securedrop_protocol_minimal/primitives/

xwing.rs

use crate::primitives::provider::hpke_rs::{HpkePrivateKey, HpkePublicKey};
use crate::primitives::provider::kem::{PrivateKey, PublicKey};
use rand_core::{CryptoRng, RngCore};

// From: https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/#name-encoding-and-sizes
pub const XWING_PUBLIC_KEY_LEN: usize = 1216;
pub(crate) const XWING_PRIVATE_KEY_LEN: usize = 32;
pub(crate) const LEN_XWING_SHAREDSECRET_ENCAPS: usize = 1120;

/// XWING public key.
#[derive(Debug, Clone)]
pub(crate) struct XWingPublicKey([u8; XWING_PUBLIC_KEY_LEN]);

/// XWING private key.
#[derive(Debug, Clone)]
pub(crate) struct XWingPrivateKey([u8; XWING_PRIVATE_KEY_LEN]);

impl XWingPublicKey {
    /// Get the public key as bytes
    pub(crate) fn as_bytes(&self) -> &[u8; XWING_PUBLIC_KEY_LEN] {
        &self.0
    }

    /// Create from bytes
    pub(crate) fn from_bytes(bytes: [u8; XWING_PUBLIC_KEY_LEN]) -> Self {
        Self(bytes)
    }
}

impl XWingPrivateKey {
    /// Get the private key as bytes
    pub(crate) fn as_bytes(&self) -> &[u8; XWING_PRIVATE_KEY_LEN] {
        &self.0
    }

    /// Create from bytes
    pub(crate) fn from_bytes(bytes: [u8; XWING_PRIVATE_KEY_LEN]) -> Self {
        Self(bytes)
    }
}

impl From<XWingPrivateKey> for HpkePrivateKey {
    fn from(sk: XWingPrivateKey) -> Self {
        HpkePrivateKey::from(sk.0.to_vec())
    }
}

impl From<XWingPublicKey> for HpkePublicKey {
    fn from(pk: XWingPublicKey) -> Self {
        HpkePublicKey::from(pk.0.to_vec())
    }
}

/// Generate XWING keypair from external randomness
/// FOR TEST PURPOSES ONLY
pub(crate) fn deterministic_keygen(
    randomness: [u8; 32],
) -> Result<(XWingPrivateKey, XWingPublicKey), anyhow::Error> {
    use crate::primitives::provider::kem::{Algorithm, key_gen_derand};

    // Generate XWING keypair using libcrux_kem with deterministic randomness
    let (sk, pk) = key_gen_derand(Algorithm::XWingKemDraft06, &randomness)
        .map_err(|e| anyhow::anyhow!("XWING deterministic key generation failed: {:?}", e))?;

    typed(sk, pk)
}

#[cfg_attr(hax, hax_lib::fstar::verification_status(lax))]
/// Helper, convert libcrux type to our key types
fn typed(
    sk: PrivateKey,
    pk: PublicKey,
) -> Result<(XWingPrivateKey, XWingPublicKey), anyhow::Error> {
    // Convert to our types
    let private_key_bytes = sk.encode();
    let public_key_bytes = pk.encode();

    // Validate key sizes (XWING should have consistent sizes)
    if private_key_bytes.len() != XWING_PRIVATE_KEY_LEN
        || public_key_bytes.len() != XWING_PUBLIC_KEY_LEN
    {
        // 1. This branch is skipped if the conditions are met dynamically.
        //
        // 2. Implication: this branch is *unreachable* based on the
        //    postconditions of `encode()` assumed (in the stub) or subsequently
        //    proven (by the crate itself).
        //
        // 3. Implication: this conditional and the error-handling below are
        //    unnecessary if the postconditions of `encode()` are proven (by the
        //    crate itself), and this function can return `(private_key,
        //    public_key)` directly, without wrapping it in a `Result`.
        return Err(anyhow::anyhow!(
            "Unexpected XWING key sizes: private={}, public={}",
            private_key_bytes.len(),
            public_key_bytes.len()
        ));
    }

    let private_key = XWingPrivateKey::from_bytes(
        private_key_bytes
            .try_into()
            .map_err(|_| anyhow::anyhow!("Failed to convert private key bytes"))?,
    );
    let public_key = XWingPublicKey::from_bytes(
        public_key_bytes
            .try_into()
            .map_err(|_| anyhow::anyhow!("Failed to convert public key bytes"))?,
    );

    Ok((private_key, public_key))
}

/// Generate a new XWING keypair using libcrux_kem
pub(crate) fn generate_xwing_keypair<R: RngCore + CryptoRng>(
    rng: &mut R,
) -> Result<(XWingPrivateKey, XWingPublicKey), anyhow::Error> {
    use crate::primitives::provider::kem::{Algorithm, key_gen};

    // Generate XWING keypair using libcrux_kem
    let (sk, pk) = key_gen(Algorithm::XWingKemDraft06, rng)
        .map_err(|e| anyhow::anyhow!("XWING key generation failed: {:?}", e))?;

    typed(sk, pk)
}

#[cfg(test)]
mod tests {
    use super::*;
    use proptest::prelude::*;
    use rand_chacha::ChaCha20Rng;
    use rand_core::SeedableRng;

    #[test]
    fn test_xwing_key_generation() {
        let mut rng = ChaCha20Rng::seed_from_u64(42);

        let (private_key, public_key) =
            generate_xwing_keypair(&mut rng).expect("Should generate XWING keypair");
    }

    #[test]
    fn test_xwing_key_serialization() {
        let mut rng = ChaCha20Rng::seed_from_u64(42);

        let (private_key, public_key) =
            generate_xwing_keypair(&mut rng).expect("Should generate XWING keypair");

        // Test round-trip serialization
        let private_bytes = *private_key.as_bytes();
        let public_bytes = *public_key.as_bytes();

        let reconstructed_private = XWingPrivateKey::from_bytes(private_bytes);
        let reconstructed_public = XWingPublicKey::from_bytes(public_bytes);

        assert_eq!(private_key.as_bytes(), reconstructed_private.as_bytes());
        assert_eq!(public_key.as_bytes(), reconstructed_public.as_bytes());
    }

    #[test]
    fn test_deterministic_keygen() {
        proptest!(|(randomness in proptest::array::uniform32(any::<u8>()).prop_filter("exclude zero", |arr| arr != &[0u8; 32]))| {
            let (private_key, public_key) = deterministic_keygen(randomness.try_into().unwrap()).unwrap();
        });
    }
}