Skip to content

Commit

Permalink
Add nightly cargo fotmatting rules
Browse files Browse the repository at this point in the history
  • Loading branch information
tgross35 committed Nov 14, 2023
1 parent 5acb603 commit f1aadee
Show file tree
Hide file tree
Showing 7 changed files with 38 additions and 49 deletions.
17 changes: 1 addition & 16 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,22 +8,7 @@ and Tang.

This crate is a work in progress.

## Tang

The basic operations path is taken from the [Tang] specification. In short, the
encrypting client must:

1. Request a public key with `GET /adv`. This returns a JWK set as a JWS
2. Verify the integrity of the received JWS using the included `verify` key

The config can specify:

- Tang URL
- Thumbprint

The URL specifies which server to query, while the thumbprint specifies a
preferred key.

See the documentation for further information: <https://docs.rs/clevis>.

## Licensing

Expand Down
3 changes: 2 additions & 1 deletion src/error.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
use std::{fmt, io, str::Utf8Error};
use std::str::Utf8Error;
use std::{fmt, io};

use crate::jose::Jwk;

Expand Down
27 changes: 15 additions & 12 deletions src/jose.rs
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
use crate::key_exchange::{create_enc_key, recover_enc_key};
use crate::util::{b64_to_bytes, b64_to_str};
use crate::{EncryptionKey, Error, Result};
use std::fmt;

use base64ct::{Base64Url, Base64UrlUnpadded, Encoding};
use elliptic_curve::sec1::{EncodedPoint, FromEncodedPoint, ModulusSize, ToEncodedPoint};
use elliptic_curve::zeroize::Zeroizing;
#[cfg(test)]
use elliptic_curve::SecretKey;
use elliptic_curve::{
AffinePoint, Curve, CurveArithmetic, FieldBytes, FieldBytesSize, JwkParameters, PublicKey,
};
use serde::{Deserialize, Serialize};
use serde_json::{json, Value};
use sha2::Digest;
use sha2::Sha256;
use std::fmt;

#[cfg(test)]
use elliptic_curve::SecretKey;
use sha2::{Digest, Sha256};
#[cfg(test)]
use zeroize::Zeroize;

use crate::key_exchange::{create_enc_key, recover_enc_key};
use crate::util::{b64_to_bytes, b64_to_str};
use crate::{EncryptionKey, Error, Result};

/// Representation of a tang advertisment response which is a JWS of available keys.
///
/// This is what is produced when you GET `tang_url/adv`.
Expand Down Expand Up @@ -267,7 +267,8 @@ impl EcJwk {
// FIXME: switch these to use generics once p521 uses the `ecdsa` crate traits

fn verify_p256(&self, msg: &[u8], sig: &[u8]) -> Result<()> {
use p256::ecdsa::{signature::Verifier, Signature, VerifyingKey};
use p256::ecdsa::signature::Verifier;
use p256::ecdsa::{Signature, VerifyingKey};
let pubkey = self.to_pub::<p256::NistP256>()?;
let verify_key = VerifyingKey::from_affine(*pubkey.as_affine())?;
let signature = Signature::from_slice(sig)?;
Expand All @@ -277,7 +278,8 @@ impl EcJwk {
}

fn verify_p384(&self, msg: &[u8], sig: &[u8]) -> Result<()> {
use p384::ecdsa::{signature::Verifier, Signature, VerifyingKey};
use p384::ecdsa::signature::Verifier;
use p384::ecdsa::{Signature, VerifyingKey};
let pubkey = self.to_pub::<p384::NistP384>()?;
let verify_key = VerifyingKey::from_affine(*pubkey.as_affine())?;
let signature = Signature::from_slice(sig)?;
Expand All @@ -287,7 +289,8 @@ impl EcJwk {
}

