move to ring for things that it supports

it doesn't support AES_256_CBC_HMAC_SHA256, so we can't move that over yet (see https://github.com/briansmith/ring/issues/588)
author: Jesse Luehrs <doy@tozt.net> 2020-05-03 00:21:07 -0400
committer: Jesse Luehrs <doy@tozt.net> 2020-05-03 00:56:21 -0400
commit: 047550f2368d134c9d5dca60aeb0b56fe151a323 (patch)
tree: 2ad014146d2214db42f550646379bb2dbd571ff1 /src/identity.rs
parent: ea6398d5951ef6a5811cf605bfa223b5b1ce08c4 (diff)
download: rbw-047550f2368d134c9d5dca60aeb0b56fe151a323.tar.gz
rbw-047550f2368d134c9d5dca60aeb0b56fe151a323.zip
1 files changed, 19 insertions, 10 deletions
diff --git a/src/identity.rs b/src/identity.rs
index 1baac0f..8415765 100644
--- a/src/identity.rs
+++ b/src/identity.rs
@@ -12,33 +12,42 @@ impl Identity {
         password: &crate::locked::Password,
         iterations: u32,
     ) -> Result<Self> {
+        let iterations = std::num::NonZeroU32::new(iterations)
+            .context(crate::error::Pbkdf2ZeroIterations)?;
+
         let mut keys = crate::locked::Vec::new();
         keys.extend(std::iter::repeat(0).take(64));
 
         let enc_key = &mut keys.data_mut()[0..32];
-        pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>(
-            password.password(),
+        ring::pbkdf2::derive(
+            ring::pbkdf2::PBKDF2_HMAC_SHA256,
+            iterations,
             email.as_bytes(),
-            iterations as usize,
+            password.password(),
             enc_key,
         );
 
         let mut hash = crate::locked::Vec::new();
         hash.extend(std::iter::repeat(0).take(32));
-        pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>(
-            enc_key,
+        ring::pbkdf2::derive(
+            ring::pbkdf2::PBKDF2_HMAC_SHA256,
+            std::num::NonZeroU32::new(1).unwrap(),
             password.password(),
-            1,
+            enc_key,
             hash.data_mut(),
         );
 
-        let hkdf = hkdf::Hkdf::<sha2::Sha256>::from_prk(enc_key)
-            .map_err(|_| Error::HkdfFromPrk)?;
-        hkdf.expand(b"enc", enc_key)
+        let hkdf =
+            ring::hkdf::Prk::new_less_safe(ring::hkdf::HKDF_SHA256, enc_key);
+        hkdf.expand(&[b"enc"], ring::hkdf::HKDF_SHA256)
+            .map_err(|_| Error::HkdfExpand)?
+            .fill(enc_key)
             .map_err(|_| Error::HkdfExpand)?;
 
         let mac_key = &mut keys.data_mut()[32..64];
-        hkdf.expand(b"mac", mac_key)
+        hkdf.expand(&[b"mac"], ring::hkdf::HKDF_SHA256)
+            .map_err(|_| Error::HkdfExpand)?
+            .fill(mac_key)
             .map_err(|_| Error::HkdfExpand)?;
 
         let keys = crate::locked::Keys::new(keys);
author	Jesse Luehrs <doy@tozt.net>	2020-05-03 00:21:07 -0400
committer	Jesse Luehrs <doy@tozt.net>	2020-05-03 00:56:21 -0400
commit	047550f2368d134c9d5dca60aeb0b56fe151a323 (patch)
tree	2ad014146d2214db42f550646379bb2dbd571ff1 /src/identity.rs
parent	ea6398d5951ef6a5811cf605bfa223b5b1ce08c4 (diff)
download	rbw-047550f2368d134c9d5dca60aeb0b56fe151a323.tar.gz rbw-047550f2368d134c9d5dca60aeb0b56fe151a323.zip