fix: PR review

.pre-commit-config.yaml

@@ -29,7 +29,7 @@ repos:
     rev: v0.33.0
     hooks:
       - id: markdownlint-fix
-        args: [--disable=MD004, --disable=MD013, --disable=MD024, --disable=MD041]
+        args: [--disable=MD004, --disable=MD013, --disable=MD033, --disable=MD024, --disable=MD041]
 
   - repo: https://github.com/Lucas-C/pre-commit-hooks-nodejs
     rev: v1.1.2

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cosmian_findex"
-version = "4.1.0"
+version = "4.0.2"
 authors = [
   "Chloé Hébant <[email protected]>",
   "Bruno Grieder <[email protected]>",
@@ -30,7 +30,7 @@ live_compact = []
 
 [dependencies]
 base64 = "0.21.2"
-cosmian_crypto_core = { git = "https://github.com/Cosmian/crypto_core.git", branch = "findex_integration", features = ["aes", "sha3"] }
+cosmian_crypto_core = { git = "https://github.com/Cosmian/crypto_core.git", branch = "findex_integration", features = ["aes", "sha3", "ser"], default-features = false }
 rand = "0.8"
 tiny-keccak = { version = "2.0.2", features = ["kmac", "sha3"] }
 zeroize = "1.5"

README.md

@@ -21,7 +21,7 @@ Findex is part of Cosmian Cloudproof Encryption.
 - [Building and testing](#building-and-testing)
 - [Findex indexes](#findex-indexes)
   * [Two indexing strategies](#two-indexing-strategies)
-  * [Benchmarks](#benchmarks)
+- [Benchmarks](#benchmarks)
 - [Documentation](#documentation)
 
 <!-- tocstop -->
@@ -164,7 +164,7 @@ Therefore:
 
 ```math
 L_{entry~table} = (L_{uid} + C_e + L_{K_{w_i}} + L_{H_{w_i}} + L_{uid}) \cdot N
-         = 140 \cdot N
+                = 140 \cdot N
 ```
 
 - given $V(w_i)$ the volume of the keyword $w_i$ (i.e. the number of values
@@ -217,80 +217,80 @@ the mixed solution.
 In the other hand, the graph solution optimizes the size of the Chain Table.
 
 <table>
- <tr>
-  <th rowspan=2>Avg locations</th>
-  <th colspan=3>#records</th>
-  <th colspan=3>size (in KB)</th>
-  <th colspan=2>ratio</th>
- </tr>
- <tr>
-  <th>naive</th>
-  <th>mixed</th>
-  <th>graph</th>
-  <th>naive</th>
-  <th>mixed</th>
-  <th>graph</th>
-  <th>mixed / naive</th>
-  <th>graph / naive</th>
- </tr>
- <tr>
-  <td>1</td>
-  <td>49016</td>
-  <td>53058</td>
-  <td>49316</td>
-  <td>6988</td>
-  <td>7564</td>
-  <td>7031</td>
-  <td>1.08</td>
-  <td>1.01</td>
- </tr>
- <tr>
-  <td>2</td>
-  <td>58253</td>
-  <td>57347</td>
-  <td>53526</td>
-  <td>8305</td>
-  <td>8176</td>
-  <td>7631</td>
-  <td>0.98</td>
-  <td>0.92</td>
- </tr>
- <tr>
-  <td>3</td>
-  <td>71455</td>
-  <td>61817</td>
-  <td>57949</td>
-  <td>10187</td>
-  <td>8813</td>
-  <td>8262</td>
-  <td>0.87</td>
-  <td>0.81</td>
- </tr>
- <tr>
-  <td>4</td>
-  <td>80692</td>
-  <td>66671</td>
-  <td>62785</td>
-  <td>11504</td>
-  <td>9505</td>
-  <td>8951</td>
-  <td>0.83</td>
-  <td>0.78</td>
- </tr>
- <tr>
-  <td>5</td>
-  <td>86048</td>
-  <td>72676</td>
-  <td>69014</td>
-  <td>12268</td>
-  <td>10362</td>
-  <td>9839</td>
-  <td>0.84</td>
-  <td>0.80</td>
- </tr>
+  <tr>
+    <th rowspan=2>Avg locations</th>
+    <th colspan=3>#records</th>
+    <th colspan=3>size (in KB)</th>
+    <th colspan=2>ratio</th>
+  </tr>
+  <tr>
+    <th>naive</th>
+    <th>mixed</th>
+    <th>graph</th>
+    <th>naive</th>
+    <th>mixed</th>
+    <th>graph</th>
+    <th>mixed / naive</th>
+    <th>graph / naive</th>
+  </tr>
+  <tr>
+    <td>1</td>
+    <td>49016</td>
+    <td>53058</td>
+    <td>49316</td>
+    <td>6988</td>
+    <td>7564</td>
+    <td>7031</td>
+    <td>1.08</td>
+    <td>1.01</td>
+  </tr>
+  <tr>
+    <td>2</td>
+    <td>58253</td>
+    <td>57347</td>
+    <td>53526</td>
+    <td>8305</td>
+    <td>8176</td>
+    <td>7631</td>
+    <td>0.98</td>
+    <td>0.92</td>
+  </tr>
+  <tr>
+    <td>3</td>
+    <td>71455</td>
+    <td>61817</td>
+    <td>57949</td>
+    <td>10187</td>
+    <td>8813</td>
+    <td>8262</td>
+    <td>0.87</td>
+    <td>0.81</td>
+  </tr>
+  <tr>
+    <td>4</td>
+    <td>80692</td>
+    <td>66671</td>
+    <td>62785</td>
+    <td>11504</td>
+    <td>9505</td>
+    <td>8951</td>
+    <td>0.83</td>
+    <td>0.78</td>
+  </tr>
+  <tr>
+    <td>5</td>
+    <td>86048</td>
+    <td>72676</td>
+    <td>69014</td>
+    <td>12268</td>
+    <td>10362</td>
+    <td>9839</td>
+    <td>0.84</td>
+    <td>0.80</td>
+  </tr>
 </table>
 
