tau: Port to crypto_box 0.9 and use chacha20 ciphers.

2026-01-10 23:27:56 -05:00 · 2023-07-10 15:42:13 +02:00
parent 9948dfb264
commit 9c8e60cd2a
5 changed files with 88 additions and 57 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1424,16 +1424,31 @@ dependencies = [

 [[package]]
 name = "crypto_box"
-version = "0.8.2"
+version = "0.9.0-rc.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd26c32de5307fd08aac445a75c43472b14559d5dccdfba8022dbcd075838ebc"
+checksum = "20e2e9da0705c71ce86168d6e906af19123543130e4bff7149b55c0d4a729086"
 dependencies = [
 "aead",
 "chacha20",
- "chacha20poly1305",
+ "crypto_secretbox",
+ "curve25519-dalek 4.0.0-rc.3",
 "salsa20",
- "x25519-dalek 1.1.1",
- "xsalsa20poly1305",
+ "zeroize",
+]
+
+[[package]]
+name = "crypto_secretbox"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b9d6cf87adf719ddf43a805e92c6870a531aedda35ff640442cbaf8674e141e1"
+dependencies = [
+ "aead",
+ "chacha20",
+ "cipher",
+ "generic-array",
+ "poly1305",
+ "salsa20",
+ "subtle",
 "zeroize",
 ]

@@ -1496,6 +1511,33 @@ dependencies = [
 "zeroize",
 ]

+[[package]]
+name = "curve25519-dalek"
+version = "4.0.0-rc.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "436ace70fc06e06f7f689d2624dc4e2f0ea666efb5aa704215f7249ae6e047a7"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "curve25519-dalek-derive",
+ "fiat-crypto",
+ "platforms",
+ "rustc_version 0.4.0",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "curve25519-dalek-derive"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "83fdaf97f4804dcebfa5862639bc9ce4121e82140bec2a987ac5140294865b5b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.25",
+]
+
 [[package]]
 name = "darkfi"
 version = "0.4.1"
@@ -2352,7 +2394,7 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d"
 dependencies = [
- "curve25519-dalek",
+ "curve25519-dalek 3.2.0",
 "ed25519",
 "merlin",
 "rand 0.7.3",
@@ -2579,6 +2621,12 @@ dependencies = [
 "subtle",
 ]

+[[package]]
+name = "fiat-crypto"
+version = "0.1.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77"
+
 [[package]]
 name = "flate2"
 version = "1.0.26"
@@ -2877,6 +2925,7 @@ checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
 dependencies = [
 "typenum",
 "version_check",
+ "zeroize",
 ]

 [[package]]
@@ -4270,6 +4319,12 @@ version = "0.3.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"

+[[package]]
+name = "platforms"
+version = "3.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3d7ddaed09e0eb771a79ab0fd64609ba0afb0a8366421957936ad14cbd13630"
+
 [[package]]
 name = "plotters"
 version = "0.3.5"
@@ -6444,7 +6499,7 @@ dependencies = [
 "aes",
 "base64ct",
 "ctr",
- "curve25519-dalek",
+ "curve25519-dalek 3.2.0",
 "derive_more",
 "digest 0.10.7",
 "ed25519-dalek",
@@ -6462,7 +6517,7 @@ dependencies = [
 "simple_asn1",
 "subtle",
 "thiserror",
- "x25519-dalek 2.0.0-pre.1",
+ "x25519-dalek",
 "zeroize",
 ]

@@ -7563,24 +7618,13 @@ dependencies = [
 "tap",
 ]

-[[package]]
-name = "x25519-dalek"
-version = "1.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a0c105152107e3b96f6a00a65e86ce82d9b125230e1c4302940eca58ff71f4f"
-dependencies = [
- "curve25519-dalek",
- "rand_core 0.5.1",
- "zeroize",
-]
-
 [[package]]
 name = "x25519-dalek"
 version = "2.0.0-pre.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e5da623d8af10a62342bcbbb230e33e58a63255a58012f8653c578e54bab48df"
 dependencies = [
- "curve25519-dalek",
+ "curve25519-dalek 3.2.0",
 "rand_core 0.6.4",
 "zeroize",
 ]
@@ -7613,19 +7657,6 @@ dependencies = [
 "untrusted",
 ]

