Upgrade crypto_box and xsalsa20poly1305

Author: threema-danilo

Cargo.toml

@@ -17,7 +17,7 @@ maintenance = { status = "passively-maintained" }
 
 [dependencies]
 byteorder = "1.1"
-crypto_box = { version = "0.7.1", features = ["serde"] }
+crypto_box = { version = "0.9.1", features = ["serde"] }
 data-encoding = "2.1"
 failure = "0.1"
 futures = "0.1.0"  # Make sure to use same version as websocket
@@ -31,7 +31,7 @@ serde = { version = "1", features = ["derive"] }
 tokio-core = "0.1"
 tokio-timer = "0.1"
 websocket = { version = "0.26", default-features = false, features = ["async", "async-ssl"] }
-xsalsa20poly1305 = "0.8"
+xsalsa20poly1305 = "0.9"
 
 [dev-dependencies]
 anyhow = "1"

src/crypto_types.rs

@@ -8,8 +8,8 @@ use std::io::Write;
 use std::{cmp, convert::TryInto, fmt};
 
 use crypto_box::{
-    aead::{generic_array::GenericArray, Aead, NewAead},
-    rand_core::OsRng,
+    aead::{generic_array::GenericArray, Aead, KeyInit, OsRng},
+    SalsaBox,
 };
 use data_encoding::{HEXLOWER, HEXLOWER_PERMISSIVE};
 use serde::{
@@ -141,7 +141,7 @@ impl KeyPair {
     /// Warning: Be careful with this! The only reason to access the private
     /// key is probably to be able to restore it when working with trusted keys.
     pub fn private_key_hex(&self) -> String {
-        HEXLOWER.encode(self.private_key.as_bytes())
+        HEXLOWER.encode(&self.private_key.to_bytes())
     }
 
     /// Encrypt data for the specified public key with the private key.
@@ -151,7 +151,7 @@ impl KeyPair {
         nonce: Nonce,
         other_key: &PublicKey,
     ) -> SignalingResult<Vec<u8>> {
-        let cbox = crypto_box::Box::new(other_key, &self.private_key);
+        let cbox = SalsaBox::new(other_key, &self.private_key);
         cbox.encrypt(&nonce.into(), data)
             .map_err(|_| SignalingError::Crypto("Could not encrypt data".to_string()))
     }
@@ -167,7 +167,7 @@ impl KeyPair {
         nonce: Nonce,
         other_key: &PublicKey,
     ) -> SignalingResult<Vec<u8>> {
-        let cbox = crypto_box::Box::new(other_key, &self.private_key);
+        let cbox = SalsaBox::new(other_key, &self.private_key);
         cbox.decrypt(&nonce.into(), data)
             .map_err(|_| SignalingError::Crypto("Could not decrypt data".to_string()))
     }
@@ -287,7 +287,7 @@ impl UnsignedKeys {
         (&mut bytes[32..64])
             .write_all(self.client_public_permanent_key.as_bytes())
             .unwrap();
-        let cbox = crypto_box::Box::new(
+        let cbox = SalsaBox::new(
             client_public_permanent_key,
             server_session_keypair.private_key(),
         );
@@ -315,7 +315,7 @@ impl SignedKeys {
         nonce: Nonce,
     ) -> SignalingResult<UnsignedKeys> {
         // Decrypt bytes
-        let cbox = crypto_box::Box::new(server_public_permanent_key, permanent_key.private_key());
+        let cbox = SalsaBox::new(server_public_permanent_key, permanent_key.private_key());
         let decrypted = cbox
             .decrypt(&nonce.into(), &self.0[..])
             .map_err(|_| SignalingError::Crypto("Could not decrypt signed keys".to_string()))?;
@@ -413,7 +413,7 @@ use crate::test_helpers::TestRandom;
 #[cfg(test)]
 impl TestRandom for PublicKey {
     fn random() -> PublicKey {
-        let mut rng = crypto_box::rand_core::OsRng;
+        let mut rng = crypto_box::aead::OsRng;
         let private_key = PrivateKey::generate(&mut rng);
         private_key.public_key()
     }
@@ -431,7 +431,7 @@ mod tests {
             let ks1 = KeyPair::new();
             let ks2 = KeyPair::new();
             assert_ne!(ks1.public_key(), ks2.public_key());
-            assert_ne!(ks1.private_key().as_bytes(), ks2.private_key().as_bytes());
+            assert_ne!(ks1.private_key().to_bytes(), ks2.private_key().to_bytes());
         }
     }
 