-### Benchmarks
+## Benchmarks
 
 The benchmarks presented in this section are run on a Intel(R) Xeon(R) Platinum 8171M CPU @ 2.60GHz.
 

src/chain_table.rs

@@ -23,12 +23,12 @@ use std::{
 use cosmian_crypto_core::{
     bytes_ser_de::{Deserializer, Serializable, Serializer},
     reexport::rand_core::CryptoRngCore,
-    Aes256Gcm, Dem, Instantiable, Nonce, RandomFixedSizeCBytes,
+    Aes256Gcm, Dem, FixedSizeCBytes, Instantiable, Nonce, RandomFixedSizeCBytes,
 };
 
 use crate::{
     error::CoreError as Error,
-    parameters::{Aes256GcmKey, KmacKey},
+    parameters::{DemKey, KmacKey},
     structs::{Block, BlockPrefix, BlockType, Uid},
     KeyingMaterial, CHAIN_TABLE_KEY_DERIVATION_INFO,
 };
@@ -98,13 +98,11 @@ impl<const TABLE_WIDTH: usize, const BLOCK_LENGTH: usize>
     pub fn encrypt(
         &self,
         rng: &mut impl CryptoRngCore,
-        kwi_value: &Aes256GcmKey,
+        kwi_value: &DemKey,
     ) -> Result<Vec<u8>, Error> {
         let nonce = Nonce::new(rng);
         let plaintext = self.serialize()?;
-        let mut result = Vec::with_capacity(
-            nonce.as_bytes().len() + plaintext.len() + Aes256Gcm::ENCRYPTION_OVERHEAD,
-        );
+        let mut result = Vec::with_capacity(plaintext.len() + Aes256Gcm::ENCRYPTION_OVERHEAD);
         result.extend(nonce.as_bytes());
         result.extend(
             Aes256Gcm::new(kwi_value)
@@ -118,7 +116,7 @@ impl<const TABLE_WIDTH: usize, const BLOCK_LENGTH: usize>
     ///
     /// - `kwi_value`   : DEM key used to encrypt the value
     /// - `ciphertext`  : encrypted Chain Table value
-    pub fn decrypt(kwi_value: &Aes256GcmKey, ciphertext: &[u8]) -> Result<Self, Error> {
+    pub fn decrypt(kwi_value: &DemKey, ciphertext: &[u8]) -> Result<Self, Error> {
         let max_ciphertext_length =
             1 + TABLE_WIDTH * (1 + BLOCK_LENGTH) + Aes256Gcm::ENCRYPTION_OVERHEAD;
         if max_ciphertext_length != ciphertext.len() {
@@ -128,8 +126,12 @@ impl<const TABLE_WIDTH: usize, const BLOCK_LENGTH: usize>
                 max_ciphertext_length
             )));
         }
-        let (nonce, ct) = ciphertext.split_at(Aes256Gcm::NONCE_LENGTH);
-        Self::deserialize(&Aes256Gcm::new(kwi_value).decrypt(&Nonce::try_from(nonce)?, ct, None)?)
+        let nonce = Nonce::try_from_slice(&ciphertext[..Aes256Gcm::NONCE_LENGTH])?;
+        Self::deserialize(&Aes256Gcm::new(kwi_value).decrypt(
+            &nonce,
+            &ciphertext[Aes256Gcm::NONCE_LENGTH..],
+            None,
+        )?)
     }
 }
 

