From 8a7341ea747e373be034d1a79e831d9974c99c2d Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sat, 22 Jul 2023 13:41:11 -0600 Subject: [PATCH] xsalsa20poly1305: remove source code The successor is the `crypto_secretbox` crate: https://github.com/RustCrypto/nacl-compat/tree/master/crypto_secretbox --- .github/workflows/xsalsa20poly1305.yml | 52 ---- Cargo.lock | 20 -- Cargo.toml | 1 - README.md | 4 - chacha20poly1305/src/lib.rs | 4 +- xsalsa20poly1305/CHANGELOG.md | 132 ---------- xsalsa20poly1305/Cargo.toml | 34 --- xsalsa20poly1305/LICENSE-APACHE | 201 --------------- xsalsa20poly1305/LICENSE-MIT | 25 -- xsalsa20poly1305/README.md | 76 +----- xsalsa20poly1305/src/lib.rs | 333 ------------------------- xsalsa20poly1305/tests/lib.rs | 76 ------ 12 files changed, 5 insertions(+), 953 deletions(-) delete mode 100644 .github/workflows/xsalsa20poly1305.yml delete mode 100644 xsalsa20poly1305/CHANGELOG.md delete mode 100644 xsalsa20poly1305/Cargo.toml delete mode 100644 xsalsa20poly1305/LICENSE-APACHE delete mode 100644 xsalsa20poly1305/LICENSE-MIT delete mode 100644 xsalsa20poly1305/src/lib.rs delete mode 100644 xsalsa20poly1305/tests/lib.rs diff --git a/.github/workflows/xsalsa20poly1305.yml b/.github/workflows/xsalsa20poly1305.yml deleted file mode 100644 index 654ac6b5..00000000 --- a/.github/workflows/xsalsa20poly1305.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: xsalsa20poly1305 - -on: - pull_request: - paths: - - "xsalsa20poly1305/**" - - "Cargo.*" - push: - branches: master - -defaults: - run: - working-directory: xsalsa20poly1305 - -env: - CARGO_INCREMENTAL: 0 - RUSTFLAGS: "-Dwarnings" - -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - rust: - - 1.56.0 # MSRV - - stable - target: - - thumbv7em-none-eabi - - wasm32-unknown-unknown - steps: - - uses: actions/checkout@v3 - - uses: dtolnay/rust-toolchain@master - with: - toolchain: ${{ matrix.rust }} - targets: ${{ matrix.target }} - - run: cargo build --no-default-features --release --target ${{ matrix.target }} - - test: - runs-on: ubuntu-latest - strategy: - matrix: - rust: - - 1.56.0 # MSRV - - stable - steps: - - uses: actions/checkout@v3 - - uses: dtolnay/rust-toolchain@master - with: - toolchain: ${{ matrix.rust }} - - run: cargo test --release - - run: cargo test --release --features stream,std - - run: cargo test --release --all-features diff --git a/Cargo.lock b/Cargo.lock index 343e02c9..04c31e76 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -504,15 +504,6 @@ dependencies = [ "semver", ] -[[package]] -name = "salsa20" -version = "0.10.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97a22f5af31f73a954c10289c93e8a50cc23d971e80ee446f1f6f7137a088213" -dependencies = [ - "cipher 0.4.4", -] - [[package]] name = "scopeguard" version = "1.1.0" @@ -597,17 +588,6 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "xsalsa20poly1305" -version = "0.9.1" -dependencies = [ - "aead", - "poly1305", - "salsa20", - "subtle", - "zeroize", -] - [[package]] name = "zeroize" version = "1.6.0" diff --git a/Cargo.toml b/Cargo.toml index c8e55403..4b726a48 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,5 +9,4 @@ members = [ "deoxys", "eax", "mgm", - "xsalsa20poly1305" ] diff --git a/README.md b/README.md index 0ed337b7..bf56003a 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,6 @@ crate. | [`deoxys`] | [Deoxys-I/II] | [![crates.io](https://img.shields.io/crates/v/deoxys.svg)](https://crates.io/crates/deoxys) | [![Documentation](https://docs.rs/deoxys/badge.svg)](https://docs.rs/deoxys) | 1.51 | | [`eax`] | [EAX] | [![crates.io](https://img.shields.io/crates/v/eax.svg)](https://crates.io/crates/eax) | [![Documentation](https://docs.rs/eax/badge.svg)](https://docs.rs/eax) | 1.41 | | [`mgm`] | [MGM] | [![crates.io](https://img.shields.io/crates/v/mgm.svg)](https://crates.io/crates/mgm) | [![Documentation](https://docs.rs/mgm/badge.svg)](https://docs.rs/mgm) | 1.41 | -| [`xsalsa20poly1305`] | [XSalsa20Poly1305] | [![crates.io](https://img.shields.io/crates/v/xsalsa20poly1305.svg)](https://crates.io/crates/xsalsa20poly1305) | [![Documentation](https://docs.rs/xsalsa20poly1305/badge.svg)](https://docs.rs/xsalsa20poly1305) | 1.56 | ## MSRV Policy @@ -74,7 +73,6 @@ dual licensed as above, without any additional terms or conditions. [`deoxys`]: https://github.com/RustCrypto/AEADs/tree/master/deoxys [`eax`]: https://github.com/RustCrypto/AEADs/tree/master/eax [`mgm`]: https://github.com/RustCrypto/AEADs/tree/master/mgm -[`xsalsa20poly1305`]: https://github.com/RustCrypto/AEADs/tree/master/xsalsa20poly1305 [//]: # (algorithms) @@ -87,5 +85,3 @@ dual licensed as above, without any additional terms or conditions. [EAX]: https://en.wikipedia.org/wiki/EAX_mode [MGM]: https://eprint.iacr.org/2019/123.pdf [(X)ChaCha20Poly1305]: https://tools.ietf.org/html/rfc8439 -[Curve25519XSalsa20Poly1305]: https://nacl.cr.yp.to/box.html -[XSalsa20Poly1305]: https://nacl.cr.yp.to/secretbox.html diff --git a/chacha20poly1305/src/lib.rs b/chacha20poly1305/src/lib.rs index a1a43745..de0b8eed 100644 --- a/chacha20poly1305/src/lib.rs +++ b/chacha20poly1305/src/lib.rs @@ -117,9 +117,9 @@ //! It is worth noting that NaCl/libsodium's default "secretbox" algorithm is //! XSalsa20Poly1305, not XChaCha20Poly1305, and thus not compatible with //! this library. If you are interested in that construction, please see the -//! `xsalsa20poly1305` crate: +//! `crypto_secretbox` crate: //! -//! +//! //! //! # Usage //! diff --git a/xsalsa20poly1305/CHANGELOG.md b/xsalsa20poly1305/CHANGELOG.md deleted file mode 100644 index 2e145020..00000000 --- a/xsalsa20poly1305/CHANGELOG.md +++ /dev/null @@ -1,132 +0,0 @@ -# Changelog -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -## 0.9.1 (2023-05-16) - -Deprecate `xsalsa20poly1305` in favor of `crypto_secretbox` ([#525]) - -[#525]: https://github.com/RustCrypto/AEADs/pull/525 - -## 0.9.0 (2022-07-31) -### Added -- `getrandom` feature ([#446]) - -### Changed -- Bump `salsa20` dependency to v0.10 ([#402]) -- Rust 2021 edition upgrade; MSRV 1.56+ ([#435]) -- Bump `aead` dependency to v0.5 ([#444]) -- Bump `poly1305` dependency to v0.8 ([#454]) - -[#402]: https://github.com/RustCrypto/AEADs/pull/402 -[#435]: https://github.com/RustCrypto/AEADs/pull/435 -[#444]: https://github.com/RustCrypto/AEADs/pull/444 -[#446]: https://github.com/RustCrypto/AEADs/pull/446 -[#447]: https://github.com/RustCrypto/AEADs/pull/447 -[#454]: https://github.com/RustCrypto/AEADs/pull/454 - -## 0.8.0 (2021-08-30) -### Changed -- Bump `salsa20` dependency to v0.9 ([#366]) - -[#366]: https://github.com/RustCrypto/AEADs/pull/366 - -## 0.7.2 (2021-07-20) -### Changed -- Pin `zeroize` dependency to v1.3 and `subtle` to v2.4 ([#349]) - -[#349]: https://github.com/RustCrypto/AEADs/pull/349 - -## 0.7.1 (2021-04-29) -### Changed -- Bump `rand_core` crate dependency to v0.6 ([#292]) - -[#292]: https://github.com/RustCrypto/AEADs/pull/292 - -## 0.7.0 (2021-04-29) [YANKED] -### Changed -- Bump `aead` crate dependency to v0.4 ([#270]) -- MSRV 1.49+ ([#286], [#289]) -- Bump `chacha20` crate dependency to v0.7 ([#286]) -- Bump `poly1305` crate dependency to v0.7 ([#289]) - -[#270]: https://github.com/RustCrypto/AEADs/pull/270 -[#286]: https://github.com/RustCrypto/AEADs/pull/286 -[#289]: https://github.com/RustCrypto/AEADs/pull/289 - -## 0.6.0 (2020-10-16) -### Changed -- Replace `block-cipher`/`stream-cipher` with `cipher` crate ([#229]) -- Bump `salsa20` dependency to v0.7 ([#229]) - -[#229]: https://github.com/RustCrypto/AEADs/pull/229 - -## 0.5.0 (2020-09-17) -### Added -- Optional `std` feature; disabled by default ([#217]) - -### Changed -- Bump `salsa20` to v0.6; `stream-cipher` to v0.7 ([#207]) - -[#217]: https://github.com/RustCrypto/AEADs/pull/217 -[#207]: https://github.com/RustCrypto/AEADs/pull/207 - -## 0.4.2 (2020-06-11) -### Added -- `KEY_SIZE` constant ([#172]) - -[#172]: https://github.com/RustCrypto/AEADs/pull/172 - -## 0.4.1 (2020-06-11) -### Added -- `Key` and `Nonce` type aliases + docs ([#167]) - -[#167]: https://github.com/RustCrypto/AEADs/pull/159 - -## 0.4.0 (2020-06-06) -### Changed -- Bump `aead` crate dependency to v0.3; MSRV 1.41+ ([#146]) -- Bump `chacha20` crate dependency to v0.4 ([#159]) -- Bump `poly1305` crate dependency to v0.6 ([#158]) - -[#159]: https://github.com/RustCrypto/AEADs/pull/159 -[#158]: https://github.com/RustCrypto/AEADs/pull/158 -[#146]: https://github.com/RustCrypto/AEADs/pull/146 - -## 0.3.1 (2020-01-17) -### Changed -- Upgrade `salsa20` crate to v0.4 ([#71]) - -[#71]: https://github.com/RustCrypto/AEADs/pull/71 - -## 0.3.0 (2019-11-26) -### Added -- `heapless` feature ([#51]) - -### Changed -- Upgrade `aead` crate to v0.2; `alloc` now optional ([#43]) - -[#51]: https://github.com/RustCrypto/AEADs/pull/51 -[#43]: https://github.com/RustCrypto/AEADs/pull/43 - -## 0.2.1 (2019-11-14) -### Changed -- Upgrade `zeroize` to 1.0 ([#36]) - -[#36]: https://github.com/RustCrypto/AEADs/pull/36 - -## 0.2.0 (2019-10-06) -### Added -- Expose "detached" in-place encryption/decryption APIs ([#21]) - -### Changed -- Upgrade `poly1305` crate to v0.5 ([#20]) - -[#21]: https://github.com/RustCrypto/AEADs/pull/21 -[#20]: https://github.com/RustCrypto/AEADs/pull/20 - -## 0.1.0 (2019-10-01) - -- Initial release diff --git a/xsalsa20poly1305/Cargo.toml b/xsalsa20poly1305/Cargo.toml deleted file mode 100644 index 30259da8..00000000 --- a/xsalsa20poly1305/Cargo.toml +++ /dev/null @@ -1,34 +0,0 @@ -[package] -name = "xsalsa20poly1305" -version = "0.9.1" -description = "DEPRECATED: please use the `crypto_secretbox` crate" -authors = ["RustCrypto Developers"] -edition = "2021" -license = "Apache-2.0 OR MIT" -readme = "README.md" -documentation = "https://docs.rs/xsalsa20poly1305" -repository = "https://github.com/RustCrypto/AEADs" -keywords = ["aead", "salsa20", "poly1305", "xsalsa20"] -categories = ["cryptography", "no-std"] -rust-version = "1.56" - -[dependencies] -aead = { version = "0.5", default-features = false } -salsa20 = { version = "0.10", features = ["zeroize"] } -poly1305 = "0.8" -subtle = { version = "2", default-features = false } -zeroize = { version = "1", default-features = false } - -[features] -default = ["alloc", "getrandom"] -std = ["aead/std", "alloc"] -alloc = ["aead/alloc"] -arrayvec = ["aead/arrayvec"] -getrandom = ["aead/getrandom", "rand_core"] -heapless = ["aead/heapless"] -rand_core = ["aead/rand_core"] -stream = ["aead/stream"] - -[package.metadata.docs.rs] -all-features = true -rustdoc-args = ["--cfg", "docsrs"] diff --git a/xsalsa20poly1305/LICENSE-APACHE b/xsalsa20poly1305/LICENSE-APACHE deleted file mode 100644 index 78173fa2..00000000 --- a/xsalsa20poly1305/LICENSE-APACHE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - -Copyright [yyyy] [name of copyright