A Rust implementation of the Message Layer Security group messaging protocol

Overview

Molasses

Build Status Coverage

An extremely early implementation of the Message Layer Security group messaging protocol. This repo is based on draft 4 of the MLS protocol specification. To build internal docs, do

cargo doc --document-private-items

Example Usage

See examples/sample_interaction.rs for an example of how to use this crate. To run the example, do

cargo run --example sample_interaction

Warning

This software should not be used in any security-sensitive contexts. Use at your own risk.

License

Licensed under Apache License, Version 2.0, (LICENSE)

Comments
  • Update x25519-dalek requirement from 0.5 to 0.6

    Update x25519-dalek requirement from 0.5 to 0.6

    Updates the requirements on x25519-dalek to permit the latest version.

    Changelog

    Sourced from x25519-dalek's changelog.

    0.6.0

    • Updates rand_core version to 0.5.
    • Adds serde support.
    • Replaces clear_on_drop with zeroize.
    • Use Rust 2018.

    0.5.2

    • Implement Clone for StaticSecret.

    0.5.1

    • Implement Copy, Clone, Debug for PublicKey.
    • Remove doctests.

    0.5.0

    • Adds support for static and ephemeral keys.
    Commits
    • d9c7f28 Bump version to 0.6.0 and update CHANGELOG.
    • d588e2f Merge pull request #52 from DebugSteven/bump-rand
    • be82bcb update rand_core version
    • b651a5e Merge pull request #39 from DebugSteven/zeroize
    • de5d793 use zeroize instead of clear_on_drop
    • e253718 Merge pull request #48 from DebugSteven/serde-support
    • 0c3981d support for serde serialize and deserialize
    • 7af85b8 Merge pull request #49 from dalek-cryptography/rust-2018
    • 9c3d692 Use 2018 edition
    • 1cc37a1 Merge pull request #41 from untoldwind/master
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

    You can always request more updates by clicking Bump now in your Dependabot dashboard.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • Update rand requirement from 0.6 to 0.7

    Update rand requirement from 0.6 to 0.7

    Updates the requirements on rand to permit the latest version.

    Changelog

    Sourced from rand's changelog.

    [0.7.3] - 2020-01-10

    Fixes

    • The Bernoulli distribution constructors now reports an error on NaN and on denominator == 0. (#925)
    • Use std::sync::Once to register fork handler, avoiding possible atomicity violation (#928)
    • Fix documentation on the precision of generated floating-point values

    Changes

    • Unix: make libc dependency optional; only use fork protection with std feature (#928)

    Additions

    • Implement std::error::Error for BernoulliError (#919)

    [0.7.2] - 2019-09-16

    Fixes

    • Fix dependency on rand_core 0.5.1 (#890)

    Additions

    • Unit tests for value stability of distributions added (#888)

    [0.7.1] - 2019-09-13

    Yanked

    This release was yanked since it depends on rand_core::OsRng added in 0.5.1 but specifies a dependency on version 0.5.0 (#890), causing a broken builds when updating from rand 0.7.0 without also updating rand_core.

    Fixes

    • Fix no_std behaviour, appropriately enable c2-chacha's std feature (#844)
    • alloc feature in no_std is available since Rust 1.36 (#856)
    • Fix or squelch issues from Clippy lints (#840)

    Additions

    • Add a no_std target to CI to continuously evaluate no_std status (#844)
    • WeightedIndex: allow adjusting a sub-set of weights (#866)

    [0.7.0] - 2019-06-28

    Fixes

    • Fix incorrect pointer usages revealed by Miri testing (#780, #781)
    • Fix (tiny!) bias in Uniform for 8- and 16-bit ints (#809)

    Crate

    • Bumped MSRV (min supported Rust version) to 1.32.0
    • Updated to Rust Edition 2018 (#823, #824)
    • Removed dependence on rand_xorshift, rand_isaac, rand_jitter crates (#759, #765)
    • Remove dependency on winapi (#724)
    • Removed all build.rs files (#824)
    • Removed code already deprecated in version 0.6 (#757)
    • Removed the serde1 feature (It's still available for backwards compatibility, but it does not do anything. #830)
    • Many documentation changes
    Commits
    • 074cb6a Merge pull request #929 from dhardy/master
    • 0f4e152 Prepare rand 0.7.3 release
    • 5b0d874 Merge pull request #928 from dhardy/libc
    • ae4683c Remove use of deprecated ATOMIC_USIZE_INIT
    • ae3a416 Fix #911: use Once instead of AtomicBool
    • a67173e make libc dependency optional (fork protection requires std)
    • e2dc2c3 Merge pull request #926 from dhardy/fmt
    • fab964d Manual function specification reformatting
    • 3a5d5a8 Use rustfmt::skip for some cases
    • 3a51c3e Manual array reformatting
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

    You can always request more updates by clicking Bump now in your Dependabot dashboard.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • Cannot compile latest commit

    Cannot compile latest commit

    Hi,

    After adding molasses to my project to try it out, I get the following error:

       Compiling molasses v0.1.0 (https://github.com/trailofbits/molasses/?rev=9f9d073eeee49e3e2536a112a01b46b847c7c916#9f9d073e)
    error[E0583]: file not found for module `hash`
      --> /home/restioson/.cargo/git/checkouts/molasses-d81cd9399e6f8d64/9f9d073/src/crypto.rs:12:16
       |
    12 | pub(crate) mod hash;
       |                ^^^^
       |
       = help: name the file either crypto/hash.rs or crypto/hash/mod.rs inside the directory "/home/restioson/.cargo/git/checkouts/molasses-d81cd9399e6f8d64/9f9d073/src"
    
    error: aborting due to previous error
    
    For more information about this error, try `rustc --explain E0583`.
    error: Could not compile `molasses`.
    

    Perhaps was this file mistakenly excluded from the commit?

    opened by Restioson 2
  • Upgrade to GitHub-native Dependabot

    Upgrade to GitHub-native Dependabot

    Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then.

    Dependabot has been fully integrated into GitHub, so you no longer have to install and manage a separate app. This pull request migrates your configuration from Dependabot.com to a config file, using the new syntax. When merged, we'll swap out dependabot-preview (me) for a new dependabot app, and you'll be all set!

    With this change, you'll now use the Dependabot page in GitHub, rather than the Dependabot dashboard, to monitor your version updates, and you'll configure Dependabot through the new config file rather than a UI.

    If you've got any questions or feedback for us, please let us know by creating an issue in the dependabot/dependabot-core repository.

    Learn more about migrating to GitHub-native Dependabot

    Please note that regular @dependabot commands do not work on this pull request.

    dependencies 
    opened by dependabot-preview[bot] 1
  • Update rand requirement from 0.7 to 0.8

    Update rand requirement from 0.7 to 0.8

    Updates the requirements on rand to permit the latest version.

    Changelog

    Sourced from rand's changelog.

    [0.8.1] - 2020-12-31

    Other

    • Enable all stable features in the playground (#1081)

    [0.8.0] - 2020-12-18

    Platform support

    • The minimum supported Rust version is now 1.36 (#1011)
    • getrandom updated to v0.2 (#1041)
    • Remove wasm-bindgen and stdweb feature flags. For details of WASM support, see the getrandom documentation. (#948)
    • ReadRng::next_u32 and next_u64 now use little-Endian conversion instead of native-Endian, affecting results on Big-Endian platforms (#1061)
    • The nightly feature no longer implies the simd_support feature (#1048)
    • Fix simd_support feature to work on current nightlies (#1056)

    Rngs

    • ThreadRng is no longer Copy to enable safe usage within thread-local destructors (#1035)
    • gen_range(a, b) was replaced with gen_range(a..b). gen_range(a..=b) is also supported. Note that a and b can no longer be references or SIMD types. (#744, #1003)
    • Replace AsByteSliceMut with Fill and add support for [bool], [char], [f32], [f64] (#940)
    • Restrict rand::rngs::adapter to std (#1027; see also #928)
    • StdRng: add new std_rng feature flag (enabled by default, but might need to be used if disabling default crate features) (#948)
    • StdRng: Switch from ChaCha20 to ChaCha12 for better performance (#1028)
    • SmallRng: Replace PCG algorithm with xoshiro{128,256}++ (#1038)

    Sequences

    • Add IteratorRandom::choose_stable as an alternative to choose which does not depend on size hints (#1057)
    • Improve accuracy and performance of IteratorRandom::choose (#1059)
    • Implement IntoIterator for IndexVec, replacing the into_iter method (#1007)
    • Add value stability tests for seq module (#933)

