Merge pull request #102 from bwasty/crypto_ring

Update parity-crypto to ring v0.14
2019-01-29 16:42:26 +01:00 · 2019-01-29 16:42:26 +01:00 · 3e0683275c
parent 52401dbe88 7f92af85c3
commit 3e0683275c
5 changed files with 13 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -1,5 +1,4 @@
 [![Build Status travis][travis-image]][travis-url]
-[![Build Status appveyor][appveyor-image]][appveyor-url]

 [travis-image]: https://travis-ci.org/paritytech/parity-common.svg?branch=master
 [travis-url]: https://travis-ci.org/paritytech/parity-common
--- a/parity-crypto/Cargo.toml
+++ b/parity-crypto/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "parity-crypto"
-version = "0.2.0"
+version = "0.3.0"
 authors = ["Parity Technologies <admin@parity.io>"]
 repository = "https://github.com/paritytech/parity-common"
 description = "Crypto utils used by ethstore and network."
@ -8,6 +8,6 @@ license = "GPL-3.0"

 [dependencies]
 quick-error = "1.2.2"
-ring = "0.13"
+ring = "0.14.3"
 rust-crypto = "0.2.36"
 tiny-keccak = "1.4"
--- a/parity-crypto/src/aes_gcm.rs
+++ b/parity-crypto/src/aes_gcm.rs
@ -73,7 +73,9 @@ impl<'a> Encryptor<'a> {
 			Mode::Aes256Gcm => ring::aead::AES_256_GCM.tag_len(),
 		};
 		data.extend(::std::iter::repeat(0).take(tag_len));
-		let len = ring::aead::seal_in_place(&self.key, nonce, self.ad, &mut data[self.offset ..], tag_len)?;
+		let nonce = ring::aead::Nonce::assume_unique_for_key(*nonce);
+		let aad = ring::aead::Aad::from(self.ad);
+		let len = ring::aead::seal_in_place(&self.key, nonce, aad, &mut data[self.offset ..], tag_len)?;
 		data.truncate(self.offset + len);
 		Ok(data)
 	}
@ -121,7 +123,9 @@ impl<'a> Decryptor<'a> {
 		if self.offset > data.len() {
 			return Err(SymmError::offset_error(self.offset))
 		}
-		let len = ring::aead::open_in_place(&self.key, nonce, self.ad, 0, &mut data[self.offset ..])?.len();
+		let nonce = ring::aead::Nonce::assume_unique_for_key(*nonce);
+		let aad = ring::aead::Aad::from(self.ad);
+		let len = ring::aead::open_in_place(&self.key, nonce, aad, 0, &mut data[self.offset ..])?.len();
 		data.truncate(self.offset + len);
 		Ok(data)
 	}
--- a/parity-crypto/src/lib.rs
+++ b/parity-crypto/src/lib.rs
@ -55,7 +55,7 @@ impl<T> Keccak256<[u8; 32]> for T where T: AsRef<[u8]> {
 	}
 }

-pub fn derive_key_iterations(password: &[u8], salt: &[u8], c: u32) -> (Vec<u8>, Vec<u8>) {
+pub fn derive_key_iterations(password: &[u8], salt: &[u8], c: std::num::NonZeroU32) -> (Vec<u8>, Vec<u8>) {
 	let mut derived_key = [0u8; KEY_LENGTH];
 	pbkdf2::sha256(c, pbkdf2::Salt(salt), pbkdf2::Secret(password), &mut derived_key);
 	let derived_right_bits = &derived_key[0..KEY_LENGTH_AES];
--- a/parity-crypto/src/pbkdf2.rs
+++ b/parity-crypto/src/pbkdf2.rs
@ -14,15 +14,17 @@
 // You should have received a copy of the GNU General Public License
 // along with Parity.  If not, see <http://www.gnu.org/licenses/>.

+use std::num::NonZeroU32;
+
 use ring;

 pub struct Salt<'a>(pub &'a [u8]);
 pub struct Secret<'a>(pub &'a [u8]);

-pub fn sha256(iter: u32, salt: Salt, sec: Secret, out: &mut [u8; 32]) {
+pub fn sha256(iter: NonZeroU32, salt: Salt, sec: Secret, out: &mut [u8; 32]) {
 	ring::pbkdf2::derive(&ring::digest::SHA256, iter, salt.0, sec.0, &mut out[..])
 }

-pub fn sha512(iter: u32, salt: Salt, sec: Secret, out: &mut [u8; 64]) {
+pub fn sha512(iter: NonZeroU32, salt: Salt, sec: Secret, out: &mut [u8; 64]) {
 	ring::pbkdf2::derive(&ring::digest::SHA512, iter, salt.0, sec.0, &mut out[..])
 }