From 54e555f295ac425aa58b044115d6ebdc845f60aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damir=20Jeli=C4=87?= Date: Tue, 15 Feb 2022 11:30:02 +0100 Subject: [PATCH] refactor(crypto): Don't use getrandom directly, we already use the rand crate --- crates/matrix-sdk-crypto/Cargo.toml | 1 - .../src/file_encryption/attachments.rs | 8 +++++--- .../src/file_encryption/key_export.rs | 8 +++++--- crates/matrix-sdk-crypto/src/store/pickle_key.rs | 11 +++++++---- crates/matrix-sdk-crypto/src/verification/qrcode.rs | 10 ++++++---- 5 files changed, 23 insertions(+), 15 deletions(-) diff --git a/crates/matrix-sdk-crypto/Cargo.toml b/crates/matrix-sdk-crypto/Cargo.toml index b3dcc07b8..5b4530257 100644 --- a/crates/matrix-sdk-crypto/Cargo.toml +++ b/crates/matrix-sdk-crypto/Cargo.toml @@ -33,7 +33,6 @@ bs58 = { version = "0.4.0", optional = true } byteorder = "1.4.3" dashmap = "5.1.0" futures-util = { version = "0.3.15", default-features = false, features = ["alloc"] } -getrandom = "0.2.3" hmac = "0.12.0" matrix-qrcode = { version = "0.2.0", path = "../matrix-qrcode", optional = true } matrix-sdk-common = { version = "0.4.0", path = "../matrix-sdk-common" } diff --git a/crates/matrix-sdk-crypto/src/file_encryption/attachments.rs b/crates/matrix-sdk-crypto/src/file_encryption/attachments.rs index b9d9ed646..58cd0feae 100644 --- a/crates/matrix-sdk-crypto/src/file_encryption/attachments.rs +++ b/crates/matrix-sdk-crypto/src/file_encryption/attachments.rs @@ -22,7 +22,7 @@ use aes::{ Aes256, Aes256Ctr, }; use base64::DecodeError; -use getrandom::getrandom; +use rand::{thread_rng, RngCore}; use ruma::{ events::room::{EncryptedFile, JsonWebKey, JsonWebKeyInit}, serde::Base64, @@ -218,10 +218,12 @@ impl<'a, R: Read + ?Sized + 'a> AttachmentEncryptor<'a, R> { let mut key = Zeroizing::new([0u8; KEY_SIZE]); let mut iv = Zeroizing::new([0u8; IV_SIZE]); - getrandom(&mut *key).expect("Can't generate randomness"); + let mut rng = thread_rng(); + + rng.fill_bytes(&mut *key); // Only populate the first 8 bytes with randomness, the rest is 0 // initialized for the counter. - getrandom(&mut iv[0..8]).expect("Can't generate randomness"); + rng.fill_bytes(&mut iv[0..8]); let web_key = JsonWebKey::from(JsonWebKeyInit { kty: "oct".to_owned(), diff --git a/crates/matrix-sdk-crypto/src/file_encryption/key_export.rs b/crates/matrix-sdk-crypto/src/file_encryption/key_export.rs index 4f0b9e789..2646ad8c7 100644 --- a/crates/matrix-sdk-crypto/src/file_encryption/key_export.rs +++ b/crates/matrix-sdk-crypto/src/file_encryption/key_export.rs @@ -19,9 +19,9 @@ use aes::{ Aes256, Aes256Ctr, }; use byteorder::{BigEndian, ReadBytesExt}; -use getrandom::getrandom; use hmac::{Hmac, Mac}; use pbkdf2::pbkdf2; +use rand::{thread_rng, RngCore}; use serde_json::Error as SerdeError; use sha2::{Sha256, Sha512}; use thiserror::Error; @@ -152,8 +152,10 @@ fn encrypt_helper(plaintext: &mut [u8], passphrase: &str, rounds: u32) -> String let mut iv = [0u8; IV_SIZE]; let mut derived_keys = [0u8; KEY_SIZE * 2]; - getrandom(&mut salt).expect("Can't generate randomness"); - getrandom(&mut iv).expect("Can't generate randomness"); + let mut rng = thread_rng(); + + rng.fill_bytes(&mut salt); + rng.fill_bytes(&mut iv); let mut iv = u128::from_be_bytes(iv); iv &= !(1 << 63); diff --git a/crates/matrix-sdk-crypto/src/store/pickle_key.rs b/crates/matrix-sdk-crypto/src/store/pickle_key.rs index afa3cfa4f..50b5169b3 100644 --- a/crates/matrix-sdk-crypto/src/store/pickle_key.rs +++ b/crates/matrix-sdk-crypto/src/store/pickle_key.rs @@ -18,9 +18,9 @@ use aes_gcm::{ aead::{generic_array::GenericArray, Aead, NewAead}, Aes256Gcm, Error as DecryptionError, }; -use getrandom::getrandom; use hmac::Hmac; use pbkdf2::pbkdf2; +use rand::{thread_rng, RngCore}; use serde::{Deserialize, Serialize}; use sha2::Sha256; use zeroize::{Zeroize, Zeroizing}; @@ -81,7 +81,8 @@ pub struct PickleKey { impl Default for PickleKey { fn default() -> Self { let mut key = vec![0u8; KEY_SIZE]; - getrandom(&mut key).expect("Can't generate new pickle key"); + let mut rng = thread_rng(); + rng.fill_bytes(&mut key); Self { aes256_key: key } } @@ -122,15 +123,17 @@ impl PickleKey { /// * `passphrase` - The passphrase that should be used to encrypt the /// pickle key. pub fn encrypt(&self, passphrase: &str) -> EncryptedPickleKey { + let mut rng = thread_rng(); let mut salt = vec![0u8; KDF_SALT_SIZE]; - getrandom(&mut salt).expect("Can't generate new random pickle key"); + + rng.fill_bytes(&mut salt); let key = PickleKey::expand_key(passphrase, &salt, KDF_ROUNDS); let key = GenericArray::from_slice(key.as_ref()); let cipher = Aes256Gcm::new(key); let mut nonce = vec![0u8; NONCE_SIZE]; - getrandom(&mut nonce).expect("Can't generate new random nonce for the pickle key"); + rng.fill_bytes(&mut nonce); let ciphertext = cipher .encrypt(GenericArray::from_slice(nonce.as_ref()), self.aes256_key.as_slice()) diff --git a/crates/matrix-sdk-crypto/src/verification/qrcode.rs b/crates/matrix-sdk-crypto/src/verification/qrcode.rs index 675869e16..85bc27dc3 100644 --- a/crates/matrix-sdk-crypto/src/verification/qrcode.rs +++ b/crates/matrix-sdk-crypto/src/verification/qrcode.rs @@ -18,6 +18,7 @@ use matrix_qrcode::{ qrcode::QrCode, EncodingError, QrVerificationData, SelfVerificationData, SelfVerificationNoMasterKey, VerificationData, }; +use rand::{thread_rng, RngCore}; use ruma::{ api::client::keys::upload_signatures::v3::Request as SignatureUploadRequest, events::{ @@ -431,10 +432,11 @@ impl QrVerification { } fn generate_secret() -> Base64 { - let mut shared_secret = [0u8; SECRET_SIZE]; - getrandom::getrandom(&mut shared_secret) - .expect("Can't generate randomness for the shared secret"); - Base64::new(shared_secret.to_vec()) + let mut shared_secret = vec![0u8; SECRET_SIZE]; + let mut rng = thread_rng(); + rng.fill_bytes(&mut shared_secret); + + Base64::new(shared_secret) } pub(crate) fn new_self(