New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove rust_sodium and replace encryptions with AES #255
Conversation
- Aes128 is used along with CBC block cipher mode of operation
src/encryption.rs
Outdated
@@ -8,18 +8,46 @@ | |||
|
|||
// TODO(dirvine) Look at aessafe 256X8 cbc it should be very much faster :01/03/2015 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can remove this comment now.
src/encryption.rs
Outdated
where | ||
E: StorageError, | ||
{ | ||
let cipher = Aes128Cbc::new_var(key.0.as_ref(), iv.0.as_ref()).unwrap(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should not unwrap here ?
is better
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah! Missed it in the rush! Thanks! :)
src/encryption.rs
Outdated
|
||
pub const KEY_SIZE: usize = KEYBYTES; | ||
pub const IV_SIZE: usize = NONCEBYTES; | ||
// Buffer size is set to max chunk size + 100 bytes for padding. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to consider 100 bytes here for padding. It should be no more than 15 bytes I think, but taken care of by the block_modes crate AFAIK.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or use encrypt_vec
(and decrypt_vec
) and you don't have to worry about the padding at all.
src/encryption.rs
Outdated
{ | ||
let cipher = Aes128Cbc::new_var(key.0.as_ref(), iv.0.as_ref()).unwrap(); | ||
let pos = data.len(); | ||
let mut buffer = [0u8; BUFFER_SIZE]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can overflow the stack, depending on the platform, compiler, etc... Better to use Vec
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
...but as I wrote in the other comment, better to use encrypt_vec
, then you don't have to worry about any of this.
src/encryption.rs
Outdated
|
||
pub const KEY_SIZE: usize = KEYBYTES; | ||
pub const IV_SIZE: usize = NONCEBYTES; | ||
// Buffer size is set to max chunk size + 100 bytes for padding. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or use encrypt_vec
(and decrypt_vec
) and you don't have to worry about the padding at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks reasonable, I think I agree with @madadam 's comments.
.map_err(|_| SelfEncryptionError::Encryption) | ||
let cipher = Aes128Cbc::new_var(key.0.as_ref(), iv.0.as_ref()) | ||
.map_err(|e| SelfEncryptionError::Cipher(format!("{:?}", e)))?; | ||
Ok(cipher.encrypt_vec(data)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Much nicer
Resolves #254