Skip to content

Commit 3e4b8df

Browse files
kurnevskykurnevsky
authored
Merge pull request #454 from tox-rs/bump
Bump crypto libraries versions
2 parents 39bbaf8 + b41aa8d commit 3e4b8df

File tree

9 files changed

+49
-41
lines changed

9 files changed

+49
-41
lines changed

tox_core/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ bitflags = "1.0"
3333
itertools = "0.10"
3434
rand = "0.8"
3535
sha2 = "0.9"
36-
xsalsa20poly1305 = "0.6"
36+
xsalsa20poly1305 = "0.7"
3737

3838
[dependencies.tokio]
3939
version = "1.0"

tox_core/src/dht/server/mod.rs

Lines changed: 15 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -192,7 +192,7 @@ impl Server {
192192

193193
let precomputed_keys = PrecomputedCache::new(sk.clone(), PRECOMPUTED_LRU_CACHE_SIZE);
194194

195-
let onion_symmetric_key = XSalsa20Poly1305::new(&rng.gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
195+
let onion_symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut rng));
196196
Server {
197197
sk,
198198
pk,
@@ -1032,6 +1032,7 @@ impl Server {
10321032
pub async fn handle_onion_request_0(&self, packet: OnionRequest0, addr: SocketAddr) -> Result<(), HandlePacketError> {
10331033
let onion_symmetric_key = self.onion_symmetric_key.read().await;
10341034
let onion_return = OnionReturn::new(
1035+
&mut thread_rng(),
10351036
&onion_symmetric_key,
10361037
&IpPort::from_udp_saddr(addr),
10371038
None, // no previous onion return
@@ -1058,6 +1059,7 @@ impl Server {
10581059
pub async fn handle_onion_request_1(&self, packet: OnionRequest1, addr: SocketAddr) -> Result<(), HandlePacketError> {
10591060
let onion_symmetric_key = self.onion_symmetric_key.read().await;
10601061
let onion_return = OnionReturn::new(
1062+
&mut thread_rng(),
10611063
&onion_symmetric_key,
10621064
&IpPort::from_udp_saddr(addr),
10631065
Some(&packet.onion_return)
@@ -1083,6 +1085,7 @@ impl Server {
10831085
pub async fn handle_onion_request_2(&self, packet: OnionRequest2, addr: SocketAddr) -> Result<(), HandlePacketError> {
10841086
let onion_symmetric_key = self.onion_symmetric_key.read().await;
10851087
let onion_return = OnionReturn::new(
1088+
&mut thread_rng(),
10861089
&onion_symmetric_key,
10871090
&IpPort::from_udp_saddr(addr),
10881091
Some(&packet.onion_return),
@@ -1273,7 +1276,7 @@ impl Server {
12731276
/// Refresh onion symmetric key to enforce onion paths expiration.
12741277
async fn refresh_onion_key(&self) {
12751278
*self.onion_symmetric_key.write().await =
1276-
XSalsa20Poly1305::new(&thread_rng().gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
1279+
XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut thread_rng()));
12771280
}
12781281

12791282
/// Handle `OnionRequest` from TCP relay and send `OnionRequest1` packet
@@ -1283,6 +1286,7 @@ impl Server {
12831286
let onion_symmetric_key = self.onion_symmetric_key.read().await;
12841287

