ctr/lib.rs
1//! Generic implementations of [CTR mode][1] for block ciphers.
2//!
3//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ctr_enc.svg" width="49%" />
4//! <img src="https://raw.githubusercontent.com/RustCrypto/media/26acc39f/img/block-modes/ctr_dec.svg" width="49%"/>
5//!
6//! Mode functionality is accessed using traits from re-exported [`cipher`] crate.
7//!
8//! # ⚠️ Security Warning: Hazmat!
9//!
10//! This crate does not ensure ciphertexts are authentic! Thus ciphertext integrity
11//! is not verified, which can lead to serious vulnerabilities!
12//! [AEADs][https://github.com/RustCrypto/AEADs] provide simple authenticated encryption,
13//! which is much less error-prone than manual integrity verification.
14//!
15//! # Example
16//! ```
17//! use aes::cipher::{KeyIvInit, StreamCipher, StreamCipherSeek};
18//! use hex_literal::hex;
19//!
20//! type Aes128Ctr64LE = ctr::Ctr64LE<aes::Aes128>;
21//!
22//! let key = [0x42; 16];
23//! let iv = [0x24; 16];
24//! let plaintext = *b"hello world! this is my plaintext.";
25//! let ciphertext = hex!(
26//! "3357121ebb5a29468bd861467596ce3da59bdee42dcc0614dea955368d8a5dc0cad4"
27//! );
28//!
29//! // encrypt in-place
30//! let mut buf = plaintext.to_vec();
31//! let mut cipher = Aes128Ctr64LE::new(&key.into(), &iv.into());
32//! cipher.apply_keystream(&mut buf);
33//! assert_eq!(buf[..], ciphertext[..]);
34//!
35//! // CTR mode can be used with streaming messages
36//! let mut cipher = Aes128Ctr64LE::new(&key.into(), &iv.into());
37//! for chunk in buf.chunks_mut(3) {
38//! cipher.apply_keystream(chunk);
39//! }
40//! assert_eq!(buf[..], plaintext[..]);
41//!
42//! // CTR mode supports seeking. The parameter is zero-based _bytes_ counter (not _blocks_).
43//! cipher.seek(0u32);
44//!
45//! // encrypt/decrypt from buffer to buffer
46//! // buffer length must be equal to input length
47//! let mut buf1 = [0u8; 34];
48//! cipher
49//! .apply_keystream_b2b(&plaintext, &mut buf1)
50//! .unwrap();
51//! assert_eq!(buf1[..], ciphertext[..]);
52//!
53//! let mut buf2 = [0u8; 34];
54//! cipher.seek(0u32);
55//! cipher.apply_keystream_b2b(&buf1, &mut buf2).unwrap();
56//! assert_eq!(buf2[..], plaintext[..]);
57//! ```
58//!
59//! [1]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CTR
60
61#![no_std]
62#![doc(
63 html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg",
64 html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
65)]
66#![forbid(unsafe_code)]
67#![cfg_attr(docsrs, feature(doc_auto_cfg))]
68#![warn(missing_debug_implementations, missing_docs, rust_2018_idioms)]
69
70mod ctr_core;
71pub mod flavors;
72
73pub use cipher;
74pub use flavors::CtrFlavor;
75
76use cipher::StreamCipherCoreWrapper;
77pub use ctr_core::CtrCore;
78
79/// CTR mode with 128-bit big endian counter.
80pub type Ctr128BE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr128BE>>;
81/// CTR mode with 128-bit little endian counter.
82pub type Ctr128LE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr128LE>>;
83/// CTR mode with 64-bit big endian counter.
84pub type Ctr64BE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr64BE>>;
85/// CTR mode with 64-bit little endian counter.
86pub type Ctr64LE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr64LE>>;
87/// CTR mode with 32-bit big endian counter.
88pub type Ctr32BE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr32BE>>;
89/// CTR mode with 32-bit little endian counter.
90pub type Ctr32LE<B> = StreamCipherCoreWrapper<CtrCore<B, flavors::Ctr32LE>>;