-[[package]]
-name = "xsalsa20poly1305"
-version = "0.9.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "02a6dad357567f81cd78ee75f7c61f1b30bb2fe4390be8fb7c69e2ac8dffb6c7"
-dependencies = [
- "aead",
- "poly1305",
- "salsa20",
- "subtle",
- "zeroize",
-]
-
 [[package]]
 name = "yasna"
 version = "0.5.2"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -129,7 +129,7 @@ sled = {version = "0.34.7", optional = true}
 sled-overlay = {version = "0.0.7", optional = true}

 # Temporary version lock
-curve25519-dalek = {version = "=4.0.0-rc.3", default-features = false, optional = true}
+#curve25519-dalek = {version = "=4.0.0-rc.3", default-features = false, optional = true}

 [dev-dependencies]
 clap = {version = "4.3.11", features = ["derive"]}
--- a/bin/tau/taud/Cargo.toml
+++ b/bin/tau/taud/Cargo.toml
@@ -16,7 +16,7 @@ darkfi-serial = { path = "../../../src/serial" }
 async-trait = "0.1.71"
 bs58 = "0.5.0"
 chrono = "0.4.26"
-crypto_box = {version = "0.8.2", features = ["std"]}
+crypto_box = {version = "0.9.0-rc.1", features = ["std", "chacha20"]}
 futures = "0.3.28"
 hex = "0.4.3"
 libc = "0.2.147"
--- a/bin/tau/taud/src/jsonrpc.rs
+++ b/bin/tau/taud/src/jsonrpc.rs
@@ -16,11 +16,11 @@
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

-use std::{collections::HashMap, fs::create_dir_all, path::PathBuf};
+use std::{collections::HashMap, fs::create_dir_all, path::PathBuf, sync::Arc};

 use async_std::sync::Mutex;
 use async_trait::async_trait;
-use crypto_box::SalsaBox;
+use crypto_box::ChaChaBox;
 use log::{debug, warn};
 use serde::{Deserialize, Serialize};
 use serde_json::{json, Value};
@@ -47,7 +47,7 @@ pub struct JsonRpcInterface {
    notify_queue_sender: smol::channel::Sender<TaskInfo>,
    nickname: String,
    workspace: Mutex<String>,
-    workspaces: HashMap<String, SalsaBox>,
+    workspaces: Arc<HashMap<String, ChaChaBox>>,
    p2p: net::P2pPtr,
 }

@@ -99,7 +99,7 @@ impl JsonRpcInterface {
        dataset_path: PathBuf,
        notify_queue_sender: smol::channel::Sender<TaskInfo>,
        nickname: String,
-        workspaces: HashMap<String, SalsaBox>,
+        workspaces: Arc<HashMap<String, ChaChaBox>>,
        p2p: net::P2pPtr,
    ) -> Self {
        let workspace = Mutex::new(workspaces.iter().last().unwrap().0.clone());
--- a/bin/tau/taud/src/main.rs
+++ b/bin/tau/taud/src/main.rs
@@ -32,12 +32,12 @@ use std::{

 use crypto_box::{
    aead::{Aead, AeadCore},
-    rand_core::OsRng,
-    SalsaBox, SecretKey,
+    ChaChaBox, SecretKey,
 };
 use darkfi_serial::{deserialize, serialize, SerialDecodable, SerialEncodable};
 use futures::{select, FutureExt};
 use log::{debug, error, info};
+use rand::rngs::OsRng;
 use structopt_toml::StructOptToml;

 use darkfi::{
@@ -70,7 +70,7 @@ use crate::{
    util::pipe_write,
 };

-fn get_workspaces(settings: &Args) -> Result<HashMap<String, SalsaBox>> {
+fn get_workspaces(settings: &Args) -> Result<HashMap<String, ChaChaBox>> {
    let mut workspaces = HashMap::new();

    for workspace in settings.workspaces.iter() {
@@ -84,8 +84,8 @@ fn get_workspaces(settings: &Args) -> Result<HashMap<String, SalsaBox>> {

        let secret = crypto_box::SecretKey::from(bytes);
        let public = secret.public_key();
-        let salsa_box = crypto_box::SalsaBox::new(&public, &secret);
-        workspaces.insert(workspace.to_string(), salsa_box);
+        let chacha_box = crypto_box::ChaChaBox::new(&public, &secret);
+        workspaces.insert(workspace.to_string(), chacha_box);
    }

