diff --git a/Cargo.lock b/Cargo.lock index 2447d03..afc0807 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -122,7 +122,7 @@ dependencies = [ [[package]] name = "capycrypt" -version = "0.7.0" +version = "0.7.1" dependencies = [ "aes", "byteorder", @@ -131,7 +131,6 @@ dependencies = [ "criterion", "crypto-bigint", "hex", - "num", "rand", "rayon", "serde", @@ -509,70 +508,6 @@ version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" -[[package]] -name = "num" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35bd024e8b2ff75562e5f34e7f4905839deb4b22955ef5e73d2fea1b9813cb23" -dependencies = [ - "num-bigint", - "num-complex", - "num-integer", - "num-iter", - "num-rational", - "num-traits", -] - -[[package]] -name = "num-bigint" -version = "0.4.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" -dependencies = [ - "num-integer", - "num-traits", -] - -[[package]] -name = "num-complex" -version = "0.4.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73f88a1307638156682bada9d7604135552957b7818057dcef22705b4d509495" -dependencies = [ - "num-traits", -] - -[[package]] -name = "num-integer" -version = "0.1.46" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" -dependencies = [ - "num-traits", -] - -[[package]] -name = "num-iter" -version = "0.1.45" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" -dependencies = [ - "autocfg", - "num-integer", - "num-traits", -] - -[[package]] -name = "num-rational" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f83d14da390562dca69fc84082e73e548e1ad308d24accdedd2720017cb37824" -dependencies = [ - "num-bigint", - "num-integer", - "num-traits", -] - [[package]] name = "num-traits" version = "0.2.19" diff --git a/Cargo.toml b/Cargo.toml index 51229ba..2866a24 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,19 +1,18 @@ [package] name = "capycrypt" -version = "0.7.0" +version = "0.7.1" edition = "2021" license = "MIT" -keywords = ["aes", "sha3", "elliptic-curve", "ed448", "mlkem"] +keywords = ["cryptography", "aes", "sha3", "ed448", "mlkem"] readme = "README.md" authors = ["Dustin Ray (Dr. Capybara) ", "Hunter Richardson (HLRichardson-Git) "] -description = "An academic exercise in cryptographic algorithm design, pairing NIST FIPS 202 with a variety of Edwards curves." +description = "An academic exercise in cryptographic algorithm design." repository = "https://github.com/drcapybara/capyCRYPT" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -num = {version = "0.4.0"} hex = {version = "0.4.3"} byteorder = {version = "1.4.3"} chrono = {version = "0.4.23"} diff --git a/README.md b/README.md index 03d5ff0..78f42e5 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ let mut msg = Message::new(get_random_bytes(5242880)); // Create a new ML-KEM public/private keypair let (kem_pub_key, kem_priv_key) = kem_keygen(); // Encrypt the message -assert!(msg.kem_encrypt(&kem_pub_key, SecParam::D256).is_ok()); +msg.kem_encrypt(&kem_pub_key, SecParam::D256); // Decrypt and verify assert!(msg.kem_decrypt(&kem_priv_key).is_ok()); ``` @@ -81,7 +81,7 @@ let key_pair = KeyPair::new( SecParam::D256, // bit-security for key ); // Encrypt the message -assert!(msg.key_encrypt(&key_pair.pub_key, SecParam::D256).is_ok()); +msg.key_encrypt(&key_pair.pub_key, SecParam::D256); // Decrypt and verify assert!