Merge pull request zcash#98 from filecoin-project/drop-openssl

Simplify dependencies
stefandeml · Jul 27, 2018 · bb4593d · bb4593d
2 parents 55b3cfb + 8d0ef89
commit bb4593d
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 72 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -6,10 +6,8 @@ authors = ["dignifiedquire <[email protected]>"]
 [dependencies]
 sapling-crypto = { git = "https://github.com/zcash-hackworks/sapling-crypto", branch = "master" }
 rand = "0.4"
-ring = "0.12"
 libc = "0.2"
 merkle_light = { git = "https://github.com/dignifiedquire/merkle_light", branch = "master" }
-openssl = "*"
 failure = "0.1"
 bellman = "0.1"
 byteorder = "1"
@@ -22,6 +20,9 @@ log = "0.4"
 env_logger = "0.5"
 indicatif = "0.9"
 colored = "1.6"
+aes = "0.1"
+block-modes = "0.1"
+sha2 = "0.7"
 
 [dependencies.pairing]
 version = "0.14.2"

diff --git a/src/crypto/aes.rs b/src/crypto/aes.rs
@@ -1,54 +1,31 @@
+use aes::block_cipher_trait::generic_array::GenericArray;
+use aes::Aes256;
+use block_modes::block_padding::ZeroPadding;
+use block_modes::{BlockMode, BlockModeIv, Cbc};
 use error::Result;
-use openssl::symm::{Cipher, Crypter, Mode};
 
 pub fn encode(key: &[u8], plaintext: &[u8]) -> Result<Vec<u8>> {
-    if key.len() != 32 {
-        panic!("invalid key length");
-    }
-
-    let iv = vec![0u8; 16];
-
-    // Create a cipher context for encryption.
-    let mut encrypter = Crypter::new(
-        Cipher::aes_256_cbc(),
-        Mode::Encrypt,
-        key,
-        Some(iv.as_slice()),
-    )?;
-    encrypter.pad(false);
+    assert_eq!(key.len(), 32, "invalid key length");
 
-    let block_size = Cipher::aes_256_cbc().block_size();
-    let mut ciphertext = vec![0; plaintext.len() + block_size];
+    let iv = GenericArray::from_slice(&[0u8; 16]);
+    let mut mode = Cbc::<Aes256, ZeroPadding>::new_varkey(key, iv).expect("invalid key");
 
-    let mut count = encrypter.update(plaintext, &mut ciphertext)?;
-    count += encrypter.finalize(&mut ciphertext[count..])?;
-    ciphertext.truncate(count);
+    let mut ciphertext = plaintext.to_vec();
+    mode.encrypt_nopad(&mut ciphertext)
+        .expect("failed to encrypt");
 
     Ok(ciphertext)
 }
 
 pub fn decode(key: &[u8], ciphertext: &[u8]) -> Result<Vec<u8>> {
-    if key.len() != 32 {
-        panic!("invalid key length")
-    }
-
-    let iv = vec![0u8; 16];
-    // Create a cipher context for decryption.
-    let mut decrypter = Crypter::new(
-        Cipher::aes_256_cbc(),
-        Mode::Decrypt,
-        key,
-        Some(iv.as_slice()),
-    )?;
-    decrypter.pad(false);
+    assert_eq!(key.len(), 32, "invalid key length");
+    let iv = GenericArray::from_slice(&[0u8; 16]);
 
-    let block_size = Cipher::aes_256_cbc().block_size();
-    let mut plaintext = vec![0; ciphertext.len() + block_size];
+    let mut mode = Cbc::<Aes256, ZeroPadding>::new_varkey(key, iv).expect("invalid key");
 
-    // Decrypt 2 chunks of ciphertexts successively.
-    let mut count = decrypter.update(ciphertext, &mut plaintext)?;
-    count += decrypter.finalize(&mut plaintext[count..])?;
-    plaintext.truncate(count);
+    let mut plaintext = ciphertext.to_vec();
+    mode.decrypt_nopad(&mut plaintext)
+        .expect("failed to decrypt");
 
     Ok(plaintext)
 }

diff --git a/src/crypto/feistel.rs b/src/crypto/feistel.rs
@@ -1,4 +1,4 @@
-use ring::digest::{Context, SHA256};
+use sha2::{Digest, Sha256};
 
 pub fn permute(num_elements: u32, index: u32, keys: &[u32]) -> u32 {
     let mut u = encode(num_elements, index, keys);
@@ -74,7 +74,7 @@ fn feistel(right: u32, key: u32, right_mask: u32) -> u32 {
     data[6] = (key >> 8) as u8;
     data[7] = key as u8;
 
-    let hash = sha256_digest(&data);
+    let hash = Sha256::digest(&data);
 
     let r = u32::from(hash[0]) << 24
         | u32::from(hash[1]) << 16
@@ -84,12 +84,6 @@ fn feistel(right: u32, key: u32, right_mask: u32) -> u32 {
     r & right_mask
 }
 
