Upgrade crypto_box and xsalsa20poly1305

threema-danilo · threema-danilo · commit 28a24895497a · 2022-09-26T18:53:25.000+02:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -17,7 +17,7 @@ maintenance = { status = "passively-maintained" }
 
 [dependencies]
 byteorder = "1.1"
-crypto_box = { version = "0.7.1", features = ["serde"] }
+crypto_box = { version = "0.8.1", features = ["serde"] }
 data-encoding = "2.1"
 failure = "0.1"
 futures = "0.1.0"  # Make sure to use same version as websocket
@@ -31,7 +31,7 @@ serde = { version = "1", features = ["derive"] }
 tokio-core = "0.1"
 tokio-timer = "0.1"
 websocket = { version = "0.26", default-features = false, features = ["async", "async-ssl"] }
-xsalsa20poly1305 = "0.8"
+xsalsa20poly1305 = "0.9"
 
 [dev-dependencies]
 clap = "2"
diff --git a/src/crypto_types.rs b/src/crypto_types.rs
@@ -8,8 +8,9 @@ use std::io::Write;
 use std::{cmp, convert::TryInto, fmt};
 
 use crypto_box::{
-    aead::{generic_array::GenericArray, Aead, NewAead},
+    aead::{generic_array::GenericArray, Aead, KeyInit},
     rand_core::OsRng,
+    SalsaBox,
 };
 use data_encoding::{HEXLOWER, HEXLOWER_PERMISSIVE};
 use serde::{
@@ -151,7 +152,7 @@ impl KeyPair {
         nonce: Nonce,
         other_key: &PublicKey,
     ) -> SignalingResult<Vec<u8>> {
-        let cbox = crypto_box::Box::new(other_key, &self.private_key);
+        let cbox = SalsaBox::new(other_key, &self.private_key);
         cbox.encrypt(&nonce.into(), data)
             .map_err(|_| SignalingError::Crypto("Could not encrypt data".to_string()))
     }
@@ -167,7 +168,7 @@ impl KeyPair {
         nonce: Nonce,
         other_key: &PublicKey,
     ) -> SignalingResult<Vec<u8>> {
-        let cbox = crypto_box::Box::new(other_key, &self.private_key);
+        let cbox = SalsaBox::new(other_key, &self.private_key);
         cbox.decrypt(&nonce.into(), data)
             .map_err(|_| SignalingError::Crypto("Could not decrypt data".to_string()))
     }
@@ -287,7 +288,7 @@ impl UnsignedKeys {
         (&mut bytes[32..64])
             .write_all(self.client_public_permanent_key.as_bytes())
             .unwrap();
-        let cbox = crypto_box::Box::new(
+        let cbox = SalsaBox::new(
             client_public_permanent_key,
             server_session_keypair.private_key(),
         );
@@ -315,7 +316,7 @@ impl SignedKeys {
         nonce: Nonce,
     ) -> SignalingResult<UnsignedKeys> {
         // Decrypt bytes
-        let cbox = crypto_box::Box::new(server_public_permanent_key, permanent_key.private_key());
+        let cbox = SalsaBox::new(server_public_permanent_key, permanent_key.private_key());
         let decrypted = cbox
             .decrypt(&nonce.into(), &self.0[..])
             .map_err(|_| SignalingError::Crypto("Could not decrypt signed keys".to_string()))?;
@@ -633,7 +634,7 @@ mod tests {
             .sign(&kp_server, kp_client.public_key(), unsafe { nonce.clone() });
 
         // Decrypt directly
-        let cbox = crypto_box::Box::new(kp_server.public_key(), kp_client.private_key());
+        let cbox = SalsaBox::new(kp_server.public_key(), kp_client.private_key());
         let decrypted = cbox
             .decrypt(&unsafe { nonce.clone() }.into(), &signed.0[..])
             .unwrap();
diff --git a/src/protocol/mod.rs b/src/protocol/mod.rs
@@ -15,9 +15,12 @@ use std::{
     time::Duration,
 };
 
