Upgrade rand and dalek (#225)

* Upgrade deps

* cargo sort

* Add back a simple ReseedingRng

* protect against overflows that couldn't ever happen, but it makes it more obviously correct

* correct comment

* Bump minor and add changelog

* small changes

* Remove the constant from the comment. Also fix other comment

---------

Co-authored-by: Colt Frederickson <coltfred@gmail.com>

Author: giarc3

CHANGELOG.md

@@ -1,8 +1,14 @@
 # Changelog
 
+## 0.16.0
+
+- [[#225](https://github.com/IronCoreLabs/recrypt-rs/pull/225)]
+  - Update rand to 0.10.x and rand_chacha to 0.10.x
+  - Add custom `ReseedingRng` wrapper since rand no longer has one. Automatically reseed from system entropy every 64 KiB of output, matching `ThreadRng`'s reseeding interval.
+
 ## 0.15.0
 
-- [[#193](https://github.com/IronCoreLabs/recrypt-rs/pull/194)]
+- [[#193](https://github.com/IronCoreLabs/recrypt-rs/pull/193)]
   - Update rand to 0.9.x
   - Update gridiron to 0.12.2 to support 64 bit optimization. Note that the 64 bit backend is the default. See feature flags section of the [readme](./README.md).
   - Change MSRV to Rust 1.88.0

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "recrypt"
-version = "0.15.0"
+version = "0.16.0"
 authors = ["IronCore Labs <info@ironcorelabs.com>"]
 readme = "README.md"
 license = "AGPL-3.0-only"
@@ -38,21 +38,17 @@ disable_memlock = []
 cfg-if = "1"
 clear_on_drop = "0.2"
 derivative = "2.1"
-# Can't upgrade to the latest pre until rand 0.10 is released.
-ed25519-dalek = { version = "=3.0.0-pre.1", default-features = false, features = [
-  "rand_core",
-  "fast",
-] }
+ed25519-dalek = { version = "=3.0.0-pre.6", default-features = false, features = ["rand_core", "fast"] }
 # Explicit dependency so we can pass the wasm-bindgen flag to it
-getrandom = { version = "0.3", optional = true }
+getrandom = { version = "0.4", optional = true }
 gridiron = { version = "0.12.2", default-features = false }
 hex = "0.4"
 lazy_static = "1.4"
 log = "0.4"
 num-traits = "0.2"
 quick-error = "2"
-rand = "0.9"
-rand_chacha = "0.9"
+rand = "0.10"
+rand_chacha = "0.10"
 sha2 = "0.10"
 
 [target.'cfg(all(unix, not(target_arch = "wasm32")))'.dependencies]

src/api.rs

@@ -24,8 +24,6 @@ use derivative::Derivative;
 use gridiron::fp_256::Fp256;
 use gridiron::fp_256::Monty as Monty256;
 use rand;
-use rand::rngs::ReseedingRng;
-use rand_chacha::ChaCha20Core;
 use std;
 use std::fmt;
 
@@ -45,12 +43,7 @@ impl Recrypt<Sha256, Ed25519, RandomBytes<DefaultRng>> {
     ///
     /// The RNG will periodically reseed itself from the system's best entropy source.
     pub fn new() -> Recrypt<Sha256, Ed25519, RandomBytes<DefaultRng>> {
-        // 1 MB
-        const BYTES_BEFORE_RESEEDING: u64 = 1024 * 1024;
-        Recrypt::new_with_rand(
-            ReseedingRng::<ChaCha20Core, _>::new(BYTES_BEFORE_RESEEDING, rand::rngs::OsRng)
-                .expect("Calling OsRng failed to seed Rng."),
-        )
+        Recrypt::new_with_rand(Default::default())
     }
 }
 
@@ -60,7 +53,7 @@ impl Default for Recrypt<Sha256, Ed25519, RandomBytes<DefaultRng>> {
     }
 }
 
