diff --git a/Cargo.toml b/Cargo.toml index 97c2041e..8b02188a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,4 +9,5 @@ members = [ "magma", "rc2", "twofish", + "hctr", ] diff --git a/README.md b/README.md index 6fcfdf93..6a4dfe53 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Collection of [block ciphers][1] and [block modes][2] written in pure Rust. ## Warnings -Currently only AES crates provide constant-time implementations. +Currently only AES and HCTR crates provide constant-time implementations. If you do not really know what you are doing it's generally recommended not to use other cipher implementations in this repository. @@ -24,6 +24,7 @@ cryptographic and security reviews. | [Magma](https://en.wikipedia.org/wiki/GOST_(block_cipher)) | GOST 28147-89 and GOST R 34.12-2015 | `magma` | [![crates.io](https://img.shields.io/crates/v/magma.svg)](https://crates.io/crates/magma) | [![Documentation](https://docs.rs/magma/badge.svg)](https://docs.rs/magma) | | [RC2](https://en.wikipedia.org/wiki/RC2) | ARC2 | `rc2` | [![crates.io](https://img.shields.io/crates/v/rc2.svg)](https://crates.io/crates/rc2) | [![Documentation](https://docs.rs/rc2/badge.svg)](https://docs.rs/rc2) | | [Twofish](https://en.wikipedia.org/wiki/Twofish) | | `twofish` | [![crates.io](https://img.shields.io/crates/v/twofish.svg)](https://crates.io/crates/twofish) | [![Documentation](https://docs.rs/twofish/badge.svg)](https://docs.rs/twofish) | +| [HCTR](http://delta.cs.cinvestav.mx/~debrup/hctr.pdf) | | `hctr` | [![crates.io](https://img.shields.io/crates/v/hctr.svg)](https://crates.io/crates/hctr) | [![Documentation](https://docs.rs/hctr/badge.svg)](https://docs.rs/hctr) | ### Additional crates | Crate name | crates.io | Docs | diff --git a/hctr/Cargo.toml b/hctr/Cargo.toml new file mode 100644 index 00000000..7693778b --- /dev/null +++ b/hctr/Cargo.toml @@ -0,0 +1,60 @@ +[package] +name = "hctr" +version = "0.0.0" +authors = ["RustCrypto Developers"] +edition = "2018" +license = "MIT OR Apache-2.0" +description = "HCTR implementation using Aes128 and Polyval." +documentation = "https://docs.rs/hctr" +repository = "https://github.com/RustCrypto/block-ciphers" +keywords = ["crypto", "hctr", "aes", "polyval", "block-cipher"] +categories = ["cryptography", "no-std"] + +[[bench]] +name = "hctr" +harness = false + +[features] +default = ["aes", "polyval"] +extended-bench = ["aez", "aesni"] + +[dependencies.block-cipher-trait] +version = "0.6.2" +default-features = false + +[dependencies.ctr] +version = "0.3.2" +default-features = false + +[dependencies.universal-hash] +version = "0.2.0" +default-features = false + +[dependencies.aes] +version = "0.3.2" +default-features = false +optional = true + +[dependencies.polyval] +version = "0.1.0" +optional = true +default-features = false + +# extended-benchmark only. these are not used by hctr. +[dependencies.aesni] +version = "0.6.0" +default-features = false +features = ["ctr"] +optional = true + +[dependencies.aez] +version = "0.0.6" +optional = true + +[dev-dependencies.criterion] +version = "0.3.0" +default-features = false + +[dev-dependencies.criterion-cycles-per-byte] +version = "0.1.1" +default-features = false diff --git a/hctr/LICENSE-APACHE b/hctr/LICENSE-APACHE new file mode 100644 index 00000000..8dada3ed --- /dev/null +++ b/hctr/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/hctr/LICENSE-MIT