Add pickling logic to pk_encryption

.github/workflows/ci.yml

@@ -55,7 +55,7 @@ jobs:
     - uses: Swatinem/rust-cache@v2
 
     - name: Clippy
-      run: cargo clippy --all-targets -- -D warnings
+      run: cargo clippy --all-targets --all-features -- -D warnings
 
   test:
     name: ${{ matrix.target.name }} ${{ matrix.channel }}

Cargo.toml

@@ -24,6 +24,7 @@ default = ["libolm-compat"]
 js = ["getrandom/js"]
 strict-signatures = []
 libolm-compat = []
+insecure-pk-encryption = []
 # The low-level-api feature exposes extra APIs that are only useful in advanced
 # use cases and require extra care to use.
 low-level-api = []

src/cipher/key.rs

@@ -28,7 +28,7 @@ type Aes256Iv = GenericArray<u8, <Aes256CbcEnc as IvSizeUser>::IvSize>;
 type HmacSha256Key = [u8; 32];
 
 #[derive(Zeroize, ZeroizeOnDrop)]
-struct ExpandedKeys(Box<[u8; 80]>);
+pub(crate) struct ExpandedKeys(Box<[u8; 80]>);
 
 impl ExpandedKeys {
     const OLM_HKDF_INFO: &'static [u8] = b"OLM_KEYS";
@@ -47,7 +47,7 @@ impl ExpandedKeys {
         Self::new_helper(pickle_key, b"Pickle")
     }
 
-    fn new_helper(message_key: &[u8], info: &[u8]) -> Self {
+    pub(crate) fn new_helper(message_key: &[u8], info: &[u8]) -> Self {
         let mut expanded_keys = [0u8; 80];
 
         let hkdf: Hkdf<Sha256> = Hkdf::new(Some(&[0]), message_key);
@@ -59,7 +59,7 @@ impl ExpandedKeys {
 }
 
 #[derive(Zeroize, ZeroizeOnDrop)]
-pub(super) struct CipherKeys {
+pub(crate) struct CipherKeys {
     aes_key: Box<[u8; 32]>,
     aes_iv: Box<[u8; 16]>,
     mac_key: Box<[u8; 32]>,
@@ -85,7 +85,7 @@ impl CipherKeys {
         Self::from_expanded_keys(expanded_keys)
     }
 
-    fn from_expanded_keys(expanded_keys: ExpandedKeys) -> Self {
+    pub(crate) fn from_expanded_keys(expanded_keys: ExpandedKeys) -> Self {
         let mut aes_key = Box::new([0u8; 32]);
         let mut mac_key = Box::new([0u8; 32]);
         let mut aes_iv = Box::new([0u8; 16]);

src/cipher/mod.rs

@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-mod key;
+pub(crate) mod key;
 
 use aes::{
     cipher::{
@@ -27,9 +27,9 @@ use key::CipherKeys;
 use sha2::Sha256;
 use thiserror::Error;
 
-type Aes256CbcEnc = cbc::Encryptor<Aes256>;
-type Aes256CbcDec = cbc::Decryptor<Aes256>;
-type HmacSha256 = Hmac<Sha256>;
+pub(crate) type Aes256CbcEnc = cbc::Encryptor<Aes256>;
+pub(crate) type Aes256CbcDec = cbc::Decryptor<Aes256>;
+pub(crate) type HmacSha256 = Hmac<Sha256>;
 
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct Mac(pub(crate) [u8; Self::LENGTH]);

src/lib.rs

@@ -217,6 +217,8 @@ pub mod ecies;
 pub mod hazmat;
 pub mod megolm;
 pub mod olm;
+#[cfg(feature = "insecure-pk-encryption")]
+pub mod pk_encryption;
 pub mod sas;
 
 pub use base64::DecodeError as Base64DecodeError;

src/olm/messages/pre_key.rs

@@ -153,7 +153,7 @@ impl PreKeyMessage {
 
     /// Create a new pre-key message from the session keys and standard message.
     #[cfg(feature = "low-level-api")]
-    pub fn wrap(session_keys: SessionKeys, message: Message) -> Self {
+    pub const fn wrap(session_keys: SessionKeys, message: Message) -> Self {
         PreKeyMessage::new(session_keys, message)
     }
 

src/olm/session/message_key.rs

@@ -95,13 +95,13 @@ impl MessageKey {
 
     /// Get the message key's ratchet key.
     #[cfg(feature = "low-level-api")]
-    pub fn ratchet_key(&self) -> RatchetPublicKey {
+    pub const fn ratchet_key(&self) -> RatchetPublicKey {
         self.ratchet_key
     }
 
     /// Get the message key's index.
     #[cfg(feature = "low-level-api")]
-    pub fn index(&self) -> u64 {
+    pub const fn index(&self) -> u64 {
         self.index
     }
 }