diff --git a/alpha_0.1.2_release_notes.md b/alpha_0.1.2_release_notes.md index c59991b..37ad679 100644 --- a/alpha_0.1.2_release_notes.md +++ b/alpha_0.1.2_release_notes.md @@ -42,6 +42,8 @@ preventing exposure of stale data in oversized output buffers or on early error returns. * Reworked the way KeyMaterial hazardous operations work; instead of a stateful .allow_hazardous_operations() / .drop_hazardous_operations(), it now uses a closure-based do_hazardous_operations(). Github issue #39. +* Renamed KeyMaterial::KeyType's and deleted KeyMaterial::concatenate in order to give a better intuition and + FIPS-alignment. * Github issues resolved: * #6: https://github.com/bcgit/bc-rust/issues/6, thanks to Q. T. Felix (github: @Quant-TheodoreFelix) * #10: https://github.com/bcgit/bc-rust/issues/10, thanks to Nicola Tuveri (github: @romen) \ No newline at end of file diff --git a/crypto/core-test-framework/src/kdf.rs b/crypto/core-test-framework/src/kdf.rs index 21d1b4a..cac4081 100644 --- a/crypto/core-test-framework/src/kdf.rs +++ b/crypto/core-test-framework/src/kdf.rs @@ -59,31 +59,31 @@ impl TestFrameworkKDF { assert_eq!(zeroized_key.key_type(), KeyType::Zeroized); let out_key = H::default().derive_key(&zeroized_key, &[0u8; 10]).unwrap(); // since we've done some computation, the result will not actually be zeroized, even if all input key material was zeroized. - assert_eq!(out_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(out_key.key_type(), KeyType::Unknown); assert_eq!(out_key.security_strength(), SecurityStrength::None); // BytesLowEntropy -> BytesLowEntropy let low_entropy_key = - KeyMaterial256::from_bytes_as_type(&[1u8; 16], KeyType::BytesLowEntropy).unwrap(); - assert_eq!(low_entropy_key.key_type(), KeyType::BytesLowEntropy); + KeyMaterial256::from_bytes_as_type(&[1u8; 16], KeyType::Unknown).unwrap(); + assert_eq!(low_entropy_key.key_type(), KeyType::Unknown); let out_key = H::default().derive_key(&low_entropy_key, &[0u8; 10]).unwrap(); - assert_eq!(out_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(out_key.key_type(), KeyType::Unknown); assert_eq!(out_key.security_strength(), SecurityStrength::None); // BytesFullEntropy -> BytesLowEntropy if not enough to fill the hash block let low_entropy_key = - KeyMaterial256::from_bytes_as_type(&[1u8; 6], KeyType::BytesFullEntropy).unwrap(); - assert_eq!(low_entropy_key.key_type(), KeyType::BytesFullEntropy); + KeyMaterial256::from_bytes_as_type(&[1u8; 6], KeyType::CryptographicRandom).unwrap(); + assert_eq!(low_entropy_key.key_type(), KeyType::CryptographicRandom); let out_key = H::default().derive_key(&low_entropy_key, &[0u8; 10]).unwrap(); - assert_eq!(out_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(out_key.key_type(), KeyType::Unknown); assert_eq!(out_key.security_strength(), SecurityStrength::None); // BytesFullEntropy -> BytesFullEntropy let full_entropy_key = - KeyMaterial512::from_bytes_as_type(&[1u8; 64], KeyType::BytesFullEntropy).unwrap(); - assert_eq!(full_entropy_key.key_type(), KeyType::BytesFullEntropy); + KeyMaterial512::from_bytes_as_type(&[1u8; 64], KeyType::CryptographicRandom).unwrap(); + assert_eq!(full_entropy_key.key_type(), KeyType::CryptographicRandom); let out_key = H::default().derive_key(&full_entropy_key, &[0u8; 10]).unwrap(); - assert_eq!(out_key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(out_key.key_type(), KeyType::CryptographicRandom); assert!(out_key.security_strength() > SecurityStrength::None); } @@ -141,35 +141,35 @@ impl TestFrameworkKDF { assert_eq!(zeroized_key.security_strength(), SecurityStrength::None); let keys = [&zeroized_key, &zeroized_key]; let out_key = H::default().derive_key_from_multiple(&keys, &[0u8; 10]).unwrap(); - assert_eq!(out_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(out_key.key_type(), KeyType::Unknown); assert_eq!(out_key.security_strength(), SecurityStrength::None); // BytesLowEntropy -> BytesLowEntropy let low_entropy_key = - KeyMaterial256::from_bytes_as_type(&[1u8; 16], KeyType::BytesLowEntropy).unwrap(); - assert_eq!(low_entropy_key.key_type(), KeyType::BytesLowEntropy); + KeyMaterial256::from_bytes_as_type(&[1u8; 16], KeyType::Unknown).unwrap(); + assert_eq!(low_entropy_key.key_type(), KeyType::Unknown); let keys = [&zeroized_key, &low_entropy_key]; let out_key = H::default().derive_key_from_multiple(&keys, &[0u8; 10]).unwrap(); - assert_eq!(out_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(out_key.key_type(), KeyType::Unknown); assert_eq!(out_key.security_strength(), SecurityStrength::None); // BytesFullEntropy -> BytesLowEntropy if not enough to fill the hash block let low_entropy_key = - KeyMaterial256::from_bytes_as_type(&[1u8; 6], KeyType::BytesFullEntropy).unwrap(); - assert_eq!(low_entropy_key.key_type(), KeyType::BytesFullEntropy); + KeyMaterial256::from_bytes_as_type(&[1u8; 6], KeyType::CryptographicRandom).unwrap(); + assert_eq!(low_entropy_key.key_type(), KeyType::CryptographicRandom); let keys = [&zeroized_key, &low_entropy_key]; let out_key = H::default().derive_key_from_multiple(&keys, &[0u8; 10]).unwrap(); - assert_eq!(out_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(out_key.key_type(), KeyType::Unknown); assert_eq!(out_key.security_strength(), SecurityStrength::None); // BytesFullEntropy -> BytesFullEntropy let zeroized64_key = KeyMaterial512::new(); let full_entropy_key = - KeyMaterial512::from_bytes_as_type(&[1u8; 64], KeyType::BytesFullEntropy).unwrap(); - assert_eq!(full_entropy_key.key_type(), KeyType::BytesFullEntropy); + KeyMaterial512::from_bytes_as_type(&[1u8; 64], KeyType::CryptographicRandom).unwrap(); + assert_eq!(full_entropy_key.key_type(), KeyType::CryptographicRandom); let keys = [&zeroized64_key, &full_entropy_key]; let out_key = H::default().derive_key_from_multiple(&keys, &[0u8; 10]).unwrap(); - assert_eq!(out_key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(out_key.key_type(), KeyType::CryptographicRandom); assert!(out_key.security_strength() > SecurityStrength::None); } } diff --git a/crypto/core/src/key_material.rs b/crypto/core/src/key_material.rs index 8535c84..2d1db76 100644 --- a/crypto/core/src/key_material.rs +++ b/crypto/core/src/key_material.rs @@ -85,13 +85,13 @@ pub trait KeyMaterialTrait: KeyMaterialInternalTrait { /// /// let key_bytes = [0u8; 16]; /// let mut key = KeyMaterial256::new(); - /// let res = key.set_bytes_as_type(&key_bytes, KeyType::BytesLowEntropy); + /// let res = key.set_bytes_as_type(&key_bytes, KeyType::Unknown); /// match res { /// Err(KeyMaterialError::ActingOnZeroizedKey) => { /// // Either figure out why your passed an all-zero key, /// // or set the key type manually, if that's what you intended. /// do_hazardous_operations(&mut key, |key| { - /// key.set_key_type(KeyType::BytesLowEntropy) + /// key.set_key_type(KeyType::Unknown) /// }).unwrap(); // probably you should do something more elegant than .unwrap in your code ;) /// }, /// Err(_) => { /* figure out what else went wrong */ }, @@ -103,7 +103,7 @@ pub trait KeyMaterialTrait: KeyMaterialInternalTrait { /// Since this zeroizes and resets the key material, this is considered a dangerous conversion. /// /// Will set the [SecurityStrength] automatically according to the following rules: - /// * If [KeyType] is [KeyType::Zeroized] or [KeyType::BytesLowEntropy] then it will be [SecurityStrength::None]. + /// * If [KeyType] is [KeyType::Zeroized] or [KeyType::Unknown] then it will be [SecurityStrength::None]. /// * Otherwise it will set it based on the length of the provided source bytes. fn set_bytes_as_type( &mut self, @@ -160,7 +160,7 @@ pub trait KeyMaterialTrait: KeyMaterialInternalTrait { /// /// # ๐Ÿšจ Hazardous Operation๐Ÿšจ /// Inside a [do_hazardous_operations] closure this will set the key to any [KeyType]. - /// Outside such a closure, only "safe" conversions are permitted: a [KeyType::BytesFullEntropy] + /// Outside such a closure, only "safe" conversions are permitted: a [KeyType::CryptographicRandom] /// key may be converted to any type, and any type may be converted to itself (a no-op). /// A hazardous conversion attempted outside a [do_hazardous_operations] closure returns /// [KeyMaterialError::HazardousOperationNotPermitted], and converting a [KeyType::Zeroized] key @@ -202,18 +202,6 @@ pub trait KeyMaterialTrait: KeyMaterialInternalTrait { /// hold a different key, potentially of a different length. fn zeroize(&mut self); - /// Adds the other KeyMaterial into this one, assuming there is space. - /// - /// Throws [KeyMaterialError::InvalidLength] if this object does not have enough space to add the other one. - /// - /// The resulting [KeyType] and security strength will be the lesser of the two keys. - /// In other words, concatenating two 128-bit full entropy keys generated at a 128-bit DRBG security level - /// will result in