refactor(crypto): Don't use getrandom directly, we already use the ra…

…nd crate
matrix-org · Mar 7, 2022 · 601b4a4 · 601b4a4
1 parent 3df4b24
commit 601b4a4
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 15 deletions.
diff --git a/crates/matrix-sdk-crypto/Cargo.toml b/crates/matrix-sdk-crypto/Cargo.toml
@@ -33,7 +33,6 @@ bs58 = { version = "0.4.0", optional = true }
 byteorder = "1.4.3"
 dashmap = "5.1.0"
 futures-util = { version = "0.3.15", default-features = false, features = ["alloc"] }
-getrandom = "0.2.3"
 hmac = "0.12.0"
 matrix-qrcode = { version = "0.2.0", path = "../matrix-qrcode", optional = true }
 matrix-sdk-common = { version = "0.4.0", path = "../matrix-sdk-common" }

diff --git a/crates/matrix-sdk-crypto/src/file_encryption/attachments.rs b/crates/matrix-sdk-crypto/src/file_encryption/attachments.rs
@@ -22,7 +22,7 @@ use aes::{
     Aes256, Aes256Ctr,
 };
 use base64::DecodeError;
-use getrandom::getrandom;
+use rand::{thread_rng, RngCore};
 use ruma::{
     events::room::{EncryptedFile, JsonWebKey, JsonWebKeyInit},
     serde::Base64,
@@ -218,10 +218,12 @@ impl<'a, R: Read + ?Sized + 'a> AttachmentEncryptor<'a, R> {
         let mut key = Zeroizing::new([0u8; KEY_SIZE]);
         let mut iv = Zeroizing::new([0u8; IV_SIZE]);
 
-        getrandom(&mut *key).expect("Can't generate randomness");
+        let mut rng = thread_rng();
+
+        rng.fill_bytes(&mut *key);
         // Only populate the first 8 bytes with randomness, the rest is 0
         // initialized for the counter.
-        getrandom(&mut iv[0..8]).expect("Can't generate randomness");
+        rng.fill_bytes(&mut iv[0..8]);
 
         let web_key = JsonWebKey::from(JsonWebKeyInit {
             kty: "oct".to_owned(),

diff --git a/crates/matrix-sdk-crypto/src/file_encryption/key_export.rs b/crates/matrix-sdk-crypto/src/file_encryption/key_export.rs
@@ -19,9 +19,9 @@ use aes::{
     Aes256, Aes256Ctr,
 };
 use byteorder::{BigEndian, ReadBytesExt};
-use getrandom::getrandom;
 use hmac::{Hmac, Mac};
 use pbkdf2::pbkdf2;
+use rand::{thread_rng, RngCore};
 use serde_json::Error as SerdeError;
 use sha2::{Sha256, Sha512};
 use thiserror::Error;
@@ -152,8 +152,10 @@ fn encrypt_helper(plaintext: &mut [u8], passphrase: &str, rounds: u32) -> String
     let mut iv = [0u8; IV_SIZE];
     let mut derived_keys = [0u8; KEY_SIZE * 2];
 
-    getrandom(&mut salt).expect("Can't generate randomness");
-    getrandom(&mut iv).expect("Can't generate randomness");
+    let mut rng = thread_rng();
+
+    rng.fill_bytes(&mut salt);
+    rng.fill_bytes(&mut iv);
 
     let mut iv = u128::from_be_bytes(iv);
     iv &= !(1 << 63);

diff --git a/crates/matrix-sdk-crypto/src/store/pickle_key.rs b/crates/matrix-sdk-crypto/src/store/pickle_key.rs
@@ -18,9 +18,9 @@ use aes_gcm::{
     aead::{generic_array::GenericArray, Aead, NewAead},
     Aes256Gcm, Error as DecryptionError,
 };
-use getrandom::getrandom;
 use hmac::Hmac;
 use pbkdf2::pbkdf2;
+use rand::{thread_rng, RngCore};
 use serde::{Deserialize, Serialize};
 use sha2::Sha256;
 use zeroize::{Zeroize, Zeroizing};
@@ -81,7 +81,8 @@ pub struct PickleKey {
 impl Default for PickleKey {
     fn default() -> Self {
         let mut key = vec![0u8; KEY_SIZE];
-        getrandom(&mut key).expect("Can't generate new pickle key");
+        let mut rng = thread_rng();
+        rng.fill_bytes(&mut key);
 
         Self { aes256_key: key }
     }
@@ -122,15 +123,17 @@ impl PickleKey {
     /// * `passphrase` - The passphrase that should be used to encrypt the
     /// pickle key.
     pub fn encrypt(&self, passphrase: &str) -> EncryptedPickleKey {
+        let mut rng = thread_rng();
         let mut salt = vec![0u8; KDF_SALT_SIZE];
-        getrandom(&mut salt).expect("Can't generate new random pickle key");
+
+        rng.fill_bytes(&mut salt);
 
         let key = PickleKey::expand_key(passphrase, &salt, KDF_ROUNDS);
         let key = GenericArray::from_slice(key.as_ref());
         let cipher = Aes256Gcm::new(key);
 
         let mut nonce = vec![0u8; NONCE_SIZE];
-        getrandom(&mut nonce).expect("Can't generate new random nonce for the pickle key");
+        rng.fill_bytes(&mut nonce);
 
         let ciphertext = cipher
             .encrypt(GenericArray::from_slice(nonce.as_ref()), self.aes256_key.as_slice())

diff --git a/crates/matrix-sdk-crypto/src/verification/qrcode.rs b/crates/matrix-sdk-crypto/src/verification/qrcode.rs
@@ -18,6 +18,7 @@ use matrix_qrcode::{
     qrcode::QrCode, EncodingError, QrVerificationData, SelfVerificationData,
     SelfVerificationNoMasterKey, VerificationData,
 };
+use rand::{thread_rng, RngCore};
 use ruma::{
     api::client::keys::upload_signatures::v3::Request as SignatureUploadRequest,
     events::{
@@ -431,10 +432,11 @@ impl QrVerification {
     }
 
     fn generate_secret() -> Base64 {
-        let mut shared_secret = [0u8; SECRET_SIZE];
-        getrandom::getrandom(&mut shared_secret)
-            .expect("Can't generate randomness for the shared secret");
-        Base64::new(shared_secret.to_vec())
+        let mut shared_secret = vec![0u8; SECRET_SIZE];
+        let mut rng = thread_rng();
+        rng.fill_bytes(&mut shared_secret);
+
+        Base64::new(shared_secret)
     }
 
     pub(crate) fn new_self(