diff --git a/Cargo.lock b/Cargo.lock index 878915d6..02b1bb03 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1093,82 +1093,6 @@ dependencies = [ "foldhash", ] -[[package]] -name = "hax-lib" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd2dddf00d9120e8ff07ec0411cd48f6f419782b53c109d3984b6bf94345c822" -dependencies = [ - "hax-lib-macros 0.1.0", - "num-bigint", - "num-traits", -] - -[[package]] -name = "hax-lib" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61933dbb676f11311378720e1ee97a511813edb7044255381ba0d625cac6be7b" -dependencies = [ - "hax-lib-macros 0.2.0", - "num-bigint", - "num-traits", -] - -[[package]] -name = "hax-lib-macros" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "013ec0c6e58481b11658007e794ee09be35b97ef02c92102b9a5c01afd43a82f" -dependencies = [ - "hax-lib-macros-types 0.1.0", - "paste", - "proc-macro-error", - "proc-macro2", - "quote", - "syn 2.0.98", -] - -[[package]] -name = "hax-lib-macros" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ba3a8d32921c3f535e973f72053d20bc8c7f74028911a269748440952157807" -dependencies = [ - "hax-lib-macros-types 0.2.0", - "paste", - "proc-macro-error", - "proc-macro2", - "quote", - "syn 2.0.98", -] - -[[package]] -name = "hax-lib-macros-types" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01e897f0a73b06263b106327db34e77b8df37a9a94a3fba759ee7c9b69493396" -dependencies = [ - "proc-macro2", - "quote", - "serde", - "serde_json", - "uuid", -] - -[[package]] -name = "hax-lib-macros-types" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5a22f64cb35f8363892df6285e7edbe96885cd660d85bfd6765c95886647b77" -dependencies = [ - "proc-macro2", - "quote", - "serde", - "serde_json", - "uuid", -] - [[package]] name = "heapless" version = "0.7.17" @@ -1375,26 +1299,6 @@ dependencies = [ "rand 0.8.5", ] -[[package]] -name = "libcrux-blake2" -version = "0.0.3-pre" -source = "git+https://github.com/cryspen/libcrux.git?rev=10ce653e9476#10ce653e94761352b657b6cecdcc0c85675813df" -dependencies = [ - "libcrux-hacl-rs", - "libcrux-macros 0.0.2", -] - -[[package]] -name = "libcrux-chacha20poly1305" -version = "0.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78d522fb626847390ea4b776c7eca179ecec363c6c4730b61b0c0feb797b8d92" -dependencies = [ - "libcrux-hacl-rs", - "libcrux-macros 0.0.2", - "libcrux-poly1305", -] - [[package]] name = "libcrux-hacl" version = "0.0.2-pre.2" @@ -1405,34 +1309,6 @@ dependencies = [ "libcrux-platform", ] -[[package]] -name = "libcrux-hacl-rs" -version = "0.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8bba0885296a72555a5d77056c39cc9b04edd9ab1afa3025ef3dbd96220705c" -dependencies = [ - "libcrux-macros 0.0.2", -] - -[[package]] -name = "libcrux-intrinsics" -version = "0.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4f764ef781467a75b92f4df575911f1cdcf77a7beb316d8054a233fed53a7ab" -dependencies = [ - "hax-lib 0.2.0", -] - -[[package]] -name = "libcrux-macros" -version = "0.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3021bc24fb679408d4d7175e21cf808f49816c599733ebf4a97e5bd39c3ce7c0" -dependencies = [ - "quote", - "syn 2.0.98", -] - [[package]] name = "libcrux-macros" version = "0.0.3" @@ -1442,19 +1318,6 @@ dependencies = [ "syn 2.0.98", ] -[[package]] -name = "libcrux-ml-kem" -version = "0.0.2-beta.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89cbf9aad4ad38d53cfdd7ffe9041cc4cf516c8c5a6f9c1a7bb8136a82b7b6d6" -dependencies = [ - "hax-lib 0.1.0", - "libcrux-intrinsics", - "libcrux-platform", - "libcrux-sha3", - "rand 0.9.0", -] - [[package]] name = "libcrux-platform" version = "0.0.2-pre.2" @@ -1464,33 +1327,12 @@ dependencies = [ "libc", ] -[[package]] -name = "libcrux-poly1305" -version = "0.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80143d78ae14ab51ceb2c8a9514fb60af6645d42a9c951bc511792c19c974fca" -dependencies = [ - "libcrux-hacl-rs", - "libcrux-macros 0.0.2", -] - -[[package]] -name = "libcrux-sha3" -version = "0.0.2-beta.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6afd802f5c7862be77f1f320df6c0fea0f09a78ca94e79df26625c60d2d96de7" -dependencies = [ - "hax-lib 0.1.0", - "libcrux-intrinsics", - "libcrux-platform", -] - [[package]] name = "libcrux-test-utils" version = "0.0.2" source = "git+https://github.com/cryspen/libcrux.git?rev=0ab6d2dd9c1f#0ab6d2dd9c1f39c82b1125a566d6befb38feea28" dependencies = [ - "libcrux-macros 0.0.3", + "libcrux-macros", ] [[package]] @@ -1764,25 +1606,6 @@ dependencies = [ "minimal-lexical", ] -[[package]] -name = "num-bigint" -version = "0.4.