(msg.key_decrypt(&key_pair.priv_key).is_ok()); ``` @@ -99,11 +99,11 @@ let pw = get_random_bytes(16); // Get 5mb random data let mut msg = Message::new(get_random_bytes(5242880)); // Encrypt the data -assert!(msg.aes_encrypt_ctr(&pw).is_ok()); +msg.aes_encrypt_ctr(&pw); // Decrypt the data assert!(msg.aes_decrypt_ctr(&pw).is_ok()); // Encrypt the data -assert!(msg.sha3_encrypt(&pw, SecParam::D512).is_ok()); +msg.sha3_encrypt(&pw, SecParam::D512); // Decrypt and verify assert!(msg.sha3_decrypt(&pw).is_ok()); ``` @@ -124,7 +124,7 @@ let key_pair = KeyPair::new( SecParam::D256, // bit-security for key ); // Sign with 128 bits of security -assert!(msg.sign(&key_pair, SecParam::D256).is_ok()); +msg.sign(&key_pair, SecParam::D256); // Verify signature assert!(msg.verify(&key_pair.pub_key).is_ok()); ``` @@ -151,8 +151,11 @@ conducts benchmarks over parameter sets in order from lowest security to highest Symmetric operations compare well to openSSL. On an Intelยฎ Coreโ„ข i7-10710U ร— 12, our adaption of in-place keccak from the [XKCP](https://github.com/XKCP/XKCP) achieves a runtime of approximately 20 ms to digest 5mb of random data, vs approximately 17 ms in openSSL. ## (Plausible) Post-Quantum Security -This library pairs ML-KEM under the 768-parameter set to a SHA3-sponge construction for a quantum-safe public-key cryptosystem. It offers theoretic quantum-security through the use of the KEM and sponge primitives, which are both based on problems conjectured to be hard to solve for a quantum adversary. Our construction is non-standard, has not been evaluated by experts, and is unaudited. Our MLKEM library itself is a work in progress and only supports the NIST-II security parameter of 768. Furthermore, the current FIPS 203 IPD is, (as the name indicates), a draft, and final details about secure implementation may be subject to change. Our design currently exists in this library purely as an academic curiosity. Use it at your own risk, we provide no guarantee of safety, reliability, or efficiency. +This library pairs ML-KEM-768 to a SHA3-sponge construction for a quantum-safe public-key cryptosystem. It offers theoretic quantum-security through the use of the KEM and sponge primitives, which are both based on problems conjectured to be hard to solve for a quantum adversary. This design seeds the SHA-3 sponge with the secret shared through the KEM + a session nonce, which then faciliates high-performance symmetric encryption/decryption of arbitrary-length messages. + +Our construction is non-standard, has not been subject to peer review, and lacks any formal audit. Our [ML-KEM library](https://github.com/drcapybara/capyKEM) itself is a work in progress and only supports the recommended NIST-II security parameter-set of 768. Furthermore, the current FIPS 203 IPD is, (as the name indicates), a draft, and final details about secure implementation may be subject to change. Our design currently exists in this library purely as an academic curiosity. Use it at your own risk, we provide no guarantee of security, reliability, or efficiency. ## Acknowledgements +The authors wish to sincerely thank Dr. Paulo Barreto for the initial design of this library as well as the theoretical backbone of the Edward's curve functionality. We also wish to extend gratitude to the curve-dalek authors [here](https://github.com/crate-crypto/Ed448-Goldilocks) and [here](https://docs.rs/curve25519-dalek/4.1.1/curve25519_dalek/) for the excellent reference implementations and exemplary instances of rock-solid cryptography. -The authors wish to sincerely thank Dr. Paulo Barreto for the general design of this library as well as the curve functionality. We also wish to extend gratitude to the curve-dalek authors [here](https://github.com/crate-crypto/Ed448-Goldilocks) and [here](https://docs.rs/curve25519-dalek/4.1.1/curve25519_dalek/) for the excellent reference implementations and exemplary instances of rock-solid cryptography. +Our [KEM](https://github.com/drcapybara/capyKEM) is inspired by the excellent ML-KEM articles and [go implementation](https://pkg.go.dev/filippo.io/mlkem768) by Filippo Valsorda and the always wonderful rust-crypto implementation by the great Tony Arcieri [here](https://crates.io/crates/ml-kem). diff --git a/benches/benchmark_aes.rs b/benches/benchmark_aes.rs index 27dd357..94d4fbd 100644 --- a/benches/benchmark_aes.rs +++ b/benches/benchmark_aes.rs @@ -80,14 +80,14 @@ fn sym_enc_rust_aes(key: &[u8], data: &[u8]) -> Vec { /// Symmetric encrypt and decrypt roundtrip fn sym_cbc_enc(key: &[u8], data: &[u8]) { let mut msg = Message::new(data.to_owned()); - let _ = msg.aes_encrypt_cbc(key); + msg.aes_encrypt_cbc(key); let _ = msg.aes_decrypt_cbc(key); } /// Symmetric encrypt and decrypt roundtrip for AES in CTR mode fn sym_ctr_enc(key: &[u8], data: &[u8]) { let mut msg = Message::new(data.to_owned()); - let _ = msg.aes_encrypt_ctr(key); + msg.aes_encrypt_ctr(key); let _ = msg.aes_decrypt_ctr(key); } diff --git a/benches/benchmark_e448_224.rs b/benches/benchmark_e448_224.rs index e298ab1..0c526dc 100644 --- a/benches/benchmark_e448_224.rs +++ b/benches/benchmark_e448_224.rs @@ -11,20 +11,20 @@ const BIT_SECURITY: SecParam = D224; /// Symmetric encrypt and decrypt roundtrip fn sym_enc(pw: &[u8], mut msg: Message) { - let _ = msg.sha3_encrypt(pw, BIT_SECURITY); + msg.sha3_encrypt(pw, BIT_SECURITY); let _ = msg.sha3_decrypt(pw); } /// Asymmetric encrypt and decrypt roundtrip + keygen fn key_gen_enc_dec(pw: &[u8], mut msg: Message) { let key_pair = KeyPair::new(pw, "test key".to_string(), BIT_SECURITY); - let _ = msg.key_encrypt(&key_pair.pub_key, BIT_SECURITY); + msg.key_encrypt(&key_pair.pub_key, BIT_SECURITY); let _ = msg.key_decrypt(&key_pair.priv_key); } /// Signature generation + verification roundtrip pub fn sign_verify(key_pair: KeyPair, mut msg: Message) { - let _ = msg.sign(&key_pair, BIT_SECURITY); + msg.sign(&key_pair, BIT_SECURITY); let _ = msg.verify(&key_pair.pub_key); } diff --git a/benches/benchmark_e448_512.rs b/benches/benchmark_e448_512.rs index 9f49d7c..ce59d74 100644 --- a/benches/benchmark_e448_512.rs +++ b/benches/benchmark_e448_512.rs @@ -11,20 +11,20 @@ const BIT_SECURITY: SecParam = D512; /// Symmetric encrypt and decrypt roundtrip fn sym_enc(pw: &[u8], mut msg: Message) { - let _ = msg.sha3_encrypt(pw, BIT_SECURITY); + msg.sha3_encrypt(pw, BIT_SECURITY); let _ = msg.sha3_decrypt(pw); } /// Asymmetric encrypt and decrypt roundtrip + keygen fn key_gen_enc_dec(pw: &[u8], mut msg: Message) { let key_pair = KeyPair::new(pw, "test key".to_string(), BIT_SECURITY); - let _ = msg.key_encrypt(&key_pair.pub_key, BIT_SECURITY); + msg.key_encrypt(&key_pair.pub_key, BIT_SECURITY); let _ = msg.key_decrypt(&key_pair.priv_key); } /// Signature generation + verification roundtrip pub fn sign_verify(key_pair: KeyPair, mut msg: Message) { - let _ = msg.sign(&key_pair, BIT_SECURITY); + msg.sign(&key_pair, BIT_SECURITY); let _ = msg.verify(&key_pair.pub_key); } diff --git a/src/aes/encryptable.rs b/src/aes/encryptable.rs index e790f2c..5b83ddb 100644 --- a/src/aes/encryptable.rs +++ b/src/aes/encryptable.rs @@ -6,9 +6,9 @@ use crate::{ use rayon::prelude::*; pub trait AesEncryptable { - fn aes_encrypt_cbc(&mut self, key: &[u8]) -> Result<(), OperationError>; + fn aes_encrypt_cbc(&mut self, key: &[u8]); fn aes_decrypt_cbc(&mut self, key: &[u8]) -> Result<(), OperationError>; - fn aes_encrypt_ctr(&mut self, key: &[u8]) -> Result<(), OperationError>; + fn aes_encrypt_ctr(&mut self, key: &[u8]); fn aes_decrypt_ctr(&mut self, key: &[u8]) -> Result<(), OperationError>; } @@ -31,7 +31,7 @@ impl AesEncryptable for Message { /// - C: Represents ciphertext blocks. /// ## Arguments: /// * `key: &Vec`: symmetric encryption key. - fn aes_encrypt_cbc(&mut self, key: &[u8]) -> Result<(), OperationError> { + fn aes_encrypt_cbc(&mut self, key: &[u8]) { let iv = get_random_bytes(16); let mut ke_ka = iv.clone(); ke_ka.append(&mut key.to_owned()); @@ -56,7 +56,6 @@ impl AesEncryptable for Message { } self.sym_nonce = Some(iv); - Ok(()) } /// # Symmetric Decryption using AES in CBC Mode @@ -130,7 +129,7 @@ impl AesEncryptable for Message { /// - C: Represents ciphertext blocks. /// ## Arguments: /// * `key: &[u8]`: symmetric encryption key. - fn aes_encrypt_ctr(&mut self, key: &[u8]) -> Result<(), OperationError> { + fn aes_encrypt_ctr(&mut self, key: &[u8]) { let iv = get_random_bytes(12); let counter = 0u32; let counter_bytes = counter.to_be_bytes(); @@ -160,8 +159,6 @@ impl AesEncryptable for Message { xor_blocks(block, &temp); }); - - Ok(()) } /// # Symmetric Decryption using AES in CTR Mode /// Decrypts a [`Message`] using the AES algorithm in CTR (Counter) mode. diff --git a/src/ecc/encryptable.rs b/src/ecc/encryptable.rs index 102da0e..229b85e 100644 --- a/src/ecc/encryptable.rs +++ b/src/ecc/encryptable.rs @@ -8,7 +8,7 @@ use crate::{ use tiny_ed448_goldilocks::curve::{extended_edwards::ExtendedPoint, field::scalar::Scalar}; pub trait KeyEncryptable { - fn key_encrypt(&mut self, pub_key: &ExtendedPoint, d: SecParam) -> Result<(), OperationError>; + fn key_encrypt(&mut self, pub_key: &ExtendedPoint, d: SecParam); fn key_decrypt(&mut self, pw: &[u8]) -> Result<(), OperationError>; } @@ -31,7 +31,7 @@ impl KeyEncryptable for Message { /// * pub_key: [`ExtendedPoint`] : X coordinate of public key ๐‘‰ /// * d: u64: Requested security strength in bits. Can only be 224, 256, 384, or 512. #[allow(non_snake_case)] - fn key_encrypt(&mut self, pub_key: &ExtendedPoint, d: SecParam) -> Result<(), OperationError> { + fn key_encrypt(&mut self, pub_key: &ExtendedPoint, d: SecParam) { self.d = Some(d); let k = bytes_to_scalar(&get_random_bytes(56)).mul_mod(&Scalar::from(4_u64)); let w = (*pub_key * k).to_affine(); @@ -47,7 +47,6 @@ impl KeyEncryptable for Message { self.digest = t; self.asym_nonce = Some(Z.to_extended()); - Ok(()) } /// # Asymmetric Decryption diff --git a/src/ecc/signable.rs b/src/ecc/signable.rs index 95512ac..7df733d 100644 --- a/src/ecc/signable.rs +++ b/src/ecc/signable.rs @@ -11,7 +11,7 @@ use tiny_ed448_goldilocks::curve::{extended_edwards::ExtendedPoint, field::scala use super::keypair::KeyPair; pub trait Signable { - fn sign(&mut self, key: &KeyPair, d: SecParam) -> Result<(), OperationError>; + fn sign(&mut self, key: &KeyPair, d: SecParam); fn verify(&mut self, pub_key: &ExtendedPoint) -> Result<(), OperationError>; } @@ -38,7 +38,7 @@ impl Signable for Message { /// * key: &[`KeyPair`], : reference to KeyPair. /// * d: u64: encryption security strength in bits. Can only be 224, 256, 384, or 512. #[allow(non_snake_case)] - fn sign(&mut self, key: &KeyPair, d: SecParam) -> Result<(), OperationError> { + fn sign(&mut self, key: &KeyPair, d: SecParam) { let s_bytes = kmac_xof(&key.priv_key, &[], 448, "SK", d); let s = bytes_to_scalar(&s_bytes).mul_mod(&Scalar::from(4_u64)); let s_bytes = scalar_to_bytes(&s); @@ -55,7 +55,6 @@ impl Signable for Message { let z = k - h_big.mul_mod(&s); self.sig = Some(Signature { h, z }); self.d = Some(d); - Ok(()) } /// # Signature Verification diff --git a/src/kem/encryptable.rs b/src/kem/encryptable.rs index b5e9104..5f99612 100644 --- a/src/kem/encryptable.rs +++ b/src/kem/encryptable.rs @@ -14,12 +14,31 @@ use rand::{thread_rng, RngCore}; use super::keypair::{KEMPrivateKey, KEMPublicKey}; pub trait KEMEncryptable { - fn kem_encrypt(&mut self, key: &KEMPublicKey, d: SecParam) -> Result<(), OperationError>; + fn kem_encrypt(&mut self, key: &KEMPublicKey, d: SecParam); fn kem_decrypt(&mut self, key: &KEMPrivateKey) -> Result<(), OperationError>; } impl KEMEncryptable for Message { - fn kem_encrypt(&mut self, key: &KEMPublicKey, d: SecParam) -> Result<(), OperationError> { + /// # Key Encapsulation Mechanism (KEM) Encryption + /// Encrypts a [`Message`] symmetrically under a KEM public key ๐‘‰. The KEM keys + /// are used to derive a shared secret which seeds the sponge, and is then + /// subsequently used for symmetric encryptions. + /// ## Replaces: + /// * `Message.kem_ciphertext` with the result of encryption using KEM public key ๐‘‰. + /// * `Message.digest` with the keyed hash of the message using components derived from the encryption process. + /// * `Message.sym_nonce` with random bytes ๐‘ง. + /// ## Algorithm: + /// * Generate a random secret. + /// * Encrypt the secret using the KEM public key ๐‘‰ to generate + /// shared secret. + /// * Generate a random nonce ๐‘ง + /// * (ke || ka) โ† kmac_xof(๐‘ง || secret, "", 1024, "S") + /// * ๐‘ โ† kmac_xof(ke, "", |m|, "SKE") โŠ• m + /// * t โ† kmac_xof(ka, m, 512, "SKA") + /// ## Arguments: + /// * `key: &KEMPublicKey`: The public key ๐‘‰ used for encryption. + /// * `d: SecParam`: Security parameters defining the strength of cryptographic operations. + fn kem_encrypt(&mut self, key: &KEMPublicKey, d: SecParam) { self.d = Some(d); let mut rng = thread_rng(); @@ -44,15 +63,25 @@ impl KEMEncryptable for Message { xor_bytes(&mut self.msg, &m); self.sym_nonce = Some(z); - Ok(()) } + /// # Key Encapsulation Mechanism (KEM) Decryption + /// Decrypts a [`Message`] using a KEM private key. + /// ## Replaces: + /// * `Message.msg` with the result of decryption. + /// * `Message.op_result` with the result of the comparison of the stored and computed message digests. + /// ## Algorithm: + /// * Retrieve the KEM