    Ok(workspaces)
@@ -118,24 +118,24 @@ impl EventMsg for EncryptedTask {

 fn encrypt_task(
    task: &TaskInfo,
-    salsa_box: &SalsaBox,
+    chacha_box: &ChaChaBox,
    rng: &mut OsRng,
 ) -> TaudResult<EncryptedTask> {
    debug!("start encrypting task");

-    let nonce = SalsaBox::generate_nonce(rng);
+    let nonce = ChaChaBox::generate_nonce(rng);
    let payload = &serialize(task)[..];
-    let payload = salsa_box.encrypt(&nonce, payload)?;
+    let payload = chacha_box.encrypt(&nonce, payload)?;

    let nonce = nonce.to_vec();
    Ok(EncryptedTask { nonce, payload })
 }

-fn decrypt_task(encrypt_task: &EncryptedTask, salsa_box: &SalsaBox) -> TaudResult<TaskInfo> {
+fn decrypt_task(encrypt_task: &EncryptedTask, chacha_box: &ChaChaBox) -> TaudResult<TaskInfo> {
    debug!("start decrypting task");

    let nonce = encrypt_task.nonce.as_slice();
-    let decrypted_task = salsa_box.decrypt(nonce.into(), &encrypt_task.payload[..])?;
+    let decrypted_task = chacha_box.decrypt(nonce.into(), &encrypt_task.payload[..])?;

    let task = deserialize(&decrypted_task)?;

@@ -148,7 +148,7 @@ async fn start_sync_loop(
    view: ViewPtr<EncryptedTask>,
    model: ModelPtr<EncryptedTask>,
    seen: SeenPtr<EventId>,
-    workspaces: HashMap<String, SalsaBox>,
+    workspaces: Arc<HashMap<String, ChaChaBox>>,
    datastore_path: std::path::PathBuf,
    missed_events: Arc<Mutex<Vec<Event<EncryptedTask>>>>,
    piped: bool,
@@ -160,8 +160,8 @@ async fn start_sync_loop(
            task_event = broadcast_rcv.recv().fuse() => {
                let tk = task_event.map_err(Error::from)?;
                if workspaces.contains_key(&tk.workspace) {
-                    let salsa_box = workspaces.get(&tk.workspace).unwrap();
-                    let encrypted_task = encrypt_task(&tk, salsa_box, &mut OsRng)?;
+                    let chacha_box = workspaces.get(&tk.workspace).unwrap();
+                    let encrypted_task = encrypt_task(&tk, chacha_box, &mut OsRng)?;
                    info!(target: "tau", "Send the task: ref: {}", tk.ref_id);
                    let event = Event {
                        previous_event_hash: model.lock().await.get_head_hash(),
@@ -191,11 +191,11 @@ async fn start_sync_loop(
 async fn on_receive_task(
    task: &EncryptedTask,
    datastore_path: &Path,
-    workspaces: &HashMap<String, SalsaBox>,
+    workspaces: &HashMap<String, ChaChaBox>,
    piped: bool,
 ) -> TaudResult<()> {
-    for (workspace, salsa_box) in workspaces.iter() {
-        let task = decrypt_task(task, salsa_box);
+    for (workspace, chacha_box) in workspaces.iter() {
+        let task = decrypt_task(task, chacha_box);
        if let Err(e) = task {
            debug!("unable to decrypt the task: {}", e);
            continue
@@ -297,7 +297,7 @@ async fn realmain(settings: Args, executor: Arc<smol::Executor<'_>>) -> Result<(
                continue
            }
            let secret_key = SecretKey::generate(&mut OsRng);
-            let encoded = bs58::encode(secret_key.as_bytes());
+            let encoded = bs58::encode(secret_key.to_bytes());

            println!("workspace: {}:{}", workspace, encoded.into_string());
            println!("Please add it to the config file.");
@@ -307,7 +307,7 @@ async fn realmain(settings: Args, executor: Arc<smol::Executor<'_>>) -> Result<(
        return Ok(())
    }

-    let workspaces = get_workspaces(&settings)?;
+    let workspaces = Arc::new(get_workspaces(&settings)?);

    if workspaces.is_empty() {
        error!("Please add at least one workspace to the config file.");