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" -dependencies = [ - "num-integer", - "num-traits", -] - -[[package]] -name = "num-integer" -version = "0.1.46" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" -dependencies = [ - "num-traits", -] - [[package]] name = "num-traits" version = "0.2.19" @@ -1952,7 +1775,7 @@ version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" dependencies = [ - "zerocopy 0.7.35", + "zerocopy", ] [[package]] @@ -1965,30 +1788,6 @@ dependencies = [ "syn 2.0.98", ] -[[package]] -name = "proc-macro-error" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" -dependencies = [ - "proc-macro-error-attr", - "proc-macro2", - "quote", - "syn 1.0.109", - "version_check", -] - -[[package]] -name = "proc-macro-error-attr" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" -dependencies = [ - "proc-macro2", - "quote", - "version_check", -] - [[package]] name = "proc-macro2" version = "1.0.93" @@ -2044,21 +1843,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", - "rand_chacha 0.3.1", + "rand_chacha", "rand_core 0.6.4", ] -[[package]] -name = "rand" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94" -dependencies = [ - "rand_chacha 0.9.0", - "rand_core 0.9.3", - "zerocopy 0.8.24", -] - [[package]] name = "rand" version = "0.10.1" @@ -2080,16 +1868,6 @@ dependencies = [ "rand_core 0.6.4", ] -[[package]] -name = "rand_chacha" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" -dependencies = [ - "ppv-lite86", - "rand_core 0.9.3", -] - [[package]] name = "rand_core" version = "0.6.4" @@ -2099,15 +1877,6 @@ dependencies = [ "getrandom 0.2.15", ] -[[package]] -name = "rand_core" -version = "0.9.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" -dependencies = [ - "getrandom 0.3.1", -] - [[package]] name = "rand_core" version = "0.10.1" @@ -2223,7 +1992,7 @@ dependencies = [ "thiserror 2.0.11", "toml", "uds", - "zerocopy 0.7.35", + "zerocopy", "zeroize", ] @@ -2247,9 +2016,6 @@ dependencies = [ "chacha20poly1305", "criterion", "libcrux", - "libcrux-blake2", - "libcrux-chacha20poly1305", - "libcrux-ml-kem", "rand 0.10.1", "rosenpass-cipher-traits", "rosenpass-constant-time", @@ -2375,7 +2141,7 @@ dependencies = [ "tokio", "typenum", "uds", - "zerocopy 0.7.35", + "zerocopy", "zeroize", ] @@ -2400,7 +2166,7 @@ dependencies = [ "thiserror 2.0.11", "tokio", "wireguard-uapi", - "zerocopy 0.7.35", + "zerocopy", ] [[package]] @@ -3560,16 +3326,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ "byteorder", - "zerocopy-derive 0.7.35", -] - -[[package]] -name = "zerocopy" -version = "0.8.24" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2586fea28e186957ef732a5f8b3be2da217d65c5969d4b1e17f973ebbe876879" -dependencies = [ - "zerocopy-derive 0.8.24", + "zerocopy-derive", ] [[package]] @@ -3583,17 +3340,6 @@ dependencies = [ "syn 2.0.98", ] -[[package]] -name = "zerocopy-derive" -version = "0.8.24" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a996a8f63c5c4448cd959ac1bab0aaa3306ccfd060472f85943ee0750f0169be" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.98", -] - [[package]] name = "zeroize" version = "1.8.1" diff --git a/Cargo.toml b/Cargo.toml index 5e15aa16..b2c67b19 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -72,9 +72,6 @@ derive_builder = "0.20.1" tokio = { version = "1.46", features = ["macros", "rt-multi-thread"] } postcard = { version = "1.1.1", features = ["alloc"] } libcrux = { version = "0.0.2-pre.2" } -libcrux-chacha20poly1305 = { version = "0.0.2-beta.3" } -libcrux-ml-kem = { version = "0.0.2-beta.3" } -libcrux-blake2 = { git = "https://github.com/cryspen/libcrux.git", rev = "10ce653e9476" } libcrux-test-utils = { git = "https://github.com/cryspen/libcrux.git", rev = "0ab6d2dd9c1f" } hex-literal = { version = "0.4.1" } hex = { version = "0.4.3" } diff --git a/ciphers/Cargo.toml b/ciphers/Cargo.toml index ee6f1585..4c76b489 100644 --- a/ciphers/Cargo.toml +++ b/ciphers/Cargo.toml @@ -11,34 +11,7 @@ readme = "readme.md" rust-version = "1.85.0" [features] -# whether the types should be defined -experiment_libcrux_define_blake2 = ["dep:libcrux-blake2", "dep:thiserror"] -experiment_libcrux_define_kyber = ["dep:libcrux-ml-kem", "dep:rand"] -experiment_libcrux_define_chachapoly = ["dep:libcrux-chacha20poly1305"] - -# whether the types should be used by default -experiment_libcrux_blake2 = ["experiment_libcrux_define_blake2"] -experiment_libcrux_kyber = ["experiment_libcrux_define_kyber"] -experiment_libcrux_chachapoly = ["experiment_libcrux_define_chachapoly"] -experiment_libcrux_chachapoly_test = [ - "experiment_libcrux_define_chachapoly", - "dep:libcrux", -] - -# shorthands -experiment_libcrux_define_all = [ - "experiment_libcrux_define_blake2", - "experiment_libcrux_define_chachapoly", - "experiment_libcrux_define_kyber", -] -experiment_libcrux_all = [ - "experiment_libcrux_blake2", - "experiment_libcrux_chachapoly", - "experiment_libcrux_chachapoly_test", - "experiment_libcrux_kyber", -] - -bench = ["experiment_libcrux_define_all"] +bench = ["dep:libcrux"] [[bench]] name = "primitives" @@ -61,11 +34,7 @@ sha3 = { workspace = true } rand = { workspace = true, optional = true } thiserror = { workspace = true, optional = true } -libcrux-chacha20poly1305 = { workspace = true, optional = true } -libcrux-blake2 = { workspace = true, optional = true } -libcrux-ml-kem = { workspace = true, optional = true, features = ["kyber"] } - -# this one is only used in testing, so it requires the `experiment_libcrux_chachapoly_test` feature. +# this one is only used in testing, so it requires the `bench` feature. libcrux = { workspace = true, optional = true } [dev-dependencies] diff --git a/ciphers/benches/primitives.rs b/ciphers/benches/primitives.rs index 7723e375..74e79812 100644 --- a/ciphers/benches/primitives.rs +++ b/ciphers/benches/primitives.rs @@ -34,12 +34,7 @@ impl std::fmt::Display for KvPairs<'_> { } mod kem { - criterion::criterion_group!( - benches, - bench_kyber512_libcrux, - bench_kyber512_oqs, - bench_classicmceliece460896_oqs - ); + criterion::criterion_group!(benches, bench_kyber512_oqs, bench_classicmceliece460896_oqs); use criterion::Criterion; @@ -52,15 +47,6 @@ mod kem { ); } - fn bench_kyber512_libcrux(c: &mut Criterion) { - template( - c, - "kyber512", - "libcrux", - rosenpass_ciphers::subtle::libcrux::kyber512::Kyber512, - ); - } - fn bench_kyber512_oqs(c: &mut Criterion) { template(c, "kyber512", "oqs", rosenpass_oqs::Kyber512); } @@ -131,7 +117,6 @@ mod kem { mod aead { criterion::criterion_group!( benches, - bench_chachapoly_libcrux, bench_chachapoly_rustcrypto, bench_xchachapoly_rustcrypto, ); @@ -159,15 +144,6 @@ mod aead { ); } - fn bench_chachapoly_libcrux(c: &mut Criterion) { - template( - c, - "chacha20poly1305", - "libcrux", - rosenpass_ciphers::subtle::libcrux::chacha20poly1305_ietf::ChaCha20Poly1305, - ); - } - use rosenpass_cipher_traits::primitives::Aead; fn template>( @@ -277,12 +253,7 @@ mod aead { } mod keyed_hash { - criterion::criterion_group!( - benches, - bench_blake2b_rustcrypto, - bench_blake2b_libcrux, - bench_shake256_rustcrypto, - ); + criterion::criterion_group!(benches, bench_blake2b_rustcrypto, bench_shake256_rustcrypto,); const KEY_LEN: usize = 32; const HASH_LEN: usize = 32; @@ -307,15 +278,6 @@ mod keyed_hash { ); } - fn bench_blake2b_libcrux(c: &mut Criterion) { - template( - c, - "blake2b", - "libcrux", - &rosenpass_ciphers::subtle::libcrux::blake2b::Blake2b, - ); - } - use rosenpass_cipher_traits::primitives::KeyedHash; fn template>( diff --git a/ciphers/src/lib.rs b/ciphers/src/lib.rs index 392f0f4e..3217a546 100644 --- a/ciphers/src/lib.rs +++ b/ciphers/src/lib.rs @@ -18,12 +18,6 @@ pub use crate::subtle::keyed_hash::KeyedHash; /// Authenticated encryption with associated data (AEAD) /// Chacha20poly1305 is used. -#[cfg(feature = "experiment_libcrux_chachapoly")] -pub use subtle::libcrux::chacha20poly1305_ietf::ChaCha20Poly1305 as Aead; - -/// Authenticated encryption with associated data (AEAD) -/// Chacha20poly1305 is used. -#[cfg(not(feature = "experiment_libcrux_chachapoly"))] pub use crate::subtle::rust_crypto::chacha20poly1305_ietf::ChaCha20Poly1305 as Aead; /// Authenticated encryption with associated data with a extended-length nonce (XAEAD) @@ -38,9 +32,6 @@ pub use rosenpass_oqs::ClassicMceliece460896 as StaticKem; /// Use Kyber-512 as the Static KEM /// /// See [rosenpass_oqs::Kyber512] for more details. -#[cfg(not(feature = "experiment_libcrux_kyber"))] pub use rosenpass_oqs::Kyber512 as EphemeralKem; -#[cfg(feature = "experiment_libcrux_kyber")] -pub use subtle::libcrux::kyber512::Kyber512 as EphemeralKem; pub mod hash_domain; diff --git a/ciphers/src/subtle/custom/incorrect_hmac_blake2b.rs b/ciphers/src/subtle/custom/incorrect_hmac_blake2b.rs index 4c369f02..1389c7a1 100644 --- a/ciphers/src/subtle/custom/incorrect_hmac_blake2b.rs +++ b/ciphers/src/subtle/custom/incorrect_hmac_blake2b.rs @@ -6,14 +6,9 @@ use rosenpass_constant_time::xor; use