Address feedback from rozzbb

Author: sfc-gh-grubin

MODULE.bazel.lock

@@ -8,11 +8,15 @@ edition = '2024'
 name="floe"
 path="floe/src/lib.rs"
 
+[features]
+default = ["getrandom"]
+getrandom = []
+
 [dependencies]
-aead = { version = "0.5.2", features = ["std"] }
-aes-gcm = "0.10.3"
+aead = { version = "0.5.2", default-features = false }
+aes-gcm = { version = "0.10.3", default-features = false, features = ["aes", "zeroize"] }
 sha2 = "0.10.8"
-rand = "0.9.1"
+rand = "0.10.0"
 hmac = "0.12.1"
 subtle = "2.6"
 zeroize = { version = "1.8.2", features = ["zeroize_derive"] }

rust/Cargo.lock

@@ -21,7 +21,7 @@ use criterion::profiler::Profiler;
 
 use std::{time::Duration, alloc::{GlobalAlloc, System}, sync::atomic::{AtomicUsize, Ordering}};
 
-use rand::rngs::{OsRng};
+use rand::rngs::SysRng;
 use rand::TryRngCore;
 
 use aead::{Aead, Payload, KeyInit};
@@ -35,18 +35,18 @@ pub fn criterion_benchmark(c: &mut Criterion) {
     let _run_time = Duration::from_secs(30);
 
     let mut aad = vec![0u8; 32];
-    OsRng.try_fill_bytes(&mut aad).unwrap();
+    SysRng.try_fill_bytes(&mut aad).unwrap();
     let key = FloeKey::new_random(GCM256_IV256_4K).unwrap();
     let mut raw_gcm_key = vec![0u8; 32];
-    OsRng.try_fill_bytes(&mut raw_gcm_key).unwrap();
+    SysRng.try_fill_bytes(&mut raw_gcm_key).unwrap();
     let gcm_key = Aes256Gcm::new_from_slice(&raw_gcm_key).unwrap();
     // let pt_lengths = [1024_usize, 2048, 4096, 8192, 1024*16, 1024*128, 1024*1024, 1024*1024*2, 1024*1024*16];
     let pt_lengths = [1024_usize*1024*16];
     // group.warm_up_time(_run_time);
     // group.measurement_time(_run_time);
     for pt_len in pt_lengths {
         let mut pt = vec![0u8; pt_len];
-        OsRng.try_fill_bytes(&mut pt).unwrap();
+        SysRng.try_fill_bytes(&mut pt).unwrap();
         group.throughput(Throughput::Bytes(pt_len as u64));
         let ct = floe_encrypt(&pt, &aad, &key).unwrap();
         group.bench_function(format!("Encrypt {}", pt_len), |b| b.iter(|| floe_encrypt(&pt, &aad, &key)));
@@ -58,7 +58,7 @@ pub fn criterion_benchmark(c: &mut Criterion) {
     // gcm_group.measurement_time(_run_time);
     for pt_len in pt_lengths {
         let mut pt = vec![0u8; pt_len];
-        OsRng.try_fill_bytes(&mut pt).unwrap();
+        SysRng.try_fill_bytes(&mut pt).unwrap();
         gcm_group.throughput(Throughput::Bytes(pt_len as u64));
         let ct = gcm_encrypt(&pt, &aad, &gcm_key).unwrap();
         gcm_group.bench_function(format!("Encrypt {}", pt_len), |b| b.iter(|| gcm_encrypt(&pt, &aad, &gcm_key)));
@@ -72,17 +72,17 @@ pub fn heap_benchmark(c: &mut Criterion) {
     let _run_time = Duration::from_secs(30);
 
     let mut aad = vec![0u8; 32];
-    OsRng.try_fill_bytes(&mut aad).unwrap();
+    SysRng.try_fill_bytes(&mut aad).unwrap();
     let key = FloeKey::new_random(GCM256_IV256_4K).unwrap();
     let mut raw_gcm_key = vec![0u8; 32];
-    OsRng.try_fill_bytes(&mut raw_gcm_key).unwrap();
+    SysRng.try_fill_bytes(&mut raw_gcm_key).unwrap();
     let gcm_key = Aes256Gcm::new_from_slice(&raw_gcm_key).unwrap();
     let pt_lengths = [1024_usize]; //, 2048, 4096, 8192, ];// 1024*16, 1024*128, 1024*1024]; //, 1024*1024*2, 1024*1024*16];
     // group.warm_up_time(_run_time);
     // group.measurement_time(_run_time);
     for pt_len in pt_lengths {
         let mut pt = vec![0u8; pt_len];
-        OsRng.try_fill_bytes(&mut pt).unwrap();
+        SysRng.try_fill_bytes(&mut pt).unwrap();
         // group.throughput(Throughput::Bytes(pt_len as u64));
         let ct = floe_encrypt(&pt, &aad, &key).unwrap();
         group.bench_function(format!("Encrypt {}", pt_len), |b| b.iter(|| floe_encrypt(&pt, &aad, &key)));
@@ -94,7 +94,7 @@ pub fn heap_benchmark(c: &mut Criterion) {
     // gcm_group.measurement_time(_run_time);
     for pt_len in pt_lengths {
         let mut pt = vec![0u8; pt_len];
-        OsRng.try_fill_bytes(&mut pt).unwrap();
+        SysRng.try_fill_bytes(&mut pt).unwrap();
         // gcm_group.throughput(Throughput::Bytes(pt_len as u64));
         let ct = gcm_encrypt(&pt, &aad, &gcm_key).unwrap();
         gcm_group.bench_function(format!("Encrypt {}", pt_len), |b| b.iter(|| gcm_encrypt(&pt, &aad, &gcm_key)));
@@ -163,7 +163,7 @@ fn gcm_encrypt(
     key: &Aes256Gcm
 ) -> Result<Vec<u8>> {
     let mut nonce = [0u8; 12];
-    OsRng.try_fill_bytes(&mut nonce).unwrap();
+    SysRng.try_fill_bytes(&mut nonce).unwrap();
 
