summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorDavid Lönnhager <david.l@mullvad.net>2022-05-30 17:46:56 +0200
committerDavid Lönnhager <david.l@mullvad.net>2022-06-14 12:38:37 +0200
commit2c1b2faa744d6222d08506bfe329faab41db4b72 (patch)
treed91261760ee5d9d590228dc3f992d3da764b7da0
parent02246bb470dd8446c3195be4f93323e2e979fff3 (diff)
downloadmullvadvpn-2c1b2faa744d6222d08506bfe329faab41db4b72.tar.xz
mullvadvpn-2c1b2faa744d6222d08506bfe329faab41db4b72.zip
Switch from liboqs to classic-mceliece-rust
Diffstat
-rw-r--r--Cargo.lock261
-rw-r--r--Cargo.toml5
-rw-r--r--talpid-relay-config-client/Cargo.toml6
-rw-r--r--talpid-relay-config-client/src/lib.rs64
4 files changed, 109 insertions, 227 deletions
diff --git a/Cargo.lock b/Cargo.lock
index f5e75ffcee..810c22e39c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -81,15 +81,6 @@ dependencies = [
]
[[package]]
-name = "ansi_term"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
-dependencies = [
- "winapi 0.3.9",
-]
-
-[[package]]
name = "anyhow"
version = "1.0.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -184,29 +175,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd"
[[package]]
-name = "bindgen"
-version = "0.59.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2bd2a9a458e8f4304c52c43ebb0cfbd520289f8379a52e329a38afda99bf8eb8"
-dependencies = [
- "bitflags",
- "cexpr",
- "clang-sys",
- "clap 2.34.0",
- "env_logger 0.9.0",
- "lazy_static",
- "lazycell",
- "log",
- "peeking_take_while",
- "proc-macro2",
- "quote",
- "regex",
- "rustc-hash",
- "shlex",
- "which",
-]
-
-[[package]]
name = "bitflags"
version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -218,7 +186,7 @@ version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c0940dc441f31689269e10ac70eb1002a3a1d3ad1390e030043662eb7fe4688b"
dependencies = [
- "block-padding",
+ "block-padding 0.1.5",
"byte-tools",
"byteorder",
"generic-array 0.12.4",
@@ -226,6 +194,16 @@ dependencies = [
[[package]]
name = "block-buffer"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4"
+dependencies = [
+ "block-padding 0.2.1",
+ "generic-array 0.14.4",
+]
+
+[[package]]
+name = "block-buffer"
version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f1d36a02058e76b040de25a4464ba1c80935655595b661505c8b39b664828b95"
@@ -234,6 +212,16 @@ dependencies = [
]
[[package]]
+name = "block-modes"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2cb03d1bed155d89dce0f845b7899b18a9a163e148fd004e1c28421a783e2d8e"
+dependencies = [
+ "block-padding 0.2.1",
+ "cipher",
+]
+
+[[package]]
name = "block-padding"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -243,13 +231,10 @@ dependencies = [
]
[[package]]
-name = "build-deps"
-version = "0.1.4"
+name = "block-padding"
+version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64f14468960818ce4f3e3553c32d524446687884f8e7af5d3e252331d8a87e43"
-dependencies = [
- "glob",
-]
+checksum = "8d696c370c750c948ada61c69a0ee2cbbb9c50b1019ddb86d9317157a99c2cae"
[[package]]
name = "bumpalo"
@@ -294,15 +279,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"
[[package]]
-name = "cexpr"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
-dependencies = [
- "nom",
-]
-
-[[package]]
name = "cfg-if"
version = "0.1.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -363,32 +339,6 @@ dependencies = [
]
[[package]]
-name = "clang-sys"
-version = "1.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4cc00842eed744b858222c4c9faf7243aafc6d33f92f96935263ef4d8a41ce21"
-dependencies = [
- "glob",
- "libc",
- "libloading",
-]
-
-[[package]]
-name = "clap"
-version = "2.34.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c"
-dependencies = [
- "ansi_term",
- "atty",
- "bitflags",
- "strsim 0.8.0",
- "textwrap 0.11.0",
- "unicode-width",
- "vec_map",
-]
-
-[[package]]
name = "clap"
version = "3.0.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -401,7 +351,7 @@ dependencies = [
