Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove rust_sodium and replace encryptions with AES #255

Merged
merged 2 commits into from Dec 2, 2019

Conversation

Yoga07
Copy link
Contributor

@Yoga07 Yoga07 commented Nov 27, 2019

Resolves #254

- Aes128 is used along with CBC block cipher mode of operation
@@ -8,18 +8,46 @@

// TODO(dirvine) Look at aessafe 256X8 cbc it should be very much faster :01/03/2015
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can remove this comment now.

where
E: StorageError,
{
let cipher = Aes128Cbc::new_var(key.0.as_ref(), iv.0.as_ref()).unwrap();
Copy link
Member

@dirvine dirvine Nov 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not unwrap here ? is better

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah! Missed it in the rush! Thanks! :)


pub const KEY_SIZE: usize = KEYBYTES;
pub const IV_SIZE: usize = NONCEBYTES;
// Buffer size is set to max chunk size + 100 bytes for padding.
Copy link
Member

@dirvine dirvine Nov 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to consider 100 bytes here for padding. It should be no more than 15 bytes I think, but taken care of by the block_modes crate AFAIK.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or use encrypt_vec (and decrypt_vec) and you don't have to worry about the padding at all.

{
let cipher = Aes128Cbc::new_var(key.0.as_ref(), iv.0.as_ref()).unwrap();
let pos = data.len();
let mut buffer = [0u8; BUFFER_SIZE];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can overflow the stack, depending on the platform, compiler, etc... Better to use Vec.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...but as I wrote in the other comment, better to use encrypt_vec, then you don't have to worry about any of this.


pub const KEY_SIZE: usize = KEYBYTES;
pub const IV_SIZE: usize = NONCEBYTES;
// Buffer size is set to max chunk size + 100 bytes for padding.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or use encrypt_vec (and decrypt_vec) and you don't have to worry about the padding at all.

Copy link

@jeanphilippeD jeanphilippeD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks reasonable, I think I agree with @madadam 's comments.

tests/lib.rs Show resolved Hide resolved
.map_err(|_| SelfEncryptionError::Encryption)
let cipher = Aes128Cbc::new_var(key.0.as_ref(), iv.0.as_ref())
.map_err(|e| SelfEncryptionError::Cipher(format!("{:?}", e)))?;
Ok(cipher.encrypt_vec(data))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much nicer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Deprecation of Rust-Sodium
5 participants