     let payload = Payload { msg: pt, aad };
     let mut ct = vec![];
@@ -232,4 +232,4 @@ impl Profiler for MemoryProfiler {
         let size = ALLOC.count() / 1024;
         println!("; allocated {} KiB <<<<<<<<<<<<<<<<<<<<<<", size);
     }
-}
+}

rust/Cargo.toml

@@ -13,8 +13,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use std::{array::TryFromSliceError, num::TryFromIntError, slice::GetDisjointMutError};
-
 use hmac::digest::InvalidLength;
 
 /// Result type used for all FLOE operations
@@ -28,16 +26,11 @@ pub enum Error {
      * This is always a result of buggy calling code.
      */
     InvalidInput,
-    /**
-     * The FLOE library encountered an internal error which should not be possible.
-     * This is always a result of a bug in FLOE.
-     */
-    UnexpectedInternalError(Option<Box<dyn std::error::Error>>),
     /**
      * A dependency returned an unexpected error.
      * This is always a result of a bug in FLOE or one of FLOE's dependencies.
      */
-    UnexpectedDependencyError(Box<dyn std::error::Error>),
+    UnexpectedDependencyError,
     /**
      * FLOE expected more segments but did not receive them.
      */
@@ -72,64 +65,35 @@ pub enum Error {
     BadTag,
 }
 
-impl Error {
-    #[cfg(test)]
-    pub(crate) fn internal<E: std::error::Error + 'static>(err: E) -> Error {
-        Error::UnexpectedInternalError(Some(Box::new(err)))
-    }
-}
-
 impl std::error::Error for Error {
     fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
-        match self {
-            Self::UnexpectedDependencyError(err) => Some(err.as_ref()),
-            Self::UnexpectedInternalError(err) => err.as_deref(),
-            _ => None,
-        }
+        None
     }
 }
 
 impl From<aead::Error> for Error {
-    fn from(err: aead::Error) -> Self {
-        Error::UnexpectedDependencyError(Box::new(err))
+    fn from(_: aead::Error) -> Self {
+        Error::UnexpectedDependencyError
     }
 }
 
 impl From<InvalidLength> for Error {
-    fn from(err: InvalidLength) -> Self {
-        Error::UnexpectedDependencyError(Box::new(err))
+    fn from(_: InvalidLength) -> Self {
+        Error::UnexpectedDependencyError
     }
 }
 
-impl From<TryFromSliceError> for Error {
-    fn from(err: TryFromSliceError) -> Self {
-        Error::UnexpectedInternalError(Some(Box::new(err)))
+impl From<rand::rngs::SysError> for Error {
+    fn from(_: rand::rngs::SysError) -> Self {
+        Error::UnexpectedDependencyError
     }
-    // This error has got to be our own fault
-}
-
-impl From<GetDisjointMutError> for Error {
-    fn from(err: GetDisjointMutError) -> Self {
-        Error::UnexpectedInternalError(Some(Box::new(err)))
-    }
-    // This error has got to be our own fault
-}
-
-impl From<TryFromIntError> for Error {
-    fn from(err: TryFromIntError) -> Self {
-        Error::UnexpectedInternalError(Some(Box::new(err)))
-    }
-    // This error has got to be our own fault
 }
 
 impl std::fmt::Display for Error {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         match self {
-            Error::UnexpectedInternalError(err) => {
-                write!(f, "An unexpected internal error occurred {err:?}")
-            }
-            Error::UnexpectedDependencyError(err) => {
-                write!(f, "An unexpected dependency error occurred: {err}")
+            Error::UnexpectedDependencyError => {
+                write!(f, "An unexpected dependency error occurred")
             }
             Error::InvalidInput => write!(f, "Invalid input"),
             Error::Truncated => write!(f, "Input truncated. Final segment not found."),

