added features to enable swapping libsodum for rust crates

Geahuam

Apr 17, 2024, 6:28 AM

2HTOF4DMLM3XQHGOCXMZGU6HX7CUYM2FEHWVR6V3KUUACSN726RAC

Dependencies

• [2] UHAEQPZU Support ecdsa-sha2-nistp256 keys for authentication
• [3] 2Q3SZY2C Version bump
• [4] 7FRJYUI6 Reboot because of a bad change
• [5] TFYJ3P2A Version 0.30.8/0.19.4, and solving conflicts
• [6] Y67GNDVB use tokio::process::Command for proxy commands
• [7] FT67GGO4 Version bump (Pijul and Thrussh)
• [8] ELRPPXSG Fixing conflicts
• [9] 2VTUKRLJ Version
• [10] ORSEEVB5 Version bump
• [11] 2WEO7OZL Version updates: getting rid of anyhow + moving to Tokio 1.0
• [12] 634OYCNM Tokio 0.3
• [13] NHOSLQGG Thrussh: making OpenSSL optional
• [14] MCS77Y4V Making OpenSSL optional
• [*] 4XWMB23A

Change contents

• file addition: thrussh-rust-crypto (d--r------)
  [16.1]
• file addition: src (d--r------)
  [0.31]
• file addition: lib.rs (----------)
  [0.48]
  + pub mod chacha20 {

  + use chacha20::cipher::{KeyIvInit, StreamCipherCore, StreamCipherSeekCore};

  +

  + pub const NONCE_BYTES: usize = 8;

  + pub const KEY_BYTES: usize = 32;

  + pub struct Nonce(pub [u8; NONCE_BYTES]);

  + pub struct Key(pub [u8; KEY_BYTES]);

  + pub fn chacha20_xor(c: &mut [u8], n: &Nonce, k: &Key) {

  + let res = chacha20::ChaCha20LegacyCore::new(&k.0.into(), &n.0.into());

  + chacha20::ChaCha20LegacyCore::apply_keystream_partial(res, c.into());

  + }

  +

  + pub fn chacha20_xor_ic(c: &mut [u8], n: &Nonce, ic: u64, k: &Key) {

  + let mut res = chacha20::ChaCha20LegacyCore::new(&k.0.into(), &n.0.into());

  + chacha20::ChaCha20LegacyCore::set_block_pos(&mut res, ic as u32);

  + chacha20::ChaCha20LegacyCore::apply_keystream_partial(res, c.into());

  + }

  + }

  +

  + pub mod poly1305 {

  + use chacha20::cipher::KeyInit;

  + use poly1305 as poly;

  + use subtle::ConstantTimeEq;

  + pub const KEY_BYTES: usize = 32;

  + pub const TAG_BYTES: usize = 16;

  + pub struct Key(pub [u8; KEY_BYTES]);

  + pub struct Tag(pub [u8; TAG_BYTES]);

  + pub fn poly1305_auth(m: &[u8], key: &Key) -> Tag {

  + Tag(poly::Poly1305::new(&key.0.into())

  + .compute_unpadded(m)

  + .into())

  + }

  + pub fn poly1305_verify(tag: &[u8], m: &[u8], key: &Key) -> bool {

  + let t: [u8; TAG_BYTES] = poly::Poly1305::new(&key.0.into())

  + .compute_unpadded(m)

  + .into();

  + From::from(t.ct_eq(tag))

  + }

  + }

  +

  + pub mod ed25519 {

  + use ed25519_dalek::ed25519::signature::Signer;

  +

  + pub const PUBLICKEY_BYTES: usize = 32;

  + pub const SECRETKEY_BYTES: usize = 64;

  + pub const SIGNATURE_BYTES: usize = 64;

  +

  + /// Ed25519 public key.

  + #[derive(Debug, PartialEq, Eq)]

  + pub struct PublicKey {

  + /// Actual key

  + pub key: [u8; PUBLICKEY_BYTES],

  + }

  +

  + impl PublicKey {

  + pub fn new_zeroed() -> Self {

  + PublicKey {

  + key: [0; PUBLICKEY_BYTES],

  + }

  + }

  + }

  +

  + /// Ed25519 secret key.

  + #[derive(Clone)]

  + pub struct SecretKey {

  + /// Actual key

  + pub key: [u8; SECRETKEY_BYTES],

  + }

  +

  + impl SecretKey {

  + pub fn new_zeroed() -> Self {

  + SecretKey {

  + key: [0; SECRETKEY_BYTES],

  + }

  + }

  + }

  +

  + pub struct Signature(pub [u8; SIGNATURE_BYTES]);

  +

  + /// Generate a key pair.

