Skip to content

Commit

Permalink
fix: make RwLock in RustCrypto async [WPB-10044]
Browse files Browse the repository at this point in the history
  • Loading branch information
SimonThormeyer committed Jul 8, 2024
1 parent 6d2f5a2 commit d345c64
Show file tree
Hide file tree
Showing 71 changed files with 453 additions and 309 deletions.
4 changes: 2 additions & 2 deletions interop_client/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,7 @@ impl MlsClient for MlsClientImpl {

let signature_keys = SignatureKeyPair::new(
ciphersuite.signature_algorithm(),
&mut *backend.rand().borrow_rand().unwrap(),
&mut *backend.rand().borrow_rand().await,
)
.unwrap();
signature_keys.store(backend.key_store()).await.unwrap();
Expand Down Expand Up @@ -353,7 +353,7 @@ impl MlsClient for MlsClientImpl {
let credential = Credential::new(identity, CredentialType::Basic).unwrap();
let signature_keys = SignatureKeyPair::new(
ciphersuite.signature_algorithm(),
&mut *crypto_provider.rand().borrow_rand().unwrap(),
&mut *crypto_provider.rand().borrow_rand().await,
)
.unwrap();

Expand Down
1 change: 1 addition & 0 deletions openmls/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ async-lock = { version = "3.3", optional = true }
rstest = { version = "0.18.2", optional = true }
rstest_reuse = { version = "0.6.0", optional = true }
tokio = { version = "1.24", optional = true, features = ["macros", "rt", "rt-multi-thread"] }
futures = "0.3.30"

[features]
default = []
Expand Down
4 changes: 3 additions & 1 deletion openmls/benches/benchmark.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
use criterion::{
async_executor::FuturesExecutor, criterion_group, criterion_main, BenchmarkId, Criterion,
};
use futures::executor;
use openmls::prelude::{config::CryptoConfig, *};
use openmls_basic_credential::SignatureKeyPair;
use openmls_rust_crypto::OpenMlsRustCrypto;
Expand All @@ -9,10 +10,11 @@ use openmls_traits::{crypto::OpenMlsCrypto, OpenMlsCryptoProvider};
fn criterion_benchmark(c: &mut Criterion) {
let backend = OpenMlsRustCrypto::default();
for &ciphersuite in backend.crypto().supported_ciphersuites().iter() {
let mut rng = executor::block_on(backend.rand().borrow_rand());
let credential = Credential::new_basic(vec![1, 2, 3]);
let signer = SignatureKeyPair::new(
ciphersuite.signature_algorithm(),
&mut *backend.rand().borrow_rand().unwrap(),
&mut *rng,
)
.unwrap();
let credential_with_key = CredentialWithKey {
Expand Down
2 changes: 1 addition & 1 deletion openmls/src/ciphersuite/aead.rs
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ mod unit_tests {
#[apply(backends)]
async fn test_xor(backend: &impl OpenMlsCryptoProvider) {
let reuse_guard: ReuseGuard =
ReuseGuard::try_from_random(backend).expect("An unexpected error occurred.");
ReuseGuard::try_from_random(backend).await.expect("An unexpected error occurred.");
let original_nonce = AeadNonce::random(backend);
let xored_once = original_nonce.clone().xor_with_reuse_guard(&reuse_guard);
assert_ne!(
Expand Down
18 changes: 10 additions & 8 deletions openmls/src/ciphersuite/hpke.rs
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ impl From<(&str, &[u8])> for EncryptContext {
}

/// Encrypt to an HPKE key with a label.
pub(crate) fn encrypt_with_label(
pub(crate) async fn encrypt_with_label(
public_key: &[u8],
label: &str,
context: &[u8],
Expand All @@ -109,13 +109,15 @@ pub(crate) fn encrypt_with_label(
log_crypto!(debug, "* public key: {public_key:x?}");
log_crypto!(debug, "* plaintext: {plaintext:x?}");

let cipher = crypto.hpke_seal(
ciphersuite.hpke_config(),
public_key,
&context,
&[],
plaintext,
)?;
let cipher = crypto
.hpke_seal(
ciphersuite.hpke_config(),
public_key,
&context,
&[],
plaintext,
)
.await?;

log_crypto!(debug, "* ciphertext: {:x?}", cipher);

Expand Down
3 changes: 2 additions & 1 deletion openmls/src/ciphersuite/reuse_guard.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,14 @@ pub struct ReuseGuard {

impl ReuseGuard {
/// Samples a fresh reuse guard uniformly at random.
pub(crate) fn try_from_random(
pub(crate) async fn try_from_random(
crypto: &impl OpenMlsCryptoProvider,
) -> Result<Self, CryptoError> {
Ok(Self {
value: crypto
.rand()
.random_array()
.await
.map_err(|_| CryptoError::InsufficientRandomness)?,
})
}
Expand Down
3 changes: 2 additions & 1 deletion openmls/src/ciphersuite/secret.rs
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ impl Secret {
/// Randomly sample a fresh `Secret`.
/// This default random initialiser uses the default Secret length of `hash_length`.
/// The function can return a [`CryptoError`] if there is insufficient randomness.
pub(crate) fn random(
pub(crate) async fn random(
ciphersuite: Ciphersuite,
crypto: &impl OpenMlsCryptoProvider,
version: impl Into<Option<ProtocolVersion>>,
Expand All @@ -88,6 +88,7 @@ impl Secret {
value: crypto
.rand()
.random_vec(ciphersuite.hash_length())
.await
.map_err(|_| CryptoError::InsufficientRandomness)?
.into(),
mls_version,
Expand Down
19 changes: 11 additions & 8 deletions openmls/src/ciphersuite/tests/kat_crypto_basics.rs
Original file line number Diff line number Diff line change
Expand Up @@ -341,14 +341,17 @@ pub fn run_test_vector(
assert_eq!(plaintext, decrypted_plaintext);

// Check that encryption works.
let my_ciphertext = hpke::encrypt_with_label(
&public,
&label,
&context,
&plaintext,
ciphersuite,
backend.crypto(),
)
let my_ciphertext = async_std::task::block_on(async {
hpke::encrypt_with_label(
&public,
&label,
&context,
&plaintext,
ciphersuite,
backend.crypto(),
)
.await
})
.unwrap();
let decrypted_plaintext = hpke::decrypt_with_label(
&private,
Expand Down
3 changes: 2 additions & 1 deletion openmls/src/ciphersuite/tests/test_ciphersuite.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ async fn test_hpke_seal_open(ciphersuite: Ciphersuite, backend: &impl OpenMlsCry
.derive_hpke_keypair(
ciphersuite.hpke_config(),
Secret::random(ciphersuite, backend, None)
.await
.expect("Not enough randomness.")
.as_slice(),
)
Expand All @@ -27,7 +28,7 @@ async fn test_hpke_seal_open(ciphersuite: Ciphersuite, backend: &impl OpenMlsCry
plaintext,
ciphersuite,
backend.crypto(),
)
).await
.unwrap();
let decrypted_payload = hpke::decrypt_with_label(
&kp.private,
Expand Down
6 changes: 4 additions & 2 deletions openmls/src/ciphersuite/tests/test_secrets.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,9 @@ wasm_bindgen_test::wasm_bindgen_test_configure!(run_in_browser);
async fn secret_init(ciphersuite: Ciphersuite, backend: &impl OpenMlsCryptoProvider) {
// These two secrets must be incompatible
let default_secret =
Secret::random(ciphersuite, backend, None).expect("Not enough randomness.");
Secret::random(ciphersuite, backend, None).await.expect("Not enough randomness.");
let draft_secret = Secret::random(ciphersuite, backend, ProtocolVersion::Mls10Draft11)
.await
.expect("Not enough randomness.");

let derived_default_secret = default_secret.derive_secret(backend, "my_test_label");
Expand All @@ -27,8 +28,9 @@ async fn secret_init(ciphersuite: Ciphersuite, backend: &impl OpenMlsCryptoProvi
pub async fn secret_incompatible(ciphersuite: Ciphersuite, backend: &impl OpenMlsCryptoProvider) {
// These two secrets must be incompatible
let default_secret =
Secret::random(ciphersuite, backend, None).expect("Not enough randomness.");
Secret::random(ciphersuite, backend, None).await.expect("Not enough randomness.");
let draft_secret = Secret::random(ciphersuite, backend, ProtocolVersion::Mls10Draft11)
.await
.expect("Not enough randomness.");

