A Rust implementation of the Message Layer Security group messaging protocol

Overview

Molasses

Build Status Coverage

An extremely early implementation of the Message Layer Security group messaging protocol. This repo is based on draft 4 of the MLS protocol specification. To build internal docs, do

cargo doc --document-private-items

Example Usage

See examples/sample_interaction.rs for an example of how to use this crate. To run the example, do

cargo run --example sample_interaction

Warning

This software should not be used in any security-sensitive contexts. Use at your own risk.

License

Licensed under Apache License, Version 2.0, (LICENSE)

Comments
  • Update x25519-dalek requirement from 0.5 to 0.6

    Update x25519-dalek requirement from 0.5 to 0.6

    Updates the requirements on x25519-dalek to permit the latest version.

    Changelog

    Sourced from x25519-dalek's changelog.

    0.6.0

    • Updates rand_core version to 0.5.
    • Adds serde support.
    • Replaces clear_on_drop with zeroize.
    • Use Rust 2018.

    0.5.2

    • Implement Clone for StaticSecret.

    0.5.1

    • Implement Copy, Clone, Debug for PublicKey.
    • Remove doctests.

    0.5.0

    • Adds support for static and ephemeral keys.
    Commits
    • d9c7f28 Bump version to 0.6.0 and update CHANGELOG.
    • d588e2f Merge pull request #52 from DebugSteven/bump-rand
    • be82bcb update rand_core version
    • b651a5e Merge pull request #39 from DebugSteven/zeroize
    • de5d793 use zeroize instead of clear_on_drop
    • e253718 Merge pull request #48 from DebugSteven/serde-support
    • 0c3981d support for serde serialize and deserialize
    • 7af85b8 Merge pull request #49 from dalek-cryptography/rust-2018
    • 9c3d692 Use 2018 edition
    • 1cc37a1 Merge pull request #41 from untoldwind/master
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

    You can always request more updates by clicking Bump now in your Dependabot dashboard.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • Update rand requirement from 0.6 to 0.7

    Update rand requirement from 0.6 to 0.7

    Updates the requirements on rand to permit the latest version.

    Changelog

    Sourced from rand's changelog.

    [0.7.3] - 2020-01-10

    Fixes

    • The Bernoulli distribution constructors now reports an error on NaN and on denominator == 0. (#925)
    • Use std::sync::Once to register fork handler, avoiding possible atomicity violation (#928)
    • Fix documentation on the precision of generated floating-point values

    Changes

    • Unix: make libc dependency optional; only use fork protection with std feature (#928)

    Additions

    • Implement std::error::Error for BernoulliError (#919)

    [0.7.2] - 2019-09-16

    Fixes

    • Fix dependency on rand_core 0.5.1 (#890)

    Additions

    • Unit tests for value stability of distributions added (#888)

    [0.7.1] - 2019-09-13

    Yanked

    This release was yanked since it depends on rand_core::OsRng added in 0.5.1 but specifies a dependency on version 0.5.0 (#890), causing a broken builds when updating from rand 0.7.0 without also updating rand_core.

    Fixes

    • Fix no_std behaviour, appropriately enable c2-chacha's std feature (#844)
    • alloc feature in no_std is available since Rust 1.36 (#856)
    • Fix or squelch issues from Clippy lints (#840)

    Additions

    • Add a no_std target to CI to continuously evaluate no_std status (#844)
    • WeightedIndex: allow adjusting a sub-set of weights (#866)

    [0.7.0] - 2019-06-28

    Fixes

    • Fix incorrect pointer usages revealed by Miri testing (#780, #781)
    • Fix (tiny!) bias in Uniform for 8- and 16-bit ints (#809)

    Crate

    • Bumped MSRV (min supported Rust version) to 1.32.0
    • Updated to Rust Edition 2018 (#823, #824)
    • Removed dependence on rand_xorshift, rand_isaac, rand_jitter crates (#759, #765)
    • Remove dependency on winapi (#724)
    • Removed all build.rs files (#824)
    • Removed code already deprecated in version 0.6 (#757)
    • Removed the serde1 feature (It's still available for backwards compatibility, but it does not do anything. #830)
    • Many documentation changes
    Commits
    • 074cb6a Merge pull request #929 from dhardy/master
    • 0f4e152 Prepare rand 0.7.3 release
    • 5b0d874 Merge pull request #928 from dhardy/libc
    • ae4683c Remove use of deprecated ATOMIC_USIZE_INIT
    • ae3a416 Fix #911: use Once instead of AtomicBool
    • a67173e make libc dependency optional (fork protection requires std)
    • e2dc2c3 Merge pull request #926 from dhardy/fmt
    • fab964d Manual function specification reformatting
    • 3a5d5a8 Use rustfmt::skip for some cases
    • 3a51c3e Manual array reformatting
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

    You can always request more updates by clicking Bump now in your Dependabot dashboard.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • Cannot compile latest commit

    Cannot compile latest commit

    Hi,

    After adding molasses to my project to try it out, I get the following error:

       Compiling molasses v0.1.0 (https://github.com/trailofbits/molasses/?rev=9f9d073eeee49e3e2536a112a01b46b847c7c916#9f9d073e)
    error[E0583]: file not found for module `hash`
      --> /home/restioson/.cargo/git/checkouts/molasses-d81cd9399e6f8d64/9f9d073/src/crypto.rs:12:16
       |
    12 | pub(crate) mod hash;
       |                ^^^^
       |
       = help: name the file either crypto/hash.rs or crypto/hash/mod.rs inside the directory "/home/restioson/.cargo/git/checkouts/molasses-d81cd9399e6f8d64/9f9d073/src"
    
    error: aborting due to previous error
    
    For more information about this error, try `rustc --explain E0583`.
    error: Could not compile `molasses`.
    

    Perhaps was this file mistakenly excluded from the commit?

    opened by Restioson 2
  • Upgrade to GitHub-native Dependabot

    Upgrade to GitHub-native Dependabot

    Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then.

    Dependabot has been fully integrated into GitHub, so you no longer have to install and manage a separate app. This pull request migrates your configuration from Dependabot.com to a config file, using the new syntax. When merged, we'll swap out dependabot-preview (me) for a new dependabot app, and you'll be all set!

    With this change, you'll now use the Dependabot page in GitHub, rather than the Dependabot dashboard, to monitor your version updates, and you'll configure Dependabot through the new config file rather than a UI.

    If you've got any questions or feedback for us, please let us know by creating an issue in the dependabot/dependabot-core repository.

    Learn more about migrating to GitHub-native Dependabot

    Please note that regular @dependabot commands do not work on this pull request.

    dependencies 
    opened by dependabot-preview[bot] 1
  • Update rand requirement from 0.7 to 0.8

    Update rand requirement from 0.7 to 0.8

    Updates the requirements on rand to permit the latest version.

    Changelog

    Sourced from rand's changelog.

    [0.8.1] - 2020-12-31

    Other

    • Enable all stable features in the playground (#1081)

    [0.8.0] - 2020-12-18

    Platform support

    • The minimum supported Rust version is now 1.36 (#1011)
    • getrandom updated to v0.2 (#1041)
    • Remove wasm-bindgen and stdweb feature flags. For details of WASM support, see the getrandom documentation. (#948)
    • ReadRng::next_u32 and next_u64 now use little-Endian conversion instead of native-Endian, affecting results on Big-Endian platforms (#1061)
    • The nightly feature no longer implies the simd_support feature (#1048)
    • Fix simd_support feature to work on current nightlies (#1056)

    Rngs

    • ThreadRng is no longer Copy to enable safe usage within thread-local destructors (#1035)
    • gen_range(a, b) was replaced with gen_range(a..b). gen_range(a..=b) is also supported. Note that a and b can no longer be references or SIMD types. (#744, #1003)
    • Replace AsByteSliceMut with Fill and add support for [bool], [char], [f32], [f64] (#940)
    • Restrict rand::rngs::adapter to std (#1027; see also #928)
    • StdRng: add new std_rng feature flag (enabled by default, but might need to be used if disabling default crate features) (#948)
    • StdRng: Switch from ChaCha20 to ChaCha12 for better performance (#1028)
    • SmallRng: Replace PCG algorithm with xoshiro{128,256}++ (#1038)

    Sequences

    • Add IteratorRandom::choose_stable as an alternative to choose which does not depend on size hints (#1057)
    • Improve accuracy and performance of IteratorRandom::choose (#1059)
    • Implement IntoIterator for IndexVec, replacing the into_iter method (#1007)
    • Add value stability tests for seq module (#933)

