diff --git a/sm2/Cargo.toml b/sm2/Cargo.toml index 53f1e78ab..e9eb7b99c 100644 --- a/sm2/Cargo.toml +++ b/sm2/Cargo.toml @@ -18,14 +18,19 @@ edition = "2024" rust-version = "1.85" [dependencies] -elliptic-curve = { version = "0.14.0-rc.0", default-features = false, features = ["sec1"] } +elliptic-curve = { version = "0.14.0-rc.0", default-features = false, features = [ + "sec1", +] } rand_core = { version = "0.9", default-features = false } # optional dependencies primeorder = { version = "=0.14.0-pre.2", optional = true, path = "../primeorder" } rfc6979 = { version = "=0.5.0-pre.4", optional = true } serdect = { version = "0.3", optional = true, default-features = false } -signature = { version = "=2.3.0-pre.6", optional = true, features = ["rand_core"] } +signature = { version = "=2.3.0-pre.6", optional = true, features = [ + "rand_core", + "digest", +] } sm3 = { version = "=0.5.0-pre.5", optional = true, default-features = false } [dev-dependencies] @@ -34,10 +39,11 @@ proptest = "1" rand_core = { version = "0.9", features = ["os_rng"] } [features] -default = ["arithmetic", "dsa", "pke", "pem", "std"] -alloc = ["elliptic-curve/alloc"] -std = ["alloc", "elliptic-curve/std", "signature?/std"] +default = ["arithmetic", "dsa", "pke", "pem"] +alloc = ["elliptic-curve/alloc", "signature?/alloc", "elliptic-curve/alloc"] +std = ["alloc", "elliptic-curve/std", "signature?/std", "os_rng"] +os_rng = ["rand_core/os_rng"] arithmetic = ["dep:primeorder", "elliptic-curve/arithmetic"] bits = ["arithmetic", "elliptic-curve/bits"] dsa = ["arithmetic", "dep:rfc6979", "dep:signature", "dep:sm3"] diff --git a/sm2/src/dsa.rs b/sm2/src/dsa.rs index 7a366311a..03f66a4fd 100644 --- a/sm2/src/dsa.rs +++ b/sm2/src/dsa.rs @@ -50,12 +50,11 @@ use signature::{Error, Result, SignatureEncoding}; #[cfg(feature = "alloc")] use alloc::vec::Vec; -#[cfg(feature = "pkcs8")] +#[cfg(all(feature = "alloc", feature = "pkcs8"))] use crate::pkcs8::{ - AlgorithmIdentifierRef, ObjectIdentifier, der::AnyRef, spki::AssociatedAlgorithmIdentifier, + AlgorithmIdentifierRef, ObjectIdentifier, der, der::AnyRef, + spki::AssociatedAlgorithmIdentifier, spki::SignatureBitStringEncoding, }; -#[cfg(all(feature = "alloc", feature = "pkcs8"))] -use crate::pkcs8::{der, spki::SignatureBitStringEncoding}; /// SM2DSA signature serialized as bytes. pub type SignatureBytes = [u8; Signature::BYTE_SIZE]; diff --git a/sm2/src/dsa/signing.rs b/sm2/src/dsa/signing.rs index 64dc800a5..5315dd48c 100644 --- a/sm2/src/dsa/signing.rs +++ b/sm2/src/dsa/signing.rs @@ -33,7 +33,7 @@ use signature::{ }; use sm3::Sm3; -#[cfg(feature = "pkcs8")] +#[cfg(all(feature = "pkcs8", feature = "alloc"))] use crate::pkcs8::{ der::AnyRef, spki::{AlgorithmIdentifier, AssociatedAlgorithmIdentifier, SignatureAlgorithmIdentifier}, @@ -230,7 +230,7 @@ fn sign_prehash_rfc6979(secret_scalar: &Scalar, prehash: &[u8], data: &[u8]) -> Signature::from_scalars(r, s) } -#[cfg(feature = "pkcs8")] +#[cfg(all(feature = "alloc", feature = "pkcs8"))] impl SignatureAlgorithmIdentifier for SigningKey { type Params = AnyRef<'static>; diff --git a/sm2/src/dsa/verifying.rs b/sm2/src/dsa/verifying.rs index e6e89171e..bf70df1c4 100644 --- a/sm2/src/dsa/verifying.rs +++ b/sm2/src/dsa/verifying.rs @@ -31,10 +31,10 @@ use sm3::{Sm3, digest::Digest}; use alloc::{boxed::Box, string::String}; #[cfg(all(feature = "alloc", feature = "pkcs8"))] -use crate::pkcs8::{self, EncodePublicKey, spki}; -#[cfg(feature = "pkcs8")] use crate::pkcs8::{ + self, EncodePublicKey, der::AnyRef, + spki, spki::{AlgorithmIdentifier, AssociatedAlgorithmIdentifier, SignatureAlgorithmIdentifier}, }; @@ -217,7 +217,7 @@ impl EncodePublicKey for VerifyingKey { } } -#[cfg(feature = "pkcs8")] +#[cfg(all(feature = "alloc", feature = "pkcs8"))] impl SignatureAlgorithmIdentifier for VerifyingKey { type Params = AnyRef<'static>; diff --git a/sm2/src/pke.rs b/sm2/src/pke.rs index 80988daae..2d974258e 100644 --- a/sm2/src/pke.rs +++ b/sm2/src/pke.rs @@ -1,73 +1,52 @@ //! SM2 Encryption Algorithm (SM2) as defined in [draft-shen-sm2-ecdsa Β§ 5]. //! //! ## Usage -//! -//! NOTE: requires the `sm3` crate for digest functions and the `primeorder` crate for prime field operations. -//! -//! The `DecryptingKey` struct is used for decrypting messages that were encrypted using the SM2 encryption algorithm. -//! It is initialized with a `SecretKey` or a non-zero scalar value and can decrypt ciphertexts using the specified decryption mode. -#![cfg_attr(feature = "std", doc = "```")] -#![cfg_attr(not(feature = "std"), doc = "```ignore")] -//! # fn example() -> Result<(), Box> { -//! use rand_core::OsRng; // requires 'os_rng` feature -//! use sm2::{ -//! pke::{EncryptingKey, Mode}, -//! {SecretKey, PublicKey} -//! }; -//! +#![cfg_attr(feature = "alloc", doc = "```")] +#![cfg_attr(not(feature = "alloc"), doc = "```ignore")] +//! use sm2::pke::{EcDecrypt, EcEncrypt, Cipher, Mode}; +//! use sm2::SecretKey; +//! use rand_core::OsRng; //! // Encrypting //! let secret_key = SecretKey::try_from_rng(&mut OsRng).unwrap(); // serialize with `::to_bytes()` //! let public_key = secret_key.public_key(); -//! let encrypting_key = EncryptingKey::new_with_mode(public_key, Mode::C1C2C3); //! let plaintext = b"plaintext"; -//! let ciphertext = encrypting_key.encrypt(&mut OsRng, plaintext)?; +//! let cipher = public_key.encrypt(plaintext).unwrap(); +//! let ciphertext = cipher.to_vec(Mode::C1C3C2); //! -//! use sm2::pke::DecryptingKey; //! // Decrypting -//! let decrypting_key = DecryptingKey::new_with_mode(secret_key.to_nonzero_scalar(), Mode::C1C2C3); -//! assert_eq!