IGE mode code improvements (#212)

Author: newpavlov

Cargo.lock

@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+### Changed
+- Upgrade to `cipher v0.3` ([#202])
+
+### Added
+- Infinite Garble Extension (IGE) block mode ([#211])
+
+[#202]: https://github.com/RustCrypto/block-ciphers/pull/202
+[#211]: https://github.com/RustCrypto/block-ciphers/pull/211
+
 ## 0.7.0 (2020-10-16)
 ### Changed
 - Replace `block-cipher`/`stream-cipher` with `cipher` crate ([#167])

block-modes/CHANGELOG.md

@@ -12,7 +12,6 @@ keywords = ["crypto", "block-cipher", "ciphers"]
 
 [dependencies]
 block-padding = "0.2"
-byte-tools = "0.3"
 cipher = "=0.3.0-pre"
 
 [dev-dependencies]

block-modes/Cargo.toml

@@ -3,11 +3,10 @@ use crate::{
     utils::{xor, Block},
 };
 use block_padding::Padding;
-use byte_tools::copy;
 use cipher::{
     block::{BlockCipher, BlockDecrypt, BlockEncrypt, NewBlockCipher},
     generic_array::{
-        typenum::{Prod, UInt, UTerm, Unsigned, B0, B1, U2},
+        typenum::{Prod, Unsigned, U2},
         ArrayLength, GenericArray,
     },
 };
@@ -22,71 +21,53 @@ pub struct Ige<C, P>
 where
     C: BlockCipher + NewBlockCipher + BlockEncrypt + BlockDecrypt,
     P: Padding,
-    C::BlockSize: Mul<UInt<UInt<UTerm, B1>, B0>>,
-    <C::BlockSize as Mul<UInt<UInt<UTerm, B1>, B0>>>::Output: ArrayLength<u8>,
+    C::BlockSize: Mul<U2>,
+    IgeIvBlockSize<C>: ArrayLength<u8>,
 {
     cipher: C,
-    iv: GenericArray<u8, IgeIvBlockSize<C>>,
+    x: GenericArray<u8, C::BlockSize>,
+    y: GenericArray<u8, C::BlockSize>,
     _p: PhantomData<P>,
 }
 
-// Implementation derived from:
-// https://mgp25.com/AESIGE/
-
 impl<C, P> BlockMode<C, P> for Ige<C, P>
 where
     C: BlockCipher + NewBlockCipher + BlockEncrypt + BlockDecrypt,
     P: Padding,
-    C::BlockSize: Mul<UInt<UInt<UTerm, B1>, B0>>,
-    <C::BlockSize as Mul<UInt<UInt<UTerm, B1>, B0>>>::Output: ArrayLength<u8>,
+    C::BlockSize: Mul<U2>,
+    IgeIvBlockSize<C>: ArrayLength<u8>,
 {
     type IvSize = IgeIvBlockSize<C>;
 
     fn new(cipher: C, iv: &GenericArray<u8, Self::IvSize>) -> Self {
+        let (y, x) = iv.split_at(C::BlockSize::to_usize());
         Ige {
             cipher,
-            iv: iv.clone(),
+            x: GenericArray::clone_from_slice(x),
+            y: GenericArray::clone_from_slice(y),
             _p: Default::default(),
         }
     }
 
     fn encrypt_blocks(&mut self, blocks: &mut [Block<C>]) {
-        let block_size = C::BlockSize::to_usize();
-
-        let (mut y_prev, x_prev) = self.iv.split_at_mut(block_size);
-        let mut x_temp = GenericArray::<u8, C::BlockSize>::default();
-
         for block in blocks {
-            copy(block, &mut x_temp);
-
-            xor(block, y_prev);
-
+            let t = block.clone();
+            xor(block, &self.y);
             self.cipher.encrypt_block(block);
-
-            xor(block, x_prev);
-
-            copy(&x_temp, x_prev);
-            y_prev = block;
+            xor(block, &self.x);
+            self.x = t;
+            self.y = block.clone();
         }
     }
 
     fn decrypt_blocks(&mut self, blocks: &mut [Block<C>]) {
-        let block_size = C::BlockSize::to_usize();
-
-        let (x_prev, mut y_prev) = self.iv.split_at_mut(block_size);
-        let mut x_temp = GenericArray::<u8, C::BlockSize>::default();
-
         for block in blocks {
-            copy(block, &mut x_temp);
-
-            xor(block, y_prev);
-
+            let t = block.clone();
+            xor(block, &self.x);
             self.cipher.decrypt_block(block);
-
-            xor(block, x_prev);
-
-            copy(&x_temp, x_prev);
-            y_prev = block;
+            xor(block, &self.y);
+            self.y = t;
+            self.x = block.clone();
         }
     }
 }

block-modes/src/ige.rs

@@ -1,29 +1,23 @@
 //! Test vectors generated with OpenSSL
 
 use aes::Aes128;
-use block_modes::block_padding::{NoPadding, ZeroPadding};
+use block_modes::block_padding::NoPadding;
 use block_modes::BlockMode;
 use block_modes::{Cbc, Ecb, Ige};
-use cipher::generic_array::GenericArray;
 