rosenpass_to::{To, ops::copy_slice}; use zeroize::Zeroizing; -#[cfg(not(feature = "experiment_libcrux_blake2"))] use crate::subtle::rust_crypto::blake2b::Blake2b; -#[cfg(not(feature = "experiment_libcrux_blake2"))] use anyhow::Error; -#[cfg(feature = "experiment_libcrux_blake2")] -use crate::subtle::libcrux::blake2b::{Blake2b, Error}; - /// The key length, 32 bytes or 256 bits. pub const KEY_LEN: usize = 32; diff --git a/ciphers/src/subtle/libcrux/blake2b.rs b/ciphers/src/subtle/libcrux/blake2b.rs deleted file mode 100644 index bb2790b9..00000000 --- a/ciphers/src/subtle/libcrux/blake2b.rs +++ /dev/null @@ -1,88 +0,0 @@ -//! Implementation of the [`KeyedHashBlake2b`] trait based on the [`libcrux_blake2`] crate. - -use libcrux_blake2::Blake2bBuilder; - -use rosenpass_cipher_traits::algorithms::KeyedHashBlake2b; -use rosenpass_cipher_traits::primitives::KeyedHash; - -pub use rosenpass_cipher_traits::algorithms::keyed_hash_blake2b::HASH_LEN; -pub use rosenpass_cipher_traits::algorithms::keyed_hash_blake2b::KEY_LEN; - -/// Describles which error occurred -#[derive(Debug, thiserror::Error)] -pub enum Error { - /// An unexpected internal error occurred. Should never be returned and points to a bug in the - /// implementation. - #[error("internal error")] - InternalError, - - /// Indicates that the provided data was too long. - #[error("data is too long")] - DataTooLong, -} - -/// Hasher for the given `data` with the Blake2b hash function. -pub struct Blake2b; - -impl KeyedHash for Blake2b { - type Error = Error; - - fn keyed_hash( - key: &[u8; KEY_LEN], - data: &[u8], - out: &mut [u8; HASH_LEN], - ) -> Result<(), Self::Error> { - let mut h = Blake2bBuilder::new_keyed_const(key) - // this may fail if the key length is invalid, but 32 is fine - .map_err(|_| Error::InternalError)? - .build_const_digest_len() - .map_err(|_| - // this can only fail if the output length is invalid, but 32 is fine. - Error::InternalError)?; - - h.update(data).map_err(|_| Error::DataTooLong)?; - h.finalize(out); - - Ok(()) - } -} - -impl KeyedHashBlake2b for Blake2b {} - -#[cfg(test)] -mod equivalence_tests { - use super::*; - use rand::Rng; - - #[test] - fn fuzz_equivalence_libcrux_old_new() { - let datas: [&[u8]; 3] = [ - b"".as_slice(), - b"test".as_slice(), - b"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd", - ]; - - let mut key = [0; KEY_LEN]; - let mut rng = rand::rng(); - - let mut hash_left = [0; 32]; - let mut hash_right = [0; 32]; - - for data in datas { - for _ in 0..1000 { - rng.fill_bytes(&mut key); - - crate::subtle::rust_crypto::blake2b::Blake2b::keyed_hash( - &key, - data, - &mut hash_left, - ) - .unwrap(); - crate::subtle::libcrux::blake2b::Blake2b::keyed_hash(&key, data, &mut hash_right) - .unwrap(); - - assert_eq!(hash_left, hash_right); - } - } - } -} diff --git a/ciphers/src/subtle/libcrux/chacha20poly1305_ietf.rs b/ciphers/src/subtle/libcrux/chacha20poly1305_ietf.rs deleted file mode 100644 index 539ae185..00000000 --- a/ciphers/src/subtle/libcrux/chacha20poly1305_ietf.rs +++ /dev/null @@ -1,274 +0,0 @@ -//! Implementation of the [`AeadChaCha20Poly1305`] trait based on the [`libcrux_chacha20poly1305`] crate. - -use rosenpass_cipher_traits::algorithms::AeadChaCha20Poly1305; -use rosenpass_cipher_traits::primitives::{Aead, AeadError}; - -pub use rosenpass_cipher_traits::algorithms::aead_chacha20poly1305::{KEY_LEN, NONCE_LEN, TAG_LEN}; - -/// An implementation of the ChaCha20Poly1305 AEAD based on libcrux -pub struct ChaCha20Poly1305; - -impl Aead for ChaCha20Poly1305 { - fn encrypt( - &self, - ciphertext: &mut [u8], - key: &[u8; KEY_LEN], - nonce: &[u8; NONCE_LEN], - ad: &[u8], - plaintext: &[u8], - ) -> Result<(), AeadError> { - let (ctxt, tag) = libcrux_chacha20poly1305::encrypt(key, plaintext, ciphertext, ad, nonce) - .map_err(|_| AeadError::InternalError)?; - - // return an error of the destination buffer is longer than expected - // because the caller wouldn't know where the end is - if ctxt.len() + tag.len() != ciphertext.len() { - return Err(AeadError::InternalError); - } - - Ok(()) - } - - fn decrypt( - &self, - plaintext: &mut [u8], - key: &[u8; KEY_LEN], - nonce: &[u8; NONCE_LEN], - ad: &[u8], - ciphertext: &[u8], - ) -> Result<(), AeadError> { - let ptxt = libcrux_chacha20poly1305::decrypt(key, plaintext, ciphertext, ad, nonce) - .map_err(|_| AeadError::DecryptError)?; - - // return an error of the destination buffer is longer than expected - // because the caller