#authenticated-encryption

no-std strobe-rs

An implementation of the Strobe protocol framework in pure Rust

22 releases

0.10.0 Jul 24, 2024
0.8.1 Oct 10, 2022
0.7.1 Feb 13, 2022
0.7.0 Dec 29, 2021
0.3.4 Jul 7, 2018

#264 in Cryptography

Download history 6028/week @ 2024-07-01 6279/week @ 2024-07-08 5140/week @ 2024-07-15 5337/week @ 2024-07-22 5021/week @ 2024-07-29 4445/week @ 2024-08-05 4438/week @ 2024-08-12 4024/week @ 2024-08-19 4355/week @ 2024-08-26 3654/week @ 2024-09-02 3323/week @ 2024-09-09 3567/week @ 2024-09-16 4041/week @ 2024-09-23 4261/week @ 2024-09-30 4815/week @ 2024-10-07 2983/week @ 2024-10-14

16,148 downloads per month
Used in 25 crates (14 directly)

MIT/Apache

65KB
927 lines

strobe-rs

CI Version Docs

This is a pure Rust, no_std implementation of the Strobe protocol framework. The designer's description:

Strobe is a new framework for cryptographic protocols. It can also be used for regular encryption. Its goals are to make cryptographic protocols much simpler to develop, deploy and analyze; and to fit into even tiny IoT devices. To that end, it uses only one block function — Keccak-f — to encrypt and authenticate messages.

This implementation currently only supports Keccak-f[1600] (the highest security level) as the internal permutation function.

Example

A simple example that does authenticated encryption and decryption:

use strobe_rs::{SecParam, Strobe};

use rand::RngCore;

// NOTE: This is just a simple authenticated encryption scheme. For a robust AEAD construction,
// see the example at https://strobe.sourceforge.io/examples/aead/

fn main() {
    let mut rng = rand::thread_rng();

    // Sender and receiver
    let mut tx = Strobe::new(b"correctnesstest", SecParam::B256);
    let mut rx = Strobe::new(b"correctnesstest", SecParam::B256);

    // Key both sides with a predetermined key
    let k = b"the-combination-on-my-luggage";
    tx.key(k, false);
    rx.key(k, false);

    // Have the transmitter sample and send a nonce (192 bits) in the clear
    let mut nonce = [0u8; 24];
    rng.fill_bytes(&mut nonce);
    rx.recv_clr(&nonce, false);
    tx.send_clr(&nonce, false);

    // Have the transmitter send an authenticated ciphertext (with a 256 bit MAC)
    let orig_msg = b"groceries: kaymac, ajvar, cream, diced onion, red pepper, grilled meat";
    let mut msg_buf = *orig_msg;
    tx.send_enc(&mut msg_buf, false);
    let mut mac = [0u8; 32];
    tx.send_mac(&mut mac, false);

    // Rename for clarity. `msg_buf` has been encrypted in-place.
    let mut ciphertext = msg_buf;

    // Have the receiver receive the ciphertext and MAC
    rx.recv_enc(ciphertext.as_mut_slice(), false);
    let res = rx.recv_mac(&mac);

    // Check that the MAC verifies
    assert!(res.is_ok());
    // Check that the decrypted ciphertext equals the original plaintext
    let round_trip_msg = ciphertext;
    assert_eq!(&round_trip_msg, orig_msg);
}

Features

Default features flags: none

Feature flag list:

  • std — Implements std::error::Error for AuthError.
  • asm — Enables optimized assembly for the Keccak permutation, if available. Assembly currently only exists for ARMv8.
  • serialize_secret_state — Implements serde's Serialize and Deserialize traits for the Strobe struct. SECURITY NOTE: Serializing Strobe state outputs security sensitive data that MUST be kept private. Treat the data as you would a private encryption/decryption key.

For info on how to omit or include feature flags, see the cargo docs on features.

MSRV

The current minimum supported Rust version (MSRV) is 1.60.0 (2022-04-04).

Tests

To run tests, execute

cargo test --features "std"

This includes known-answer tests, which test against JSON-encoded test vectors in the kat/ directory. To verify these test vectors against the reference Python implementation, cd into kat/, run python2 verify_test_vector.py and follow the included instructions.

Benchmarks

To benchmark, run

cargo bench

This will produce a summary with plots in target/crieteron/report/index.html. These won't be very interesting, since almost every function in STROBE has the same runtime.

License

Licensed under either of

at your option.

Warning

This code has not been audited in any sense of the word. Use at your own discretion.

Dependencies

~0.5–1MB
~24K SLoC