ciphertext and decrypt it using the KEM private key to obtain the decrypted secret. + /// * Use the stored nonce ๐‘ง and decrypted secret to derive two keys (ke and ka) using `kmac_xof`. + /// * m โ† kmac_xof(ke, "", |c|, "SKE") โŠ• c + /// * tโ€ฒ โ† kmac_xof(ka, m, 512, "SKA") + /// ## Arguments: + /// * `key: &KEMPrivateKey`: The private key used for decryption. fn kem_decrypt(&mut self, key: &KEMPrivateKey) -> Result<(), OperationError> { let ciphertext = self .kem_ciphertext .as_ref() .ok_or(OperationError::EmptyDecryptionError)?; - let dec = k_pke_decrypt::(&key.dk, ciphertext); let d = self.d.ok_or(OperationError::SecurityParameterNotSet)?; diff --git a/src/kem/keypair.rs b/src/kem/keypair.rs index 4a517bf..340784f 100644 --- a/src/kem/keypair.rs +++ b/src/kem/keypair.rs @@ -2,22 +2,50 @@ use capy_kem::{constants::parameter_sets::KEM_768, fips203::keygen::k_pke_keygen use rand::{thread_rng, RngCore}; use serde::{Deserialize, Serialize}; +/// Represents a private key for Key Encapsulation Mechanism (KEM). +/// +/// This structure holds the private decryption key (`dk`) +/// necessary for the decryption process in KEM. +/// +/// ## Fields +/// * `dk: Vec` - The private decryption key data, +/// essential for decrypting the KEM ciphertext. #[derive(Serialize, Deserialize, Debug, Clone)] pub struct KEMPrivateKey { pub dk: Vec, } +/// Represents a public key for Key Encapsulation Mechanism (KEM). +/// +/// This structure holds the public encryption key (`ek`) and a set of random bytes +/// (`rand_bytes`) used to initialize or seed certain operations within the KEM. +/// The public key is used in the encryption process, +/// encapsulating data in such a way that only someone with the +/// corresponding private key can decrypt it. +/// +/// ## Fields +/// * `rand_bytes: [u8; 32]` - Random bytes used to seed KEM +/// operations, ensuring the uniqueness and security of the public key. +/// * `ek: Vec` - The public encryption key data, +/// used to encrypt data in the KEM scheme. +#[derive(Serialize, Deserialize, Debug, Clone)] pub struct KEMPublicKey { pub rand_bytes: [u8; 32], pub ek: Vec, } -impl KEMPublicKey { - pub fn new(&self, rand_bytes: [u8; 32], ek: Vec) -> Self { - KEMPublicKey { rand_bytes, ek } - } -} - +/// Generates a public-private key pair for use with the Key Encapsulation Mechanism (KEM). +/// +/// This function interfaces with [`capy_kem`] for partial ML-KEM-768 support.(Partial because +/// the other parameter sets are a work in progress) to generate a compatible key pair. +/// +/// It initializes the necessary randomness and calls the library-specific key generation +/// function to produce both encryption and decryption keys. +/// +/// ## Returns +/// Returns a tuple containing: +/// * `KEMPublicKey`: Contains the public encryption key and initial random bytes. +/// * `KEMPrivateKey`: Contains the private decryption key. pub fn kem_keygen() -> (KEMPublicKey, KEMPrivateKey) { let mut rng = thread_rng(); let mut rand_bytes = [0u8; 32]; diff --git a/src/sha3/encryptable.rs b/src/sha3/encryptable.rs index cb7fd68..2d264c7 100644 --- a/src/sha3/encryptable.rs +++ b/src/sha3/encryptable.rs @@ -5,7 +5,7 @@ use crate::{ }; pub trait SpongeEncryptable { - fn sha3_encrypt(&mut self, pw: &[u8], d: SecParam) -> Result<(), OperationError>; + fn sha3_encrypt(&mut