refactor(sha): use sha2 crate for hashes instead of sodiumoxide

Author: kurnevsky

.github/workflows/rust.yml

@@ -14,7 +14,7 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
         rust:
           - stable
-          - 1.44.0
+          - 1.48.0
     steps:
     - uses: actions/checkout@v2
     - uses: actions-rs/toolchain@v1

README.md

@@ -30,7 +30,7 @@ issue / pull request should be filled on the reference repository.
 [CONTRIBUTING.md](/CONTRIBUTING.md).
 
 ## Building
-Fairly simple. First, install [Rust] >= 1.44.0 and a C compiler ([Build Tools
+Fairly simple. First, install [Rust] >= 1.48.0 and a C compiler ([Build Tools
 for Visual Studio][VSBuild] on Windows, GCC or Clang on other platforms).
 
 Then you can build the debug version with

tox_binary_io/src/sodium.rs

@@ -1,6 +1,4 @@
-use nom::named;
-
-use nom::{map_opt, take};
+use nom::{map_opt, named, take};
 
 use sodiumoxide::crypto::box_::{
     PublicKey,
@@ -11,7 +9,6 @@ use sodiumoxide::crypto::box_::{
     NONCEBYTES
 };
 
-use sodiumoxide::crypto::hash::{sha256, sha512};
 use sodiumoxide::crypto::secretbox;
 
 use super::FromBytes;
@@ -46,18 +43,10 @@ impl FromBytes for secretbox::Nonce {
     named!(from_bytes<secretbox::Nonce>, map_opt!(take!(secretbox::NONCEBYTES), secretbox::Nonce::from_slice));
 }
 
-impl FromBytes for sha256::Digest {
-    named!(from_bytes<sha256::Digest>, map_opt!(take!(sha256::DIGESTBYTES), sha256::Digest::from_slice));
-}
-
-impl FromBytes for sha512::Digest {
-    named!(from_bytes<sha512::Digest>, map_opt!(take!(sha512::DIGESTBYTES), sha512::Digest::from_slice));
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;
-    
+
     #[test]
     fn public_key_parse_bytes_test() {
         let bytes = [42; PUBLICKEYBYTES];

tox_core/Cargo.toml

@@ -32,6 +32,7 @@ lru = "0.6"
 bitflags = "1.0"
 itertools = "0.10"
 rand = "0.8"
+sha2 = "0.9"
 
 [dependencies.tokio]
 version = "1.0"

tox_core/src/dht/server/mod.rs

@@ -2414,12 +2414,11 @@ mod tests {
         let response = unpack!(packet, Packet::OnionResponse3);
         let response = unpack!(response.payload, InnerOnionResponse::OnionAnnounceResponse);
         let payload = response.get_payload(&precomp).unwrap();
-        let ping_id = sha256::Digest(payload.ping_id_or_pk);
 
         // announce node
 
         let payload = OnionAnnounceRequestPayload {
-            ping_id,
+            ping_id: payload.ping_id_or_pk,
             search_pk: gen_keypair().0,
             data_pk: gen_keypair().0,
             sendback_data: 42

tox_core/src/onion/client/mod.rs

@@ -15,6 +15,8 @@ use futures::{StreamExt, SinkExt};
 use futures::channel::mpsc;
 use futures::lock::Mutex;
 use rand::{thread_rng, Rng};
+use sha2::{Digest, Sha256};
+use sha2::digest::generic_array::typenum::marker_traits::Unsigned;
 
