update to use latest rust-crypto traits and modules
This commit is contained in:
Nick Mathewson
parent
c13728eaa2
commit
6264041b77
|
|
@ -10,8 +10,7 @@ publish = false
|
|||
tor-llcrypto = { path="../tor-llcrypto" }
|
||||
|
||||
arrayref = "*"
|
||||
# XXXX why did I have to downgrade?
|
||||
generic-array = "0.12"
|
||||
generic-array = "*"
|
||||
crypto-mac = "*"
|
||||
thiserror = "*"
|
||||
|
||||
|
|
|
|||
|
|
@ -218,21 +218,20 @@ mod rsa_impls {
|
|||
}
|
||||
}
|
||||
|
||||
/// Implement readable and writeable for the MacResult type.
|
||||
/// Implement readable and writeable for the crypto_mac::Output type.
|
||||
mod mac_impls {
|
||||
use super::*;
|
||||
use crypto_mac::MacResult;
|
||||
use generic_array::*;
|
||||
impl<N: ArrayLength<u8>> WriteableOnce for MacResult<N> {
|
||||
use crypto_mac::{Mac, Output};
|
||||
impl<M: Mac> WriteableOnce for Output<M> {
|
||||
fn write_into<B: Writer + ?Sized>(self, b: &mut B) {
|
||||
let code = self.code();
|
||||
let code = self.into_bytes();
|
||||
b.write(&code[..])
|
||||
}
|
||||
}
|
||||
impl<N: ArrayLength<u8>> Readable for MacResult<N> {
|
||||
impl<M: Mac> Readable for Output<M> {
|
||||
fn take_from(b: &mut Reader<'_>) -> Result<Self> {
|
||||
let array = GenericArray::take_from(b)?;
|
||||
Ok(MacResult::new(array))
|
||||
Ok(Output::new(array))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,8 @@ arrayref = "*"
|
|||
digest = "*"
|
||||
typenum = "*"
|
||||
# XXXX why did I have to downgrade?
|
||||
generic-array = "0.12"
|
||||
#generic-array = "0.12"
|
||||
generic-array = "*"
|
||||
aes-ctr = "*"
|
||||
zeroize = "*"
|
||||
rsa = "*"
|
||||
|
|
@ -33,10 +34,10 @@ version = "1.0.0-pre.3"
|
|||
version = "*"
|
||||
|
||||
[dependencies.sha2]
|
||||
version = "0.8.1"
|
||||
version = "*"
|
||||
|
||||
[dependencies.sha3]
|
||||
version = "0.8.2"
|
||||
version = "*"
|
||||
|
||||
[dev-dependencies]
|
||||
hex-literal = "*"
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ pub fn convert_curve25519_to_ed25519_private(
|
|||
let h = Sha512::new()
|
||||
.chain(privkey.to_bytes())
|
||||
.chain(&b"Derive high part of ed25519 key from curve25519 key"[..])
|
||||
.result();
|
||||
.finalize();
|
||||
|
||||
let mut bytes = Zeroizing::new([0u8; 64]);
|
||||
bytes[0..32].clone_from_slice(&privkey.to_bytes());
|
||||
|
|
|
|||
|
|
@ -194,9 +194,9 @@ fn tv_sha1() {
|
|||
fn run_test(inp: &[u8], repeatcount: usize, expect: &[u8]) {
|
||||
let mut d = Sha1::new();
|
||||
for _ in 0..repeatcount {
|
||||
d.input(inp);
|
||||
d.update(inp);
|
||||
}
|
||||
let res = d.result();
|
||||
let res = d.finalize();
|
||||
assert_eq!(&res[..], &expect[..]);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -164,8 +164,8 @@ impl AuthCert {
|
|||
let start_offset = body.first_item().unwrap().offset_in(s).unwrap();
|
||||
let end_offset = body.last_item().unwrap().offset_in(s).unwrap();
|
||||
let end_offset = end_offset + "dir-key-certification\n".len();
|
||||
sha1.input(&s[start_offset..end_offset]);
|
||||
let sha1 = sha1.result();
|
||||
sha1.update(&s[start_offset..end_offset]);
|
||||
let sha1 = sha1.finalize();
|
||||
// TODO: we need to accept prefixes here. COMPAT BLOCKER.
