RustCrypto
diff --git a/‎Cargo.lock‎
Lines changed: 131 additions & 93 deletions b/‎Cargo.lock‎
Lines changed: 131 additions & 93 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 4 additions & 0 deletions b/‎Cargo.toml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎aucpace/Cargo.toml‎
Lines changed: 17 additions & 24 deletions b/‎aucpace/Cargo.toml‎
Lines changed: 17 additions & 24 deletions
diff --git a/‎aucpace/examples/key_agreement.rs‎
Lines changed: 12 additions & 8 deletions b/‎aucpace/examples/key_agreement.rs‎
Lines changed: 12 additions & 8 deletions
diff --git a/‎aucpace/examples/key_agreement_no_std.rs‎
Lines changed: 12 additions & 8 deletions b/‎aucpace/examples/key_agreement_no_std.rs‎
Lines changed: 12 additions & 8 deletions
diff --git a/‎aucpace/examples/key_agreement_partial_aug.rs‎
Lines changed: 12 additions & 8 deletions b/‎aucpace/examples/key_agreement_partial_aug.rs‎
Lines changed: 12 additions & 8 deletions
diff --git a/‎aucpace/examples/key_agreement_strong.rs‎
Lines changed: 14 additions & 9 deletions b/‎aucpace/examples/key_agreement_strong.rs‎
Lines changed: 14 additions & 9 deletions
@@ -8,3 +8,7 @@ members = [
 
 [profile.dev]
 opt-level = 2
+
+[patch.crates-io.curve25519-dalek]
+git = "https://github.com/dalek-cryptography/curve25519-dalek"
+branch = "rand_core/v0.10-rc"
@@ -15,41 +15,34 @@ edition = "2024"
 rust-version = "1.85"
 
 [dependencies]
-curve25519-dalek = { version = "4", default-features = false, features = [
-    "digest",
-    "rand_core",
-] }
-password-hash = { version = "0.5", default-features = false, features = [
-    "rand_core",
-] }
-rand_core = { version = "0.6", default-features = false }
-serde = { version = "1.0.184", default-features = false, optional = true, features = [
-    "derive",
-] }
-serde-byte-array = { version = "0.1", optional = true }
+curve25519-dalek = { version = "5.0.0-pre.1", default-features = false, features = ["digest", "rand_core"] }
+password-hash = { version = "0.6.0-rc.2", default-features = false, features = ["rand_core"] }
+rand_core = { version = "0.10.0-rc.2", default-features = false }
 subtle = { version = "2.4", default-features = false }
-scrypt = { version = "0.11", default-features = false, optional = true, features = [
-    "simple",
-] }
-sha2 = { version = "0.10", default-features = false, optional = true }
+
+# optional dependencies
+rand = { version = "0.10.0-rc.1", optional = true }
+serde = { version = "1.0.184", default-features = false, optional = true, features = ["derive"] }
+serde-byte-array = { version = "0.1", optional = true }
+scrypt = { version = "0.12.0-rc.3", default-features = false, optional = true, features = ["simple"] }
+sha2 = { version = "0.11.0-rc.3", default-features = false, optional = true }
 
 [dev-dependencies]
 bincode = "1"
-curve25519-dalek = { version = "4", features = ["digest", "rand_core"] }
-password-hash = { version = "0.5", features = ["rand_core"] }
+curve25519-dalek = { version = "5.0.0-pre.1", features = ["digest", "rand_core"] }
+password-hash = { version = "0.6.0-rc.2", features = ["rand_core"] }
 postcard = "1"
-rand_core = "0.6"
-scrypt = { version = "0.11", features = ["simple"] }
-sha2 = "0.10"
+scrypt = { version = "0.12.0-rc.3", features = ["simple"] }
+sha2 = "0.11.0-rc.3"
 
 [features]
-default = ["scrypt", "sha2", "getrandom"]
+default = ["rand", "scrypt", "sha2"]
 alloc = []
+
 partial_augmentation = []
+serde = ["dep:serde", "serde-byte-array", "curve25519-dalek/serde"]
 strong_aucpace = []
 zeroize = ["curve25519-dalek/zeroize"]
-serde = ["dep:serde", "serde-byte-array", "curve25519-dalek/serde"]
-getrandom = ["rand_core/getrandom"]
 
