Allow trait-based dynamic crypto implementations #36
Conversation
| @@ -3,32 +3,31 @@ | |||
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |||
There was a problem hiding this comment.
This file is probably where the review is needed, I've left comments to guide the review a little bit.
src/crypto/mod.rs
Outdated
| /// Export the key component in the | ||
| /// binary uncompressed point representation. | ||
| fn as_raw(&self) -> Result<Vec<u8>>; | ||
| /// For downcasting purposes. | ||
| fn as_any(&self) -> &Any; |
There was a problem hiding this comment.
Cryptographer::compute_ecdh_secret takes RemotePublicKey and LocalKeyPair, but might need to downcast them to use specific implemented methods. So that's why I came up with this.
| } | ||
|
|
||
| pub trait LocalKeyPair { | ||
| /// Generate a random local key pair. | ||
| fn generate_random() -> Result<Self> |
There was a problem hiding this comment.
Here and below, removed the Result<Self> methods to make these traits object-safe.
| @@ -81,17 +80,33 @@ impl EcKeyComponents { | |||
| } | |||
| } | |||
|
|
|||
| pub trait Crypto: Sized { | |||
| type RemotePublicKey: RemotePublicKey; | |||
There was a problem hiding this comment.
Removed the associated types to make Cryptographer object-safe.
There was a problem hiding this comment.
Note: which is also why we end up with #36 (comment).
| fn generate_ephemeral_keypair() -> Result<Self::LocalKeyPair>; | ||
| pub trait Cryptographer: Send + Sync + 'static { | ||
| /// Generate a random ephemeral local key pair. | ||
| fn generate_ephemeral_keypair(&self) -> Result<Box<dyn LocalKeyPair>>; |
There was a problem hiding this comment.
See previous comment, moved these methods to make LocalKeyPair and RemotePublicKey traits object-safe.
| fn compute_ecdh_secret( | ||
| remote: &Self::RemotePublicKey, | ||
| local: &Self::LocalKeyPair, | ||
| &self, |
There was a problem hiding this comment.
Here and below I'm making these methods take self.
| ) -> Result<Vec<u8>> { | ||
| let local_any = local.as_any(); |
src/crypto/mod.rs
Outdated
| data: &[u8], | ||
| tag: &[u8], | ||
| ) -> Result<Vec<u8>>; | ||
| fn random(&self, dest: &mut [u8]) -> Result<()>; |
There was a problem hiding this comment.
Note for self:
| fn random(&self, dest: &mut [u8]) -> Result<()>; | |
| fn random_bytes(&self, dest: &mut [u8]) -> Result<()>; |
src/crypto/mod.rs
Outdated
| /// Export the raw components of the keypair. | ||
| fn raw_components(&self) -> Result<(EcKeyComponents)>; | ||
| /// For downcasting purposes. | ||
| fn as_any(&self) -> &Any; |
| @@ -122,31 +128,34 @@ mod aes128gcm_tests { | |||
| #[test] | |||
| fn test_e2e() { | |||
| let (local_key, remote_key) = generate_keys().unwrap(); | |||
| let plaintext = "When I grow up, I want to be a watermelon".as_bytes(); | |||
| let plaintext = b"When I grow up, I want to be a watermelon"; | |||
There was a problem hiding this comment.
Critical secret insight into eoger's psyche.
This is more or less what @thomcc did in taskcluster/rust-hawk#23 and should enable us to use rust-ece without pulling openssl at all in application-services.