    Misc

    • Support PartialEq and Eq for StdRng, SmallRng and StepRng (#979)
    • Added a serde1 feature and added Serialize/Deserialize to UniformInt and WeightedIndex (#974)
    • Drop some unsafe code (#962, #963, #1011)
    • Reduce packaged crate size (#983)
    • Migrate to GitHub Actions from Travis+AppVeyor (#1073)

    Distributions

    • Alphanumeric samples bytes instead of chars (#935)
    • Uniform now supports char, enabling rng.gen_range('A'..='Z') (#1068)
    • Add UniformSampler::sample_single_inclusive (#1003)

    Weighted sampling

    • Implement weighted sampling without replacement (#976, #1013)
    • rand::distributions::alias_method::WeightedIndex was moved to rand_distr::WeightedAliasIndex. The simpler alternative rand::distribution::WeightedIndex remains. (#945)
    • Improve treatment of rounding errors in WeightedIndex::update_weights (#956)
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update crossbeam requirement from 0.7 to 0.8

    Update crossbeam requirement from 0.7 to 0.8

    Updates the requirements on crossbeam to permit the latest version.

    Changelog

    Sourced from crossbeam's changelog.

    Version 0.8.0

    • Bump the minimum supported Rust version to 1.36.
    • Bump crossbeam-channel to 0.5.
    • Bump crossbeam-deque to 0.8.
    • Bump crossbeam-epoch to 0.9.
    • Bump crossbeam-queue to 0.3.
    • Bump crossbeam-utils to 0.8.

    Version 0.7.3

    • Fix breakage with nightly feature due to rust-lang/rust#65214.
    • Bump crossbeam-channel to 0.4.
    • Bump crossbeam-epoch to 0.8.
    • Bump crossbeam-queue to 0.2.
    • Bump crossbeam-utils to 0.7.

    Version 0.7.2

    • Bump crossbeam-channel to 0.3.9.
    • Bump crossbeam-epoch to 0.7.2.
    • Bump crossbeam-utils to 0.6.6.

    Version 0.7.1

    • Bump crossbeam-utils to 0.6.5.

    Version 0.7.0

    • Remove ArcCell, MsQueue, and TreiberStack.
    • Change the interface of ShardedLock to match RwLock.
    • Add SegQueue::len().
    • Rename SegQueue::try_pop() to SegQueue::pop().
    • Change the return type of SegQueue::pop() to Result.
    • Introduce ArrayQueue.
    • Update dependencies.

    Version 0.6.0

    • Update dependencies.

    Version 0.5.0

    • Update crossbeam-channel to 0.3.
    • Update crossbeam-utils to 0.6.
    • Add AtomicCell, SharedLock, and WaitGroup.

    Version 0.4.1

    • Fix a double-free bug in MsQueue and SegQueue.
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update x25519-dalek requirement from 0.6 to 1.1

    Update x25519-dalek requirement from 0.6 to 1.1

    Updates the requirements on x25519-dalek to permit the latest version.

    Changelog

    Sourced from x25519-dalek's changelog.

    1.1.0

    • Add impls of PartialEq, Eq, and Hash for PublicKey (by @jack-michaud)

    1.0.1

    • Update underlying curve25519_dalek library to 3.0.

    1.0.0

    • Widen generic bound on EphemeralSecret::new and StaticSecret::new to allow owned as well as borrowed RNGs.
    • Add PublicKey::to_bytes and SharedSecret::to_bytes, returning owned byte arrays, complementing the existing as_bytes methods returning references.
    • Remove mention of deprecated rand_os crate from examples.
    • Clarify EphemeralSecret/StaticSecret distinction in documentation.

    0.6.0

    • Updates rand_core version to 0.5.
    • Adds serde support.
    • Replaces clear_on_drop with zeroize.
    • Use Rust 2018.

    0.5.2

    • Implement Clone for StaticSecret.

    0.5.1

    • Implement Copy, Clone, Debug for PublicKey.
    • Remove doctests.