 use tox_crypto::*;
 use crate::dht::ip_port::IsGlobal;
@@ -169,7 +171,7 @@ struct OnionNode {
     /// Path used to send packets to this node.
     path_id: OnionPathId,
     /// Ping id that should be used to announce to this node.
-    ping_id: Option<sha256::Digest>,
+    ping_id: Option<[u8; <Sha256 as Digest>::OutputSize::USIZE]>,
     /// Data `PublicKey` that should be used to send data packets to our friend
     /// through this node.
     data_pk: Option<PublicKey>,
@@ -268,7 +270,7 @@ struct AnnouncePacketData<'a> {
 impl<'a> AnnouncePacketData<'a> {
     /// Create `InnerOnionAnnounceRequest`. The request is a search request if
     /// pind_id is 0 and an announce request otherwise.
-    fn request(&self, node_pk: &PublicKey, ping_id: Option<sha256::Digest>, request_id: u64) -> InnerOnionAnnounceRequest {
+    fn request(&self, node_pk: &PublicKey, ping_id: Option<[u8; <Sha256 as Digest>::OutputSize::USIZE]>, request_id: u64) -> InnerOnionAnnounceRequest {
         let payload = OnionAnnounceRequestPayload {
             ping_id: ping_id.unwrap_or(INITIAL_PING_ID),
             search_pk: self.search_pk,
@@ -286,7 +288,7 @@ impl<'a> AnnouncePacketData<'a> {
         self.request(node_pk, None, request_id)
     }
     /// Create `InnerOnionAnnounceRequest` for an announce request.
-    pub fn announce_request(&self, node_pk: &PublicKey, ping_id: sha256::Digest, request_id: u64) -> InnerOnionAnnounceRequest {
+    pub fn announce_request(&self, node_pk: &PublicKey, ping_id: [u8; <Sha256 as Digest>::OutputSize::USIZE], request_id: u64) -> InnerOnionAnnounceRequest {
         self.request(node_pk, Some(ping_id), request_id)
     }
 }
@@ -469,7 +471,7 @@ impl OnionClient {
         let (ping_id, data_pk) = if payload.announce_status == AnnounceStatus::Found {
             (None, Some(PublicKey(payload.ping_id_or_pk)))
         } else {
-            (Some(sha256::Digest(payload.ping_id_or_pk)), None)
+            (Some(payload.ping_id_or_pk), None)
         };
 
         let now = clock_now();
@@ -1021,7 +1023,7 @@ mod tests {
             keys: [gen_keypair().0, gen_keypair().0, gen_keypair().0],
             path_type: OnionPathType::Udp,
         };
-        let ping_id = sha256::hash(&[1, 2, 3]);
+        let ping_id = [42; 32];
         let data_pk = gen_keypair().0;
         let new_now = now + Duration::from_secs(1);
         let other_onion_node = OnionNode {
@@ -1228,7 +1230,7 @@ mod tests {
         // The sender should be added to close nodes
         let onion_node = state.announce_list.get_node(&real_pk, &sender_pk).unwrap();
         assert_eq!(onion_node.path_id, path.id());
-        assert_eq!(onion_node.ping_id, Some(sha256::Digest(ping_id)));
+        assert_eq!(onion_node.ping_id, Some(ping_id));
         assert_eq!(onion_node.data_pk, None);
         assert_eq!(onion_node.announce_status, AnnounceStatus::Announced);
 
@@ -1920,7 +1922,7 @@ mod tests {
             state.paths_pool.path_nodes.put(node);
         }
 
-        let ping_id = sha256::hash(&[1, 2, 3]);
+        let ping_id = [42; 32];
         let now = Instant::now();
 
         let mut nodes_key_by_addr = HashMap::new();
@@ -2064,7 +2066,7 @@ mod tests {
                 saddr,
                 path_id: path.id(),
                 // regardless of this ping_id search requests should contain 0
-                ping_id: Some(sha256::hash(&[1, 2, 3])),
+                ping_id: Some([42; 32]),
                 data_pk: None,
                 unsuccessful_pings: 0,
                 added_time: now,

tox_core/src/onion/onion_announce.rs

@@ -4,6 +4,8 @@
 use std::io::{ErrorKind, Error};
 use std::net::{IpAddr, SocketAddr};
 use std::time::{Duration, Instant, SystemTime};
+use sha2::{Digest, Sha256};
+use sha2::digest::generic_array::typenum::marker_traits::Unsigned;
 
 use tox_binary_io::*;
 use tox_crypto::*;
@@ -28,7 +30,7 @@ pub const PING_ID_TIMEOUT: Duration = Duration::from_secs(300);
 pub const ONION_ANNOUNCE_TIMEOUT: Duration = Duration::from_secs(300);
 
 /// Create onion ping id filled with zeros.
-pub const INITIAL_PING_ID: sha256::Digest = sha256::Digest([0; sha256::DIGESTBYTES]);
+pub const INITIAL_PING_ID: [u8; <Sha256 as Digest>::OutputSize::USIZE] = [0; <Sha256 as Digest>::OutputSize::USIZE];
 
 /** Entry that corresponds to announced onion node.
 
