update ssl impls

actix-http/src/cookie/secure/key.rs

@@ -1,13 +1,12 @@
-use ring::digest::{Algorithm, SHA256};
-use ring::hkdf::expand;
-use ring::hmac::SigningKey;
+use ring::hkdf::{Algorithm, KeyType, Prk, HKDF_SHA256};
+use ring::hmac;
 use ring::rand::{SecureRandom, SystemRandom};
 
 use super::private::KEY_LEN as PRIVATE_KEY_LEN;
 use super::signed::KEY_LEN as SIGNED_KEY_LEN;
 
-static HKDF_DIGEST: &Algorithm = &SHA256;
-const KEYS_INFO: &str = "COOKIE;SIGNED:HMAC-SHA256;PRIVATE:AEAD-AES-256-GCM";
+static HKDF_DIGEST: Algorithm = HKDF_SHA256;
+const KEYS_INFO: &[&[u8]] = &[b"COOKIE;SIGNED:HMAC-SHA256;PRIVATE:AEAD-AES-256-GCM"];
 
 /// A cryptographic master key for use with `Signed` and/or `Private` jars.
 ///
@@ -25,6 +24,13 @@ pub struct Key {
     encryption_key: [u8; PRIVATE_KEY_LEN],
 }
 
+impl KeyType for &Key {
+    #[inline]
+    fn len(&self) -> usize {
+        SIGNED_KEY_LEN + PRIVATE_KEY_LEN
+    }
+}
+
 impl Key {
     /// Derives new signing/encryption keys from a master key.
     ///
@@ -56,21 +62,26 @@ impl Key {
             );
         }
 
-        // Expand the user's key into two.
-        let prk = SigningKey::new(HKDF_DIGEST, key);
+        // An empty `Key` structure; will be filled in with HKDF derived keys.
+        let mut output_key = Key {
+            signing_key: [0; SIGNED_KEY_LEN],
+            encryption_key: [0; PRIVATE_KEY_LEN],
+        };
+
+        // Expand the master key into two HKDF generated keys.
         let mut both_keys = [0; SIGNED_KEY_LEN + PRIVATE_KEY_LEN];
-        expand(&prk, KEYS_INFO.as_bytes(), &mut both_keys);
+        let prk = Prk::new_less_safe(HKDF_DIGEST, key);
+        let okm = prk.expand(KEYS_INFO, &output_key).expect("okm expand");
+        okm.fill(&mut both_keys).expect("fill keys");
 
-        // Copy the keys into their respective arrays.
-        let mut signing_key = [0; SIGNED_KEY_LEN];
-        let mut encryption_key = [0; PRIVATE_KEY_LEN];
-        signing_key.copy_from_slice(&both_keys[..SIGNED_KEY_LEN]);
-        encryption_key.copy_from_slice(&both_keys[SIGNED_KEY_LEN..]);
-
-        Key {
-            signing_key,
-            encryption_key,
-        }
+        // Copy the key parts into their respective fields.
+        output_key
+            .signing_key
+            .copy_from_slice(&both_keys[..SIGNED_KEY_LEN]);
+        output_key
+            .encryption_key
+            .copy_from_slice(&both_keys[SIGNED_KEY_LEN..]);
+        output_key
     }
 
     /// Generates signing/encryption keys from a secure, random source. Keys are

actix-http/src/cookie/secure/private.rs

@@ -1,8 +1,8 @@
 use std::str;
 
 use log::warn;
-use ring::aead::{open_in_place, seal_in_place, Aad, Algorithm, Nonce, AES_256_GCM};
-use ring::aead::{OpeningKey, SealingKey};
+use ring::aead::{Aad, Algorithm, Nonce, AES_256_GCM};
+use ring::aead::{LessSafeKey, UnboundKey};
 use ring::rand::{SecureRandom, SystemRandom};
 
 use super::Key;
@@ -10,7 +10,7 @@ use crate::cookie::{Cookie, CookieJar};
 
 // Keep these in sync, and keep the key len synced with the `private` docs as
 // well as the `KEYS_INFO` const in secure::Key.
-static ALGO: &Algorithm = &AES_256_GCM;
+static ALGO: &'static Algorithm = &AES_256_GCM;
 const NONCE_LEN: usize = 12;
 pub const KEY_LEN: usize = 32;
 