(decrypting_key.decrypt(&ciphertext)?, plaintext); -//! -//! // Encrypting ASN.1 DER -//! let ciphertext = encrypting_key.encrypt_der(&mut OsRng, plaintext)?; -//! -//! // Decrypting ASN.1 DER -//! assert_eq!(decrypting_key.decrypt_der(&ciphertext)?, plaintext); -//! -//! Ok(()) -//! # } +//! let cipher = Cipher::from_slice(&ciphertext, Mode::C1C3C2).unwrap(); +//! let ciphertext = secret_key.decrypt(&cipher).unwrap(); +//! assert_eq!(ciphertext, plaintext) //! ``` //! //! //! +//! use core::cmp::min; -use crate::AffinePoint; - -#[cfg(feature = "alloc")] -use alloc::vec; - use elliptic_curve::{ - bigint::{Encoding, U256, Uint}, - pkcs8::der::{ - Decode, DecodeValue, Encode, Length, Reader, Sequence, Tag, Writer, asn1::UintRef, - }, + CurveArithmetic, Error, FieldBytesSize, Group, PrimeField, Result, + array::typenum::Unsigned, + ops::Reduce, + sec1::{EncodedPoint, FromEncodedPoint, ModulusSize, Tag, ToEncodedPoint}, }; -use elliptic_curve::{ - Result, - pkcs8::der::{EncodeValue, asn1::OctetStringRef}, - sec1::ToEncodedPoint, -}; -use sm3::digest::DynDigest; +use primeorder::{AffinePoint, PrimeCurveParams}; +use signature::digest::{FixedOutputReset, Output, OutputSizeUser, Update}; + +#[cfg(feature = "alloc")] +use alloc::{borrow::Cow, vec::Vec}; #[cfg(feature = "arithmetic")] mod decrypting; #[cfg(feature = "arithmetic")] mod encrypting; +use crate::Sm2; +use sm3::Sm3; #[cfg(feature = "arithmetic")] -pub use self::{decrypting::DecryptingKey, encrypting::EncryptingKey}; +pub use self::{decrypting::EcDecrypt, encrypting::EcEncrypt}; /// Modes for the cipher encoding/decoding. #[derive(Clone, Copy, Debug)] @@ -77,78 +56,128 @@ pub enum Mode { /// new mode C1C3C2, } + /// Represents a cipher structure containing encryption-related data (asn.1 format). /// /// The `Cipher` structure includes the coordinates of the elliptic curve point (`x`, `y`), /// the digest of the message, and the encrypted cipher text. -pub struct Cipher<'a> { - x: U256, - y: U256, - digest: &'a [u8], - cipher: &'a [u8], +/// TODO: ASN1 Encode and Decode +#[derive(Debug)] +pub struct Cipher<'a, C: CurveArithmetic = Sm2, D: OutputSizeUser = Sm3> { + c1: C::AffinePoint, + #[cfg(feature = "alloc")] + c2: Cow<'a, [u8]>, + #[cfg(not(feature = "alloc"))] + c2: &'a [u8], + c3: Output, } -impl<'a> Sequence<'a> for Cipher<'a> {} - -impl EncodeValue for Cipher<'_> { - fn value_len(&self) -> elliptic_curve::pkcs8::der::Result { - UintRef::new(&self.x.to_be_bytes())?.encoded_len()? - + UintRef::new(&self.y.to_be_bytes())?.encoded_len()? - + OctetStringRef::new(self.digest)?.encoded_len()? - + OctetStringRef::new(self.cipher)?.encoded_len()? +impl<'a, C, D> Cipher<'a, C, D> +where + C: PrimeCurveParams, + C::AffinePoint: ToEncodedPoint + FromEncodedPoint, + C::FieldBytesSize: ModulusSize, + D: OutputSizeUser, +{ + /// Decode from slice + pub fn from_slice(cipher: &'a [u8], mode: Mode) -> Result { + let tag = Tag::from_u8(cipher.first().cloned().ok_or(Error)?)?; + let c1_len = tag.message_len(C::FieldBytesSize::USIZE); + + // B1: get 𝐢1 from 𝐢 + let (c1, c) = cipher.split_at(c1_len); + // verify that point c1 satisfies the elliptic curve + let encoded_c1 = EncodedPoint::::from_bytes(c1)?; + let c1 = Option::from(C::AffinePoint::from_encoded_point(&encoded_c1)).ok_or(Error)?; + // B2: compute point 𝑆 = [β„Ž]𝐢1 + let scalar: C::Scalar = Reduce::::reduce(C::Uint::from(C::FieldElement::S)); + let s: C::ProjectivePoint = c1 * scalar; + if s.is_identity().into() { + return Err(Error); + } + + let digest_size = D::output_size(); + let (c2, c3_buf) = match mode { + Mode::C1C3C2 => { + let (c3, c2) = c.split_at(digest_size); + (c2, c3) + } + Mode::C1C2C3 => c.split_at(c.len() - digest_size), + }; + + let mut c3 = Output::::default(); + c3.clone_from_slice(c3_buf); + + #[cfg(feature = "alloc")] + let c2 = Cow::Borrowed(c2); + + Ok(Self { c1, c2, c3 }) } - fn encode_value(&self, writer: &mut impl Writer) -> elliptic_curve::pkcs8::der::Result<()> { - UintRef::new(&self.x.to_be_bytes())?.encode(writer)?; - UintRef::new(&self.y.to_be_bytes())?.encode(writer)?; - OctetStringRef::new(self.digest)?.encode(writer)?; - OctetStringRef::new(self.cipher)?.encode(writer)?; - Ok(()) + /// Encode to