@@ -137,11 +139,11 @@ impl OnionPingData {
     so this hash remains unchanged for `PING_ID_TIMEOUT`.
 
     */
-    pub fn ping_id(&self) -> sha256::Digest {
+    pub fn ping_id(&self) -> [u8; <Sha256 as Digest>::OutputSize::USIZE] {
         let mut buf = [0; ONION_PING_DATA_SIZE];
         // can not fail since buf has enough length
         self.to_bytes((&mut buf, 0)).unwrap();
-        sha256::hash(&buf)
+        Sha256::digest(&buf).into()
     }
 }
 
@@ -176,7 +178,7 @@ impl OnionAnnounce {
     so this hash remains unchanged for `PING_ID_TIMEOUT`.
 
     */
-    fn ping_id(&self, time: SystemTime, pk: PublicKey, ip_addr: IpAddr, port: u16) -> sha256::Digest {
+    fn ping_id(&self, time: SystemTime, pk: PublicKey, ip_addr: IpAddr, port: u16) -> [u8; <Sha256 as Digest>::OutputSize::USIZE] {
         let data = OnionPingData {
             secret_bytes: self.secret_bytes,
             time,
@@ -286,18 +288,18 @@ impl OnionAnnounce {
                 if entry.data_pk != payload.data_pk {
                     // failed to find ourselves with same long term pk but different data pk
                     // weird case, should we remove it?
-                    (AnnounceStatus::Failed, ping_id_2.0)
+                    (AnnounceStatus::Failed, ping_id_2)
                 } else {
                     // successfully announced ourselves
-                    (AnnounceStatus::Announced, ping_id_2.0)
+                    (AnnounceStatus::Announced, ping_id_2)
                 }
             } else {
                 // requested node is found by its long term pk
                 (AnnounceStatus::Found, entry.data_pk.0)
             }
         } else {
             // requested node not found or failed to announce
-            (AnnounceStatus::Failed, ping_id_2.0)
+            (AnnounceStatus::Failed, ping_id_2)
         }
     }
 

tox_crypto/src/lib.rs

@@ -4,7 +4,6 @@
 
 pub use sodiumoxide::randombytes::randombytes_into;
 pub use sodiumoxide::crypto::box_::*;
-pub use sodiumoxide::crypto::hash::{sha256, sha512};
 pub use sodiumoxide::crypto::secretbox;
 
 pub use sodiumoxide::crypto::pwhash;

tox_encryptsave/Cargo.toml

@@ -21,3 +21,4 @@ edition = "2018"
 [dependencies]
 tox_crypto = { version = "0.1.0", path = "../tox_crypto" }
 failure = "0.1"
+sha2 = "0.9"

tox_encryptsave/src/lib.rs

@@ -22,6 +22,7 @@ assert_eq!(plaintext,
 */
 
 use failure::Fail;
+use sha2::{Digest, Sha256};
 
 use tox_crypto::pwhash::{
     MEMLIMIT_INTERACTIVE, OPSLIMIT_INTERACTIVE,
@@ -33,7 +34,7 @@ use tox_crypto::{
     NONCEBYTES, MACBYTES,
     Nonce, PrecomputedKey,
     gen_nonce,
-    secretbox, sha256
+    secretbox
 };
 
 /// Length in bytes of the salt used to encrypt/decrypt data.
@@ -117,7 +118,7 @@ impl PassKey {
     pub fn with_salt(passphrase: &[u8], salt: Salt) -> Result<PassKey, KeyDerivationError> {
         if passphrase.is_empty() { return Err(KeyDerivationError::Null) };
 
