Adapt to chacha20

[hpenne]

• Added a CHANGELOG.md entry

Summary

Replaced the dependency on rand_chacha with one on chacha20. Added some tests to std.rs to ensure that the output of StdRng did not change.

Fixes #934.

Motivation

Reduces total code size and the total amount of unsafe code.

Details

Changes to config.toml and some replacement of rand_chacha:: with chacha20::.

Added three new unit tests to std.rs. These were based on tests of IETF test vectors from rand_chacha, but the actual expected values had to be replaced, as the IETF test vectors are for ChaCha20 while rand uses ChaCha12. The expected values were generated by using rand_chacha (before chacha20 was used) to verify that the algorithm change did not affect the output.

[dhardy]

I opened #1643. This PR is useful as a draft but won't be merged in its current form (likely we'll want the MSRV/edition bump first as its own PR).

I'm not certain on the timeline yet; the main blocker is the chacha20 release; we also need to decide whether we are ready to merge breaking changes to rand yet.

[dhardy]

@hpenne could you rebase now that #1653 and #1654 are merged please?

[hpenne]

@dhardy I've rebased and the new tests failed as expected (the default ChaCha12 in chacha20 is the IETF variant). I tried to change to the "Legacy" variant, but chacha20 only exports ChaCha20Legacy, not the 12 round variant that we will need here. The ChaCha20Legacy type is just an alias, so I tried to use the underlying type directly to make a 12 round variant (ChaChaCore<R12, Legacy>) but that needs the Legacy struct which turns out to be private.

@tarcieri It seems that I might stuck here until someone either exports Legacy or adds a ChaCha12Legacy. It might be useful to do both, just in case.

[newpavlov]

that needs the Legacy struct which turns out to be private.

It's an oversight, we should export it. Could you create a PR? It also may be worth to add aliases for the legacy variants as well.

[tarcieri]

@hpenne I'm confused, why do you need a ChaCha12Legacy instead of just ChaCha12Rng?

[hpenne]

@hpenne I'm confused, why do you need a ChaCha12Legacy instead of just ChaCha12Rng?

@tarcieri It seemed to me that the Legacy types were the ones with a 64 bit counter, which is what is needed here. One of us is confused, I suppose. It might also be me.

[hpenne]

@tarcieri When I add the "legacy" feature to the chacha20 crate dependency in the rand cargo.toml, the chacha20 crate fails to build:

error[E0432]: unresolved import `cipher::StreamCipherCoreWrapper`
 --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.0/src/chacha.rs:2:41
  |
2 |     IvSizeUser, KeyIvInit, KeySizeUser, StreamCipherCoreWrapper,
  |                                         ^^^^^^^^^^^^^^^^^^^^^^^
  |                                         |
  |                                         no `StreamCipherCoreWrapper` in the root
  |                                         help: a similar name exists in the module: `StreamCipherCore`

Seems to work fine when i build run tests in chacha20 itself. Odd.

[tarcieri]

@hpenne all of the RNG types now have a 64-bit counter as of the latest prerelease.

Also looks like you found a bug. Perhaps it was being hidden by feature unification? Strange.

[tarcieri]

@hpenne oh, you're using an out-of-date version! Please upgrade to v0.10.0-rc.1

[hpenne]

@hpenne oh, you're using an out-of-date version! Please upgrade to v0.10.0-rc.1

@tarcieri That was embarrassing. Works much better with the correct version. All tests pass now. The only strangeness that I am left with is that if I do not enable the "legacy" feature (the only enabled feature is "rng"), chacha20 fails to build with:

error[E0432]: unresolved import `crate::variants::Legacy`
  --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.1/src/rng.rs:24:16
   |
24 |     variants::{Legacy, Variant},
   |                ^^^^^^ no `Legacy` in `variants`
   |
note: found an item that was configured out
  --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.1/src/variants.rs:57:10
   |
57 | pub enum Legacy {}
   |          ^^^^^^
note: the item is gated behind the `legacy` feature
  --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.1/src/variants.rs:56:7
   |
56 | #[cfg(feature = "legacy")]
   |       ^^^^^^^^^^^^^^^^^^

I'm not able to reproduce this when I build chacha20 locally from master, so perhaps I've done something wrong or you have already fixed this on master. I'll look closer tomorrow.

[tarcieri]

@hpenne aah that was RustCrypto/stream-ciphers#454 which has been fixed

I can cut an rc.2 if that helps

[dhardy]

Sorry, I did not think to appraise you of the chacha20 changes. I think we have all the pieces to make a rand pre-release now.

[dhardy]

i should be u64 already?

[hpenne]

Yes. I used to need to convert to u128 with the old chacha20. I had to change u64 when I rebased but failed to notice that I could simply remove the conversion. Will fix.

[dhardy]

We can depend on the "legacy" feature for now, but add a TODO comment to remove it on the next version.

[dhardy]

Include the PR # please.

[tarcieri]

I've released an rc.2 with the feature-related bugfix:

Suggested change

	# ToDo: Remove the "legacy" feature from chacha20 when this is not longer necessary
	chacha20 = { version = "=0.10.0-rc.1", default-features = false, features = ["rng", "legacy"], optional = true }
	# ToDo: Remove the "legacy" feature from chacha20 when this is not longer necessary
	chacha20 = { version = "=0.10.0-rc.2", default-features = false, features = ["rng"], optional = true }

[hpenne]

Done. I removed the ToDo-comment as well, now that the "legacy" feature is no longer necessary.