    0.5.0

    • Adds support for static and ephemeral keys.
    Commits
    • e8615a9 bump version to 1.1.0 and update CHANGELOG
    • 1ede527 Merge pull request #63 from jack-michaud/derive-partialeq
    • 3c09664 Feedback from @hdevalence - Added derive for Eq and Hash
    • 48df927 Add PartialEq derive to PublicKey
    • fd12c03 Merge branch 'master' into develop
    • d438d48 Merge branch 'release/1.0.1'
    • af6d5bd Bump version to 1.0.1
    • b8e6fb7 Merge pull request #62 from dalek-cryptography/curve-3
    • 2408e6b Update curve25519-dalek to version 3.0.0.
    • 1781dd3 Merge branch 'master' into develop
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update x25519-dalek requirement from 0.6 to 1.0

    Update x25519-dalek requirement from 0.6 to 1.0

    Updates the requirements on x25519-dalek to permit the latest version.

    Changelog

    Sourced from x25519-dalek's changelog.

    1.0.1

    • Update underlying curve25519_dalek library to 3.0.

    1.0.0

    • Widen generic bound on EphemeralSecret::new and StaticSecret::new to allow owned as well as borrowed RNGs.
    • Add PublicKey::to_bytes and SharedSecret::to_bytes, returning owned byte arrays, complementing the existing as_bytes methods returning references.
    • Remove mention of deprecated rand_os crate from examples.
    • Clarify EphemeralSecret/StaticSecret distinction in documentation.

    0.6.0

    • Updates rand_core version to 0.5.
    • Adds serde support.
    • Replaces clear_on_drop with zeroize.
    • Use Rust 2018.

    0.5.2

    • Implement Clone for StaticSecret.

    0.5.1

    • Implement Copy, Clone, Debug for PublicKey.
    • Remove doctests.

    0.5.0

    • Adds support for static and ephemeral keys.
    Commits
    • af6d5bd Bump version to 1.0.1
    • b8e6fb7 Merge pull request #62 from dalek-cryptography/curve-3
    • 2408e6b Update curve25519-dalek to version 3.0.0.
    • 1781dd3 Merge branch 'master' into develop
    • bddb3c7 Merge branch 'release/1.0.0'
    • 1b01d59 Bump version to 1.0.0 and update CHANGELOG.md
    • 122d4bb Merge pull request #61 from dalek-cryptography/clarify-ephemeral-static
    • fb92cd8 Clarify Ephemeral/StaticSecret docs.
    • 736f8dd Merge pull request #60 from dalek-cryptography/remove-rand-os-example
    • 5d245dc Merge pull request #43 from peat/master
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update digest requirement from 0.8 to 0.9

    Update digest requirement from 0.8 to 0.9

    Updates the requirements on digest to permit the latest version.

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

    You can always request more updates by clicking Bump now in your Dependabot dashboard.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update hex requirement from 0.3 to 0.4

    Update hex requirement from 0.3 to 0.4

    Updates the requirements on hex to permit the latest version.

    Commits
    • be0c32f fix: Bump to v0.4.2
    • 4bc3e21 Fix compile error on older rustc versions
    • 78359a8 Bump version (v0.4.1)
    • 85fe726 README reworks and copyright dates update
    • 83a0261 tests/serde: Fix test names
    • e8e2506 github-workflows: Improve GitHub Workflow tests.
    • 3b8a77d Add serde support
    • b1d2318 Fix broken tests
    • 764ee61 Fix Error::InvalidHexCharacter::to_string
    • f98cad4 Remove deprecated Error::description implementation
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

    You can always request more updates by clicking Bump now in your Dependabot dashboard.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update quickcheck requirement from 0.9 to 1.0

    Update quickcheck requirement from 0.9 to 1.0

    Updates the requirements on quickcheck to permit the latest version.

    Commits
    • 40ebcc6 1.0.1
    • 74d0c60 deps: trim 'rand' dependencies
    • 9dfcf7f release: more preparation for 1.0 release
    • 480a879 release: prepare for 1.0 release
    • c773663 semver: add note on compatibility
    • d44b417 style: tweak formatting of top-level comment
    • 282f146 msrv: bump to 1.46.0 and specify policy
    • 467f272 deps: update env_logger
    • 319145d deps: upgrade rand to 0.8
    • d286e4d rand: remove rand as a public dependency
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 0
  • Update digest requirement from 0.9 to 0.10

    Update digest requirement from 0.9 to 0.10

    Updates the requirements on digest to permit the latest version.