    Misc

    • Support PartialEq and Eq for StdRng, SmallRng and StepRng (#979)
    • Added a serde1 feature and added Serialize/Deserialize to UniformInt and WeightedIndex (#974)
    • Drop some unsafe code (#962, #963, #1011)
    • Reduce packaged crate size (#983)
    • Migrate to GitHub Actions from Travis+AppVeyor (#1073)

    Distributions

    • Alphanumeric samples bytes instead of chars (#935)
    • Uniform now supports char, enabling rng.gen_range('A'..='Z') (#1068)
    • Add UniformSampler::sample_single_inclusive (#1003)

    Weighted sampling

    • Implement weighted sampling without replacement (#976, #1013)
    • rand::distributions::alias_method::WeightedIndex was moved to rand_distr::WeightedAliasIndex. The simpler alternative rand::distribution::WeightedIndex remains. (#945)
    • Improve treatment of rounding errors in WeightedIndex::update_weights (#956)
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update crossbeam requirement from 0.7 to 0.8

    Update crossbeam requirement from 0.7 to 0.8

    Updates the requirements on crossbeam to permit the latest version.

    Changelog

    Sourced from crossbeam's changelog.

    Version 0.8.0

    • Bump the minimum supported Rust version to 1.36.
    • Bump crossbeam-channel to 0.5.
    • Bump crossbeam-deque to 0.8.
    • Bump crossbeam-epoch to 0.9.
    • Bump crossbeam-queue to 0.3.
    • Bump crossbeam-utils to 0.8.

    Version 0.7.3

    • Fix breakage with nightly feature due to rust-lang/rust#65214.
    • Bump crossbeam-channel to 0.4.
    • Bump crossbeam-epoch to 0.8.
    • Bump crossbeam-queue to 0.2.
    • Bump crossbeam-utils to 0.7.

    Version 0.7.2

    • Bump crossbeam-channel to 0.3.9.
    • Bump crossbeam-epoch to 0.7.2.
    • Bump crossbeam-utils to 0.6.6.

    Version 0.7.1

    • Bump crossbeam-utils to 0.6.5.

    Version 0.7.0

    • Remove ArcCell, MsQueue, and TreiberStack.
    • Change the interface of ShardedLock to match RwLock.
    • Add SegQueue::len().
    • Rename SegQueue::try_pop() to SegQueue::pop().
    • Change the return type of SegQueue::pop() to Result.
    • Introduce ArrayQueue.
    • Update dependencies.

    Version 0.6.0

    • Update dependencies.

    Version 0.5.0

    • Update crossbeam-channel to 0.3.
    • Update crossbeam-utils to 0.6.
    • Add AtomicCell, SharedLock, and WaitGroup.

    Version 0.4.1

    • Fix a double-free bug in MsQueue and SegQueue.
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update x25519-dalek requirement from 0.6 to 1.1

    Update x25519-dalek requirement from 0.6 to 1.1

    Updates the requirements on x25519-dalek to permit the latest version.

    Changelog

    Sourced from x25519-dalek's changelog.

    1.1.0

    • Add impls of PartialEq, Eq, and Hash for PublicKey (by @jack-michaud)

    1.0.1

    • Update underlying curve25519_dalek library to 3.0.

    1.0.0

    • Widen generic bound on EphemeralSecret::new and StaticSecret::new to allow owned as well as borrowed RNGs.
    • Add PublicKey::to_bytes and SharedSecret::to_bytes, returning owned byte arrays, complementing the existing as_bytes methods returning references.
    • Remove mention of deprecated rand_os crate from examples.
    • Clarify EphemeralSecret/StaticSecret distinction in documentation.

    0.6.0

    • Updates rand_core version to 0.5.
    • Adds serde support.
    • Replaces clear_on_drop with zeroize.
    • Use Rust 2018.

    0.5.2

    • Implement Clone for StaticSecret.

    0.5.1

    • Implement Copy, Clone, Debug for PublicKey.
    • Remove doctests.