src/compact_live.rs

@@ -10,7 +10,7 @@ use cosmian_crypto_core::{
 use crate::{
     chain_table::KwiChainUids,
     entry_table::{EntryTable, EntryTableValue},
-    parameters::Aes256GcmKey,
+    parameters::DemKey,
     structs::{BlockType, ChainData},
     CallbackError, EncryptedTable, Error, FindexCallbacks, FindexCompact, IndexedValue,
     KeyingMaterial, Location, Uid, Uids, UpsertData, CHAIN_TABLE_KEY_DERIVATION_INFO,
@@ -180,7 +180,7 @@ pub trait FindexLiveCompact<
     /// - `encrypted_entry_table`   : encrypted Entry Table
     async fn fetch_chain_data(
         &self,
-        k_value: &Aes256GcmKey,
+        k_value: &DemKey,
         encrypted_entry_table: &EncryptedTable<UID_LENGTH>,
     ) -> Result<
         ChainData<UID_LENGTH>,
@@ -259,7 +259,7 @@ pub trait FindexLiveCompact<
     fn compact_chains(
         &self,
         rng: &mut impl CryptoRngCore,
-        k_value: &Aes256GcmKey,
+        k_value: &DemKey,
         noise: &HashSet<Uid<UID_LENGTH>>,
         noisy_remaining_locations: &HashSet<Location>,
         noisy_encrypted_entry_table: &EncryptedTable<UID_LENGTH>,
@@ -330,7 +330,7 @@ pub trait FindexLiveCompact<
     async fn live_compact_uids(
         &mut self,
         rng: &mut impl CryptoRngCore,
-        k_value: &Aes256GcmKey,
+        k_value: &DemKey,
         mixed_uids: HashSet<Uid<UID_LENGTH>>,
         noise_uids: &HashSet<Uid<UID_LENGTH>>,
     ) -> Result<(), Error<CustomError>> {

src/entry_table.rs

@@ -13,13 +13,13 @@ use std::{
 use cosmian_crypto_core::{
     bytes_ser_de::{Deserializer, Serializer},
     reexport::rand_core::CryptoRngCore,
-    Aes256Gcm, Dem, Instantiable, Nonce, RandomFixedSizeCBytes,
+    Aes256Gcm, Dem, FixedSizeCBytes, Instantiable, Nonce, RandomFixedSizeCBytes,
 };
 
 use crate::{
     chain_table::{ChainTable, ChainTableValue},
     error::CoreError as Error,
-    parameters::{Aes256GcmKey, KmacKey, KMAC_KEY_LENGTH},
+    parameters::{DemKey, KmacKey, KMAC_KEY_LENGTH},
     structs::{BlockType, EncryptedTable, IndexedValue, KeywordHash, Label, Uid},
     KeyingMaterial, Keyword, CHAIN_TABLE_KEY_DERIVATION_INFO,
 };
@@ -70,7 +70,7 @@ impl<const UID_LENGTH: usize, const KWI_LENGTH: usize> EntryTableValue<UID_LENGT
     /// - `kwi_uid` : KMAC key used to generate Chain Table UIDs.
     pub(crate) fn next_chain_table_uid<const CHAIN_TABLE_WITH: usize, const BLOCK_LENGTH: usize>(
         &mut self,
-        kwi_uid: &Aes256GcmKey,
+        kwi_uid: &KmacKey,
     ) -> &Uid<UID_LENGTH> {
         let new_uid = match &self.chain_table_uid {
             Some(old_uid) => {
@@ -106,7 +106,7 @@ impl<const UID_LENGTH: usize, const KWI_LENGTH: usize> EntryTableValue<UID_LENGT
         const KMAC_KEY_LENGTH: usize,
     >(
         &mut self,
-        kwi_uid: &Aes256GcmKey,
+        kwi_uid: &DemKey,
         insertion_type: BlockType,
         indexed_value: &IndexedValue,
         chain_table: &mut ChainTable<UID_LENGTH, CHAIN_TABLE_WIDTH, BLOCK_LENGTH>,
@@ -155,7 +155,7 @@ impl<const UID_LENGTH: usize, const KWI_LENGTH: usize> EntryTableValue<UID_LENGT
     pub(crate) fn encrypt(
         &self,
         rng: &mut impl CryptoRngCore,
-        k_value: &Aes256GcmKey,
+        k_value: &DemKey,
     ) -> Result<Vec<u8>, Error> {
         let mut ser = Serializer::new();
         if let Some(chain_table_uid) = &self.chain_table_uid {
@@ -168,9 +168,7 @@ impl<const UID_LENGTH: usize, const KWI_LENGTH: usize> EntryTableValue<UID_LENGT
         let plaintext = ser.finalize();
 
