update and confirm new ring::aead version (#343)

mimblewimble · Feb 24, 2020 · bf27520 · bf27520
1 parent bed60df
commit bf27520
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 46 deletions.
diff --git a/api/src/types.rs b/api/src/types.rs
@@ -80,17 +80,22 @@ impl EncryptedBody {
 			))?
 			.as_bytes()
 			.to_vec();
-		let sealing_key = aead::SealingKey::new(&aead::AES_256_GCM, &enc_key.0).context(
-			ErrorKind::APIEncryption("EncryptedBody Enc: Unable to create key".to_owned()),
-		)?;
+
 		let nonce: [u8; 12] = thread_rng().gen();
-		let suffix_len = aead::AES_256_GCM.tag_len();
-		for _ in 0..suffix_len {
-			to_encrypt.push(0);
+
+		let unbound_key = aead::UnboundKey::new(&aead::AES_256_GCM, &enc_key.0).unwrap();
+		let sealing_key: aead::LessSafeKey = aead::LessSafeKey::new(unbound_key);
+		let aad = aead::Aad::from(&[]);
+		let res = sealing_key.seal_in_place_append_tag(
+			aead::Nonce::assume_unique_for_key(nonce),
+			aad,
+			&mut to_encrypt,
+		);
+		if let Err(_) = res {
+			return Err(
+				ErrorKind::APIEncryption("EncryptedBody: encryption failed".to_owned()).into(),
+			);
 		}
-		aead::seal_in_place(&sealing_key, &nonce, &[], &mut to_encrypt, suffix_len).context(
-			ErrorKind::APIEncryption("EncryptedBody: Encryption Failed".to_owned()),
-		)?;
 
 		Ok(EncryptedBody {
 			nonce: to_hex(nonce.to_vec()),
@@ -120,20 +125,25 @@ impl EncryptedBody {
 		let mut to_decrypt = base64::decode(&self.body_enc).context(ErrorKind::APIEncryption(
 			"EncryptedBody Dec: Encrypted request contains invalid Base64".to_string(),
 		))?;
-		let opening_key = aead::OpeningKey::new(&aead::AES_256_GCM, &dec_key.0).context(
-			ErrorKind::APIEncryption("EncryptedBody Dec: Unable to create key".to_owned()),
-		)?;
 		let nonce = from_hex(self.nonce.clone()).context(ErrorKind::APIEncryption(
 			"EncryptedBody Dec: Invalid Nonce".to_string(),
 		))?;
-		aead::open_in_place(&opening_key, &nonce, &[], 0, &mut to_decrypt).context(
-			ErrorKind::APIEncryption(
-				"EncryptedBody Dec: Decryption Failed (is key correct?)".to_string(),
-			),
-		)?;
+		let mut n = [0u8; 12];
+		n.copy_from_slice(&nonce[0..12]);
+		let unbound_key = aead::UnboundKey::new(&aead::AES_256_GCM, &dec_key.0).unwrap();
+		let opening_key: aead::LessSafeKey = aead::LessSafeKey::new(unbound_key);
+		let aad = aead::Aad::from(&[]);
+		let res =
+			opening_key.open_in_place(aead::Nonce::assume_unique_for_key(n), aad, &mut to_decrypt);
+		if let Err(_) = res {
+			return Err(
+				ErrorKind::APIEncryption("EncryptedBody: decryption failed".to_owned()).into(),
+			);
+		}
 		for _ in 0..aead::AES_256_GCM.tag_len() {
 			to_decrypt.pop();
 		}
+
 		let decrypted = String::from_utf8(to_decrypt).context(ErrorKind::APIEncryption(
 			"EncryptedBody Dec: Invalid UTF-8".to_string(),
 		))?;

diff --git a/impls/src/lifecycle/seed.rs b/impls/src/lifecycle/seed.rs
@@ -230,23 +230,6 @@ pub struct EncryptedWalletSeed {
 	pub nonce: String,
 }
 