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Update rand requirement from 0.7 to 0.8

    Update rand requirement from 0.7 to 0.8

    Updates the requirements on rand to permit the latest version.

    Changelog

    Sourced from rand's changelog.

    [0.8.4] - 2021-06-15

    Additions

    • Use const-generics to support arrays of all sizes (#1104)
    • Implement Clone and Copy for Alphanumeric (#1126)
    • Add Distribution::map to derive a distribution using a closure (#1129)
    • Add Slice distribution (#1107)
    • Add DistString trait with impls for Standard and Alphanumeric (#1133)

    Other

    • Reorder asserts in Uniform float distributions for easier debugging of non-finite arguments (#1094, #1108)
    • Add range overflow check in Uniform float distributions (#1108)
    • Deprecate rngs::adapter::ReadRng (#1130)

    [0.8.3] - 2021-01-25

    Fixes

    • Fix no-std + alloc build by gating choose_multiple_weighted on std (#1088)

    [0.8.2] - 2021-01-12

    Fixes

    • Fix panic in UniformInt::sample_single_inclusive and Rng::gen_range when providing a full integer range (eg 0..=MAX) (#1087)

    [0.8.1] - 2020-12-31

    Other

    • Enable all stable features in the playground (#1081)

    [0.8.0] - 2020-12-18

    Platform support

    • The minimum supported Rust version is now 1.36 (#1011)
    • getrandom updated to v0.2 (#1041)
    • Remove wasm-bindgen and stdweb feature flags. For details of WASM support, see the getrandom documentation. (#948)
    • ReadRng::next_u32 and next_u64 now use little-Endian conversion instead of native-Endian, affecting results on Big-Endian platforms (#1061)
    • The nightly feature no longer implies the simd_support feature (#1048)
    • Fix simd_support feature to work on current nightlies (#1056)

    Rngs

    • ThreadRng is no longer Copy to enable safe usage within thread-local destructors (#1035)
    • gen_range(a, b) was replaced with gen_range(a..b). gen_range(a..=b) is also supported. Note that a and b can no longer be references or SIMD types. (#744, #1003)
    • Replace AsByteSliceMut with Fill and add support for [bool], [char], [f32], [f64] (#940)
    • Restrict rand::rngs::adapter to std (#1027; see also #928)
    • StdRng: add new std_rng feature flag (enabled by default, but might need to be used if disabling default crate features) (#948)
    • StdRng: Switch from ChaCha20 to ChaCha12 for better performance (#1028)
    • SmallRng: Replace PCG algorithm with xoshiro{128,256}++ (#1038)

    Sequences

    ... (truncated)

    Commits
    • 8792268 Merge pull request #1137 from rust-random/work2
    • 1bfc53d Update changelogs and bump version numbers
    • 4534311 Merge pull request #1133 from rust-random/work2
    • 81f1af8 Correct usage of reserve
    • fa17d1c Add comment to append_string for Standard
    • b4c1d66 Add DistString
    • 1947c89 Move Distribution trait and associates to sub-module
    • 98a0339 Merge pull request #1135 from dhardy/work
    • a7f8fb7 Prepare rand_chacha v0.3.1 release
    • 09d3df3 Merge pull request #1130 from dhardy/work
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Use the RustCrypto crates instead of ring?

    Use the RustCrypto crates instead of ring?

    This project already includes several RustCrypto crates via the dalek crates. As far as I can see from it you only use AES-GCM, SHA-256, HMAC, and HKDF. I think such migration will allow to simplify code and build process, as well as make the crate more portable. Of course the linked crates have several disadvantages compared to ring:

    • Lack of runtime CPUID-based detection in the aes-gcm crate.
    • A bit slower software implementation of SHA-256.

    The latter issue can be compensated a bit by enabling the asm feature (though performance still will not be quite on par with ring). Also if CPU has SHA-extension, the crate will detect it during runtime and will use efficient intrinsic-based code.

    If you have any questions regarding RustCrypto crates, I will be glad to answer them.

    enhancement help wanted 
    opened by newpavlov 1
Owner
Trail of Bits
More code: binary lifters @lifting-bits, blockchain @crytic
Trail of Bits
Terabethia - A Bridge and Messaging Protocol between Ethereum and the Internet Computer.