         let nonce = Nonce::new(rng);
-        let mut result = Vec::with_capacity(
-            nonce.as_bytes().len() + plaintext.len() + Aes256Gcm::ENCRYPTION_OVERHEAD,
-        );
+        let mut result = Vec::with_capacity(plaintext.len() + Aes256Gcm::ENCRYPTION_OVERHEAD);
         result.extend(nonce.as_bytes());
         result.extend(
             Aes256Gcm::new(k_value)
@@ -185,9 +183,13 @@ impl<const UID_LENGTH: usize, const KWI_LENGTH: usize> EntryTableValue<UID_LENGT
     ///
     /// - `k_value`     : `K_value`
     /// - `ciphertext`  : encrypted entry table value
-    pub(crate) fn decrypt(k_value: &Aes256GcmKey, ciphertext: &[u8]) -> Result<Self, Error> {
-        let (nonce, ct) = ciphertext.split_at(Aes256Gcm::NONCE_LENGTH);
-        let bytes = Aes256Gcm::new(k_value).decrypt(&Nonce::try_from(nonce)?, ct, None)?;
+    pub(crate) fn decrypt(k_value: &DemKey, ciphertext: &[u8]) -> Result<Self, Error> {
+        let nonce = Nonce::try_from_slice(&ciphertext[..Aes256Gcm::NONCE_LENGTH])?;
+        let bytes = Aes256Gcm::new(k_value).decrypt(
+            &nonce,
+            &ciphertext[Aes256Gcm::NONCE_LENGTH..],
+            None,
+        )?;
         let mut de = Deserializer::new(&bytes);
 
         let chain_table_uid = de.read_array::<UID_LENGTH>()?;
@@ -335,7 +337,7 @@ impl<const UID_LENGTH: usize, const KWI_LENGTH: usize> EntryTable<UID_LENGTH, KW
     /// - `k_value`                 : DEM key
     /// - `encrypted_entry_table`   : encrypted Entry Table
     pub fn decrypt(
-        k_value: &Aes256GcmKey,
+        k_value: &DemKey,
         encrypted_entry_table: &EncryptedTable<UID_LENGTH>,
     ) -> Result<Self, Error> {
         let mut entry_table = Self::with_capacity(encrypted_entry_table.len());
@@ -365,7 +367,7 @@ impl<const UID_LENGTH: usize, const KWI_LENGTH: usize> EntryTable<UID_LENGTH, KW
     pub fn encrypt(
         &self,
         rng: &mut impl CryptoRngCore,
-        k_value: &Aes256GcmKey,
+        k_value: &DemKey,
     ) -> Result<EncryptedTable<UID_LENGTH>, Error> {
         let mut encrypted_entry_table = EncryptedTable::with_capacity(self.len());
         for (k, v) in self.iter() {

src/keys.rs

@@ -8,7 +8,7 @@ use cosmian_crypto_core::{
 };
 use zeroize::{Zeroize, ZeroizeOnDrop};
 
-use crate::parameters::{Aes256GcmKey, KmacKey};
+use crate::parameters::{DemKey, KmacKey};
 
 /// Keying Material (KM) used to derive Findex keys.
 #[must_use]
@@ -47,7 +47,7 @@ impl<const LENGTH: usize> KeyingMaterial<LENGTH> {
     /// The input key material should be of at least 128 bits in order to
     /// guarantee the 128 bits of security.
     #[must_use]
-    pub fn derive_dem_key(&self, info: &[u8]) -> Aes256GcmKey {
+    pub fn derive_dem_key(&self, info: &[u8]) -> DemKey {
         let mut sk = SymmetricKey::default();
         kdf256!(&mut sk, self, info, b"DEM key");
         sk