diff --git a/Cargo.lock b/Cargo.lock index bbee89f..98ec367 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -368,9 +368,9 @@ dependencies = [ [[package]] name = "hybrid-array" -version = "0.2.0-rc.8" +version = "0.2.0-rc.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53668f5da5a41d9eaf4bf7064be46d1ebe6a4e1ceed817f387587b18f2b51047" +checksum = "4d306b679262030ad8813a82d4915fc04efff97776e4db7f8eb5137039d56400" dependencies = [ "typenum", "zeroize", diff --git a/ssh-cipher/src/chacha20poly1305.rs b/ssh-cipher/src/chacha20poly1305.rs index 751db88..2a4e8d7 100644 --- a/ssh-cipher/src/chacha20poly1305.rs +++ b/ssh-cipher/src/chacha20poly1305.rs @@ -46,7 +46,7 @@ impl ChaCha20Poly1305 { // TODO(tarcieri): support for using both keys let (k_2, _k_1) = key.split_at(KEY_SIZE); - let key = Key::from_slice(k_2); + let key = Key::try_from(k_2).map_err(|_| Error::KeySize)?; let nonce = if nonce.is_empty() { // For key encryption @@ -55,7 +55,7 @@ impl ChaCha20Poly1305 { Nonce::try_from(nonce).map_err(|_| Error::IvSize)? }; - let mut cipher = ChaCha20::new(key, &nonce.into()); + let mut cipher = ChaCha20::new(&key, &nonce.into()); let mut poly1305_key = poly1305::Key::default(); cipher.apply_keystream(&mut poly1305_key); diff --git a/ssh-key/src/signature.rs b/ssh-key/src/signature.rs index 75a997e..4634562 100644 --- a/ssh-key/src/signature.rs +++ b/ssh-key/src/signature.rs @@ -534,19 +534,15 @@ impl TryFrom<&Signature> for p256::ecdsa::Signature { } #[cfg(feature = "p256")] fn p256_signature_from_openssh_bytes(mut signature_bytes: &[u8]) -> Result { - const FIELD_SIZE: usize = 32; - let reader = &mut signature_bytes; let r = Mpint::decode(reader)?; let s = Mpint::decode(reader)?; match (r.as_positive_bytes(), s.as_positive_bytes()) { - (Some(r), Some(s)) if r.len() == FIELD_SIZE && s.len() == FIELD_SIZE => { - Ok(p256::ecdsa::Signature::from_scalars( - *p256::FieldBytes::from_slice(r), - *p256::FieldBytes::from_slice(s), - )?) - } + (Some(r), Some(s)) => Ok(p256::ecdsa::Signature::from_scalars( + p256::FieldBytes::try_from(r).map_err(|_| Error::Crypto)?, + p256::FieldBytes::try_from(s).map_err(|_| Error::Crypto)?, + )?), _ => Err(Error::Crypto), } } @@ -556,8 +552,6 @@ impl TryFrom<&Signature> for p384::ecdsa::Signature { type Error = Error; fn try_from(signature: &Signature) -> Result { - const FIELD_SIZE: usize = 48; - match signature.algorithm { Algorithm::Ecdsa { curve: EcdsaCurve::NistP384, @@ -567,12 +561,10 @@ impl TryFrom<&Signature> for p384::ecdsa::Signature { let s = Mpint::decode(reader)?; match (r.as_positive_bytes(), s.as_positive_bytes()) { - (Some(r), Some(s)) if r.len() == FIELD_SIZE && s.len() == FIELD_SIZE => { - Ok(p384::ecdsa::Signature::from_scalars( - *p384::FieldBytes::from_slice(r), - *p384::FieldBytes::from_slice(s), - )?) - } + (Some(r), Some(s)) => Ok(p384::ecdsa::Signature::from_scalars( + p384::FieldBytes::try_from(r).map_err(|_| Error::Crypto)?, + p384::FieldBytes::try_from(s).map_err(|_| Error::Crypto)?, + )?), _ => Err(Error::Crypto), } } @@ -586,8 +578,6 @@ impl TryFrom<&Signature> for p521::ecdsa::Signature { type Error = Error; fn try_from(signature: &Signature) -> Result { - const FIELD_SIZE: usize = 66; - match signature.algorithm { Algorithm::Ecdsa { curve: EcdsaCurve::NistP521, @@ -597,12 +587,10 @@ impl TryFrom<&Signature> for p521::ecdsa::Signature { let s = Mpint::decode(reader)?; match (r.as_positive_bytes(), s.as_positive_bytes()) { - (Some(r), Some(s)) if r.len() == FIELD_SIZE && s.len() == FIELD_SIZE => { - Ok(p521::ecdsa::Signature::from_scalars( - *p521::FieldBytes::from_slice(r), - *p521::FieldBytes::from_slice(s), - )?) - } + (Some(r), Some(s)) => Ok(p521::ecdsa::Signature::from_scalars( + p521::FieldBytes::try_from(r).map_err(|_| Error::Crypto)?, + p521::FieldBytes::try_from(s).map_err(|_| Error::Crypto)?, + )?), _ => Err(Error::Crypto), } }