From 6afaf9eec9d28f6dcfaf9421e199aa33bae96c71 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Tue, 11 Feb 2025 17:06:11 +0100 Subject: [PATCH 1/4] update aead benches to use libcrux-chacha20poly1305 standalone crate --- benchmarks/Cargo.toml | 1 + benchmarks/benches/aead.rs | 44 +++++++++++++++++++++++++------------ chacha20poly1305/src/lib.rs | 44 +++++++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 14 deletions(-) diff --git a/benchmarks/Cargo.toml b/benchmarks/Cargo.toml index 4928bd34d..6b1fcf544 100644 --- a/benchmarks/Cargo.toml +++ b/benchmarks/Cargo.toml @@ -17,6 +17,7 @@ rand = { version = "0.8" } [dev-dependencies] libcrux = { path = "../", features = ["rand", "tests"] } +libcrux-chacha20poly1305 = { path = "../chacha20poly1305" } libcrux-kem = { path = "../libcrux-kem", features = ["tests"] } libcrux-ml-kem = { path = "../libcrux-ml-kem" } rand_core = { version = "0.6" } diff --git a/benchmarks/benches/aead.rs b/benchmarks/benches/aead.rs index bfb74a25a..3edf0cda9 100644 --- a/benchmarks/benches/aead.rs +++ b/benchmarks/benches/aead.rs @@ -1,11 +1,18 @@ use chacha20poly1305::{AeadCore, AeadInPlace, KeyInit}; use criterion::{criterion_group, criterion_main, BatchSize, BenchmarkId, Criterion, Throughput}; -use libcrux::{aead::*, digest, drbg}; +use libcrux::{digest, drbg}; + +use libcrux_chacha20poly1305::*; use benchmarks::util::*; use rand_core::OsRng; use ring::aead::UnboundKey; +fn randbuf(drbg: &mut drbg::Drbg) -> Result<[u8; LEN], drbg::Error> { + let mut buf = [0; LEN]; + drbg.generate(&mut buf).map(|_| buf) +} + // Comparing libcrux performance for different payload sizes and other implementations. fn comparisons_encrypt(c: &mut Criterion) { const PAYLOAD_SIZES: [usize; 1] = [1024 * 1024 * 10]; @@ -22,14 +29,15 @@ fn comparisons_encrypt(c: &mut Criterion) { |b, payload_size| { b.iter_batched( || { - let key = Key::generate(Algorithm::Chacha20Poly1305, &mut drbg); - let nonce = Iv::generate(&mut drbg); - let data = randombytes(*payload_size); + let key = randbuf(&mut drbg).unwrap(); + let nonce = randbuf(&mut drbg).unwrap(); + let ptxt = randombytes(*payload_size); + let ctxt = vec![0; *payload_size]; let aad = randombytes(1_000); - (data, nonce, aad, key) + (ptxt, ctxt, nonce, aad, key) }, - |(mut data, nonce, aad, key)| { - let _tag = encrypt(&key, &mut data, nonce, &aad); + |(ptxt, mut ctxt, nonce, aad, key)| { + let _tag = encrypt(&key, &ptxt, &mut ctxt, &aad, &nonce); }, BatchSize::SmallInput, ) @@ -129,16 +137,24 @@ fn comparisons_decrypt(c: &mut Criterion) { |b, payload_size| { b.iter_batched( || { - let key = Key::generate(Algorithm::Chacha20Poly1305, &mut drbg); - let nonce_enc = Iv::generate(&mut drbg); - let nonce = Iv(nonce_enc.0); - let mut data = randombytes(*payload_size); + let key = randbuf(&mut drbg).unwrap(); + let nonce_enc = randbuf(&mut drbg).unwrap(); + let nonce = nonce_enc; + let ptxt = randombytes(*payload_size); + let mut ctxt = vec![0; *payload_size + TAG_LEN]; let aad = randombytes(1_000); - let tag = encrypt(&key, &mut data, nonce_enc, &aad).unwrap(); - (key, nonce, data, tag, aad) + let ctxt_len = ctxt.len(); + + let (ctxt_got, _tag) = + encrypt(&key, &ptxt, &mut ctxt, &aad, &nonce).unwrap(); + assert_eq!(ctxt_len, ctxt_got.len()); + + (key, nonce, ptxt, ctxt, aad) + }, + |(key, nonce, mut ptxt, ctxt, aad)| { + decrypt(&key, &mut ptxt, &ctxt, &aad, &nonce).unwrap(); }, - |(key, nonce, mut data, tag, aad)| decrypt(&key, &mut data, nonce, &aad, &tag), BatchSize::SmallInput, ) }, diff --git a/chacha20poly1305/src/lib.rs b/chacha20poly1305/src/lib.rs index d5d17aabf..feb448f24 100644 --- a/chacha20poly1305/src/lib.rs +++ b/chacha20poly1305/src/lib.rs @@ -1,5 +1,7 @@ #![no_std] +extern crate alloc; + /// The length of ChaCha20-Poly1305 keys. pub const KEY_LEN: usize = 32; @@ -10,6 +12,7 @@ pub const TAG_LEN: usize = 16; pub const NONCE_LEN: usize = 12; /// Describes the error conditions of the ChaCha20-Poly1305 AEAD. +#[derive(Debug)] pub enum AeadError { /// Indicates that the plaintext argument is too large for the library to handle. PlaintextTooLarge, @@ -26,7 +29,35 @@ pub enum AeadError { InvalidCiphertext, } +impl alloc::fmt::Display for AeadError { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + let msg = match self { + AeadError::PlaintextTooLarge => { + "The plaintext argument is too large for the library to