-impl<CR: rand::CryptoRng + rand::RngCore> Recrypt<Sha256, Ed25519, RandomBytes<CR>> {
+impl<CR: rand::CryptoRng> Recrypt<Sha256, Ed25519, RandomBytes<CR>> {
     /// Construct a Recrypt with the given RNG. Unless you have specific needs using `new()` is recommended.
     pub fn new_with_rand(r: CR) -> Recrypt<Sha256, Ed25519, RandomBytes<CR>> {
         let pairing = internal::pairing::Pairing::new();
@@ -634,9 +627,7 @@ pub trait SchnorrOps {
     ) -> bool;
 }
 
-impl<H: Sha256Hashing, S, CR: rand::RngCore + rand::CryptoRng> SchnorrOps
-    for Recrypt<H, S, RandomBytes<CR>>
-{
+impl<H: Sha256Hashing, S, CR: rand::CryptoRng> SchnorrOps for Recrypt<H, S, RandomBytes<CR>> {
     fn schnorr_sign<A: Hashable>(
         &self,
         priv_key: &PrivateKey,
@@ -671,7 +662,7 @@ pub trait Ed25519Ops {
     fn generate_ed25519_key_pair(&self) -> SigningKeypair;
 }
 
-impl<H, S, CR: rand::RngCore + rand::CryptoRng> Ed25519Ops for Recrypt<H, S, RandomBytes<CR>> {
+impl<H, S, CR: rand::CryptoRng> Ed25519Ops for Recrypt<H, S, RandomBytes<CR>> {
     ///Generate a signing key pair for use with the `Ed25519Signing` trait using the random number generator
     ///used to back the `RandomBytes` struct.
     fn generate_ed25519_key_pair(&self) -> SigningKeypair {

src/api_480.rs

@@ -24,8 +24,6 @@ use derivative::Derivative;
 use gridiron::fp_480::Fp480;
 use gridiron::fp_480::Monty as Monty480;
 use rand;
-use rand::rngs::ReseedingRng;
-use rand_chacha::ChaCha20Core;
 use std;
 use std::fmt;
 /// Recrypt public API - 480-bit
@@ -45,12 +43,7 @@ impl Recrypt480<Sha256, Ed25519, RandomBytes<DefaultRng>> {
     ///
     /// The RNG will periodically reseed itself from the system's best entropy source.
     pub fn new() -> Recrypt480<Sha256, Ed25519, RandomBytes<DefaultRng>> {
-        // 2 MB
-        const BYTES_BEFORE_RESEEDING: u64 = 2 * 1024 * 1024;
-        Recrypt480::new_with_rand(
-            ReseedingRng::<ChaCha20Core, _>::new(BYTES_BEFORE_RESEEDING, rand::rngs::OsRng)
-                .expect("Calling OsRng failed to seed Rng."),
-        )
+        Recrypt480::new_with_rand(Default::default())
     }
 }
 
@@ -60,7 +53,7 @@ impl Default for Recrypt480<Sha256, Ed25519, RandomBytes<DefaultRng>> {
     }
 }
 
-impl<CR: rand::CryptoRng + rand::RngCore> Recrypt480<Sha256, Ed25519, RandomBytes<CR>> {
+impl<CR: rand::CryptoRng> Recrypt480<Sha256, Ed25519, RandomBytes<CR>> {
     /// Construct a Recrypt480 with the given RNG. Unless you have specific needs using `new()` is recommended.
     pub fn new_with_rand(r: CR) -> Recrypt480<Sha256, Ed25519, RandomBytes<CR>> {
         let pairing = pairing::Pairing::new();
@@ -635,9 +628,7 @@ pub trait SchnorrOps {
     ) -> bool;
 }
 