|
||||
let verified = identity_key.verify(&sha1, &sig);
|
||||
if verified.is_err() {
|
||||
|
|
|
|||
|
|
@ -388,10 +388,10 @@ impl RouterDesc {
|
|||
let mut d = ll::d::Sha256::new();
|
||||
// XXXX spec is ambiguous whether this prefix goes on
|
||||
// before or after taking the hash.
|
||||
d.input(&b"Tor router descriptor signature v1"[..]);
|
||||
d.update(&b"Tor router descriptor signature v1"[..]);
|
||||
let signed_end = ed_sig_pos + b"router-sig-ed25519 ".len();
|
||||
d.input(&s[start_offset..signed_end]);
|
||||
let d = d.result();
|
||||
d.update(&s[start_offset..signed_end]);
|
||||
let d = d.finalize();
|
||||
let sig: B64 = ed_sig.parse_arg(0)?;
|
||||
let sig = ll::pk::ed25519::Signature::from_bytes(sig.as_bytes())
|
||||
.map_err(|_| Error::BadSignature(ed_sig.pos()))?;
|
||||
|
|
@ -407,8 +407,8 @@ impl RouterDesc {
|
|||
{
|
||||
let mut d = ll::d::Sha1::new();
|
||||
let signed_end = rsa_sig_pos + b"router-signature\n".len();
|
||||
d.input(&s[start_offset..signed_end]);
|
||||
let d = d.result();
|
||||
d.update(&s[start_offset..signed_end]);
|
||||
let d = d.finalize();
|
||||
let sig = rsa_sig.get_obj("SIGNATURE")?;
|
||||
// TODO: we need to accept prefixes here. COMPAT BLOCKER.
|
||||
let verified = rsa_identity.verify(&d, &sig);
|
||||
|
|
|
|||
|
|
@ -20,10 +20,11 @@ generic-array = "0.12"
|
|||
rand_core = "*"
|
||||
crypto-mac = "*"
|
||||
hmac = "*"
|
||||
hkdf = "*"
|
||||
hkdf = "0.9.0-alpha.0"
|
||||
zeroize = "*"
|
||||
subtle = "*"
|
||||
stream-cipher = "*"
|
||||
sha2 = "*"
|
||||
|
||||
[dev-dependencies]
|
||||
hex-literal = "*"
|
||||
|
|
|
|||
|
|
@ -176,8 +176,8 @@ mod tor1 {
|
|||
self.0[7] = 0;
|
||||
self.0[8] = 0;
|
||||
|
||||
d.input(&self.0[..]);
|
||||
let r = d.clone().result(); // XXX can I avoid this clone?
|
||||
d.update(&self.0[..]);
|
||||
let r = d.clone().finalize(); // XXX can I avoid this clone?
|
||||
self.0[5..9].copy_from_slice(&r[0..4]);
|
||||
}
|
||||
/// Check a cell to see whether its recognized field is set.
|
||||
|
|
@ -201,15 +201,15 @@ mod tor1 {
|
|||
|
||||
let r = {
|
||||
let mut dtmp = d.clone();
|
||||
dtmp.input(&self.0[..]);
|
||||
dtmp.result()
|
||||
dtmp.update(&self.0[..]);
|
||||
dtmp.finalize()
|
||||
};
|
||||
|
||||
if ct::bytes_eq(&dval[..], &r[0..4]) {
|
||||
// This is for us. We need to process the data again,
|
||||
// apparently, since digesting is destructive
|
||||
// according to the digest api.
