-
Notifications
You must be signed in to change notification settings - Fork 297
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove deprecated rustc-serialize crate #437
Comments
Somebody has already submitted a PR for this, but it's from 1 year ago and apparently this project is dead. |
@BelfordZ Actually I have already forked it and made it wasm-friendly :) https://github.com/buttercup/rust-crypto-wasm |
@sallar |
@newpavlov I checked those and they look like they are on the correct path.. However half of the stuff is not implemented yet (for example AES encryption) and also the other half is undocumented. |
AES encryption is implemented in |
@newpavlov I'm rewriting our password manager's internal encryption methods in Rust. But I was quite disappointed with the state of rust-crypto and ring and I had to fork and re-publish rust-crypto. If you check this file: I'm using AES 256 CBC encryption/decryption and Hmac verification and generation.
Thanks! |
PBKDF2 is implemented in use hmac::Hmac;
use sha2::Sha256;
pbkdf2::pbkdf2::<Hmac<Sha256>>(password, salt, complexity, &mut output_buf[..n]); CBC encryption with use block_modes::{BlockMode, BlockModeIv, Cbc};
use block_modes::block_padding::Pkcs7;
// you can change `aes_soft` on `aesni`, or use conditional compilation
use aes_soft::Aes256;
type AesCbc = Cbc<Aes256, Pkcs7>;
let mut cipher = AesCbc::new_varkey(key, iv).unwrap();
// buffer must have enough space for message+padding
let mut buffer = [0u8; 32];
buffer[..msg_len].copy_from_slice(msg);
let encrypted_msg = cipher.encrypt_pad(&mut buffer, msg_len).unwrap();
let mut cipher = AesCbc::new_varkey(key, iv).unwrap();
let decrypted_msg = cipher.decrypt_pad(encrypted_data).unwrap(); And for HMAC, crate documentation should be enough to start. |
Thanks @newpavlov that is great information. I just used pbkdf2 and hmac from the crates you mentioned.
let mut encryptor = cbc_encryptor(KeySize::KeySize256, key, &iv, blockmodes::PkcsPadding);
let mut final_result = Vec::<u8>::new();
let mut read_buffer = RefReadBuffer::new(data);
let mut buffer = [0; 4096];
let mut write_buffer = RefWriteBuffer::new(&mut buffer);
loop {
let result = try!(encryptor.encrypt(&mut read_buffer, &mut write_buffer, true));
final_result.extend(
write_buffer
.take_read_buffer()
.take_remaining()
.iter()
.map(|&i| i),
);
match result {
BufferResult::BufferUnderflow => break,
BufferResult::BufferOverflow => {}
}
} how can I do this using the new method? |
Glad to help! If you have all your data in a // `data` has type `Vec<u8>`
let msg_len = data.len();
// 16 is block size of AES-256, so this extension will be enough
data.extend_from_slice(&[0u8; 16]);
let encrypted_msg = cipher.encrypt_pad(&mut data, msg_len).unwrap();
// `decrypted_msg` slice points to the same underlying buffer used by `encrypted_data`
let decrypted_msg = cipher.decrypt_pad(&mut encrypted_data).unwrap(); In future we will probably add vector based convenience methods and integration with |
@newpavlov seems like aes_safe doesn't exist. is aes_soft the same thing? |
Ups, I've meant |
@newpavlov Thanks a lot for all your help. I think I finally managed to do it. Would you be so kind and have a look at it to see if I've done anything stupid? https://github.com/buttercup/crypto/blob/30f80f3e9620b7e07bcb2daffbcd2d1b743737e5/src/encryption/cbc.rs |
Several nitpicks after cursory read, but otherwise looks good to me!
Also if you have liberty to change protocol, I would strongly recommend to use Misuse Resistant Authenticated Encryption (MRAE) scheme, e.g. one implemented in the miscreant crate by @tarcieri, and argon2 instead of pbkdf2. |
Thanks @newpavlov that is really valuable advice. I'll check that MRAE and I will fix the other issues :) |
No description provided.
The text was updated successfully, but these errors were encountered: