Secure Cell passphrase API: RustThemis #630
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduce new constructor "SecureCell::with_passphrase" which accepts textual passphrases and returns a Secure Cell that handles them. Currently only Seal mode supports passphrases so that's the only mode that users are allowed to select. The passphrase is accepted as AsRef<[u8]> to transparently allow use of raw byte slices and other types, not limiting to AsRef<str> which could be more appropriate (and more restrictive). This commit does not update existing master key API for correct use of symmetric keys and does not update API documentation as well. This will be done separately.
Add "scell_seal_string_echo_pw" tool for Rust. Note that we need to add it as a new binary in test tool crate. Testing infrastructure will build and use it automatically based on the source file name.
Update the code sample like in other languages. Instead of a simple file encryption tool (which is not a generally good use case for Secure Cell) provide a showcase of Secure Cell APIs and how they impact the output.
|
This PR attempts to beat the usual pattern “more tests than code” by probably having more API docs than tests or code 😂 At least, they took comparable amount of time to porting SwiftThemis tests to Rust. |
5 tasks
vixentael
approved these changes
Apr 29, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support of Secure Cell passphrase API to RustThemis. The API is described in RFC 3.8.
This only adds new API with its documentation. Existing API docs and tests for symmetric key API need an update to avoid using passphrases there. Since this PR is already massive, those changes will be submitted separately.
User notes
Passphrase-based interface of Secure Cell allows you to use short and memorable passphrases to secure your data. While symmetric keys are more secure, they are also longer and much harder for humans to remember.
Here is how you can use passphrases with Secure Cell in Rust:
Passphrase API accepts passphrases as relatively short strings, suitable for human memory. Master key API uses randomly generated, long binary keys, which are more suitable for machines to remember. However, they are also much more efficient and generally more secure due to considerable length. You should prefer to use keys over passphrases if there are no humans involved. The interface is almost the same:
Technical notes
There are no significant deviations from RFC 3.8.
The code sample is updated to be similar to other languages where it's a showcase for Secure Cell API rather than a copy of integration test tool. Secure Cell is not really designed for generic file encryption so we'd rather not give a wrong idea.
Checklist
Benchmark results are attached(only Core)