recrypt 0.16.0

A pure-Rust implementation of Transform Encryption, a Proxy Re-encryption scheme
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

use rand;
use rand::CryptoRng;

use crate::internal::take_lock;
use rand::SeedableRng;
use rand::rngs::SysRng;
use rand::{TryCryptoRng, TryRng};
use std::convert::Infallible;
use std::default::Default;
use std::ops::DerefMut;
use std::sync::Mutex;

/// Reseed threshold in bytes — matches ThreadRng's 64 KiB interval.
const RESEED_THRESHOLD: usize = 64 * 1024;

/// Generation of random bytes for cryptographic operations
pub trait RandomBytesGen {
    fn random_bytes_32(&self) -> [u8; 32];
    fn random_bytes_60(&self) -> [u8; 60];
}

/// A CSPRNG wrapper that automatically reseeds from system entropy periodically.
/// Implements [`CryptoRng`] so it can be used anywhere a `CryptoRng` is expected.
pub struct ReseedingRng<T: CryptoRng + SeedableRng> {
    inner: T,
    bytes_generated: usize,
}

impl<T: CryptoRng + SeedableRng> Default for ReseedingRng<T> {
    fn default() -> Self {
        ReseedingRng::new(
            T::try_from_rng(&mut SysRng).expect("Failed to seed RNG from system entropy"),
        )
    }
}

impl<T: CryptoRng + SeedableRng> ReseedingRng<T> {
    pub fn new(rng: T) -> Self {
        ReseedingRng {
            inner: rng,
            bytes_generated: 0,
        }
    }

    fn reseed_if_needed(&mut self) {
        if self.bytes_generated >= RESEED_THRESHOLD {
            if let Ok(reseeded) = T::try_from_rng(&mut SysRng) {
                self.inner = reseeded;
            }
            // On reseed failure, continue with existing state rather than panicking.
            // The current state is still cryptographically valid and the likelihood of
            // SysRng erroring is very low.
            self.bytes_generated = 0;
        }
    }
}

impl<T: CryptoRng + SeedableRng> TryRng for ReseedingRng<T> {
    type Error = Infallible;

    fn try_next_u32(&mut self) -> Result<u32, Self::Error> {
        self.reseed_if_needed();
        let val = self.inner.next_u32();
        self.bytes_generated = self.bytes_generated.saturating_add(4);
        Ok(val)
    }

    fn try_next_u64(&mut self) -> Result<u64, Self::Error> {
        self.reseed_if_needed();
        let val = self.inner.next_u64();
        self.bytes_generated = self.bytes_generated.saturating_add(8);
        Ok(val)
    }

    fn try_fill_bytes(&mut self, dst: &mut [u8]) -> Result<(), Self::Error> {
        self.reseed_if_needed();
        self.inner.fill_bytes(dst);
        self.bytes_generated = self.bytes_generated.saturating_add(dst.len());
        Ok(())
    }
}

impl<T: CryptoRng + SeedableRng> TryCryptoRng for ReseedingRng<T> {}

pub struct RandomBytes<T: CryptoRng> {
    pub(crate) rng: Mutex<T>,
}

impl Default for RandomBytes<ReseedingRng<rand_chacha::ChaChaRng>> {
    fn default() -> Self {
        RandomBytes::new(ReseedingRng::default())
    }
}

impl<CR: CryptoRng> RandomBytes<CR> {
    pub fn new(rng: CR) -> Self {
        RandomBytes {
            rng: Mutex::new(rng),
        }
    }
}

impl<CR: CryptoRng> RandomBytesGen for RandomBytes<CR> {
    fn random_bytes_32(&self) -> [u8; 32] {
        let mut bytes: [u8; 32] = [0u8; 32];
        take_lock(&self.rng).deref_mut().fill_bytes(&mut bytes);
        bytes
    }

    fn random_bytes_60(&self) -> [u8; 60] {
        let mut bytes: [u8; 60] = [0u8; 60];
        take_lock(&self.rng).deref_mut().fill_bytes(&mut bytes);
        bytes
    }
}