12851288
let onion_return = OnionReturn::new(
1289+
&mut thread_rng(),
12861290
&onion_symmetric_key,
12871291
&IpPort::from_tcp_saddr(addr),
12881292
None // no previous onion return
@@ -2484,7 +2488,7 @@ mod tests {
24842488
nonce: [42; xsalsa20poly1305::NONCE_SIZE],
24852489
payload: vec![42; ONION_RETURN_2_PAYLOAD_SIZE]
24862490
};
2487-
let onion_return = OnionReturn::new(&onion_symmetric_key, &ip_port, Some(&next_onion_return));
2491+
let onion_return = OnionReturn::new(&mut thread_rng(), &onion_symmetric_key, &ip_port, Some(&next_onion_return));
24882492
let payload = InnerOnionResponse::OnionAnnounceResponse(OnionAnnounceResponse {
24892493
sendback_data: 12345,
24902494
nonce: gen_nonce(),
@@ -2545,7 +2549,7 @@ mod tests {
25452549
ip_addr: "5.6.7.8".parse().unwrap(),
25462550
port: 12345
25472551
};
2548-
let onion_return = OnionReturn::new(&onion_symmetric_key, &ip_port, None);
2552+
let onion_return = OnionReturn::new(&mut thread_rng(), &onion_symmetric_key, &ip_port, None);
25492553
let inner = OnionDataResponse {
25502554
nonce: gen_nonce(),
25512555
temporary_pk: gen_keypair().0,
@@ -2577,7 +2581,7 @@ mod tests {
25772581
nonce: [42; xsalsa20poly1305::NONCE_SIZE],
25782582
payload: vec![42; ONION_RETURN_1_PAYLOAD_SIZE]
25792583
};
2580-
let onion_return = OnionReturn::new(&onion_symmetric_key, &ip_port, Some(&next_onion_return));
2584+
let onion_return = OnionReturn::new(&mut thread_rng(), &onion_symmetric_key, &ip_port, Some(&next_onion_return));
25812585
let payload = InnerOnionResponse::OnionAnnounceResponse(OnionAnnounceResponse {
25822586
sendback_data: 12345,
25832587
nonce: gen_nonce(),
@@ -2638,7 +2642,7 @@ mod tests {
26382642
ip_addr: "5.6.7.8".parse().unwrap(),
26392643
port: 12345
26402644
};
2641-
let onion_return = OnionReturn::new(&onion_symmetric_key, &ip_port, None);
2645+
let onion_return = OnionReturn::new(&mut thread_rng(), &onion_symmetric_key, &ip_port, None);
26422646
let inner = OnionDataResponse {
26432647
nonce: gen_nonce(),
26442648
temporary_pk: gen_keypair().0,
@@ -2666,7 +2670,7 @@ mod tests {
26662670
ip_addr: "5.6.7.8".parse().unwrap(),
26672671
port: 12345
26682672
};
2669-
let onion_return = OnionReturn::new(&onion_symmetric_key, &ip_port, None);
2673+
let onion_return = OnionReturn::new(&mut thread_rng(), &onion_symmetric_key, &ip_port, None);
26702674
let inner = OnionAnnounceResponse {
26712675
sendback_data: 12345,
26722676
nonce: gen_nonce(),
@@ -2700,7 +2704,7 @@ mod tests {
27002704
ip_addr: "5.6.7.8".parse().unwrap(),
27012705
port: 12345
27022706
};
2703-
let onion_return = OnionReturn::new(&onion_symmetric_key, &ip_port, None);
2707+
let onion_return = OnionReturn::new(&mut thread_rng(), &onion_symmetric_key, &ip_port, None);
27042708
let inner = OnionDataResponse {
27052709
nonce: gen_nonce(),
27062710
temporary_pk: gen_keypair().0,
@@ -2736,7 +2740,7 @@ mod tests {
27362740
ip_addr: "5.6.7.8".parse().unwrap(),
27372741
port: 12345
27382742
};
2739-
let onion_return = OnionReturn::new(&onion_symmetric_key, &ip_port, None);
2743+
let onion_return = OnionReturn::new(&mut thread_rng(), &onion_symmetric_key, &ip_port, None);
27402744
let inner = InnerOnionResponse::OnionAnnounceResponse(OnionAnnounceResponse {
27412745
sendback_data: 12345,
27422746
nonce: gen_nonce(),
@@ -2767,7 +2771,7 @@ mod tests {
27672771
ip_addr: "5.6.7.8".parse().unwrap(),
27682772
port: 12345
27692773
};
2770-
let onion_return = OnionReturn::new(&onion_symmetric_key, &ip_port, None);
2774+
let onion_return = OnionReturn::new(&mut thread_rng(), &onion_symmetric_key, &ip_port, None);
27712775
let inner = OnionAnnounceResponse {
27722776
sendback_data: 12345,
27732777
nonce: gen_nonce(),
@@ -2824,7 +2828,7 @@ mod tests {
28242828
nonce: [42; xsalsa20poly1305::NONCE_SIZE],
28252829
payload: vec![42; ONION_RETURN_1_PAYLOAD_SIZE]
28262830
};
2827-
let onion_return = OnionReturn::new(&onion_symmetric_key, &ip_port, Some(&next_onion_return));
2831+
let onion_return = OnionReturn::new(&mut thread_rng(), &onion_symmetric_key, &ip_port, Some(&next_onion_return));
28282832
let inner = OnionDataResponse {
28292833
nonce: gen_nonce(),
28302834
temporary_pk: gen_keypair().0,