@@ -633,7 +633,7 @@ mod tests {
             .sign(&kp_server, kp_client.public_key(), unsafe { nonce.clone() });
 
         // Decrypt directly
-        let cbox = crypto_box::Box::new(kp_server.public_key(), kp_client.private_key());
+        let cbox = SalsaBox::new(kp_server.public_key(), kp_client.private_key());
         let decrypted = cbox
             .decrypt(&unsafe { nonce.clone() }.into(), &signed.0[..])
             .unwrap();

src/protocol/cookie.rs

@@ -2,7 +2,7 @@
 
 use std::fmt;
 
-use crypto_box::rand_core::{OsRng, RngCore};
+use crypto_box::aead::{OsRng, rand_core::RngCore};
 use serde::{
     de::{Deserialize, Deserializer, Error as SerdeError, Visitor},
     ser::{Serialize, Serializer},

src/protocol/csn.rs

@@ -6,7 +6,7 @@
 
 use std::cmp;
 
-use crypto_box::rand_core::{OsRng, RngCore};
+use crypto_box::aead::{OsRng, rand_core::RngCore};
 
 use crate::errors::{SignalingError, SignalingResult};
 

src/protocol/messages.rs

@@ -140,7 +140,7 @@ impl ClientHello {
     /// Create a new instance with dummy data. Used in testing.
     #[cfg(test)]
     pub(crate) fn random() -> Self {
-        use crypto_box::rand_core::{OsRng, RngCore};
+        use crypto_box::aead::{OsRng, rand_core::RngCore};
         let mut bytes = [0u8; 32];
         OsRng.fill_bytes(&mut bytes);
         Self {
@@ -164,7 +164,7 @@ impl ServerHello {
     /// Create a new instance with dummy data. Used in testing.
     #[cfg(test)]
     pub(crate) fn random() -> Self {
-        use crypto_box::rand_core::{OsRng, RngCore};
+        use crypto_box::aead::{OsRng, rand_core::RngCore};
         let mut bytes = [0u8; 32];
         OsRng.fill_bytes(&mut bytes);
         Self {
@@ -304,7 +304,7 @@ impl Token {
     /// Create a new instance with dummy data. Used in testing.
     #[cfg(test)]
     pub(crate) fn random() -> Self {
-        use crypto_box::rand_core::{OsRng, RngCore};
+        use crypto_box::aead::{OsRng, rand_core::RngCore};
         let mut bytes = [0u8; 32];
         OsRng.fill_bytes(&mut bytes);
         Self {
@@ -325,7 +325,7 @@ impl Key {
     /// Create a new instance with dummy data. Used in testing.
     #[cfg(test)]
     pub(crate) fn random() -> Self {
-        use crypto_box::rand_core::{OsRng, RngCore};
+        use crypto_box::aead::{OsRng, rand_core::RngCore};
         let mut bytes = [0u8; 32];
         OsRng.fill_bytes(&mut bytes);
         Self {

src/protocol/mod.rs

@@ -15,9 +15,12 @@ use std::{
     time::Duration,
 };
 
-use crypto_box::aead::{
-    generic_array::{typenum::U24, GenericArray},
-    Aead,
+use crypto_box::{
+    aead::{
+        generic_array::{typenum::U24, GenericArray},
+        Aead,
+    },
+    SalsaBox,
 };
 use rmpv::Value;
 
@@ -924,7 +927,7 @@ pub(crate) trait Signaling {
 
     // Raw encryption / decryption
 
-    fn get_crypto_box(&self) -> SignalingResult<crypto_box::Box> {
+    fn get_crypto_box(&self) -> SignalingResult<SalsaBox> {
         let peer = self.get_peer().ok_or_else(|| SignalingError::NoPeer)?;
         let peer_session_public_key = peer
             .session_key()
@@ -933,7 +936,7 @@ pub(crate) trait Signaling {
             .keypair()
             .map(|keypair: &KeyPair| keypair.private_key())
             .ok_or_else(|| SignalingError::Crash("Our session private key not set".into()))?;
-        Ok(crypto_box::Box::new(
+        Ok(SalsaBox::new(
             peer_session_public_key,
             our_session_private_key,
         ))

src/protocol/tests/mod.rs

@@ -1,5 +1,6 @@
 //! Protocol tests.
-use crypto_box::{generate_nonce, rand_core::OsRng};
+use crypto_box::{aead::OsRng, SalsaBox};
+use xsalsa20poly1305::XSalsa20Poly1305;
 
 use crate::{
     crypto::PrivateKey,
@@ -176,7 +177,7 @@ fn test_encrypt_decrypt_raw_with_session_keys_no_peer() {
         None,
         None,
     );
-    let nonce = generate_nonce(&mut OsRng);
+    let nonce = XSalsa20Poly1305::generate_nonce(&mut OsRng);
     assert_eq!(
         signaling.encrypt_raw_with_session_keys(&[1, 2, 3], &nonce),
         Err(SignalingError::NoPeer)
@@ -194,7 +195,7 @@ fn test_encrypt_raw_with_session_keys_with_peer() {
     let peer_kp = KeyPair::new();
     let our_kp = KeyPair::new();
     let our_private_key_clone = our_kp.private_key().clone();
-    let nonce = generate_nonce(&mut OsRng);
+    let nonce = XSalsa20Poly1305::generate_nonce(&mut OsRng);
 
     // Create signaling instance
     let mut signaling = MockSignaling::new(
@@ -215,7 +216,7 @@ fn test_encrypt_raw_with_session_keys_with_peer() {
     assert_ne!(&data, ciphertext.as_slice());
 
     // Verify
-    let cbox = crypto_box::Box::new(peer_kp.public_key(), &our_private_key_clone);
+    let cbox = SalsaBox::new(peer_kp.public_key(), &our_private_key_clone);
     assert_eq!(cbox.decrypt(&nonce, &*ciphertext), Ok(vec![2, 3, 4, 5]));
 }
 
@@ -266,12 +267,12 @@ fn test_decrypt_raw_with_session_keys_with_peer() {
     // Generate keypairs and nonce
     let peer_kp = KeyPair::new();
     let our_kp = KeyPair::new();
-    let nonce = generate_nonce(&mut OsRng);
+    let nonce = XSalsa20Poly1305::generate_nonce(&mut OsRng);
 
     // Encrypt data
     let data = [1, 2, 3, 4];
 
-    let cbox = crypto_box::Box::new(peer_kp.public_key(), our_kp.private_key());
+    let cbox = SalsaBox::new(peer_kp.public_key(), our_kp.private_key());
     let ciphertext = cbox.encrypt(&nonce, &data[..]).unwrap();
 
     // Create signaling instance
@@ -287,7 +288,10 @@ fn test_decrypt_raw_with_session_keys_with_peer() {
 
     // Decrypt with wrong nonce
     assert_eq!(
-        signaling.decrypt_raw_with_session_keys(&ciphertext, &generate_nonce(&mut OsRng)),
+        signaling.decrypt_raw_with_session_keys(
+            &ciphertext,
+            &XSalsa20Poly1305::generate_nonce(&mut OsRng)
+        ),
         Err(SignalingError::Crypto("Could not decrypt bytes".into()))
     );