owner] - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/xsalsa20poly1305/LICENSE-MIT b/xsalsa20poly1305/LICENSE-MIT deleted file mode 100644 index b7f57116..00000000 --- a/xsalsa20poly1305/LICENSE-MIT +++ /dev/null @@ -1,25 +0,0 @@ -Copyright (c) 2019 The RustCrypto Project Developers - -Permission is hereby granted, free of charge, to any -person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the -Software without restriction, including without -limitation the rights to use, copy, modify, merge, -publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software -is furnished to do so, subject to the following -conditions: - -The above copyright notice and this permission notice -shall be included in all copies or substantial portions -of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF -ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED -TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A -PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT -SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR -IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE. diff --git a/xsalsa20poly1305/README.md b/xsalsa20poly1305/README.md index 7ae4c980..fca40fb6 100644 --- a/xsalsa20poly1305/README.md +++ b/xsalsa20poly1305/README.md @@ -1,77 +1,7 @@ -# RustCrypto: XSalsa20Poly1305 - -[![crate][crate-image]][crate-link] -[![Docs][docs-image]][docs-link] -![Apache2/MIT licensed][license-image] -![Rust Version][rustc-image] -[![Project Chat][chat-image]][chat-link] -[![Build Status][build-image]][build-link] - ## 🚨 DEPRECATED! 🚨 -Please switch to the [`crypto_secretbox`] crate. - -This crate is deprecated and will not receive further updates. - -## About - -**XSalsa20Poly1305** (a.k.a. NaCl [`crypto_secretbox`][1]) is an -[authenticated encryption][2] cipher amenable to fast, constant-time -implementations in software, based on the [Salsa20][3] stream cipher -(with [XSalsa20][4] 192-bit nonce extension) and the [Poly1305][5] universal -hash function, which acts as a message authentication code. - -This algorithm has largely been replaced by the newer [ChaCha20Poly1305][6] -(and the associated [XChaCha20Poly1305][7]) AEAD ciphers ([RFC 8439][8]), -but is useful for interoperability with legacy NaCl-based protocols. - -[Documentation][docs-link] - -## Security Notes - -This crate has received one [security audit by Cure53][9] (version 0.8.0), with -no significant findings. We would like to thank [Threema][10] for funding the -audit. +Please switch to the `crypto_secretbox` crate: -## License + -Licensed under either of: - - * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0) - * [MIT license](http://opensource.org/licenses/MIT) - -at your option. - -### Contribution - -Unless you explicitly state otherwise, any contribution intentionally submitted -for inclusion in the work by you, as defined in the Apache-2.0 license, shall be -dual licensed as above, without any additional terms or conditions. - -[//]: # (badges) - -[crate-image]: https://buildstats.info/crate/xsalsa20poly1305 -[crate-link]: https://crates.io/crates/xsalsa20poly1305 -[docs-image]: https://docs.rs/xsalsa20poly1305/badge.svg -[docs-link]: https://docs.rs/xsalsa20poly1305/ -[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.56+-blue.svg -[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg -[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260038-AEADs -[build-image]: https://github.com/RustCrypto/AEADs/workflows/xsalsa20poly1305/badge.svg?branch=master&event=push -[build-link]: https://github.com/RustCrypto/AEADs/actions - -[//]: # (general links) - -[`crypto_secretbox`]: https://github.com/RustCrypto/nacl-compat/tree/master/crypto_secretbox - -[1]: https://nacl.cr.yp.to/secretbox.html -[2]: https://en.wikipedia.org/wiki/Authenticated_encryption -[3]: https://github.com/RustCrypto/stream-ciphers/tree/master/salsa20 -[4]: https://cr.yp.to/snuffle/xsalsa-20081128.pdf -[5]: https://github.com/RustCrypto/universal-hashes/tree/master/poly1305 -[6]: https://github.com/RustCrypto/AEADs/tree/master/chacha20poly1305 -[7]: https://docs.rs/chacha20poly1305/latest/chacha20poly1305/struct.XChaCha20Poly1305.html -[8]: https://tools.ietf.org/html/rfc8439 -[9]: https://cure53.de/pentest-report_rust-libs_2022.pdf -[10]: https://threema.ch/ +This crate is deprecated and will not receive further updates. diff --git a/xsalsa20poly1305/src/lib.rs b/xsalsa20poly1305/src/lib.rs deleted file mode 100644 index f5d31ee0..00000000 --- a/xsalsa20poly1305/src/lib.rs +++ /dev/null @@ -1,333 +0,0 @@ -#![no_std] -#![cfg_attr(docsrs, feature(doc_cfg))] -#![doc = include_str!("../README.md")] -#![doc( - html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", - html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg" -)] -#![forbid(unsafe_code)] -#![warn(missing_docs, rust_2018_idioms)] - -//! # Usage -//! -#![cfg_attr(all(feature = "getrandom", feature = "std"), doc = "```")] -#![cfg_attr(not(all(feature = "getrandom", feature = "std")), doc = "```ignore")] -//! # fn main() -> Result<(), Box> { -//! use xsalsa20poly1305::{ -//! aead::{Aead, KeyInit, OsRng}, -//! XSalsa20Poly1305, Nonce -//! }; -//! -//! let key = XSalsa20Poly1305::generate_key(&mut OsRng); -//! let cipher = XSalsa20Poly1305::new(&key); -//! let nonce = XSalsa20Poly1305::generate_nonce(&mut OsRng); // unique per message -//! let ciphertext = cipher.encrypt(&nonce, b"plaintext message".as_ref())?; -//! let plaintext = cipher.decrypt(&nonce, ciphertext.as_ref())?; -//! assert_eq!(&plaintext, b"plaintext message"); -//! # Ok(()) -//! # } -//! ``` -//! -//! ## In-place Usage (eliminates `alloc` requirement) -//! -//! This crate has an optional `alloc` feature which can be disabled in e.g. -//! microcontroller environments that don't have a heap. -//! -//! The [`AeadInPlace::encrypt_in_place`] and [`AeadInPlace::decrypt_in_place`] -//! methods accept any type that impls the [`aead::Buffer`] trait which -//! contains the plaintext for encryption or ciphertext for decryption. -//! -//! Note that if you enable the `heapless` feature of this crate, -//! you will receive an impl of [`aead::Buffer`] for `heapless::Vec` -//! (re-exported from the `aead` crate as [`aead::heapless::Vec`]), -//! which can then be passed as the `buffer` parameter to the in-place encrypt -//! and decrypt methods: -//! -#![cfg_attr( - all(feature = "getrandom", feature = "heapless", feature = "std"), - doc = "```" -)] -#![cfg_attr( - not(all(feature = "getrandom", feature = "heapless", feature = "std")), - doc = "```ignore" -)] -//! # fn main() -> Result<(), Box> { -//! use xsalsa20poly1305::{ -//! aead::{AeadInPlace, KeyInit, OsRng, heapless::Vec}, -//! XSalsa20Poly1305, Nonce, -//! }; -//! -//! let key = XSalsa20Poly1305::generate_key(&mut OsRng); -//! let cipher = XSalsa20Poly1305::new(&key); -//! let nonce = XSalsa20Poly1305::generate_nonce(&mut OsRng); // unique per message -//! -//! let mut buffer: Vec = Vec::new(); // Note: buffer needs 16-bytes overhead for auth tag -//! buffer.extend_from_slice(b"plaintext message"); -//! -//! // Encrypt `buffer` in-place, replacing the plaintext contents with ciphertext -//! cipher.encrypt_in_place(&nonce, b"", &mut buffer)?; -//! -//! // `buffer` now contains the message ciphertext -//! assert_ne!