stop using ring

3 files changed, 25 insertions, 36 deletions

diff --git a/src/cipherstring.rs b/src/cipherstring.rs
index f213cf7..cd1d25b 100644
--- a/src/cipherstring.rs
+++ b/src/cipherstring.rs
@@ -1,6 +1,7 @@
 use crate::prelude::*;
 
 use block_modes::BlockMode as _;
+use hmac::{Mac as _, NewMac as _};
 use rand::RngCore as _;
 
 pub enum CipherString {
@@ -94,8 +95,6 @@ impl CipherString {
     ) -> Result<Self> {
         let iv = random_iv();
 
-        // ring doesn't currently support CBC ciphers, so we have to do it
-        // manually. see https://github.com/briansmith/ring/issues/588
         let cipher = block_modes::Cbc::<
             aes::Aes256,
             block_modes::block_padding::Pkcs7,
@@ -103,12 +102,12 @@ impl CipherString {
         .map_err(|source| Error::CreateBlockMode { source })?;
         let ciphertext = cipher.encrypt_vec(plaintext);
 
-        let mut digest = ring::hmac::Context::with_key(
-            &ring::hmac::Key::new(ring::hmac::HMAC_SHA256, keys.mac_key()),
-        );
+        let mut digest =
+            hmac::Hmac::<sha2::Sha256>::new_varkey(keys.mac_key())
+                .map_err(|source| Error::CreateHmac { source })?;
         digest.update(&iv);
         digest.update(&ciphertext);
-        let mac = digest.sign().as_ref().to_vec();
+        let mac = digest.finalize().into_bytes().as_slice().to_vec();
 
         Ok(Self::Symmetric {
             iv,
@@ -182,9 +181,6 @@ impl CipherString {
     ) -> Result<crate::locked::Vec> {
         match self {
             Self::Asymmetric { ciphertext } => {
-                // ring doesn't currently support asymmetric encryption (only
-                // signatures). see
-                // https://github.com/briansmith/ring/issues/691
                 let pkey = openssl::pkey::PKey::private_key_from_pkcs8(
                     private_key.private_key(),
                 )
@@ -223,21 +219,16 @@ fn decrypt_common_symmetric(
 ) -> Result<block_modes::Cbc<aes::Aes256, block_modes::block_padding::Pkcs7>>
 {
     if let Some(mac) = mac {
-        let key =
-            ring::hmac::Key::new(ring::hmac::HMAC_SHA256, keys.mac_key());
-        // it'd be nice to not have to pull this into a vec, but ring
-        // doesn't currently support non-contiguous verification. see
-        // https://github.com/briansmith/ring/issues/615
-        let data: Vec<_> =
-            iv.iter().chain(ciphertext.iter()).copied().collect();
+        let mut key = hmac::Hmac::<sha2::Sha256>::new_varkey(keys.mac_key())
+            .map_err(|source| Error::CreateHmac { source })?;
+        key.update(&iv);
+        key.update(&ciphertext);
 
-        if ring::hmac::verify(&key, &data, mac).is_err() {
+        if key.verify(mac).is_err() {
             return Err(Error::InvalidMac);
         }
     }
 
-    // ring doesn't currently support CBC ciphers, so we have to do it
-    // manually. see https://github.com/briansmith/ring/issues/588
     Ok(block_modes::Cbc::<
             aes::Aes256,
             block_modes::block_padding::Pkcs7,
diff --git a/src/error.rs b/src/error.rs
index 3576aa1..28f8504 100644
--- a/src/error.rs
+++ b/src/error.rs
@@ -8,6 +8,11 @@ pub enum Error {
         source: block_modes::InvalidKeyIvLength,
     },
 
+    #[error("failed to create block mode decryptor")]
+    CreateHmac {
+        source: hmac::crypto_mac::InvalidKeyLength,
+    },
+
     #[error("failed to create directory at {}", .file.display())]
     CreateDirectory {
         source: std::io::Error,
diff --git a/src/identity.rs b/src/identity.rs
index 602940f..90d4fad 100644
--- a/src/identity.rs
+++ b/src/identity.rs
@@ -19,35 +19,28 @@ impl Identity {
         keys.extend(std::iter::repeat(0).take(64));
 
         let enc_key = &mut keys.data_mut()[0..32];
-        ring::pbkdf2::derive(
-            ring::pbkdf2::PBKDF2_HMAC_SHA256,
-            iterations,
-            email.as_bytes(),
+        pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>(
             password.password(),
+            email.as_bytes(),
+            iterations.get(),
             enc_key,
         );
 
         let mut hash = crate::locked::Vec::new();
         hash.extend(std::iter::repeat(0).take(32));
-        ring::pbkdf2::derive(
-            ring::pbkdf2::PBKDF2_HMAC_SHA256,
-            std::num::NonZeroU32::new(1).unwrap(),
-            password.password(),
+        pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>(
             enc_key,
+            password.password(),
+            1,
             hash.data_mut(),
         );
 
-        let hkdf =
-            ring::hkdf::Prk::new_less_safe(ring::hkdf::HKDF_SHA256, enc_key);
-        hkdf.expand(&[b"enc"], ring::hkdf::HKDF_SHA256)
-            .map_err(|_| Error::HkdfExpand)?
-            .fill(enc_key)
+        let hkdf = hkdf::Hkdf::<sha2::Sha256>::from_prk(enc_key)
+            .map_err(|_| Error::HkdfExpand)?;
+        hkdf.expand(b"enc", enc_key)
             .map_err(|_| Error::HkdfExpand)?;
-
         let mac_key = &mut keys.data_mut()[32..64];
-        hkdf.expand(&[b"mac"], ring::hkdf::HKDF_SHA256)
-            .map_err(|_| Error::HkdfExpand)?
-            .fill(mac_key)
+        hkdf.expand(b"mac", mac_key)
             .map_err(|_| Error::HkdfExpand)?;
 
         let keys = crate::locked::Keys::new(keys);