pijul/thrussh - Change 2HTOF4DMLM3XQHGOCXMZGU6HX7CUYM2FEHWVR6V3KUUACSN726RAC

added features to enable swapping libsodum for rust crates

Created by Geahuam on April 17, 2024

2HTOF4DMLM3XQHGOCXMZGU6HX7CUYM2FEHWVR6V3KUUACSN726RAC

Dependencies

In discussions

#85 Feature Request: Allow swapping out Sodium for Crypto backend written in rust

Change contents

File addition: thrussh-rust-crypto (d--x------)
[3.1]
File addition: src (d--x------)
[0.31]

File addition: lib.rs (----------)

[0.48]

pub mod chacha20 {
    use chacha20::cipher::{KeyIvInit, StreamCipherCore, StreamCipherSeekCore};
    pub const NONCE_BYTES: usize = 8;
    pub const KEY_BYTES: usize = 32;
    pub struct Nonce(pub [u8; NONCE_BYTES]);
    pub struct Key(pub [u8; KEY_BYTES]);
    pub fn chacha20_xor(c: &mut [u8], n: &Nonce, k: &Key) {
        let res = chacha20::ChaCha20LegacyCore::new(&k.0.into(), &n.0.into());
        chacha20::ChaCha20LegacyCore::apply_keystream_partial(res, c.into());
    }
    pub fn chacha20_xor_ic(c: &mut [u8], n: &Nonce, ic: u64, k: &Key) {
        let mut res = chacha20::ChaCha20LegacyCore::new(&k.0.into(), &n.0.into());
        chacha20::ChaCha20LegacyCore::set_block_pos(&mut res, ic as u32);
        chacha20::ChaCha20LegacyCore::apply_keystream_partial(res, c.into());
    }
}
pub mod poly1305 {
    use chacha20::cipher::KeyInit;
    use poly1305 as poly;
    use subtle::ConstantTimeEq;
    pub const KEY_BYTES: usize = 32;
    pub const TAG_BYTES: usize = 16;
    pub struct Key(pub [u8; KEY_BYTES]);
    pub struct Tag(pub [u8; TAG_BYTES]);
    pub fn poly1305_auth(m: &[u8], key: &Key) -> Tag {
        Tag(poly::Poly1305::new(&key.0.into())
            .compute_unpadded(m)
            .into())
    }
    pub fn poly1305_verify(tag: &[u8], m: &[u8], key: &Key) -> bool {
        let t: [u8; TAG_BYTES] = poly::Poly1305::new(&key.0.into())
            .compute_unpadded(m)
            .into();
        From::from(t.ct_eq(tag))
    }
}
pub mod ed25519 {
    use ed25519_dalek::ed25519::signature::Signer;
    pub const PUBLICKEY_BYTES: usize = 32;
    pub const SECRETKEY_BYTES: usize = 64;
    pub const SIGNATURE_BYTES: usize = 64;
    /// Ed25519 public key.
    #[derive(Debug, PartialEq, Eq)]
    pub struct PublicKey {
        /// Actual key
        pub key: [u8; PUBLICKEY_BYTES],
    }
    impl PublicKey {
        pub fn new_zeroed() -> Self {
            PublicKey {
                key: [0; PUBLICKEY_BYTES],
            }
        }
    }
    /// Ed25519 secret key.
    #[derive(Clone)]
    pub struct SecretKey {
        /// Actual key
        pub key: [u8; SECRETKEY_BYTES],
    }
    impl SecretKey {
        pub fn new_zeroed() -> Self {
            SecretKey {
                key: [0; SECRETKEY_BYTES],
            }
        }
    }
    pub struct Signature(pub [u8; SIGNATURE_BYTES]);
    /// Generate a key pair.
    pub fn keypair() -> (PublicKey, SecretKey) {
        let mut pk = PublicKey {
            key: [0; PUBLICKEY_BYTES],
        };
        let mut sk = SecretKey {
            key: [0; SECRETKEY_BYTES],
        };
        let mut csprng = rand::rngs::OsRng;
        let signing = ed25519_dalek::SigningKey::generate(&mut csprng);
        sk.key.copy_from_slice(&signing.to_keypair_bytes());
        pk.key.copy_from_slice(signing.verifying_key().as_bytes());
        (pk, sk)
    }
    /// Verify a signature, `sig` could as well be a `Signature`.
    pub fn verify_detached(sig: &[u8], m: &[u8], pk: &PublicKey) -> bool {
        if let Ok(sig) = ed25519_dalek::Signature::from_slice(sig) {
            if let Ok(pk) = ed25519_dalek::VerifyingKey::from_bytes(&pk.key) {
                pk.verify_strict(m, &sig).is_ok()
            } else {
                false
            }
        } else {
            false
        }
    }
    /// Sign a message with a secret key.
    pub fn sign_detached(m: &[u8], sk: &SecretKey) -> Signature {
        if let Ok(sk) = ed25519_dalek::SigningKey::from_keypair_bytes(&sk.key) {
            Signature(sk.sign(m).to_bytes())
        } else {
            Signature([0; SIGNATURE_BYTES])
        }
    }
}
pub mod scalarmult {
    pub const BYTES: usize = 32;
    pub use x25519_dalek::PublicKey;
    pub use x25519_dalek::ReusableSecret;
    pub use x25519_dalek::SharedSecret;
    #[derive(Debug)]
    pub struct GroupElement(pub [u8; BYTES]);
    pub fn scalarmult_base(n: &ReusableSecret) -> PublicKey {
        x25519_dalek::PublicKey::from(n)
    }
    pub fn scalarmult(n: &ReusableSecret, p: &PublicKey) -> SharedSecret {
        n.diffie_hellman(p)
    }
}