-fn sha256_digest(data: &[u8]) -> Vec<u8> {
-    let mut context = Context::new(&SHA256);
-    context.update(data);
-    context.finish().as_ref().into()
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;

diff --git a/src/hasher/sha256.rs b/src/hasher/sha256.rs
@@ -1,14 +1,14 @@
 use merkle_light::hash::{Algorithm, Hashable};
-use ring::digest::{Context, SHA256};
+use sha2::{Digest, Sha256};
 use std::fmt;
 use std::hash::Hasher;
 
 #[derive(Clone)]
-pub struct SHA256Algorithm(Context);
+pub struct SHA256Algorithm(Sha256);
 
 impl SHA256Algorithm {
     fn new() -> SHA256Algorithm {
-        SHA256Algorithm(Context::new(&SHA256))
+        SHA256Algorithm(Sha256::new())
     }
 }
 
@@ -27,7 +27,7 @@ impl fmt::Debug for SHA256Algorithm {
 impl Hasher for SHA256Algorithm {
     #[inline]
     fn write(&mut self, msg: &[u8]) {
-        self.0.update(msg)
+        self.0.input(msg)
     }
 
     #[inline]
@@ -36,31 +36,26 @@ impl Hasher for SHA256Algorithm {
     }
 }
 
-pub type RingSHA256Hash = [u8; 32];
+pub type SHA256Hash = [u8; 32];
 
-impl Algorithm<RingSHA256Hash> for SHA256Algorithm {
+impl Algorithm<SHA256Hash> for SHA256Algorithm {
     #[inline]
-    fn hash(&mut self) -> RingSHA256Hash {
+    fn hash(&mut self) -> SHA256Hash {
         let mut h = [0u8; 32];
-        h.copy_from_slice(self.0.clone().finish().as_ref());
+        h.copy_from_slice(self.0.clone().result().as_ref());
         h
     }
 
     #[inline]
     fn reset(&mut self) {
-        self.0 = Context::new(&SHA256);
+        self.0 = Sha256::new();
     }
 
-    fn leaf(&mut self, leaf: RingSHA256Hash) -> RingSHA256Hash {
+    fn leaf(&mut self, leaf: SHA256Hash) -> SHA256Hash {
         leaf
     }
 
-    fn node(
-        &mut self,
-        left: RingSHA256Hash,
-        right: RingSHA256Hash,
-        _height: usize,
-    ) -> RingSHA256Hash {
+    fn node(&mut self, left: SHA256Hash, right: SHA256Hash, _height: usize) -> SHA256Hash {
         // TODO: second preimage attack fix
         left.hash(self);
         right.hash(self);
@@ -98,7 +93,7 @@ mod tests {
     }
 
     #[test]
-    fn test_ring_256_hash() {
+    fn test_sha256_hash() {
         let mut a = SHA256Algorithm::new();
         "hello".hash(&mut a);
         let h1 = a.hash();
@@ -109,7 +104,7 @@ mod tests {
     }
 
     #[test]
-    fn test_ring_sha256_node() {
+    fn test_sha256_node() {
         let mut h1 = [0u8; 32];
         let mut h2 = [0u8; 32];
         let mut h3 = [0u8; 32];
@@ -159,9 +154,8 @@ mod tests {
         //     "e6a6b12f6147ce9ce87c9f2a7f41ddd9587f6ea59ccbfb33fba08e3740d96200"
         // );
 
-        let t: MerkleTree<RingSHA256Hash, SHA256Algorithm> =
-            MerkleTree::from_iter(vec![h1, h2, h3]);
-        let t2: MerkleTree<RingSHA256Hash, SHA256Algorithm> = MerkleTree::from_iter(vec![h1, h2]);
+        let t: MerkleTree<SHA256Hash, SHA256Algorithm> = MerkleTree::from_iter(vec![h1, h2, h3]);
+        let t2: MerkleTree<SHA256Hash, SHA256Algorithm> = MerkleTree::from_iter(vec![h1, h2]);
 
         assert_eq!(t2.as_slice()[0], l1.as_ref());
         assert_eq!(t2.as_slice()[1], l2.as_ref());

diff --git a/src/lib.rs b/src/lib.rs
@@ -13,19 +13,20 @@ extern crate failure;
 #[macro_use]
 extern crate lazy_static;
 
+extern crate aes;
 extern crate bellman;
 extern crate blake2_rfc;
+extern crate block_modes;
 extern crate byteorder;
 extern crate libc;
 extern crate memmap;
 extern crate merkle_light;
 extern crate num_bigint;
 extern crate num_traits;
-extern crate openssl;
 extern crate pairing;
 extern crate rand;
-extern crate ring;
 extern crate sapling_crypto;
+extern crate sha2;
 
 #[cfg(test)]
 extern crate tempfile;