This has the api and GCM mode, I'm almost done with chacha20/poly1305 as well and also figured we could do a generic version that just accepts any cipher and mac combination.

Just to be clear not ready to merge yet.

The api I defined is that the constructor for the aead takes key, iv, additional data (any anything else the cipher needs), then aeads have a trait of encrypt or decrypt that takes input, output, or tag. For encrypt it writes to the tag and for decrypt you're passing in the tag. It is intentional non-streaming as it verifies the tag before it decrypts.

I had to make some modifications to how ghash worked as I found it changed types when you added ciphered data

Hello everyone,

I can't seem to compile the master branch of rust-crypto on OSX 10.10.2.

I get several compile errors about rotate_left(s as usize) expecting u32 instead of usize in src/md5.rs:

So I tried removing as usize. When I do that, I get a compiler error:

These are the version of rustc/cargo I use:

rustc 1.0.0-nightly (fed12499e 2015-03-03) (built 2015-03-03)
cargo 0.0.1-pre-nightly (a58ffd7 2015-02-27) (built 2015-02-27)

Has anyone had similar issues ?

Thanks for your help.

this adds 2 commits

1. pulls some of the functions for chacha out into macros and some local variables out into constants
2. allows 96 bit nonces and limits itself to only use the first counter byte, boringssl also does this for 8 byte nonces.

Hey, I wanted to suggest a rename of the rust-crypto crate to just crypto.

It can be done in the Cargo.toml leaving the package name intact by just renaming the crate.

[lib]
# name = "rust-crypto"
name = "crypto"
path = "src/rust-crypto/lib.rs"

All import calls would then be:

// extern crate "rust-crypto" as crypto; // old way
extern crate crypto; // new way

What do you think?

Since all Sha256, Sha384, Sha512 implement the trait Digest and Hmac::new accepts Digest, why do I have an error in this code?

extern crate crypto;
use crypto::sha2::{Sha256, Sha384, Sha512};
use crypto::hmac::Hmac;
use crypto::digest::Digest;
use crypto::mac::Mac;


enum MyType {
  Type1,
  Type2,
  Type3
}

//......

let mut hmac = Hmac::new(match myType {
   MyType::Type1 => Sha256::new(),
   MyType::Type2 => Sha384::new(),
   MyType::Type3 => Sha512::new()
  }, my_secret.to_string().as_bytes()
);

The error is:

error: match arms have incompatible types:
 expected `crypto::sha2::Sha256`,
    found `crypto::sha2::Sha384`
(expected struct `crypto::sha2::Sha256`,
    found struct `crypto::sha2::Sha384`) [E0308]
   let mut hmac = Hmac::new(match myType {
       MyType::Type1 => Sha256::new(),
       MyType::Type2 => Sha384::new(),
       MyType::Type3 => Sha512::new(),
       _ => panic!()
     }, my_secret.to_string().as_bytes()
 note: match arm with an incompatible type
       MyType::Type2 => Sha384::new(),
                                         ^~~~~~~~~~~~~
 help: methods from traits can only be called if the trait is implemented and in scope; the following traits define a method `input`, perhaps you need to implement one of them:
 help: candidate #1: `crypto::cryptoutil::FixedBuffer`
 help: candidate #2: `crypto::digest::Digest`
 help: candidate #3: `crypto::mac::Mac`
 help: methods from traits can only be called if the trait is implemented and in scope; the following traits define a method `result`, perhaps you need to implement one of them:
 help: candidate #1: `crypto::digest::Digest`
 help: candidate #2: `crypto::mac::Mac`

As may be known, key exchange and signing are only very slightly different operations on the same base curve. It is possible to convert Ed25519 keys to Curve25519 keys - but not vice versa (trivially, anyway), as far as I am aware. It is therefore possible to use a single keypair for both key exchange and signing, which cuts down on complexity. curve25519.rs is missing a keypair gen function (there is the curve25519_base function, but it lacks clamping), so this can stand in for that for the time being perhaps.

I looked at your test for pbkdf2:

    #[test]
    fn test_pbkdf2() {
        let tests = tests();
        for t in tests.iter() {
            let mut mac = Hmac::new(Sha1::new(), t.password[]);
            let mut result = Vec::from_elem(t.expected.len(), 0u8);
            pbkdf2(&mut mac, t.salt[], t.c, result[mut]);
            assert!(result == t.expected);
        }
    }

and modified it to this for my purposes, to generate a single key

//where seed_value/mnemonic are both &str
 let mut mac = Hmac::new(Sha256::new(),mnemonic.as_bytes());
    let mut result = Vec::new();
    pbkdf2(&mut mac,seed_value.as_bytes(),PBKDF2_ROUNDS,result[mut]);

however I'm getting an error that the pbkfd2 tests aren't:

src/rust_mnemonic.rs:150:57: 150:69 error: slicing syntax is experimental
src/rust_mnemonic.rs:150     pbkdf2(&mut mac,seed_value.as_bytes(),PBKDF2_ROUNDS,result[mut]);

I'm confused as to why rust-crypto doesn't have the same compiler error that I do?

I'm very new to rust and just trying to learn how to import and use this crate successfully.

extern crate "rust-crypto" as rust_crypto;

use rust_crypto::md5::Md5;

fn main() {
  let mut sh = Md5::new();
  sh.input_str("The quick brown fox jumps over the lazy dog");
  let out_str = sh.result_str();
  println!("{}",out_str);
}

I build it properly with cargo, rust-crypto is being brought in successfully. And looking at the tests written in md5.rs it seems to me like the above should work. What am I doing wrong?

I get the following build errors in sha1.rs when building: http://pastebin.com/rMYEGWL6 I am at revision 4b330cd (up-to-date at time of writing).

I guess something changed recently in Rust to trigger this. I was able to build successfully by capturing a std::cell::Cell instead of the value itself, but I'm not convinced that's the best solution!

Someone ported the kaccak reference implementation to rust. Since it is the winner for SHA-3, it might be within the scope of the project to include an implementation in rust-crypto (even if it's not that implementation)?

I need to encrypt / decrypt a String of unknown size using Blowfish, however, the only functions provided in the module are encrypt_block and decrypt_block, which only work on &[u8] slices of 8 bytes.

I'm guessing there's an interface for using all symmetric block ciphers? I'm having trouble finding examples.

Signature verification fails, pleqse help!

use crypto::ed25519::{keypair, signature, verify};
fn main() {
    let seed: &[u8] = b"This is a seed";
    let message: &[u8] = b"This is a test of the tsunami a This is a test of the tsunami a ";
    let (mut secret_key, mut public_key) = keypair(seed);
    let mut sig = signature(message, &secret_key);
    assert!(verify(message, &public_key, &sig)); // Assert fails here
}

rust-crypto = "0.2.36"

key = vkWlFRxheBecchrd; input text = {"datas":{"email":null,"phone":null,"nickName":null,"lastIp":null,"userStatus":null},"status":-1,"msg":"Login Failed"}

main code below: let mut encrypter = aes::ecb_encryptor(aes::KeySize::KeySize128, key, PkcsPadding); let json_to_string = {input text below}; let mut result = vec![0; json_to_string.as_bytes().len() * 4]; let mut read_buffer = RefReadBuffer::new(json_to_string.as_bytes()); let mut write_buffer = RefWriteBuffer::new(&mut result); let encrypt_result = encrypter.encrypt(&mut read_buffer, &mut write_buffer, true);

aes::ecb_encryptor result = lRu5mBFQWBYWT2xNRWUGw5lkxJYQp11/v0d4ngcHp+HASfcfGh37EdjYZyEjST1/LwdkQXhxSeYUD+X/5gM2P2Fk7unIC0cNSU/S7HwlAhBZQDpgz02EZOvN/ejR3gRuMIG92xM8UXzyv6wQeURpBta68Oem4IDWpiixsx8lSw==

right result = lRu5mBFQWBYWT2xNRWUGw5lkxJYQp11/v0d4ngcHp+HASfcfGh37EdjYZyEjST1/LwdkQXhxSeYUD+X/5gM2P2Fk7unIC0cNSU/S7HwlAhBZQDpgz02EZOvN/ejR3gRuMIG92xM8UXzyv6wQeURpBta68Oem4IDWpgAosbMfJUs=

Could you please help to check?

error: failed to run custom build command for rust-crypto v0.2.36

Caused by: process didn't exit successfully: /Users/denghui/dev_codes/parity-bitcoin/target/debug/build/rust-crypto-3ba811552027839f/build-script-build (signal: 11, SIGSEGV: invalid memory reference) --- stderr thread '' panicked at 'attempted to leave type nodrop::NoDrop<(epoch::Epoch, garbage::Bag)> uninitialized, which is invalid', /rustc/2fd73fabe469357a12c2c974c140f67e7cdd76d0/library/core/src/mem/mod.rs:671:9 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace warning: build failed, waiting for other jobs to finish...

https://github.com/DaGenix/rust-crypto/blob/cc1a5fde1ce957bd1a8a2e30169443cdb4780111/src/digest.rs#L77

Sorry if it is too nit-picky, I just used the rust-analyzer "Go to Definition" and noticed.

Is there any reason for aes::cbc_encryptor (& co) to return a Box<dyn Encryptor + 'static> and not a Box<dyn Encryptor + Send + 'static> ? The CbcEncryptor it returns is Send and the function requires a PaddingProcessor+Send.