Skip to content

Commit

Permalink
refactor(crypt): replace getrandom with rand for random byte gene…
Browse files Browse the repository at this point in the history 
…ration

- Replaced `getrandom` crate with `rand` to simplify and modernize random number generation.
- Updated `gen_random_*` functions to use `rand::thread_rng().fill()` for generating random bytes of specified lengths.
- Adjusted encryption functions to use `gen_random_bytes` for generating random values.
  • Loading branch information
@mxsrm
mxsrm committed Dec 21, 2024
1 parent 48b864b commit a317cce
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 32 deletions.
6 changes: 3 additions & 3 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ cfb = "0.10.0"
chrono = { version = "0.4.39", default-features = false, features = ["clock"] }
encoding_rs = "0.8.35"
fancy-regex = "0.14.0"
getrandom = { version = "0.2.15" }
hmac = "0.12.1"
html_parser = "0.7.0"
image = { version = "0.25.5", optional = true }
Expand All @@ -33,12 +32,13 @@ thin-vec = "0.2.13"
thousands = "0.2.0"
quick-xml = { version = "0.37.1", features = ["serialize"] }
zip = { version = "2.2.1", default-features = false, features = ["deflate"] }
rand = "0.8.5"

[lib]
doctest = false

[features]
js = ["getrandom/js"]
js = []
default = ["image"]

[lints]
Expand Down Expand Up @@ -70,4 +70,4 @@ complexity = { level = "warn", priority = -1 }
perf = { level = "warn", priority = -1 }
pedantic = { level = "warn", priority = -1 }
cargo = { level = "warn", priority = -1 }
suspicious = { level = "warn", priority = -1 }
suspicious = { level = "warn", priority = -1 }
40 changes: 12 additions & 28 deletions src/helper/crypt.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ use byteorder::{ByteOrder, LittleEndian};
use hmac::{Hmac, Mac};
use quick_xml::events::{BytesDecl, Event};
use quick_xml::Writer;
use rand::Rng;
use sha2::{Digest, Sha512};
use std::cmp::Ordering;
use std::io;
Expand All @@ -27,7 +28,7 @@ const BLOCK_VERIFIER_HASH_INPUT: &[u8] = &[0xfe, 0xa7, 0xd2, 0x76, 0x3b, 0x4b, 0
const BLOCK_VERIFIER_HASH_VALUE: &[u8] = &[0xd7, 0xaa, 0x0f, 0x6d, 0x30, 0x61, 0x34, 0x4e];

pub fn encrypt_sheet_protection(password: &str, sheet_protection: &mut SheetProtection) {
let key_salt_value = gen_random_16();
let key_salt_value = gen_random_bytes(16);
let key_hash_algorithm = "SHA-512";
let key_spin_count = 100000;

Expand All @@ -49,7 +50,7 @@ pub fn encrypt_sheet_protection(password: &str, sheet_protection: &mut SheetProt
}

pub fn encrypt_workbook_protection(password: &str, workbook_protection: &mut WorkbookProtection) {
let key_salt_value = gen_random_16();
let key_salt_value = gen_random_bytes(16);
let key_hash_algorithm = "SHA-512";
let key_spin_count = 100000;

Expand All @@ -71,7 +72,7 @@ pub fn encrypt_workbook_protection(password: &str, workbook_protection: &mut Wor
}

pub fn encrypt_revisions_protection(password: &str, workbook_protection: &mut WorkbookProtection) {
let key_salt_value = gen_random_16();
let key_salt_value = gen_random_bytes(16);
let key_hash_algorithm = "SHA-512";
let key_spin_count = 100000;

Expand All @@ -94,10 +95,10 @@ pub fn encrypt_revisions_protection(password: &str, workbook_protection: &mut Wo

pub fn encrypt<P: AsRef<Path>>(filepath: &P, data: &[u8], password: &str) {
// package params
let package_key = gen_random_32();
let package_key = gen_random_bytes(32);
let package_cipher_algorithm = "AES";
let package_cipher_chaining = "ChainingModeCBC";
let package_salt_value = gen_random_16();
let package_salt_value = gen_random_bytes(16);
let package_hash_algorithm = "SHA512";
let package_hash_size = 64;
let package_block_size = 16;
Expand All @@ -106,7 +107,7 @@ pub fn encrypt<P: AsRef<Path>>(filepath: &P, data: &[u8], password: &str) {
// key params
let key_cipher_algorithm = "AES";
let key_cipher_chaining = "ChainingModeCBC";
let key_salt_value = gen_random_16();
let key_salt_value = gen_random_bytes(16);
let key_hash_algorithm = "SHA512";
let key_hash_size = 64;
let key_block_size = 16;
Expand All @@ -126,7 +127,7 @@ pub fn encrypt<P: AsRef<Path>>(filepath: &P, data: &[u8], password: &str) {
);

// hmac key
let hmac_key = gen_random_64();
let hmac_key = gen_random_bytes(64);
let hmac_key_iv = create_iv(
package_hash_algorithm,
&package_salt_value,
Expand Down Expand Up @@ -181,7 +182,7 @@ pub fn encrypt<P: AsRef<Path>>(filepath: &P, data: &[u8], password: &str) {
.unwrap();

// verifier_hash_input
let verifier_hash_input = gen_random_16();
let verifier_hash_input = gen_random_bytes(16);
let verifier_hash_input_key = convert_password_to_key(
password,
key_hash_algorithm,
Expand Down Expand Up @@ -475,26 +476,9 @@ fn hash(algorithm: &str, buffers: Vec<&[u8]>) -> Result<Vec<u8>, String> {
digest.update(&buffer_concat(buffers)[..]);
Ok(digest.finalize().to_vec())
}

#[inline]
fn gen_random_16() -> Vec<u8> {
let buf: &mut [u8] = &mut [0; 16];
getrandom::getrandom(buf).unwrap();
buf.to_vec()
}

#[inline]
fn gen_random_32() -> Vec<u8> {
let buf: &mut [u8] = &mut [0; 32];
getrandom::getrandom(buf).unwrap();
buf.to_vec()
}

#[inline]
fn gen_random_64() -> Vec<u8> {
let buf: &mut [u8] = &mut [0; 64];
getrandom::getrandom(buf).unwrap();
buf.to_vec()
fn gen_random_bytes(len: usize) -> Vec<u8> {
let mut rng = rand::thread_rng();
(0..len).map(|_| rng.gen()).collect()
}

// Create a buffer of an integer encoded as a uint32le
Expand Down
2 changes: 1 addition & 1 deletion src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,9 +131,9 @@ extern crate base64;
extern crate byteorder;
extern crate cbc;
extern crate cfb;
extern crate getrandom;
extern crate hmac;
extern crate html_parser;
extern crate rand;
extern crate sha2;

#[macro_use]
Expand Down

0 comments on commit a317cce

Please sign in to comment.