Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make inputs to recv_mac and meta_recv_mac immutable #8

Merged
merged 5 commits into from
Jul 24, 2024
Merged

Make inputs to recv_mac and meta_recv_mac immutable #8

merged 5 commits into from
Jul 24, 2024

Conversation

rozbb
Copy link
Owner

@rozbb rozbb commented Jul 24, 2024

Previously, you had to pass a mutable slice to (meta_)recv_mac. Regardless of the output, the value left in the buffer was the XOR of the expected MAC with the received MAC. This is a pretty leaky abstraction, and one that theoretically allows the user to make their own insecure MAC test by simply checking if the buffer is all-zeros.

This PR makes the (meta_)recv_mac input immutable, and instead makes a copy internally. To ensure a copy is made, it requires a &[u8; N] for some constant N. This is a nontrivial choice for API ergonomics, but the MAC sizes for a system do not usually change, and they certainly won't exceed the quantities N that the useful traits on [u8; N] are defined for.

Separately, this PR makes the encryption example more secure by adding nonces and authentication.

@rozbb rozbb merged commit e6535ac into master Jul 24, 2024
1 check passed
@rozbb rozbb deleted the no-mut-mac branch July 24, 2024 04:20
@rozbb rozbb restored the no-mut-mac branch July 24, 2024 18:29
@rozbb rozbb deleted the no-mut-mac branch July 24, 2024 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rozbb