handle" + } + AeadError::CiphertextTooLarge => { + "The ciphertext argument is too large for the library to handle" + } + AeadError::AadTooLarge => { + "The associated data argument is too large for the library to handle" + } + AeadError::CiphertextTooShort => { + "The provided destination ciphertext does not fit the ciphertext and tag" + } + AeadError::PlaintextTooShort => { + "The provided destination plaintext is too short to fit the decrypted plaintext" + } + AeadError::InvalidCiphertext => { + "The ciphertext is not a valid encryption under the given key and nonce." + } + }; + + f.write_str(msg) + } +} + /// Describes the error conditions of the Poly1305 MAC. +#[derive(Debug)] pub enum MacError { /// Indicates that the message argument is too large for the library to handle. MessageTooLarge, @@ -35,6 +66,19 @@ pub enum MacError { InvalidMacTag, } +impl alloc::fmt::Display for MacError { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + let msg = match self { + MacError::MessageTooLarge => { + "The message argument is too large for the library to handle" + } + MacError::InvalidMacTag => "The MAC tag is invalid for that key and message", + }; + + f.write_str(msg) + } +} + mod hacl { pub(crate) use libcrux_poly1305::hacl::mac_poly1305; From 639672c86c8ff0c464a2438843be6253884975a3 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 12 Feb 2025 11:22:30 +0100 Subject: [PATCH 2/4] use fmt::Display from core insted of alloc --- chacha20poly1305/src/lib.rs | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/chacha20poly1305/src/lib.rs b/chacha20poly1305/src/lib.rs index feb448f24..5bad4f62d 100644 --- a/chacha20poly1305/src/lib.rs +++ b/chacha20poly1305/src/lib.rs @@ -1,7 +1,5 @@ #![no_std] -extern crate alloc; - /// The length of ChaCha20-Poly1305 keys. pub const KEY_LEN: usize = 32; @@ -29,7 +27,7 @@ pub enum AeadError { InvalidCiphertext, } -impl alloc::fmt::Display for AeadError { +impl core::fmt::Display for AeadError { fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { let msg = match self { AeadError::PlaintextTooLarge => { @@ -66,7 +64,7 @@ pub enum MacError { InvalidMacTag, } -impl alloc::fmt::Display for MacError { +impl core::fmt::Display for MacError { fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { let msg = match self { MacError::MessageTooLarge => { From 00f7f7effb6a8e4133a0cb1132038d2e0055b9b5 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 12 Feb 2025 15:23:22 +0100 Subject: [PATCH 3/4] fix benchmark --- benchmarks/benches/aead.rs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/benchmarks/benches/aead.rs b/benchmarks/benches/aead.rs index 3edf0cda9..53e250d60 100644 --- a/benchmarks/benches/aead.rs +++ b/benchmarks/benches/aead.rs @@ -135,20 +135,21 @@ fn comparisons_decrypt(c: &mut Criterion) { BenchmarkId::new("libcrux", fmt(*payload_size)), payload_size, |b, payload_size| { + let payload_size = *payload_size; + b.iter_batched( || { let key = randbuf(&mut drbg).unwrap(); let nonce_enc = randbuf(&mut drbg).unwrap(); let nonce = nonce_enc; - let ptxt = randombytes(*payload_size); - let mut ctxt = vec![0; *payload_size + TAG_LEN]; + let ptxt = randombytes(payload_size); + let mut ctxt = vec![0; payload_size + TAG_LEN]; let aad = randombytes(1_000); - let ctxt_len = ctxt.len(); - - let (ctxt_got, _tag) = + let (ctxt_got, tag) = encrypt(&key, &ptxt, &mut ctxt, &aad, &nonce).unwrap(); - assert_eq!(ctxt_len, ctxt_got.len()); + assert_eq!(payload_size, ctxt_got.len()); + assert_eq!(TAG_LEN, tag.len()); (key, nonce, ptxt, ctxt, aad) }, From d1196c19adf2b76780f100d9e69acd284d35d01d Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 12 Feb 2025 15:30:26 +0100 Subject: [PATCH 4/4] rename benchmark: aead -> chacha20poly1305 --- benchmarks/Cargo.toml | 2 +- benchmarks/benches/{aead.rs => chacha20poly1305.rs} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename benchmarks/benches/{aead.rs => chacha20poly1305.rs} (100%) diff --git a/benchmarks/Cargo.toml b/benchmarks/Cargo.toml index 61dded40b..9ddc0f52c 100644 --- a/benchmarks/Cargo.toml +++ b/benchmarks/Cargo.toml @@ -71,7 +71,7 @@ name = "p256" harness = false [[bench]] -name = "aead" +name = "chacha20poly1305" harness = false [[bench]] diff --git a/benchmarks/benches/aead.rs b/benchmarks/benches/chacha20poly1305.rs similarity index 100% rename from benchmarks/benches/aead.rs rename to benchmarks/benches/chacha20poly1305.rs