Feat: Switch using nanorand crate with rand_chacha and rand_core crates for CSPRNG

Fix: Fix errors resulting from this change

Feat: Make all features optional to allow only usage of the `random` feature without importing other crates

Fix: Fix the issues with the example due to changes to the new API

Author: 448-OG

Cargo.toml

@@ -18,25 +18,22 @@ maintenance = { status = "passively-maintained" }
 
 [dependencies]
 aead = { version = "0.5.2", features = ["bytes"], optional = true }
-arrayvec = { version = "0.7.2", default-features = false }
-blake3 = { version = "1.3.3", default-features = false }
-bytes = { version = "1.4.0" }
+arrayvec = { version = "0.7.2", default-features = true, optional = true }
+blake3 = { version = "1.3.3", default-features = true, optional = true }
+bytes = { version = "1.4.0", optional = true }
 chacha20poly1305 = { version = "0.10.1", features = [
     "reduced-round",
 ], default-features = true, optional = true }
 lazy_static = { version = "1.4.0", optional = true }
-nanorand = { version = "0.7.0", features = [
-    "chacha",
-    "zeroize",
-    "getrandom",
-], optional = true }
+rand_chacha = { version = "0.3.1", default-features = false, optional = true }
+rand_core = { version = "0.6.4", features = ["getrandom"], optional = true }
 zeroize = { version = "1.5.7", default-features = false }
 
 [features]
-default = ["symm_asymm"]
+default = ["symm_asymm", "random"]
 encryption = ["dep:aead", "dep:chacha20poly1305", "dep:lazy_static", "random"]
-random = ["dep:nanorand"]
-symm_asymm = []
+random = ["dep:rand_core", "rand_chacha"]
+symm_asymm = ["dep:bytes", "dep:arrayvec", "dep:blake3"]
 clonable_mem = []
 full = ["symm_asymm", "clonable_mem", "random", "encryption"]
 

README.md

@@ -36,18 +36,22 @@ use memsecurity::*;
 fn main() {
     let mut foo = EncryptedMem::<32>::new();
 
-    let plaintext_bytes = ZeroizeBytesArray::csprng();
+    let plaintext_bytes = CsprngArray::<32>::gen();
 
-    println!(" PLAINTEXT: {:?}", plaintext_bytes); //WARNING: THIS IS AN EXAMPLE, DO NOT PRINT SECRETS IN CODE
+    println!(" PLAINTEXT: {:?}", plaintext_bytes.expose()); //SECURELY PRINTED TO CONSOLE USING DEBUG TRAIT
+    println!(" PLAINTEXT: {:?}", plaintext_bytes.expose()); //SECURELY PRINTED TO CONSOLE USING DISPLAY TRAIT
+    println!(" PLAINTEXT: {:?}", plaintext_bytes.expose()); //WARNING: THIS IS AN EXAMPLE, DO NOT PRINT SECRETS IN CODE
 
-    foo.encrypt(&plaintext_bytes).unwrap();
+    let data = ZeroizeBytesArray::new_with_data(plaintext_bytes.expose());
+
+    foo.encrypt(&data).unwrap();
 
     println!("CIPHERTEXT: {:?}", foo.ciphertext());
     println!("    XNONCE: {:?}", foo.xnonce());
 
     let decrypted = foo.decrypt().unwrap();
 