Terabethia - A Bridge Between Ethereum & the Internet Computer Terabethia is a bridge between Ethereum & the Internet Computer that contracts in both

Psychedelic 34 Sep 13, 2022
An open source desktop wallet for nano and banano with end-to-end encrypted, on chain messaging using the dagchat protocol.

An open source wallet with end-to-end encrypted, on chain messaging for nano and banano using the dagchat protocol.

derfarctor 15 Jul 19, 2022
An encrypted multi client messaging system written in pure Rust

?? Preamble This is a pure Rust multi-client encrypted messaging system, also known as Edode's Secured Messaging System. It is an end-to-end(s) commun

Edode 3 Sep 16, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Sep 21, 2022
A pure-Rust implementation of group operations on Ristretto and Curve25519

curve25519-dalek A pure-Rust implementation of group operations on Ristretto and Curve25519. curve25519-dalek is a library providing group operations

dalek cryptography 587 Sep 21, 2022
Implementation of the BLS12-381 pairing-friendly elliptic curve group

bls12_381 This crate provides an implementation of the BLS12-381 pairing-friendly elliptic curve construction. This implementation has not been review

Zero-knowledge Cryptography in Rust 166 Sep 20, 2022
Cross-chain bridge message delivery network. We are hiring, [email protected]

Introduction Implementation of a https://darwinia.network node in Rust based on the Substrate framework. This repository contains runtimes for the Dar

Darwinia Network 214 Sep 15, 2022
Two-party and multi-party ECDSA protocols based on class group with Rust

CG-MPC-ECDSA This project aims to implement two-party and multi-party ECDSA protocols based on class group with Rust. It currently includes schemes de

LatticeX Foundation 16 Mar 17, 2022
Multilayered Linkable Spontaneous Anonymous Group - Implemented as is from paper. Not Monero specific

MLSAG This is a pure Rust implementation of the Multilayered Linkable Spontaneous Anonymous Group construction. This implementation has not been revie

Crate Crypto 19 Jan 2, 2022
Schnorr VRFs and signatures on the Ristretto group

schnorrkel Schnorrkel implements Schnorr signature on Ristretto compressed Ed25519 points, as well as related protocols like HDKD, MuSig, and a verifi

Web3 Foundation 242 Sep 16, 2022
Official implementation of the YeeCo Root Chain (Layer 1)

yeeroot Official implementation of the YeeCo Root Chain (Layer 1) YeeCo is a permissionless, secure, high performance and scalable public blockchain p

YeeCo 28 Sep 14, 2022
Bindings to the macOS Security.framework

macOS/iOS Security framework for Rust Documentation Bindings to the Apple's Security.framework. Allows use of TLS and Keychain from Rust. License Lice

Kornel 163 Sep 22, 2022
A suite of programs for Solana key management and security.

?? goki Goki is a suite of programs for Solana key management and security. It currently features: Goki Smart Wallet: A wallet loosely based on the Se

Goki Protocol 152 Sep 9, 2022
Audit Cargo.lock files for dependencies with security vulnerabilities

RustSec Crates ?? ??️ ?? The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via crates.io. The a

RustSec 1.1k Sep 22, 2022
An uploader honeypot designed to look like poor website security.

HoneyUp An uploader honeypot designed to look like poor website security. Requirements Linux server NGiNX Rust toolchain (build only) Installation Bui

Chad Baxter 20 Aug 3, 2022
Ingraind - a security monitoring agent built around RedBPF for complex containerized environments and endpoints.

ingraind is a security monitoring agent built around RedBPF for complex containerized environments and endpoints. The ingraind agent uses eBPF probes to provide safe and performant instrumentation for any Linux-based environment.

KingoOo 5 Apr 6, 2022
security.txt for Solana Contracts

security.txt This library defines a macro, which allows developers to provide easy-to-parse information to security researchers that wish to contact t

Neodyme 66 Sep 16, 2022
Automated security testing for open source libraries and applications.

autovet continuously searches for security breaches in open source libraries and applications. Recently processed packages package version channel las

null 5 Aug 23, 2022
Open-source tool to enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆

privacy-sexy Open-source tool to enforce privacy & security best-practices on Windows and MacOs, because privacy is sexy ?? ?? privacy-sexy is a data-

Subconscious Compute 2 Sep 6, 2022