 #[test]
 fn ecb_aes128() {
     let key = include_bytes!("data/aes128.key.bin");
     let plaintext = include_bytes!("data/aes128.plaintext.bin");
     let ciphertext = include_bytes!("data/ecb-aes128.ciphertext.bin");
-
     // ECB mode ignores IV
     let iv = Default::default();
-    let mode = Ecb::<Aes128, ZeroPadding>::new_var(key, iv).unwrap();
-    let mut pt = plaintext.to_vec();
-    let n = pt.len();
-    mode.encrypt(&mut pt, n).unwrap();
-    assert_eq!(pt, &ciphertext[..]);
-
-    let mode = Ecb::<Aes128, ZeroPadding>::new_var(key, iv).unwrap();
-    let mut ct = ciphertext.to_vec();
-    mode.decrypt(&mut ct).unwrap();
-    assert_eq!(ct, &plaintext[..]);
+
+    let mode = Ecb::<Aes128, NoPadding>::new_var(key, iv).unwrap();
+    assert_eq!(mode.encrypt_vec(plaintext), &ciphertext[..]);
+
+    let mode = Ecb::<Aes128, NoPadding>::new_var(key, iv).unwrap();
+    assert_eq!(mode.decrypt_vec(ciphertext).unwrap(), &plaintext[..]);
 }
 
 #[test]
@@ -33,16 +27,11 @@ fn cbc_aes128() {
     let plaintext = include_bytes!("data/aes128.plaintext.bin");
     let ciphertext = include_bytes!("data/cbc-aes128.ciphertext.bin");
 
-    let mode = Cbc::<Aes128, ZeroPadding>::new_var(key, iv).unwrap();
-    let mut pt = plaintext.to_vec();
-    let n = pt.len();
-    mode.encrypt(&mut pt, n).unwrap();
-    assert_eq!(pt, &ciphertext[..]);
+    let mode = Cbc::<Aes128, NoPadding>::new_var(key, iv).unwrap();
+    assert_eq!(mode.encrypt_vec(plaintext), &ciphertext[..]);
 
-    let mode = Cbc::<Aes128, ZeroPadding>::new_var(key, iv).unwrap();
-    let mut ct = ciphertext.to_vec();
-    mode.decrypt(&mut ct).unwrap();
-    assert_eq!(ct, &plaintext[..]);
+    let mode = Cbc::<Aes128, NoPadding>::new_var(key, iv).unwrap();
+    assert_eq!(mode.decrypt_vec(ciphertext).unwrap(), &plaintext[..]);
 }
 
 /// Test that parallel code works correctly
@@ -73,28 +62,28 @@ fn par_blocks() {
 
 #[test]
 fn ige_aes256_1() {
-    let key = GenericArray::from_slice(include_bytes!("data/ige-aes128-1.key.bin"));
-    let iv = GenericArray::from_slice(include_bytes!("data/ige-aes128-1.iv.bin"));
+    let key = include_bytes!("data/ige-aes128-1.key.bin");
+    let iv = include_bytes!("data/ige-aes128-1.iv.bin");
     let plaintext = include_bytes!("data/ige-aes128-1.plaintext.bin");
     let ciphertext = include_bytes!("data/ige-aes128-1.ciphertext.bin");
 
-    let mode = Ige::<Aes128, NoPadding>::new_fix(key, iv);
+    let mode = Ige::<Aes128, NoPadding>::new_var(key, iv).unwrap();
     assert_eq!(mode.encrypt_vec(plaintext), &ciphertext[..]);
 
-    let mode = Ige::<Aes128, NoPadding>::new_fix(key, iv);
+    let mode = Ige::<Aes128, NoPadding>::new_var(key, iv).unwrap();
     assert_eq!(mode.decrypt_vec(ciphertext).unwrap(), &plaintext[..]);
 }
 
 #[test]
 fn ige_aes256_2() {
-    let key = GenericArray::from_slice(include_bytes!("data/ige-aes128-2.key.bin"));
-    let iv = GenericArray::from_slice(include_bytes!("data/ige-aes128-2.iv.bin"));
+    let key = include_bytes!("data/ige-aes128-2.key.bin");
+    let iv = include_bytes!("data/ige-aes128-2.iv.bin");
     let plaintext = include_bytes!("data/ige-aes128-2.plaintext.bin");
     let ciphertext = include_bytes!("data/ige-aes128-2.ciphertext.bin");
 
-    let mode = Ige::<Aes128, NoPadding>::new_fix(key, iv);
+    let mode = Ige::<Aes128, NoPadding>::new_var(key, iv).unwrap();
     assert_eq!(mode.encrypt_vec(plaintext), &ciphertext[..]);
 
-    let mode = Ige::<Aes128, NoPadding>::new_fix(key, iv);
+    let mode = Ige::<Aes128, NoPadding>::new_var(key, iv).unwrap();
     assert_eq!(mode.decrypt_vec(ciphertext).unwrap(), &plaintext[..]);
 }