fn verify_p521(&self, msg: &[u8], sig: &[u8]) -> Result<()> {
use p521::ecdsa::{signature::Verifier, Signature, VerifyingKey};
use p521::ecdsa::signature::Verifier;
use p521::ecdsa::{Signature, VerifyingKey};
let pubkey = self.to_pub::<p521::NistP521>()?;
let verify_key = VerifyingKey::from_affine(*pubkey.as_affine())?;
let signature = Signature::from_slice(sig)?;
Expand Down
22 changes: 8 additions & 14 deletions src/key_exchange.rs
Original file line number Diff line number Diff line change
@@ -1,23 +1,17 @@
use crate::jose::{EcJwk, Jwk, JwkCurve};
use crate::{Error, Result};
use elliptic_curve::ecdh;
use elliptic_curve::ecdh::SharedSecret;
use elliptic_curve::group::Curve as GroupCurve;
use elliptic_curve::point::AffineCoordinates;
use elliptic_curve::rand_core::OsRng;
use elliptic_curve::sec1::FromEncodedPoint;
use elliptic_curve::sec1::ModulusSize;
use elliptic_curve::sec1::ToEncodedPoint;
use elliptic_curve::sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint};
use elliptic_curve::subtle::ConstantTimeEq;
use elliptic_curve::zeroize::Zeroizing;
use elliptic_curve::AffinePoint;
use elliptic_curve::Curve;
use elliptic_curve::CurveArithmetic;
use elliptic_curve::FieldBytesSize;
use elliptic_curve::JwkParameters;
use elliptic_curve::ProjectivePoint;
use elliptic_curve::PublicKey;
use elliptic_curve::SecretKey;
use elliptic_curve::{
ecdh, AffinePoint, Curve, CurveArithmetic, FieldBytesSize, JwkParameters, ProjectivePoint,
PublicKey, SecretKey,
};

use crate::jose::{EcJwk, Jwk, JwkCurve};
use crate::{Error, Result};

/// A zeroizing wrapper around a generated encryption key
#[derive(Clone, Debug)]
Expand Down
4 changes: 2 additions & 2 deletions src/key_exchange_tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@
//!
//! We provide each mode with a separate function and test against the jose output
use crate::jose::Jwk;
use serde_json::Value;

use super::*;
use serde_json::Value;
use crate::jose::Jwk;

// PUB and PRIV are random keys, not related
// It seems like jose doesn't do what we want unless we slap an `alg: ECMR` on everything
Expand Down
10 changes: 8 additions & 2 deletions src/lib.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
//! A Rust implementation of the Tang portion of Clevis, specified in
//! <https://github.com/latchset/clevis>.
//!
//! This is still under development, but works reasonibly well.
//!
//! ```
//! # #[cfg(not(feature = "_backend"))] fn main() {}
//! # #[cfg(feature = "_backend")]
Expand All @@ -15,7 +17,9 @@
//! let client = TangClient::new("localhost:11697", None);
//!
//! // create a key suitible for encryption (i.e. has gone through a KDF)
//! let out = client.create_secure_key::<KEY_BYTES>().expect("failed to generate key");
//! let out = client
//! .create_secure_key::<KEY_BYTES>()
//! .expect("failed to generate key");
//!
//! // use this key to encrypt data
//! let original_key = out.encryption_key;
Expand All @@ -29,7 +33,9 @@
//! /* key recovery */
//!
//! let new_meta = KeyMeta::from_json(&meta_str).expect("invalid metadata");
//! let new_key = client.recover_secure_key::<KEY_BYTES>(&new_meta).expect("failed to retrieve key");
//! let new_key = client
//! .recover_secure_key::<KEY_BYTES>(&new_meta)
//! .expect("failed to retrieve key");
//!
//! assert_eq!(original_key, new_key);
//! # }
Expand Down
4 changes: 2 additions & 2 deletions src/main.rs
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
#![allow(unused)]

use std::io::stdin;

use clap::{Args, Parser, Subcommand};
// use clevis::{DecryptConfig, EncryptConfig, EncryptSource};
use std::io::{BufRead, Read};

use clap::{Args, Parser, Subcommand};

#[derive(Debug, Parser)]
struct Cli {
#[command(subcommand)]
Expand Down

0 comments on commit f1aadee

Please sign in to comment.