Open xuxiaocheng0201 opened 4 days ago
Interesting. Thanks for opening an issue! I'll try and take a look at this over the weekend and see if I can figure this out.
I've poked at this over the weekend and can't say that I've made too much progress. I've confirmed that the data for both the nonce and the encrypted data is the same at build time/run time. The panic occurs from the call to cipher.decrypt(&nonce, ciphertext.as_ref())
(see https://docs.rs/chacha20poly1305/latest/chacha20poly1305/type.ChaCha20Poly1305.html), and both the embedded and the env-based obfuscation fail to decrypt. There is no associated error data since errors provided by chacha20poly1305 are purposefully opaque. My first suspicion was that it was related to the associated data of the cipher (see Payload) but I don't use this feature in the crate.
I'll have to keep digging. Thanks again for bringing this up.
I run the code in debug mode, and found the error is returned when verifying mac (see this code) (I have told at the end of this issue).
I don't think the Payload
is the key, because its implementation is very simple.
I found the reason: The key generate twice, one is proc_macro time, and one is build time.
To reproduce, you can change this line to this:
pub(crate) static KEY: Lazy<Key> = Lazy::new(|| {
eprintln!("Run once");
ChaCha20Poly1305::generate_key(&mut OsRng)
});
and run cargo build
. You will see Run once
twice.
A solution is to split the KEY
to another crate, like muddy_key
. And muddy_macro
crate depends the new crate to read the key.
BTW, a crate like chacha20poly1305
is written by rust-lang owners group, and it has been running stably for two years with no update. It shouldn't have such obvious errors.
Good catch! I'll test this out throughout the week. Thanks for the contributions :tada:
I wrapped
muddy
as a workspace crate to add some pretreatments like trim, but paniced when decrypting at runtime. File tree:Cargo.toml
:obscure/Cargo.toml
:obscure/src/lib.rs
:obscure_macro/Cargo.toml
:obscure_macro/src/lib.rs
:src/main.rs
Output:
The error is when verifying mac: code. It seems different keys and nonces will be generated when used in different crates?