 [[example]]
 name = "key_agreement"
 
@@ -1,7 +1,8 @@
-use aucpace::{Client, ClientMessage, Database, Result, Server, ServerMessage};
+use aucpace::{
+    Client, ClientMessage, Database, OsRng, Result, Server, ServerMessage, rand_core::TryRngCore,
+};
 use curve25519_dalek::ristretto::RistrettoPoint;
 use password_hash::{ParamsString, SaltString};
-use rand_core::OsRng;
 use scrypt::{Params, Scrypt};
 use sha2::Sha512;
 use sha2::digest::Output;
@@ -37,8 +38,11 @@ fn main() -> Result<()> {
     // the server socket address to bind to
     let server_socket: SocketAddr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 25519);
 
+    // random number generator from OS
+    let mut rng = OsRng.unwrap_err();
+
     // register the user in the database
-    let mut base_client = Client::new(OsRng);
+    let mut base_client = Client::new(rng);
     let mut database: SingleUserDatabase = Default::default();
 
     let params = Params::recommended();
@@ -66,7 +70,7 @@ fn main() -> Result<()> {
 
         // buffer for receiving packets
         let mut buf = [0u8; 1024];
-        let mut base_server = Server::new(OsRng);
+        let mut base_server = Server::new(rng);
 
         // ===== SSID Establishment =====
         let (server, message) = base_server.begin();
@@ -84,7 +88,7 @@ fn main() -> Result<()> {
         // ===== Augmentation Layer =====
         client_message = recv!(stream, buf);
         let (server, message) = if let ClientMessage::Username(username) = client_message {
-            server.generate_client_info(username, &database, OsRng)
+            server.generate_client_info(username, &database, rng)
         } else {
             panic!("Received invalid client message {:?}", client_message);
         };
@@ -179,7 +183,7 @@ fn main() -> Result<()> {
                 let r = pbkdf_params.get_str("r").unwrap().parse().unwrap();
                 let p = pbkdf_params.get_str("p").unwrap().parse().unwrap();
 
-                Params::new(log_n, r, p, scrypt::Params::RECOMMENDED_LEN).unwrap()
+                Params::new(log_n, r, p).unwrap()
             };
             client.generate_cpace_alloc(x_pub, &salt, params, Scrypt)?
         } else {
@@ -188,7 +192,7 @@ fn main() -> Result<()> {
 
         // ===== CPace substep =====
         let ci = TcpChannelIdentifier::new(stream.local_addr().unwrap(), server_socket).unwrap();
-        let (client, message) = client.generate_public_key(ci, &mut OsRng);
+        let (client, message) = client.generate_public_key(ci, &mut rng);
         let bytes_sent = send!(stream, message);
         CLIENT_BYTES_SENT.fetch_add(bytes_sent, Ordering::SeqCst);
         println!(
@@ -231,7 +235,7 @@ fn main() -> Result<()> {
     let server_key: Output<Sha512> = server_thread.join().unwrap().unwrap();
     assert_eq!(client_key, server_key);
     println!(
-        "Negotiation finished, both parties arrived at a key of: {:X}",
+        "Negotiation finished, both parties arrived at a key of: {:?}",
         client_key
     );
     println!(
 
@@ -4,10 +4,11 @@
 extern crate std;
 use std::{println, time::Instant};
 
-use aucpace::{Client, ClientMessage, Database, Result, Server, ServerMessage};
+use aucpace::{
+    Client, ClientMessage, Database, OsRng, Result, Server, ServerMessage, rand_core::TryRngCore,
+};
 use curve25519_dalek::ristretto::RistrettoPoint;
 use password_hash::{ParamsString, SaltString};
-use rand_core::OsRng;
 use scrypt::{Params, Scrypt};
 
 /// function like macro to wrap sending data over a tcp stream, returns the number of bytes sent
@@ -29,9 +30,12 @@ fn main() -> Result<()> {
     const USERNAME: &[u8] = b"adira.tal";
     const PASSWORD: &[u8] = b"4d1rA_aND-Gr4Y_aRe_tH3-b3sT <3";
 
