feat: remove aesctr, add x25519 support

nervosnetwork · Oct 20, 2020 · 55d4290 · 55d4290
1 parent 27b9e8a
commit 55d4290
Show file tree

Hide file tree

Showing 12 changed files with 80 additions and 400 deletions.
diff --git a/fuzz/fuzz_targets/secio/crypto/decrypt_cipher.rs b/fuzz/fuzz_targets/secio/crypto/decrypt_cipher.rs
@@ -7,19 +7,10 @@ fn new_decrypt_cipher(cipher_type: CipherType) -> BoxStreamCipher {
     let key = (0..cipher_type.key_size())
         .map(|_| rand::random::<u8>())
         .collect::<Vec<_>>();
-    let iv = (0..cipher_type.iv_size())
-        .map(|_| rand::random::<u8>())
-        .collect::<Vec<_>>();
-    new_stream(cipher_type, &key, &iv, CryptoMode::Decrypt)
+    new_stream(cipher_type, &key, CryptoMode::Decrypt)
 }
 
 fuzz_target!(|data: &[u8]| {
-    let mut cipher = new_decrypt_cipher(CipherType::Aes128Ctr);
-    let _ = cipher.decrypt(data);
-
-    let mut cipher = new_decrypt_cipher(CipherType::Aes256Ctr);
-    let _ = cipher.decrypt(data);
-
     let mut cipher = new_decrypt_cipher(CipherType::Aes128Gcm);
     let _ = cipher.decrypt(data);
 

diff --git a/fuzz/fuzz_targets/secio/crypto/encrypt_cipher.rs b/fuzz/fuzz_targets/secio/crypto/encrypt_cipher.rs
@@ -7,19 +7,10 @@ fn new_encrypt_cipher(cipher_type: CipherType) -> BoxStreamCipher {
     let key = (0..cipher_type.key_size())
         .map(|_| rand::random::<u8>())
         .collect::<Vec<_>>();
-    let iv = (0..cipher_type.iv_size())
-        .map(|_| rand::random::<u8>())
-        .collect::<Vec<_>>();
-    new_stream(cipher_type, &key, &iv, CryptoMode::Encrypt)
+    new_stream(cipher_type, &key, CryptoMode::Encrypt)
 }
 
 fuzz_target!(|data: &[u8]| {
-    let mut cipher = new_encrypt_cipher(CipherType::Aes128Ctr);
-    let _ = cipher.encrypt(data);
-
-    let mut cipher = new_encrypt_cipher(CipherType::Aes256Ctr);
-    let _ = cipher.encrypt(data);
-
     let mut cipher = new_encrypt_cipher(CipherType::Aes128Gcm);
     let _ = cipher.encrypt(data);
 

diff --git a/secio/Cargo.toml b/secio/Cargo.toml
@@ -39,7 +39,7 @@ openssl-sys = "0.9"
 [dev-dependencies]
 env_logger = "0.6"
 criterion = "0.3"
-tokio = { version = "0.2.0", features = ["tcp", "rt-core"] }
+tokio = { version = "0.2.0", features = ["tcp", "rt-core", "dns"] }
 
 [features]
 default = []

diff --git a/secio/benches/bench.rs b/secio/benches/bench.rs
@@ -1,51 +1,15 @@
 use criterion::{criterion_group, criterion_main, Bencher, Criterion};
-use tentacle_secio::{
-    codec::Hmac,
-    crypto::{cipher::CipherType, new_stream, CryptoMode},
-};
+use tentacle_secio::crypto::{cipher::CipherType, new_stream, CryptoMode};
 
 fn decode_encode(data: &[u8], cipher: CipherType) {
     let cipher_key = (0..cipher.key_size())
         .map(|_| rand::random::<u8>())
         .collect::<Vec<_>>();
-    let _hmac_key: [u8; 32] = rand::random();
-    let iv = (0..cipher.iv_size())
-        .map(|_| rand::random::<u8>())
-        .collect::<Vec<_>>();
-
-    let mut encode_cipher = new_stream(cipher, &cipher_key, &iv, CryptoMode::Encrypt);
-    let mut decode_cipher = new_stream(cipher, &cipher_key, &iv, CryptoMode::Decrypt);
-    let (mut decode_hmac, mut encode_hmac): (Option<Hmac>, Option<Hmac>) = match cipher {
-        CipherType::ChaCha20Poly1305 | CipherType::Aes128Gcm | CipherType::Aes256Gcm => {
-            (None, None)
-        }
-        #[cfg(unix)]
-        _ => {
-            use tentacle_secio::Digest;
-            let encode_hmac = Hmac::from_key(Digest::Sha256, &_hmac_key);
-            let decode_hmac = encode_hmac.clone();
-            (Some(decode_hmac), Some(encode_hmac))
-        }
-    };
-
-    let mut encode_data = encode_cipher.encrypt(&data[..]).unwrap();
-    if encode_hmac.is_some() {
-        let signature = encode_hmac.as_mut().unwrap().sign(&encode_data[..]);
-        encode_data.extend_from_slice(signature.as_ref());
-    }
 
-    if decode_hmac.is_some() {
-        let content_length = encode_data.len() - decode_hmac.as_mut().unwrap().num_bytes();
+    let mut encode_cipher = new_stream(cipher, &cipher_key, CryptoMode::Encrypt);
+    let mut decode_cipher = new_stream(cipher, &cipher_key, CryptoMode::Decrypt);
 
-        let (crypted_data, expected_hash) = encode_data.split_at(content_length);
-
-        assert!(decode_hmac
-            .as_mut()
-            .unwrap()
-            .verify(crypted_data, expected_hash));
-
-        encode_data.truncate(content_length);
-    }
+    let encode_data = encode_cipher.encrypt(&data[..]).unwrap();
 
     let decode_data = decode_cipher.decrypt(&encode_data).unwrap();
 
@@ -62,16 +26,6 @@ fn criterion_benchmark(bench: &mut Criterion) {
     let data = (0..1024 * 256)
         .map(|_| rand::random::<u8>())
         .collect::<Vec<_>>();
-    #[cfg(unix)]
-    bench.bench_function("1kb_aes128ctr", {
-        let data = data.clone();
-        move |b| bench_test(b, CipherType::Aes128Ctr, &data)
-    });
-    #[cfg(unix)]
-    bench.bench_function("1kb_aes256ctr", {
-        let data = data.clone();
-        move |b| bench_test(b, CipherType::Aes256Ctr, &data)
-    });
     bench.bench_function("1kb_aes128gcm", {
         let data = data.clone();
         move |b| bench_test(b, CipherType::Aes128Gcm, &data)
@@ -87,16 +41,6 @@ fn criterion_benchmark(bench: &mut Criterion) {
     let data = (0..1024 * 1024)
         .map(|_| rand::random::<u8>())
         .collect::<Vec<_>>();
-    #[cfg(unix)]
-    bench.bench_function("1mb_aes128ctr", {
-        let data = data.clone();
-        move |b| bench_test(b, CipherType::Aes128Ctr, &data)
-    });
-    #[cfg(unix)]
-    bench.bench_function("1mb_aes256ctr", {
-        let data = data.clone();
-        move |b| bench_test(b, CipherType::Aes256Ctr, &data)
-    });
     bench.bench_function("1mb_aes128gcm", {
         let data = data.clone();
         move |b| bench_test(b, CipherType::Aes128Gcm, &data)