Skip to content

Commit

Permalink
Merge pull request #9 from payjoin/bitcoin-add-missing-k256-tests
Browse files Browse the repository at this point in the history
Generate k256 test vectors on secp
  • Loading branch information
DanGould authored Sep 4, 2024
2 parents 6ff0976 + ea07c06 commit bc31b3d
Show file tree
Hide file tree
Showing 7 changed files with 19,776 additions and 39 deletions.
1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ subtle = { version = "2.6", default-features = false }
zeroize = { version = "1", default-features = false, features = ["zeroize_derive"] }

[dev-dependencies]
aes-gcm = "0.10"
criterion = { version = "0.4", features = ["html_reports"] }
hex = "0.4"
hex-literal = "0.4"
Expand Down
25 changes: 23 additions & 2 deletions src/aead.rs
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,11 @@ impl<A: Aead, Kdf: KdfTrait, Kem: KemTrait> AeadCtx<A, Kdf, Kem> {
.labeled_expand(&self.suite_id, b"sec", exporter_ctx, out_buf)
.map_err(|_| HpkeError::KdfOutputTooLong)
}

#[cfg(test)]
pub(crate) fn current_nonce(&self) -> AeadNonce<A> {
mix_nonce::<A>(&self.base_nonce, &self.seq)
}
}

/// The HPKE receiver's context. This is what you use to `open` ciphertexts and `export` secrets.
Expand Down Expand Up @@ -355,7 +360,7 @@ impl<A: Aead, Kdf: KdfTrait, Kem: KemTrait> AeadCtxR<A, Kdf, Kem> {
}

/// The HPKE senders's context. This is what you use to `seal` plaintexts and `export` secrets.
pub struct AeadCtxS<A: Aead, Kdf: KdfTrait, Kem: KemTrait>(AeadCtx<A, Kdf, Kem>);
pub struct AeadCtxS<A: Aead, Kdf: KdfTrait, Kem: KemTrait>(pub(crate) AeadCtx<A, Kdf, Kem>);

// AeadCtx -> AeadCtxS via wrapping
impl<A: Aead, Kdf: KdfTrait, Kem: KemTrait> From<AeadCtx<A, Kdf, Kem>> for AeadCtxS<A, Kdf, Kem> {
Expand Down Expand Up @@ -456,14 +461,18 @@ impl<A: Aead, Kdf: KdfTrait, Kem: KemTrait> AeadCtxS<A, Kdf, Kem> {
}

// Export all the AEAD implementations
#[cfg(test)]
mod aes_gcm;
mod chacha20_poly1305;
mod export_only;
#[cfg(test)]
pub use crate::aead::aes_gcm::*;
#[doc(inline)]
pub use crate::aead::{chacha20_poly1305::*, export_only::*};

#[cfg(test)]
mod test {
use super::{AeadTag, ChaCha20Poly1305, ExportOnlyAead, Seq};
use super::{AeadTag, AesGcm128, AesGcm256, ChaCha20Poly1305, ExportOnlyAead, Seq};

use crate::{
kdf::HkdfSha256, test_util::gen_ctx_simple_pair, Deserializable, HpkeError, Serializable,
Expand Down Expand Up @@ -672,6 +681,8 @@ mod test {
};
}

test_invalid_nonce!(test_invalid_nonce_aes128, AesGcm128);
test_invalid_nonce!(test_invalid_nonce_aes256, AesGcm128);
test_invalid_nonce!(test_invalid_nonce_chacha, ChaCha20Poly1305);

#[cfg(all(feature = "secp", any(feature = "alloc", feature = "std")))]
Expand All @@ -686,6 +697,16 @@ mod test {
);
test_overflow!(test_overflow_k256, crate::kem::SecpK256HkdfSha256);

test_ctx_correctness!(
test_ctx_correctness_aes128_k256,
AesGcm128,
crate::kem::SecpK256HkdfSha256
);
test_ctx_correctness!(
test_ctx_correctness_aes256_k256,
AesGcm256,
crate::kem::SecpK256HkdfSha256
);
test_ctx_correctness!(
test_ctx_correctness_chacha_k256,
ChaCha20Poly1305,
Expand Down
21 changes: 21 additions & 0 deletions src/aead/aes_gcm.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
use crate::aead::Aead;

/// The implementation of AES-128-GCM
pub struct AesGcm128;

impl Aead for AesGcm128 {
type AeadImpl = aes_gcm::Aes128Gcm;

// RFC 9180 §7.3: AES-128-GCM
const AEAD_ID: u16 = 0x0001;
}

/// The implementation of AES-256-GCM
pub struct AesGcm256 {}

impl Aead for AesGcm256 {
type AeadImpl = aes_gcm::Aes256Gcm;

// RFC 9180 §7.3: AES-256-GCM
const AEAD_ID: u16 = 0x0002;
}
Loading

0 comments on commit bc31b3d

Please sign in to comment.