a 256-bit full entropy key still at the 128-bit DRBG security level. - /// Concatenating a full entropy key with a low entropy key will result in a low entropy key. - /// - /// Returns the new key_len. - fn concatenate(&mut self, other: &dyn KeyMaterialTrait) -> Result; - /// Perform a constant-time comparison between the two key material buffers, /// ignoring differences in capacity, [KeyType], [SecurityStrength], etc. fn equals(&self, other: &dyn KeyMaterialTrait) -> bool; @@ -238,11 +226,18 @@ pub enum KeyType { /// The KeyMaterial is zeroized and MUST NOT be used for any cryptographic operation in this state. Zeroized, - /// The KeyMaterial contains data of low or unknown entropy. - BytesLowEntropy, + /// The KeyMaterial contains non-zero data of unknown key type. + /// A KeyMaterial of key type Unknown will always have a [SecurityStrength] of [SecurityStrength::None]. + /// + /// This is the default KeyType for data loaded via [KeyMaterial::from_bytes]. + /// Promotion from Unknown to any other key type is considered to be a hazardous operation + /// and must be done within a [do_hazardous_operations] closure. + /// If you want to import key material directly into a known key type, use [KeyMaterial::from_bytes_as_type], + /// which does not require a hazardous operations closure. + Unknown, - /// The KeyMaterial contains data of full entropy and can be safely converted to any other full-entropy key type. - BytesFullEntropy, + /// The KeyMaterial contains data of full entropy and can be safely converted to any other key type. + CryptographicRandom, /// A seed for asymmetric private keys, RNGs, and other seed-based cryptographic objects. Seed, @@ -283,16 +278,16 @@ impl KeyMaterial { })?; key.key_len = KEY_LEN; - key.key_type = KeyType::BytesFullEntropy; + key.key_type = KeyType::CryptographicRandom; key.security_strength = rng.security_strength(); Ok(key) } /// Constructor. - /// Loads the provided data into a new KeyMaterial of type [KeyType::BytesLowEntropy]. + /// Loads the provided data into a new KeyMaterial of type [KeyType::Unknown]. /// It will detect if you give it all-zero source data and set the key type to [KeyType::Zeroized] instead. pub fn from_bytes(source: &[u8]) -> Result { - Self::from_bytes_as_type(source, KeyType::BytesLowEntropy) + Self::from_bytes_as_type(source, KeyType::Unknown) } /// Constructor. @@ -302,7 +297,7 @@ impl KeyMaterial { /// It will detect if you give it all-zero source data and set the key type to [KeyType::Zeroized] instead. /// /// Will set the [SecurityStrength] automatically according to the following rules: - /// * If [KeyType] is [KeyType::Zeroized] or [KeyType::BytesLowEntropy] then it will be [SecurityStrength::None]. + /// * If [KeyType] is [KeyType::Zeroized] or [KeyType::Unknown] then it will be [SecurityStrength::None]. /// * Otherwise it will set it based on the length of the provided source bytes. pub fn from_bytes_as_type(source: &[u8], key_type: KeyType) -> Result { let mut key_material = Self::default(); @@ -359,7 +354,7 @@ impl KeyMaterialTrait for KeyMaterial { self.key_type = new_key_type; do_hazardous_operations(self, |s| { - if new_key_type <= KeyType::BytesLowEntropy { + if new_key_type <= KeyType::Unknown { s.set_security_strength(SecurityStrength::None)?; } else { s.set_security_strength(SecurityStrength::from_bits(source.len() * 8))?; @@ -435,12 +430,12 @@ impl KeyMaterialTrait for KeyMaterial { KeyType::Zeroized => { return Err(KeyMaterialError::ActingOnZeroizedKey); } - KeyType::BytesFullEntropy => { + KeyType::CryptographicRandom => { // raw full entropy can be safely converted to anything. self.key_type = key_type; } - KeyType::BytesLowEntropy => match key_type { - KeyType::BytesLowEntropy => { /* No change */ } + KeyType::Unknown => match key_type { + KeyType::Unknown => { /* No change */ } _ => { return Err(KeyMaterialError::HazardousOperationNotPermitted); } @@ -482,7 +477,7 @@ impl KeyMaterialTrait for KeyMaterial { return Err(KeyMaterialError::HazardousOperationNotPermitted); }; - if self.key_type <= KeyType::BytesLowEntropy && strength > SecurityStrength::None { + if self.key_type <= KeyType::Unknown && strength > SecurityStrength::None { return Err(KeyMaterialError::SecurityStrength( "BytesLowEntropy keys cannot have a security strength other than None.", )); @@ -525,11 +520,11 @@ impl KeyMaterialTrait for KeyMaterial { } fn is_full_entropy(&self) -> bool { match self.key_type { - KeyType::BytesFullEntropy + KeyType::CryptographicRandom | KeyType::Seed | KeyType::MACKey | KeyType::SymmetricCipherKey => true, - KeyType::Zeroized | KeyType::BytesLowEntropy => false, + KeyType::Zeroized | KeyType::Unknown => false, } } @@ -539,18 +534,6 @@ impl KeyMaterialTrait for KeyMaterial { self.key_type = KeyType::Zeroized; } - fn concatenate(&mut self, other: &dyn KeyMaterialTrait) -> Result { - let new_key_len = self.key_len() + other.key_len(); - if self.key_len() + other.key_len() > KEY_LEN { - return Err(KeyMaterialError::InputDataLongerThanKeyCapacity); - } - self.buf[self.key_len..new_key_len].copy_from_slice(other.ref_to_bytes()); - self.key_len += other.key_len(); - self.key_type = min(&self.key_type, &other.key_type()).clone(); - self.security_strength = min(&self.security_strength, &other.security_strength()).clone(); - Ok(self.key_len()) - } - fn equals(&self, other: &dyn KeyMaterialTrait) -> bool { if self.key_len() != other.key_len() { return false; @@ -561,7 +544,7 @@ impl KeyMaterialTrait for KeyMaterial { /// Checks for equality of the key data (using a constant-time comparison), but does not check that /// the two keys have the same type. -/// Therefore, for example, two keys loaded from the same bytes, one with type [KeyType::BytesLowEntropy] and +/// Therefore, for example, two keys loaded from the same bytes, one with type [KeyType::Unknown] and /// the other with [KeyType::MACKey] will be considered equal. impl PartialEq for KeyMaterial { fn eq(&self, other: &Self) -> bool { @@ -582,18 +565,18 @@ impl PartialOrd for KeyType { KeyType::Zeroized => Some(Ordering::Equal), _ => Some(Ordering::Less), }, - KeyType::BytesLowEntropy => match other { + KeyType::Unknown => match other { KeyType::Zeroized => Some(Ordering::Greater), - KeyType::BytesLowEntropy => Some(Ordering::Equal), + KeyType::Unknown => Some(Ordering::Equal), _ => Some(Ordering::Less), }, - KeyType::BytesFullEntropy => match other { - KeyType::Zeroized | KeyType::BytesLowEntropy => Some(Ordering::Greater), - KeyType::BytesFullEntropy => Some(Ordering::Equal), + KeyType::CryptographicRandom => match other { + KeyType::Zeroized | KeyType::Unknown => Some(Ordering::Greater), + KeyType::CryptographicRandom => Some(Ordering::Equal), _ => Some(Ordering::Less), }, KeyType::Seed | KeyType::MACKey | KeyType::SymmetricCipherKey => match other { - KeyType::Zeroized | KeyType::BytesLowEntropy | KeyType::BytesFullEntropy => { + KeyType::Zeroized | KeyType::Unknown | KeyType::CryptographicRandom => { Some(Ordering::Greater) } KeyType::Seed | KeyType::MACKey | KeyType::SymmetricCipherKey => { @@ -736,7 +719,7 @@ impl KeyMaterialInternalTrait for KeyMaterial { /// // In this example, we initialize a KeyMateriol512 (64 bytes) with only 32 bytes of input. /// let mut key = KeyMaterial512::from_bytes_as_type( /// &[1u8; 32], -/// KeyType::BytesFullEntropy +/// KeyType::CryptographicRandom /// ).unwrap(); /// assert_eq!(key.key_len(), 32); /// diff --git a/crypto/core/src/traits.rs b/crypto/core/src/traits.rs index 595fc06..dbf40ea 100644 --- a/crypto/core/src/traits.rs +++ b/crypto/core/src/traits.rs @@ -98,14 +98,14 @@ pub trait KDF: Default { /// /// ex.: /// - /// * [KeyType::BytesLowEntropy] -> [KeyType::BytesLowEntropy]) - /// * [KeyType::BytesFullEntropy] -> [KeyType::BytesFullEntropy]) + /// * [KeyType::Unknown] -> [KeyType::Unknown]) + /// * [KeyType::CryptographicRandom] -> [KeyType::CryptographicRandom]) /// * [KeyType::SymmetricCipherKey] -> [KeyType::SymmetricCipherKey]) /// - /// If provided with an input key, even if it is [KeyType::BytesFullEntropy], but that + /// If provided with an input key, even if it is [KeyType::CryptographicRandom], but that /// contains less key material than the internal block size of the KDF, then the KDF /// will not be considered properly seeded, and the output [KeyMaterial] will be set to - /// [KeyType::BytesLowEntropy] -- for example, seeding SHA3-256 with a [KeyMaterial] containing + /// [KeyType::Unknown] -- for example, seeding SHA3-256 with a [KeyMaterial] containing /// only 128 bits of key material. /// /// An implement can, and in most cases SHOULD, return a [HashError] if provided @@ -152,9 +152,9 @@ pub trait KDF: Default { /// /// Implementations can, and in most cases SHOULD, return a [KeyMaterial] of the same type as the /// strongest key, and SHOULD throw a [HashError] if all input keys are zeroized. - /// For example output a [KeyType::BytesFullEntropy] key whenever any one of - /// the input keys is a [KeyType::BytesFullEntropy] key. - /// As another example, combining a [KeyType::BytesLowEntropy] key with a [KeyType::MACKey] key + /// For example output a [KeyType::CryptographicRandom] key whenever any one of + /// the input keys is a [KeyType::CryptographicRandom] key. + /// As another example, combining a [KeyType::Unknown] key with a [KeyType::MACKey] key /// should return a [KeyType::MACKey]. /// /// Output length: this function will create a KeyMaterial populated with the default output length diff --git a/crypto/core/tests/key_material_tests.rs b/crypto/core/tests/key_material_tests.rs index 08ce397..0dfcf96 100644 --- a/crypto/core/tests/key_material_tests.rs +++ b/crypto/core/tests/key_material_tests.rs @@ -37,7 +37,7 @@ mod test_key_material { fn test_set_bytes_as_type() { let key_bytes = [0u8; 16]; let mut key = KeyMaterial256::new(); - let res = key.set_bytes_as_type(&key_bytes, KeyType::BytesLowEntropy); + let res = key.set_bytes_as_type(&key_bytes, KeyType::Unknown); match res { Ok(_) => { panic!