fix: rand_core 0.10 compat — use 0.6 dep, migrate rand 0.8 API#9
Merged
Conversation
…replay protection
Interceptor now dispatches hs_* key IDs to ecdh_ephemeral for per-request forward secrecy. RequestSessionKeys derives ZeroizeOnDrop. Replay deduplication via Redis SET NX EX 60 on MAC hex. Adds handshake_store and replay_store fields.
feat: add build_request_packet — JSON → compress → msgpack → AES-256-GCM
(random enc_key) → ECDH-wrap enc_key → Request { data, wrapped_key,
client_pk, key_id, ts } → msgpack; returns (wire_bytes, enc_key)
feat: add decode_response_packet — HMAC-SHA256 verify (enc_key) → AES-256-GCM
decrypt → decompress → JSON; takes only enc_key, no second ECDH needed
refactor: rename WrappedPacket → Request, SignedResponse → Response
refactor: replace derive_session_keys with derive_wrap_key; single HKDF key
used only to wrap enc_key in transit — enc_key is the sole session key
refactor: drop request MAC field; AES-GCM auth tags on data and wrapped_key
cover integrity without a separate HMAC key
refactor: RequestSessionKeys carries enc_key only; interceptor now unwraps
enc_key via ECDH rather than deriving it
refactor: build_signed_response / build_signed_response_raw drop mac_key;
response HMAC signed with enc_key so client verifies with one key
docs: update README with accurate client/server pipeline ASCII diagrams
chore: add x25519-dalek = "2" as explicit dependency
…e interceptor docs and unwrap refactor: add derive_response_mac_key — HKDF-SHA256(enc_key, "alterion-response-mac") keeps the HMAC key domain-separated from the AES key so neither primitive leaks information about the shared secret to the other fix: build_signed_response_raw and decode_response_packet now use the derived mac_key instead of enc_key directly for HMAC-SHA256 sign/verify fix: update Interceptor doc comment — remove stale references to mac_key, packet MAC verification, and old key derivation steps; reflect the current wrap_key / unwrap flow fix: replace unwrap() on shared secret try_into with a proper error return in interceptor docs: add doc comment to Response struct
The second replay-detection block referenced packet.mac which no longer exists on Request, causing a compile error in CodeQL CI.
rand_core 0.10 dropped the `getrandom` feature and OsRng; all crypto crates (x25519-dalek, aes-gcm, argon2) pin to rand_core 0.6 which still has both. Adds rand_core 0.6 as a direct dep and updates all call sites (crypt, serializer, pstore) away from the removed rand 0.8 APIs (thread_rng, rand::rngs::OsRng, rand::RngCore). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add module-level docs to crypt, serializer, hmac, sha2, pstore with architecture tables, security property descriptions, and pipeline diagrams - Expand hash_password, verify_password, key_encrypt, rotate_pepper, get_current_pepper/get_pepper with pepper-versioning rationale - Expand lib.rs with security properties table and architecture overview - Document DecryptedBody, RequestSessionKeys, InterceptorService in interceptor - Move all inline use statements to file tops (anyhow::Context, rand_core::RngCore) - Remove redundant x25519_dalek import inside test (covered by use super::*) - Make REPLAY_WINDOW_SECS pub so doc links resolve Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Update dev branch deps to match main: alterion-ecdh 1.0, hmac 0.13, sha2 0.11, hkdf 0.13, keyring 3, redis 1.2. hmac 0.13 moved new_from_slice to the KeyInit trait so add that import. rand_core 0.6 is kept as a direct dep — x25519-dalek 2 still requires rand_core ^0.6 traits for EphemeralSecret::random_from_rng and rand 0.10 uses rand_core 0.10 which is a separate crate version with no OsRng. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Cargo.toml: version 1.4.0, alterion-ecdh 1.0, keyutils default + optional keyring win64, rand_core 0.6 (keeps our fix), [features] section, libc dep - pstore.rs: take main's keyutils/win64 dual-backend implementation, keep dev's expanded module and function docs - serializer.rs + interceptor.rs: rename wrapped_key → kx throughout - crypt.rs: use rand::random() for generate_random_hex (main's approach) - hmac.rs: keep module doc, keep KeyInit import - README.md: take main's accurate kx and HKDF mac key descriptions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
rand_core 0.10dropped thegetrandomfeature andOsRng; all crypto crates (x25519-dalek,aes-gcm,argon2) pin torand_core 0.6which retains bothrand_core = { version = "0.6", features = ["getrandom"] }as a direct dep, replaces the broken0.10declarationcrypt.rs,serializer.rs, andpstore.rsaway from removedrand 0.8APIs (thread_rng,rand::rngs::OsRng,rand::RngCore) torand_core 0.6equivalentsTest plan
cargo check/cargo testrand_coreversion conflicts incargo tree