fadeevab / cocoon Goto Github PK

I think I could introduce such feature in a case of any demand.

Does anyone need to use a symmetric key instead of the password evading KDF?

Thank you for your feedback!

The example of using a hashmap via Borsch is great however I am interested in how you read the file back in via parse and then deserialize it back into a hashmap so you can get a value from a key. Are you able to extend the example?

Ahh disregard I worked it out;

let mut file = File::create("target/test.db")?;
    let mut db = Database { inner: HashMap::new() };

    // Over time you collect some kind of data.
    db.inner.insert("[email protected]".to_string(), "eKPV$PM8TV5A2".to_string());

    // You can choose how to serialize data. Also, you can compress it.
    let encoded = to_vec(&db).unwrap();

    // Finally, you want to store your data secretly.
    // Supply some password to Cocoon: it can be any byte array, basically.
    // Don't use a hard-coded password in real life!
    // It could be a user-supplied password.
    let cocoon = Cocoon::new(b"secret password");

    // Dump the serialized database into a file as an encrypted container.
    let container = cocoon.dump(encoded, &mut file)?;

    let mut file = File::open("target/test.db").unwrap();

    let encoded = cocoon.parse(&mut file).unwrap();

    let decoded = from_slice::<Database>(&encoded).unwrap();

    println!("From the file {:?}", decoded.inner);

Cloning the StdRng object for every encrypt call brings the rng back to the initial seeded starting point. This is a security issue as when you try to create new encrypted messages with the same cocoon object, the IV does not change, and the same ciperblock is returned. See tests below.

  pub const SEED: &[u8] = b"123456789abcdefghijklmnopqrstuvw";
  let seed = SEED;
  let mut s = [0u8; KEY_SIZE];

  s.copy_from_slice(seed);

  let mut rng = StdRng::from_seed(s);

  let mut nonce = [0u8; 32];
  for i in 0..5 {
      let mut rng = rng.clone();
      rng.fill_bytes(&mut nonce);

      println!("Nonce: {:?}", nonce);
}

Output:

Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]
Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]
Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]
Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]
Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]

Commenting out let mut rng = rng.clone();

Output:

Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]
Nonce: [50, 174, 147, 111, 250, 33, 221, 25, 109, 138, 30, 5, 14, 234, 162, 123, 114, 140, 134, 5, 35, 114, 12, 205, 63, 173, 138, 48, 137, 220, 130, 30]
Nonce: [213, 229, 165, 126, 127, 72, 61, 11, 85, 159, 85, 9, 78, 12, 134, 234, 165, 82, 4, 170, 91, 11, 244, 88, 132, 73, 149, 22, 35, 102, 67, 232]
Nonce: [189, 243, 159, 198, 83, 41, 103, 147, 244, 13, 187, 2, 189, 102, 232, 90, 249, 71, 170, 30, 118, 15, 223, 75, 8, 146, 219, 161, 117, 159, 87, 42]
Nonce: [107, 167, 36, 67, 64, 222, 101, 250, 201, 107, 88, 239, 128, 232, 45, 145, 203, 68, 247, 64, 0, 126, 176, 172, 170, 113, 248, 174, 63, 27, 43, 197]

error: failed to select a version for the requirement crypto-mac = "^0.7"
candidate versions found which didn't match: 0.11.1, 0.11.0, 0.10.1, ...
location searched: crates.io index

Pointing to the right or the most recent packages still gives the error. Must be something with the bundling of the crate. Even if I build from github instead of crate I get this issue.

In fact all of your older packages are broken in some way or another whether it be due to mismatch with HMAC or aes or some other dependency. Shouldn't be like this. Should know to grab the right dependencies with each version.

As you're likely aware, Rust's core library contains an unwrap method that can be used on all Option and Result types. This makes reading code using this crate difficult for no real good reason.

I really love your work and I'm planning on using it. Replacing cocoon's unwrap and wrap methods could be done with a simple refactor step and subsequent find-and-replace action. This would eliminate confusion regarding the Rust core method and Cocoon's.

I am trying to utilize the "no_std" features of the crate for a cortex-m arch build that does not have a std environment. Even with alloc, std, and getrandom disabled in the toml file, the library still tries to compile those and fails.