("should have thrown a KeyMaterialError::ActingOnZeroizedKey error.") @@ -49,7 +49,7 @@ mod test_key_material { // but it'll allow it within tho do_hazardous closure. do_hazardous_operations(&mut key, |key| { - key.set_key_type(KeyType::BytesLowEntropy)?; + key.set_key_type(KeyType::Unknown)?; Ok(()) }) .unwrap(); @@ -58,18 +58,18 @@ mod test_key_material { panic!("should have thrown a KeyMaterialError::ActingOnZeroizedKey error.") } } - assert_eq!(key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(key.key_type(), KeyType::Unknown); assert_eq!(key.security_strength(), SecurityStrength::None); // but it'll allow it within tho do_hazardous closure. let key_bytes = [0u8; 16]; let mut key = KeyMaterial256::new(); do_hazardous_operations(&mut key, |key| { - key.set_bytes_as_type(&key_bytes, KeyType::BytesLowEntropy)?; + key.set_bytes_as_type(&key_bytes, KeyType::Unknown)?; Ok(()) }) .unwrap(); - assert_eq!(key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(key.key_type(), KeyType::Unknown); // nothing else requires setting hazardous operations. } @@ -159,16 +159,16 @@ mod test_key_material { fn from_bytes() { let key = KeyMaterial512::from_bytes(&DUMMY_KEY[..64]).unwrap(); assert_eq!(key.key_len(), 64); - assert_eq!(key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(key.key_type(), KeyType::Unknown); // Basic success case let key = - KeyMaterial256::from_bytes_as_type(&[1u8; 16], KeyType::BytesFullEntropy).unwrap(); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + KeyMaterial256::from_bytes_as_type(&[1u8; 16], KeyType::CryptographicRandom).unwrap(); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); assert_eq!(key.security_strength(), SecurityStrength::_128bit); // Success case: KeyType::BytesLowEntropy gets tagged with SecurityStrength::None. - let key = KeyMaterial256::from_bytes_as_type(&[1u8; 16], KeyType::BytesLowEntropy); + let key = KeyMaterial256::from_bytes_as_type(&[1u8; 16], KeyType::Unknown); assert_eq!(key.unwrap().security_strength(), SecurityStrength::None); } @@ -178,11 +178,11 @@ mod test_key_material { let key = KeyMaterial256::from_rng(&mut rng::DefaultRNG::default()).unwrap(); assert_eq!(key.key_len(), 32); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); let key = KeyMaterial512::from_rng(&mut rng::DefaultRNG::default()).unwrap(); assert_eq!(key.key_len(), 64); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); } #[test] @@ -249,7 +249,7 @@ mod test_key_material { // test security strength interactions with truncation let mut key = - KeyMaterial512::from_bytes_as_type(&[1u8; 64], KeyType::BytesFullEntropy).unwrap(); + KeyMaterial512::from_bytes_as_type(&[1u8; 64], KeyType::CryptographicRandom).unwrap(); assert_eq!(key.security_strength(), SecurityStrength::_256bit); key.set_key_len(16).unwrap(); assert_eq!(key.security_strength(), SecurityStrength::_128bit); @@ -260,7 +260,7 @@ mod test_key_material { // truncate should not raise the security level let mut key = - KeyMaterial512::from_bytes_as_type(&[1u8; 64], KeyType::BytesFullEntropy).unwrap(); + KeyMaterial512::from_bytes_as_type(&[1u8; 64], KeyType::CryptographicRandom).unwrap(); key.set_security_strength(SecurityStrength::_112bit).unwrap(); key.set_key_len(64).unwrap(); assert_eq!(key.security_strength(), SecurityStrength::_112bit); @@ -269,24 +269,24 @@ mod test_key_material { #[test] fn test_conversions() { let mut key = KeyMaterial256::from_bytes(&DUMMY_KEY[..32]).unwrap(); - assert_eq!(key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(key.key_type(), KeyType::Unknown); assert!(!key.is_full_entropy()); // Note: can't use the usual assert_eq!() here because that requires PartialEq, but we're in a no_std context here. match key.key_type() { - KeyType::BytesLowEntropy => { /* good */ } + KeyType::Unknown => { /* good */ } _ => panic!("Expected BytesLowEntropy"), } // This should fail. - match key.set_key_type(KeyType::BytesFullEntropy) { + match key.set_key_type(KeyType::CryptographicRandom) { Err(KeyMaterialError::HazardousOperationNotPermitted) => { /* good */ } _ => panic!("Expected HazardousConversion"), } - do_hazardous_operations(&mut key, |key| key.set_key_type(KeyType::BytesFullEntropy)) + do_hazardous_operations(&mut key, |key| key.set_key_type(KeyType::CryptographicRandom)) .unwrap(); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); assert!(key.is_full_entropy()); // Now we can convert BytesFullEntropy -> SymmetricCipherKey outside of a hazop block @@ -294,13 +294,13 @@ mod test_key_material { Ok(()) => { /* good */ } _ => panic!("Expected Ok(())"), } - match key.set_key_type(KeyType::BytesFullEntropy) { + match key.set_key_type(KeyType::CryptographicRandom) { Err(KeyMaterialError::HazardousOperationNotPermitted) => { /* good */ } _ => panic!("Expected HazardousConversion"), } let mut key = KeyMaterial256::from_bytes(&DUMMY_KEY[..32]).unwrap(); - do_hazardous_operations(&mut key, |key| key.set_key_type(KeyType::BytesFullEntropy)) + do_hazardous_operations(&mut key, |key| key.set_key_type(KeyType::CryptographicRandom)) .unwrap(); // Now we can convert BytesFullEntropy -> Seed outside of a hazop block @@ -312,14 +312,13 @@ mod test_key_material { // each KeyType can convert to itself let mut key = KeyMaterial256::from_bytes(&DUMMY_KEY[..32]).unwrap(); - do_hazardous_operations(&mut key, |key| key.set_key_type(KeyType::BytesLowEntropy)) - .unwrap(); - key.set_key_type(KeyType::BytesLowEntropy).unwrap(); + do_hazardous_operations(&mut key, |key| key.set_key_type(KeyType::Unknown)).unwrap(); + key.set_key_type(KeyType::Unknown).unwrap(); let mut key = KeyMaterial256::from_bytes(&DUMMY_KEY[..32]).unwrap(); - do_hazardous_operations(&mut key, |key| key.set_key_type(KeyType::BytesFullEntropy)) + do_hazardous_operations(&mut key, |key| key.set_key_type(KeyType::CryptographicRandom)) .unwrap(); - key.set_key_type(KeyType::BytesFullEntropy).unwrap(); + key.set_key_type(KeyType::CryptographicRandom).unwrap(); let mut key = KeyMaterial256::from_bytes(&DUMMY_KEY[..32]).unwrap(); do_hazardous_operations(&mut key, |key| key.set_key_type(KeyType::MACKey)).unwrap(); @@ -341,11 +340,11 @@ mod test_key_material { assert_eq!(zeroized_key.key_type(), KeyType::Zeroized); /* All conversions should fail. */ - match zeroized_key.set_key_type(KeyType::BytesLowEntropy) { + match zeroized_key.set_key_type(KeyType::Unknown) { Err(KeyMaterialError::ActingOnZeroizedKey) => { /* good */ } _ => panic!("Expected ActingOnZeroizedKey"), } - match zeroized_key.set_key_type(KeyType::BytesFullEntropy) { + match zeroized_key.set_key_type(KeyType::CryptographicRandom) { Err(KeyMaterialError::ActingOnZeroizedKey) => { /* good */ } _ => panic!("Expected ActingOnZeroizedKey"), } @@ -370,7 +369,7 @@ mod test_key_material { // But it's totally fine if you give it non-zero input data. let not_zero_key = KeyMaterial256::from_bytes(&[1u8; 19]).unwrap(); - assert_eq!(not_zero_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(not_zero_key.key_type(), KeyType::Unknown); // test .set_bytes_as_type() // it should detect if you give it all zero input data. @@ -400,13 +399,13 @@ mod test_key_material { /// Tests the conversions that should only be allowed if hazardous_conversions() has been set. fn test_hazardous_conversions_from_bytes() { let mut key = KeyMaterial256::from_bytes(&DUMMY_KEY[..32]).unwrap(); - assert_eq!(key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(key.key_type(), KeyType::Unknown); /* All the non-hazardous conversions should work. */ // ... none /* All the hazardous conversions should fail. */ - match key.set_key_type(KeyType::BytesFullEntropy) { + match key.set_key_type(KeyType::CryptographicRandom) { Err(KeyMaterialError::HazardousOperationNotPermitted) => { /* good */ } _ => panic!