File addition: Cargo.toml (----------)

[0.31]

[package]
name = "thrussh-rust-crypto"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
ed25519-dalek = { version = "2.1.1", features = ["rand_core"] }
rand = "0.8.5"
x25519-dalek = { version = "2.0.1", features = ["reusable_secrets"] }
poly1305 = "0.8.0"
chacha20 = "0.9.1"
subtle = "2.5.0"

Insertion in thrussh-keys/src/key.rs at line 23 [5.57451]
[2.3743]
[4.2869]
```
#[cfg(feature = "libsodium")]
```
Insertion in thrussh-keys/src/key.rs at line 25 [5.57451]
[4.2902]
[5.58203]
```
#[cfg(feature = "rust-crypto")]
use thrussh_rust_crypto as sodium;
```
Insertion in thrussh-keys/src/key.rs at line 30 [5.57451]
[5.58272]
[4.2903]
```
    #[cfg(feature = "libsodium")]
```

Insertion in thrussh-keys/src/key.rs at line 34 [5.57451]

[4.3023]

[5.58366]

    #[cfg(feature = "rust-crypto")]
    pub use thrussh_rust_crypto::ed25519::{
        keypair, sign_detached, verify_detached, PublicKey, SecretKey,
    };

Insertion in thrussh-keys/src/key.rs at line 115 [5.57451]
[5.60345]
[4.3057]
```
    #[cfg(feature = "libsodium")]
```

Insertion in thrussh-keys/src/key.rs at line 118 [5.57451]

[5.60405]

[4.3110]

    #[cfg(feature = "rust-crypto")]
    Ed25519(thrussh_rust_crypto::ed25519::PublicKey),
    #[doc(hidden)]

Insertion in thrussh-keys/src/key.rs at line 563 [5.57451]
[5.70574]
[4.5608]
```
            #[cfg(feature = "libsodium")]
```

Insertion in thrussh-keys/src/key.rs at line 565 [5.57451]

[4.5652]

[5.70607]

            #[cfg(feature = "rust-crypto")]
            use thrussh_rust_crypto::ed25519;

Insertion in thrussh-keys/Cargo.toml at line 30 [5.157024]

[5.157738]


[features]
rust-crypto =  ["dep:thrussh-rust-crypto"]
libsodium = ["dep:thrussh-libsodium"]

Replacement in thrussh-keys/Cargo.toml at line 53 [5.157024]

B:BD[5.158187] → [4.14033:14059]

thrussh-libsodium = "0.2"

[5.158187]

[4.14059]

thrussh-libsodium = { version = "0.2", optional = true }
thrussh-rust-crypto = { path = "../thrussh-rust-crypto", optional = true }

