Core/grin-wallet
0
0
Fork 0
mirror of https://github.com/mimblewimble/grin-wallet.git synced 2025-01-21 03:21:08 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update ring crates, update ring AEAD functionality to new ring API (#341)

Browse source
This commit is contained in:
Yeastplume 2020-02-24 12:03:09 +00:00 committed by GitHub
parent 1ced8990b9
commit 9213559548
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 796 additions and 253 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

978
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

2
api/Cargo.toml
View file

@ -20,7 +20,7 @@ serde_derive = "1"
serde_json = "1" serde_json = "1"
easy-jsonrpc-mw = "0.5.3" easy-jsonrpc-mw = "0.5.3"
chrono = { version = "0.4.4", features = ["serde"] } chrono = { version = "0.4.4", features = ["serde"] }
ring = "0.13" ring = "0.16"
base64 = "0.9" base64 = "0.9"
ed25519-dalek = "1.0.0-pre.1" ed25519-dalek = "1.0.0-pre.1"

2
controller/Cargo.toml
View file

@ -21,7 +21,7 @@ serde_derive = "1"
serde_json = "1" serde_json = "1"
log = "0.4" log = "0.4"
prettytable-rs = "0.7" prettytable-rs = "0.7"
ring = "0.13" ring = "0.16"
term = "0.5" term = "0.5"
tokio = "= 0.1.11" tokio = "= 0.1.11"
tokio-core = "0.1" tokio-core = "0.1"

6
impls/Cargo.toml
View file

@ -20,7 +20,7 @@ serde = "1"
serde_derive = "1" serde_derive = "1"
serde_json = "1" serde_json = "1"
log = "0.4" log = "0.4"
ring = "0.13" ring = "0.16"
tokio = "= 0.1.11" tokio = "= 0.1.11"
tokio-core = "0.1" tokio-core = "0.1"
tokio-retry = "0.1" tokio-retry = "0.1"
@ -31,8 +31,8 @@ jsonrpc-client-http = "0.5.0"
#http client (copied from grin) #http client (copied from grin)
http = "0.1.5" http = "0.1.5"
hyper-rustls = "0.14" hyper-rustls = "0.19"
hyper-timeout = "0.2" hyper-timeout = "0.3"
#Socks/Tor #Socks/Tor
byteorder = "1" byteorder = "1"

61
impls/src/lifecycle/seed.rs
View file

@ -12,6 +12,7 @@
// See the License for the specific language governing permissions and // See the License for the specific language governing permissions and
// limitations under the License. // limitations under the License.
use core::num::NonZeroU32;
use std::fs::{self, File}; use std::fs::{self, File};
use std::io::{Read, Write}; use std::io::{Read, Write};
use std::path::Path; use std::path::Path;
@ -22,7 +23,7 @@ use rand::{thread_rng, Rng};
use serde_json; use serde_json;
use ring::aead; use ring::aead;
use ring::{digest, pbkdf2}; use ring::pbkdf2;
use crate::keychain::{mnemonic, Keychain}; use crate::keychain::{mnemonic, Keychain};
use crate::util; use crate::util;
@ -229,6 +230,23 @@ pub struct EncryptedWalletSeed {
pub nonce: String, pub nonce: String,
} }
struct RandomNonce;
impl aead::NonceSequence for RandomNonce {
fn advance(&mut self) -> Result<aead::Nonce, ring::error::Unspecified> {
let nonce: [u8; 12] = thread_rng().gen();
Ok(aead::Nonce::assume_unique_for_key(nonce))
}
}
struct OpeningNonce([u8; 12]);
impl aead::NonceSequence for OpeningNonce {
fn advance(&mut self) -> Result<aead::Nonce, ring::error::Unspecified> {
Ok(aead::Nonce::assume_unique_for_key(self.0))
}
}
impl EncryptedWalletSeed { impl EncryptedWalletSeed {
/// Create a new encrypted seed from the given seed + password /// Create a new encrypted seed from the given seed + password
pub fn from_seed( pub fn from_seed(
@ -238,18 +256,26 @@ impl EncryptedWalletSeed {
let salt: [u8; 8] = thread_rng().gen(); let salt: [u8; 8] = thread_rng().gen();
let nonce: [u8; 12] = thread_rng().gen(); let nonce: [u8; 12] = thread_rng().gen();
let password = password.as_bytes(); let password = password.as_bytes();
let mut key = [0; 32]; let mut key = [0; 64];
pbkdf2::derive(&digest::SHA512, 100, &salt, password, &mut key); pbkdf2::derive(
ring::pbkdf2::PBKDF2_HMAC_SHA512,
NonZeroU32::new_unchecked(100),
&salt,
password,
&mut key,
);
let content = seed.0.to_vec(); let content = seed.0.to_vec();
let mut enc_bytes = content; let mut enc_bytes = content;
let suffix_len = aead::CHACHA20_POLY1305.tag_len(); let suffix_len = aead::CHACHA20_POLY1305.tag_len();
for _ in 0..suffix_len { for _ in 0..suffix_len {
enc_bytes.push(0); enc_bytes.push(0);
} }
let sealing_key = let unbound_key = aead::UnboundKey::new(&aead::CHACHA20_POLY1305, &key).unwrap();
aead::SealingKey::new(&aead::CHACHA20_POLY1305, &key).context(ErrorKind::Encryption)?; let sealing_key: aead::SealingKey<RandomNonce> =
aead::seal_in_place(&sealing_key, &nonce, &[], &mut enc_bytes, suffix_len) aead::BoundKey::new(unbound_key, RandomNonce);
.context(ErrorKind::Encryption)?; let aad = aead::Aad::empty();
sealing_key.seal_in_place_append_tag(aad, &mut enc_bytes);
Ok(EncryptedWalletSeed { Ok(EncryptedWalletSeed {
encrypted_seed: util::to_hex(enc_bytes.to_vec()), encrypted_seed: util::to_hex(enc_bytes.to_vec()),
salt: util::to_hex(salt.to_vec()), salt: util::to_hex(salt.to_vec()),
@ -273,14 +299,23 @@ impl EncryptedWalletSeed {
}; };
let password = password.as_bytes(); let password = password.as_bytes();
let mut key = [0; 32]; let mut key = [0; 32];
pbkdf2::derive(&digest::SHA512, 100, &salt, password, &mut key); pbkdf2::derive(
ring::pbkdf2::PBKDF2_HMAC_SHA512,
NonZeroU32::new_unchecked(100),
&salt,
password,
&mut key,
);
let opening_key = let mut n = [0u8; 12];
aead::OpeningKey::new(&aead::CHACHA20_POLY1305, &key).context(ErrorKind::Encryption)?; n.copy_from_slice(&nonce[0..12]);
let decrypted_data = aead::open_in_place(&opening_key, &nonce, &[], 0, &mut encrypted_seed) let nonce = OpeningNonce(n);
.context(ErrorKind::Encryption)?; let unbound_key = aead::UnboundKey::new(&aead::CHACHA20_POLY1305, &key).unwrap();
let opening_key: aead::OpeningKey<OpeningNonce> = aead::BoundKey::new(unbound_key, nonce);
let aad = aead::Aad::empty();
opening_key.open_in_place(aad, &mut encrypted_seed);
Ok(WalletSeed::from_bytes(&decrypted_data)) Ok(WalletSeed::from_bytes(&encrypted_seed))
} }
} }