-struct RandomNonce;
-
-impl aead::NonceSequence for RandomNonce {
-	fn advance(&mut self) -> Result<aead::Nonce, ring::error::Unspecified> {
-		let nonce: [u8; 12] = thread_rng().gen();
-		Ok(aead::Nonce::assume_unique_for_key(nonce))
-	}
-}
-
-struct OpeningNonce([u8; 12]);
-
-impl aead::NonceSequence for OpeningNonce {
-	fn advance(&mut self) -> Result<aead::Nonce, ring::error::Unspecified> {
-		Ok(aead::Nonce::assume_unique_for_key(self.0))
-	}
-}
-
 impl EncryptedWalletSeed {
 	/// Create a new encrypted seed from the given seed + password
 	pub fn from_seed(
@@ -256,7 +239,7 @@ impl EncryptedWalletSeed {
 		let salt: [u8; 8] = thread_rng().gen();
 		let nonce: [u8; 12] = thread_rng().gen();
 		let password = password.as_bytes();
-		let mut key = [0; 64];
+		let mut key = [0; 32];
 		pbkdf2::derive(
 			ring::pbkdf2::PBKDF2_HMAC_SHA512,
 			NonZeroU32::new(100).unwrap(),
@@ -266,15 +249,21 @@ impl EncryptedWalletSeed {
 		);
 		let content = seed.0.to_vec();
 		let mut enc_bytes = content;
-		let suffix_len = aead::CHACHA20_POLY1305.tag_len();
+		/*let suffix_len = aead::CHACHA20_POLY1305.tag_len();
 		for _ in 0..suffix_len {
 			enc_bytes.push(0);
-		}
+		}*/
 		let unbound_key = aead::UnboundKey::new(&aead::CHACHA20_POLY1305, &key).unwrap();
-		let mut sealing_key: aead::SealingKey<RandomNonce> =
-			aead::BoundKey::new(unbound_key, RandomNonce);
-		let aad = aead::Aad::empty();
-		sealing_key.seal_in_place_append_tag(aad, &mut enc_bytes);
+		let sealing_key: aead::LessSafeKey = aead::LessSafeKey::new(unbound_key);
+		let aad = aead::Aad::from(&[]);
+		let res = sealing_key.seal_in_place_append_tag(
+			aead::Nonce::assume_unique_for_key(nonce),
+			aad,
+			&mut enc_bytes,
+		);
+		if let Err(_) = res {
+			return Err(ErrorKind::Encryption.into());
+		}
 
 		Ok(EncryptedWalletSeed {
 			encrypted_seed: util::to_hex(enc_bytes.to_vec()),
@@ -309,12 +298,20 @@ impl EncryptedWalletSeed {
 
 		let mut n = [0u8; 12];
 		n.copy_from_slice(&nonce[0..12]);
-		let nonce = OpeningNonce(n);
 		let unbound_key = aead::UnboundKey::new(&aead::CHACHA20_POLY1305, &key).unwrap();
-		let mut opening_key: aead::OpeningKey<OpeningNonce> =
-			aead::BoundKey::new(unbound_key, nonce);
-		let aad = aead::Aad::empty();
-		opening_key.open_in_place(aad, &mut encrypted_seed);
+		let opening_key: aead::LessSafeKey = aead::LessSafeKey::new(unbound_key);
+		let aad = aead::Aad::from(&[]);
+		let res = opening_key.open_in_place(
+			aead::Nonce::assume_unique_for_key(n),
+			aad,
+			&mut encrypted_seed,
+		);
+		if let Err(_) = res {
+			return Err(ErrorKind::Encryption.into());
+		}
+		for _ in 0..aead::AES_256_GCM.tag_len() {
+			encrypted_seed.pop();
+		}
 
 		Ok(WalletSeed::from_bytes(&encrypted_seed))
 	}