tox_core/src/net_crypto/mod.rs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ use failure::Fail;
2828
use futures::{TryFutureExt, SinkExt};
2929
use futures::future;
3030
use futures::channel::mpsc;
31-
use rand::{Rng, thread_rng};
31+
use rand::thread_rng;
3232
use tokio::sync::RwLock;
3333

3434
use tox_binary_io::*;
@@ -213,7 +213,7 @@ pub struct NetCrypto {
213213
impl NetCrypto {
214214
/// Create new `NetCrypto` object
215215
pub fn new(args: NetCryptoNewArgs) -> NetCrypto {
216-
let symmetric_key = XSalsa20Poly1305::new(&thread_rng().gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
216+
let symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut thread_rng()));
217217
NetCrypto {
218218
udp_tx: args.udp_tx,
219219
tcp_tx: Default::default(),
@@ -1137,7 +1137,7 @@ mod tests {
11371137
// https://github.com/rust-lang/rust/issues/61520
11381138
use super::{*, Packet};
11391139
use futures::{Future, StreamExt};
1140-
use rand::CryptoRng;
1140+
use rand::{CryptoRng, Rng};
11411141

11421142
impl NetCrypto {
11431143
pub async fn has_friend(&self, pk: &PublicKey) -> bool {

tox_encryptsave/Cargo.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,6 @@ edition = "2018"
2222
failure = "0.1"
2323
rand = "0.8"
2424
sha2 = "0.9"
25-
xsalsa20poly1305 = "0.6"
26-
scrypt = "0.6"
27-
zeroize = "1.3"
25+
xsalsa20poly1305 = "0.7"
26+
scrypt = "0.7"
27+
zeroize = "1.4"

tox_encryptsave/src/lib.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -154,13 +154,13 @@ impl PassKey {
154154
if data.is_empty() { return Err(EncryptionError::Null) };
155155

156156
let mut output = Vec::with_capacity(EXTRA_LENGTH + data.len());
157-
let nonce = thread_rng().gen::<[u8; xsalsa20poly1305::NONCE_SIZE]>();
157+
let nonce = xsalsa20poly1305::generate_nonce(&mut thread_rng());
158158

159159
output.extend_from_slice(MAGIC_NUMBER);
160160
output.extend_from_slice(&self.salt);
161161
output.extend_from_slice(&nonce);
162162
output.append(&mut self.key.encrypt(
163-
&nonce.into(),
163+
&nonce,
164164
data
165165
).or(Err(EncryptionError::Null))?);
166166

tox_packet/Cargo.toml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,5 +27,7 @@ cookie-factory = "0.3"
2727
bitflags = "1.0"
2828
failure = "0.1"
2929
sha2 = "0.9"
30-
xsalsa20poly1305 = "0.6"
30+
xsalsa20poly1305 = "0.7"
31+
# for enabling rand_core feature
32+
aead = { version = "0.4", features = ["rand_core"] }
3133
rand = "0.8"