Insertion in thrussh/src/lib.rs at line 276 [5.278640]
[5.289801]
[5.289801]
```
#[cfg(feature = "libsodium")]
```

Insertion in thrussh/src/lib.rs at line 278 [5.278640]

[5.289843]

#[cfg(feature = "rust-crypto")]
extern crate thrussh_rust_crypto as sodium;

Insertion in thrussh/src/kex.rs at line 27 [5.306916]
[5.307769]
[5.307769]
```
    #[cfg(feature = "libsodium")]
```
Insertion in thrussh/src/kex.rs at line 29 [5.306916]
[5.307823]
[5.307823]
```
    #[cfg(feature = "libsodium")]
```

Insertion in thrussh/src/kex.rs at line 31 [5.306916]

[5.307884]

    #[cfg(feature = "rust-crypto")]
    local_secret: Option<sodium::scalarmult::ReusableSecret>,
    #[cfg(feature = "rust-crypto")]
    shared_secret: Option<sodium::scalarmult::SharedSecret>,

Insertion in thrussh/src/kex.rs at line 88 [5.306916]

[5.309297]

        #[cfg(feature = "rust-crypto")]
        let client_pubkey = PublicKey::from(client_pubkey.0);
        #[cfg(feature = "libsodium")]

Insertion in thrussh/src/kex.rs at line 92 [5.306916]
[5.309346]
[6.1015]
```
        #[cfg(feature = "libsodium")]
```

Insertion in thrussh/src/kex.rs at line 94 [5.306916]

[6.1076]

[5.309389]

        #[cfg(feature = "rust-crypto")]
        let mut csprng = rand::thread_rng();
        #[cfg(feature = "rust-crypto")]
        let server_secret = sodium::scalarmult::ReusableSecret::random_from_rng(&mut csprng);

Insertion in thrussh/src/kex.rs at line 102 [5.306916]
[5.309520]
[5.309520]
```
        #[cfg(feature = "libsodium")]
```

Insertion in thrussh/src/kex.rs at line 104 [5.306916]

[5.309580]

        #[cfg(feature = "rust-crypto")]
        exchange.server_ephemeral.extend(server_pubkey.as_bytes());

Insertion in thrussh/src/kex.rs at line 121 [5.306916]
[5.310001]
[5.310001]
```
        #[cfg(feature = "libsodium")]
```
Insertion in thrussh/src/kex.rs at line 123 [5.306916]
[5.310050]
[6.1077]
```
        #[cfg(feature = "libsodium")]
```

Insertion in thrussh/src/kex.rs at line 125 [5.306916]

[6.1138]

[5.310093]

        #[cfg(feature = "rust-crypto")]
        let mut csprng = rand::thread_rng();
        #[cfg(feature = "rust-crypto")]
        let client_secret = sodium::scalarmult::ReusableSecret::random_from_rng(&mut csprng);

Insertion in thrussh/src/kex.rs at line 133 [5.306916]
[5.310215]
[5.310215]
```
        #[cfg(feature = "libsodium")]
```

Insertion in thrussh/src/kex.rs at line 135 [5.306916]

[5.310266]

        #[cfg(feature = "rust-crypto")]
        client_ephemeral.extend(client_pubkey.as_bytes());

Insertion in thrussh/src/kex.rs at line 139 [5.306916]
[5.310305]
[5.310305]
```
        #[cfg(feature = "libsodium")]
```

Insertion in thrussh/src/kex.rs at line 141 [5.306916]

[5.310354]

        #[cfg(feature = "rust-crypto")]
        buf.extend_ssh_string(client_pubkey.as_bytes());

Insertion in thrussh/src/kex.rs at line 156 [5.306916]

[5.310808]

        #[cfg(feature = "rust-crypto")]
        let remote_pubkey = PublicKey::from(remote_pubkey.0);

Insertion in thrussh/src/kex.rs at line 182 [5.306916]
[5.311671]
[5.311671]
```
            #[cfg(feature = "libsodium")]
```

Insertion in thrussh/src/kex.rs at line 184 [5.306916]

[5.311719]

            #[cfg(feature = "rust-crypto")]
            buffer.extend_ssh_string(shared.as_bytes());