b/hctr/LICENSE-MIT new file mode 100644 index 00000000..ab7652a7 --- /dev/null +++ b/hctr/LICENSE-MIT @@ -0,0 +1,18 @@ +Copyright (c) 2019 The SiO4 Developers + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/hctr/benches/hctr.rs b/hctr/benches/hctr.rs new file mode 100644 index 00000000..3db20c09 --- /dev/null +++ b/hctr/benches/hctr.rs @@ -0,0 +1,99 @@ +use criterion::{ + criterion_group, criterion_main, BenchmarkId, Criterion, Throughput, +}; +use criterion_cycles_per_byte::CyclesPerByte; + +#[cfg(feature = "aes")] +use aes::{block_cipher_trait::BlockCipher, Aes128}; +#[cfg(feature = "aes")] +use ctr::{stream_cipher::SyncStreamCipher, Ctr128}; +#[cfg(feature = "polyval")] +use polyval::{universal_hash::UniversalHash, Polyval}; + +#[cfg(all(feature = "aes", feature = "polyval"))] +use hctr::{Aes128HctrPolyval, WideSPRP}; + +const KB: usize = 1024; + +fn throughput(c: &mut Criterion) { + let mut group = c.benchmark_group("throughput"); + + for size in [KB, 2 * KB, 4 * KB, 8 * KB, 16 * KB].into_iter() { + let mut buf = vec![0; *size]; + + group.throughput(Throughput::Bytes(*size as u64)); + + group.bench_function(BenchmarkId::new("memcpy", size), |b| { + b.iter(|| buf.clone()) + }); + + #[cfg(feature = "aes")] + group.bench_function(BenchmarkId::new("aes-ctr", size), |b| { + let cipher = Aes128::new(&Default::default()); + b.iter(|| { + Ctr128::from_cipher(cipher.clone(), &Default::default()) + .apply_keystream(&mut buf) + }) + }); + + #[cfg(feature = "polyval")] + group.bench_function(BenchmarkId::new("polyval", size), |b| { + let mut polyval = Polyval::new(&Default::default()); + b.iter(|| { + polyval.update_padded(&buf); + polyval.result_reset() + }) + }); + + #[cfg(all(feature = "aes", feature = "polyval"))] + { + group.bench_function(BenchmarkId::new("hctr-seal", size), |b| { + let hctr = Aes128HctrPolyval::new(&Default::default()); + b.iter(|| hctr.seal_in_place(&mut buf, &[])) + }); + group.bench_function(BenchmarkId::new("hctr-open", size), |b| { + let hctr = Aes128HctrPolyval::new(&Default::default()); + b.iter(|| hctr.open_in_place(&mut buf, &[])) + }); + } + + #[cfg(feature = "extended-bench")] + { + // FIXME: remove after aesni[ctr] performance isn't better than aes+ctr + group.bench_function(BenchmarkId::new("aesni-ctr", size), |b| { + use aesni::Aes128Ctr; + use ctr::stream_cipher::NewStreamCipher; + b.iter(|| { + let mut aes = Aes128Ctr::new( + &Default::default(), + &Default::default(), + ); + aes.apply_keystream(&mut buf) + }) + }); + + group.bench_function(BenchmarkId::new("aez-encrypt", size), |b| { + let aez = aez::Aez::new(&[0u8; 48]); + let mut out = vec![0; *size]; + b.iter(|| aez.encrypt(&[0], &[], &buf, &mut out)) + }); + + group.bench_function(BenchmarkId::new("aez-decrypt", size), |b| { + let aez = aez::Aez::new(&[0u8; 48]); + let mut ct = vec![0; *size]; + aez.encrypt(&[0], &[], &buf, &mut ct); + let mut pt = vec![0; *size]; + b.iter(|| aez.decrypt(&[0], &[], &ct, &mut pt).unwrap()) + }); + } + } + + group.finish(); +} + +criterion_group!( + name = throughput_cpb; + config = Criterion::default().with_measurement(CyclesPerByte); + targets = throughput +); +criterion_main!