+    // get system random number generator
+    let mut rng = OsRng.unwrap_err();
+
     // register the user in the database
-    let mut base_server = Server::new(OsRng);
-    let mut base_client = Client::new(OsRng);
+    let mut base_server = Server::new(rng);
+    let mut base_client = Client::new(rng);
     let mut database: SingleUserDatabase<100> = Default::default();
 
     let start = Instant::now();
@@ -111,7 +115,7 @@ fn main() -> Result<()> {
     // server receives the username then looks up
     client_message = recv!(client_buf);
     let (server, message) = if let ClientMessage::Username(username) = client_message {
-        server.generate_client_info(username, &database, OsRng)
+        server.generate_client_info(username, &database, rng)
     } else {
         panic!("Received invalid client message {:?}", client_message);
     };
@@ -137,7 +141,7 @@ fn main() -> Result<()> {
             let r = pbkdf_params.get_str("r").unwrap().parse().unwrap();
             let p = pbkdf_params.get_str("p").unwrap().parse().unwrap();
 
-            Params::new(log_n, r, p, scrypt::Params::RECOMMENDED_LEN).unwrap()
+            Params::new(log_n, r, p).unwrap()
         };
         client.generate_cpace::<&SaltString, 100>(x_pub, &salt, params, Scrypt)?
     } else {
@@ -156,7 +160,7 @@ fn main() -> Result<()> {
     );
 
     // now generate the client's public key and send it
-    let (client, message) = client.generate_public_key(CI, &mut OsRng);
+    let (client, message) = client.generate_public_key(CI, &mut rng);
     let bytes_sent = send!(client_buf, message);
     client_bytes_sent += bytes_sent;
     println!(
@@ -223,7 +227,7 @@ fn main() -> Result<()> {
     // assert that both threads arrived at the same key
     assert_eq!(client_key, server_key);
     println!(
-        "Negotiation finished, both parties arrived at a key of: {:X}",
+        "Negotiation finished, both parties arrived at a key of: {:?}",
         client_key
     );
 
 
@@ -1,10 +1,11 @@
+use aucpace::rand_core::TryRngCore;
 use aucpace::{
-    Client, ClientMessage, Database, Error, PartialAugDatabase, Result, Server, ServerMessage,
+    Client, ClientMessage, Database, Error, OsRng, PartialAugDatabase, Result, Server,
+    ServerMessage,
 };
 use curve25519_dalek::ristretto::RistrettoPoint;
 use curve25519_dalek::scalar::Scalar;
 use password_hash::{ParamsString, SaltString};
-use rand_core::OsRng;
 use scrypt::{Params, Scrypt};
 use sha2::Sha512;
 use sha2::digest::Output;
@@ -40,9 +41,12 @@ fn main() -> Result<()> {
     // the server socket address to bind to
     let server_socket: SocketAddr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 25519);
 
+    // random number generator from OS
+    let mut rng = OsRng.unwrap_err();
+
     // register the user in the database
-    let mut base_client = Client::new(OsRng);
-    let mut base_server = Server::new(OsRng);
+    let mut base_client = Client::new(rng);
+    let mut base_server = Server::new(rng);
     let mut database: SingleUserDatabase = Default::default();
 
     let params = Params::recommended();
@@ -92,7 +96,7 @@ fn main() -> Result<()> {
         client_message = recv!(stream, buf);
         let (server, message) = if let ClientMessage::Username(username) = client_message {
             // This is the only difference from the non-augmented protocol flow
-            server.generate_client_info_partial_aug(username, &database, OsRng)
+            server.generate_client_info_partial_aug(username, &database, rng)
         } else {
             panic!("Received invalid client message {:?}", client_message);
         };
@@ -187,7 +191,7 @@ fn main() -> Result<()> {
                 let r = pbkdf_params.get_str("r").unwrap().parse().unwrap();
                 let p = pbkdf_params.get_str("p").unwrap().parse().unwrap();
 
-                Params::new(log_n, r, p, scrypt::Params::RECOMMENDED_LEN).unwrap()
+                Params::new(log_n, r, p).unwrap()
             };
             client.generate_cpace_alloc(x_pub, &salt, params, Scrypt)?
         } else {
@@ -196,7 +200,7 @@ fn main() -> Result<()> {
 