tox_packet/src/dht/cookie.rs

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,7 @@ impl ToBytes for EncryptedCookie {
132132
impl EncryptedCookie {
133133
/// Create `EncryptedCookie` from `Cookie` encrypting it with `symmetric_key`
134134
pub fn new<R: Rng + CryptoRng>(rng: &mut R, symmetric_key: &XSalsa20Poly1305, payload: &Cookie) -> EncryptedCookie {
135-
let nonce = rng.gen::<[u8; xsalsa20poly1305::NONCE_SIZE]>().into();
135+
let nonce = xsalsa20poly1305::generate_nonce(rng);
136136
let mut buf = [0; 72];
137137
let (_, size) = payload.to_bytes((&mut buf, 0)).unwrap();
138138
let payload = symmetric_key.encrypt(&nonce, &buf[..size]).unwrap();
@@ -202,7 +202,7 @@ mod tests {
202202
fn cookie_encrypt_decrypt() {
203203
crypto_init().unwrap();
204204
let mut rng = thread_rng();
205-
let symmetric_key = XSalsa20Poly1305::new(&rng.gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
205+
let symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut rng));
206206
let payload = Cookie::new(gen_keypair().0, gen_keypair().0);
207207
// encode payload with symmetric key
208208
let encrypted_cookie = EncryptedCookie::new(&mut rng, &symmetric_key, &payload);
@@ -216,8 +216,8 @@ mod tests {
216216
fn cookie_encrypt_decrypt_invalid_key() {
217217
crypto_init().unwrap();
218218
let mut rng = thread_rng();
219-
let symmetric_key = XSalsa20Poly1305::new(&rng.gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
220-
let eve_symmetric_key = XSalsa20Poly1305::new(&rng.gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
219+
let symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut rng));
220+
let eve_symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut rng));
221221
let payload = Cookie::new(gen_keypair().0, gen_keypair().0);
222222
// encode payload with symmetric key
223223
let encrypted_cookie = EncryptedCookie::new(&mut rng, &symmetric_key, &payload);
@@ -230,8 +230,8 @@ mod tests {
230230
#[test]
231231
fn cookie_encrypt_decrypt_invalid() {
232232
let mut rng = thread_rng();
233-
let symmetric_key = XSalsa20Poly1305::new(&rng.gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
234-
let nonce = rng.gen::<[u8; xsalsa20poly1305::NONCE_SIZE]>().into();
233+
let symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut rng));
234+
let nonce = xsalsa20poly1305::generate_nonce(&mut rng);
235235
// Try long invalid array
236236
let invalid_payload = [42; 123];
237237
let invalid_payload_encoded = symmetric_key.encrypt(&nonce, &invalid_payload[..]).unwrap();

tox_packet/src/dht/packed_node.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,7 @@ impl PackedNode {
113113
}
114114

115115
/// to_bytes for TCP
116+
#[allow(clippy::wrong_self_convention)]
116117
pub fn to_tcp_bytes<'a>(&self, buf: (&'a mut [u8], usize)) -> Result<(&'a mut [u8], usize), GenError> {
117118
do_gen!(buf,
118119
gen_if_else!(self.saddr.is_ipv4(), gen_be_u8!(130), gen_be_u8!(138)) >>

tox_packet/src/onion/mod.rs

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ use xsalsa20poly1305::{XSalsa20Poly1305, aead::{Aead, Error as AeadError}};
3535
use crate::dht::packed_node::PackedNode;
3636
use crate::ip_port::*;
3737

38-
use rand::{Rng, thread_rng};
38+
use rand::{CryptoRng, Rng};
3939
use nom::{alt, call, cond, do_parse, eof, flat_map, map, map_res, named, switch, tag, take, value, verify};
4040

4141
use cookie_factory::{
@@ -141,8 +141,8 @@ impl OnionReturn {
141141
));
142142

143143
/// Create new `OnionReturn` object using symmetric key for encryption.
144-
pub fn new(symmetric_key: &XSalsa20Poly1305, ip_port: &IpPort, inner: Option<&OnionReturn>) -> OnionReturn {
145-
let nonce = thread_rng().gen::<[u8; xsalsa20poly1305::NONCE_SIZE]>().into();
144+
pub fn new<R: Rng + CryptoRng>(rng: &mut R, symmetric_key: &XSalsa20Poly1305, ip_port: &IpPort, inner: Option<&OnionReturn>) -> OnionReturn {
145+
let nonce = xsalsa20poly1305::generate_nonce(rng);
146146
let mut buf = [0; ONION_RETURN_2_SIZE + SIZE_IPPORT];
147147
let (_, size) = OnionReturn::inner_to_bytes(ip_port, inner, (&mut buf, 0)).unwrap();
148148
let payload = symmetric_key.encrypt(&nonce, &buf[..size]).unwrap();
@@ -218,6 +218,7 @@ impl ToBytes for AnnounceStatus {
218218
mod tests {
219219
use super::*;
220220

