Remove feature and add comments

matrix-nio · Sep 5, 2024 · d564768 · d564768
1 parent 9d4558d
commit d564768
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 16 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -7,14 +7,10 @@ edition = "2021"
 name = "vodozemac"
 crate-type = ["cdylib"]
 
-[features]
-default = ["insecure-pk-encryption"]
-insecure-pk-encryption = ["vodozemac/insecure-pk-encryption"]
-
 [dependencies]
 paste = "1.0.15"
 thiserror = "1.0.63"
-vodozemac = { git = "https://github.com/matrix-org/vodozemac.git", branch = "poljar/pk-dekurcina" }
+vodozemac = { git = "https://github.com/matrix-org/vodozemac.git", branch = "poljar/pk-dekurcina", features = ["insecure-pk-encryption"] }
 
 [package.metadata.maturin]
 name = "vodozemac"

diff --git a/src/error.rs b/src/error.rs
@@ -146,7 +146,6 @@ impl From<PickleError> for PyErr {
     }
 }
 
-#[cfg(feature = "insecure-pk-encryption")]
 #[derive(Debug, Error)]
 pub enum PkEncryptionError {
     #[error("The key doesn't have the correct size, got {0}, expected 32 bytes")]
@@ -155,11 +154,9 @@ pub enum PkEncryptionError {
     Decode(#[from] vodozemac::pk_encryption::Error),
 }
 
-#[cfg(feature = "insecure-pk-encryption")]
 pyo3::create_exception!(module, PkInvalidKeySizeException, pyo3::exceptions::PyValueError);
 pyo3::create_exception!(module, PkDecodeException, pyo3::exceptions::PyValueError);
 
-#[cfg(feature = "insecure-pk-encryption")]
 impl From<PkEncryptionError> for PyErr {
     fn from(e: PkEncryptionError) -> Self {
         match e {

diff --git a/src/lib.rs b/src/lib.rs
@@ -1,7 +1,6 @@
 mod account;
 mod error;
 mod group_sessions;
-#[cfg(feature = "insecure-pk-encryption")]
 mod pk_encryption;
 mod sas;
 mod session;
@@ -37,11 +36,8 @@ fn my_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
     m.add_class::<sas::Sas>()?;
     m.add_class::<group_sessions::GroupSession>()?;
     m.add_class::<group_sessions::InboundGroupSession>()?;
-    #[cfg(feature = "insecure-pk-encryption")]
     m.add_class::<pk_encryption::PkDecryption>()?;
-    #[cfg(feature = "insecure-pk-encryption")]
     m.add_class::<pk_encryption::PkEncryption>()?;
-    #[cfg(feature = "insecure-pk-encryption")]
     m.add_class::<pk_encryption::Message>()?;
 
     m.add_class::<types::Ed25519PublicKey>()?;
@@ -71,12 +67,10 @@ fn my_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
         "MegolmDecryptionException",
         py.get_type_bound::<MegolmDecryptionException>(),
     )?;
-    #[cfg(feature = "insecure-pk-encryption")]
     m.add(
         "PkInvalidKeySizeException",
         py.get_type_bound::<PkInvalidKeySizeException>(),
     )?;
-    #[cfg(feature = "insecure-pk-encryption")]
     m.add(
         "PkDecodeException",
         py.get_type_bound::<PkDecodeException>(),

diff --git a/src/pk_encryption.rs b/src/pk_encryption.rs
@@ -1,3 +1,14 @@
+//! ☣️  Compat support for libolm's PkEncryption and PkDecryption
+//!
+//! This implements the `m.megolm_backup.v1.curve25519-aes-sha2` described in
+//! the Matrix [spec]. This is a asymmetric encryption scheme based on
+//! Curve25519.
+//!
+//! **Warning**: Please note the algorithm contains a critical flaw and does not
+//! provide authentication of the ciphertext.
+//!
+//! [spec]: https://spec.matrix.org/v1.11/client-server-api/#backup-algorithm-mmegolm_backupv1curve25519-aes-sha2
+
 use pyo3::{
     pyclass, pymethods,
     types::{PyBytes, PyType},
@@ -7,10 +18,18 @@ use vodozemac::Curve25519PublicKey;
 
 use crate::PkEncryptionError;
 
+/// A message that was encrypted using a PkEncryption object.
 #[pyclass]
 pub struct Message {
+    /// The ciphertext of the message.
     ciphertext: Vec<u8>,
+    /// The message authentication code of the message.
+    ///
+    /// *Warning*: As stated in the module description, this does not
+    /// authenticate the message.
     mac: Vec<u8>,
+    /// The ephemeral Curve25519PublicKey of the message which was used to
+    /// derive the individual message key.
     ephemeral_key: Vec<u8>,
 }
 
@@ -42,13 +61,13 @@ impl PkDecryption {
         })
     }
 
-    // The secret key used to decrypt messages.
+    /// The secret key used to decrypt messages.
     #[getter]
     pub fn key(&self) -> Py<PyBytes> {
         Python::with_gil(|py| PyBytes::new_bound(py, self.inner.to_bytes().as_slice()).into())
     }
 
-    // The public key used to encrypt messages for this decryption object.
+    /// The public key used to encrypt messages for this decryption object.
     #[getter]
     pub fn public_key(&self) -> Py<PyBytes> {
         Python::with_gil(|py| PyBytes::new_bound(py, self.inner.public_key().as_bytes()).into())