diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2019-02-06 14:06:32 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2019-02-06 14:06:32 +0100 |
commit | 55018aa2b8f3b0ce045e262a05127d49308710b4 (patch) | |
tree | ef39120f01a31b3be31a27dfa9058475bfa78ec0 | |
parent | 2a75428b44fd56616342a786cc33dd66145f6228 (diff) |
openpgp: Improve secret key handling.
- Use curve25519::secret_key() to generate keys in crypto::ecdh.
- Wrap the secret keys into SessionKey objects to make sure they are
zeroed when dropped.
-rw-r--r-- | openpgp/src/crypto/ecdh.rs | 11 | ||||
-rw-r--r-- | openpgp/src/crypto/mod.rs | 8 | ||||
-rw-r--r-- | openpgp/src/packet/key.rs | 6 |
3 files changed, 13 insertions, 12 deletions
diff --git a/openpgp/src/crypto/ecdh.rs b/openpgp/src/crypto/ecdh.rs index 88ebd684..3329bbb4 100644 --- a/openpgp/src/crypto/ecdh.rs +++ b/openpgp/src/crypto/ecdh.rs @@ -14,7 +14,7 @@ use conversions::{ read_be_u64, }; use crypto::mpis::{MPI, PublicKey, SecretKey, Ciphertext}; -use nettle::{cipher, curve25519, mode, Mode, Yarrow}; +use nettle::{cipher, curve25519, mode, Mode}; /// Wraps a session key using Elliptic Curve Diffie-Hellman. pub fn wrap_session_key(recipient: &Key, session_key: &[u8]) @@ -25,18 +25,13 @@ pub fn wrap_session_key(recipient: &Key, session_key: &[u8]) } = recipient.mpis() { match curve { Curve::Cv25519 => { - let mut rng = Yarrow::default(); - // Obtain the authenticated recipient public key R #[allow(non_snake_case)] let R = q.decode_point(curve)?.0; // Generate an ephemeral key pair {v, V=vG} - let mut v = [0u8; curve25519::CURVE25519_SIZE]; - rng.random(&mut v); - // Note: Nettle ignores the most significant and the three - // least significant bits, therefore every value is a valid - // secret key. + let mut v = + ::crypto::SessionKey::from(curve25519::secret_key()); // Compute the public key. We need to add an encoding // octet in front of the key. diff --git a/openpgp/src/crypto/mod.rs b/openpgp/src/crypto/mod.rs index 33f27078..9dfec48e 100644 --- a/openpgp/src/crypto/mod.rs +++ b/openpgp/src/crypto/mod.rs @@ -1,7 +1,7 @@ //! Cryptographic primitives. use std::io::Read; -use std::ops::Deref; +use std::ops::{Deref, DerefMut}; use std::fmt; use std::cmp::Ordering; @@ -54,6 +54,12 @@ impl Deref for SessionKey { } } +impl DerefMut for SessionKey { + fn deref_mut(&mut self) -> &mut [u8] { + &mut self.0 + } +} + impl From<Vec<u8>> for SessionKey { fn from(v: Vec<u8>) -> Self { SessionKey(v.into_boxed_slice()) diff --git a/openpgp/src/packet/key.rs b/openpgp/src/packet/key.rs index 9ba5707e..aa24c2c7 100644 --- a/openpgp/src/packet/key.rs +++ b/openpgp/src/packet/key.rs @@ -6,7 +6,7 @@ use std::cmp::Ordering; use time; use Error; -use crypto::{mpis, KeyPair}; +use crypto::{mpis, KeyPair, SessionKey}; use packet::Tag; use packet; use Packet; @@ -169,7 +169,7 @@ impl Key { EdDSA => { let mut public = [0u8; ED25519_KEY_SIZE + 1]; - let mut private = ed25519::private_key(); + let mut private: SessionKey = ed25519::private_key().into(); public[0] = 0x40; ed25519::public_key(&mut public[1..], &private)?; @@ -190,7 +190,7 @@ impl Key { ECDH => { let mut public = [0u8; CURVE25519_SIZE + 1]; - let mut private = curve25519::secret_key(); + let mut private: SessionKey = curve25519::secret_key().into(); public[0] = 0x40; |