wouldn't know where the end is - if ptxt.len() != plaintext.len() { - return Err(AeadError::DecryptError); - } - - Ok(()) - } -} - -impl AeadChaCha20Poly1305 for ChaCha20Poly1305 {} - -/// The idea of these tests is to check that the above implemenatation behaves, by and large, the -/// same as the one from the old libcrux and the one from RustCrypto. You can consider them janky, -/// self-rolled property-based tests. -#[cfg(test)] -mod equivalence_tests { - use super::*; - use rand::Rng; - - #[test] - fn proptest_equivalence_libcrux_rustcrypto() { - use crate::subtle::rust_crypto::chacha20poly1305_ietf::ChaCha20Poly1305 as RustCryptoChaCha20Poly1305; - let ptxts: [&[u8]; 3] = [ - b"".as_slice(), - b"test".as_slice(), - b"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd", - ]; - let mut key = [0; KEY_LEN]; - let mut rng = rand::rng(); - - let mut ctxt_left = [0; 64 + TAG_LEN]; - let mut ctxt_right = [0; 64 + TAG_LEN]; - - let mut ptxt_left = [0; 64]; - let mut ptxt_right = [0; 64]; - - let nonce = [0; NONCE_LEN]; - let ad = b""; - - for ptxt in ptxts { - for _ in 0..1000 { - rng.fill_bytes(&mut key); - let ctxt_left = &mut ctxt_left[..ptxt.len() + TAG_LEN]; - let ctxt_right = &mut ctxt_right[..ptxt.len() + TAG_LEN]; - - let ptxt_left = &mut ptxt_left[..ptxt.len()]; - let ptxt_right = &mut ptxt_right[..ptxt.len()]; - - RustCryptoChaCha20Poly1305 - .encrypt(ctxt_left, &key, &nonce, ad, ptxt) - .unwrap(); - ChaCha20Poly1305 - .encrypt(ctxt_right, &key, &nonce, ad, ptxt) - .unwrap(); - - assert_eq!(ctxt_left, ctxt_right); - - RustCryptoChaCha20Poly1305 - .decrypt(ptxt_left, &key, &nonce, ad, ctxt_left) - .unwrap(); - ChaCha20Poly1305 - .decrypt(ptxt_right, &key, &nonce, ad, ctxt_right) - .unwrap(); - - assert_eq!(ptxt_left, ptxt); - assert_eq!(ptxt_right, ptxt); - } - } - } - - #[test] - #[cfg(feature = "experiment_libcrux_chachapoly_test")] - fn proptest_equivalence_libcrux_old_new() { - let ptxts: [&[u8]; 3] = [ - b"".as_slice(), - b"test".as_slice(), - b"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd", - ]; - let mut key = [0; KEY_LEN]; - let mut rng = rand::rng(); - - let mut ctxt_left = [0; 64 + TAG_LEN]; - let mut ctxt_right = [0; 64 + TAG_LEN]; - - let mut ptxt_left = [0; 64]; - let mut ptxt_right = [0; 64]; - - let nonce = [0; NONCE_LEN]; - let ad = b""; - - for ptxt in ptxts { - for _ in 0..1000 { - rng.fill_bytes(&mut key); - let ctxt_left = &mut ctxt_left[..ptxt.len() + TAG_LEN]; - let ctxt_right = &mut ctxt_right[..ptxt.len() + TAG_LEN]; - - let ptxt_left = &mut ptxt_left[..ptxt.len()]; - let ptxt_right = &mut ptxt_right[..ptxt.len()]; - - encrypt(ctxt_left, &key, &nonce, ad, ptxt).unwrap(); - ChaCha20Poly1305 - .encrypt(ctxt_right, &key, &nonce, ad, ptxt) - .unwrap(); - - assert_eq!(ctxt_left, ctxt_right); - - decrypt(ptxt_left, &key, &nonce, ad, ctxt_left).unwrap(); - ChaCha20Poly1305 - .decrypt(ptxt_right, &key, &nonce, ad, ctxt_right) - .unwrap(); - - assert_eq!(ptxt_left, ptxt); - assert_eq!(ptxt_right, ptxt); - } - } - - // The old libcrux functions: - - // The functions below are from the old libcrux backend. I am keeping them around so we can - // check if they behave the same. - use rosenpass_to::To; - use rosenpass_to::ops::copy_slice; - use zeroize::Zeroize; - - /// Encrypts using ChaCha20Poly1305 as implemented in [libcrux](https://github.com/cryspen/libcrux). - /// Key and nonce MUST be chosen (pseudo-)randomly. The `key` slice MUST have a length of - /// [KEY_LEN]. The `nonce` slice MUST have a length of [NONCE_LEN]. The last [TAG_LEN] bytes - /// written in `ciphertext` are the tag guaranteeing integrity. `ciphertext` MUST have a capacity of - /// `plaintext.len()` + [TAG_LEN]. - /// - /// # Examples - ///```rust - /// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf_libcrux::{encrypt, TAG_LEN, KEY_LEN, NONCE_LEN}; - /// - /// const PLAINTEXT_LEN: usize = 43; - /// let plaintext = "post-quantum cryptography is very important".as_bytes(); - /// assert_eq!(PLAINTEXT_LEN, plaintext.len()); - /// let key: &[u8] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY - /// let nonce: &[u8] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE - /// let additional_data: &[u8] = "the encrypted message is very important".as_bytes(); - /// let mut ciphertext_buffer = [0u8; PLAINTEXT_LEN + TAG_LEN]; - /// - /// let res: anyhow::Result<()> = encrypt(&mut ciphertext_buffer, key, nonce, additional_data, plaintext); - /// assert!