("Expected HazardousConversion"), } @@ -425,7 +424,7 @@ mod test_key_material { /* Should work if you allow hazardous conversions. */ key = KeyMaterial256::from_bytes(&DUMMY_KEY[..32]).unwrap(); - do_hazardous_operations(&mut key, |key| key.set_key_type(KeyType::BytesFullEntropy)) + do_hazardous_operations(&mut key, |key| key.set_key_type(KeyType::CryptographicRandom)) .unwrap(); key = KeyMaterial256::from_bytes(&DUMMY_KEY[..32]).unwrap(); @@ -494,7 +493,7 @@ mod test_key_material { key.set_key_type(KeyType::MACKey).unwrap(); /* All the hazardous conversions should fail. */ - match key.set_key_type(KeyType::BytesFullEntropy) { + match key.set_key_type(KeyType::CryptographicRandom) { Err(KeyMaterialError::HazardousOperationNotPermitted) => { /* good */ } _ => panic!("Expected HazardousConversion"), } @@ -515,51 +514,59 @@ mod test_key_material { #[test] fn test_security_strength() { let key = KeyMaterial512::from_bytes(DUMMY_KEY).unwrap(); - assert_eq!(key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(key.key_type(), KeyType::Unknown); assert_eq!(key.security_strength(), SecurityStrength::None); - let key = KeyMaterial512::from_bytes_as_type(DUMMY_KEY, KeyType::BytesFullEntropy).unwrap(); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + let key = + KeyMaterial512::from_bytes_as_type(DUMMY_KEY, KeyType::CryptographicRandom).unwrap(); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); assert_eq!(key.security_strength(), SecurityStrength::_256bit); - let key = KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..32], KeyType::BytesFullEntropy) - .unwrap(); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + let key = + KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..32], KeyType::CryptographicRandom) + .unwrap(); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); assert_eq!(key.security_strength(), SecurityStrength::_256bit); - let key = KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..31], KeyType::BytesFullEntropy) - .unwrap(); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + let key = + KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..31], KeyType::CryptographicRandom) + .unwrap(); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); assert_eq!(key.security_strength(), SecurityStrength::_192bit); - let key = KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..24], KeyType::BytesFullEntropy) - .unwrap(); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + let key = + KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..24], KeyType::CryptographicRandom) + .unwrap(); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); assert_eq!(key.security_strength(), SecurityStrength::_192bit); - let key = KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..16], KeyType::BytesFullEntropy) - .unwrap(); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + let key = + KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..16], KeyType::CryptographicRandom) + .unwrap(); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); assert_eq!(key.security_strength(), SecurityStrength::_128bit); - let key = KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..15], KeyType::BytesFullEntropy) - .unwrap(); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + let key = + KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..15], KeyType::CryptographicRandom) + .unwrap(); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); assert_eq!(key.security_strength(), SecurityStrength::_112bit); - let key = KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..14], KeyType::BytesFullEntropy) - .unwrap(); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + let key = + KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..14], KeyType::CryptographicRandom) + .unwrap(); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); assert_eq!(key.security_strength(), SecurityStrength::_112bit); - let key = KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..13], KeyType::BytesFullEntropy) - .unwrap(); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + let key = + KeyMaterial512::from_bytes_as_type(&DUMMY_KEY[..13], KeyType::CryptographicRandom) + .unwrap(); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); assert_eq!(key.security_strength(), SecurityStrength::None); // even if it's long enough, BytesLowEntropy or Zeroized always get ::None - let key = KeyMaterial512::from_bytes_as_type(DUMMY_KEY, KeyType::BytesLowEntropy).unwrap(); - assert_eq!(key.key_type(), KeyType::BytesLowEntropy); + let key = KeyMaterial512::from_bytes_as_type(DUMMY_KEY, KeyType::Unknown).unwrap(); + assert_eq!(key.key_type(), KeyType::Unknown); assert_eq!(key.key_len(), 64); assert_eq!(key.security_strength(), SecurityStrength::None); @@ -571,7 +578,7 @@ mod test_key_material { // test set_security_strength() // Can't increase the security level outside of a hazop block first. let mut key = KeyMaterial256::from_bytes(&DUMMY_KEY[..32]).unwrap(); - assert_eq!(key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(key.key_type(), KeyType::Unknown); match key.set_security_strength(SecurityStrength::_128bit) { Err(KeyMaterialError::HazardousOperationNotPermitted) => { /* good */ } _ => panic!("Expected KeyMaterialError::HazardousOperationNotPermitted"), @@ -600,17 +607,17 @@ mod test_key_material { .unwrap(); // But it'll work if you set it to a full entropy type do_hazardous_operations(&mut key, |key| { - key.set_key_type(KeyType::BytesFullEntropy).unwrap(); + key.set_key_type(KeyType::CryptographicRandom).unwrap(); key.set_security_strength(SecurityStrength::_128bit) }) .unwrap(); - assert_eq!(key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(key.key_type(), KeyType::CryptographicRandom); assert_eq!(key.security_strength(), SecurityStrength::_128bit); // BytesLowEntropy keys cannot have a security strength other than None. // success let mut key = KeyMaterial256::from_bytes(&DUMMY_KEY[..32]).unwrap(); - assert_eq!(key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(key.key_type(), KeyType::Unknown); // setting to ::None should work .. even outside of a hazop block key.set_security_strength(SecurityStrength::None).unwrap(); // but to ::_128bit should fail @@ -648,86 +655,6 @@ mod test_key_material { .unwrap(); } - #[test] - fn test_concatenate() { - // intentionally half-full - let mut key1 = KeyMaterial256::from_bytes(&[1u8; 16]).unwrap(); - let key2 = KeyMaterial256::from_bytes(&[2u8; 16]).unwrap(); - assert_eq!(key1.key_len(), 16); - assert_eq!(key2.key_len(), 16); - - key1.concatenate(&key2).unwrap(); - assert_eq!(key1.key_len(), 32); - assert_eq!(key1.ref_to_bytes()[..16], [1u8; 16]); - assert_eq!(key1.ref_to_bytes()[16..], [2u8; 16]); - - let mut zeroized_key = KeyMaterial256::default(); - do_hazardous_operations(&mut zeroized_key, |zeroized_key| { - zeroized_key.set_key_len(8).unwrap(); - Ok(()) - }) - .unwrap(); - assert_eq!(zeroized_key.key_type(), KeyType::Zeroized); - assert_eq!(zeroized_key.key_len(), 8); - zeroized_key.concatenate(&key2).unwrap(); - assert_eq!(zeroized_key.key_len(), 24); - // The result takes the lesser (min) of the two key types: min(Zeroized, BytesLowEntropy). - // Folding in zeroized (uninitialized) bytes taints the whole buffer as Zeroized. - assert_eq!(zeroized_key.key_type(), KeyType::Zeroized); - assert_eq!(zeroized_key.security_strength(), SecurityStrength::None); - - // This should be symmetric, so test it in the other direction too. - let mut zeroized_key = KeyMaterial256::default(); - do_hazardous_operations(&mut zeroized_key, |zeroized_key| { - zeroized_key.set_key_len(8).unwrap(); - Ok(()) - }) - .unwrap(); - assert_eq!(zeroized_key.key_type(), KeyType::Zeroized); - assert_eq!(zeroized_key.key_len(), 8); - let mut key2 = KeyMaterial256::from_bytes(&[1u8; 16]).unwrap(); - key2.concatenate(&zeroized_key).unwrap(); - assert_eq!(key2.key_len(), 24); - // The result takes the lesser (min) of the two key types: min(BytesLowEntropy, Zeroized). - assert_eq!(key2.key_type(), KeyType::Zeroized); - assert_eq!(key2.security_strength(), SecurityStrength::None); - - // now try it with keys of different key types - let mut low_entropy_key = - KeyMaterial256::from_bytes_as_type(&[1u8; 16], KeyType::BytesLowEntropy).unwrap(); - let full_entropy_key = - KeyMaterial256::from_bytes_as_type(&[2u8; 16], KeyType::BytesFullEntropy).unwrap(); - low_entropy_key.concatenate(&full_entropy_key).unwrap(); - // Conservative model: concatenating a full-entropy key with a low-entropy key yields a - // low-entropy key. min(BytesLowEntropy, BytesFullEntropy) == BytesLowEntropy. - assert_eq!(low_entropy_key.key_type(), KeyType::BytesLowEntropy); - // min(None, _128bit) == None (and BytesLowEntropy keys must have strength None anyway). - assert_eq!