-impl<H: Sha256Hashing, S, CR: rand::RngCore + rand::CryptoRng> SchnorrOps
-    for Recrypt480<H, S, RandomBytes<CR>>
-{
+impl<H: Sha256Hashing, S, CR: rand::CryptoRng> SchnorrOps for Recrypt480<H, S, RandomBytes<CR>> {
     fn schnorr_sign<A: Hashable>(
         &self,
         priv_key: &PrivateKey,
@@ -672,7 +663,7 @@ pub trait Ed25519Ops {
     fn generate_ed25519_key_pair(&self) -> SigningKeypair;
 }
 
-impl<H, S, CR: rand::RngCore + rand::CryptoRng> Ed25519Ops for Recrypt480<H, S, RandomBytes<CR>> {
+impl<H, S, CR: rand::CryptoRng> Ed25519Ops for Recrypt480<H, S, RandomBytes<CR>> {
     ///Generate a signing key pair for use with the `Ed25519Signing` trait using the random number generator
     ///used to back the `RandomBytes` struct.
     fn generate_ed25519_key_pair(&self) -> SigningKeypair {

src/api_common.rs

@@ -1,6 +1,5 @@
 use crate::internal;
 use quick_error::quick_error;
-use rand::rngs::{OsRng, ReseedingRng};
 
 quick_error! {
     /// Errors generated by the API
@@ -34,7 +33,7 @@ quick_error! {
     }
 }
 
-pub type DefaultRng = ReseedingRng<rand_chacha::ChaChaCore, OsRng>;
+pub type DefaultRng = crate::api::ReseedingRng<rand_chacha::ChaCha20Rng>;
 pub type Result<T> = std::result::Result<T, RecryptErr>;
 
 impl From<internal::InternalError> for RecryptErr {

src/internal/ed25519.rs

@@ -62,7 +62,7 @@ impl From<SigningKeypair> for [u8; 64] {
 
 impl SigningKeypair {
     const ENCODED_SIZE_BYTES: usize = 64;
-    pub fn new<CR: rand::RngCore + rand::CryptoRng>(rng: &Mutex<CR>) -> SigningKeypair {
+    pub fn new<CR: rand::CryptoRng>(rng: &Mutex<CR>) -> SigningKeypair {
         let signing_key = ed25519_dalek::SigningKey::generate::<CR>(&mut *take_lock(rng));
 
         //Unchecked is safe because the public is on the curve and the size is statically guaranteed.

src/internal/rand_bytes.rs

@@ -1,37 +1,106 @@
 use rand;
-use rand::{CryptoRng, RngCore};
+use rand::CryptoRng;
 
 use crate::internal::take_lock;
 use rand::SeedableRng;
+use rand::rngs::SysRng;
+use rand::{TryCryptoRng, TryRng};
+use std::convert::Infallible;
 use std::default::Default;
 use std::ops::DerefMut;
 use std::sync::Mutex;
 
+/// Reseed threshold in bytes — matches ThreadRng's 64 KiB interval.
+const RESEED_THRESHOLD: usize = 64 * 1024;
+
 /// Generation of random bytes for cryptographic operations
 pub trait RandomBytesGen {
     fn random_bytes_32(&self) -> [u8; 32];
     fn random_bytes_60(&self) -> [u8; 60];
 }
 
