwrap(); + let ctx = PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::encrypt(cc, mpk, &ap, b"gotcha") + .expect("cannot encrypt!"); + + // Ensure decryption is OK + PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::decrypt(cc, &usk, &ctx).unwrap(); { - use base64::{ - alphabet::STANDARD, - engine::{GeneralPurpose, GeneralPurposeConfig}, - Engine, + File::create("./usk.txt") + .unwrap() + .write_all(&usk.serialize().unwrap()) + .unwrap(); + + let usk = UserSecretKey::deserialize(&{ + let mut bytes = Vec::new(); + File::open("usk.txt") + .unwrap() + .read_to_end(&mut bytes) + .unwrap(); + bytes + }) + .unwrap(); + + // Ensure decryption is OK + PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::decrypt(cc, &usk, &ctx).unwrap(); + + File::create("./ctx.txt") + .unwrap() + .write_all(&{ + let mut ser = Serializer::new(); + ser.write(&ctx.0).unwrap(); + ser.write_vec(&ctx.1).unwrap(); + ser.finalize() + }) + .unwrap(); + + let ctx = { + let mut bytes = Vec::new(); + File::open("ctx.txt") + .unwrap() + .read_to_end(&mut bytes) + .unwrap(); + let mut de = Deserializer::new(&bytes); + (de.read::().unwrap(), de.read_vec().unwrap()) }; - use cosmian_crypto_core::bytes_ser_de::Serializable; - let config: GeneralPurposeConfig = GeneralPurposeConfig::default(); - let transcoder: GeneralPurpose = GeneralPurpose::new(&STANDARD, config); - println!( - "USK = {}", - transcoder.encode( - cc.generate_user_secret_key(_msk, &access_policy) - .unwrap() - .serialize() - .unwrap() - ) - ); - println!( - "header = {}", - transcoder.encode(_header.serialize().unwrap()) - ); + // Ensure decryption is OK + PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::decrypt(cc, &usk, &ctx).unwrap(); } } fn main() { - let ap = AccessPolicy::parse("Department::FIN && Security Level::Top Secret").unwrap(); - + let ap = AccessPolicy::parse("DPT::FIN && SEC::TOP").unwrap(); let cc = Covercrypt::default(); - let (mut msk, mpk) = cc.setup().expect("cannot generate master keys"); + let (mut _msk, mpk) = cc_keygen(&cc, false).unwrap(); + + // Un-comment this line to generate new usk.txt and ctx.txt files. + // + // generate_new(&cc, &mut _msk, &mpk); - generate_new(&cc, &mut msk, &mpk); + let ptx = "testing encryption/decryption".as_bytes(); - // Encrypt header, use loop to increase its wight in the flame graph. for _ in 0..100 { - EncryptedHeader::generate(&cc, &mpk, &ap, None, None).expect("cannot encrypt header"); + PkeAc::<{ Aes256Gcm::KEY_LENGTH }, Aes256Gcm>::encrypt(&cc, &mpk, &ap, ptx) + .expect("cannot encrypt!"); } } diff --git a/src/core/primitives.rs b/src/core/primitives.rs index 79ba6448..a5c644d9 100644 --- a/src/core/primitives.rs +++ b/src/core/primitives.rs @@ -191,12 +191,13 @@ fn h_encaps( subkeys: &[&RightPublicKey], rng: &mut impl CryptoRngCore, ) -> Result<(Secret, XEnc), Error> { - let pq_encs = subkeys + let encs = subkeys .iter() .map(|subkey| match subkey { - RightPublicKey::Hybridized { H: _, ek } => { + RightPublicKey::Hybridized { H, ek } => { + let K1 = R25519::session_key(&r, H)?; let (K2, E) = MlKem512::enc(ek, rng)?; - Ok((K2, E)) + Ok((K1, K2, E)) } RightPublicKey::Classic { .. } => { Err(Error::Kem("all subkeys should be hybridized".to_string())) @@ -209,24 +210,15 @@ fn h_encaps( let T = { let mut T = Shake::v256(); c.iter().for_each(|ck| T.update(&ck.to_bytes())); - pq_encs.iter().try_fold(T, |mut T, (E, _)| { + encs.iter().try_fold(T, |mut T, (_, _, E)| { T.update(&E.serialize()?); Ok::<_, Error>(T) })? }; - let encs = subkeys - .iter() - .zip(pq_encs) - .map(|(subkey, (K2, E))| -> Result<_, _> { - println!("key: {:?}", subkey); - let H = match subkey { - RightPublicKey::Hybridized { H, ek: _ } => Ok(H), - RightPublicKey::Classic { .. } => { - Err(Error::Kem("all subkeys should be hybridized".to_string())) - } - }?; - let mut K1 = R25519::session_key(&r, H)?; + let encs = encs + .into_iter() + .map(|(mut K1, K2, E)| -> Result<_, _> { let F = xor_2(&S, &H_hash(T.clone(), &K1, Some(&K2))); K1.zeroize(); Ok((E, F)) @@ -307,18 +299,17 @@ pub fn encaps( ) -> Result<(Secret, XEnc), Error> { let (is_hybridized, mut coordinate_keys) = mpk.select_subkeys(encryption_set)?; - let S = Secret::::random(rng); - let r = G_hash(&S)?; - let c = mpk.set_traps(&r); - // Shuffling must be performed *before* generating the encapsulations since // rights are hashed in-order. If shuffling is performed after generating // the encapsulations, there would be no way to know in which order to // perform hashing upon decapsulation. shuffle(&mut coordinate_keys, rng); + let S = Secret::::random(rng); + let r = G_hash(&S)?; + let c = mpk.set_traps(&r); + if is_hybridized { - println!("Hybridized encapsulation"); h_encaps(S, c, r, &coordinate_keys, rng) } else { c_encaps(S, c, r, coordinate_keys) @@ -350,20 +341,16 @@ fn h_decaps( // The breadth-first search tries all coordinate subkeys in a chronological // order. for secret in usk.secrets.bfs() { - println!("Try"); if let RightSecretKey::Hybridized { sk, dk } = secret { - println!("with key"); let mut K1 = R25519::session_key(sk, A)?; let K2 = MlKem512::dec(dk, E)?; let S_ij = xor_in_place(H_hash(T.clone(), &K1, Some(&K2)), F); let (tag_ij, ss) = J_hash(J.clone(), &S_ij); if tag == &tag_ij { - println!("HERE"); // Fujisaki-Okamoto let r = G_hash(&S_ij)?; let c_ij = usk.set_traps(&r); - if c == &c_ij { - println!("THERE"); + if c == c_ij { K1.zeroize(); return Ok(Some(ss)); }