self, pw: &[u8], d: SecParam); fn sha3_decrypt(&mut self, pw: &[u8]) -> Result<(), OperationError>; } @@ -26,7 +26,7 @@ impl SpongeEncryptable for Message { /// * `pw: &[u8]`: symmetric encryption key, can be blank but shouldnt be /// * `d: u64`: requested security strength in bits. Supported /// bitstrengths are 224, 256, 384, or 512. - fn sha3_encrypt(&mut self, pw: &[u8], d: SecParam) -> Result<(), OperationError> { + fn sha3_encrypt(&mut self, pw: &[u8], d: SecParam) { self.d = Some(d); let z = get_random_bytes(512); @@ -42,7 +42,6 @@ impl SpongeEncryptable for Message { xor_bytes(&mut self.msg, &m); self.sym_nonce = Some(z); - Ok(()) } /// # Symmetric Decryption diff --git a/tests/aes_tests.rs b/tests/aes_tests.rs index c548bf6..79cc0be 100644 --- a/tests/aes_tests.rs +++ b/tests/aes_tests.rs @@ -11,7 +11,7 @@ mod aes_modes_tests { // Get 5mb random data let mut input = Message::new(get_random_bytes(5242880)); - let _ = input.aes_encrypt_cbc(&key); // Encrypt the input + input.aes_encrypt_cbc(&key); // Encrypt the input assert!(input.aes_decrypt_cbc(&key).is_ok()); // Verify operation success } @@ -22,7 +22,7 @@ mod aes_modes_tests { // Get 5mb random data let mut input = Message::new(get_random_bytes(5242880)); - let _ = input.aes_encrypt_cbc(&key); // Encrypt the input + input.aes_encrypt_cbc(&key); // Encrypt the input assert!(input.aes_decrypt_cbc(&key).is_ok()); // Verify operation success } @@ -33,7 +33,7 @@ mod aes_modes_tests { // Get 5mb random data let mut input = Message::new(get_random_bytes(5242880)); - let _ = input.aes_encrypt_cbc(&key); // Encrypt the input + input.aes_encrypt_cbc(&key); // Encrypt the input assert!(input.aes_decrypt_cbc(&key).is_ok()); // Verify operation success } @@ -44,7 +44,7 @@ mod aes_modes_tests { // Get 5mb random data let mut input = Message::new(get_random_bytes(5242880)); - let _ = input.aes_encrypt_ctr(&key); // Encrypt the input + input.aes_encrypt_ctr(&key); // Encrypt the input assert!(input.aes_decrypt_ctr(&key).is_ok()); // Verify operation success } @@ -55,7 +55,7 @@ mod aes_modes_tests { // Get 5mb random data let mut input = Message::new(get_random_bytes(5242880)); - let _ = input.aes_encrypt_ctr(&key); // Encrypt the input + input.aes_encrypt_ctr(&key); // Encrypt the input assert!(input.aes_decrypt_ctr(&key).is_ok()); // Verify operation success } @@ -66,7 +66,7 @@ mod aes_modes_tests { // Get 5mb random data let mut input = Message::new(get_random_bytes(5242880)); - let _ = input.aes_encrypt_ctr(&key); // Encrypt the input + input.aes_encrypt_ctr(&key); // Encrypt the input assert!(input.aes_decrypt_ctr(&key).is_ok()); // Verify operation success } } diff --git a/tests/integration_tests.rs b/tests/integration_tests.rs index 45514e0..3a0a3fa 100644 --- a/tests/integration_tests.rs +++ b/tests/integration_tests.rs @@ -12,7 +12,7 @@ pub fn test_kem_enc_512() { // Create a new ML-KEM public/private keypair let (kem_pub_key, kem_priv_key) = kem_keygen(); // Encrypt the message - assert!(msg.kem_encrypt(&kem_pub_key, SecParam::D256).is_ok()); + msg.kem_encrypt(&kem_pub_key, SecParam::D256); // Decrypt and verify assert!(msg.kem_decrypt(&kem_priv_key).is_ok()); } @@ -35,7 +35,7 @@ fn test_key_gen_enc_dec_256() { SecParam::D256, // bit-security for key ); // Encrypt the message - assert!