         // ===== CPace substep =====
         let ci = TcpChannelIdentifier::new(stream.local_addr().unwrap(), server_socket).unwrap();
-        let (client, message) = client.generate_public_key(ci, &mut OsRng);
+        let (client, message) = client.generate_public_key(ci, &mut rng);
         let bytes_sent = send!(stream, message);
         CLIENT_BYTES_SENT.fetch_add(bytes_sent, Ordering::SeqCst);
         println!(
@@ -239,7 +243,7 @@ fn main() -> Result<()> {
     let server_key: Output<Sha512> = server_thread.join().unwrap().unwrap();
     assert_eq!(client_key, server_key);
     println!(
-        "Negotiation finished, both parties arrived at a key of: {:X}",
+        "Negotiation finished, both parties arrived at a key of: {:?}",
         client_key
     );
     println!(
 
@@ -1,8 +1,10 @@
-use aucpace::{Client, ClientMessage, Result, Server, ServerMessage, StrongDatabase};
+use aucpace::{
+    Client, ClientMessage, OsRng, Result, Server, ServerMessage, StrongDatabase,
+    rand_core::TryRngCore,
+};
 use curve25519_dalek::ristretto::RistrettoPoint;
 use curve25519_dalek::scalar::Scalar;
 use password_hash::ParamsString;
-use rand_core::OsRng;
 use scrypt::{Params, Scrypt};
 use sha2::Sha512;
 use sha2::digest::Output;
@@ -38,8 +40,11 @@ fn main() -> Result<()> {
     // the server socket address to bind to
     let server_socket: SocketAddr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 25519);
 
+    // random number generator from OS
+    let mut rng = OsRng.unwrap_err();
+
     // register the user in the database
-    let mut base_client = Client::new(OsRng);
+    let mut base_client = Client::new(rng);
     let mut database: SingleUserDatabase = Default::default();
 
     let params = Params::recommended();
@@ -67,7 +72,7 @@ fn main() -> Result<()> {
 
         // buffer for receiving packets
         let mut buf = [0u8; 1024];
-        let mut base_server = Server::new(OsRng);
+        let mut base_server = Server::new(rng);
 
         // ===== SSID Establishment =====
         let (server, message) = base_server.begin();
@@ -87,7 +92,7 @@ fn main() -> Result<()> {
         let (server, message) =
             if let ClientMessage::StrongUsername { username, blinded } = client_message {
                 server
-                    .generate_client_info_strong(username, blinded, &database, OsRng)
+                    .generate_client_info_strong(username, blinded, &database, rng)
                     .unwrap()
             } else {
                 panic!("Received invalid client message {:?}", client_message);
@@ -161,7 +166,7 @@ fn main() -> Result<()> {
         };
 
         // ===== Augmentation Layer =====
-        let (client, message) = client.start_augmentation_strong(USERNAME, PASSWORD, &mut OsRng);
+        let (client, message) = client.start_augmentation_strong(USERNAME, PASSWORD, &mut rng);
         let bytes_sent = send!(stream, message);
         CLIENT_BYTES_SENT.fetch_add(bytes_sent, Ordering::SeqCst);
         println!(
@@ -183,7 +188,7 @@ fn main() -> Result<()> {
                 let r = pbkdf_params.get_str("r").unwrap().parse().unwrap();
                 let p = pbkdf_params.get_str("p").unwrap().parse().unwrap();
 
-                Params::new(log_n, r, p, scrypt::Params::RECOMMENDED_LEN).unwrap()
+                Params::new(log_n, r, p).unwrap()
             };
             client.generate_cpace_alloc(x_pub, blinded_salt, params, Scrypt)?
         } else {
@@ -192,7 +197,7 @@ fn main() -> Result<()> {
 
         // ===== CPace substep =====
         let ci = TcpChannelIdentifier::new(stream.local_addr().unwrap(), server_socket).unwrap();
-        let (client, message) = client.generate_public_key(ci, &mut OsRng);
+        let (client, message) = client.generate_public_key(ci, &mut rng);
         let bytes_sent = send!(stream, message);
         CLIENT_BYTES_SENT.fetch_add(bytes_sent, Ordering::SeqCst);
         println!(
@@ -235,7 +240,7 @@ fn main() -> Result<()> {
     let server_key: Output<Sha512> = server_thread.join().unwrap().unwrap();
     assert_eq!(client_key, server_key);
     println!(
-        "Negotiation finished, both parties arrived at a key of: {:X}",
+        "Negotiation finished, both parties arrived at a key of: {:?}",
         client_key
     );
     println!(