Vec + #[cfg(feature = "alloc")] + pub fn to_vec(&self, mode: Mode) -> Vec { + let point = self.c1.to_encoded_point(false); + let len = point.len() + self.c2.len() + self.c3.len(); + let mut result = Vec::with_capacity(len); + match mode { + Mode::C1C2C3 => { + result.extend(point.as_ref()); + result.extend(self.c2.as_ref()); + result.extend(&self.c3); + } + Mode::C1C3C2 => { + result.extend(point.as_ref()); + result.extend(&self.c3); + result.extend(self.c2.as_ref()); + } + } + + result } -} - -impl<'a> DecodeValue<'a> for Cipher<'a> { - type Error = elliptic_curve::pkcs8::der::Error; - - fn decode_value>( - decoder: &mut R, - header: elliptic_curve::pkcs8::der::Header, - ) -> core::result::Result { - decoder.read_nested(header.length, |nr| { - let x = UintRef::decode(nr)?.as_bytes(); - let y = UintRef::decode(nr)?.as_bytes(); - let digest = OctetStringRef::decode(nr)?.into(); - let cipher = OctetStringRef::decode(nr)?.into(); - Ok(Cipher { - x: Uint::from_be_bytes(zero_pad_byte_slice(x)?), - y: Uint::from_be_bytes(zero_pad_byte_slice(y)?), - digest, - cipher, - }) - }) + /// Get C1 + pub fn c1(&self) -> &C::AffinePoint { + &self.c1 + } + /// Get C2 + pub fn c2(&self) -> &[u8] { + #[cfg(feature = "alloc")] + return &self.c2; + #[cfg(not(feature = "alloc"))] + return self.c2; + } + /// Get C3 + pub fn c3(&self) -> &Output { + &self.c3 } } -/// Performs key derivation using a hash function and elliptic curve point. -fn kdf(hasher: &mut dyn DynDigest, kpb: AffinePoint, c2: &mut [u8]) -> Result<()> { - let klen = c2.len(); +/// Performs key derivation using a hash function and elliptic curve point. +/// Magic modification: Does it support streaming encryption and decryption? +fn kdf(hasher: &mut D, kpb: AffinePoint, msg: &[u8], c2_out: &mut [u8]) -> Result<()> +where + D: Update + FixedOutputReset, + C: CurveArithmetic + PrimeCurveParams, + FieldBytesSize: ModulusSize, + AffinePoint: ToEncodedPoint, +{ + let klen = msg.len(); let mut ct: i32 = 0x00000001; let mut offset = 0; - let digest_size = hasher.output_size(); - let mut ha = vec![0u8; digest_size]; + let digest_size = D::output_size(); + let mut ha = Output::::default(); let encode_point = kpb.to_encoded_point(false); + hasher.reset(); while offset < klen { - hasher.update(encode_point.x().ok_or(elliptic_curve::Error)?); - hasher.update(encode_point.y().ok_or(elliptic_curve::Error)?); + hasher.update(encode_point.x().ok_or(Error)?); + hasher.update(encode_point.y().ok_or(Error)?); hasher.update(&ct.to_be_bytes()); - hasher - .finalize_into_reset(&mut ha) - .map_err(|_e| elliptic_curve::Error)?; + hasher.finalize_into_reset(&mut ha); let xor_len = min(digest_size, klen - offset); - xor(c2, &ha, offset, xor_len); + xor(msg, c2_out, &ha, offset, xor_len); offset += xor_len; ct += 1; } @@ -156,22 +185,8 @@ fn kdf(hasher: &mut dyn DynDigest, kpb: AffinePoint, c2: &mut [u8]) -> Result<() } /// XORs a portion of the buffer `c2` with a hash value. -fn xor(c2: &mut [u8], ha: &[u8], offset: usize, xor_len: usize) { +fn xor(msg: &[u8], c2_out: &mut [u8], ha: &[u8], offset: usize, xor_len: usize) { for i in 0..xor_len { - c2[offset + i] ^= ha[i]; + c2_out[offset + i] = msg[offset + i] ^ ha[i]; } } - -/// Converts a byte slice to a fixed-size array, padding with leading zeroes if necessary. -pub(crate) fn zero_pad_byte_slice( - bytes: &[u8], -) -> elliptic_curve::pkcs8::der::Result<[u8; N]> { - let num_zeroes = N - .checked_sub(bytes.len()) - .ok_or_else(|| Tag::Integer.length_error())?; - - // Copy input into `N`-sized output buffer with leading zeroes - let mut output = [0u8; N]; - output[num_zeroes..].copy_from_slice(bytes); - Ok(output) -} diff --git a/sm2/src/pke/decrypting.rs b/sm2/src/pke/decrypting.rs index 71b320fee..c0cd912b9 100644 --- a/sm2/src/pke/decrypting.rs +++ b/sm2/src/pke/decrypting.rs @@ -1,216 +1,108 @@ -use core::fmt::{self, Debug}; - -use crate::{ - AffinePoint, EncodedPoint, FieldBytes, NonZeroScalar, PublicKey, Scalar, SecretKey, - arithmetic::field::FieldElement, -}; - -use alloc::{borrow::ToOwned, vec::Vec}; +#[cfg(feature = "alloc")] +use alloc::{vec, vec::Vec}; use elliptic_curve::{ - Error, Group, Result, - bigint::U256, - ops::Reduce, - pkcs8::der::Decode, - sec1::{FromEncodedPoint, ToEncodedPoint}, - subtle::{Choice, ConstantTimeEq}, + CurveArithmetic, Error, Result, SecretKey, + sec1::{ModulusSize, ToEncodedPoint}, }; -use primeorder::PrimeField; - -use sm3::{Digest, Sm3, digest::DynDigest}; - -use super::{Cipher, Mode, encrypting::EncryptingKey, kdf, vec}; -/// Represents a decryption key used for decrypting messages using elliptic curve cryptography. -#[derive(Clone)] -pub struct DecryptingKey { - secret_scalar: NonZeroScalar, - encryting_key: EncryptingKey, - mode: Mode, +use primeorder::PrimeCurveParams; + +use signature::digest::{Digest, FixedOutputReset, Output}; +use sm3::Sm3; + +use super::{Cipher, kdf}; + +/// Decrypt