@@ -53,11 +53,14 @@ impl<'a> PrivateJar<'a> {
         }
 
         let ad = Aad::from(name.as_bytes());
-        let key = OpeningKey::new(ALGO, &self.key).expect("opening key");
-        let (nonce, sealed) = data.split_at_mut(NONCE_LEN);
+        let key = LessSafeKey::new(
+            UnboundKey::new(&ALGO, &self.key).expect("matching key length"),
+        );
+        let (nonce, mut sealed) = data.split_at_mut(NONCE_LEN);
         let nonce =
             Nonce::try_assume_unique_for_key(nonce).expect("invalid length of `nonce`");
-        let unsealed = open_in_place(&key, nonce, ad, 0, sealed)
+        let unsealed = key
+            .open_in_place(nonce, ad, &mut sealed)
             .map_err(|_| "invalid key/nonce/value: bad seal")?;
 
         if let Ok(unsealed_utf8) = str::from_utf8(unsealed) {
@@ -196,30 +199,33 @@ Please change it as soon as possible."
 
 fn encrypt_name_value(name: &[u8], value: &[u8], key: &[u8]) -> Vec<u8> {
     // Create the `SealingKey` structure.
-    let key = SealingKey::new(ALGO, key).expect("sealing key creation");
+    let unbound = UnboundKey::new(&ALGO, key).expect("matching key length");
+    let key = LessSafeKey::new(unbound);
 
     // Create a vec to hold the [nonce | cookie value | overhead].
-    let overhead = ALGO.tag_len();
-    let mut data = vec![0; NONCE_LEN + value.len() + overhead];
+    let mut data = vec![0; NONCE_LEN + value.len() + ALGO.tag_len()];
 
     // Randomly generate the nonce, then copy the cookie value as input.
     let (nonce, in_out) = data.split_at_mut(NONCE_LEN);
+    let (in_out, tag) = in_out.split_at_mut(value.len());
+    in_out.copy_from_slice(value);
+
+    // Randomly generate the nonce into the nonce piece.
     SystemRandom::new()
         .fill(nonce)
         .expect("couldn't random fill nonce");
-    in_out[..value.len()].copy_from_slice(value);
-    let nonce =
-        Nonce::try_assume_unique_for_key(nonce).expect("invalid length of `nonce`");
+    let nonce = Nonce::try_assume_unique_for_key(nonce).expect("invalid `nonce` length");
 
     // Use cookie's name as associated data to prevent value swapping.
     let ad = Aad::from(name);
+    let ad_tag = key
+        .seal_in_place_separate_tag(nonce, ad, in_out)
+        .expect("in-place seal");
 
-    // Perform the actual sealing operation and get the output length.
-    let output_len =
-        seal_in_place(&key, nonce, ad, in_out, overhead).expect("in-place seal");
+    // Copy the tag into the tag piece.
+    tag.copy_from_slice(ad_tag.as_ref());
 
     // Remove the overhead and return the sealed content.
-    data.truncate(NONCE_LEN + output_len);
     data
 }
 

actix-http/src/cookie/secure/signed.rs

@@ -1,12 +1,11 @@
-use ring::digest::{Algorithm, SHA256};
-use ring::hmac::{sign, verify_with_own_key as verify, SigningKey};
+use ring::hmac::{self, sign, verify};
 
 use super::Key;
 use crate::cookie::{Cookie, CookieJar};
 
 // Keep these in sync, and keep the key len synced with the `signed` docs as
 // well as the `KEYS_INFO` const in secure::Key.
-static HMAC_DIGEST: &Algorithm = &SHA256;
+static HMAC_DIGEST: hmac::Algorithm = hmac::HMAC_SHA256;
 const BASE64_DIGEST_LEN: usize = 44;
 pub const KEY_LEN: usize = 32;
 
@@ -21,7 +20,7 @@ pub const KEY_LEN: usize = 32;
 /// This type is only available when the `secure` feature is enabled.
 pub struct SignedJar<'a> {
     parent: &'a mut CookieJar,
-    key: SigningKey,
+    key: hmac::Key,
 }
 
 impl<'a> SignedJar<'a> {
@@ -32,7 +31,7 @@ impl<'a> SignedJar<'a> {
     pub fn new(parent: &'a mut CookieJar, key: &Key) -> SignedJar<'a> {
         SignedJar {
             parent,
-            key: SigningKey::new(HMAC_DIGEST, key.signing()),
+            key: hmac::Key::new(HMAC_DIGEST, key.signing()),
         }
     }