Merge pull request #9 from andrewwhitehead/more-keys

0.2-pre.3 updates
openwallet-foundation · May 11, 2021 · 275fb13 · 275fb13
2 parents 2ab2e50 + 899bc40
commit 275fb13
Show file tree

Hide file tree

Showing 47 changed files with 1,348 additions and 648 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -181,8 +181,8 @@ jobs:
         shell: sh
         run: |
           python setup.py bdist_wheel --python-tag=py3 --plat-name=${{ matrix.plat-name }}
-          pip install dist/*
-          python -m demo.test
+          pip install pytest pytest-asyncio dist/*
+          python -m pytest
         working-directory: wrappers/python
 
       - if: "runner.os == 'Linux'"

diff --git a/Cargo.toml b/Cargo.toml
@@ -3,7 +3,7 @@ members = ["askar-crypto"]
 
 [package]
 name = "aries-askar"
-version = "0.2.0-pre.2"
+version = "0.2.0-pre.3"
 authors = ["Hyperledger Aries Contributors <[email protected]>"]
 edition = "2018"
 description = "Hyperledger Aries Askar secure storage"
@@ -38,7 +38,7 @@ pg_test = ["postgres"]
 hex-literal = "0.3"
 
 [dependencies]
-askar-crypto = { version = "0.2.0-pre.2", path = "./askar-crypto", features = ["argon2", "std"] }
+askar-crypto = { version = "0.2.0-pre.3", path = "./askar-crypto", features = ["argon2", "std"] }
 async-mutex = "1.4"
 async-stream = "0.3"
 bs58 = "0.4"

diff --git a/askar-crypto/Cargo.toml b/askar-crypto/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "askar-crypto"
-version = "0.2.0-pre.2"
+version = "0.2.0-pre.3"
 authors = ["Hyperledger Aries Contributors <[email protected]>"]
 edition = "2018"
 description = "Hyperledger Aries Askar cryptography"
@@ -17,7 +17,7 @@ rustdoc-args = ["--cfg", "docsrs"]
 [features]
 default = ["alloc", "any_key", "all_keys", "crypto_box"]
 alloc = []
-std = ["alloc"]
+std = ["alloc", "serde/std", "serde-json-core/std"]
 all_keys = ["aes", "bls", "chacha", "ec_curves", "ed25519"]
 any_key = ["alloc"]
 aes = ["aes-core", "aes-gcm", "block-modes", "hmac"]
@@ -32,6 +32,7 @@ base64 = { version = "0.13", default-features = false, features = ["alloc"] }
 criterion = "0.3"
 hex-literal = "0.3"
 serde_cbor = "0.11"
+serde-json-core = { version = "0.4", default-features = false, features = ["std"] }
 
 [[bench]]
 name = "enc"
@@ -45,6 +46,7 @@ harness = false
 aead = "0.3"
 aes-core = { package = "aes", version = "0.6", default-features = false, optional = true }
 aes-gcm = { version = "0.8", default-features = false, features = ["aes"], optional = true }
+arbitrary = { version = "1.0", optional = true, features = ["derive"] }
 argon2 = { version = "0.1", default-features = false, features = ["password-hash"], optional = true }
 base64 = { version = "0.13", default-features = false }
 blake2 = { version = "0.9", default-features = false }
@@ -63,7 +65,7 @@ k256 = { version = "0.8", default-features = false, features = ["arithmetic", "e
 p256 = { version = "0.8", default-features = false, features = ["arithmetic", "ecdsa", "ecdh", "zeroize"], optional = true }
 rand = { version = "0.8", default-features = false, features = ["getrandom"] }
 serde = { version = "1.0", default-features = false, features = ["derive"] }
-serde_json = { version = "1.0", default-features = false }
+serde-json-core = { version = "0.4", default-features = false }
 subtle = "2.4"
 sha2 = { version = "0.9", default-features = false }
 x25519-dalek = { version = "1.1", default-features = false, features = ["u64_backend"], optional = true }