(msg.key_encrypt(&key_pair.pub_key, SecParam::D256).is_ok()); + msg.key_encrypt(&key_pair.pub_key, SecParam::D256); // Decrypt and verify assert!(msg.key_decrypt(&key_pair.priv_key).is_ok()); } @@ -55,7 +55,7 @@ fn test_key_gen_enc_dec_512() { SecParam::D512, ); - assert!(msg.key_encrypt(&key_pair.pub_key, SecParam::D512).is_ok()); + msg.key_encrypt(&key_pair.pub_key, SecParam::D512); assert!(msg.key_decrypt(&key_pair.priv_key).is_ok()); } @@ -74,8 +74,8 @@ pub fn test_signature_256() { "test key".to_string(), // label SecParam::D256, // bit-security for key ); - // Sign with 256 bits of security - assert!(msg.sign(&key_pair, SecParam::D256).is_ok()); + // Sign with 128 bits of security + msg.sign(&key_pair, SecParam::D256); // Verify signature assert!(msg.verify(&key_pair.pub_key).is_ok()); } @@ -104,11 +104,11 @@ fn test_symmetric_encryptable() { // Get 5mb random data let mut msg = Message::new(get_random_bytes(5242880)); // Encrypt the data - assert!(msg.aes_encrypt_ctr(&pw).is_ok()); + msg.aes_encrypt_ctr(&pw); // Decrypt the data assert!(msg.aes_decrypt_ctr(&pw).is_ok()); // Encrypt the data - assert!(msg.sha3_encrypt(&pw, SecParam::D512).is_ok()); + msg.sha3_encrypt(&pw, SecParam::D512); // Decrypt and verify assert!(msg.sha3_decrypt(&pw).is_ok()); } @@ -125,7 +125,7 @@ pub fn test_signature_512() { let pw = get_random_bytes(64); let key_pair = KeyPair::new(&pw, "test key".to_string(), SecParam::D512); - assert!(msg.sign(&key_pair, SecParam::D512).is_ok()); + msg.sign(&key_pair, SecParam::D512); assert!(msg.verify(&key_pair.pub_key).is_ok()); } @@ -149,9 +149,9 @@ fn test_sig_timing_side_channel() { let key_pair = KeyPair::new(&pw, "test key".to_string(), SecParam::D512); let now = Instant::now(); - let _ = msg.sign(&key_pair, SecParam::D512); + msg.sign(&key_pair, SecParam::D512); println!("{} needed {} microseconds", i, now.elapsed().as_micros()); - let _ = msg.verify(&key_pair.pub_key); + msg.verify(&key_pair.pub_key).unwrap(); } } @@ -201,7 +201,7 @@ pub fn test_signature_512_read_keypair_from_file() { let read_key_pair = KeyPair::read_from_file(temp_file_path.to_str().unwrap()) .expect("Failed to read key pair from file"); - assert!(msg.sign(&read_key_pair, SecParam::D512).is_ok()); + msg.sign(&read_key_pair, SecParam::D512); assert!(msg.verify(&read_key_pair.pub_key).is_ok()); } @@ -226,7 +226,7 @@ pub fn test_signature_512_read_message_from_file() { let pw = get_random_bytes(64); let key_pair = KeyPair::new(&pw, "test key".to_string(), SecParam::D512); - assert!(initial_msg.sign(&key_pair, SecParam::D512).is_ok()); + initial_msg.sign(&key_pair, SecParam::D512); initial_msg .write_to_file(temp_file_path.to_str().unwrap()) @@ -256,7 +256,7 @@ mod decryption_test { // D512 let mut new_msg = Message::new(get_random_bytes(523)); - let _ = new_msg.sha3_encrypt(&pw1, D512); + new_msg.sha3_encrypt(&pw1, D512); let msg2 = new_msg.msg.clone(); let res = new_msg.sha3_decrypt(&pw2); @@ -275,7 +275,7 @@ mod decryption_test { let key_pair1 = KeyPair::new(&get_random_bytes(32), "test key".to_string(), D512); let key_pair2 = KeyPair::new(&get_random_bytes(32), "test key".to_string(), D512); - let _ = new_msg.key_encrypt(&key_pair1.pub_key, D512); + new_msg.key_encrypt(&key_pair1.pub_key, D512); let new_msg2 = new_msg.msg.clone(); let res = new_msg.key_decrypt(&key_pair2.priv_key);