(low_entropy_key.security_strength(), SecurityStrength::None); - - // and in the other direction too - let low_entropy_key = - KeyMaterial256::from_bytes_as_type(&[1u8; 16], KeyType::BytesLowEntropy).unwrap(); - let mut full_entropy_key = - KeyMaterial256::from_bytes_as_type(&[2u8; 16], KeyType::BytesFullEntropy).unwrap(); - full_entropy_key.concatenate(&low_entropy_key).unwrap(); - // min(BytesFullEntropy, BytesLowEntropy) == BytesLowEntropy. - assert_eq!(full_entropy_key.key_type(), KeyType::BytesLowEntropy); - // min(_128bit, None) == None. - assert_eq!(full_entropy_key.security_strength(), SecurityStrength::None); - - // now with full entropy keys at different security levels - let mut full_entropy_key_112 = - KeyMaterial512::from_bytes_as_type(&[1u8; 16], KeyType::BytesFullEntropy).unwrap(); - // Now we're gonna explictly tag it at the 112bit security level -- does not require allow_hazardous_operations(). - full_entropy_key_112.set_security_strength(SecurityStrength::_112bit).unwrap(); - let full_entropy_key = - KeyMaterial256::from_bytes_as_type(&[2u8; 32], KeyType::BytesFullEntropy).unwrap(); - full_entropy_key_112.concatenate(&full_entropy_key).unwrap(); - assert_eq!(full_entropy_key_112.key_type(), KeyType::BytesFullEntropy); - // The combined key keeps the lower of the two security strengths: min(_112bit, _256bit). - assert_eq!(full_entropy_key_112.security_strength(), SecurityStrength::_112bit); - } - #[test] fn eq() { // For context: @@ -751,17 +678,17 @@ mod test_key_material { // PartialEq ignores key_type: same bytes, different KeyType. Should be equal. let key_low = - KeyMaterial256::from_bytes_as_type(&DUMMY_KEY[..32], KeyType::BytesLowEntropy).unwrap(); + KeyMaterial256::from_bytes_as_type(&DUMMY_KEY[..32], KeyType::Unknown).unwrap(); let key_mac = KeyMaterial256::from_bytes_as_type(&DUMMY_KEY[..32], KeyType::MACKey).unwrap(); assert_eq!(key_low, key_mac); // PartialEq ignores security_strength: same bytes, different strength. Should be equal. let key_strong = - KeyMaterial256::from_bytes_as_type(&DUMMY_KEY[..32], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_KEY[..32], KeyType::CryptographicRandom) .unwrap(); let mut key_weak = - KeyMaterial256::from_bytes_as_type(&DUMMY_KEY[..32], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_KEY[..32], KeyType::CryptographicRandom) .unwrap(); key_weak.set_security_strength(SecurityStrength::_128bit).unwrap(); assert_ne!(key_strong.security_strength(), key_weak.security_strength()); // strengths differ @@ -846,14 +773,13 @@ mod test_key_material { fn rank(kt: KeyType) -> u8 { match kt { Zeroized => 0, - BytesLowEntropy => 1, - BytesFullEntropy => 2, + Unknown => 1, + CryptographicRandom => 2, Seed | MACKey | SymmetricCipherKey => 3, } } - let all_types = - [Zeroized, BytesLowEntropy, BytesFullEntropy, Seed, MACKey, SymmetricCipherKey]; + let all_types = [Zeroized, Unknown, CryptographicRandom, Seed, MACKey, SymmetricCipherKey]; for &a in &all_types { for &b in &all_types { @@ -899,7 +825,7 @@ mod test_key_material { // 2. A real KeyMaterialError raised by a guarded op inside the closure propagates via `?`. // Raising to _256bit requires >= 32 bytes, but this key is only 16, so it fails. let mut short = - KeyMaterial256::from_bytes_as_type(&DUMMY_KEY[..16], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_KEY[..16], KeyType::CryptographicRandom) .unwrap(); let result = do_hazardous_operations(&mut short, |k| { k.set_security_strength(SecurityStrength::_256bit)?; diff --git a/crypto/hkdf/src/lib.rs b/crypto/hkdf/src/lib.rs index 27c5607..f6920ef 100644 --- a/crypto/hkdf/src/lib.rs +++ b/crypto/hkdf/src/lib.rs @@ -235,7 +235,7 @@ impl HkdfEntropyTracker { /// Either [KeyMaterialTrait::BytesLowEntropy] or [KeyMaterialTrait::BytesFullEntropy] depending on /// whether enough input key material was provided for the internal hash function to have a full block. fn get_output_key_type(&self) -> KeyType { - if self.is_fully_seeded() { KeyType::BytesFullEntropy } else { KeyType::BytesLowEntropy } + if self.is_fully_seeded() { KeyType::CryptographicRandom } else { KeyType::Unknown } } } @@ -245,22 +245,22 @@ fn test_entropy_tracker() { let mut entropy = HkdfEntropyTracker::::new(); assert_eq!(entropy.get_entropy(), 0); - assert_eq!(entropy.get_output_key_type(), KeyType::BytesLowEntropy); + assert_eq!(entropy.get_output_key_type(), KeyType::Unknown); let key = KeyMaterial512::from_bytes_as_type( b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", - KeyType::BytesFullEntropy, + KeyType::CryptographicRandom, ) .unwrap(); entropy.credit_entropy(&key); assert_eq!(entropy.get_entropy(), 16); assert_eq!(entropy.is_fully_seeded(), false); - assert_eq!(entropy.get_output_key_type(), KeyType::BytesLowEntropy); + assert_eq!(entropy.get_output_key_type(), KeyType::Unknown); entropy.credit_entropy(&key); assert_eq!(entropy.get_entropy(), 32); assert_eq!(entropy.is_fully_seeded(), true); - assert_eq!(entropy.get_output_key_type(), KeyType::BytesFullEntropy); + assert_eq!(entropy.get_output_key_type(), KeyType::CryptographicRandom); } impl Default for HKDF { @@ -450,12 +450,12 @@ impl HKDF { // since we've done some computation, the result will not actually be zeroized, even if all input key material was zeroized. key_material::do_hazardous_operations(okm, |okm| { if prk.key_type() == KeyType::Zeroized { - okm.set_key_type(KeyType::BytesLowEntropy)?; + okm.set_key_type(KeyType::Unknown)?; } else { okm.set_key_type(prk.key_type().clone())?; } okm.set_key_len(bytes_written)?; - if okm.key_type() <= KeyType::BytesLowEntropy { + if okm.key_type() <= KeyType::Unknown { okm.set_security_strength(SecurityStrength::None) } else { okm.set_security_strength( @@ -589,7 +589,7 @@ impl HKDF { .map_err(|_| KeyMaterialError::GenericError("HMAC do_final_out failed"))?; okm.set_key_len(bytes_written)?; okm.set_key_type(output_key_type)?; - if output_key_type <= KeyType::BytesLowEntropy { + if output_key_type <= KeyType::Unknown { okm.set_security_strength(SecurityStrength::None) } else { okm.set_security_strength( diff --git a/crypto/hkdf/tests/hkdf_tests.rs b/crypto/hkdf/tests/hkdf_tests.rs index 4d598fa..84037ea 100644 --- a/crypto/hkdf/tests/hkdf_tests.rs +++ b/crypto/hkdf/tests/hkdf_tests.rs @@ -139,27 +139,27 @@ mod hkdf_tests { // not enough assert_eq!(key255.security_strength(), SecurityStrength::_192bit); let mut okm = HKDF_SHA256::extract(&key255, &zero_key).unwrap(); - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); assert_eq!(okm.security_strength(), SecurityStrength::None); _ = HKDF_SHA256::extract_and_expand_out(&key255, &zero_key, &[], 32, &mut okm).unwrap(); - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); assert_eq!(okm.security_strength(), SecurityStrength::None); // too much assert_eq!(key512.security_strength(), SecurityStrength::_256bit); let mut okm = HKDF_SHA256::extract(&key512, &zero_key).unwrap(); - assert_eq!(okm.key_type(), KeyType::BytesFullEntropy); + assert_eq!(okm.key_type(), KeyType::CryptographicRandom); // should get downgraded to match hash alg assert_eq!(okm.security_strength(), SecurityStrength::_128bit); _ = HKDF_SHA256::extract_and_expand_out(&key512, &zero_key, &[], 32, &mut okm).unwrap(); - assert_eq!(okm.key_type(), KeyType::BytesFullEntropy); + assert_eq!(okm.key_type(), KeyType::CryptographicRandom); assert_eq!(okm.security_strength(), SecurityStrength::_128bit); // just right let mut okm = HKDF_SHA256::extract(&key256, &zero_key).unwrap(); - assert_eq!(okm.key_type(), KeyType::BytesFullEntropy); + assert_eq!(okm.key_type(), KeyType::CryptographicRandom); _ = HKDF_SHA256::extract_and_expand_out(&key256, &zero_key, &[], 32, &mut okm).unwrap(); - assert_eq!(okm.key_type(), KeyType::BytesFullEntropy); + assert_eq!(okm.key_type(), KeyType::CryptographicRandom); // test the thresholds of HMAC-SHA512 let key511 = @@ -170,20 +170,19 @@ mod hkdf_tests { // not enough let mut okm = HKDF_SHA512::extract(&key511, &zero_key).unwrap(); - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); _ = HKDF_SHA512::extract_and_expand_out(&key511, &zero_key, &[], 32, &mut okm).unwrap(); - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); // just right let mut okm = HKDF_SHA512::extract(&key512, &zero_key).unwrap(); - assert_eq!(okm.key_type(), KeyType::BytesFullEntropy); + assert_eq!(okm.key_type(), KeyType::CryptographicRandom); _ = HKDF_SHA512::extract_and_expand_out(&key512, &zero_key, &[], 32, &mut okm).unwrap(); - assert_eq!(okm.key_type(), KeyType::BytesFullEntropy); + assert_eq!