rust/bench/src/main.rs

@@ -175,7 +175,9 @@ impl FloeSequentialCryptor for FloeSequentialDecryptor {
             });
         }
         let segment_length_header =
-            u32::from_be_bytes(input[..SEGMENT_LENGTH_PREFIX_LENGTH].try_into()?);
+            u32::from_be_bytes(input[..SEGMENT_LENGTH_PREFIX_LENGTH].try_into().expect(
+                "This is safe because SEGMENT_LENGTH_PREFIX_LENGTH is the proper length for u32",
+            ));
         if (segment_length_header as usize) == input.len() {
             // We've hit the last segment and our caller hasn't noticed.
             return self.process_last_segment(input, output);
@@ -204,7 +206,7 @@ impl FloeSequentialCryptor for FloeSequentialDecryptor {
                 expected: self.get_output_size(),
             });
         }
-        let input_size = u32::from_be_bytes(input[..SEGMENT_LENGTH_PREFIX_LENGTH].try_into()?);
+        let input_size = u32::from_be_bytes(input[..SEGMENT_LENGTH_PREFIX_LENGTH].try_into().expect("This is safe because we know that SEGMENT_LENGTH_PREFIX_LENGTH is the proper length for u32"));
         if (input_size as usize) != input.len() {
             return Err(Error::MalformedSegment);
         }

rust/floe/src/floe_result.rs

@@ -20,7 +20,7 @@ use crate::{FloeParameterSpec, Result};
  * Specific implementations may be *more* flexible in what they accept.
  * ```rust
  * use floe::{Error, FloeKey, FloeSequentialCryptor, FloeSequentialDecryptor, FloeSequentialEncryptor, GCM256_IV256_1M, Result};
- * 
+ *
  * // Normally you'd save your key in some safe location. But for the demo we'll generate a random one
  * // GCM256_IV256_1M is a generally useful chunk size
  * let sample_key = FloeKey::new_random(GCM256_IV256_1M);
@@ -29,18 +29,18 @@ use crate::{FloeParameterSpec, Result};
  * // We'll just use an all one plaintext for the demo and large enough to be multiple segments
  * let plaintext = vec![1u8; 3 * 1024 * 1024 + 512];
  * let aad = b"This is some aad";
- * 
- * let ciphertext = encryptData(&sample_key, &plaintext, aad);
+ *
+ * let ciphertext = encrypt_data(&sample_key, &plaintext, aad);
  * assert!(ciphertext.is_ok());
  * let ciphertext = ciphertext.unwrap();
- * 
+ *
  * // Finally, decrypt the result
- * let decrypted = decryptData(&sample_key, &ciphertext, aad);
+ * let decrypted = decrypt_data(&sample_key, &ciphertext, aad);
  * //assert!(decrypted.is_ok());
  * let decrypted = decrypted.unwrap();
  * assert_eq!(decrypted, plaintext);
- * 
- * fn encryptData(key: &FloeKey, data: &[u8], aad: &[u8]) -> Result<Vec<u8>> {
+ *
+ * fn encrypt_data(key: &FloeKey, data: &[u8], aad: &[u8]) -> Result<Vec<u8>> {
  *   let mut encryptor = FloeSequentialEncryptor::new(key, aad)?;
  *   let mut result = encryptor.get_header().to_vec();
  *   let mut buff = vec![0u8; encryptor.get_output_size()];
@@ -63,8 +63,8 @@ use crate::{FloeParameterSpec, Result};
  *   }
  *   Ok(result)
  * }
- * 
- *  fn decryptData(key: &FloeKey, data: &[u8], aad: &[u8]) -> Result<Vec<u8>> {
+ *
+ *  fn decrypt_data(key: &FloeKey, data: &[u8], aad: &[u8]) -> Result<Vec<u8>> {
  *   let header_length = key.get_parameters().get_header_length();
  *   let header = &data[..header_length];
  *   let ciphertext = &data[header_length..];

rust/floe/src/implementation.rs

@@ -20,12 +20,12 @@
 //! It is described in greater detail both in the primary specification repository
 //! at [github.com/Snowflake-Labs/floe-specification](https://www.github.com/Snowflake-Labs/floe-specification)
 //! and at [c2sp.org/FLOE](https://c2sp.org/FLOE).
-//! 
+//!
 //! We recommend that most developers use the streaming interfaces as implemented by
 //! [FloeSequentialEncryptor] and [FloeSequentialDecryptor] as they are much harder to misuse.
 //! More advanced users can directly use [FloeEncryptor] and [FloeDecryptor] if full random-access
 //! authenticated encryption is needed.
-//! 
+//!
 //! <div class="warning">The random-access APIs do not directly protect you against truncation attacks
 //! or prevent you from incorrectly encrypting the same segment multiple times.</div>