messages using elliptic curve cryptography. +pub trait EcDecrypt +where + C: CurveArithmetic, +{ + /// Decrypt the [`Cipher`] using the default digest algorithm [`Sm3`]. + #[cfg(feature = "alloc")] + fn decrypt(&self, cipher: &Cipher<'_, C, Sm3>) -> Result> { + self.decrypt_digest::(cipher) + } + /// Decrypt the [`Cipher`] using the specified digest algorithm. + #[cfg(feature = "alloc")] + fn decrypt_digest( + &self, + cipher: &Cipher<'_, C, D>, + ) -> Result> { + let mut out = vec![0; cipher.c2.len()]; + self.decrypt_digest_into(cipher, &mut out)?; + Ok(out) + } + /// Decrypt the [`Cipher`] to out using the default digest algorithm [`Sm3`]. + /// The length of out is equal to the length of C2. + fn decrypt_into(&self, cipher: &Cipher<'_, C, Sm3>, out: &mut [u8]) -> Result<()> { + self.decrypt_digest_into(cipher, out) + } + /// Decrypt the [`Cipher`] to out using the specified digest algorithm. + /// The length of out is equal to the length of C2. + fn decrypt_digest_into( + &self, + cipher: &Cipher<'_, C, D>, + out: &mut [u8], + ) -> Result<()>; } -impl DecryptingKey { - /// Creates a new `DecryptingKey` from a `SecretKey` with the default decryption mode (`C1C3C2`). - pub fn new(secret_key: SecretKey) -> Self { - Self::new_with_mode(secret_key.to_nonzero_scalar(), Mode::C1C3C2) - } - - /// Creates a new `DecryptingKey` from a non-zero scalar and sets the decryption mode. - pub fn new_with_mode(secret_scalar: NonZeroScalar, mode: Mode) -> Self { - Self { - secret_scalar, - encryting_key: EncryptingKey::new_with_mode( - PublicKey::from_secret_scalar(&secret_scalar), - mode, - ), - mode, - } - } - - /// Parse signing key from big endian-encoded bytes. - pub fn from_bytes(bytes: &FieldBytes) -> Result { - Self::from_slice(bytes) - } - - /// Parse signing key from big endian-encoded byte slice containing a secret - /// scalar value. - pub fn from_slice(slice: &[u8]) -> Result { - let secret_scalar = NonZeroScalar::try_from(slice).map_err(|_| Error)?; - Self::from_nonzero_scalar(secret_scalar) - } - - /// Create a signing key from a non-zero scalar. - pub fn from_nonzero_scalar(secret_scalar: NonZeroScalar) -> Result { - Ok(Self::new_with_mode(secret_scalar, Mode::C1C3C2)) - } - - /// Serialize as bytes. - pub fn to_bytes(&self) -> FieldBytes { - self.secret_scalar.to_bytes() - } - - /// Borrow the secret [`NonZeroScalar`] value for this key. - /// - /// # ⚠️ Warning - /// - /// This value is key material. - /// - /// Please treat it with the care it deserves! - pub fn as_nonzero_scalar(&self) -> &NonZeroScalar { - &self.secret_scalar - } - - /// Get the [`EncryptingKey`] which corresponds to this [`DecryptingKey`]. - pub fn encrypting_key(&self) -> &EncryptingKey { - &self.encryting_key - } - - /// Decrypts a ciphertext in-place using the default digest algorithm (`Sm3`). - pub fn decrypt(&self, ciphertext: &[u8]) -> Result> { - self.decrypt_digest::(ciphertext) - } - - /// Decrypts a ciphertext in-place using the specified digest algorithm. - pub fn decrypt_digest(&self, ciphertext: &[u8]) -> Result> - where - D: 'static + Digest + DynDigest + Send + Sync, - { +impl EcDecrypt for SecretKey +where + C: PrimeCurveParams, + C::FieldBytesSize: ModulusSize, + C::AffinePoint: ToEncodedPoint, +{ + fn decrypt_digest_into( + &self, + cipher: &Cipher<'_, C, D>, + out: &mut [u8], + ) -> Result<()> { + let scalar = self.to_nonzero_scalar(); let mut digest = D::new(); - decrypt(&self.secret_scalar, self.mode, &mut digest, ciphertext) - } - - /// Decrypts a ciphertext in-place from ASN.1 format using the default digest algorithm (`Sm3`). - pub fn decrypt_der(&self, ciphertext: &[u8]) -> Result> { - self.decrypt_der_digest::(ciphertext) - } - - /// Decrypts a ciphertext in-place from ASN.1 format using the specified digest algorithm. - pub fn decrypt_der_digest(&self, ciphertext: &[u8]) -> Result> - where - D: 'static + Digest + DynDigest + Send + Sync, - { - let cipher = Cipher::from_der(ciphertext).map_err(elliptic_curve::pkcs8::Error::from)?; - let prefix: &[u8] = &[0x04]; - let x: [u8; 32] = cipher.x.to_be_bytes(); - let y: [u8; 32] = cipher.y.to_be_bytes(); - let cipher = match self.mode { - Mode::C1C2C3 => [prefix, &x, &y, cipher.cipher, cipher.digest].concat(), - Mode::C1C3C2 => [prefix, &x, &y, cipher.digest, cipher.cipher].concat(), - }; - - Ok(self.decrypt_digest::(&cipher)?.to_vec()) - } -} - -// -// Other trait impls -// - -impl AsRef for DecryptingKey { - fn as_ref(&self) -> &EncryptingKey { - &self.encryting_key - } -} - -impl ConstantTimeEq for DecryptingKey { - fn ct_eq(&self, other: &Self) -> Choice { - self.secret_scalar.ct_eq(&other.secret_scalar) - } -} - -impl Debug for DecryptingKey { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("DecryptingKey") - .field("private_key", &self.secret_scalar.as_ref()) - .field("encrypting_key", &self.encrypting_key()) - .finish_non_exhaustive() + decrypt_into(scalar.as_ref(), cipher, &mut