(okm.key_type(), KeyType::CryptographicRandom); // variable setup let low_entropy_key = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::BytesLowEntropy) - .unwrap(); + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::Unknown).unwrap(); let mut okm = KeyMaterial256::new(); // failure case: should complain if low entropy bytes are provided @@ -262,16 +261,16 @@ mod hkdf_tests { ) .unwrap(); // okm should be tracked as LowEntropy - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); HKDF_SHA256::new().derive_key_out(&KeyMaterial0::new(), &[], &mut okm).unwrap(); // okm should be tracked as LowEntropy - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); let keys = [&KeyMaterial0::new(), &KeyMaterial0::new()]; HKDF_SHA256::new().derive_key_from_multiple_out(&keys, &[], &mut okm).unwrap(); // okm should be tracked as LowEntropy - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); // zero-length salt is allowed -- low entropy ikm _ = HKDF_SHA256::extract_and_expand_out( @@ -283,25 +282,27 @@ mod hkdf_tests { ) .unwrap(); // okm should be tracked as LowEntropy - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); HKDF_SHA256::new().derive_key_out(&low_entropy_key, &[], &mut okm).unwrap(); // okm should be tracked as LowEntropy - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); let keys = [&KeyMaterial256::new(), &low_entropy_key]; HKDF_SHA256::new().derive_key_from_multiple_out(&keys, &[], &mut okm).unwrap(); // okm should be tracked as LowEntropy - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); // salt and ikm are full-entropy, but not enough to seed the HKDF, according to FIPS // first, error case; not a MACKey let salt = - KeyMaterial128::from_bytes_as_type(&DUMMY_SEED_512[..8], KeyType::BytesFullEntropy) - .unwrap(); - let ikm = - KeyMaterial128::from_bytes_as_type(&DUMMY_SEED_512[8..16], KeyType::BytesFullEntropy) + KeyMaterial128::from_bytes_as_type(&DUMMY_SEED_512[..8], KeyType::CryptographicRandom) .unwrap(); + let ikm = KeyMaterial128::from_bytes_as_type( + &DUMMY_SEED_512[8..16], + KeyType::CryptographicRandom, + ) + .unwrap(); match HKDF_SHA256::extract_and_expand_out(&salt, &ikm, &[], 32, &mut okm) { Ok(_) => { @@ -318,7 +319,7 @@ mod hkdf_tests { // derive_key has a different behaviour here, since it hard-codes a zero salt as the HMAC key, which is valid, // it will produce output of Keytype::BytesLowEntropy _ = HKDF_SHA256::new().derive_key_out(&ikm, &[], &mut okm); - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); let keys = [&salt, &ikm]; match HKDF_SHA256::new().derive_key_from_multiple_out(&keys, &[], &mut okm) { @@ -336,57 +337,60 @@ mod hkdf_tests { // success case -- insufficient entropy returns KeyType::BytesLowEntropy let salt = KeyMaterial128::from_bytes_as_type(&DUMMY_SEED_512[..8], KeyType::MACKey).unwrap(); - let ikm = - KeyMaterial128::from_bytes_as_type(&DUMMY_SEED_512[8..16], KeyType::BytesFullEntropy) - .unwrap(); + let ikm = KeyMaterial128::from_bytes_as_type( + &DUMMY_SEED_512[8..16], + KeyType::CryptographicRandom, + ) + .unwrap(); _ = HKDF_SHA256::extract_and_expand_out(&salt, &ikm, &[], 32, &mut okm); - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); _ = HKDF_SHA256::new().derive_key_out(&salt, &[], &mut okm); - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); let keys = [&salt, &ikm]; _ = HKDF_SHA256::new().derive_key_from_multiple_out(&keys, &[], &mut okm); - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); // success case -- sufficient entropy returns the highest input key type -- KeyType::BytesFullEntropy // Note that FIPS requires it to be seeded to a full internal block (which is, for example 512 bits for SHA256) // Note: will still return BytesFullEntropy because that one was first in the inputs. let salt = KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::MACKey).unwrap(); - let ikm = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[32..64], KeyType::BytesFullEntropy) - .unwrap(); + let ikm = KeyMaterial256::from_bytes_as_type( + &DUMMY_SEED_512[32..64], + KeyType::CryptographicRandom, + ) + .unwrap(); _ = HKDF_SHA256::extract_and_expand_out(&salt, &ikm, &[], 32, &mut okm); - assert_eq!(okm.key_type(), KeyType::BytesFullEntropy); + assert_eq!(okm.key_type(), KeyType::CryptographicRandom); let salt1 = KeyMaterial512::from_bytes_as_type(&DUMMY_SEED_512[..64], KeyType::MACKey).unwrap(); _ = HKDF_SHA256::new().derive_key_out(&salt1, &[], &mut okm); - assert_eq!(okm.key_type(), KeyType::BytesFullEntropy); + assert_eq!(okm.key_type(), KeyType::CryptographicRandom); let keys = [&salt, &ikm]; _ = HKDF_SHA256::new().derive_key_from_multiple_out(&keys, &[], &mut okm); - assert_eq!(okm.key_type(), KeyType::BytesFullEntropy); + assert_eq!(okm.key_type(), KeyType::CryptographicRandom); // success case -- insufficient entropy due to key types -- KeyType::BytesLowEntropy // Note: will still return MACKey because that one was first in the inputs. let salt = KeyMaterial128::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::MACKey).unwrap(); let ikm = - KeyMaterial128::from_bytes_as_type(&DUMMY_SEED_512[16..32], KeyType::BytesLowEntropy) - .unwrap(); + KeyMaterial128::from_bytes_as_type(&DUMMY_SEED_512[16..32], KeyType::Unknown).unwrap(); _ = HKDF_SHA256::extract_and_expand_out(&salt, &ikm, &[], 32, &mut okm); - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); // no way to test this on derive_out let keys = [&salt, &ikm]; _ = HKDF_SHA256::new().derive_key_from_multiple_out(&keys, &[], &mut okm); - assert_eq!(okm.key_type(), KeyType::BytesLowEntropy); + assert_eq!(okm.key_type(), KeyType::Unknown); /* get_entropy */ // This requires using the stateful streaming API and check the amount of entropy it tracks after each addition. @@ -395,11 +399,12 @@ mod hkdf_tests { let salt64 = KeyMaterial512::from_bytes_as_type(&DUMMY_SEED_512[..64], KeyType::MACKey).unwrap(); let low_entropy_key16 = - KeyMaterial128::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::BytesLowEntropy) - .unwrap(); - let full_entropy_key16 = - KeyMaterial128::from_bytes_as_type(&DUMMY_SEED_512[16..32], KeyType::BytesFullEntropy) - .unwrap(); + KeyMaterial128::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::Unknown).unwrap(); + let full_entropy_key16 = KeyMaterial128::from_bytes_as_type( + &DUMMY_SEED_512[16..32], + KeyType::CryptographicRandom, + ) + .unwrap(); // can't test with a low entropy salt because the salt has to be full entropy or zero. // but can test with a zeroized key @@ -531,7 +536,7 @@ mod hkdf_tests { let mut ikm_key = KeyMaterial::<100>::new(); key_material::do_hazardous_operations(&mut ikm_key, |ikm_key| { // just for testing, ignore the error about zeroized keys - ikm_key.set_bytes_as_type(&hex::decode(ikm).unwrap(), KeyType::BytesFullEntropy) + ikm_key.set_bytes_as_type(&hex::decode(ikm).unwrap(), KeyType::CryptographicRandom) }) .unwrap(); diff --git a/crypto/mldsa-lowmemory/src/mldsa_keys.rs b/crypto/mldsa-lowmemory/src/mldsa_keys.rs index d4b1c88..7a733fe 100644 --- a/crypto/mldsa-lowmemory/src/mldsa_keys.rs +++ b/crypto/mldsa-lowmemory/src/mldsa_keys.rs @@ -486,7 +486,7 @@ impl< /// Seed SecurityStrength must match algorithm security strength: 128-bit (ML-DSA-44), 192-bit (ML-DSA-65), or 256-bit (ML-DSA-87), /// otherwise it throws a SignatureError::KeyGenError("SecurityStrength". pub fn new(seed: &KeyMaterial<32>) -> Result { - if !(seed.key_type() == KeyType::Seed || seed.key_type() == KeyType::BytesFullEntropy) + if !(seed.key_type() == KeyType::Seed || seed.key_type() == KeyType::CryptographicRandom) || seed.key_len() != 32 { return Err(SignatureError::KeyGenError( diff --git a/crypto/mldsa-lowmemory/tests/mldsa_tests.rs b/crypto/mldsa-lowmemory/tests/mldsa_tests.rs index 593b6f9..184de0a 100644 --- a/crypto/mldsa-lowmemory/tests/mldsa_tests.rs +++ b/crypto/mldsa-lowmemory/tests/mldsa_tests.rs @@ -190,7 +190,7 @@ mod mldsa_tests { // success case KeyType: BytesFullEntropy key_material::do_hazardous_operations(&mut seed, |seed| { - seed.set_key_type(KeyType::BytesFullEntropy) + seed.set_key_type(KeyType::CryptographicRandom) }) .unwrap(); _ = MLDSA44::keygen_from_seed(&seed).unwrap(); diff --git a/crypto/mldsa/src/mldsa.rs b/crypto/mldsa/src/mldsa.rs index 680c9ae..efee573 100644 --- a/crypto/mldsa/src/mldsa.rs +++ b/crypto/mldsa/src/mldsa.rs @@ -753,7 +753,7 @@ impl< /// If you happen to have your seed in a larger KeyMaterial, you'll have to copy it using /// [KeyMaterialTrait::from_key] pub(crate) fn keygen_internal(seed: &KeyMaterial256) -> Result<(PK, SK), SignatureError> { - if !(seed.key_type() == KeyType::Seed || seed.key_type() == KeyType::BytesFullEntropy) + if !(seed.key_type() == KeyType::Seed || seed.key_type() == KeyType::CryptographicRandom) || seed.key_len() != 32 { return Err(SignatureError::KeyGenError( @@ -1249,7 +1249,7 @@ impl< // to avoid having all of it in memory at the same time, // we're gonna derive what we need as we need it. - if !(seed.key_type() == KeyType::Seed || seed.key_type() == KeyType::BytesFullEntropy) + if !