|
||||
d.input(&self.0[..]);
|
||||
d.update(&self.0[..]);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ use tor_bytes::{Reader, Writer};
|
|||
use tor_llcrypto::pk::curve25519::*;
|
||||
use tor_llcrypto::pk::rsa::RSAIdentity;
|
||||
|
||||
use crypto_mac::MacResult;
|
||||
use crypto_mac::{self, Mac, NewMac};
|
||||
use rand_core::{CryptoRng, RngCore};
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
|
|
@ -70,7 +70,7 @@ impl KeyGenerator for NtorHKDFKeyGenerator {
|
|||
}
|
||||
}
|
||||
|
||||
type Authcode = MacResult<typenum::U32>;
|
||||
type Authcode = crypto_mac::Output<hmac::Hmac<sha2::Sha256>>;
|
||||
|
||||
/// Perform a client handshake, generating an onionskin and a state object
|
||||
pub fn client_handshake_ntor_v1<R>(
|
||||
|
|
@ -159,12 +159,12 @@ fn ntor_derive(
|
|||
secret_input.write(y); // Y
|
||||
secret_input.write(ntor1_protoid); // PROTOID
|
||||
|
||||
use hmac::{Hmac, Mac};
|
||||
use hmac::Hmac;
|
||||
use tor_llcrypto::d::Sha256;
|
||||
let verify = {
|
||||
let mut m = Hmac::<Sha256>::new_varkey(ntor1_verify).expect("Hmac allows keys of any size");
|
||||
m.input(&secret_input[..]);
|
||||
m.result_reset()
|
||||
m.update(&secret_input[..]);
|
||||
m.finalize()
|
||||
};
|
||||
let mut auth_input: SecretBytes = Zeroizing::new(Vec::new());
|
||||
auth_input.write_and_consume(verify); // verify
|
||||
|
|
@ -177,8 +177,8 @@ fn ntor_derive(
|
|||
|
||||
let auth_mac = {
|
||||
let mut m = Hmac::<Sha256>::new_varkey(ntor1_mac).expect("Hmac allows keys of any size");
|
||||
m.input(&auth_input[..]);
|
||||
m.result_reset()
|
||||
m.update(&auth_input[..]);
|
||||
m.finalize()
|
||||
};
|
||||
|
||||
let keygen = NtorHKDFKeyGenerator::new(secret_input);
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
//! It is based on SHAKE-256.
|
||||
|
||||
use crate::{Error, Result, SecretBytes};
|
||||
use digest::{Digest, ExtendableOutput};
|
||||
use digest::{ExtendableOutput, Update, XofReader};
|
||||
use tor_llcrypto::d::{Sha1, Sha256, Shake256};
|
||||
|
||||
use zeroize::Zeroizing;
|
||||
|
|
@ -46,6 +46,8 @@ impl LegacyKDF {
|
|||
}
|
||||
impl KDF for LegacyKDF {
|
||||
fn derive(&self, seed: &[u8], n_bytes: usize) -> Result<SecretBytes> {
|
||||
use digest::Digest;
|
||||
|
||||
let mut result = Zeroizing::new(Vec::with_capacity(n_bytes + Sha1::output_size()));
|
||||
let mut k = 0u8;
|
||||
if n_bytes > Sha1::output_size() * 256 {
|
||||
|
|
@ -54,9 +56,9 @@ impl KDF for LegacyKDF {
|
|||
|
||||
while result.len() < n_bytes {
|
||||
let mut d = Sha1::new();
|
||||
d.input(seed);
|
||||
d.input(&[k]);
|
||||
result.extend(d.result());
|
||||
Digest::update(&mut d, seed);
|
||||
Digest::update(&mut d, &[k]);
|
||||
result.extend(d.finalize());
|
||||
k += 1;
|
||||
}
|
||||
|
||||
|
|
@ -93,9 +95,10 @@ impl ShakeKDF {
|
|||
impl KDF for ShakeKDF {
|
||||
fn derive(&self, seed: &[u8], n_bytes: usize) -> Result<SecretBytes> {
|
||||
// XXX mark as zero-on-free?
|
||||
use digest::Input;
|
||||
let mut xof = Shake256::default();
|
||||
xof.input(seed);
|
||||
Ok(Zeroizing::new(xof.vec_result(n_bytes)))
|
||||
xof.update(seed);
|
||||
let mut result = Zeroizing::new(vec![0; n_bytes]);
|
||||
xof.finalize_xof().read(&mut result);
|
||||
Ok(result)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue