Updated dependencies. Removed useless zeroize.

This commit is contained in:
umgefahren 2022-07-11 16:23:42 +02:00
parent ae6673cb48
commit 6aaae1bea4
8 changed files with 19 additions and 51 deletions

5
.gitignore vendored
View file

@ -1,5 +1,2 @@
/target /target
Cargo.lock /.idea
/.idea/.gitignore
/.idea/double-ratchet-2.iml
/.idea/vcs.xml

View file

@ -17,20 +17,18 @@ maintenance = { status = "actively-developed" }
[dependencies] [dependencies]
p256 = {version = "0.9", features = ["zeroize", "ecdh", "arithmetic", "pem", "jwk"]} p256 = {version = "0.10", features = ["ecdh", "arithmetic", "pem", "jwk"]}
rand_core = {version = "0.6"} rand_core = {version = "0.6"}
getrandom = {version = "0.2.3"} getrandom = {version = "0.2.3"}
hkdf = "0.11.0" hkdf = "0.12"
hmac = "0.11.0" hmac = "0.12"
aes-gcm-siv = {version = "0.10.3"} aes-gcm-siv = {version = "0.10.3"}
ring-compat = {version = "0.4.0", optional = true, features = ["digest"]} sha2 = {version = "0.10"}
sha2 = {version = "0.9.5", optional = true} serde = {version = "1", default-features = false, features = ["derive"]}
serde = {version = "1.0.125", default-features = false, features = ["derive"]} serde_bytes = "0.11"
serde_bytes = "0.11.5" bincode = "1"
bincode = "1.3.3"
hashbrown = {version = "0.12", features = ["serde"]} hashbrown = {version = "0.12", features = ["serde"]}
zeroize = {version = "1.3", features = ["zeroize_derive"]} zeroize = {version = "1.3", features = ["zeroize_derive"]}
const-oid = "0.7.0"
[dev-dependencies] [dev-dependencies]
criterion = "0.3.4" criterion = "0.3.4"
@ -41,9 +39,6 @@ harness = false
[profile.release] [profile.release]
lto = true lto = true
opt-level = 3
[features] [features]
default = ["sha2"]
ring = ["ring-compat/digest"]
wasm = ["getrandom/js"] wasm = ["getrandom/js"]

View file

@ -8,27 +8,12 @@ use alloc::vec::Vec;
use alloc::string::ToString; use alloc::string::ToString;
use p256::elliptic_curve::ecdh::diffie_hellman; use p256::elliptic_curve::ecdh::diffie_hellman;
use zeroize::Zeroize;
#[derive(Clone)] #[derive(Clone)]
pub struct DhKeyPair { pub struct DhKeyPair {
pub private_key: SecretKey, pub private_key: SecretKey,
pub public_key: PublicKey, pub public_key: PublicKey,
} }
impl Drop for DhKeyPair {
fn drop(&mut self) {
self.private_key = SecretKey::random(&mut OsRng);
self.public_key = self.private_key.public_key();
}
}
impl Zeroize for DhKeyPair {
fn zeroize(&mut self) {
self.private_key = SecretKey::random(&mut OsRng);
self.public_key = self.private_key.public_key();
}
}
impl DhKeyPair { impl DhKeyPair {
fn ex_public_key_bytes(&self) -> Vec<u8> { fn ex_public_key_bytes(&self) -> Vec<u8> {
@ -38,7 +23,7 @@ impl DhKeyPair {
impl PartialEq for DhKeyPair { impl PartialEq for DhKeyPair {
fn eq(&self, other: &Self) -> bool { fn eq(&self, other: &Self) -> bool {
if self.private_key.to_bytes() != other.private_key.to_bytes() { if self.private_key.to_be_bytes() != other.private_key.to_be_bytes() {
return false return false
} }
if self.ex_public_key_bytes() != other.ex_public_key_bytes() { if self.ex_public_key_bytes() != other.ex_public_key_bytes() {
@ -51,7 +36,7 @@ impl PartialEq for DhKeyPair {
impl Debug for DhKeyPair { impl Debug for DhKeyPair {
fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
f.debug_struct("DhKeyPair") f.debug_struct("DhKeyPair")
.field("private_key", &self.private_key.to_bytes()) .field("private_key", &self.private_key.to_be_bytes())
.field("public_key", &self.ex_public_key_bytes()) .field("public_key", &self.ex_public_key_bytes())
.finish() .finish()
} }
@ -74,7 +59,7 @@ impl DhKeyPair {
} }
pub fn key_agreement(&self, public_key: &PublicKey) -> SharedSecret { pub fn key_agreement(&self, public_key: &PublicKey) -> SharedSecret {
diffie_hellman(self.private_key.to_secret_scalar(), public_key.as_affine()) diffie_hellman(self.private_key.to_nonzero_scalar(), public_key.as_affine())
} }
} }

View file

@ -1,9 +1,5 @@
use hmac::{Hmac, Mac, NewMac}; use hmac::{Hmac, Mac};
#[cfg(feature = "ring")]
use ring_compat::digest::Sha512;
#[cfg(not(feature = "ring"))]
use sha2::Sha512; use sha2::Sha512;
use core::convert::TryInto; use core::convert::TryInto;

View file

@ -1,10 +1,7 @@
use hkdf::Hkdf; use hkdf::Hkdf;
#[cfg(feature = "ring")]
use ring_compat::digest::Sha512;
#[cfg(not(feature = "ring"))]
use sha2::Sha512; use sha2::Sha512;
use core::convert::TryInto; use core::convert::TryInto;

View file

@ -119,7 +119,7 @@
//! # let shared_nhkb = [2; 32]; //! # let shared_nhkb = [2; 32];
//! let (bob_ratchet, public_key) = RatchetEncHeader::init_bob(sk, shared_hka, shared_nhkb); //! let (bob_ratchet, public_key) = RatchetEncHeader::init_bob(sk, shared_hka, shared_nhkb);
//! let ex_ratchet = bob_ratchet.export(); //! let ex_ratchet = bob_ratchet.export();
//! let im_ratchet = RatchetEncHeader::import(&ex_ratchet); //! let im_ratchet = RatchetEncHeader::import(&ex_ratchet).unwrap();
//! assert_eq!(im_ratchet, bob_ratchet) //! assert_eq!(im_ratchet, bob_ratchet)
//! ``` //! ```
//! //!

View file

@ -33,7 +33,6 @@ pub struct Ratchet {
impl Drop for Ratchet { impl Drop for Ratchet {
fn drop(&mut self) { fn drop(&mut self) {
self.dhs.zeroize();
if let Some(mut _d) = self.dhr { if let Some(mut _d) = self.dhr {
let sk = SecretKey::random(&mut OsRng); let sk = SecretKey::random(&mut OsRng);
_d = sk.public_key() _d = sk.public_key()
@ -182,7 +181,6 @@ pub struct RatchetEncHeader {
impl Zeroize for RatchetEncHeader { impl Zeroize for RatchetEncHeader {
fn zeroize(&mut self) { fn zeroize(&mut self) {
self.dhs.zeroize();
self.rk.zeroize(); self.rk.zeroize();
self.cks.zeroize(); self.cks.zeroize();
self.ckr.zeroize(); self.ckr.zeroize();
@ -225,7 +223,7 @@ impl From<&RatchetEncHeader> for ExRatchetEncHeader {
fn from(reh: &RatchetEncHeader) -> Self { fn from(reh: &RatchetEncHeader) -> Self {
let private_dhs = reh.dhs.private_key.to_jwk_string(); let private_dhs = reh.dhs.private_key.to_jwk_string();
let public_dhs = reh.dhs.public_key.to_jwk_string(); let public_dhs = reh.dhs.public_key.to_jwk_string();
let dhs = (private_dhs, public_dhs); let dhs = (private_dhs.to_string(), public_dhs);
let dhr = reh.dhr.map(|e| e.to_jwk_string()); let dhr = reh.dhr.map(|e| e.to_jwk_string());
let rk = reh.rk; let rk = reh.rk;
let cks = reh.cks; let cks = reh.cks;
@ -441,8 +439,8 @@ impl RatchetEncHeader {
} }
/// Import the ratchet from Binary data. Panics when binary data is invalid. /// Import the ratchet from Binary data. Panics when binary data is invalid.
pub fn import(inp: &[u8]) -> Self { pub fn import(inp: &[u8]) -> Option<Self> {
let ex: ExRatchetEncHeader = bincode::deserialize(inp).unwrap(); let ex: ExRatchetEncHeader = bincode::deserialize(inp).ok()?;
RatchetEncHeader::from(&ex) Some(RatchetEncHeader::from(&ex))
} }
} }

View file

@ -189,10 +189,10 @@ fn import_export() {
let alice_ratchet = RatchetEncHeader::init_alice(sk, public_key, shared_hka, shared_nhkb); let alice_ratchet = RatchetEncHeader::init_alice(sk, public_key, shared_hka, shared_nhkb);
let ex_bob_ratchet = bob_ratchet.export(); let ex_bob_ratchet = bob_ratchet.export();
let in_bob_ratchet = RatchetEncHeader::import(&ex_bob_ratchet); let in_bob_ratchet = RatchetEncHeader::import(&ex_bob_ratchet).unwrap();
assert_eq!(in_bob_ratchet, bob_ratchet); assert_eq!(in_bob_ratchet, bob_ratchet);
let ex_alice_ratchet = alice_ratchet.export(); let ex_alice_ratchet = alice_ratchet.export();
let in_alice_ratchet = RatchetEncHeader::import(&ex_alice_ratchet); let in_alice_ratchet = RatchetEncHeader::import(&ex_alice_ratchet).unwrap();
assert_eq!(in_alice_ratchet, alice_ratchet); assert_eq!(in_alice_ratchet, alice_ratchet);
} }