Sachy's crypto scheme lmao #13

+25 -22

5 changed files

Interdiff #15 → #16

expand all

Cargo.lock

Cargo.toml

sachy-crypto

Cargo.toml

README.md

src

lib.rs

Cargo.lock

This file has not been changed.

Cargo.toml

This file has not been changed.

sachy-crypto/Cargo.toml

This file has not been changed.

sachy-crypto/README.md

This file has not been changed.

+25 -22

sachy-crypto/src/lib.rs

··· 234 234 #[repr(align(4))] 235 235 pub struct TransportState { 236 236 aead: ChaCha20Poly1305, 237 - client: aead::Nonce<ChaCha20Poly1305>, 238 - server: aead::Nonce<ChaCha20Poly1305>, 237 + first: aead::Nonce<ChaCha20Poly1305>, 238 + second: aead::Nonce<ChaCha20Poly1305>, 239 239 role: Role, 240 240 } 241 241 ··· 250 250 251 251 let mut key = [0u8; 32]; 252 252 253 - let mut client = aead::Nonce::<ChaCha20Poly1305>::default(); 254 - let mut server = aead::Nonce::<ChaCha20Poly1305>::default(); 253 + let mut first = aead::Nonce::<ChaCha20Poly1305>::default(); 254 + let mut second = aead::Nonce::<ChaCha20Poly1305>::default(); 255 255 256 256 kdf.expand(b"SachY-Crypt0", &mut key) 257 257 .map_err(|_| ProtoError)?; 258 258 259 - kdf.expand(b"Client", &mut client).map_err(|_| ProtoError)?; 260 - kdf.expand(b"Server", &mut server).map_err(|_| ProtoError)?; 259 + kdf.expand(b"N*nceOne", &mut first).map_err(|_| ProtoError)?; 260 + kdf.expand(b"N#nceTwo", &mut second).map_err(|_| ProtoError)?; 261 261 262 262 Ok(Self { 263 263 aead: ChaCha20Poly1305::new(&key.into()), 264 - client, 265 - server, 264 + first, 265 + second, 266 266 role, 267 267 }) 268 268 } ··· 283 283 fn mix_nonce(&self, position: &[u8; 8], send: Role) -> aead::Nonce<ChaCha20Poly1305> { 284 284 let mut trump = aead::Nonce::<ChaCha20Poly1305>::default(); 285 285 286 - let switch = self.role ^ send; 286 + let context_select = self.role ^ send; 287 287 288 288 // Role switch allows toggling which nonce to use for encrypting/decrypting 289 - // Callee ROLE XOR Transport ROLE selects either same or other nonce context, 290 - // SAME (0) for sending, OTHER (1) for receiving 291 - // Sending: Client ^ Client = 0 (select client) 292 - // Receiving: Server ^ Server = 0 (select client) 293 - // Sending: Server ^ Client = 1 (select server) 294 - // Receiving: Client ^ Server = 1 (select server) 295 - let epstein = if switch.ct_eq(&0).into() { 296 - &self.client 289 + // Callee ROLE XOR Transport ROLE selects either one or other nonce context, 290 + // (0) for first context, (1) for second context 291 + // Sending: Client ^ Client = 0 (select first) 292 + // Receiving: Server ^ Server = 0 (select first) 293 + // Sending: Server ^ Client = 1 (select second) 294 + // Receiving: Client ^ Server = 1 (select second) 295 + let epstein = if context_select.ct_eq(&0).into() { 296 + &self.first 297 297 } else { 298 - &self.server 298 + &self.second 299 299 }; 300 300 301 301 let (head, tail) = trump.split_at_mut(position.len()); 302 302 let (first, second) = epstein.split_at(position.len()); 303 303 304 + // XOR the base nonce with position bytes, copying them to the output nonce 304 305 head.iter_mut() 305 306 .zip(first) 306 307 .zip(position) 307 308 .for_each(|((head, ep), pos)| *head = ep ^ pos); 309 + 310 + // Copy rest of base nonce into output nonce 308 311 tail.iter_mut() 309 312 .zip(second) 310 313 .for_each(|(tail, ep)| *tail = *ep); ··· 353 356 354 357 // Both Transports have derived base nonces for each client/server context. 355 358 // Client nonces will not match Server nonces. 356 - assert_eq!(alice.client, bob.client); 357 - assert_eq!(alice.server, bob.server); 358 - assert_ne!(alice.client, alice.server); 359 - assert_ne!(bob.client, bob.server); 359 + assert_eq!(alice.first, bob.first); 360 + assert_eq!(alice.second, bob.second); 361 + assert_ne!(alice.first, alice.second); 362 + assert_ne!(bob.first, bob.second); 360 363 361 364 Ok(()) 362 365 }

History

18 rounds 0 comments

sachy.dev submitted #17 2d

diff interdiff

1 commit

expand

c7adc8d5

Sachy's crypto scheme lmao

2/2 success

expand