(throughput_cpb); diff --git a/hctr/src/lib.rs b/hctr/src/lib.rs new file mode 100644 index 00000000..54a9da50 --- /dev/null +++ b/hctr/src/lib.rs @@ -0,0 +1,229 @@ +#![no_std] +#![forbid(unsafe_code)] +#![warn(missing_docs)] + +//! [HCTR](http://delta.cs.cinvestav.mx/~debrup/hctr.pdf): A Variable-Input-Length Enciphering +//! Mode. +//! +//! > HCTR turns an n-bit blockcipher into a tweakable blockcipher that supports arbitrary +//! > variable input length which is no less than n bits. The tweak length of HCTR is fixed and +//! > can be zero. +//! +//! This `Hctr` implementation is generic over the `BlockCipher` and `UniversalHash` functions, +//! such that the `BlockSize` of the `BlockCipher` is equal to the `OutputSize` of the +//! `UniversalHash`, and that the `UniversalHash` meets the additional constraints outlined in +//! the HCTR paper. Additionally, the payload must be at least as large as the `BlockSize` of the +//! provided `BlockCipher`. +//! +//! The tweak length may be variable if the AXU supports it, such as Polyval. +//! +//! ## Unstable +//! +//! There is currently no TweakableBlockCipher trait for HCTR to implement, thus its interface +//! is unstable until one exists. +//! +//! ## Recommendations +//! +//! If the optional, and default, features "aes" and "polyval" are enabled; the recommended +//! HCTR instantiation is available as `Aes128HctrPolyval`. +//! +//! If your target hardware supports accelerating either or both AES and Carryless Multiplication, +//! make sure to enable the respective CPU target features for the best performance on your +//! machine. +//! +//! `RUSTFLAGS="-Ctarget-cpu=native -Ctarget-feature=+aes,+sse2" cargo bench` +//! +//! ```rust +//! # #[cfg(all(feature = "aes", feature = "polyval"))] +//! # { +//! use hctr::Aes128HctrPolyval as Hctr; +//! # let secret_key = Default::default(); +//! +//! let hctr = Hctr::new(secret_key); +//! let mut buf = *b"Hello world! This message must be at least `BlockSize` large."; +//! hctr.seal_in_place(&mut buf, b"a variable length byte string as the tweak."); +//! hctr.open_in_place(&mut buf, b"a variable length byte string as the tweak."); +//! assert_eq!(&buf[..], &b"Hello world! This message must be at least `BlockSize` large."[..]); +//! # } +//! ``` + +use block_cipher_trait::{ + generic_array::{ + typenum::{Sum, Unsigned, U16}, + ArrayLength, GenericArray, + }, + BlockCipher, +}; +use ctr::{stream_cipher::SyncStreamCipher, Ctr128}; +use universal_hash::UniversalHash; + +#[cfg(feature = "aes")] +use aes::Aes128; +#[cfg(feature = "polyval")] +use polyval::Polyval; + +#[derive(Clone)] +/// See crate level documentation. +pub struct Hctr { + cipher: C, + hasher: H, +} + +#[cfg(all(feature = "aes", feature = "polyval"))] +/// HCTR instantiated using `Aes128` and `Polyval`. The recommended instantiation. Requires the +/// default features "aes" and "polyval". +pub type Aes128HctrPolyval = Hctr; + +fn xor_in_place(a: &mut [u8], b: &[u8]) { + assert_eq!(a.len(), b.len()); + + for (a, b) in a.iter_mut().zip(b) { + *a ^= *b; + } +} + +/// A wide strong pseudorandom permutation +pub trait WideSPRP { + /// How large the key must be + type KeySize: ArrayLength; + + /// Create a new wide-SPRP instance. + fn new(key: &GenericArray) -> Self; + /// Encrypt a message in-place with a tweak. + fn seal_in_place(&self, buf: &mut [u8], tweak: &[u8]); + /// Decrypt a message in-place with a tweak. + fn open_in_place(&self, buf: &mut [u8], tweak: &[u8]); + + /// Enc/decrypt multiple Wide SPRP layers with independent tweaks. This is especially + /// useful for