fadeevab / cocoon Goto Github PK
View Code? Open in Web Editor NEWSimple and reliable secure storage with strong encryption and format validation.
License: MIT License
Simple and reliable secure storage with strong encryption and format validation.
License: MIT License
Cloning the StdRng object for every encrypt
call brings the rng back to the initial seeded starting point. This is a security issue as when you try to create new encrypted messages with the same cocoon object, the IV does not change, and the same ciperblock is returned. See tests below.
pub const SEED: &[u8] = b"123456789abcdefghijklmnopqrstuvw";
let seed = SEED;
let mut s = [0u8; KEY_SIZE];
s.copy_from_slice(seed);
let mut rng = StdRng::from_seed(s);
let mut nonce = [0u8; 32];
for i in 0..5 {
let mut rng = rng.clone();
rng.fill_bytes(&mut nonce);
println!("Nonce: {:?}", nonce);
}
Output:
Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]
Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]
Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]
Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]
Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]
Commenting out let mut rng = rng.clone();
Output:
Nonce: [91, 177, 20, 216, 167, 56, 166, 87, 46, 160, 25, 99, 230, 239, 202, 50, 251, 54, 132, 240, 215, 77, 131, 90, 29, 35, 172, 31, 212, 88, 131, 169]
Nonce: [50, 174, 147, 111, 250, 33, 221, 25, 109, 138, 30, 5, 14, 234, 162, 123, 114, 140, 134, 5, 35, 114, 12, 205, 63, 173, 138, 48, 137, 220, 130, 30]
Nonce: [213, 229, 165, 126, 127, 72, 61, 11, 85, 159, 85, 9, 78, 12, 134, 234, 165, 82, 4, 170, 91, 11, 244, 88, 132, 73, 149, 22, 35, 102, 67, 232]
Nonce: [189, 243, 159, 198, 83, 41, 103, 147, 244, 13, 187, 2, 189, 102, 232, 90, 249, 71, 170, 30, 118, 15, 223, 75, 8, 146, 219, 161, 117, 159, 87, 42]
Nonce: [107, 167, 36, 67, 64, 222, 101, 250, 201, 107, 88, 239, 128, 232, 45, 145, 203, 68, 247, 64, 0, 126, 176, 172, 170, 113, 248, 174, 63, 27, 43, 197]
This is the rust code
I know dump
is missing some args but it isnot recognized by rust at all!
Why is this? And What is the solution?
fn test<M>(container :&mut Cocoon<'_, M>) -> (){
container.dump();
}
fn main() {
let mut container = Cocoon::new("passw".as_bytes());
test(&mut container);
}
And then I get this
error[E0599]: no method named `dump` found for mutable reference `&mut Cocoon<'_, M>` in the current scope
--> src/main.rs:21:13
|
21 | container.dump();
| ^^^^ method not found in `&mut Cocoon<'_, M>`
I am trying to utilize the "no_std" features of the crate for a cortex-m arch build that does not have a std environment. Even with alloc, std, and getrandom disabled in the toml file, the library still tries to compile those and fails.
As you're likely aware, Rust's core library contains an unwrap
method that can be used on all Option
and Result
types. This makes reading code using this crate difficult for no real good reason.
I really love your work and I'm planning on using it. Replacing cocoon's unwrap
and wrap
methods could be done with a simple refactor step and subsequent find-and-replace action. This would eliminate confusion regarding the Rust core method and Cocoon's.
error: failed to select a version for the requirement crypto-mac = "^0.7"
candidate versions found which didn't match: 0.11.1, 0.11.0, 0.10.1, ...
location searched: crates.io index
Pointing to the right or the most recent packages still gives the error. Must be something with the bundling of the crate. Even if I build from github instead of crate I get this issue.
In fact all of your older packages are broken in some way or another whether it be due to mismatch with HMAC or aes or some other dependency. Shouldn't be like this. Should know to grab the right dependencies with each version.
The example of using a hashmap via Borsch is great however I am interested in how you read the file back in via parse and then deserialize it back into a hashmap so you can get a value from a key. Are you able to extend the example?
Ahh disregard I worked it out;
let mut file = File::create("target/test.db")?;
let mut db = Database { inner: HashMap::new() };
// Over time you collect some kind of data.
db.inner.insert("[email protected]".to_string(), "eKPV$PM8TV5A2".to_string());
// You can choose how to serialize data. Also, you can compress it.
let encoded = to_vec(&db).unwrap();
// Finally, you want to store your data secretly.
// Supply some password to Cocoon: it can be any byte array, basically.
// Don't use a hard-coded password in real life!
// It could be a user-supplied password.
let cocoon = Cocoon::new(b"secret password");
// Dump the serialized database into a file as an encrypted container.
let container = cocoon.dump(encoded, &mut file)?;
let mut file = File::open("target/test.db").unwrap();
let encoded = cocoon.parse(&mut file).unwrap();
let decoded = from_slice::<Database>(&encoded).unwrap();
println!("From the file {:?}", decoded.inner);
I think I could introduce such feature in a case of any demand.
Does anyone need to use a symmetric key instead of the password evading KDF?
Thank you for your feedback!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.