// This must panic because the two secrets have incompatible MLS versions.
Expand Down
2 changes: 1 addition & 1 deletion openmls/src/credentials/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,7 @@ pub mod test_utils {
};
let signature_keys = SignatureKeyPair::new(
signature_scheme,
&mut *backend.rand().borrow_rand().unwrap(),
&mut *backend.rand().borrow_rand().await,
)
.unwrap();
signature_keys.store(backend.key_store()).await.unwrap();
Expand Down
4 changes: 2 additions & 2 deletions openmls/src/extensions/test_extensions.rs
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ async fn ratchet_tree_extension(ciphersuite: Ciphersuite, backend: &impl OpenMls

// === Alice creates a group with the ratchet tree extension ===
let mut alice_group = CoreGroup::builder(
GroupId::random(backend),
GroupId::random(backend).await,
config::CryptoConfig::with_default_version(ciphersuite),
alice_credential_with_key.clone(),
)
Expand Down Expand Up @@ -146,7 +146,7 @@ async fn ratchet_tree_extension(ciphersuite: Ciphersuite, backend: &impl OpenMls
};

let mut alice_group = CoreGroup::builder(
GroupId::random(backend),
GroupId::random(backend).await,
config::CryptoConfig::with_default_version(ciphersuite),
alice_credential_with_key,
)
Expand Down
16 changes: 10 additions & 6 deletions openmls/src/framing/private_message.rs
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ impl PrivateMessage {
///
/// TODO #1148: Refactor theses constructors to avoid test code in main and
/// to avoid validation using a special feature flag.
pub(crate) fn try_from_authenticated_content(
pub(crate) async fn try_from_authenticated_content(
public_message: &AuthenticatedContent,
ciphersuite: Ciphersuite,
backend: &impl OpenMlsCryptoProvider,
Expand All @@ -90,10 +90,11 @@ impl PrivateMessage {
message_secrets,
padding_size,
)
.await
}

#[cfg(any(feature = "test-utils", test))]
pub(crate) fn encrypt_without_check(
pub(crate) async fn encrypt_without_check(
public_message: &AuthenticatedContent,
ciphersuite: Ciphersuite,
backend: &impl OpenMlsCryptoProvider,
Expand All @@ -108,10 +109,11 @@ impl PrivateMessage {
message_secrets,
padding_size,
)
.await
}

#[cfg(test)]
pub(crate) fn encrypt_with_different_header(
pub(crate) async fn encrypt_with_different_header(
public_message: &AuthenticatedContent,
ciphersuite: Ciphersuite,
backend: &impl OpenMlsCryptoProvider,
Expand All @@ -127,11 +129,12 @@ impl PrivateMessage {
message_secrets,
padding_size,
)
.await
}

/// Internal function to encrypt content. The extra message header is only used
/// for tests. Otherwise, the data from the given `AuthenticatedContent` is used.
fn encrypt_content(
async fn encrypt_content(
test_header: Option<MlsMessageHeader>,
public_message: &AuthenticatedContent,
ciphersuite: Ciphersuite,
Expand Down Expand Up @@ -170,8 +173,9 @@ impl PrivateMessage {
// Even in tests we want to use the real sender index, so we have a key to encrypt.
.secret_for_encryption(ciphersuite, backend, sender_index, secret_type)?;
// Sample reuse guard uniformly at random.
let reuse_guard: ReuseGuard =
ReuseGuard::try_from_random(backend).map_err(LibraryError::unexpected_crypto_error)?;
let reuse_guard: ReuseGuard = ReuseGuard::try_from_random(backend)
.await
.map_err(LibraryError::unexpected_crypto_error)?;
// Prepare the nonce by xoring with the reuse guard.
let prepared_nonce = ratchet_nonce.xor_with_reuse_guard(&reuse_guard);
// Encrypt the payload
Expand Down
Loading

0 comments on commit d345c64

Please sign in to comment.