onion routers and mixnets. + fn process_layers(states: &[(&Self, bool, &[u8])], buf: &mut [u8]) { + for (cipher, inverse, tweak) in states { + if *inverse { + cipher.open_in_place(buf, tweak); + } else { + cipher.seal_in_place(buf, tweak); + } + } + } +} + +impl WideSPRP for Hctr +where + C: BlockCipher + Clone, + C::ParBlocks: ArrayLength>, + C::KeySize: core::ops::Add, + Sum: ArrayLength, + Ctr128: SyncStreamCipher, + H: UniversalHash, +{ + type KeySize = Sum; + + fn new(key: &GenericArray) -> Self { + let (a, b) = key.split_at(C::KeySize::to_usize()); + Hctr { + cipher: C::new(GenericArray::from_slice(a)), + hasher: H::new(GenericArray::from_slice(b)), + } + } + + fn seal_in_place(&self, buf: &mut [u8], tweak: &[u8]) { + Self::process_layers(&[(self, false, tweak)], buf); + } + + fn open_in_place(&self, buf: &mut [u8], tweak: &[u8]) { + Self::process_layers(&[(self, true, tweak)], buf); + } + + fn process_layers(states: &[(&Self, bool, &[u8])], buf: &mut [u8]) { + assert!( + buf.len() >= C::BlockSize::to_usize(), + "message must be at least as large as the BlockCipher::BlockSize." + ); + let mut states = states.into_iter(); + + let (l, r) = buf.split_at_mut(C::BlockSize::to_usize()); + + let mut curr = states.next(); + let mut next = states.next(); + + if let Some((hctr1, _, tweak1)) = curr { + // phase 1 (curr): L ^= H(R, T) + let mut hasher1 = hctr1.hasher.clone(); + hasher1.update_padded(r); + hasher1.update_padded(tweak1); + xor_in_place(l, &hasher1.result_reset().into_bytes()); + + while let Some((hctr1, inverse, tweak1)) = curr.take() { + // phase 2a (curr): L' = E(L) + let mut internal_nonce = GenericArray::clone_from_slice(l); + + if *inverse { + hctr1.cipher.decrypt_block(GenericArray::from_mut_slice(l)); + } else { + hctr1.cipher.encrypt_block(GenericArray::from_mut_slice(l)); + } + + // phase 2b (curr): K = L ^ L' + xor_in_place(&mut *internal_nonce, l); + + // phase 2c (curr): R = Ctr(K, R) + Ctr128::from_cipher(hctr1.cipher.clone(), &internal_nonce) + .apply_keystream(r); + + // phase 3 (curr): L ^= H(R, T) + // phase 1 (next): L ^= H(R, T) + if let Some((hctr2, _, tweak2)) = next { + let mut hasher2 = hctr2.hasher.clone(); + for chunk in r.chunks_mut( + C::BlockSize::to_usize() * C::ParBlocks::to_usize(), + ) { + hasher1.update_padded(chunk); + hasher2.update_padded(chunk); + } + hasher1.update_padded(tweak1); + hasher2.update_padded(tweak2); + + xor_in_place(l, &hasher1.result().into_bytes()); + xor_in_place(l, &hasher2.result_reset().into_bytes()); + + hasher1 = hasher2; + + curr = next; + next = states.next(); + } else { + hasher1.update_padded(r); + hasher1.update_padded(tweak1); + xor_in_place(l, &hasher1.result_reset().into_bytes()); + } + } + } + } +} + +#[test] +#[cfg(all(feature = "aes", feature = "polyval"))] +fn weak_sanity_check() { + let hctr = Aes128HctrPolyval::new(&Default::default()); + let a = include_bytes!("../LICENSE-MIT"); + + let mut b = a.to_vec(); + hctr.seal_in_place(&mut b, &[]); + assert_ne!(&a[..], &b[..]); + + // no modifications + let mut c = b.clone(); + hctr.open_in_place(&mut c, &[]); + assert_eq!(&a[..], &c[..]); + + // corrupt first byte + let mut c = b.clone(); + c[0] ^= 1; + hctr.open_in_place(&mut c, &[]); + assert_ne!(&a[..], &c[..]); + + // corrupt 20th byte + let mut c = b.clone(); + c[20] ^= 1; + hctr.open_in_place(&mut c, &[]); + assert_ne!(&a[..], &c[..]); +}