"os_str_bytes",
"strsim 0.10.0",
"termcolor",
- "textwrap 0.14.2",
+ "textwrap",
]
[[package]]
@@ -410,16 +360,21 @@ version = "3.0.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "678db4c39c013cc68b54d372bce2efc58e30a0337c497c9032fd196802df3bc3"
dependencies = [
- "clap 3.0.14",
+ "clap",
]
[[package]]
-name = "cmake"
-version = "0.1.46"
+name = "classic-mceliece-rust"
+version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7b858541263efe664aead4a5209a4ae5c5d2811167d4ed4ee0944503f8d2089"
+checksum = "9fa9a48fdd99179698111d76d2e66f185ef18b4ef4851a4f9dde20f1ed6c9aa1"
dependencies = [
- "cc",
+ "aes",
+ "block-modes",
+ "hex",
+ "lazy_static",
+ "rand 0.8.4",
+ "sha3",
]
[[package]]
@@ -505,16 +460,6 @@ dependencies = [
]
[[package]]
-name = "cstr_core"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "644828c273c063ab0d39486ba42a5d1f3a499d35529c759e763a9c6cb8a0fb08"
-dependencies = [
- "cty",
- "memchr",
-]
-
-[[package]]
name = "ctr"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -534,12 +479,6 @@ dependencies = [
]
[[package]]
-name = "cty"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b365fabc795046672053e29c954733ec3b05e4be654ab130fe8f1f94d7051f35"
-
-[[package]]
name = "curve25519-dalek"
version = "3.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1121,12 +1060,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0a01e0497841a3b2db4f8afa483cce65f7e96a3498bd6c541734792aeac8fe7"
[[package]]
-name = "glob"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574"
-
-[[package]]
name = "h2"
version = "0.3.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1513,6 +1446,12 @@ dependencies = [
]
[[package]]
+name = "keccak"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9b7d56ba4a8344d6be9729995e6b06f928af29998cdf79fe390cbf6b1fee838"
+
+[[package]]
name = "kernel32-sys"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1550,16 +1489,6 @@ dependencies = [
]
[[package]]
-name = "libloading"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "efbc0f03f9a775e9f6aed295c6a1ba2253c5757a9e03d55c6caa46a681abcddd"
-dependencies = [
- "cfg-if 1.0.0",
- "winapi 0.3.9",
-]
-
-[[package]]
name = "linked-hash-map"
version = "0.5.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1660,12 +1589,6 @@ dependencies = [
]
[[package]]
-name = "minimal-lexical"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
-
-[[package]]
name = "miniz_oxide"
version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1796,7 +1719,7 @@ version = "2022.2.0"
dependencies = [
"base64",
"chrono",
- "clap 3.0.14",
+ "clap",
"clap_complete",
"env_logger 0.8.4",
"err-derive",
@@ -1820,7 +1743,7 @@ dependencies = [
"android_logger",
"cfg-if 1.0.0",
"chrono",
- "clap 3.0.14",
+ "clap",
"ctrlc",
"dirs-next",
"duct",
@@ -1924,7 +1847,7 @@ dependencies = [
name = "mullvad-problem-report"
version = "2022.2.0"
dependencies = [
- "clap 3.0.14",
+ "clap",
"dirs-next",
"duct",
"env_logger 0.8.4",
@@ -1968,7 +1891,7 @@ dependencies = [
name = "mullvad-setup"
version = "2022.2.0"
dependencies = [
- "clap 3.0.14",
+ "clap",
"env_logger 0.8.4",
"err-derive",
"lazy_static",
@@ -2147,16 +2070,6 @@ dependencies = [
]
[[package]]
-name = "nom"
-version = "7.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8903e5a29a317527874d0402f867152a3d21c908bb0b933e416c65e301d4c36"
-dependencies = [
- "memchr",
- "minimal-lexical",
-]
-
-[[package]]
name = "notify"
version = "4.0.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2257,29 +2170,6 @@ dependencies = [
]
[[package]]
-name = "oqs"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9534d1e8a22731bcd9fb97be6f6597503dcc4d86fd72e8a9deec214481884cc6"
-dependencies = [
- "cstr_core",
- "libc",
- "oqs-sys",
-]
-
-[[package]]
-name = "oqs-sys"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "667693ecaa5afb140d88242bced5f259c9c2e2f477418f13b47834d784ed2b12"
