From 55018aa2b8f3b0ce045e262a05127d49308710b4 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Wed, 6 Feb 2019 14:06:32 +0100 Subject: openpgp: Improve secret key handling. - Use curve25519::secret_key() to generate keys in crypto::ecdh. - Wrap the secret keys into SessionKey objects to make sure they are zeroed when dropped. --- openpgp/src/crypto/ecdh.rs | 11 +++-------- openpgp/src/crypto/mod.rs | 8 +++++++- openpgp/src/packet/key.rs | 6 +++--- 3 files changed, 13 insertions(+), 12 deletions(-) (limited to 'openpgp/src') diff --git a/openpgp/src/crypto/ecdh.rs b/openpgp/src/crypto/ecdh.rs index 88ebd684..3329bbb4 100644 --- a/openpgp/src/crypto/ecdh.rs +++ b/openpgp/src/crypto/ecdh.rs @@ -14,7 +14,7 @@ use conversions::{ read_be_u64, }; use crypto::mpis::{MPI, PublicKey, SecretKey, Ciphertext}; -use nettle::{cipher, curve25519, mode, Mode, Yarrow}; +use nettle::{cipher, curve25519, mode, Mode}; /// Wraps a session key using Elliptic Curve Diffie-Hellman. pub fn wrap_session_key(recipient: &Key, session_key: &[u8]) @@ -25,18 +25,13 @@ pub fn wrap_session_key(recipient: &Key, session_key: &[u8]) } = recipient.mpis() { match curve { Curve::Cv25519 => { - let mut rng = Yarrow::default(); - // Obtain the authenticated recipient public key R #[allow(non_snake_case)] let R = q.decode_point(curve)?.0; // Generate an ephemeral key pair {v, V=vG} - let mut v = [0u8; curve25519::CURVE25519_SIZE]; - rng.random(&mut v); - // Note: Nettle ignores the most significant and the three - // least significant bits, therefore every value is a valid - // secret key. + let mut v = + ::crypto::SessionKey::from(curve25519::secret_key()); // Compute the public key. We need to add an encoding // octet in front of the key. diff --git a/openpgp/src/crypto/mod.rs b/openpgp/src/crypto/mod.rs index 33f27078..9dfec48e 100644 --- a/openpgp/src/crypto/mod.rs +++ b/openpgp/src/crypto/mod.rs @@ -1,7 +1,7 @@ //! Cryptographic primitives. use std::io::Read; -use std::ops::Deref; +use std::ops::{Deref, DerefMut}; use std::fmt; use std::cmp::Ordering; @@ -54,6 +54,12 @@ impl Deref for SessionKey { } } +impl DerefMut for SessionKey { + fn deref_mut(&mut self) -> &mut [u8] { + &mut self.0 + } +} + impl From> for SessionKey { fn from(v: Vec) -> Self { SessionKey(v.into_boxed_slice()) diff --git a/openpgp/src/packet/key.rs b/openpgp/src/packet/key.rs index 9ba5707e..aa24c2c7 100644 --- a/openpgp/src/packet/key.rs +++ b/openpgp/src/packet/key.rs @@ -6,7 +6,7 @@ use std::cmp::Ordering; use time; use Error; -use crypto::{mpis, KeyPair}; +use crypto::{mpis, KeyPair, SessionKey}; use packet::Tag; use packet; use Packet; @@ -169,7 +169,7 @@ impl Key { EdDSA => { let mut public = [0u8; ED25519_KEY_SIZE + 1]; - let mut private = ed25519::private_key(); + let mut private: SessionKey = ed25519::private_key().into(); public[0] = 0x40; ed25519::public_key(&mut public[1..], &private)?; @@ -190,7 +190,7 @@ impl Key { ECDH => { let mut public = [0u8; CURVE25519_SIZE + 1]; - let mut private = curve25519::secret_key(); + let mut private: SessionKey = curve25519::secret_key().into(); public[0] = 0x40; -- cgit v1.2.3