digest, out) } } -/// Constant-time comparison -impl Eq for DecryptingKey {} -impl PartialEq for DecryptingKey { - fn eq(&self, other: &DecryptingKey) -> bool { - self.ct_eq(other).into() - } -} - -fn decrypt( - secret_scalar: &Scalar, - mode: Mode, - hasher: &mut dyn DynDigest, - cipher: &[u8], -) -> Result> { - let q = U256::from_be_hex(FieldElement::MODULUS); - let c1_len = (q.bits() + 7) / 8 * 2 + 1; - - // B1: get 𝐢1 from 𝐢 - let (c1, c) = cipher.split_at(c1_len as usize); - let encoded_c1 = EncodedPoint::from_bytes(c1).map_err(Error::from)?; - - // verify that point c1 satisfies the elliptic curve - let mut c1_point = AffinePoint::from_encoded_point(&encoded_c1).unwrap(); - - // B2: compute point 𝑆 = [β„Ž]𝐢1 - let s = c1_point * Scalar::reduce(U256::from_u32(FieldElement::S)); - if s.is_identity().into() { +fn decrypt_into( + secret_scalar: &C::Scalar, + cipher: &Cipher<'_, C, D>, + digest: &mut D, + out: &mut [u8], +) -> Result<()> +where + C: PrimeCurveParams, + D: FixedOutputReset, + C::FieldBytesSize: ModulusSize, + C::AffinePoint: ToEncodedPoint, +{ + if out.len() < cipher.c2.len() { return Err(Error); } + let out = &mut out[..cipher.c2.len()]; // B3: compute [𝑑𝐡]𝐢1 = (π‘₯2, 𝑦2) - c1_point = (c1_point * secret_scalar).to_affine(); - let digest_size = hasher.output_size(); - let (c2, c3) = match mode { - Mode::C1C3C2 => { - let (c3, c2) = c.split_at(digest_size); - (c2, c3) - } - Mode::C1C2C3 => c.split_at(c.len() - digest_size), - }; + let c1_point = (cipher.c1 * secret_scalar).to_affine(); + + #[cfg(feature = "alloc")] + let c2 = &cipher.c2; + #[cfg(not(feature = "alloc"))] + let c2 = cipher.c2; // B4: compute 𝑑 = 𝐾𝐷𝐹(π‘₯2 βˆ₯ 𝑦2, π‘˜π‘™π‘’π‘›) // B5: get 𝐢2 from 𝐢 and compute 𝑀′ = 𝐢2 βŠ• t - let mut c2 = c2.to_owned(); - kdf(hasher, c1_point, &mut c2)?; + kdf::(digest, c1_point, c2, out)?; // compute 𝑒 = π»π‘Žπ‘ β„Ž(π‘₯2 βˆ₯ 𝑀′βˆ₯ 𝑦2). - let mut u = vec![0u8; digest_size]; + let mut u = Output::::default(); let encode_point = c1_point.to_encoded_point(false); - hasher.update(encode_point.x().ok_or(Error)?); - hasher.update(&c2); - hasher.update(encode_point.y().ok_or(Error)?); - hasher.finalize_into_reset(&mut u).map_err(|_e| Error)?; - let checked = u - .iter() - .zip(c3) - .fold(0, |mut check, (&c3_byte, &c3checked_byte)| { - check |= c3_byte ^ c3checked_byte; - check - }); + digest.update(encode_point.x().ok_or(Error)?); + digest.update(out); + digest.update(encode_point.y().ok_or(Error)?); + digest.finalize_into_reset(&mut u); // If 𝑒 β‰  𝐢3, output β€œERROR” and exit - if checked != 0 { + if cipher.c3 != u { return Err(Error); } - // B7: output the plaintext 𝑀′. - Ok(c2.to_vec()) + Ok(()) } diff --git a/sm2/src/pke/encrypting.rs b/sm2/src/pke/encrypting.rs index 3924efa24..e42e3f1e1 100644 --- a/sm2/src/pke/encrypting.rs +++ b/sm2/src/pke/encrypting.rs @@ -1,171 +1,193 @@ -use core::fmt::Debug; - -use crate::{ - AffinePoint, ProjectivePoint, PublicKey, Scalar, Sm2, - arithmetic::field::FieldElement, - pke::{kdf, vec}, -}; - #[cfg(feature = "alloc")] -use alloc::{borrow::ToOwned, boxed::Box, vec::Vec}; +use alloc::{borrow::Cow, vec}; use elliptic_curve::{ - Curve, Error, Group, Result, - bigint::{RandomBits, U256, Uint, Zero}, + CurveArithmetic, Error, Group, ProjectivePoint, PublicKey, Result, SecretKey, + bigint::{Random, Zero}, ops::{MulByGenerator, Reduce}, - pkcs8::der::Encode, rand_core::TryCryptoRng, - sec1::ToEncodedPoint, -}; - -use primeorder::PrimeField; -use sm3::{ - Sm3, - digest::{Digest, DynDigest}, + scalar::FromUintUnchecked, + sec1::{ModulusSize, ToEncodedPoint}, }; - -use super::{Cipher, Mode}; -/// Represents an encryption key used for encrypting messages using elliptic curve cryptography. -#[derive(Clone, Debug)] -pub struct EncryptingKey { - public_key: PublicKey, - mode: Mode, -} - -impl EncryptingKey { - /// Initialize [`EncryptingKey`] from PublicKey - pub fn new(public_key: PublicKey) -> Self { - Self::new_with_mode(public_key, Mode::C1C2C3) +use primeorder::{PrimeCurveParams, PrimeField}; +#[cfg(feature = "os_rng")] +use rand_core::OsRng; +use sm3::Sm3; + +use super::{Cipher, kdf}; +use signature::digest::{Digest, FixedOutputReset, Output}; + +/// Encrypt messages using elliptic curve cryptography. +pub trait EcEncrypt +where + C: CurveArithmetic, +{ + /// Encrypt into [`Cipher`] using the default digest algorithm [`Sm3`]. + #[cfg(all(feature = "alloc", feature = "os_rng"))] + fn encrypt(&self, msg: &[u8]) -> Result> { + self.encrypt_rng::<_>(&mut OsRng, msg) } - /// Initialize [`EncryptingKey`] from PublicKey and set Encryption mode - pub fn new_with_mode(public_key: PublicKey, mode: Mode) -> Self { - Self { public_key, mode } + /// Encrypt into [`Cipher`] using the default digest algorithm [`Sm3`]. + /// Use a custom RNG. + #[cfg(feature = "alloc")] + fn encrypt_rng(&self, rng: &mut R, msg: &[u8]) -> Result> { + self.encrypt_digest_rng::<_, Sm3>(rng, msg) } - /// Initialize [`EncryptingKey`] from a SEC1-encoded public key. - pub fn from_sec1_bytes(bytes: &[u8]) -> Result { - let public_key = PublicKey::from_sec1_bytes(bytes).map_err(|_| Error)?; - Ok(Self::new(public_key)) + /// Encrypt into [`Cipher`] using the specified digest algorithm. + #[cfg(all(feature = "alloc", feature = "os_rng"))] + fn encrypt_digest(&self, msg: &[u8]) -> Result> { + self.encrypt_digest_rng::<_, D>(&mut OsRng, msg) } - /// Initialize [`EncryptingKey`] from an affine point. - /// - /// Returns an [`Error`] if the given affine point is the additive identity - /// (a.k.a. point at infinity). - pub fn from_affine(affine: AffinePoint) -> Result { - let public_key = PublicKey::from_affine(affine).map_err(|_| Error)?; - Ok(Self::new(public_key)) + /// Encrypt into [`Cipher`] using the specified digest algorithm. + /// Use a custom RNG. + #[cfg(feature = "alloc")] + fn encrypt_digest_rng( + &self, + rng: &mut R, + msg: &[u8], + ) -> Result> { + let mut c1 = C::AffinePoint::default(); + let mut c2 = vec![0; msg.len()]; + let mut c3 = Output::::default(); + self.encrypt_digest_rng_into::(rng, msg, &mut c1, &mut c2, &mut c3)?; + Ok(Cipher { + c1, + c2: c2.into(), + c3, + }) } - /// Borrow the inner [`AffinePoint`] for this public key. - pub fn as_affine(&self) -> &AffinePoint { - self.public_key.as_affine() + /// Encrypt into [`Cipher`] using the default digest algorithm [`Sm3`]. + /// `c2_out_buf` is the output of c2. + #[cfg(feature = "os_rng")] + fn encrypt_buf<'a>(&self, msg: &[u8], c2_out_buf: &'a mut [u8]) -> Result> { + self.encrypt_buf_rng(&mut OsRng, msg, c2_out_buf) } - /// Convert this [`EncryptingKey`] into the - /// `Elliptic-Curve-Point-to-Octet-String` encoding described in - /// SEC 1: Elliptic Curve Cryptography (Version 2.0) section 2.3.3 - /// (page 10). - /// - /// - #[cfg(feature = "alloc")] - pub fn to_sec1_bytes(&self) -> Box<[u8]> { - self.public_key.to_sec1_bytes() + /// Encrypt into [`Cipher`] using the default digest algorithm [`Sm3`]. + /// `c2_out_buf` is the output of c2. + /// Use a custom RNG. + fn encrypt_buf_rng<'a, R: TryCryptoRng>( + &self, + rng: &mut R, + msg: &[u8], + c2_out_buf: &'a mut [u8], + ) -> Result> { + self.encrypt_buf_digest_rng::(rng, msg, c2_out_buf) } - - /// Encrypts a message using the encryption key. - /// - /// This method calculates the digest using the `Sm3` hash function and then performs encryption. - pub fn encrypt(&self, rng: &mut R, msg: &[u8]) -> Result> { - self.encrypt_digest::(rng, msg) + /// Encrypt into [`Cipher`] using the specified digest algorithm. + /// `c2_out_buf` is the output of c2. + #[cfg(feature = "os_rng")] + fn encrypt_buf_digest<'a, D: Digest + FixedOutputReset>( + &self, + msg: &[u8], + c2_out_buf: &'a mut [u8], + ) -> Result> { + self.encrypt_buf_digest_rng(&mut OsRng, msg, c2_out_buf) } - /// Encrypts a message and returns the result in ASN.1 format. - /// - /// This method calculates the digest using the `Sm3` hash function and performs encryption, - /// then encodes the result in ASN.1 format. - pub fn encrypt_der( + /// Encrypt into [`Cipher`] using the specified digest algorithm. + /// `c2_out_buf` is the output of c2. + /// Use a custom RNG. + fn encrypt_buf_digest_rng<'a, R: TryCryptoRng, D: Digest + FixedOutputReset>( &self, rng: &mut R, msg: &[u8], - ) -> Result> { - self.encrypt_der_digest::(rng, msg) + c2_out_buf: &'a mut [u8], + ) -> Result> { + let mut c1 = C::AffinePoint::default(); + let mut c3 = Output::::default(); + let len = self.encrypt_digest_rng_into::(rng, msg, &mut c1, c2_out_buf, &mut c3)?; + let c2 = &c2_out_buf[..len]; + + #[cfg(feature = "alloc")] + let c2 = Cow::Borrowed(c2); + + Ok(Cipher { c1, c2, c3 }) } - /// Encrypts a message using a specified digest algorithm. - pub fn encrypt_digest( + /// Implementation of encryption. + /// Encrypt into the specified buffer using the specified digest algorithm. + fn encrypt_digest_rng_into( &self, rng: &mut R, msg: &[u8], - ) -> Result> - where - D: 'static + Digest + DynDigest + Send + Sync, - { - let mut digest = D::new(); - encrypt(rng, &self.public_key, self.mode, &mut digest, msg) - } + c1_out: &mut C::AffinePoint, + c2_out: &mut [u8], + c3_out: &mut Output, + ) -> Result; +} - /// Encrypts a message using a specified digest algorithm and returns the result in ASN.1 format. - pub fn encrypt_der_digest( +impl EcEncrypt for PublicKey +where + C: PrimeCurveParams + CurveArithmetic, + C::FieldBytesSize: ModulusSize, + C::AffinePoint: ToEncodedPoint, +{ + fn encrypt_digest_rng_into( &self, rng: &mut R, msg: &[u8], - ) -> Result> - where - D: 'static + Digest + DynDigest + Send + Sync, - { - let mut digest = D::new(); - let cipher = encrypt(rng, &self.public_key, self.mode, &mut digest, msg)?; - let digest_size = digest.output_size(); - let (_, cipher) = cipher.split_at(1); - let (x, cipher) = cipher.split_at(32); - let (y, cipher) = cipher.split_at(32); - let (digest, cipher) = match self.mode { - Mode::C1C2C3 => { - let (cipher, digest) = cipher.split_at(cipher.len() - digest_size); - (digest, cipher) - } - Mode::C1C3C2 => cipher.split_at(digest_size), - }; - Ok(Cipher { - x: Uint::from_be_slice(x), - y: Uint::from_be_slice(y), - digest, - cipher, - } - .to_der() - .map_err(elliptic_curve::pkcs8::Error::from)?) + c1_out: &mut ::AffinePoint, + c2_out: &mut [u8], + c3_out: &mut Output, + ) -> Result { + encrypt_into::(self, rng, msg, c1_out, c2_out, c3_out) } } - -impl From for EncryptingKey { - fn from(value: PublicKey) -> Self { - Self::new(value) +impl EcEncrypt for SecretKey +where + C: PrimeCurveParams + CurveArithmetic, + C::FieldBytesSize: ModulusSize, + C::AffinePoint: ToEncodedPoint, +{ + fn encrypt_digest_rng_into( + &self, + rng: &mut R, + msg: &[u8], + c1_out: &mut ::AffinePoint, + c2_out: &mut [u8], + c3_out: &mut Output, + ) -> Result { + encrypt_into::(&self.public_key(), rng, msg, c1_out, c2_out, c3_out) } } -/// Encrypts a message using the specified public key, mode, and digest algorithm. -fn encrypt( +fn encrypt_into( + publick_key: &PublicKey, rng: &mut R, - public_key: &PublicKey, - mode: Mode, - digest: &mut dyn DynDigest, msg: &[u8], -) -> Result> { - const N_BYTES: u32 = (Sm2::ORDER.bits() + 7) / 8; - let mut c1 = vec![0; (N_BYTES * 2 + 1) as usize]; - let mut c2 = msg.to_owned(); - let mut hpb: AffinePoint; + c1_out: &mut C::AffinePoint, + c2_out: &mut [u8], + c3_out: &mut Output, +) -> Result +where + C: PrimeCurveParams, + R: TryCryptoRng, + D: FixedOutputReset + Digest, + C::AffinePoint: ToEncodedPoint, + C::FieldBytesSize: ModulusSize, +{ + if c2_out.len() < msg.len() { + return Err(Error); + } + let c2_out = &mut c2_out[..msg.len()]; + + let mut digest = D::new(); + let mut hpb: C::AffinePoint; loop { // A1: generate a random number π‘˜ ∈ [1, 𝑛 βˆ’ 1] with the random number generator - let k = Scalar::from_uint(next_k(rng, N_BYTES)?).unwrap(); + let k: C::Scalar = C::Scalar::from_uint_unchecked(next_k::<_, C>(rng)?); // A2: compute point 𝐢1 = [π‘˜]𝐺 = (π‘₯1, 𝑦1) - let kg = ProjectivePoint::mul_by_generator(&k).to_affine(); + let kg: C::AffinePoint = ProjectivePoint::::mul_by_generator(&k).into(); // A3: compute point 𝑆 = [β„Ž]𝑃𝐡 of the elliptic curve - let pb_point = public_key.as_affine(); - let s = *pb_point * Scalar::reduce(U256::from_u32(FieldElement::S)); + let pb_point = publick_key.as_affine(); + let scalar: C::Scalar = Reduce::::reduce(C::Uint::from(C::FieldElement::S)); + let s: C::ProjectivePoint = *pb_point * scalar; if s.is_identity().into() { return Err(Error); } @@ -175,36 +197,34 @@ fn encrypt( // A5: compute 𝑑 = 𝐾𝐷𝐹(π‘₯2||𝑦2, π‘˜π‘™π‘’π‘›) // A6: compute 𝐢2 = 𝑀 βŠ• t - kdf(digest, hpb, &mut c2)?; + kdf::(&mut digest, hpb, msg, c2_out)?; // // If 𝑑 is an all-zero bit string, go to A1. // if all of t are 0, xor(c2) == c2 - if c2.iter().zip(msg).any(|(pre, cur)| pre != cur) { - let uncompress_kg = kg.to_encoded_point(false); - c1.copy_from_slice(uncompress_kg.as_bytes()); + if c2_out.iter().zip(msg).any(|(pre, cur)| pre != cur) { + *c1_out = kg; break; } } let encode_point = hpb.to_encoded_point(false); // A7: compute 𝐢3 = π»π‘Žπ‘ β„Ž(π‘₯2||𝑀||𝑦2) - let mut c3 = vec![0; digest.output_size()]; - digest.update(encode_point.x().ok_or(Error)?); - digest.update(msg); - digest.update(encode_point.y().ok_or(Error)?); - digest.finalize_into_reset(&mut c3).map_err(|_e| Error)?; - - // A8: output the ciphertext 𝐢 = 𝐢1||𝐢2||𝐢3. - Ok(match mode { - Mode::C1C2C3 => [c1.as_slice(), &c2, &c3].concat(), - Mode::C1C3C2 => [c1.as_slice(), &c3, &c2].concat(), - }) + Digest::reset(&mut digest); + Digest::update(&mut digest, encode_point.x().ok_or(Error)?); + Digest::update(&mut digest, msg); + Digest::update(&mut digest, encode_point.y().ok_or(Error)?); + Digest::finalize_into_reset(&mut digest, c3_out); + + Ok(c2_out.len()) } -fn next_k(rng: &mut R, bit_length: u32) -> Result { +fn next_k(rng: &mut R) -> Result +where + C: CurveArithmetic, +{ loop { - let k = U256::try_random_bits(rng, bit_length).map_err(|_| Error)?; - if !bool::from(k.is_zero()) && k < Sm2::ORDER { + let k = C::Uint::try_random(rng).map_err(|_| Error)?; + if !bool::from(k.is_zero()) && k < C::ORDER { return Ok(k); } } diff --git a/sm2/tests/pkcs8.rs b/sm2/tests/pkcs8.rs index 493939ca9..4c4717ca3 100644 --- a/sm2/tests/pkcs8.rs +++ b/sm2/tests/pkcs8.rs @@ -133,6 +133,7 @@ fn encode_pkcs8_public_key_to_pem() { assert_eq!