221+
use rand::thread_rng;
221222
use xsalsa20poly1305::aead::NewAead;
222223

223224
const ONION_RETURN_1_PAYLOAD_SIZE: usize = ONION_RETURN_1_SIZE - xsalsa20poly1305::NONCE_SIZE;
@@ -252,22 +253,22 @@ mod tests {
252253
#[test]
253254
fn onion_return_encrypt_decrypt() {
254255
let mut rng = thread_rng();
255-
let alice_symmetric_key = XSalsa20Poly1305::new(&rng.gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
256-
let bob_symmetric_key = XSalsa20Poly1305::new(&rng.gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
256+
let alice_symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut rng));
257+
let bob_symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut rng));
257258
// alice encrypt
258259
let ip_port_1 = IpPort {
259260
protocol: ProtocolType::Udp,
260261
ip_addr: "5.6.7.8".parse().unwrap(),
261262
port: 12345
262263
};
263-
let onion_return_1 = OnionReturn::new(&alice_symmetric_key, &ip_port_1, None);
264+
let onion_return_1 = OnionReturn::new(&mut rng, &alice_symmetric_key, &ip_port_1, None);
264265
// bob encrypt
265266
let ip_port_2 = IpPort {
266267
protocol: ProtocolType::Udp,
267268
ip_addr: "7.8.5.6".parse().unwrap(),
268269
port: 54321
269270
};
270-
let onion_return_2 = OnionReturn::new(&bob_symmetric_key, &ip_port_2, Some(&onion_return_1));
271+
let onion_return_2 = OnionReturn::new(&mut rng, &bob_symmetric_key, &ip_port_2, Some(&onion_return_1));
271272
// bob can decrypt it's return address
272273
let (decrypted_ip_port_2, decrypted_onion_return_1) = onion_return_2.get_payload(&bob_symmetric_key).unwrap();
273274
assert_eq!(decrypted_ip_port_2, ip_port_2);
@@ -281,23 +282,23 @@ mod tests {
281282
#[test]
282283
fn onion_return_encrypt_decrypt_invalid_key() {
283284
let mut rng = thread_rng();
284-
let alice_symmetric_key = XSalsa20Poly1305::new(&rng.gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
285-
let bob_symmetric_key = XSalsa20Poly1305::new(&rng.gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
286-
let eve_symmetric_key = XSalsa20Poly1305::new(&rng.gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
285+
let alice_symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut rng));
286+
let bob_symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut rng));
287+
let eve_symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut rng));
287288
// alice encrypt
288289
let ip_port_1 = IpPort {
289290
protocol: ProtocolType::Udp,
290291
ip_addr: "5.6.7.8".parse().unwrap(),
291292
port: 12345
292293
};
293-
let onion_return_1 = OnionReturn::new(&alice_symmetric_key, &ip_port_1, None);
294+
let onion_return_1 = OnionReturn::new(&mut rng, &alice_symmetric_key, &ip_port_1, None);
294295
// bob encrypt
295296
let ip_port_2 = IpPort {
296297
protocol: ProtocolType::Udp,
297298
ip_addr: "7.8.5.6".parse().unwrap(),
298299
port: 54321
299300
};
300-
let onion_return_2 = OnionReturn::new(&bob_symmetric_key, &ip_port_2, Some(&onion_return_1));
301+
let onion_return_2 = OnionReturn::new(&mut rng, &bob_symmetric_key, &ip_port_2, Some(&onion_return_1));
301302
// eve can't decrypt return addresses
302303
assert!(onion_return_1.get_payload(&eve_symmetric_key).is_err());
303304
assert!(onion_return_2.get_payload(&eve_symmetric_key).is_err());
@@ -306,8 +307,8 @@ mod tests {
306307
#[test]
307308
fn onion_return_decrypt_invalid() {
308309
let mut rng = thread_rng();
309-
let symmetric_key = XSalsa20Poly1305::new(&rng.gen::<[u8; xsalsa20poly1305::KEY_SIZE]>().into());
310-
let nonce = rng.gen::<[u8; xsalsa20poly1305::NONCE_SIZE]>().into();
310+
let symmetric_key = XSalsa20Poly1305::new(&XSalsa20Poly1305::generate_key(&mut rng));
311+
let nonce = xsalsa20poly1305::generate_nonce(&mut rng);
311312
// Try long invalid array
312313
let invalid_payload = [42; 123];
313314
let invalid_payload_encoded = symmetric_key.encrypt(&nonce, &invalid_payload[..]).unwrap();

0 commit comments

Comments
 (0)