    0.5.0

    • Adds support for static and ephemeral keys.
    Commits
    • e8615a9 bump version to 1.1.0 and update CHANGELOG
    • 1ede527 Merge pull request #63 from jack-michaud/derive-partialeq
    • 3c09664 Feedback from @hdevalence - Added derive for Eq and Hash
    • 48df927 Add PartialEq derive to PublicKey
    • fd12c03 Merge branch 'master' into develop
    • d438d48 Merge branch 'release/1.0.1'
    • af6d5bd Bump version to 1.0.1
    • b8e6fb7 Merge pull request #62 from dalek-cryptography/curve-3
    • 2408e6b Update curve25519-dalek to version 3.0.0.
    • 1781dd3 Merge branch 'master' into develop
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update x25519-dalek requirement from 0.6 to 1.0

    Update x25519-dalek requirement from 0.6 to 1.0

    Updates the requirements on x25519-dalek to permit the latest version.

    Changelog

    Sourced from x25519-dalek's changelog.

    1.0.1

    • Update underlying curve25519_dalek library to 3.0.

    1.0.0

    • Widen generic bound on EphemeralSecret::new and StaticSecret::new to allow owned as well as borrowed RNGs.
    • Add PublicKey::to_bytes and SharedSecret::to_bytes, returning owned byte arrays, complementing the existing as_bytes methods returning references.
    • Remove mention of deprecated rand_os crate from examples.
    • Clarify EphemeralSecret/StaticSecret distinction in documentation.

    0.6.0

    • Updates rand_core version to 0.5.
    • Adds serde support.
    • Replaces clear_on_drop with zeroize.
    • Use Rust 2018.

    0.5.2

    • Implement Clone for StaticSecret.

    0.5.1

    • Implement Copy, Clone, Debug for PublicKey.
    • Remove doctests.

    0.5.0

    • Adds support for static and ephemeral keys.
    Commits
    • af6d5bd Bump version to 1.0.1
    • b8e6fb7 Merge pull request #62 from dalek-cryptography/curve-3
    • 2408e6b Update curve25519-dalek to version 3.0.0.
    • 1781dd3 Merge branch 'master' into develop
    • bddb3c7 Merge branch 'release/1.0.0'
    • 1b01d59 Bump version to 1.0.0 and update CHANGELOG.md
    • 122d4bb Merge pull request #61 from dalek-cryptography/clarify-ephemeral-static
    • fb92cd8 Clarify Ephemeral/StaticSecret docs.
    • 736f8dd Merge pull request #60 from dalek-cryptography/remove-rand-os-example
    • 5d245dc Merge pull request #43 from peat/master
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update digest requirement from 0.8 to 0.9

    Update digest requirement from 0.8 to 0.9

    Updates the requirements on digest to permit the latest version.

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

    You can always request more updates by clicking Bump now in your Dependabot dashboard.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update hex requirement from 0.3 to 0.4

    Update hex requirement from 0.3 to 0.4

    Updates the requirements on hex to permit the latest version.

    Commits
    • be0c32f fix: Bump to v0.4.2
    • 4bc3e21 Fix compile error on older rustc versions
    • 78359a8 Bump version (v0.4.1)
    • 85fe726 README reworks and copyright dates update
    • 83a0261 tests/serde: Fix test names
    • e8e2506 github-workflows: Improve GitHub Workflow tests.
    • 3b8a77d Add serde support
    • b1d2318 Fix broken tests
    • 764ee61 Fix Error::InvalidHexCharacter::to_string
    • f98cad4 Remove deprecated Error::description implementation
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

    You can always request more updates by clicking Bump now in your Dependabot dashboard.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Update quickcheck requirement from 0.9 to 1.0

    Update quickcheck requirement from 0.9 to 1.0

    Updates the requirements on quickcheck to permit the latest version.

    Commits
    • 40ebcc6 1.0.1
    • 74d0c60 deps: trim 'rand' dependencies
    • 9dfcf7f release: more preparation for 1.0 release
    • 480a879 release: prepare for 1.0 release
    • c773663 semver: add note on compatibility
    • d44b417 style: tweak formatting of top-level comment
    • 282f146 msrv: bump to 1.46.0 and specify policy
    • 467f272 deps: update env_logger
    • 319145d deps: upgrade rand to 0.8
    • d286e4d rand: remove rand as a public dependency
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 0
  • Update digest requirement from 0.9 to 0.10

    Update digest requirement from 0.9 to 0.10

    Updates the requirements on digest to permit the latest version.