(seed.key_type() == KeyType::Seed || seed.key_type() == KeyType::CryptographicRandom) || seed.key_len() != 32 { return Err(SignatureError::KeyGenError( diff --git a/crypto/mldsa/tests/mldsa_tests.rs b/crypto/mldsa/tests/mldsa_tests.rs index 242800a..45c812b 100644 --- a/crypto/mldsa/tests/mldsa_tests.rs +++ b/crypto/mldsa/tests/mldsa_tests.rs @@ -225,7 +225,7 @@ mod mldsa_tests { assert_eq!(derived_pk.encode(), expected_pk_bytes.as_slice()); // success case KeyType: BytesFullEntropy - do_hazardous_operations(&mut seed, |seed| seed.set_key_type(KeyType::BytesFullEntropy)) + do_hazardous_operations(&mut seed, |seed| seed.set_key_type(KeyType::CryptographicRandom)) .unwrap(); _ = MLDSA44::keygen_from_seed(&seed).unwrap(); diff --git a/crypto/mlkem-lowmemory/src/mlkem.rs b/crypto/mlkem-lowmemory/src/mlkem.rs index 5e63c0b..e5abc51 100644 --- a/crypto/mlkem-lowmemory/src/mlkem.rs +++ b/crypto/mlkem-lowmemory/src/mlkem.rs @@ -694,7 +694,7 @@ impl< let (ss_bytes, ct) = Self::encaps_internal(pk, m); let mut ss_keymaterial = - KeyMaterial::::from_bytes_as_type(&ss_bytes, KeyType::BytesFullEntropy)?; + KeyMaterial::::from_bytes_as_type(&ss_bytes, KeyType::CryptographicRandom)?; do_hazardous_operations(&mut ss_keymaterial, |ss_keymaterial| { ss_keymaterial.set_security_strength(SecurityStrength::from_bits(LAMBDA as usize)) })?; @@ -749,7 +749,7 @@ impl< let ss_bytes = Self::decaps_internal(sk, ct.try_into().unwrap()); let mut ss_keymaterial = - KeyMaterial::::from_bytes_as_type(&ss_bytes, KeyType::BytesFullEntropy)?; + KeyMaterial::::from_bytes_as_type(&ss_bytes, KeyType::CryptographicRandom)?; do_hazardous_operations(&mut ss_keymaterial, |ss_keymaterial| { ss_keymaterial.set_security_strength(SecurityStrength::from_bits(LAMBDA as usize)) })?; diff --git a/crypto/mlkem-lowmemory/src/mlkem_keys.rs b/crypto/mlkem-lowmemory/src/mlkem_keys.rs index 4c310ab..36d36bd 100644 --- a/crypto/mlkem-lowmemory/src/mlkem_keys.rs +++ b/crypto/mlkem-lowmemory/src/mlkem_keys.rs @@ -268,7 +268,7 @@ impl< /// Create a new MLKEMSeedPrivateKey from a 64-byte KeyMaterial. /// Seed SecurityStrength must match algorithm security strength: 128-bit (ML-KEM-512), 192-bit (ML-KEM-768), or 256-bit (ML-KEM-1024). pub fn new(seed: &KeyMaterial<64>) -> Result { - if !(seed.key_type() == KeyType::Seed || seed.key_type() == KeyType::BytesFullEntropy) + if !(seed.key_type() == KeyType::Seed || seed.key_type() == KeyType::CryptographicRandom) || seed.key_len() != 64 { return Err(KEMError::KeyGenError( diff --git a/crypto/mlkem-lowmemory/tests/mlkem_tests.rs b/crypto/mlkem-lowmemory/tests/mlkem_tests.rs index 2922f13..7210d96 100644 --- a/crypto/mlkem-lowmemory/tests/mlkem_tests.rs +++ b/crypto/mlkem-lowmemory/tests/mlkem_tests.rs @@ -338,7 +338,7 @@ mod mlkem_tests { assert_eq!(derived_pk.encode(), expected_pk_bytes.as_slice()); // success case KeyType: BytesFullEntropy - do_hazardous_operations(&mut seed, |seed| seed.set_key_type(KeyType::BytesFullEntropy)) + do_hazardous_operations(&mut seed, |seed| seed.set_key_type(KeyType::CryptographicRandom)) .unwrap(); _ = MLKEM512::keygen_from_seed(&seed).unwrap(); diff --git a/crypto/mlkem/src/mlkem.rs b/crypto/mlkem/src/mlkem.rs index f988f6f..28e1b0f 100644 --- a/crypto/mlkem/src/mlkem.rs +++ b/crypto/mlkem/src/mlkem.rs @@ -343,7 +343,7 @@ impl< /// Output: encapsulation key ek โˆˆ ๐”น384๐‘˜+32 . /// Output: decapsulation key dk โˆˆ ๐”น768๐‘˜+96 . pub(crate) fn keygen_internal(seed: &KeyMaterial<64>) -> Result<(PK, SK), KEMError> { - if !(seed.key_type() == KeyType::Seed || seed.key_type() == KeyType::BytesFullEntropy) + if !(seed.key_type() == KeyType::Seed || seed.key_type() == KeyType::CryptographicRandom) || seed.key_len() != 64 { return Err(KEMError::KeyGenError( @@ -776,7 +776,7 @@ impl< let (ss, ct) = Self::encaps_internal(&pk.ek, Some(&pk.A_hat), m); - let mut key = KeyMaterial::::from_bytes_as_type(&ss, KeyType::BytesFullEntropy)?; + let mut key = KeyMaterial::::from_bytes_as_type(&ss, KeyType::CryptographicRandom)?; do_hazardous_operations(&mut key, |key| { key.set_security_strength(SecurityStrength::from_bits(LAMBDA as usize)) })?; @@ -807,7 +807,7 @@ impl< /* the actual decaps operation */ let K = Self::decaps_internal(&sk.dk, Some(&sk.A_hat), ct.try_into().unwrap()); - let mut key = KeyMaterial::::from_bytes_as_type(&K, KeyType::BytesFullEntropy)?; + let mut key = KeyMaterial::::from_bytes_as_type(&K, KeyType::CryptographicRandom)?; do_hazardous_operations(&mut key, |key| { key.set_security_strength(SecurityStrength::from_bits(LAMBDA as usize)) })?; diff --git a/crypto/mlkem/tests/mlkem_tests.rs b/crypto/mlkem/tests/mlkem_tests.rs index 1a9da27..b0e0c81 100644 --- a/crypto/mlkem/tests/mlkem_tests.rs +++ b/crypto/mlkem/tests/mlkem_tests.rs @@ -324,7 +324,7 @@ mod mlkem_tests { // success case KeyType: BytesFullEntropy key_material::do_hazardous_operations(&mut seed, |seed| { - seed.set_key_type(KeyType::BytesFullEntropy) + seed.set_key_type(KeyType::CryptographicRandom) }) .unwrap(); diff --git a/crypto/rng/src/hash_drbg80090a.rs b/crypto/rng/src/hash_drbg80090a.rs index 6041606..244f4b8 100644 --- a/crypto/rng/src/hash_drbg80090a.rs +++ b/crypto/rng/src/hash_drbg80090a.rs @@ -481,7 +481,7 @@ impl Sp80090ADrbg for HashDRBG80090A { do_hazardous_operations(out, |out| { out.set_key_len(bytes_written)?; - out.set_key_type(KeyType::BytesFullEntropy)?; + out.set_key_type(KeyType::CryptographicRandom)?; let new_security_strength = min(&self.admin_info.strength, &SecurityStrength::from_bits(bytes_written * 8)) .clone(); diff --git a/crypto/sha3/src/lib.rs b/crypto/sha3/src/lib.rs index 42ecac4..7ef4a44 100644 --- a/crypto/sha3/src/lib.rs +++ b/crypto/sha3/src/lib.rs @@ -98,10 +98,10 @@ //! let output_key = sha3::SHA3_256::new().derive_key(&input_key, b"Additional input").unwrap(); //!``` //! In the previous example, since [KeyMaterial::from_bytes] cannot know the amount of entropy in the input data, -//! it automatically tags it as [KeyType::BytesLowEntropy], and thus [SHA3::derive_key] produces an output key -//! which also has type [KeyType::BytesLowEntropy]. +//! it automatically tags it as [KeyType::Unknown], and thus [SHA3::derive_key] produces an output key +//! which also has type [KeyType::Unknown]. //! This would also be the case even if the input had type -//! [KeyType::BytesFullEntropy] since the input [KeyMaterial] is 16 bytes but [SHA3_256] needs at least 32 bytes of +//! [KeyType::CryptographicRandom] since the input [KeyMaterial] is 16 bytes but [SHA3_256] needs at least 32 bytes of //! full-entropy input key material in order to be able to produce full entropy output key material. #![forbid(unsafe_code)] diff --git a/crypto/sha3/src/sha3.rs b/crypto/sha3/src/sha3.rs index 7f2d60a..fff2439 100644 --- a/crypto/sha3/src/sha3.rs +++ b/crypto/sha3/src/sha3.rs @@ -74,7 +74,7 @@ impl SHA3 { // it requires full-entropy input that is at least block length. // TODO: citation needed, which NIST spec did I get this from? if self.kdf_entropy < PARAMS::OUTPUT_LEN { - self.kdf_key_type = min(&self.kdf_key_type, &KeyType::BytesLowEntropy).clone(); + self.kdf_key_type = min(&self.kdf_key_type, &KeyType::Unknown).clone(); self.kdf_security_strength = SecurityStrength::None; // BytesLowEntropy can't have a securtiy level. } @@ -95,7 +95,7 @@ impl SHA3 { // since we've done some computation, the result will not actually be zeroized, // even if all input key material was zeroized. if key_type == KeyType::Zeroized { - key_type = KeyType::BytesLowEntropy; + key_type = KeyType::Unknown; } key_material::do_hazardous_operations(&mut *output_key, |output_key| { output_key.set_key_type(key_type)?; diff --git a/crypto/sha3/src/shake.rs b/crypto/sha3/src/shake.rs index f934a44..fecff5a 100644 --- a/crypto/sha3/src/shake.rs +++ b/crypto/sha3/src/shake.rs @@ -109,7 +109,7 @@ impl SHAKE { // TODO: intuitivitely this makes sense since SHAKE256 and SHA3-256 are both KECCAK[512], and SHAKE128 is KECCAK[256], // TODO: but I would rather find an actual reference for this "fully-seeded" threshold. if self.kdf_entropy < 2 * (PARAMS::SIZE as usize) / 8 { - self.kdf_key_type = min(&self.kdf_key_type, &KeyType::BytesLowEntropy).clone(); + self.kdf_key_type = min(&self.kdf_key_type, &KeyType::Unknown).clone(); self.kdf_security_strength = SecurityStrength::None; // BytesLowEntropy can't have a securtiy level. } @@ -125,7 +125,7 @@ impl SHAKE { // since we've done some computation, the result will not actually be zeroized, even if all input key material was zeroized. if self.kdf_key_type == KeyType::Zeroized { - self.kdf_key_type = KeyType::BytesLowEntropy; + self.kdf_key_type = KeyType::Unknown; } key_material::do_hazardous_operations(output_key, |output_key| { output_key.set_key_type(self.kdf_key_type)?; diff --git a/crypto/sha3/tests/sha3_tests.rs b/crypto/sha3/tests/sha3_tests.rs index 0065726..1add04b 100644 --- a/crypto/sha3/tests/sha3_tests.rs +++ b/crypto/sha3/tests/sha3_tests.rs @@ -249,38 +249,38 @@ mod sha3_tests { // Exact entropy let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::CryptographicRandom) .unwrap(); let derived_key = SHA3_256::new().derive_key(&key_material, &[0u8; 0]).unwrap(); let expected_key = KeyMaterial256::from_bytes(b"\x05\x0a\x48\x73\x3b\xd5\xc2\x75\x6b\xa9\x5c\x58\x28\xcc\x83\xee\x16\xfa\xbc\xd3\xc0\x86\x88\x5b\x77\x44\xf8\x4a\x0f\x9e\x0d\x94").unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(derived_key.key_type(), KeyType::CryptographicRandom); assert_eq!