     println!(" DECRYPTED:{:?}", decrypted);
-    assert_eq!(plaintext_bytes, decrypted);
+    assert_eq!(data, decrypted);
 }
 ```

examples/simple.rs

@@ -3,17 +3,21 @@ use memsecurity::*;
 fn main() {
     let mut foo = EncryptedMem::<32>::new();
 
-    let plaintext_bytes = ZeroizeBytesArray::csprng();
+    let plaintext_bytes = CsprngArray::<32>::gen();
 
-    println!(" PLAINTEXT: {:?}", plaintext_bytes); //WARNING: THIS IS AN EXAMPLE, DO NOT PRINT SECRETS IN CODE
+    println!(" PLAINTEXT: {:?}", plaintext_bytes.expose()); //SECURELY PRINTED TO CONSOLE USING DEBUG TRAIT
+    println!(" PLAINTEXT: {:?}", plaintext_bytes.expose()); //SECURELY PRINTED TO CONSOLE USING DISPLAY TRAIT
+    println!(" PLAINTEXT: {:?}", plaintext_bytes.expose()); //WARNING: THIS IS AN EXAMPLE, DO NOT PRINT SECRETS IN CODE
 
-    foo.encrypt(&plaintext_bytes).unwrap();
+    let data = ZeroizeBytesArray::new_with_data(plaintext_bytes.expose());
+
+    foo.encrypt(&data).unwrap();
 
     println!("CIPHERTEXT: {:?}", foo.ciphertext());
     println!("    XNONCE: {:?}", foo.xnonce());
 
     let decrypted = foo.decrypt().unwrap();
 
     println!(" DECRYPTED:{:?}", decrypted);
-    assert_eq!(plaintext_bytes, decrypted);
+    assert_eq!(data, decrypted);
 }

src/errors.rs

@@ -5,7 +5,16 @@ pub type MemSecurityResult<T> = Result<T, MemSecurityErr>;
 #[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Clone, Copy)]
 pub enum MemSecurityErr {
     /// An error was encountered while encrypting the data
+    #[cfg(feature = "encryption")]
     EncryptionErr,
-    /// An error was encountered when decrypting data using XChaCha12Poly1305
+    /// An error was encountered when decrypting data using XChaCha12Poly1305    
+    #[cfg(feature = "encryption")]
     DecryptionError,
+    /// The length of the arrays should be the same
+    InvalidArrayLength {
+        /// The length defined in generic value `N` in `const N: usize`
+        const_n_len: usize,
+        /// The length of the mutable array `&mut [u8; N]`
+        buffer_len: usize,
+    },
 }

src/keygen.rs

@@ -23,29 +23,25 @@ mod keymaker {
 
     use super::{SealingKeyPages, DEFAULT_VAULT_PAGES, DEFAULT_VAULT_PAGE_SIZE};
     use crate::{
-        EncryptedMem, MemSecurityErr, MemSecurityResult, ZeroizeBytes, ZeroizeBytesArray,
-        TAG_LENGTH,
+        CsprngArray, EncryptedMem, MemSecurityErr, MemSecurityResult, ZeroizeBytes,
+        ZeroizeBytesArray, TAG_LENGTH,
     };
     use bytes::BytesMut;
     use chacha20poly1305::{
         aead::{AeadInPlace, KeyInit},
         Key, XChaCha12Poly1305, XNonce,
     };
-    use nanorand::{ChaCha8, Rng};
 
     lazy_static::lazy_static! {
         static ref PREKEY: SealingKeyPages = {
 
         let mut pages = [[0u8; DEFAULT_VAULT_PAGE_SIZE]; DEFAULT_VAULT_PAGES];
 
         (0..DEFAULT_VAULT_PAGES).for_each(|vault_page_index| {
-            let mut chacha_rng = ChaCha8::new();
-            let mut random_bytes = [0; DEFAULT_VAULT_PAGE_SIZE];
-            (0..DEFAULT_VAULT_PAGE_SIZE).for_each(|index| {
-                random_bytes[index] = chacha_rng.generate::<u8>();
-            });
 
-            pages[vault_page_index] = random_bytes;
+            let random_bytes = CsprngArray::<DEFAULT_VAULT_PAGE_SIZE>::gen();
+
+            random_bytes.take(&mut pages[vault_page_index]).unwrap(); //Never fails since array lengths are always equal
         });
 
         SealingKeyPages(pages)

src/lib.rs

@@ -20,56 +20,56 @@ pub use keygen::*;
 mod zeroizable_arrays;
 pub use zeroizable_arrays::*;
 
-#[cfg(feature = "encryption")]
 mod errors;
-#[cfg(feature = "encryption")]
 pub use errors::*;
 
+#[cfg(feature = "random")]
+mod random;
+#[cfg(feature = "random")]
+pub use random::*;
+
 mod traits;
 pub use traits::*;
 
 /// Re-export  crates
 #[cfg(feature = "encryption")]
 pub use aead;
+#[cfg(feature = "encryption")]
 pub use arrayvec;
+#[cfg(feature = "encryption")]
 pub use blake3;
+#[cfg(feature = "encryption")]
 pub use bytes;
 #[cfg(feature = "encryption")]
 pub use chacha20poly1305;
 #[cfg(feature = "encryption")]
 pub use lazy_static;
 #[cfg(feature = "random")]
-pub use nanorand;
+pub use rand_chacha;
+#[cfg(feature = "random")]
+pub use rand_core;
 pub use zeroize;
 
 // TODO Test different nonces
 // TODO Test different cipher and plaintext
 
 #[cfg(tests)]
 mod sanity_tests {
-    use memsecurity::*;
+    use memsecurity::{prelude::*, zeroize::Zeroize};
 
     #[test]
     fn csprng() {
         // Create a new array of 32 bytes that is randomly generated and cryptographically secure
-        let plaintext_bytes1 = ZeroizeBytesArray::<32>::csprng();
-        let plaintext_bytes2 = ZeroizeBytesArray::<32>::csprng();
-        assert_eq!(
-            plaintext_bytes1.expose().len(),
-            plaintext_bytes2.expose().len()
-        );
-        assert_ne!(plaintext_bytes1, plaintext_bytes2);
-
-        let plaintext_bytes1 = ZeroizeArray::<32>::csprng();
-        let plaintext_bytes2 = ZeroizeArray::<32>::csprng();
+        let plaintext_bytes1 = CsprngArray::<32>::csprng();
+        let plaintext_bytes2 = CsprngArray::<64>::csprng();
         assert_eq!(
             plaintext_bytes1.expose().len(),
             plaintext_bytes2.expose().len()
         );
         assert_ne!(plaintext_bytes1, plaintext_bytes2);
 
-        let plaintext_bytes1 = ZeroizeBytes::csprng::<32>();
-        let plaintext_bytes2 = ZeroizeBytes::csprng::<32>();
+        let plaintext_bytes1 = CsprngArray::<32>::csprng();
+        let plaintext_bytes2 = CsprngArray::<32>::csprng();
         assert_eq!(
             plaintext_bytes1.expose().len(),
             plaintext_bytes2.expose().len()
@@ -81,10 +81,13 @@ mod sanity_tests {
     fn cipher() {
         let mut foo = EncryptedMem::<32>::new();
 
-        let plaintext_bytes = ZeroizeBytesArray::csprng();
-        foo.encrypt(&plaintext_bytes).unwrap();
+        let mut plaintext_bytes = CsprngArray::<32>::csprng();
+        let data = ZeroizeBytesArray::new_with_data(plaintext_bytes.expose());
+        foo.encrypt(&data).unwrap();
         let decrypted = foo.decrypt().unwrap();
 
-        assert_eq!(plaintext_bytes, decrypted);
+        assert_eq!(data, decrypted);
+        plaintext_bytes.zeroize();
+        assert_eq!(plaintext_bytes.expose(), [0u8; 32]);
     }
 }