diff --git a/src/connection/handshake/dirsync.rs b/src/connection/handshake/dirsync.rs index c0c7961..031f789 100644 --- a/src/connection/handshake/dirsync.rs +++ b/src/connection/handshake/dirsync.rs @@ -15,8 +15,8 @@ use crate::{ enc::{ asym::{ExchangePubKey, KeyExchangeKind, KeyID}, hkdf::HkdfKind, - sym::{CipherKind, HeadLen, Secret, TagLen}, - Random, + sym::{CipherKind, HeadLen, TagLen}, + Random, Secret, }, }; diff --git a/src/enc/asym.rs b/src/enc/asym.rs index a35ebbd..417d502 100644 --- a/src/enc/asym.rs +++ b/src/enc/asym.rs @@ -5,7 +5,7 @@ use ::num_traits::FromPrimitive; use super::Error; use crate::{ config::Config, - enc::{sym::Secret, Random}, + enc::{Random, Secret}, }; /// Public key ID diff --git a/src/enc/hkdf.rs b/src/enc/hkdf.rs index 872b7f0..de888ce 100644 --- a/src/enc/hkdf.rs +++ b/src/enc/hkdf.rs @@ -4,7 +4,7 @@ use ::sha3::Sha3_256; use ::zeroize::Zeroize; -use crate::{config::Config, enc::sym::Secret}; +use crate::{config::Config, enc::Secret}; /// Kind of HKDF #[derive(Debug, Copy, Clone, PartialEq, ::num_derive::FromPrimitive)] diff --git a/src/enc/mod.rs b/src/enc/mod.rs index 4da9a0c..09feb7b 100644 --- a/src/enc/mod.rs +++ b/src/enc/mod.rs @@ -8,6 +8,7 @@ pub mod sym; pub use errors::Error; use ::ring::rand::SecureRandom; +use ::zeroize::Zeroize; /// wrapper where we implement whatever random traint stuff each library needs pub struct Random { @@ -72,3 +73,42 @@ impl ::rand_core::RngCore for &Random { } } impl ::rand_core::CryptoRng for &Random {} + +/// Secret, used for keys. +/// Grants that on drop() we will zero out memory +#[derive(Zeroize, Clone)] +#[zeroize(drop)] +pub struct Secret([u8; 32]); +// Fake debug implementation to avoid leaking secrets +impl ::core::fmt::Debug for Secret { + fn fmt( + &self, + f: &mut core::fmt::Formatter<'_>, + ) -> Result<(), ::std::fmt::Error> { + ::core::fmt::Debug::fmt("[hidden secret]", f) + } +} + +impl Secret { + /// New randomly generated secret + pub fn new_rand(rand: &Random) -> Self { + let mut ret = Self([0; 32]); + rand.fill(&mut ret.0); + ret + } + /// return a reference to the secret + pub fn as_ref(&self) -> &[u8; 32] { + &self.0 + } +} +impl From<[u8; 32]> for Secret { + fn from(shared_secret: [u8; 32]) -> Self { + Self(shared_secret) + } +} + +impl From<::x25519_dalek::SharedSecret> for Secret { + fn from(shared_secret: ::x25519_dalek::SharedSecret) -> Self { + Self(shared_secret.to_bytes()) + } +} diff --git a/src/enc/sym.rs b/src/enc/sym.rs index f8d76e3..0a204b9 100644 --- a/src/enc/sym.rs +++ b/src/enc/sym.rs @@ -1,49 +1,12 @@ //! Symmetric cypher stuff use super::Error; -use crate::{config::Config, enc::Random}; +use crate::{ + config::Config, + enc::{Random, Secret}, +}; use ::zeroize::Zeroize; -/// Secret, used for keys. -/// Grants that on drop() we will zero out memory -#[derive(Zeroize, Clone)] -#[zeroize(drop)] -pub struct Secret([u8; 32]); -// Fake debug implementation to avoid leaking secrets -impl ::core::fmt::Debug for Secret { - fn fmt( - &self, - f: &mut core::fmt::Formatter<'_>, - ) -> Result<(), ::std::fmt::Error> { - ::core::fmt::Debug::fmt("[hidden secret]", f) - } -} - -impl Secret { - /// New randomly generated secret - pub fn new_rand(rand: &Random) -> Self { - let mut ret = Self([0; 32]); - rand.fill(&mut ret.0); - ret - } - /// return a reference to the secret - pub fn as_ref(&self) -> &[u8; 32] { - &self.0 - } -} - -impl From<[u8; 32]> for Secret { - fn from(shared_secret: [u8; 32]) -> Self { - Self(shared_secret) - } -} - -impl From<::x25519_dalek::SharedSecret> for Secret { - fn from(shared_secret: ::x25519_dalek::SharedSecret) -> Self { - Self(shared_secret.to_bytes()) - } -} - /// List of possible Ciphers #[derive(Debug, Copy, Clone, PartialEq, ::num_derive::FromPrimitive)] #[repr(u8)] diff --git a/src/inner/worker.rs b/src/inner/worker.rs index 01a1c66..96a52f4 100644 --- a/src/inner/worker.rs +++ b/src/inner/worker.rs @@ -16,8 +16,8 @@ use crate::{ enc::{ asym::{self, PrivKey, PubKey}, hkdf::{self, Hkdf, HkdfKind}, - sym::{self, Secret}, - Random, + sym::{self}, + Random, Secret, }, inner::{HandshakeAction, HandshakeTracker, ThreadTracker}, };