(derived_key.security_strength(), SecurityStrength::_128bit); assert_eq!(derived_key.ref_to_bytes(), expected_key.ref_to_bytes()); // more entropy than needed -- single input key let key_material = - KeyMaterial512::from_bytes_as_type(&DUMMY_SEED_512[..64], KeyType::BytesFullEntropy) + KeyMaterial512::from_bytes_as_type(&DUMMY_SEED_512[..64], KeyType::CryptographicRandom) .unwrap(); let derived_key = SHA3_256::new().derive_key(&key_material, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(derived_key.key_type(), KeyType::CryptographicRandom); assert_eq!(derived_key.security_strength(), SecurityStrength::_128bit); // more entropy than needed -- single input key // but if you use SHA512 then you get SecurityStrength::_256bit let key_material = - KeyMaterial512::from_bytes_as_type(&DUMMY_SEED_512[..64], KeyType::BytesFullEntropy) + KeyMaterial512::from_bytes_as_type(&DUMMY_SEED_512[..64], KeyType::CryptographicRandom) .unwrap(); let derived_key = SHA3_512::new().derive_key(&key_material, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(derived_key.key_type(), KeyType::CryptographicRandom); assert_eq!(derived_key.security_strength(), SecurityStrength::_256bit); // more entropy than needed -- multiple input keys let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::CryptographicRandom) .unwrap(); let keys = [&key_material, &key_material]; let derived_key = SHA3_256::new().derive_key_from_multiple(&keys, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(derived_key.key_type(), KeyType::CryptographicRandom); assert_eq!(derived_key.security_strength(), SecurityStrength::_128bit); // more entropy than needed -- multiple input keys of different full-entropy types; @@ -300,41 +300,40 @@ mod sha3_tests { assert_eq!(key_material.key_type(), KeyType::Zeroized); // it should do it, but return a zeroized output key, regardless of the additional_input let derived_key = SHA3_256::new().derive_key(&key_material, &[1u8; 100]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(derived_key.key_type(), KeyType::Unknown); assert_eq!(derived_key.security_strength(), SecurityStrength::None); // less entropy than needed -- various permutations, but not exhaustive let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::CryptographicRandom) .unwrap(); let derived_key = SHA3_256::new().derive_key(&key_material, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(derived_key.key_type(), KeyType::Unknown); assert_eq!(derived_key.security_strength(), SecurityStrength::None); let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::CryptographicRandom) .unwrap(); let keys = [&key_material, &key_material]; let derived_key = SHA3_512::new().derive_key_from_multiple(&keys, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(derived_key.key_type(), KeyType::Unknown); assert_eq!(derived_key.security_strength(), SecurityStrength::None); let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..8], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..8], KeyType::CryptographicRandom) .unwrap(); let derived_key = SHA3_224::new().derive_key(&key_material, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(derived_key.key_type(), KeyType::Unknown); assert_eq!(derived_key.security_strength(), SecurityStrength::None); let key_low_entropy = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::BytesLowEntropy) - .unwrap(); + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::Unknown).unwrap(); let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::CryptographicRandom) .unwrap(); let keys = [&key_material, &key_low_entropy]; let derived_key = SHA3_256::new().derive_key_from_multiple(&keys, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(derived_key.key_type(), KeyType::Unknown); assert_eq!(derived_key.security_strength(), SecurityStrength::None); } @@ -368,11 +367,11 @@ mod sha3_tests { // This works because we explicitly tag the input data as BytesFullEntropy. // This is the preferred and better way to do it. let input_seed = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::CryptographicRandom) .expect("Error happened"); let output_seed = SHA3_256::new().derive_key(&input_seed, b"nytimes.com").expect("Error happened"); - assert_eq!(output_seed.key_type(), KeyType::BytesFullEntropy); + assert_eq!(output_seed.key_type(), KeyType::CryptographicRandom); } #[test] diff --git a/crypto/sha3/tests/shake_tests.rs b/crypto/sha3/tests/shake_tests.rs index e87ea0d..edbca2d 100644 --- a/crypto/sha3/tests/shake_tests.rs +++ b/crypto/sha3/tests/shake_tests.rs @@ -161,27 +161,27 @@ mod shake_tests { fn kdf_input_entropy() { // Exact entropy let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::CryptographicRandom) .unwrap(); let derived_key = SHAKE128::new().derive_key(&key_material, &[0u8; 0]).unwrap(); let expected_key = KeyMaterial256::from_bytes(b"\x06\x6a\x36\x1d\xc6\x75\xf8\x56\xce\xcd\xc0\x2b\x25\x21\x8a\x10\xce\xc0\xce\xcf\x79\x85\x9e\xc0\xfe\xc3\xd4\x09\xe5\x84\x7a\x92").unwrap(); assert_eq!(derived_key.ref_to_bytes(), expected_key.ref_to_bytes()); - assert_eq!(derived_key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(derived_key.key_type(), KeyType::CryptographicRandom); // more entropy than needed -- single input key let key_material = - KeyMaterial512::from_bytes_as_type(&DUMMY_SEED_512[..64], KeyType::BytesFullEntropy) + KeyMaterial512::from_bytes_as_type(&DUMMY_SEED_512[..64], KeyType::CryptographicRandom) .unwrap(); let derived_key = SHAKE128::new().derive_key(&key_material, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(derived_key.key_type(), KeyType::CryptographicRandom); // // more entropy than needed -- multiple input keys let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::CryptographicRandom) .unwrap(); let keys = [&key_material, &key_material]; let derived_key = SHAKE128::new().derive_key_from_multiple(&keys, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesFullEntropy); + assert_eq!(derived_key.key_type(), KeyType::CryptographicRandom); // more entropy than needed -- multiple input keys of different full-entropy types; // should get the type of the first one @@ -197,33 +197,32 @@ mod shake_tests { // // less entropy than needed -- various permutations, but not exhaustive let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..31], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..31], KeyType::CryptographicRandom) .unwrap(); let derived_key = SHAKE128::new().derive_key(&key_material, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(derived_key.key_type(), KeyType::Unknown); let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::CryptographicRandom) .unwrap(); let keys = [&key_material, &key_material]; let derived_key = SHAKE256::new().derive_key_from_multiple(&keys, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(derived_key.key_type(), KeyType::Unknown); let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..8], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..8], KeyType::CryptographicRandom) .unwrap(); let derived_key = SHAKE128::new().derive_key(&key_material, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(derived_key.key_type(), KeyType::Unknown); let key_low_entropy = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::BytesLowEntropy) - .unwrap(); + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..32], KeyType::Unknown).unwrap(); let key_material = - KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::BytesFullEntropy) + KeyMaterial256::from_bytes_as_type(&DUMMY_SEED_512[..16], KeyType::CryptographicRandom) .unwrap(); let keys = [&key_material, &key_low_entropy]; let derived_key = SHAKE128::new().derive_key_from_multiple(&keys, &[0u8; 0]).unwrap(); - assert_eq!(derived_key.key_type(), KeyType::BytesLowEntropy); + assert_eq!(derived_key.key_type(), KeyType::Unknown); } #[test] diff --git a/crypto/utils/tests/test_utils.rs b/crypto/utils/tests/test_utils.rs index e239bbc..13fda29 100644 --- a/crypto/utils/tests/test_utils.rs +++ b/crypto/utils/tests/test_utils.rs @@ -16,7 +16,7 @@ fn test_max_min() { // Test with KeyMaterial KeyTypes assert_eq!( - *max(&KeyType::BytesLowEntropy, &KeyType::BytesFullEntropy), - KeyType::BytesFullEntropy + *max(&KeyType::Unknown, &KeyType::CryptographicRandom), + KeyType::CryptographicRandom ); }