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Update rand requirement from 0.7 to 0.8

    Update rand requirement from 0.7 to 0.8

    Updates the requirements on rand to permit the latest version.

    Changelog

    Sourced from rand's changelog.

    [0.8.4] - 2021-06-15

    Additions

    • Use const-generics to support arrays of all sizes (#1104)
    • Implement Clone and Copy for Alphanumeric (#1126)
    • Add Distribution::map to derive a distribution using a closure (#1129)
    • Add Slice distribution (#1107)
    • Add DistString trait with impls for Standard and Alphanumeric (#1133)

    Other

    • Reorder asserts in Uniform float distributions for easier debugging of non-finite arguments (#1094, #1108)
    • Add range overflow check in Uniform float distributions (#1108)
    • Deprecate rngs::adapter::ReadRng (#1130)

    [0.8.3] - 2021-01-25

    Fixes

    • Fix no-std + alloc build by gating choose_multiple_weighted on std (#1088)

    [0.8.2] - 2021-01-12

    Fixes

    • Fix panic in UniformInt::sample_single_inclusive and Rng::gen_range when providing a full integer range (eg 0..=MAX) (#1087)

    [0.8.1] - 2020-12-31

    Other

    • Enable all stable features in the playground (#1081)

    [0.8.0] - 2020-12-18

    Platform support

    • The minimum supported Rust version is now 1.36 (#1011)
    • getrandom updated to v0.2 (#1041)
    • Remove wasm-bindgen and stdweb feature flags. For details of WASM support, see the getrandom documentation. (#948)
    • ReadRng::next_u32 and next_u64 now use little-Endian conversion instead of native-Endian, affecting results on Big-Endian platforms (#1061)
    • The nightly feature no longer implies the simd_support feature (#1048)
    • Fix simd_support feature to work on current nightlies (#1056)

    Rngs

    • ThreadRng is no longer Copy to enable safe usage within thread-local destructors (#1035)
    • gen_range(a, b) was replaced with gen_range(a..b). gen_range(a..=b) is also supported. Note that a and b can no longer be references or SIMD types. (#744, #1003)
    • Replace AsByteSliceMut with Fill and add support for [bool], [char], [f32], [f64] (#940)
    • Restrict rand::rngs::adapter to std (#1027; see also #928)
    • StdRng: add new std_rng feature flag (enabled by default, but might need to be used if disabling default crate features) (#948)
    • StdRng: Switch from ChaCha20 to ChaCha12 for better performance (#1028)
    • SmallRng: Replace PCG algorithm with xoshiro{128,256}++ (#1038)

    Sequences

    ... (truncated)

    Commits
    • 8792268 Merge pull request #1137 from rust-random/work2
    • 1bfc53d Update changelogs and bump version numbers
    • 4534311 Merge pull request #1133 from rust-random/work2
    • 81f1af8 Correct usage of reserve
    • fa17d1c Add comment to append_string for Standard
    • b4c1d66 Add DistString
    • 1947c89 Move Distribution trait and associates to sub-module
    • 98a0339 Merge pull request #1135 from dhardy/work
    • a7f8fb7 Prepare rand_chacha v0.3.1 release
    • 09d3df3 Merge pull request #1130 from dhardy/work
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Use the RustCrypto crates instead of ring?

    Use the RustCrypto crates instead of ring?

    This project already includes several RustCrypto crates via the dalek crates. As far as I can see from it you only use AES-GCM, SHA-256, HMAC, and HKDF. I think such migration will allow to simplify code and build process, as well as make the crate more portable. Of course the linked crates have several disadvantages compared to ring:

    • Lack of runtime CPUID-based detection in the aes-gcm crate.
    • A bit slower software implementation of SHA-256.

    The latter issue can be compensated a bit by enabling the asm feature (though performance still will not be quite on par with ring). Also if CPU has SHA-extension, the crate will detect it during runtime and will use efficient intrinsic-based code.

    If you have any questions regarding RustCrypto crates, I will be glad to answer them.

    enhancement help wanted 
    opened by newpavlov 1
Owner
Trail of Bits
More code: binary lifters @lifting-bits, blockchain @crytic
Trail of Bits
BGPKIT Parser aims to provides the most ergonomic MRT/BGP/BMP message parsing Rust API.

