public
/
keyfork
5
0
Fork 0
Code Issues 16 Pull Requests 1 Packages Projects Releases Wiki Activity

keyfork-shard: assert shared secrets are contributory

This commit is contained in:
Ryan Heywood 2024-04-17 15:36:42 -04:00
parent cdf401515f
commit c0b19e2457
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
crates/keyfork-shard/src/lib.rs
View File

@ -248,10 +248,9 @@ pub trait Format {
// create our shared key
let our_key = EphemeralSecret::random();
let our_pubkey_mnemonic = Mnemonic::from_bytes(PublicKey::from(&our_key).as_bytes())?;
let shared_secret = our_key
.diffie_hellman(&PublicKey::from(their_pubkey))
.to_bytes();
let hkdf = Hkdf::<Sha256>::new(None, &shared_secret);
let shared_secret = our_key.diffie_hellman(&PublicKey::from(their_pubkey));
assert!(shared_secret.was_contributory(), bug!("shared secret might be insecure"));
let hkdf = Hkdf::<Sha256>::new(None, shared_secret.as_bytes());
let mut shared_key_data = [0u8; 256 / 8];
hkdf.expand(b"key", &mut shared_key_data)?;
@ -515,8 +514,9 @@ pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Erro
bug!("invalid payload data")
);
let shared_secret = our_key.diffie_hellman(&PublicKey::from(pubkey)).to_bytes();
let hkdf = Hkdf::<Sha256>::new(None, &shared_secret);
let shared_secret = our_key.diffie_hellman(&PublicKey::from(pubkey));
assert!(shared_secret.was_contributory(), bug!("shared secret might be insecure"));
let hkdf = Hkdf::<Sha256>::new(None, shared_secret.as_bytes());
let mut shared_key_data = [0u8; 256 / 8];
hkdf.expand(b"key", &mut shared_key_data)?;