-dependencies = [
- "bindgen",
- "build-deps",
- "cmake",
- "libc",
-]
-
-[[package]]
name = "os_pipe"
version = "0.9.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2389,12 +2279,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "acbf547ad0c65e31259204bd90935776d1c693cec2f4ff7abb7a1bbbd40dfe58"
[[package]]
-name = "peeking_take_while"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
-
-[[package]]
name = "percent-encoding"
version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2950,12 +2834,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342"
[[package]]
-name = "rustc-hash"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
-
-[[package]]
name = "rustc_version"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3196,6 +3074,18 @@ dependencies = [
]
[[package]]
+name = "sha3"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f81199417d4e5de3f04b1e871023acea7389672c4135918f05aa9cbf2f2fa809"
+dependencies = [
+ "block-buffer 0.9.0",
+ "digest 0.9.0",
+ "keccak",
+ "opaque-debug 0.3.0",
+]
+
+[[package]]
name = "shadowsocks"
version = "1.14.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3293,12 +3183,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45bb67a18fa91266cc7807181f62f9178a6873bfad7dc788c42e6430db40184f"
[[package]]
-name = "shlex"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3"
-
-[[package]]
name = "signal-hook-registry"
version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3371,12 +3255,6 @@ dependencies = [
[[package]]
name = "strsim"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a"
-
-[[package]]
-name = "strsim"
version = "0.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6446ced80d6c486436db5c078dde11a9f73d42b57fb273121e160b84f63d894c"
@@ -3558,9 +3436,11 @@ dependencies = [
name = "talpid-relay-config-client"
version = "0.1.0"
dependencies = [
- "oqs",
+ "classic-mceliece-rust",
+ "log",
"prost 0.8.0",
"prost-types 0.9.0",
+ "rand 0.8.4",
"talpid-types",
"tokio",
"tonic",
@@ -3614,15 +3494,6 @@ dependencies = [
[[package]]
name = "textwrap"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060"
-dependencies = [
- "unicode-width",
-]
-
-[[package]]
-name = "textwrap"
version = "0.14.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0066c8d12af8b5acd21e00547c3797fde4e8677254a7ee429176ccebbe93dd80"
@@ -4086,12 +3957,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8895849a949e7845e06bd6dc1aa51731a103c42707010a5b591c0038fb73385b"
[[package]]
-name = "unicode-width"
-version = "0.1.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3ed742d4ea2bd1176e236172c8429aaf54486e7ac098db29ffe6529e0ce50973"
-
-[[package]]
name = "unicode-xid"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -4151,12 +4016,6 @@ dependencies = [
]
[[package]]
-name = "vec_map"
-version = "0.8.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191"
-
-[[package]]
name = "version_check"
version = "0.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
diff --git a/Cargo.toml b/Cargo.toml
index e4ab3c68fc..894abb4cb6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -25,3 +25,8 @@ members = [
[profile.release]
opt-level = 3
lto = true
+
+# Key generation may take over one minute without optimizations
+# enabled.
+[profile.dev.package."classic-mceliece-rust"]
+opt-level = 3
diff --git a/talpid-relay-config-client/Cargo.toml b/talpid-relay-config-client/Cargo.toml
index a7107da2fd..410aaf8f4a 100644
--- a/talpid-relay-config-client/Cargo.toml
+++ b/talpid-relay-config-client/Cargo.toml
@@ -8,13 +8,15 @@ edition = "2021"
publish = false
[dependencies]
+log = "0.4"
+rand = "0.8"
talpid-types = { path = "../talpid-types" }
tonic = "0.5"
prost = "0.8"
prost-types = "0.9"
tower = "0.4"
-tokio = "1"
-oqs = { version = "0.7.0", default-features = false, features = ["kems"] }
+tokio = { version = "1", features = ["rt-multi-thread"] }