diff --git a/askar-crypto/README.md b/askar-crypto/README.md
@@ -11,6 +11,7 @@ The `askar-crypto` crate provides the basic key representations and cryptographi
 | -------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------------- |
 | AES-GCM              | `aes`     | AEAD encryption<br>JWK export                                                                                                  | A128GCM and A256GCM             |
 | AES-CBC-HMAC-SHA2    | `aes`     | AEAD encryption<br>JWK export                                                                                                  | A128CBC-HS256 and A256CBC-HS512 |
+| AES Key Wrap         | `aes`     | AEAD encryption<br>JWK export                                                                                                  | A128KW and A256KW               |
 | (X)ChaCha20-Poly1305 | `chacha`  | AEAD encryption<br>JWK export                                                                                                  | aka C20P, XC20P                 |
 | BLS12-381            | `bls`     | [`bls-signature`](https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-04)-compatible key generation<br>JWK import/export | G1, G2, and G1G2 key types      |
 | Ed25519              | `ed25519` | EdDSA signatures<br>JWK import/export                                                                                          |                                 |

diff --git a/askar-crypto/benches/enc.rs b/askar-crypto/benches/enc.rs
@@ -1,18 +1,16 @@
 #[macro_use]
 extern crate criterion;
 
-#[macro_use]
-extern crate hex_literal;
-
 use askar_crypto::{
     alg::{
+        aes::{A128CbcHs256, A128Gcm, AesKey},
         chacha20::{Chacha20Key, C20P},
         AnyKey, AnyKeyCreate, Chacha20Types, KeyAlg,
     },
     buffer::{SecretBytes, WriteBuffer, Writer},
     encrypt::{KeyAeadInPlace, KeyAeadMeta},
     random::fill_random,
-    repr::KeySecretBytes,
+    repr::KeyGen,
 };
 
 use criterion::{black_box, Criterion};
@@ -21,39 +19,58 @@ fn criterion_benchmark(c: &mut Criterion) {
     {
         let message = b"test message for encrypting";
 
-        let key = &hex!("451b5b8e8725321541954997781de51f4142e4a56bab68d24f6a6b92615de5ee");
+        c.bench_function(&format!("aes128gcm encrypt"), move |b| {
+            let key = AesKey::<A128Gcm>::generate().unwrap();
+            let nonce = AesKey::<A128Gcm>::random_nonce();
+            b.iter(|| {
+                let mut buffer = [0u8; 255];
+                buffer[0..message.len()].copy_from_slice(black_box(&message[..]));
+                let mut writer = Writer::from_slice_position(&mut buffer, message.len());
+                key.encrypt_in_place(&mut writer, &nonce, &[]).unwrap();
+            })
+        });
+        c.bench_function(&format!("aes128cbc-hs256 encrypt"), move |b| {
+            let key = AesKey::<A128CbcHs256>::generate().unwrap();
+            let nonce = AesKey::<A128CbcHs256>::random_nonce();
+            b.iter(|| {
+                let mut buffer = [0u8; 255];
+                buffer[0..message.len()].copy_from_slice(black_box(&message[..]));
+                let mut writer = Writer::from_slice_position(&mut buffer, message.len());
+                key.encrypt_in_place(&mut writer, &nonce, &[]).unwrap();
+            })
+        });
 
