From 24b11deafe1f21012c82fd2e934d3a230ead2d0a Mon Sep 17 00:00:00 2001 From: Kevin Lewi Date: Wed, 15 Nov 2023 13:55:19 -0800 Subject: [PATCH] Adding audit report link (#420) --- Cargo.toml | 8 ++------ README.md | 7 +++++++ akd/src/lib.rs | 14 +++++++------- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index f0e25901..bf8a0aeb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,8 +1,4 @@ [workspace] -members = [ - "akd", - "akd_core", - "examples", - "xtask", -] +members = ["akd", "akd_core", "examples", "xtask"] +resolver = "2" diff --git a/README.md b/README.md index 81b93088..939499f3 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,13 @@ Top-Level Directory Organization | `xtask` | | Used for running the code coverage pipeline. | +Audit +----- + +This library was audited by NCC Group in August of 2023. The audit was sponsored by Meta for its use in [WhatsApp's key transparency deployment](https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/). + +The audit found issues in release `v0.9.0`, and the fixes were subsequently incorporated into release `v0.11.0`. See the [full audit report here](https://research.nccgroup.com/2023/11/14/public-report-whatsapp-auditable-key-directory-akd-implementation-review/). + Contributors ------------ diff --git a/akd/src/lib.rs b/akd/src/lib.rs index bb5e2ef3..c6eec37a 100644 --- a/akd/src/lib.rs +++ b/akd/src/lib.rs @@ -403,12 +403,12 @@ //! ## Configurations //! //! This library supports the notion of a [Configuration], which can be used to customize the directory's cryptographic operations. We provide -//! two default configurations: [WhatsAppV1Configuration] and [ExperimentalConfiguration]. +//! two default configurations: `WhatsAppV1Configuration` and `ExperimentalConfiguration`. //! -//! - [WhatsAppV1Configuration] matches the configuration used for Whatsapp's key transparency deployment -//! - [ExperimentalConfiguration] is the configuration which matches the main branch deployment for AKD +//! - `WhatsAppV1Configuration` matches the configuration used for Whatsapp's key transparency deployment +//! - `ExperimentalConfiguration` is the configuration which matches the main branch deployment for AKD //! -//! An [ExperimentalConfiguration] implements domain separation for its hashing operations by the specifying of a struct that +//! An `ExperimentalConfiguration` implements domain separation for its hashing operations by the specifying of a struct that //! implements [DomainLabel]. For example, to set the domain label as `"ExampleLabel"`, we define the struct [ExampleLabel] as: //! ``` //! #[derive(Clone)] @@ -427,8 +427,8 @@ //! This crate supports multiple compilation features: //! //! Configurations: -//! - `whatsapp_v1`: Enables usage of [WhatsAppV1Configuration] -//! - `experimental`: Enables usage of [ExperimentalConfiguration] +//! - `whatsapp_v1`: Enables usage of `WhatsAppV1Configuration` +//! - `experimental`: Enables usage of `ExperimentalConfiguration` //! //! Performance optimizations: //! - `parallel_vrf`: Enables the VRF computations to be run in parallel @@ -442,7 +442,7 @@ //! //! Utilities: //! - `public_auditing`: Enables the publishing of audit proofs -//! - `serde_serialization`: Will enable [`serde`] serialization support on all public structs used in storage & transmission operations. This is helpful +//! - `serde_serialization`: Will enable `serde` serialization support on all public structs used in storage & transmission operations. This is helpful //! in the event you wish to directly serialize the structures to transmit between library <-> storage layer or library <-> clients. If you're //! also utilizing VRFs (see (2.) below) it will additionally enable the _serde_ feature in the ed25519-dalek crate. //! - `runtime_metrics`: Collects metrics on the accesses to the storage layer