(&buffer, b"plaintext message"); -//! -//! // Decrypt `buffer` in-place, replacing its ciphertext context with the original plaintext -//! cipher.decrypt_in_place(&nonce, b"", &mut buffer)?; -//! assert_eq!(&buffer, b"plaintext message"); -//! # Ok(()) -//! # } -//! ``` -//! -//! ``` -//! # #[cfg(feature = "heapless")] -//! # { -//! use xsalsa20poly1305::XSalsa20Poly1305; -//! use xsalsa20poly1305::aead::{AeadInPlace, KeyInit, generic_array::GenericArray}; -//! use xsalsa20poly1305::aead::heapless::Vec; -//! -//! let key = GenericArray::from_slice(b"an example very very secret key."); -//! let cipher = XSalsa20Poly1305::new(key); -//! -//! let nonce = GenericArray::from_slice(b"extra long unique nonce!"); // 24-bytes; unique -//! -//! let mut buffer: Vec = Vec::new(); -//! buffer.extend_from_slice(b"plaintext message"); -//! -//! // Encrypt `buffer` in-place, replacing the plaintext contents with ciphertext -//! cipher.encrypt_in_place(nonce, b"", &mut buffer).expect("encryption failure!"); -//! -//! // `buffer` now contains the message ciphertext -//! assert_ne!(&buffer, b"plaintext message"); -//! -//! // Decrypt `buffer` in-place, replacing its ciphertext context with the original plaintext -//! cipher.decrypt_in_place(nonce, b"", &mut buffer).expect("decryption failure!"); -//! assert_eq!(&buffer, b"plaintext message"); -//! # } -//! ``` -//! -//! Similarly, enabling the `arrayvec` feature of this crate will provide an impl of -//! [`aead::Buffer`] for `arrayvec::ArrayVec` (re-exported from the [`aead`] crate as -//! [`aead::arrayvec::ArrayVec`]). -//! -//! [1]: https://nacl.cr.yp.to/secretbox.html -//! [2]: https://en.wikipedia.org/wiki/Authenticated_encryption -//! [3]: https://docs.rs/salsa20 -//! [4]: http://docs.rs/chacha20poly1305 -//! [5]: https://docs.rs/chacha20poly1305/latest/chacha20poly1305/struct.XChaCha20Poly1305.html -//! [6]: https://tools.ietf.org/html/rfc8439 - -pub use aead::{self, consts, AeadCore, AeadInPlace, Error, KeyInit, KeySizeUser}; -pub use salsa20::{Key, XNonce as Nonce}; - -use aead::{ - consts::{U0, U16, U24, U32}, - generic_array::GenericArray, - Buffer, -}; -use poly1305::Poly1305; -use salsa20::{ - cipher::{KeyIvInit, StreamCipher, StreamCipherSeek}, - XSalsa20, -}; -use zeroize::Zeroize; - -#[cfg(feature = "rand_core")] -use aead::rand_core::{CryptoRng, RngCore}; - -/// Size of an XSalsa20Poly1305 key in bytes -pub const KEY_SIZE: usize = 32; - -/// Size of an XSalsa20Poly1305 nonce in bytes -pub const NONCE_SIZE: usize = 24; - -/// Size of a Poly1305 tag in bytes -pub const TAG_SIZE: usize = 16; - -/// Poly1305 tags -pub type Tag = GenericArray; - -/// **XSalsa20Poly1305** (a.k.a. NaCl `crypto_secretbox`) authenticated -/// encryption cipher. -#[derive(Clone)] -pub struct XSalsa20Poly1305 { - /// Secret key - key: Key, -} - -impl XSalsa20Poly1305 { - /// Generate a random nonce: every message MUST have a unique nonce! - /// - /// Do *NOT* ever reuse the same nonce for two messages! - // TODO(tarcieri): remove this in favor of `AeadCore::generate_nonce` - #[cfg(feature = "rand_core")] - #[cfg_attr(docsrs, doc(cfg(feature = "rand_core")))] - pub fn generate_nonce(csprng: &mut T) -> Nonce - where - T: RngCore + CryptoRng, - { - let mut nonce = [0u8; NONCE_SIZE]; - csprng.fill_bytes(&mut nonce); - nonce.into() - } -} - -impl KeySizeUser for XSalsa20Poly1305 { - type KeySize = U32; -} - -impl KeyInit for XSalsa20Poly1305 { - fn new(key: &Key) -> Self { - XSalsa20Poly1305 { key: *key } - } -} - -impl AeadCore for XSalsa20Poly1305 { - type NonceSize = U24; - type TagSize = U16; - type CiphertextOverhead = U0; -} - -impl AeadInPlace for XSalsa20Poly1305 { - fn encrypt_in_place( - &self, - nonce: &Nonce, - associated_data: &[u8], - buffer: &mut dyn Buffer, - ) -> Result<(), Error> { - let pt_len = buffer.len(); - - // Make room in the buffer for the tag. It needs to be prepended. - buffer.extend_from_slice(Tag::default().as_slice())?; - - // TODO(tarcieri): add offset param to `encrypt_in_place_detached` - buffer.as_mut().copy_within(..pt_len, TAG_SIZE); - - let tag = self.encrypt_in_place_detached( - nonce, - associated_data, - &mut buffer.as_mut()[TAG_SIZE..], - )?; - buffer.as_mut()[..TAG_SIZE].copy_from_slice(tag.as_slice()); - Ok(()) - } - - fn encrypt_in_place_detached( - &self, - nonce: &Nonce, - associated_data: &[u8], - buffer: &mut [u8], - ) -> Result { - Cipher::new(XSalsa20::new(&self.key, nonce)) - .encrypt_in_place_detached(associated_data, buffer) - } - - fn decrypt_in_place( - &self, - nonce: &Nonce, - associated_data: &[u8], - buffer: &mut dyn Buffer, - ) -> Result<(), Error> { - if buffer.len() < TAG_SIZE { - return Err(Error); - } - - let tag = Tag::clone_from_slice(&buffer.as_ref()[..TAG_SIZE]); - self.decrypt_in_place_detached( - nonce, - associated_data, - &mut buffer.as_mut()[TAG_SIZE..], - &tag, - )?; - - let pt_len = buffer.len() - TAG_SIZE; - - // TODO(tarcieri): add offset param to `encrypt_in_place_detached` - buffer.as_mut().copy_within(TAG_SIZE.., 0); - buffer.truncate(pt_len); - Ok(()) - } - - fn decrypt_in_place_detached( - &self, - nonce: &Nonce, - associated_data: &[u8], - buffer: &mut [u8], - tag: &Tag, - ) -> Result<(), Error> { - Cipher::new(XSalsa20::new(&self.key, nonce)).decrypt_in_place_detached( - associated_data, - buffer, - tag, - ) - } -} - -impl Drop for XSalsa20Poly1305 { - fn drop(&mut self) { - self.key.as_mut_slice().zeroize(); - } -} - -/// Salsa20Poly1305 instantiated with a particular nonce -pub(crate) struct Cipher -where - C: StreamCipher + StreamCipherSeek, -{ - cipher: C, - mac: Poly1305, -} - -impl Cipher -where - C: StreamCipher + StreamCipherSeek, -{ - /// Instantiate the underlying cipher with a particular nonce - pub(crate) fn new(mut cipher: C) -> Self { - // Derive Poly1305 key from the first 32-bytes of the Salsa20 keystream - let mut mac_key = poly1305::Key::default(); - cipher.apply_keystream(&mut mac_key); - let mac = Poly1305::new(GenericArray::from_slice(&mac_key)); - mac_key.zeroize(); - - Self { cipher, mac } - } - - /// Encrypt the given message in-place, returning the authentication tag - pub(crate) fn encrypt_in_place_detached( - mut self, - associated_data: &[u8], - buffer: &mut [u8], - ) -> Result { - // XSalsa20Poly1305 doesn't support AAD - if !associated_data.is_empty() { - return Err(Error); - } - - self.cipher.apply_keystream(buffer); - Ok(self.mac.compute_unpadded(buffer)) - } - - /// Decrypt the given message, first authenticating ciphertext integrity - /// and returning an error if it's been tampered with. - pub(crate) fn decrypt_in_place_detached( - mut self, - associated_data: &[u8], - buffer: &mut [u8], - tag: &Tag, - ) -> Result<(), Error> { - // XSalsa20Poly1305 doesn't support AAD - if !associated_data.is_empty() { - return Err(Error); - } - - use subtle::ConstantTimeEq; - let expected_tag = self.mac.compute_unpadded(buffer); - - // This performs a constant-time comparison using the `subtle` crate - if expected_tag.ct_eq(tag).into() { - self.cipher.apply_keystream(buffer); - Ok(()) - } else { - Err(Error) - } - } -} diff --git a/xsalsa20poly1305/tests/lib.rs b/xsalsa20poly1305/tests/lib.rs deleted file mode 100644 index