-        let sha256::Digest(passhash) = sha256::hash(passphrase);
+        let passhash = Sha256::digest(passphrase);
         let OpsLimit(ops) = OPSLIMIT_INTERACTIVE;
         let mut key = secretbox::Key([0; secretbox::KEYBYTES]);
 

tox_packet/Cargo.toml

@@ -26,3 +26,4 @@ nom = "5.1"
 cookie-factory = "0.3"
 bitflags = "1.0"
 failure = "0.1"
+sha2 = "0.9"

tox_packet/src/dht/cookie.rs

@@ -3,8 +3,10 @@
 
 use super::*;
 use nom::number::complete::be_u64;
+use sha2::{Digest, Sha512};
+use sha2::digest::generic_array::typenum::marker_traits::Unsigned;
 
-use std::time::SystemTime;
+use std::{convert::TryInto, time::SystemTime};
 
 use tox_binary_io::*;
 use tox_crypto::*;
@@ -160,10 +162,11 @@ impl EncryptedCookie {
         }
     }
     /// Calculate SHA512 hash of encrypted cookie together with nonce
-    pub fn hash(&self) -> sha512::Digest {
+    pub fn hash(&self) -> [u8; <Sha512 as Digest>::OutputSize::USIZE] {
         let mut buf = [0; 112];
         let (_, size) = self.to_bytes((&mut buf, 0)).unwrap();
-        sha512::hash(&buf[..size])
+        // TODO: use `Into` directly when GenericArray supports it
+        Sha512::digest(&buf[..size]).as_slice().try_into().unwrap()
     }
 }
 

tox_packet/src/dht/crypto_handshake.rs

@@ -3,6 +3,10 @@
 
 use super::*;
 
+use std::convert::TryInto;
+use nom::map_opt;
+use sha2::{Digest, Sha512};
+use sha2::digest::generic_array::typenum::marker_traits::Unsigned;
 use tox_binary_io::*;
 use tox_crypto::*;
 use crate::dht::cookie::EncryptedCookie;
@@ -126,7 +130,7 @@ pub struct CryptoHandshakePayload {
     /// used to make sure that possible attacker can't combine payload from old
     /// `CryptoHandshake` with new `Cookie` and try to do mess sending such
     /// packets.
-    pub cookie_hash: sha512::Digest,
+    pub cookie_hash: [u8; <Sha512 as Digest>::OutputSize::USIZE],
     /// Encrypted cookie of sender of `CryptoHandshake` packet. When node
     /// receives `CryptoHandshake` it can take this cookie instead of sending
     /// `CookieRequest` to obtain one.
@@ -137,7 +141,7 @@ impl FromBytes for CryptoHandshakePayload {
     named!(from_bytes<CryptoHandshakePayload>, do_parse!(
         base_nonce: call!(Nonce::from_bytes) >>
         session_pk: call!(PublicKey::from_bytes) >>
-        cookie_hash: call!(sha512::Digest::from_bytes) >>
+        cookie_hash: map_opt!(take!(64), |bytes: &[u8]| bytes.try_into().ok()) >>
         cookie: call!(EncryptedCookie::from_bytes) >>
         eof!() >>
         (CryptoHandshakePayload {
@@ -184,7 +188,7 @@ mod tests {
         CryptoHandshakePayload {
             base_nonce: gen_nonce(),
             session_pk: gen_keypair().0,
-            cookie_hash: sha512::hash(&[1, 2, 3]),
+            cookie_hash: [42; 64],
             cookie: EncryptedCookie {
                 nonce: secretbox::gen_nonce(),
                 payload: vec![42; 88],
@@ -205,7 +209,7 @@ mod tests {
         let payload = CryptoHandshakePayload {
             base_nonce: gen_nonce(),
             session_pk: gen_keypair().0,
-            cookie_hash: sha512::hash(&[1, 2, 3]),
+            cookie_hash: [42; 64],
             cookie: EncryptedCookie {
                 nonce: secretbox::gen_nonce(),
                 payload: vec![42; 88],
@@ -234,7 +238,7 @@ mod tests {
         let payload = CryptoHandshakePayload {
             base_nonce: gen_nonce(),
             session_pk: gen_keypair().0,
-            cookie_hash: sha512::hash(&[1, 2, 3]),
+            cookie_hash: [42; 64],
             cookie: EncryptedCookie {
                 nonce: secretbox::gen_nonce(),
                 payload: vec![42; 88],