Insertion in thrussh/src/kex.rs at line 215 [5.306916]

[5.312794]

                        #[cfg(feature = "libsodium")]

Insertion in thrussh/src/kex.rs at line 217 [5.306916]

[5.312854]

                        #[cfg(feature = "rust-crypto")]
                        buffer.extend_ssh_string(shared.as_bytes());

Insertion in thrussh/src/kex.rs at line 236 [5.306916]

[5.313534]

                            #[cfg(feature = "libsodium")]

Insertion in thrussh/src/kex.rs at line 238 [5.306916]

[5.313598]

                            #[cfg(feature = "rust-crypto")]
                            buffer.extend_ssh_string(shared.as_bytes());

Replacement in thrussh/Cargo.toml at line 42 [5.426118]
B:BD[5.426995] → [5.426995:427018]
```
default = [ "flate2" ]
```
[5.426995]
[2.17143]
```
default = [ "flate2", "libsodium" ]
```

Insertion in thrussh/Cargo.toml at line 45 [5.426118]

[2.17226]

[5.427018]

libsodium = ["thrussh-keys/libsodium", "dep:thrussh-libsodium"]
rust-crypto =  ["thrussh-keys/rust-crypto", "dep:thrussh-rust-crypto"]

Replacement in thrussh/Cargo.toml at line 54 [5.426118]

∅:D[6.1925] → [5.427122:427148]

B:BD[5.427122] → [5.427122:427148]

thrussh-libsodium = "0.2"

[6.1925]

[5.427148]

thrussh-libsodium = { version = "0.2", optional = true }
thrussh-rust-crypto = { path = "../thrussh-rust-crypto", optional = true }

Replacement in Cargo.toml at line 3 [5.453741]

B:BD[5.453755] → [5.453755:453847]

members = [ "thrussh-keys", "thrussh", "thrussh-libsodium", "thrussh-config", "cryptovec" ]

[5.453755]

[5.453847]

members = [ "thrussh-keys", "thrussh", "thrussh-libsodium", "thrussh-config", "cryptovec" , "thrussh-rust-crypto"]

Insertion in Cargo.toml at line 9 [5.453741]
[5.453989]
[5.453989]
```
thrussh-rust-crypto = { path = "thrussh-rust-crypto" }
```

added features to enable swapping libsodum for rust crates

Dependencies

In discussions

Change contents

File addition: thrussh-rust-crypto (d--x------)

File addition: src (d--x------)

File addition: lib.rs (----------)

File addition: Cargo.toml (----------)

Insertion in thrussh-keys/src/key.rs at line 23 [5.57451]

Insertion in thrussh-keys/src/key.rs at line 25 [5.57451]

Insertion in thrussh-keys/src/key.rs at line 30 [5.57451]

Insertion in thrussh-keys/src/key.rs at line 34 [5.57451]

Insertion in thrussh-keys/src/key.rs at line 115 [5.57451]

Insertion in thrussh-keys/src/key.rs at line 118 [5.57451]

Insertion in thrussh-keys/src/key.rs at line 563 [5.57451]

Insertion in thrussh-keys/src/key.rs at line 565 [5.57451]

Insertion in thrussh-keys/Cargo.toml at line 30 [5.157024]

Replacement in thrussh-keys/Cargo.toml at line 53 [5.157024]

Insertion in thrussh/src/lib.rs at line 276 [5.278640]

Insertion in thrussh/src/lib.rs at line 278 [5.278640]

Insertion in thrussh/src/kex.rs at line 27 [5.306916]

Insertion in thrussh/src/kex.rs at line 29 [5.306916]

Insertion in thrussh/src/kex.rs at line 31 [5.306916]

Insertion in thrussh/src/kex.rs at line 88 [5.306916]

Insertion in thrussh/src/kex.rs at line 92 [5.306916]

Insertion in thrussh/src/kex.rs at line 94 [5.306916]

Insertion in thrussh/src/kex.rs at line 102 [5.306916]

Insertion in thrussh/src/kex.rs at line 104 [5.306916]

Insertion in thrussh/src/kex.rs at line 121 [5.306916]

Insertion in thrussh/src/kex.rs at line 123 [5.306916]