diff --git a/Cargo.lock b/Cargo.lock index 793fcc6..c0e9ed3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -277,6 +277,12 @@ dependencies = [ "subtle", ] +[[package]] +name = "heck" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" + [[package]] name = "hkdf" version = "0.12.3" @@ -346,9 +352,9 @@ dependencies = [ [[package]] name = "indoc" -version = "1.0.9" +version = "2.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa799dd5ed20a7e349f3b4639aa80d74549c81716d9ec4f994c9b5815598306" +checksum = "b248f5224d1d606005e02c97f5aa4e88eeb230488bcc03bc9ca4d7991399f2b5" [[package]] name = "inout" @@ -386,9 +392,9 @@ dependencies = [ [[package]] name = "memoffset" -version = "0.6.5" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" +checksum = "488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a" dependencies = [ "autocfg", ] @@ -477,6 +483,12 @@ dependencies = [ "universal-hash", ] +[[package]] +name = "portable-atomic" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7170ef9988bc169ba16dd36a7fa041e5c4cbeb6a35b76d4c03daded371eae7c0" + [[package]] name = "ppv-lite86" version = "0.2.17" @@ -503,15 +515,16 @@ dependencies = [ [[package]] name = "pyo3" -version = "0.17.3" +version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "268be0c73583c183f2b14052337465768c07726936a260f480f0857cb95ba543" +checksum = "a7a8b1990bd018761768d5e608a13df8bd1ac5f678456e0f301bb93e5f3ea16b" dependencies = [ "cfg-if", "indoc", "libc", "memoffset", "parking_lot", + "portable-atomic", "pyo3-build-config", "pyo3-ffi", "pyo3-macros", @@ -520,9 +533,9 @@ dependencies = [ [[package]] name = "pyo3-build-config" -version = "0.17.3" +version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28fcd1e73f06ec85bf3280c48c67e731d8290ad3d730f8be9dc07946923005c8" +checksum = "650dca34d463b6cdbdb02b1d71bfd6eb6b6816afc708faebb3bac1380ff4aef7" dependencies = [ "once_cell", "target-lexicon", @@ -530,9 +543,9 @@ dependencies = [ [[package]] name = "pyo3-ffi" -version = "0.17.3" +version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f6cb136e222e49115b3c51c32792886defbfb0adead26a688142b346a0b9ffc" +checksum = "09a7da8fc04a8a2084909b59f29e1b8474decac98b951d77b80b26dc45f046ad" dependencies = [ "libc", "pyo3-build-config", @@ -540,25 +553,27 @@ dependencies = [ [[package]] name = "pyo3-macros" -version = "0.17.3" +version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94144a1266e236b1c932682136dc35a9dee8d3589728f68130c7c3861ef96b28" +checksum = "4b8a199fce11ebb28e3569387228836ea98110e43a804a530a9fd83ade36d513" dependencies = [ "proc-macro2", "pyo3-macros-backend", "quote", - "syn 1.0.107", + "syn 2.0.58", ] [[package]] name = "pyo3-macros-backend" -version = "0.17.3" +version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8df9be978a2d2f0cdebabb03206ed73b11314701a5bfe71b0d753b81997777f" +checksum = "93fbbfd7eb553d10036513cb122b888dcd362a945a00b06c165f2ab480d4cc3b" dependencies = [ + "heck", "proc-macro2", + "pyo3-build-config", "quote", - "syn 1.0.107", + "syn 2.0.58", ] [[package]] @@ -746,9 +761,9 @@ checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" [[package]] name = "unindent" -version = "0.1.11" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1766d682d402817b5ac4490b3c3002d91dfa0d22812f341609f97b08757359c" +checksum = "c7de7d73e1754487cb58364ee906a499937a0dfabd86bcb980fa99ec8c8fa2ce" [[package]] name = "universal-hash" diff --git a/Cargo.toml b/Cargo.toml index 8d3d9dc..cbce6c3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,5 +13,5 @@ crate-type = ["cdylib"] hpke-rs = { version = "0.2", features = ["hazmat"] } hpke-rs-crypto = { version = "0.2" } hpke-rs-rust-crypto = { version = "0.2" } -pyo3 = { version = "0.17", features = ["extension-module"] } +pyo3 = { version = "0.21", features = ["extension-module"] } rand = { version = "0.8" } diff --git a/src/context.rs b/src/context.rs index ecc01ff..2c55063 100644 --- a/src/context.rs +++ b/src/context.rs @@ -24,38 +24,38 @@ impl PyContext { fn seal<'p>( &mut self, py: Python<'p>, - aad: &PyBytes, - plain_txt: &PyBytes, - ) -> PyResult<&'p PyBytes> { + aad: &Bound<'p, PyBytes>, + plain_txt: &Bound<'p, PyBytes>, + ) -> PyResult> { let aad = aad.as_bytes(); let plain_txt = plain_txt.as_bytes(); let cipher_txt = self.ctx.seal(aad, plain_txt).map_err(handle_hpke_error)?; - Ok(PyBytes::new(py, cipher_txt.as_slice())) + Ok(PyBytes::new_bound(py, cipher_txt.as_slice())) } fn open<'p>( &mut self, py: Python<'p>, - aad: &PyBytes, - cipher_txt: &PyBytes, - ) -> PyResult<&'p PyBytes> { + aad: &Bound<'p, PyBytes>, + cipher_txt: &Bound<'p, PyBytes>, + ) -> PyResult> { let aad = aad.as_bytes(); let cipher_txt = cipher_txt.as_bytes(); let plain_txt = self.ctx.open(aad, cipher_txt).map_err(handle_hpke_error)?; - Ok(PyBytes::new(py, plain_txt.as_slice())) + Ok(PyBytes::new_bound(py, plain_txt.as_slice())) } fn export<'p>( &self, py: Python<'p>, - exporter_context: &PyBytes, + exporter_context: &Bound<'p, PyBytes>, length: usize, - ) -> PyResult<&'p PyBytes> { + ) -> PyResult> { let exporter_context = exporter_context.as_bytes(); let exporter_secret = self .ctx .export(exporter_context, length) .map_err(handle_hpke_error)?; - Ok(PyBytes::new(py, exporter_secret.as_slice())) + Ok(PyBytes::new_bound(py, exporter_secret.as_slice())) } } diff --git a/src/errors.rs b/src/errors.rs index fbcb998..0708891 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -58,12 +58,6 @@ create_exception!( PyException, "Unable to collect enough randomness." ); -create_exception!( - errors, - LockPoisoned, - PyException, - "A concurrency issue with an RwLock." -); #[inline(always)] pub(crate) fn handle_hpke_error(e: HpkeError) -> PyErr { diff --git a/src/hpke.rs b/src/hpke.rs index 837315e..bdb7055 100644 --- a/src/hpke.rs +++ b/src/hpke.rs @@ -47,21 +47,21 @@ impl PyHpke { } } - pub fn __deepcopy__(&self, _memo: &PyAny) -> Self { + pub fn __deepcopy__(&self, _memo: Py) -> Self { self.clone() } /// Set up an HPKE sender context - #[args(psk = "None", psk_id = "None", sk_s = "None")] + #[pyo3(signature = ( pk_r, info, psk = None, psk_id = None, sk_s = None))] fn setup_sender<'p>( &mut self, py: Python<'p>, - pk_r: &PyBytes, - info: &PyBytes, - psk: Option<&PyBytes>, - psk_id: Option<&PyBytes>, - sk_s: Option<&PyBytes>, - ) -> PyResult<(&'p PyBytes, PyContext)> { + pk_r: &Bound<'p, PyBytes>, + info: &Bound<'p, PyBytes>, + psk: Option<&Bound<'p, PyBytes>>, + psk_id: Option<&Bound<'p, PyBytes>>, + sk_s: Option<&Bound<'p, PyBytes>>, + ) -> PyResult<(Bound<'p, PyBytes>, PyContext)> { let cfg = &mut self.hpke; // convert args, drop py refs @@ -79,21 +79,21 @@ impl PyHpke { } } .map_err(handle_hpke_error)?; - let encap_py = PyBytes::new(py, encap.as_slice()); + let encap_py = PyBytes::new_bound(py, encap.as_slice()); let context_py = PyContext::new(context); Ok((encap_py, context_py)) } /// Set up an HPKE receiver context - #[args(psk = "None", psk_id = "None", pk_s = "None")] - fn setup_receiver( + #[pyo3(signature = (enc, sk_r, info, psk = None, psk_id = None, pk_s = None))] + fn setup_receiver<'p>( &self, - enc: &PyBytes, - sk_r: &PyBytes, - info: &PyBytes, - psk: Option<&PyBytes>, - psk_id: Option<&PyBytes>, - pk_s: Option<&PyBytes>, + enc: &Bound<'p, PyBytes>, + sk_r: &Bound<'p, PyBytes>, + info: &Bound<'p, PyBytes>, + psk: Option<&Bound<'p, PyBytes>,>, + psk_id: Option<&Bound<'p, PyBytes>,>, + pk_s: Option<&Bound<'p, PyBytes>,>, ) -> PyResult { let cfg = &self.hpke; @@ -119,18 +119,18 @@ impl PyHpke { /// Encrypt input, single-shot #[allow(clippy::too_many_arguments)] - #[args(psk = "None", psk_id = "None", sk_s = "None")] + #[pyo3(signature = (pk_r, info, aad, plain_txt, psk = None, psk_id = None, sk_s = None))] fn seal<'p>( &mut self, py: Python<'p>, - pk_r: &PyBytes, - info: &PyBytes, - aad: &PyBytes, - plain_txt: &PyBytes, - psk: Option<&PyBytes>, - psk_id: Option<&PyBytes>, - sk_s: Option<&PyBytes>, - ) -> PyResult<(&'p PyBytes, &'p PyBytes)> { + pk_r: &Bound<'p, PyBytes>, + info: &Bound<'p, PyBytes>, + aad: &Bound<'p, PyBytes>, + plain_txt: &Bound<'p, PyBytes>, + psk: Option<&Bound<'p, PyBytes>>, + psk_id: Option<&Bound<'p, PyBytes>>, + sk_s: Option<&Bound<'p, PyBytes>>, + ) -> PyResult<(Bound<'p, PyBytes>, Bound<'p, PyBytes>)> { let cfg = &mut self.hpke; // convert args, drop py refs @@ -155,26 +155,26 @@ impl PyHpke { .map_err(handle_hpke_error)?; // convert return vals back to PyBytes - let encap_py = PyBytes::new(py, encap.as_slice()); - let cipher_txt_py = PyBytes::new(py, cipher_txt.as_slice()); + let encap_py = PyBytes::new_bound(py, encap.as_slice()); + let cipher_txt_py = PyBytes::new_bound(py, cipher_txt.as_slice()); Ok((encap_py, cipher_txt_py)) } /// Decrypt input, single-shot #[allow(clippy::too_many_arguments)] - #[args(psk = "None", psk_id = "None", pk_s = "None")] + #[pyo3(signature = (enc, sk_r, info, aad, cipher_txt, psk = None, psk_id = None, pk_s = None))] fn open<'p>( &self, py: Python<'p>, - enc: &PyBytes, - sk_r: &PyBytes, - info: &PyBytes, - aad: &PyBytes, - cipher_txt: &PyBytes, - psk: Option<&PyBytes>, - psk_id: Option<&PyBytes>, - pk_s: Option<&PyBytes>, - ) -> PyResult<&'p PyBytes> { + enc: &Bound<'p, PyBytes>, + sk_r: &Bound<'p, PyBytes>, + info: &Bound<'p, PyBytes>, + aad: &Bound<'p, PyBytes>, + cipher_txt: &Bound<'p, PyBytes>, + psk: Option<&Bound<'p, PyBytes>>, + psk_id: Option<&Bound<'p, PyBytes>>, + pk_s: Option<&Bound<'p, PyBytes>>, + ) -> PyResult> { let cfg = &self.hpke; // convert args, drop py refs @@ -198,23 +198,23 @@ impl PyHpke { .map_err(handle_hpke_error)?; // convert return val back to PyBytes - Ok(PyBytes::new(py, plain_txt.as_slice())) + Ok(PyBytes::new_bound(py, plain_txt.as_slice())) } /// Derive an exporter secret for sender with public key `pk_r`, single-shot #[allow(clippy::too_many_arguments)] - #[args(psk = "None", psk_id = "None", sk_s = "None")] + #[pyo3(signature=(pk_r, info, exporter_context, length, psk = None, psk_id = None, sk_s = None))] fn send_export<'p>( &mut self, py: Python<'p>, - pk_r: &PyBytes, - info: &PyBytes, - exporter_context: &PyBytes, + pk_r: &Bound<'p, PyBytes>, + info: &Bound<'p, PyBytes>, + exporter_context: &Bound<'p, PyBytes>, length: usize, - psk: Option<&PyBytes>, - psk_id: Option<&PyBytes>, - sk_s: Option<&PyBytes>, - ) -> PyResult<(&'p PyBytes, &'p PyBytes)> { + psk: Option<&Bound<'p, PyBytes>>, + psk_id: Option<&Bound<'p, PyBytes>>, + sk_s: Option<&Bound<'p, PyBytes>>, + ) -> PyResult<(Bound<'p, PyBytes>, Bound<'p, PyBytes>)> { let cfg = &mut self.hpke; // convert args, drop py refs @@ -243,26 +243,26 @@ impl PyHpke { .map_err(handle_hpke_error)?; // convert return vals back to PyBytes - let encap_py = PyBytes::new(py, encap.as_slice()); - let exporter_secret_py = PyBytes::new(py, exporter_secret.as_slice()); + let encap_py = PyBytes::new_bound(py, encap.as_slice()); + let exporter_secret_py = PyBytes::new_bound(py, exporter_secret.as_slice()); Ok((encap_py, exporter_secret_py)) } /// Derive an exporter secret for receiver with private key `sk_r`, single-shot #[allow(clippy::too_many_arguments)] - #[args(psk = "None", psk_id = "None", pk_s = "None")] + #[pyo3(signature = (enc, sk_r, info, exporter_context, length, psk = None, psk_id = None, pk_s = None))] fn receiver_export<'p>( &self, py: Python<'p>, - enc: &PyBytes, - sk_r: &PyBytes, - info: &PyBytes, - exporter_context: &PyBytes, + enc: &Bound<'p, PyBytes>, + sk_r: &Bound<'p, PyBytes>, + info: &Bound<'p, PyBytes>, + exporter_context: &Bound<'p, PyBytes>, length: usize, - psk: Option<&PyBytes>, - psk_id: Option<&PyBytes>, - pk_s: Option<&PyBytes>, - ) -> PyResult<&'p PyBytes> { + psk: Option<&Bound<'p, PyBytes>>, + psk_id: Option<&Bound<'p, PyBytes>>, + pk_s: Option<&Bound<'p, PyBytes>>, + ) -> PyResult> { let cfg = &self.hpke; // convert all args and drop py refs immediately @@ -301,17 +301,17 @@ impl PyHpke { } .map_err(handle_hpke_error)?; - Ok(PyBytes::new(py, exporter_secret.as_slice())) + Ok(PyBytes::new_bound(py, exporter_secret.as_slice())) } /// Create an encryption context from a shared secret - #[args(psk = "None", psk_id = "None")] - fn key_schedule( + #[pyo3(signature = (shared_secret, info, psk = None, psk_id = None))] + fn key_schedule<'p>( &self, - shared_secret: &PyBytes, - info: &PyBytes, - psk: Option<&PyBytes>, - psk_id: Option<&PyBytes>, + shared_secret: &Bound<'p, PyBytes>, + info: &Bound<'p, PyBytes>, + psk: Option<&Bound<'p, PyBytes>>, + psk_id: Option<&Bound<'p, PyBytes>>, ) -> PyResult { let no_psk = psk.is_none() & psk_id.is_none(); let both_psk = psk.is_some() & psk_id.is_some(); @@ -333,12 +333,12 @@ impl PyHpke { } /// Generate a key-pair according to the KemAlgorithm in this Hpke config - fn generate_key_pair<'p>(&mut self, py: Python<'p>) -> PyResult<(&'p PyBytes, &'p PyBytes)> { + fn generate_key_pair<'p>(&mut self, py: Python<'p>) -> PyResult<(Bound<'p, PyBytes>, Bound<'p, PyBytes>)> { let cfg = &mut self.hpke; let keypair = cfg.generate_key_pair().map_err(handle_hpke_error)?; let (sk, pk) = keypair.into_keys(); - let sk_py = PyBytes::new(py, sk.as_slice()); - let pk_py = PyBytes::new(py, pk.as_slice()); + let sk_py = PyBytes::new_bound(py, sk.as_slice()); + let pk_py = PyBytes::new_bound(py, pk.as_slice()); Ok((sk_py, pk_py)) } @@ -346,14 +346,14 @@ impl PyHpke { fn derive_key_pair<'p>( &self, py: Python<'p>, - ikm: &PyBytes, - ) -> PyResult<(&'p PyBytes, &'p PyBytes)> { + ikm: &Bound<'p, PyBytes>, + ) -> PyResult<(Bound<'p, PyBytes>, Bound<'p, PyBytes>)> { let cfg = &self.hpke; let ikm = ikm.as_bytes(); let keypair = cfg.derive_key_pair(ikm).map_err(handle_hpke_error)?; let (sk, pk) = keypair.into_keys(); - let sk_py = PyBytes::new(py, sk.as_slice()); - let pk_py = PyBytes::new(py, pk.as_slice()); + let sk_py = PyBytes::new_bound(py, sk.as_slice()); + let pk_py = PyBytes::new_bound(py, pk.as_slice()); Ok((sk_py, pk_py)) } } diff --git a/src/lib.rs b/src/lib.rs index cd72a95..bf0cb83 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -11,7 +11,8 @@ use crate::errors::*; use crate::hpke::*; /// Construct a reasonable default HPKEConfig -#[pyfunction(mode = "None", kem = "None", kdf = "None", aead = "None")] +#[pyfunction] +#[pyo3(signature = (mode = None, kem = None, kdf = None, aead = None))] pub(crate) fn default( mode: Option, kem: Option, @@ -25,31 +26,30 @@ pub(crate) fn default( PyHpke::new(mode, kem, kdf, aead) } -fn build_errors_module(py: Python) -> PyResult<&PyModule> { - let errors_module = PyModule::new(py, "errors")?; - errors_module.add("OpenError", py.get_type::())?; - errors_module.add("InvalidConfig", py.get_type::())?; - errors_module.add("InvalidInput", py.get_type::())?; - errors_module.add("UnknownMode", py.get_type::())?; - errors_module.add("InconsistentPsk", py.get_type::())?; - errors_module.add("MissingPsk", py.get_type::())?; - errors_module.add("UnnecessaryPsk", py.get_type::())?; - errors_module.add("InsecurePsk", py.get_type::())?; - errors_module.add("CryptoError", py.get_type::())?; - errors_module.add("MessageLimitReached", py.get_type::())?; +fn build_errors_module(py: Python) -> PyResult> { + let errors_module = PyModule::new_bound(py, "errors")?; + errors_module.add("OpenError", py.get_type_bound::())?; + errors_module.add("InvalidConfig", py.get_type_bound::())?; + errors_module.add("InvalidInput", py.get_type_bound::())?; + errors_module.add("UnknownMode", py.get_type_bound::())?; + errors_module.add("InconsistentPsk", py.get_type_bound::())?; + errors_module.add("MissingPsk", py.get_type_bound::())?; + errors_module.add("UnnecessaryPsk", py.get_type_bound::())?; + errors_module.add("InsecurePsk", py.get_type_bound::())?; + errors_module.add("CryptoError", py.get_type_bound::())?; + errors_module.add("MessageLimitReached", py.get_type_bound::())?; errors_module.add( "InsufficientRandomness", - py.get_type::(), + py.get_type_bound::(), )?; - errors_module.add("LockPoisoned", py.get_type::())?; Ok(errors_module) } /// PyO3 module for hpke. #[pymodule] -fn hybrid_pke(py: Python, m: &PyModule) -> PyResult<()> { +fn hybrid_pke(py: Python, m: &Bound) -> PyResult<()> { let errors_module = build_errors_module(py)?; - m.add_submodule(errors_module)?; + m.add_submodule(&errors_module)?; m.add_class::()?; m.add_class::()?; m.add_class::()?;