  + pub fn keypair() -> (PublicKey, SecretKey) {

  + let mut pk = PublicKey {

  + key: [0; PUBLICKEY_BYTES],

  + };

  + let mut sk = SecretKey {

  + key: [0; SECRETKEY_BYTES],

  + };

  + let mut csprng = rand::rngs::OsRng;

  + let signing = ed25519_dalek::SigningKey::generate(&mut csprng);

  + sk.key.copy_from_slice(&signing.to_keypair_bytes());

  + pk.key.copy_from_slice(signing.verifying_key().as_bytes());

  + (pk, sk)

  + }

  +

  + /// Verify a signature, `sig` could as well be a `Signature`.

  + pub fn verify_detached(sig: &[u8], m: &[u8], pk: &PublicKey) -> bool {

  + if let Ok(sig) = ed25519_dalek::Signature::from_slice(sig) {

  + if let Ok(pk) = ed25519_dalek::VerifyingKey::from_bytes(&pk.key) {

  + pk.verify_strict(m, &sig).is_ok()

  + } else {

  + false

  + }

  + } else {

  + false

  + }

  + }

  +

  + /// Sign a message with a secret key.

  + pub fn sign_detached(m: &[u8], sk: &SecretKey) -> Signature {

  + if let Ok(sk) = ed25519_dalek::SigningKey::from_keypair_bytes(&sk.key) {

  + Signature(sk.sign(m).to_bytes())

  + } else {

  + Signature([0; SIGNATURE_BYTES])

  + }

  + }

  + }

  +

  + pub mod scalarmult {

  + pub const BYTES: usize = 32;

  +

  + pub use x25519_dalek::PublicKey;

  + pub use x25519_dalek::ReusableSecret;

  + pub use x25519_dalek::SharedSecret;

  + #[derive(Debug)]

  + pub struct GroupElement(pub [u8; BYTES]);

  +

  + pub fn scalarmult_base(n: &ReusableSecret) -> PublicKey {

  + x25519_dalek::PublicKey::from(n)

  + }

  +

  + pub fn scalarmult(n: &ReusableSecret, p: &PublicKey) -> SharedSecret {

  + n.diffie_hellman(p)

  + }

  + }
• file addition: Cargo.toml (----------)
  [0.31]
  + [package]

  + name = "thrussh-rust-crypto"

  + version = "0.1.0"

  + edition = "2021"

  +

  + # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

  +

  + [dependencies]

  + ed25519-dalek = { version = "2.1.1", features = ["rand_core"] }

  + rand = "0.8.5"

  + x25519-dalek = { version = "2.0.1", features = ["reusable_secrets"] }

  + poly1305 = "0.8.0"

  + chacha20 = "0.9.1"

  + subtle = "2.5.0"
• edit in thrussh-keys/src/key.rs at line 23
  [2.3743]

  [3.2869]
  + #[cfg(feature = "libsodium")]
• edit in thrussh-keys/src/key.rs at line 25
  [3.2902]

  [3.58203]
  + #[cfg(feature = "rust-crypto")]

  + use thrussh_rust_crypto as sodium;
• edit in thrussh-keys/src/key.rs at line 30
  [3.58272]

  [3.2903]
  + #[cfg(feature = "libsodium")]
• edit in thrussh-keys/src/key.rs at line 34
  [3.3023]

  [3.58366]
  + #[cfg(feature = "rust-crypto")]

  + pub use thrussh_rust_crypto::ed25519::{

  + keypair, sign_detached, verify_detached, PublicKey, SecretKey,

  + };
• edit in thrussh-keys/src/key.rs at line 115
  [3.60345]

  [3.3057]
  + #[cfg(feature = "libsodium")]
• edit in thrussh-keys/src/key.rs at line 118
  [3.60405]

  [3.3110]
  + #[cfg(feature = "rust-crypto")]

  + Ed25519(thrussh_rust_crypto::ed25519::PublicKey),

  + #[doc(hidden)]
• edit in thrussh-keys/src/key.rs at line 563
  [3.70574]

  [3.5608]
  + #[cfg(feature = "libsodium")]
• edit in thrussh-keys/src/key.rs at line 565
  [3.5652]

  [3.70607]
  + #[cfg(feature = "rust-crypto")]

  + use thrussh_rust_crypto::ed25519;
• edit in thrussh-keys/Cargo.toml at line 30
  [3.157738]

  [3.157738]
  +

  + [features]

  + rust-crypto = ["dep:thrussh-rust-crypto"]

  + libsodium = ["dep:thrussh-libsodium"]
• replacement in thrussh-keys/Cargo.toml at line 53
  [3.158187]→[3.14033:14059](∅→∅)
  − thrussh-libsodium = "0.2"
  [3.158187]

  [3.14059]
  + thrussh-libsodium = { version = "0.2", optional = true }

  + thrussh-rust-crypto = { path = "../thrussh-rust-crypto", optional = true }
• edit in thrussh/src/lib.rs at line 276
  [3.289801]

  [3.289801]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/lib.rs at line 278
  [3.289843]

  [3.289843]
  + #[cfg(feature = "rust-crypto")]

