updated symmetric enc/dec to aes-gcm = "0.9.4"

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rabe"
-version = "0.3.0"
+version = "0.3.1"
 description = "ABE Schemes implemented in rust."
 authors = [
     "Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>",
@@ -25,10 +25,8 @@ crate-type=["rlib", "cdylib"]
 path = "src/lib.rs"
 
 [dependencies]
-aes = "0.7.0"
+aes-gcm = "0.9.4"
 borsh = { version = "0.9.3", optional = true, default-features = false }
-gmorph = { git = "https://github.com/georgbramm/gmorph" }
-eax = "0.4.1"
 pest = "2.0"
 pest_derive = "2.0"
 permutation = "0.4.0"

src/error.rs

@@ -6,7 +6,6 @@ use std::{fmt::{
 use pest::error::{Error as PestError, LineColLocation};
 use utils::policy::pest::json::Rule as jsonRule;
 use utils::policy::pest::human::Rule as humanRule;
-use eax::aead;
 use std::array::TryFromSliceError;
 use rabe_bn::FieldError;
 #[cfg(not(feature = "borsh"))]
@@ -71,14 +70,6 @@ impl From<FieldError> for RabeError {
     }
 }
 
-
-impl From<aead::Error> for RabeError {
-    fn from(_error: aead::Error) -> Self {
-        // Aead's error is intentionally opaque, there is no more information in here
-        RabeError::new("Error during symmetric encryption or decryption!")
-    }
-}
-
 impl From<TryFromSliceError> for RabeError {
     fn from(_error: TryFromSliceError) -> Self {
         RabeError::new(&_error.to_string())

src/lib.rs

@@ -14,14 +14,11 @@ extern crate serde;
 extern crate rabe_bn;
 extern crate rand;
 extern crate pest;
-extern crate eax;
-extern crate aes;
+extern crate aes_gcm;
 extern crate sha3;
 #[macro_use]
 extern crate pest_derive;
 
-extern crate gmorph;
-
 /// rabe schemes
 pub mod schemes;
 /// rabe library utilities

src/utils/aes/mod.rs

@@ -1,22 +1,24 @@
-use eax::Eax;
-use eax::aead::{Aead, NewAead, generic_array::GenericArray};
+use aes_gcm::{Aes256Gcm, Key, Nonce}; // Or `Aes128Gcm`
+use aes_gcm::aead::{Aead, NewAead};
+
 use crate::error::RabeError;
 use std::convert::TryInto;
 use rand::thread_rng;
 use rand::Rng;
-use aes::Aes256;
 
 /// Key Encapsulation Mechanism (AES-256 Encryption Function)
 pub fn encrypt_symmetric<G: std::convert::Into<Vec<u8>>>(_msg: G, _plaintext: &Vec<u8>) -> Result<Vec<u8>, RabeError> {
     let mut rng = thread_rng();
-    let key = kdf(_msg);
-    let key_ga = GenericArray::from_slice(key.as_slice());
-    let cipher = Eax::<Aes256>::new(key_ga);
-    let nonce_vec: Vec<u8> = (0..16).into_iter().map(|_| rng.gen()).collect(); // 16*u8 = 128 Bit
-    let nonce = GenericArray::from_slice(nonce_vec.as_ref());
+    // 256bit key hashed/derived from _msg G
+    let kdf = kdf(_msg);
+    let key = Key::from_slice(kdf.as_slice());
+    let cipher = Aes256Gcm::new(key);
+    // 96bit random noise
+    let nonce_vec: Vec<u8> = (0..12).into_iter().map(|_| rng.gen()).collect(); // 12*u8 = 96 Bit
+    let nonce = Nonce::from_slice(nonce_vec.as_ref());
     match cipher.encrypt(nonce, _plaintext.as_ref()) {
         Ok(mut ct) => {
-            ct.splice(0..0, nonce.iter().cloned()); // first 16 bytes are nonce i.e. [nonce|ciphertext]
+            ct.splice(0..0, nonce.iter().cloned()); // first 12 bytes are nonce i.e. [nonce|ciphertext]
             Ok(ct)
         }
         Err(e) => Err(RabeError::new(&format!("encryption error: {:?}", e.to_string())))
@@ -25,15 +27,16 @@ pub fn encrypt_symmetric<G: std::convert::Into<Vec<u8>>>(_msg: G, _plaintext: &V
 
 /// Key Encapsulation Mechanism (AES-256 Decryption Function)
 pub fn decrypt_symmetric<G: std::convert::Into<Vec<u8>>>(_msg: G, _nonce_ct: &Vec<u8>) -> Result<Vec<u8>, RabeError> {
-    let ciphertext = _nonce_ct.clone().split_off(16); // 16*u8 = 128 Bit
-    let nonce: [u8; 16] = match _nonce_ct[..16].try_into() { // first 16 bytes are nonce i.e. [nonce|ciphertext]
+    let ciphertext = _nonce_ct.clone().split_off(12); // 12*u8 = 96 Bit
+    let nonce_vec: [u8; 12] = match _nonce_ct[..12].try_into() { // first 12 bytes are nonce i.e. [nonce|ciphertext]
         Ok(iv) => iv,
         Err(_) => return Err(RabeError::new("Error extracting IV from ciphertext: Expected an IV of 16 bytes")), // this REALLY shouldn't happen.
     };
-    let key = kdf(_msg);
-    let key_ga = GenericArray::from_slice(key.as_slice());
-    let cipher = Eax::<Aes256>::new(key_ga);
-    let nonce = GenericArray::from_slice(nonce.as_ref());
+    // 256bit key hashed/derived from _msg G
+    let kdf = kdf(_msg);
+    let key = Key::from_slice(kdf.as_slice());
+    let cipher = Aes256Gcm::new(key);
+    let nonce = Nonce::from_slice(nonce_vec.as_ref());
     match cipher.decrypt(nonce, ciphertext.as_ref()) {
         Ok(data) => Ok(data),
         Err(e) => Err(RabeError::new(&format!("decryption error: {:?}", e.to_string())))