Use rust-ece with rc_crypto dynamic backend

components/fxa-client/Cargo.toml

@@ -13,7 +13,6 @@ failure = "0.1.3"
 hex = "0.3.2"
 lazy_static = "1.0.0"
 log = "0.4"
-openssl = { version = "0.10.24", optional = true }
 prost = "0.5"
 prost-derive = "0.5"
 serde = { version = "1.0.98", features = ["rc"] }

components/fxa-client/src/commands/send_tab.rs

@@ -15,10 +15,8 @@
 /// then sent to the target device.
 use crate::{device::Device, error::*, scoped_keys::ScopedKey, scopes};
 use hex;
-use rc_crypto::ece::{
-    self, Aes128GcmEceWebPushImpl, EcKeyComponents, LocalKeyPair, LocalKeyPairImpl,
-    RemotePublicKey, RemotePublicKeyImpl, WebPushParams,
-};
+use rc_crypto::ece::{self, Aes128GcmEceWebPush, EcKeyComponents, WebPushParams};
+use rc_crypto::ece_crypto::{RcCryptoLocalKeyPair, RcCryptoRemotePublicKey};
 use serde_derive::*;
 use sync15::{EncryptedPayload, KeyBundle};
 
@@ -32,10 +30,10 @@ pub struct EncryptedSendTabPayload {
 
 impl EncryptedSendTabPayload {
     pub(crate) fn decrypt(self, keys: &PrivateSendTabKeysV1) -> Result<SendTabPayload> {
+        rc_crypto::ensure_initialized();
         let encrypted = base64::decode_config(&self.encrypted, base64::URL_SAFE_NO_PAD)?;
-        let private_key = LocalKeyPairImpl::from_raw_components(&keys.p256key)?;
-        let decrypted =
-            Aes128GcmEceWebPushImpl::decrypt(&private_key, &keys.auth_secret, &encrypted)?;
+        let private_key = RcCryptoLocalKeyPair::from_raw_components(&keys.p256key)?;
+        let decrypted = Aes128GcmEceWebPush::decrypt(&private_key, &keys.auth_secret, &encrypted)?;
         Ok(serde_json::from_slice(&decrypted)?)
     }
 }
@@ -55,11 +53,12 @@ impl SendTabPayload {
         }
     }
     fn encrypt(&self, keys: PublicSendTabKeys) -> Result<EncryptedSendTabPayload> {
+        rc_crypto::ensure_initialized();
         let bytes = serde_json::to_vec(&self)?;
         let public_key = base64::decode_config(&keys.public_key, base64::URL_SAFE_NO_PAD)?;
-        let public_key = RemotePublicKeyImpl::from_raw(&public_key)?;
+        let public_key = RcCryptoRemotePublicKey::from_raw(&public_key)?;
         let auth_secret = base64::decode_config(&keys.auth_secret, base64::URL_SAFE_NO_PAD)?;
-        let encrypted = Aes128GcmEceWebPushImpl::encrypt(
+        let encrypted = Aes128GcmEceWebPush::encrypt(
             &public_key,
             &auth_secret,
             &bytes,
@@ -109,6 +108,7 @@ impl PrivateSendTabKeys {
 
 impl PrivateSendTabKeys {
     pub fn from_random() -> Result<Self> {
+        rc_crypto::ensure_initialized();
         let (key_pair, auth_secret) = ece::generate_keypair_and_auth_secret()?;
         Ok(Self {
             p256key: key_pair.raw_components()?,

components/push/src/crypto.rs

@@ -4,9 +4,9 @@
 
 use crate::error;
 use rc_crypto::ece::{
-    Aes128GcmEceWebPushImpl, AesGcmEceWebPushImpl, AesGcmEncryptedBlock, EcKeyComponents,
-    LocalKeyPair, LocalKeyPairImpl,
+    Aes128GcmEceWebPush, AesGcmEceWebPush, AesGcmEncryptedBlock, EcKeyComponents, LocalKeyPair,
 };
+use rc_crypto::ece_crypto::RcCryptoLocalKeyPair;
 use rc_crypto::rand;
 use serde_derive::*;
 
@@ -50,8 +50,8 @@ impl Key {
         }
     }
 
-    pub fn key_pair(&self) -> error::Result<LocalKeyPairImpl> {
-        LocalKeyPairImpl::from_raw_components(&self.p256key).map_err(|e| {
+    pub fn key_pair(&self) -> error::Result<RcCryptoLocalKeyPair> {
+        RcCryptoLocalKeyPair::from_raw_components(&self.p256key).map_err(|e| {
             error::ErrorKind::CryptoError(format!(
                 "Could not re-create key from components: {:?}",
                 e
@@ -139,7 +139,7 @@ fn extract_value(string: Option<&str>, target: &str) -> Option<Vec<u8>> {
 impl Cryptography for Crypto {
     /// Generate a new cryptographic Key
     fn generate_key() -> error::Result<Key> {
-        let key = LocalKeyPairImpl::generate_random().map_err(|e| {
+        let key = RcCryptoLocalKeyPair::generate_random().map_err(|e| {
             error::ErrorKind::CryptoError(format!("Could not generate key: {:?}", e))
         })?;
         let components = key.raw_components().map_err(|e| {
@@ -173,6 +173,7 @@ impl Cryptography for Crypto {
         salt: Option<&str>,
         dh: Option<&str>,
     ) -> error::Result<Decrypted> {
+        rc_crypto::ensure_initialized();
         // convert the private key into something useful.
         let d_salt = extract_value(salt, "salt");
         let d_dh = extract_value(dh, "dh");
@@ -216,12 +217,12 @@ impl Cryptography for Crypto {
                 .into());
             }
         };
-        AesGcmEceWebPushImpl::decrypt(&key.key_pair()?, &key.auth, &block)
+        AesGcmEceWebPush::decrypt(&key.key_pair()?, &key.auth, &block)
             .map_err(|_| error::ErrorKind::CryptoError("Decryption error".to_owned()).into())
     }
 
     fn decrypt_aes128gcm(key: &Key, content: &[u8]) -> error::Result<Vec<u8>> {
-        Aes128GcmEceWebPushImpl::decrypt(&key.key_pair()?, &key.auth, &content)
+        Aes128GcmEceWebPush::decrypt(&key.key_pair()?, &key.auth, &content)
             .map_err(|_| error::ErrorKind::CryptoError("Decryption error".to_owned()).into())
     }
 }

components/support/rc_crypto/Cargo.toml

@@ -16,8 +16,7 @@ error-support = { path = "../error" }
 nss = { path = "nss" }
 libsqlite3-sys = { version = "0.15.0", features = ["bundled"] }
 hawk = { version = "3.0.0", default-features = false, optional = true }
-ece = { version = "1.0.1", optional = true }
+ece = { git = "https://github.com/eoger/rust-ece", branch = "dyn-crypto", default-features = false, features = ["serializable-keys"], optional = true }
 
 [dev-dependencies]
 hex = "0.3.2"
-openssl-sys = "0.9.48"