         c.bench_function(&format!("chacha20-poly1305 encrypt"), move |b| {
+            let key = Chacha20Key::<C20P>::generate().unwrap();
+            let nonce = Chacha20Key::<C20P>::random_nonce();
             b.iter(|| {
-                let key = Chacha20Key::<C20P>::from_secret_bytes(&key[..]).unwrap();
                 let mut buffer = [0u8; 255];
                 buffer[0..message.len()].copy_from_slice(black_box(&message[..]));
-                let nonce = Chacha20Key::<C20P>::random_nonce();
                 let mut writer = Writer::from_slice_position(&mut buffer, message.len());
                 key.encrypt_in_place(&mut writer, &nonce, &[]).unwrap();
             })
         });
+
+        // test overhead of SecretBytes
         c.bench_function(&format!("chacha20-poly1305 encrypt alloc"), move |b| {
+            let key = Chacha20Key::<C20P>::generate().unwrap();
+            let nonce = Chacha20Key::<C20P>::random_nonce();
             b.iter(|| {
-                let key = Chacha20Key::<C20P>::from_secret_bytes(&key[..]).unwrap();
                 let mut buffer = SecretBytes::with_capacity(255);
                 buffer.buffer_write(black_box(&message[..])).unwrap();
-                let nonce = Chacha20Key::<C20P>::random_nonce();
                 key.encrypt_in_place(&mut buffer, &nonce, &[]).unwrap();
             })
         });
+
+        // test overhead of AnyKey
         c.bench_function(&format!("chacha20-poly1305 encrypt as any"), move |b| {
+            let key = Box::<AnyKey>::generate(KeyAlg::Chacha20(Chacha20Types::C20P)).unwrap();
+            let mut nonce = [0u8; 255];
+            let nonce_len = key.aead_params().nonce_length;
+            fill_random(&mut nonce[..nonce_len]);
             b.iter(|| {
-                let key = Box::<AnyKey>::from_secret_bytes(
-                    KeyAlg::Chacha20(Chacha20Types::C20P),
-                    &key[..],
-                )
-                .unwrap();
                 let mut buffer = [0u8; 255];
                 buffer[0..message.len()].copy_from_slice(black_box(&message[..]));
-                let mut nonce = [0u8; 255];
-                let nonce_len = key.aead_params().nonce_length;
-                fill_random(&mut nonce[..nonce_len]);
                 let mut writer = Writer::from_slice_position(&mut buffer, message.len());
                 key.encrypt_in_place(&mut writer, &nonce[..nonce_len], &[])
                     .unwrap();

diff --git a/askar-crypto/fuzz/.gitignore b/askar-crypto/fuzz/.gitignore
@@ -0,0 +1,4 @@
+
+target
+corpus
+artifacts
diff --git a/askar-crypto/fuzz/Cargo.toml b/askar-crypto/fuzz/Cargo.toml
@@ -0,0 +1,39 @@
+
+[package]
+name = "askar-crypto-fuzz"
+version = "0.0.0"
+authors = ["Automatically generated"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+
+[dependencies.askar-crypto]
+path = ".."
+features = ["arbitrary"]
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "from_jwk"
+path = "fuzz_targets/from_jwk.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "from_public_bytes"
+path = "fuzz_targets/from_public_bytes.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "parse_jwk"
+path = "fuzz_targets/parse_jwk.rs"
+test = false
+doc = false
diff --git a/askar-crypto/fuzz/fuzz_targets/from_jwk.rs b/askar-crypto/fuzz/fuzz_targets/from_jwk.rs
@@ -0,0 +1,11 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+
+use askar_crypto::{
+    alg::AnyKey,
+    jwk::{FromJwk, JwkParts},
+};
+
+fuzz_target!(|data: JwkParts<'_>| {
+    let _ = Box::<AnyKey>::from_jwk_parts(data);
+});
diff --git a/askar-crypto/fuzz/fuzz_targets/from_public_bytes.rs b/askar-crypto/fuzz/fuzz_targets/from_public_bytes.rs
@@ -0,0 +1,8 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+
+use askar_crypto::alg::{AnyKey, AnyKeyCreate, KeyAlg};
+
+fuzz_target!(|data: (KeyAlg, &[u8])| {
+    let _ = Box::<AnyKey>::from_public_bytes(data.0, data.1);
+});
diff --git a/askar-crypto/fuzz/fuzz_targets/parse_jwk.rs b/askar-crypto/fuzz/fuzz_targets/parse_jwk.rs
@@ -0,0 +1,8 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+
+use askar_crypto::{alg::AnyKey, jwk::JwkParts};
+
+fuzz_target!(|data: &str| {
+    let _ = JwkParts::from_str(data);
+});