-pub struct RandomBytes<T: CryptoRng + RngCore> {
+/// A CSPRNG wrapper that automatically reseeds from system entropy periodically.
+/// Implements [`CryptoRng`] so it can be used anywhere a `CryptoRng` is expected.
+pub struct ReseedingRng<T: CryptoRng + SeedableRng> {
+    inner: T,
+    bytes_generated: usize,
+}
+
+impl<T: CryptoRng + SeedableRng> Default for ReseedingRng<T> {
+    fn default() -> Self {
+        ReseedingRng::new(
+            T::try_from_rng(&mut SysRng).expect("Failed to seed RNG from system entropy"),
+        )
+    }
+}
+
+impl<T: CryptoRng + SeedableRng> ReseedingRng<T> {
+    pub fn new(rng: T) -> Self {
+        ReseedingRng {
+            inner: rng,
+            bytes_generated: 0,
+        }
+    }
+
+    fn reseed_if_needed(&mut self) {
+        if self.bytes_generated >= RESEED_THRESHOLD {
+            if let Ok(reseeded) = T::try_from_rng(&mut SysRng) {
+                self.inner = reseeded;
+            }
+            // On reseed failure, continue with existing state rather than panicking.
+            // The current state is still cryptographically valid and the likelihood of
+            // SysRng erroring is very low.
+            self.bytes_generated = 0;
+        }
+    }
+}
+
+impl<T: CryptoRng + SeedableRng> TryRng for ReseedingRng<T> {
+    type Error = Infallible;
+
+    fn try_next_u32(&mut self) -> Result<u32, Self::Error> {
+        self.reseed_if_needed();
+        let val = self.inner.next_u32();
+        self.bytes_generated = self.bytes_generated.saturating_add(4);
+        Ok(val)
+    }
+
+    fn try_next_u64(&mut self) -> Result<u64, Self::Error> {
+        self.reseed_if_needed();
+        let val = self.inner.next_u64();
+        self.bytes_generated = self.bytes_generated.saturating_add(8);
+        Ok(val)
+    }
+
+    fn try_fill_bytes(&mut self, dst: &mut [u8]) -> Result<(), Self::Error> {
+        self.reseed_if_needed();
+        self.inner.fill_bytes(dst);
+        self.bytes_generated = self.bytes_generated.saturating_add(dst.len());
+        Ok(())
+    }
+}
+
+impl<T: CryptoRng + SeedableRng> TryCryptoRng for ReseedingRng<T> {}
+
+pub struct RandomBytes<T: CryptoRng> {
     pub(crate) rng: Mutex<T>,
 }
 
-impl Default for RandomBytes<rand_chacha::ChaChaRng> {
+impl Default for RandomBytes<ReseedingRng<rand_chacha::ChaChaRng>> {
     fn default() -> Self {
-        RandomBytes::new(rand_chacha::ChaChaRng::from_os_rng())
+        RandomBytes::new(ReseedingRng::default())
     }
 }
 
-impl<CR: CryptoRng + RngCore> RandomBytes<CR> {
+impl<CR: CryptoRng> RandomBytes<CR> {
     pub fn new(rng: CR) -> Self {
         RandomBytes {
             rng: Mutex::new(rng),
         }
     }
 }
 
-impl<CR: CryptoRng + RngCore> RandomBytesGen for RandomBytes<CR> {
+impl<CR: CryptoRng> RandomBytesGen for RandomBytes<CR> {
     fn random_bytes_32(&self) -> [u8; 32] {
         let mut bytes: [u8; 32] = [0u8; 32];
         take_lock(&self.rng).deref_mut().fill_bytes(&mut bytes);

src/lib.rs

@@ -81,7 +81,7 @@
 //!
 //! ## Using serde_json to serialize/deserialize the bytes of keys
 //!
-//! The bytes of the PrivateKey and PublicKey data structures can be serialized and deserialized to and from JSON String and/or a Vec<u8> using the following methods.
+//! The bytes of the PrivateKey and PublicKey data structures can be serialized and deserialized to and from JSON String and/or a `Vec<u8>` using the following methods.
 //! Simply add [serde_json](https://crates.io/crates/serde_json) as a dependency to your application.
 //! ```rust
 //! use recrypt::prelude::*;

tests/concurrency.rs

@@ -1,11 +1,9 @@
-use rand::SeedableRng;
-use rand_chacha;
 use recrypt::prelude::*;
 use std::sync::Arc;
 use std::thread;
 #[test]
 fn generate_plaintexts() {
-    let recrypt = Arc::new(Recrypt::new_with_rand(rand_chacha::ChaChaRng::from_os_rng()));
+    let recrypt = Arc::new(Recrypt::new());
 
     let mut threads = vec![];
     for _i in 0..10 {