BGPKIT Parser aims to provides the most ergonomic MRT/BGP/BMP message parsing Rust API.

BGPKIT 46 Dec 19, 2022
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

OpenSK This repository contains a Rust implementation of a FIDO2 authenticator. We developed OpenSK as a Tock OS application. We intend to bring a ful

Google 2.4k Jan 7, 2023
Applied offensive security with the Rust programming language

Black Hat Rust Applied offensive security with the Rust programming language Buy the book now! While the Rust Book does an excellent job teaching What

Sylvain Kerkour 2.2k Jan 8, 2023
Security advisory database for Rust crates published through crates.io

RustSec Advisory Database The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via https://crates.

RustSec 682 Jan 1, 2023
Automate device security provisioning with edge intelligence.

UNiD Automate device security provisioning with edge intelligence Features Decentralized PKI(DPKI), DIDs, DKMS, and Credential Management End-to-End E

UNiD 101 Oct 21, 2022
A utility like pkg-audit for Arch Linux. Based on Arch Security Team data.

arch-audit pkg-audit-like utility for Arch Linux. Based on data from security.archlinux.org collected by the awesome Arch Security Team. Installation

Andrea Scarpino 316 Nov 22, 2022
The Swiss Army Knife for Binary (In)security

binsec Swiss Army Knife for Binary (In)security binsec is a minimal static analysis utility for detecting security capabilities in ELF/PE/Mach-O execu

Alan 15 Dec 16, 2022
Bindings to the macOS Security.framework

macOS/iOS Security framework for Rust Documentation Bindings to the Apple's Security.framework. Allows use of TLS and Keychain from Rust. License Lice

Kornel 172 Jan 2, 2023
Minimal and persistent key-value store designed with security in mind

microkv Minimal and persistent key-value store designed with security in mind. Introduction microkv is a persistent key-value store implemented in Rus

Alan 17 Jan 2, 2023
Audit Cargo.lock files for dependencies with security vulnerabilities

RustSec Crates ?? ??️ ?? The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via crates.io. The a

RustSec 1.2k Jan 5, 2023
🕵️‍♀️ Find, locate, and query files for ops and security experts ⚡️⚡️⚡️

Recon Find, locate, and query files for ops and security experts Key Features • How To Use • Download • Contributing • License Key Features Query with

Rusty Ferris Club 11 Dec 16, 2022
irulescan is a static security analyzer for iRules

irulescan is a tool to scan iRules for unexpected/unsafe expressions that may have undesirable effects like double substitution.

Simon Kowallik 2 Dec 18, 2022
Lightweight slowloris (HTTP DoS) implementation in Rust.

slowlorust Lightweight slowloris (HTTP DoS) implementation in Rust. Slowloris is a denial-of-service attack program which allows an attacker to overwh

Michael Van Leeuwen 6 Sep 29, 2022
A paseto implementation in rust.

Paseto Rust Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards. This is d

Instructure, Inc. 145 Nov 7, 2022
Userspace WireGuard® Implementation in Rust

BoringTun BoringTun is an implementation of the WireGuard® protocol designed for portability and speed. BoringTun is successfully deployed on millions

Cloudflare 4.8k Jan 4, 2023
Rust implementation of The Update Framework (TUF)

rust-tuf A Rust implementation of The Update Framework (TUF). Full documentation is hosted at docs.rs. Warning: Beta Software This is under active dev

heartsucker 152 Dec 11, 2022
A pure-Rust implementation of various threshold secret sharing schemes

Threshold Secret Sharing Efficient pure-Rust library for secret sharing, offering efficient share generation and reconstruction for both traditional S

Snips 137 Dec 29, 2022
Rust implementation of the H3 geospatial indexing system.

h3o Rust implementation of the H3 geospatial indexing system. Design This is not a binding of the reference implementation, but a reimplementation fro

Hydronium Labs 196 Jan 31, 2023
Fast, Concurrent, Rust based Tidal-Media-Downloader implementation.

tdl tdl is a rust implementation of the Python Script Tidal-Media-Downloader. Overview tdl offers significant performance improvements over the origin

null 42 Mar 18, 2023