(res.is_ok()); - /// # let expected_ciphertext: &[u8] = &[239, 104, 148, 202, 120, 32, 77, 27, 246, 206, 226, 17, - /// # 83, 78, 122, 116, 187, 123, 70, 199, 58, 130, 21, 1, 107, 230, 58, 77, 18, 152, 31, 159, 80, - /// # 151, 72, 27, 236, 137, 60, 55, 180, 31, 71, 97, 199, 12, 60, 155, 70, 221, 225, 110, 132, 191, - /// # 8, 114, 85, 4, 25]; - /// # assert_eq!(expected_ciphertext, &ciphertext_buffer); - ///``` - /// - #[inline] - pub fn encrypt( - ciphertext: &mut [u8], - key: &[u8], - nonce: &[u8], - ad: &[u8], - plaintext: &[u8], - ) -> anyhow::Result<()> { - let (ciphertext, mac) = ciphertext.split_at_mut(ciphertext.len() - TAG_LEN); - - use libcrux::aead as C; - let crux_key = C::Key::Chacha20Poly1305(C::Chacha20Key(key.try_into().unwrap())); - let crux_iv = C::Iv(nonce.try_into().unwrap()); - - copy_slice(plaintext).to(ciphertext); - let crux_tag = libcrux::aead::encrypt(&crux_key, ciphertext, crux_iv, ad).unwrap(); - copy_slice(crux_tag.as_ref()).to(mac); - - match crux_key { - C::Key::Chacha20Poly1305(mut k) => k.0.zeroize(), - _ => panic!(), - } - - Ok(()) - } - - /// Decrypts a `ciphertext` and verifies the integrity of the `ciphertext` and the additional data - /// `ad`. using ChaCha20Poly1305 as implemented in [libcrux](https://github.com/cryspen/libcrux). - /// - /// The `key` slice MUST have a length of [KEY_LEN]. The `nonce` slice MUST have a length of - /// [NONCE_LEN]. The plaintext buffer must have a capacity of `ciphertext.len()` - [TAG_LEN]. - /// - /// # Examples - ///```rust - /// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf_libcrux::{decrypt, TAG_LEN, KEY_LEN, NONCE_LEN}; - /// let ciphertext: &[u8] = &[239, 104, 148, 202, 120, 32, 77, 27, 246, 206, 226, 17, - /// 83, 78, 122, 116, 187, 123, 70, 199, 58, 130, 21, 1, 107, 230, 58, 77, 18, 152, 31, 159, 80, - /// 151, 72, 27, 236, 137, 60, 55, 180, 31, 71, 97, 199, 12, 60, 155, 70, 221, 225, 110, 132, 191, - /// 8, 114, 85, 4, 25]; // this is the ciphertext generated by the example for the encryption - /// const PLAINTEXT_LEN: usize = 43; - /// assert_eq!(PLAINTEXT_LEN + TAG_LEN, ciphertext.len()); - /// - /// let key: &[u8] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY - /// let nonce: &[u8] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE - /// let additional_data: &[u8] = "the encrypted message is very important".as_bytes(); - /// let mut plaintext_buffer = [0u8; PLAINTEXT_LEN]; - /// - /// let res: anyhow::Result<()> = decrypt(&mut plaintext_buffer, key, nonce, additional_data, ciphertext); - /// assert!(res.is_ok()); - /// let expected_plaintext = "post-quantum cryptography is very important".as_bytes(); - /// assert_eq!(expected_plaintext, plaintext_buffer); - /// - ///``` - #[inline] - pub fn decrypt( - plaintext: &mut [u8], - key: &[u8], - nonce: &[u8], - ad: &[u8], - ciphertext: &[u8], - ) -> anyhow::Result<()> { - let (ciphertext, mac) = ciphertext.split_at(ciphertext.len() - TAG_LEN); - - use libcrux::aead as C; - let crux_key = C::Key::Chacha20Poly1305(C::Chacha20Key(key.try_into().unwrap())); - let crux_iv = C::Iv(nonce.try_into().unwrap()); - let crux_tag = C::Tag::from_slice(mac).unwrap(); - - copy_slice(ciphertext).to(plaintext); - libcrux::aead::decrypt(&crux_key, plaintext, crux_iv, ad, &crux_tag).unwrap(); - - match crux_key { - C::Key::Chacha20Poly1305(mut k) => k.0.zeroize(), - _ => panic!(), - } - - Ok(()) - } - } -} diff --git a/ciphers/src/subtle/libcrux/kyber512.rs b/ciphers/src/subtle/libcrux/kyber512.rs deleted file mode 100644 index b1573541..00000000 --- a/ciphers/src/subtle/libcrux/kyber512.rs +++ /dev/null @@ -1,133 +0,0 @@ -//! Implementation of the [`KemKyber512`] trait based on the [`libcrux_ml_kem`] crate. - -use libcrux_ml_kem::kyber512; -use rand::Rng; - -use rosenpass_cipher_traits::algorithms::KemKyber512; -use rosenpass_cipher_traits::primitives::{Kem, KemError}; - -pub use rosenpass_cipher_traits::algorithms::kem_kyber512::{CT_LEN, PK_LEN, SHK_LEN, SK_LEN}; - -/// An implementation of the Kyber512 KEM based on libcrux -pub struct Kyber512; - -impl Kem for Kyber512 { - fn keygen(&self, sk: &mut [u8; SK_LEN], pk: &mut [u8; PK_LEN]) -> Result<(), KemError> { - let mut randomness = [0u8; libcrux_ml_kem::KEY_GENERATION_SEED_SIZE]; - rand::rng().fill_bytes(&mut randomness); - - let key_pair = kyber512::generate_key_pair(randomness); - - let new_sk: &[u8; SK_LEN] = key_pair.sk(); - let new_pk: &[u8; PK_LEN] = key_pair.pk(); - - sk.clone_from_slice(new_sk); - pk.clone_from_slice(new_pk); - - Ok(()) - } - - fn