d8a50f83..00000000 --- a/xsalsa20poly1305/tests/lib.rs +++ /dev/null @@ -1,76 +0,0 @@ -//! XSalsa20Poly1305 test vectors. -//! -//! Adapted from NaCl's `tests/secretbox.c` and `tests/secretbox.out` - -use xsalsa20poly1305::aead::generic_array::GenericArray; -use xsalsa20poly1305::aead::{Aead, KeyInit}; -use xsalsa20poly1305::XSalsa20Poly1305; - -const KEY: &[u8; 32] = &[ - 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51, 0x19, 0x7a, 0x9a, 0x46, 0xc7, - 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64, 0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89, -]; - -const NONCE: &[u8; 24] = &[ - 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73, 0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6, - 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37, -]; - -const PLAINTEXT: &[u8] = &[ - 0xbe, 0x07, 0x5f, 0xc5, 0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16, 0xeb, 0xeb, 0x0c, 0x7b, - 0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4, 0x4b, 0x66, 0x84, 0x9b, 0x64, 0x24, 0x4f, 0xfc, - 0xe5, 0xec, 0xba, 0xaf, 0x33, 0xbd, 0x75, 0x1a, 0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29, - 0x6c, 0xdc, 0x3c, 0x01, 0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce, 0x31, 0x4a, 0xdb, 0x31, - 0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d, 0xce, 0xea, 0x3a, 0x7f, 0xa1, 0x34, 0x80, 0x57, - 0xe2, 0xf6, 0x55, 0x6a, 0xd6, 0xb1, 0x31, 0x8a, 0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde, - 0x04, 0x89, 0x77, 0xeb, 0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c, 0x60, 0x90, 0x2e, 0x52, - 0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40, 0xe0, 0x82, 0xf9, 0x37, 0x76, 0x38, 0x48, 0x64, - 0x5e, 0x07, 0x05, -]; - -const CIPHERTEXT: &[u8] = &[ - 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5, 0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9, - 0x8e, 0x99, 0x3b, 0x9f, 0x48, 0x68, 0x12, 0x73, 0xc2, 0x96, 0x50, 0xba, 0x32, 0xfc, 0x76, 0xce, - 0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4, 0x47, 0x6f, 0xb8, 0xc5, 0x31, 0xa1, 0x18, 0x6a, - 0xc0, 0xdf, 0xc1, 0x7c, 0x98, 0xdc, 0xe8, 0x7b, 0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72, - 0x71, 0xd2, 0xc2, 0x0f, 0x9b, 0x92, 0x8f, 0xe2, 0x27, 0x0d, 0x6f, 0xb8, 0x63, 0xd5, 0x17, 0x38, - 0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a, 0xb9, 0x32, 0x16, 0x45, 0x48, 0xe5, 0x26, 0xae, - 0x90, 0x22, 0x43, 0x68, 0x51, 0x7a, 0xcf, 0xea, 0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda, - 0x99, 0x83, 0x2b, 0x61, 0xca, 0x01, 0xb6, 0xde, 0x56, 0x24, 0x4a, 0x9e, 0x88, 0xd5, 0xf9, 0xb3, - 0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6, 0x59, 0x9b, 0x1f, 0x65, 0x4c, 0xb4, 0x5a, 0x74, - 0xe3, 0x55, 0xa5, -]; - -#[test] -fn encrypt() { - let key = GenericArray::from_slice(KEY); - let nonce = GenericArray::from_slice(NONCE); - let cipher = XSalsa20Poly1305::new(key); - let ciphertext = cipher.encrypt(nonce, PLAINTEXT).unwrap(); - - assert_eq!(CIPHERTEXT, ciphertext.as_slice()); -} - -#[test] -fn decrypt() { - let key = GenericArray::from_slice(KEY); - let nonce = GenericArray::from_slice(NONCE); - let cipher = XSalsa20Poly1305::new(key); - let plaintext = cipher.decrypt(nonce, CIPHERTEXT).unwrap(); - - assert_eq!(PLAINTEXT, plaintext.as_slice()); -} - -#[test] -fn decrypt_modified() { - let key = GenericArray::from_slice(KEY); - let nonce = GenericArray::from_slice(NONCE); - - let mut ciphertext = Vec::from(CIPHERTEXT); - - // Tweak the first byte - ciphertext[0] ^= 0xaa; - - let cipher = XSalsa20Poly1305::new(key); - assert!(cipher.decrypt(nonce, ciphertext.as_slice()).is_err()); -}