+classic-mceliece-rust = { version = "1.0", features = ["mceliece8192128f"] }
[build-dependencies]
tonic-build = { version = "0.5", default-features = false, features = ["transport", "prost"] } \ No newline at end of file
diff --git a/talpid-relay-config-client/src/lib.rs b/talpid-relay-config-client/src/lib.rs
index fd4931c506..c89fbc1e15 100644
--- a/talpid-relay-config-client/src/lib.rs
+++ b/talpid-relay-config-client/src/lib.rs
@@ -1,6 +1,10 @@
use std::net::IpAddr;
-use oqs::kem::{self, Algorithm, Kem, SecretKey};
+use classic_mceliece_rust::{
+ crypto_kem_dec, crypto_kem_keypair, AesState, RNGState, CRYPTO_BYTES, CRYPTO_CIPHERTEXTBYTES,
+ CRYPTO_PUBLICKEYBYTES, CRYPTO_SECRETKEYBYTES,
+};
+use rand::RngCore;
use talpid_types::net::wireguard::{PresharedKey, PrivateKey, PublicKey};
use tonic::transport::{Channel, Endpoint, Uri};
@@ -11,14 +15,15 @@ mod types {
type RelayConfigService = types::post_quantum_secure_client::PostQuantumSecureClient<Channel>;
const CONFIG_SERVICE_PORT: u16 = 1337;
-const ALGORITHM: Algorithm = Algorithm::ClassicMcEliece8192128f;
const STACK_SIZE: usize = 8 * 1024 * 1024;
+const ALGORITHM_NAME: &str = "Classic-McEliece-8192128f";
#[derive(Debug)]
pub enum Error {
GrpcTransportError(tonic::transport::Error),
GrpcError(tonic::Status),
- OqsError(oqs::Error),
+ KeyGenerationFailed,
+ DecapsulationError,
InvalidCiphertext,
}
@@ -37,31 +42,49 @@ pub async fn push_pq_key(
wg_pubkey: current_pubkey.as_bytes().to_vec(),
wg_psk_pubkey: oqs_key.public_key().as_bytes().to_vec(),
oqs_pubkey: Some(types::OqsPubkey {
- algorithm_name: algorithm_to_string(&ALGORITHM),
- key_data: pubkey.into_vec(),
+ algorithm_name: ALGORITHM_NAME.to_string(),
+ key_data: pubkey.to_vec(),
}),
})
.await
.map_err(Error::GrpcError)?;
let ciphertext = response.into_inner().ciphertext;
- let kem = Kem::new(ALGORITHM).map_err(Error::OqsError)?;
- let ciphertext = kem
- .ciphertext_from_bytes(&ciphertext)
- .ok_or(Error::InvalidCiphertext)?;
- let psk = kem
- .decapsulate(&secret, ciphertext)
- .map(|key| PresharedKey::from(<[u8; 32]>::try_from(key.as_ref()).unwrap()))
- .map_err(Error::OqsError)?;
- Ok((oqs_key, psk))
+ let ct: [u8; CRYPTO_CIPHERTEXTBYTES] = ciphertext
+ .try_into()
+ .map_err(|_| Error::InvalidCiphertext)?;
+ let mut psk = [0u8; CRYPTO_BYTES];
+
+ crypto_kem_dec(&mut psk, &ct, &secret).map_err(|error| {
+ log::error!("KEM decapsulation failed: {error}");
+ Error::DecapsulationError
+ })?;
+ Ok((oqs_key, PresharedKey::from(psk)))
}
-async fn generate_key() -> Result<(kem::PublicKey, SecretKey), Error> {
+async fn generate_key() -> Result<
+ (
+ Box<[u8; CRYPTO_PUBLICKEYBYTES]>,
+ Box<[u8; CRYPTO_SECRETKEYBYTES]>,
+ ),
+ Error,
+> {
let (tx, rx) = tokio::sync::oneshot::channel();
let gen_key = move || {
- let kem = Kem::new(ALGORITHM).map_err(Error::OqsError)?;
- let (pubkey, secret) = kem.keypair().map_err(Error::OqsError)?;
+ let mut rng = AesState::new();
+
+ let mut entropy = [0u8; 48];
+ rand::thread_rng().fill_bytes(&mut entropy);
+ rng.randombytes_init(entropy);
+
+ let mut pubkey = Box::new([0u8; CRYPTO_PUBLICKEYBYTES]);
+ let mut secret = Box::new([0u8; CRYPTO_SECRETKEYBYTES]);
+ crypto_kem_keypair(&mut pubkey, &mut secret, &mut rng).map_err(|error| {
+ log::error!("KEM keypair generation failed: {error}");
+ Error::KeyGenerationFailed
+ })?;
+
Ok((pubkey, secret))
};
@@ -75,13 +98,6 @@ async fn generate_key() -> Result<(kem::PublicKey, SecretKey), Error> {
rx.await.unwrap()
}
-fn algorithm_to_string(algorithm: &Algorithm) -> String {
- match algorithm {
- Algorithm::ClassicMcEliece8192128f => "Classic-McEliece-8192128f".to_string(),
- _ => unimplemented!(),
- }
-}
-
async fn new_client(addr: IpAddr) -> Result<RelayConfigService, Error> {
let channel = Endpoint::from_shared(format!("tcp://{addr}:{CONFIG_SERVICE_PORT}"))
.expect("Failed to construct URI")
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.