encaps( - &self, - shk: &mut [u8; SHK_LEN], - ct: &mut [u8; CT_LEN], - pk: &[u8; PK_LEN], - ) -> Result<(), KemError> { - let mut randomness = [0u8; libcrux_ml_kem::SHARED_SECRET_SIZE]; - rand::rng().fill_bytes(&mut randomness); - - let (new_ct, new_shk) = kyber512::encapsulate(&pk.into(), randomness); - let new_ct: &[u8; CT_LEN] = new_ct.as_slice(); - - shk.clone_from_slice(&new_shk); - ct.clone_from_slice(new_ct); - - Ok(()) - } - - fn decaps( - &self, - shk: &mut [u8; SHK_LEN], - sk: &[u8; SK_LEN], - ct: &[u8; CT_LEN], - ) -> Result<(), KemError> { - let new_shk: [u8; SHK_LEN] = kyber512::decapsulate(&sk.into(), &ct.into()); - shk.clone_from(&new_shk); - Ok(()) - } -} - -impl Default for Kyber512 { - fn default() -> Self { - Self - } -} - -impl KemKyber512 for Kyber512 {} - -#[cfg(test)] -mod equivalence_tests { - use super::*; - - // Test that libcrux and OQS produce the same results - #[test] - fn proptest_equivalence_libcrux_oqs() { - use rosenpass_oqs::Kyber512 as OqsKyber512; - - let (mut sk1, mut pk1) = ([0; SK_LEN], [0; PK_LEN]); - let (mut sk2, mut pk2) = ([0; SK_LEN], [0; PK_LEN]); - - let mut ct_left = [0; CT_LEN]; - let mut ct_right = [0; CT_LEN]; - - let mut shk_enc_left = [0; SHK_LEN]; - let mut shk_enc_right = [0; SHK_LEN]; - - // naming schema: shk_dec_{encapsing lib}_{decapsing lib} - // should be the same if the encapsing lib was the same. - let mut shk_dec_left_left = [0; SHK_LEN]; - let mut shk_dec_left_right = [0; SHK_LEN]; - let mut shk_dec_right_left = [0; SHK_LEN]; - let mut shk_dec_right_right = [0; SHK_LEN]; - - for _ in 0..1000 { - let sk1 = &mut sk1; - let pk1 = &mut pk1; - let sk2 = &mut sk2; - let pk2 = &mut pk2; - - let ct_left = &mut ct_left; - let ct_right = &mut ct_right; - - let shk_enc_left = &mut shk_enc_left; - let shk_enc_right = &mut shk_enc_right; - - let shk_dec_left_left = &mut shk_dec_left_left; - let shk_dec_left_right = &mut shk_dec_left_right; - let shk_dec_right_left = &mut shk_dec_right_left; - let shk_dec_right_right = &mut shk_dec_right_right; - - Kyber512.keygen(sk1, pk1).unwrap(); - Kyber512.keygen(sk2, pk2).unwrap(); - - Kyber512.encaps(shk_enc_left, ct_left, pk2).unwrap(); - OqsKyber512.encaps(shk_enc_right, ct_right, pk2).unwrap(); - - Kyber512.decaps(shk_dec_left_left, sk2, ct_left).unwrap(); - Kyber512.decaps(shk_dec_right_left, sk2, ct_right).unwrap(); - - OqsKyber512 - .decaps(shk_dec_left_right, sk2, ct_left) - .unwrap(); - OqsKyber512 - .decaps(shk_dec_right_right, sk2, ct_right) - .unwrap(); - - assert_eq!(shk_enc_left, shk_dec_left_left); - assert_eq!(shk_enc_left, shk_dec_left_right); - - assert_eq!(shk_enc_right, shk_dec_right_left); - assert_eq!(shk_enc_right, shk_dec_right_right); - } - } -} diff --git a/ciphers/src/subtle/libcrux/mod.rs b/ciphers/src/subtle/libcrux/mod.rs deleted file mode 100644 index f481e535..00000000 --- a/ciphers/src/subtle/libcrux/mod.rs +++ /dev/null @@ -1,14 +0,0 @@ -//! Implementations backed by libcrux, a verified crypto library. -//! -//! [Website](https://cryspen.com/libcrux/) -//! -//! [Github](https://github.com/cryspen/libcrux) - -#[cfg(feature = "experiment_libcrux_define_blake2")] -pub mod blake2b; - -#[cfg(feature = "experiment_libcrux_define_chachapoly")] -pub mod chacha20poly1305_ietf; - -#[cfg(feature = "experiment_libcrux_define_kyber")] -pub mod kyber512; diff --git a/ciphers/src/subtle/mod.rs b/ciphers/src/subtle/mod.rs index 6d3083b2..9c968bd3 100644 --- a/ciphers/src/subtle/mod.rs +++ b/ciphers/src/subtle/mod.rs @@ -7,10 +7,3 @@ pub use rust_crypto::{blake2b, keyed_shake256}; pub mod custom; pub mod rust_crypto; - -#[cfg(any( - feature = "experiment_libcrux_define_blake2", - feature = "experiment_libcrux_define_chachapoly", - feature = "experiment_libcrux_define_kyber", -))] -pub mod libcrux; diff --git a/ciphers/src/subtle/rust_crypto/xchacha20poly1305_ietf.rs b/ciphers/src/subtle/rust_crypto/xchacha20poly1305_ietf.rs index 73d62360..929dd8b7 100644 --- a/ciphers/src/subtle/rust_crypto/xchacha20poly1305_ietf.rs +++ b/ciphers/src/subtle/rust_crypto/xchacha20poly1305_ietf.rs @@ -81,8 +81,7 @@ impl AeadXChaCha20Poly1305 for XChaCha20Poly1305 {} /// Encrypts using XChaCha20Poly1305 as implemented in [RustCrypto](https://github.com/RustCrypto/AEADs/tree/master/chacha20poly1305). /// `key` and `nonce` MUST be chosen (pseudo-)randomly. The `key` slice MUST have a length of /// [KEY_LEN]. The `nonce` slice MUST have a length of [NONCE_LEN]. -/// In contrast to [chacha20poly1305_ietf::encrypt](crate::subtle::chacha20poly1305_ietf::encrypt) and -/// [chacha20poly1305_ietf_libcrux::encrypt](crate::subtle::chacha20poly1305_ietf_libcrux::encrypt), +/// In contrast to [chacha20poly1305_ietf::encrypt](crate::subtle::chacha20poly1305_ietf::encrypt), /// `nonce` is also written into `ciphertext` and therefore ciphertext MUST have a length /// of at least [NONCE_LEN] + `plaintext.len()` + [TAG_LEN]. /// @@ -125,8 +124,7 @@ pub fn encrypt( /// The `key` slice MUST have a length of [KEY_LEN]. The `nonce` slice MUST have a length of /// [NONCE_LEN]. The plaintext buffer must have a capacity of `ciphertext.len()` - [TAG_LEN] - [NONCE_LEN]. /// -/// In contrast to [chacha20poly1305_ietf::decrypt](crate::subtle::chacha20poly1305_ietf::decrypt) and -/// [chacha20poly1305_ietf_libcrux::decrypt](crate::subtle::chacha20poly1305_ietf_libcrux::decrypt), +/// In contrast to [chacha20poly1305_ietf::decrypt](crate::subtle::chacha20poly1305_ietf::decrypt), /// `ciperhtext` MUST include the as it is not given otherwise. /// /// # Examples diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index 96038853..b5c68c22 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -6,7 +6,6 @@ edition = "2021" rust-version = "1.85.0" [features] -experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux_all"] [package.metadata] cargo-fuzz = true diff --git a/pkgs/rosenpass.nix b/pkgs/rosenpass.nix index 23935d59..027e8b0a 100644 --- a/pkgs/rosenpass.nix +++ b/pkgs/rosenpass.nix @@ -81,7 +81,6 @@ rustPlatform.buildRustPackage { outputHashes = { "memsec-0.6.3" = "sha256-4ri+IEqLd77cLcul3lZrmpDKj4cwuYJ8oPRAiQNGeLw="; "uds-0.4.2" = "sha256-qlxr/iJt2AV4WryePIvqm/8/MK/iqtzegztNliR93W8="; - "libcrux-blake2-0.0.3-pre" = "sha256-0CLjuzwJqGooiODOHf5D8Hc8ClcG/XcGvVGyOVnLmJY="; "libcrux-macros-0.0.3" = "sha256-Tb5uRirwhRhoFEK8uu1LvXl89h++40pxzZ+7kXe8RAI="; }; }; diff --git a/readme.md b/readme.md index 3fa802fb..d9a85154 100644 --- a/readme.md +++ b/readme.md @@ -106,10 +106,6 @@ benchmark of `rosenpass-ciphers`. Run the benchmarks and view their results usin cargo bench -p rosenpass-ciphers --bench primitives -F bench ``` -Note that the `bench` feature enables the inclusion of the libcrux-backed -trait implementations in the module tree, but does not enable them -as default. - ### Protocol Benchmarks The trace that is being written to lives in a new module diff --git a/rosenpass/Cargo.toml b/rosenpass/Cargo.toml index 8db621c8..6d085c69 100644 --- a/rosenpass/Cargo.toml +++ b/rosenpass/Cargo.toml @@ -99,12 +99,6 @@ serde_json = { workspace = true } [features] experiment_cookie_dos_mitigation = [] experiment_memfd_secret = ["rosenpass-wireguard-broker/experiment_memfd_secret"] -experiment_libcrux_all = ["rosenpass-ciphers/experiment_libcrux_all"] -experiment_libcrux_blake2 = ["rosenpass-ciphers/experiment_libcrux_blake2"] -experiment_libcrux_chachapoly = [ - "rosenpass-ciphers/experiment_libcrux_chachapoly", -] -experiment_libcrux_kyber = ["rosenpass-ciphers/experiment_libcrux_kyber"] experiment_api = [ "hex-literal", "uds", diff --git a/rp/Cargo.toml b/rp/Cargo.toml index 99ef5ad8..3bb503e5 100644 --- a/rp/Cargo.toml +++ b/rp/Cargo.toml @@ -49,4 +49,3 @@ stacker = { workspace = true } [features] experiment_memfd_secret = [] -experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux_all"] diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 5239fb19..85900e34 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -373,46 +373,6 @@ criteria = "safe-to-deploy" version = "0.2.174" criteria = "safe-to-deploy" -[[exemptions.libcrux]] -version = "0.0.2-pre.2" -criteria = "safe-to-deploy" - -[[exemptions.libcrux-chacha20poly1305]] -version = "0.0.2" -criteria = "safe-to-deploy" - -[[exemptions.libcrux-hacl]] -version = "0.0.2-pre.2" -criteria = "safe-to-deploy" - -[[exemptions.libcrux-hacl-rs]] -version = "0.0.2" -criteria = "safe-to-deploy" - -[[exemptions.libcrux-intrinsics]] -version = "0.0.2" -criteria = "safe-to-deploy" - -[[exemptions.libcrux-macros]] -version = "0.0.2" -criteria = "safe-to-deploy" - -[[exemptions.libcrux-ml-kem]] -version = "0.0.2-beta.3" -criteria = "safe-to-deploy" - -[[exemptions.libcrux-platform]] -version = "0.0.2-pre.2" -criteria = "safe-to-deploy" - -[[exemptions.libcrux-poly1305]] -version = "0.0.2" -criteria = "safe-to-deploy" - -[[exemptions.libcrux-sha3]] -version = "0.0.2-beta.3" -criteria = "safe-to-deploy" - [[exemptions.libfuzzer-sys]] version = "0.4.10" criteria = "safe-to-deploy"