-use crypto_box::aead::{
-    generic_array::{typenum::U24, GenericArray},
-    Aead,
+use crypto_box::{
+    aead::{
+        generic_array::{typenum::U24, GenericArray},
+        Aead,
+    },
+    SalsaBox,
 };
 use rmpv::Value;
 
@@ -924,7 +927,7 @@ pub(crate) trait Signaling {
 
     // Raw encryption / decryption
 
-    fn get_crypto_box(&self) -> SignalingResult<crypto_box::Box> {
+    fn get_crypto_box(&self) -> SignalingResult<SalsaBox> {
         let peer = self.get_peer().ok_or_else(|| SignalingError::NoPeer)?;
         let peer_session_public_key = peer
             .session_key()
@@ -933,7 +936,7 @@ pub(crate) trait Signaling {
             .keypair()
             .map(|keypair: &KeyPair| keypair.private_key())
             .ok_or_else(|| SignalingError::Crash("Our session private key not set".into()))?;
-        Ok(crypto_box::Box::new(
+        Ok(SalsaBox::new(
             peer_session_public_key,
             our_session_private_key,
         ))
diff --git a/src/protocol/tests/mod.rs b/src/protocol/tests/mod.rs
@@ -1,5 +1,6 @@
 //! Protocol tests.
-use crypto_box::{generate_nonce, rand_core::OsRng};
+use crypto_box::{rand_core::OsRng, SalsaBox};
+use xsalsa20poly1305::XSalsa20Poly1305;
 
 use crate::{
     crypto::PrivateKey,
@@ -176,7 +177,7 @@ fn test_encrypt_decrypt_raw_with_session_keys_no_peer() {
         None,
         None,
     );
-    let nonce = generate_nonce(&mut OsRng);
+    let nonce = XSalsa20Poly1305::generate_nonce(&mut OsRng);
     assert_eq!(
         signaling.encrypt_raw_with_session_keys(&[1, 2, 3], &nonce),
         Err(SignalingError::NoPeer)
@@ -194,7 +195,7 @@ fn test_encrypt_raw_with_session_keys_with_peer() {
     let peer_kp = KeyPair::new();
     let our_kp = KeyPair::new();
     let our_private_key_clone = our_kp.private_key().clone();
-    let nonce = generate_nonce(&mut OsRng);
+    let nonce = XSalsa20Poly1305::generate_nonce(&mut OsRng);
 
     // Create signaling instance
     let mut signaling = MockSignaling::new(
@@ -215,7 +216,7 @@ fn test_encrypt_raw_with_session_keys_with_peer() {
     assert_ne!(&data, ciphertext.as_slice());
 
     // Verify
-    let cbox = crypto_box::Box::new(peer_kp.public_key(), &our_private_key_clone);
+    let cbox = SalsaBox::new(peer_kp.public_key(), &our_private_key_clone);
     assert_eq!(cbox.decrypt(&nonce, &*ciphertext), Ok(vec![2, 3, 4, 5]));
 }
 
@@ -266,12 +267,12 @@ fn test_decrypt_raw_with_session_keys_with_peer() {
     // Generate keypairs and nonce
     let peer_kp = KeyPair::new();
     let our_kp = KeyPair::new();
-    let nonce = generate_nonce(&mut OsRng);
+    let nonce = XSalsa20Poly1305::generate_nonce(&mut OsRng);
 
     // Encrypt data
     let data = [1, 2, 3, 4];
 
-    let cbox = crypto_box::Box::new(peer_kp.public_key(), our_kp.private_key());
+    let cbox = SalsaBox::new(peer_kp.public_key(), our_kp.private_key());
     let ciphertext = cbox.encrypt(&nonce, &data[..]).unwrap();
 
     // Create signaling instance
@@ -287,7 +288,10 @@ fn test_decrypt_raw_with_session_keys_with_peer() {
 
     // Decrypt with wrong nonce
     assert_eq!(
-        signaling.decrypt_raw_with_session_keys(&ciphertext, &generate_nonce(&mut OsRng)),
+        signaling.decrypt_raw_with_session_keys(
+            &ciphertext,
+            &XSalsa20Poly1305::generate_nonce(&mut OsRng)
+        ),
         Err(SignalingError::Crypto("Could not decrypt bytes".into()))
     );
 
