Core/grin-wallet
0
0
Fork 0
mirror of https://github.com/mimblewimble/grin-wallet.git synced 2025-02-01 08:51:09 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

update and confirm new ring::aead version (#343)

Browse source
This commit is contained in:
Yeastplume 2020-02-24 17:28:57 +00:00 committed by GitHub
parent bed60dff5b
commit bf27520bd2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 53 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
api/src/types.rs
View file

@ -80,17 +80,22 @@ impl EncryptedBody {
))?
.as_bytes()
.to_vec();
let sealing_key = aead::SealingKey::new(&aead::AES_256_GCM, &enc_key.0).context(
ErrorKind::APIEncryption("EncryptedBody Enc: Unable to create key".to_owned()),
)?;
let nonce: [u8; 12] = thread_rng().gen();
let suffix_len = aead::AES_256_GCM.tag_len();
for _ in 0..suffix_len {
to_encrypt.push(0);
let unbound_key = aead::UnboundKey::new(&aead::AES_256_GCM, &enc_key.0).unwrap();
let sealing_key: aead::LessSafeKey = aead::LessSafeKey::new(unbound_key);
let aad = aead::Aad::from(&[]);
let res = sealing_key.seal_in_place_append_tag(
aead::Nonce::assume_unique_for_key(nonce),
aad,
&mut to_encrypt,
);
if let Err(_) = res {
return Err(
ErrorKind::APIEncryption("EncryptedBody: encryption failed".to_owned()).into(),
);
}
aead::seal_in_place(&sealing_key, &nonce, &[], &mut to_encrypt, suffix_len).context(
ErrorKind::APIEncryption("EncryptedBody: Encryption Failed".to_owned()),
)?;
Ok(EncryptedBody {
nonce: to_hex(nonce.to_vec()),
@ -120,20 +125,25 @@ impl EncryptedBody {
let mut to_decrypt = base64::decode(&self.body_enc).context(ErrorKind::APIEncryption(
"EncryptedBody Dec: Encrypted request contains invalid Base64".to_string(),
))?;
let opening_key = aead::OpeningKey::new(&aead::AES_256_GCM, &dec_key.0).context(
ErrorKind::APIEncryption("EncryptedBody Dec: Unable to create key".to_owned()),
)?;
let nonce = from_hex(self.nonce.clone()).context(ErrorKind::APIEncryption(
"EncryptedBody Dec: Invalid Nonce".to_string(),
))?;
aead::open_in_place(&opening_key, &nonce, &[], 0, &mut to_decrypt).context(
ErrorKind::APIEncryption(
"EncryptedBody Dec: Decryption Failed (is key correct?)".to_string(),
),
)?;
let mut n = [0u8; 12];
n.copy_from_slice(&nonce[0..12]);
let unbound_key = aead::UnboundKey::new(&aead::AES_256_GCM, &dec_key.0).unwrap();
let opening_key: aead::LessSafeKey = aead::LessSafeKey::new(unbound_key);
let aad = aead::Aad::from(&[]);
let res =
opening_key.open_in_place(aead::Nonce::assume_unique_for_key(n), aad, &mut to_decrypt);
if let Err(_) = res {
return Err(
ErrorKind::APIEncryption("EncryptedBody: decryption failed".to_owned()).into(),
);
}
for _ in 0..aead::AES_256_GCM.tag_len() {
to_decrypt.pop();
}
let decrypted = String::from_utf8(to_decrypt).context(ErrorKind::APIEncryption(
"EncryptedBody Dec: Invalid UTF-8".to_string(),
))?;

55
impls/src/lifecycle/seed.rs
View file

@ -230,23 +230,6 @@ pub struct EncryptedWalletSeed {
pub nonce: String,
}
struct RandomNonce;
impl aead::NonceSequence for RandomNonce {
fn advance(&mut self) -> Result<aead::Nonce, ring::error::Unspecified> {
let nonce: [u8; 12] = thread_rng().gen();
Ok(aead::Nonce::assume_unique_for_key(nonce))
}
}
struct OpeningNonce([u8; 12]);
impl aead::NonceSequence for OpeningNonce {
fn advance(&mut self) -> Result<aead::Nonce, ring::error::Unspecified> {
Ok(aead::Nonce::assume_unique_for_key(self.0))
}
}
impl EncryptedWalletSeed {
/// Create a new encrypted seed from the given seed + password
pub fn from_seed(
@ -256,7 +239,7 @@ impl EncryptedWalletSeed {
let salt: [u8; 8] = thread_rng().gen();
let nonce: [u8; 12] = thread_rng().gen();
let password = password.as_bytes();
let mut key = [0; 64];
let mut key = [0; 32];
pbkdf2::derive(
ring::pbkdf2::PBKDF2_HMAC_SHA512,
NonZeroU32::new(100).unwrap(),
@ -266,15 +249,21 @@ impl EncryptedWalletSeed {
);
let content = seed.0.to_vec();
let mut enc_bytes = content;
let suffix_len = aead::CHACHA20_POLY1305.tag_len();
/*let suffix_len = aead::CHACHA20_POLY1305.tag_len();
for _ in 0..suffix_len {
enc_bytes.push(0);
}
}*/
let unbound_key = aead::UnboundKey::new(&aead::CHACHA20_POLY1305, &key).unwrap();
let mut sealing_key: aead::SealingKey<RandomNonce> =
aead::BoundKey::new(unbound_key, RandomNonce);
let aad = aead::Aad::empty();
sealing_key.seal_in_place_append_tag(aad, &mut enc_bytes);
let sealing_key: aead::LessSafeKey = aead::LessSafeKey::new(unbound_key);
let aad = aead::Aad::from(&[]);
let res = sealing_key.seal_in_place_append_tag(
aead::Nonce::assume_unique_for_key(nonce),
aad,
&mut enc_bytes,
);
if let Err(_) = res {
return Err(ErrorKind::Encryption.into());
}
Ok(EncryptedWalletSeed {
encrypted_seed: util::to_hex(enc_bytes.to_vec()),
@ -309,12 +298,20 @@ impl EncryptedWalletSeed {
let mut n = [0u8; 12];
n.copy_from_slice(&nonce[0..12]);
let nonce = OpeningNonce(n);
let unbound_key = aead::UnboundKey::new(&aead::CHACHA20_POLY1305, &key).unwrap();
let mut opening_key: aead::OpeningKey<OpeningNonce> =
aead::BoundKey::new(unbound_key, nonce);
let aad = aead::Aad::empty();
opening_key.open_in_place(aad, &mut encrypted_seed);
let opening_key: aead::LessSafeKey = aead::LessSafeKey::new(unbound_key);
let aad = aead::Aad::from(&[]);
let res = opening_key.open_in_place(
aead::Nonce::assume_unique_for_key(n),
aad,
&mut encrypted_seed,
);
if let Err(_) = res {
return Err(ErrorKind::Encryption.into());
}
for _ in 0..aead::AES_256_GCM.tag_len() {
encrypted_seed.pop();
}
Ok(WalletSeed::from_bytes(&encrypted_seed))
}