(reencoded_public_key.as_str(), PKCS8_PUBLIC_KEY_PEM); } +#[cfg(feature = "std")] #[test] fn test_x509() { fn dummy_cert_builder(_signer: &S) @@ -148,5 +149,5 @@ fn test_x509() { let secret_key = PKCS8_PRIVATE_KEY_PEM.parse::().unwrap(); const IDENTITY: &str = "example@rustcrypto.org"; let signing_key = SigningKey::new(IDENTITY, &secret_key).unwrap(); - let _signature = dummy_cert_builder::<_, Signature>(&signing_key); + dummy_cert_builder::<_, Signature>(&signing_key); } diff --git a/sm2/tests/sm2pke.rs b/sm2/tests/sm2pke.rs index 8256555d3..dfb510d63 100644 --- a/sm2/tests/sm2pke.rs +++ b/sm2/tests/sm2pke.rs @@ -3,9 +3,14 @@ use elliptic_curve::{NonZeroScalar, ops::Reduce}; use hex_literal::hex; use proptest::prelude::*; -use rand_core::OsRng; -use sm2::{Scalar, Sm2, U256, pke::DecryptingKey}; +use rand_core::OsRng; +#[cfg(feature = "alloc")] +use sm2::pke::Mode; +use sm2::{ + Scalar, SecretKey, Sm2, U256, + pke::{Cipher, EcDecrypt, EcEncrypt}, +}; // private key bytes const PRIVATE_KEY: [u8; 32] = @@ -16,79 +21,73 @@ const MSG: &[u8] = b"plaintext"; const CIPHER: [u8; 106] = hex!( "041ed68db303f5bc6bce516d5a62e1cd16781d3007df6864d970a56d46a6cecca0e0d33bfc71e78c440ae6afeef1a18cce473b3e27002189a058ddadc9182c80a3f13be66476ba6ef66d95a7fb11f30de441b3b66d566e48348bd830e584e7ec37f9b704ef32eba9055c" ); +// TODO: [`Cipher`] ASN1 Encode and Decode // asn.1: openssl pkeyutl -encrypt -pubin -in plaintext -inkey sm2.pub -out cipher -const ASN1_CIPHER: [u8; 116] = hex!( - "307202206ba17ad462a75beeb2caf8a1282687ab7e2f248b776a481612d89425a519ce6002210083e1de8c57dae995137227839d3880eaf9fe82a885a750be29ebe58193c8e31a0420d513a555087c2b17a88dd62749435133d325a4afca675284c85d754ba35670f80409bd3a294a6d50184b37" -); +// const ASN1_CIPHER: [u8; 116] = hex!( +// "307202206ba17ad462a75beeb2caf8a1282687ab7e2f248b776a481612d89425a519ce6002210083e1de8c57dae995137227839d3880eaf9fe82a885a750be29ebe58193c8e31a0420d513a555087c2b17a88dd62749435133d325a4afca675284c85d754ba35670f80409bd3a294a6d50184b37" +// ); #[test] fn decrypt_verify() { - assert_eq!( - DecryptingKey::new( - NonZeroScalar::::try_from(PRIVATE_KEY.as_ref() as &[u8]) - .unwrap() - .into() - ) - .decrypt(&CIPHER) - .unwrap(), - MSG - ); + let public_key: SecretKey = NonZeroScalar::::try_from(PRIVATE_KEY.as_ref() as &[u8]) + .unwrap() + .into(); + let cipher = Cipher::from_slice(&CIPHER, sm2::pke::Mode::C1C3C2).unwrap(); + let mut out = vec![0; cipher.c2().len()]; + public_key.decrypt_into(&cipher, &mut out).unwrap(); + assert_eq!(out, MSG); } -#[test] -fn decrypt_der_verify() { - let dk = DecryptingKey::new_with_mode( - NonZeroScalar::::try_from(PRIVATE_KEY.as_ref() as &[u8]).unwrap(), - sm2::pke::Mode::C1C2C3, - ); - assert_eq!(dk.decrypt_der(&ASN1_CIPHER).unwrap(), MSG); -} +// TODO: [`Cipher`] ASN1 Encode and Decode +// #[test] +// fn decrypt_der_verify() { +// let dk = DecryptingKey::new_with_mode( +// NonZeroScalar::::try_from(PRIVATE_KEY.as_ref() as &[u8]).unwrap(), +// sm2::pke::Mode::C1C2C3, +// ); +// assert_eq!(dk.decrypt_der(&ASN1_CIPHER).unwrap(), MSG); +// } prop_compose! { - fn decrypting_key()(bytes in any::<[u8; 32]>()) -> DecryptingKey { + fn secret_key()(bytes in any::<[u8; 32]>()) -> SecretKey { loop { let scalar = >::reduce_bytes(&bytes.into()); - if let Some(scalar) = Option::from(NonZeroScalar::new(scalar)) { - return DecryptingKey::from_nonzero_scalar(scalar).unwrap(); - } - } - } -} + if let Some(scalar) = Option::>::from(NonZeroScalar::::new(scalar)) { -prop_compose! { - fn decrypting_key_c1c2c3()(bytes in any::<[u8; 32]>()) -> DecryptingKey { - loop { - let scalar = >::reduce_bytes(&bytes.into()); - if let Some(scalar) = Option::from(NonZeroScalar::new(scalar)) { - return DecryptingKey::new_with_mode(scalar, sm2::pke::Mode::C1C2C3); + return SecretKey::new(scalar.into()); } } } } proptest! { - #[test] - fn encrypt_and_decrpyt_der(dk in decrypting_key()) { - let ek = dk.encrypting_key(); - let cipher_bytes = ek.encrypt_der(&mut OsRng, MSG).unwrap(); - prop_assert!(dk.decrypt_der(&cipher_bytes).is_ok()); - } #[test] - fn encrypt_and_decrpyt(dk in decrypting_key()) { - let ek = dk.encrypting_key(); - let cipher_bytes = ek.encrypt(&mut OsRng, MSG).unwrap(); - assert_eq!(dk.decrypt(&cipher_bytes).unwrap(), MSG); + #[cfg(feature="alloc")] + fn encrypt_and_decrpyt(key in secret_key()) { + let cipher = key.encrypt( MSG).unwrap(); + let cipher_bytes = cipher.to_vec(Mode::C1C3C2); + let cipher = Cipher::from_slice(&cipher_bytes, Mode::C1C3C2).unwrap(); + let text = key.decrypt(&cipher).unwrap(); + assert_eq!(text, MSG); + + let cipher = key.encrypt(MSG).unwrap(); + let cipher_bytes = cipher.to_vec(Mode::C1C2C3); + let cipher = Cipher::from_slice(&cipher_bytes, Mode::C1C2C3).unwrap(); + let text = key.decrypt(&cipher).unwrap(); + assert_eq!(text, MSG); + } #[test] - fn encrypt_and_decrpyt_mode(dk in decrypting_key_c1c2c3()) { - let ek = dk.encrypting_key(); - let cipher_bytes = ek.encrypt(&mut OsRng, MSG).unwrap(); - assert_eq!( - dk.decrypt(&cipher_bytes) - .unwrap(), - MSG - ); + fn encrypt_and_decrpyt_no_std(key in secret_key()) { + let mut out = vec![0; MSG.len()]; + let cipher = key.encrypt_buf_rng(&mut OsRng, MSG, &mut out).unwrap(); + let mut deout = vec![0; MSG.len()]; + key.decrypt_into(&cipher, &mut deout).unwrap(); + assert_eq!(deout, MSG); + } + + }