  + extern crate thrussh_rust_crypto as sodium;
• edit in thrussh/src/kex.rs at line 27
  [3.307769]

  [3.307769]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 29
  [3.307823]

  [3.307823]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 31
  [3.307884]

  [3.307884]
  + #[cfg(feature = "rust-crypto")]

  + local_secret: Option<sodium::scalarmult::ReusableSecret>,

  + #[cfg(feature = "rust-crypto")]

  + shared_secret: Option<sodium::scalarmult::SharedSecret>,
• edit in thrussh/src/kex.rs at line 88
  [3.309297]

  [3.309297]
  + #[cfg(feature = "rust-crypto")]

  + let client_pubkey = PublicKey::from(client_pubkey.0);

  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 92
  [3.309346]

  [3.1015]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 94
  [3.1076]

  [3.309389]
  + #[cfg(feature = "rust-crypto")]

  + let mut csprng = rand::thread_rng();

  + #[cfg(feature = "rust-crypto")]

  + let server_secret = sodium::scalarmult::ReusableSecret::random_from_rng(&mut csprng);
• edit in thrussh/src/kex.rs at line 102
  [3.309520]

  [3.309520]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 104
  [3.309580]

  [3.309580]
  + #[cfg(feature = "rust-crypto")]

  + exchange.server_ephemeral.extend(server_pubkey.as_bytes());

  +
• edit in thrussh/src/kex.rs at line 121
  [3.310001]

  [3.310001]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 123
  [3.310050]

  [3.1077]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 125
  [3.1138]

  [3.310093]
  + #[cfg(feature = "rust-crypto")]

  + let mut csprng = rand::thread_rng();

  + #[cfg(feature = "rust-crypto")]

  + let client_secret = sodium::scalarmult::ReusableSecret::random_from_rng(&mut csprng);
• edit in thrussh/src/kex.rs at line 133
  [3.310215]

  [3.310215]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 135
  [3.310266]

  [3.310266]
  + #[cfg(feature = "rust-crypto")]

  + client_ephemeral.extend(client_pubkey.as_bytes());
• edit in thrussh/src/kex.rs at line 139
  [3.310305]

  [3.310305]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 141
  [3.310354]

  [3.310354]
  + #[cfg(feature = "rust-crypto")]

  + buf.extend_ssh_string(client_pubkey.as_bytes());
• edit in thrussh/src/kex.rs at line 156
  [3.310808]

  [3.310808]
  + #[cfg(feature = "rust-crypto")]

  + let remote_pubkey = PublicKey::from(remote_pubkey.0);

  +
• edit in thrussh/src/kex.rs at line 182
  [3.311671]

  [3.311671]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 184
  [3.311719]

  [3.311719]
  + #[cfg(feature = "rust-crypto")]

  + buffer.extend_ssh_string(shared.as_bytes());
• edit in thrussh/src/kex.rs at line 215
  [3.312794]

  [3.312794]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 217
  [3.312854]

  [3.312854]
  + #[cfg(feature = "rust-crypto")]

  + buffer.extend_ssh_string(shared.as_bytes());
• edit in thrussh/src/kex.rs at line 236
  [3.313534]

  [3.313534]
  + #[cfg(feature = "libsodium")]
• edit in thrussh/src/kex.rs at line 238
  [3.313598]

  [3.313598]
  + #[cfg(feature = "rust-crypto")]

  + buffer.extend_ssh_string(shared.as_bytes());
• replacement in thrussh/Cargo.toml at line 42
  [3.426995]→[3.426995:427018](∅→∅)
  − default = [ "flate2" ]
  [3.426995]

  [2.17143]
  + default = [ "flate2", "libsodium" ]
• edit in thrussh/Cargo.toml at line 45
  [2.17226]

  [3.427018]
  + libsodium = ["thrussh-keys/libsodium", "dep:thrussh-libsodium"]

  + rust-crypto = ["thrussh-keys/rust-crypto", "dep:thrussh-rust-crypto"]
• replacement in thrussh/Cargo.toml at line 54
  [3.1925]→[3.427122:427148](∅→∅),[3.427122]→[3.427122:427148](∅→∅)
  − thrussh-libsodium = "0.2"
  [3.1925]

  [3.427148]
  + thrussh-libsodium = { version = "0.2", optional = true }

  + thrussh-rust-crypto = { path = "../thrussh-rust-crypto", optional = true }
• replacement in Cargo.toml at line 3
  [3.453755]→[3.453755:453847](∅→∅)
  − members = [ "thrussh-keys", "thrussh", "thrussh-libsodium", "thrussh-config", "cryptovec" ]
  [3.453755]

  [3.453847]
  + members = [ "thrussh-keys", "thrussh", "thrussh-libsodium", "thrussh-config", "cryptovec" , "thrussh-rust-crypto"]
• edit in Cargo.toml at line 9
  [3.453989]

  [3.453989]
  + thrussh-rust-crypto = { path = "thrussh-rust-crypto" }