[refactor] hyperledger#3237: bump iroha_crypto deps

Signed-off-by: Nikita Strygin <dcnick3@users.noreply.github.com>
DCNick3 · Nov 8, 2023 · 0f4e1fb · 0f4e1fb
1 parent 43cb5f5
commit 0f4e1fb
Show file tree

Hide file tree

Showing 8 changed files with 244 additions and 287 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -114,8 +114,7 @@ strum = { version = "0.25.0", default-features = false }
 getset = "0.1.2"
 hex-literal = "0.4.1"
 
-ursa = "0.3.7"
-aead = "0.3.2"
+aead = "0.5.2"
 
 rand = "0.8.5"
 warp = { version = "0.3.6", default-features = false }

diff --git a/crypto/Cargo.toml b/crypto/Cargo.toml
@@ -58,30 +58,22 @@ sha2 = { version = "0.10.8", optional = true }
 hkdf = { version = "0.12.3", optional = true }
 amcl_wrapper = { version = "0.4.0", optional = true }
 
-# TODO: bump these
-ed25519-dalek = { version = "1.0.1", optional = true }
-curve25519-dalek = { version = "3.2.1", optional = true }
-x25519-dalek = { version = "1.2.0", optional = true }
+ed25519-dalek = { version = "2.0.0", optional = true, features = ["rand_core"] }
+curve25519-dalek = { version = "4.1.1", optional = true }
+x25519-dalek = { version = "2.0.0", optional = true, features = ["static_secrets"] }
 
-# TODO: bump me
-rand = { version = "0.7", optional = true }
-# TODO: bump me
-rand_chacha = { version = "0.2", optional = true }
+rand = { version = "0.8.5", optional = true }
+rand_chacha = { version = "0.3.1", optional = true }
 
-# TODO: bump me
-secp256k1 = { version = "0.19", features = ["rand", "serde"], optional = true }
+secp256k1 = { version = "0.28.0", features = ["rand", "serde"], optional = true }
 
-# TODO: bump me
-zeroize = { version = "1.1", optional = true }
+zeroize = { version = "1.6.0", optional = true }
 arrayref = { version = "0.3.7", optional = true }
 
-# TODO: bump me
-aead = { version = "0.3", optional = true }
-# TODO: bump me
-chacha20poly1305 = { version = "0.7", optional = true }
+aead = { workspace = true, optional = true }
+chacha20poly1305 = { version = "0.10.1", optional = true }
 
-# TODO: bump me
-k256 = { version = "0.9.6", optional = true, features = ["ecdh", "ecdsa", "sha256"]}
+k256 = { version = "0.13.1", optional = true, features = ["ecdh", "ecdsa", "sha256"]}
 
 [dev-dependencies]
 hex-literal = { workspace = true }

diff --git a/crypto/src/encryption/chacha20poly1305.rs b/crypto/src/encryption/chacha20poly1305.rs
@@ -3,7 +3,7 @@ use aead::{
         typenum::{U0, U12, U16, U32, U36},
         GenericArray,
     },
-    Aead, Error, NewAead, Payload,
+    Aead, AeadCore, Error, KeyInit, KeySizeUser, Payload,
 };
 use chacha20poly1305::ChaCha20Poly1305 as SysChaCha20Poly1305;
 
@@ -19,19 +19,23 @@ impl Encryptor for ChaCha20Poly1305 {
     type MinSize = U36;
 }
 
-impl NewAead for ChaCha20Poly1305 {
+impl KeySizeUser for ChaCha20Poly1305 {
     type KeySize = U32;
+}
 
+impl KeyInit for ChaCha20Poly1305 {
     fn new(key: &GenericArray<u8, Self::KeySize>) -> Self {
         Self { key: *key }
     }
 }
 
-impl Aead for ChaCha20Poly1305 {
+impl AeadCore for ChaCha20Poly1305 {
     type NonceSize = U12;
     type TagSize = U16;
     type CiphertextOverhead = U0;
+}
 
+impl Aead for ChaCha20Poly1305 {
     fn encrypt<'msg, 'aad>(
         &self,
         nonce: &GenericArray<u8, Self::NonceSize>,

diff --git a/crypto/src/encryption/mod.rs b/crypto/src/encryption/mod.rs
@@ -7,7 +7,7 @@ use std::io::{Read, Write};
 
 use aead::{
     generic_array::{typenum::Unsigned, ArrayLength, GenericArray},
-    Aead, Error, NewAead, Payload,
+    Aead, Error, KeyInit, Payload,
 };
 use rand::{rngs::OsRng, RngCore};
 
@@ -64,12 +64,12 @@ impl<E: Encryptor> SymmetricEncryptor<E> {
     }
 
     pub fn new_from_session_key(key: SessionKey) -> Self {
-        Self::new(<E as NewAead>::new(GenericArray::from_slice(&key.0)))
+        Self::new(<E as KeyInit>::new(GenericArray::from_slice(&key.0)))
     }
 
     pub fn new_with_key<A: AsRef<[u8]>>(key: A) -> Result<Self, Error> {
         Ok(Self {
-            encryptor: <E as NewAead>::new(GenericArray::from_slice(key.as_ref())),
+            encryptor: <E as KeyInit>::new(GenericArray::from_slice(key.as_ref())),
         })
     }
 
@@ -151,7 +151,7 @@ impl<E: Encryptor + Default> Default for SymmetricEncryptor<E> {
 }
 
 /// Generic encryptor trait that all ciphers should extend.
-pub trait Encryptor: Aead + NewAead {
+pub trait Encryptor: Aead + KeyInit {
     /// The minimum size that the ciphertext will yield from plaintext
     type MinSize: ArrayLength<u8>;
 

diff --git a/crypto/src/kex/x25519.rs b/crypto/src/kex/x25519.rs
@@ -26,7 +26,7 @@ impl KeyExchangeScheme for X25519Sha256 {
                     let hash = sha2::Sha256::digest(s.as_slice());
                     s.zeroize();
                     let mut rng = ChaChaRng::from_seed(*array_ref!(hash.as_slice(), 0, 32));
-                    let sk = StaticSecret::new(&mut rng);
+                    let sk = StaticSecret::random_from_rng(&mut rng);
                     let pk = X25519PublicKey::from(&sk);
                     (pk, sk)
                 }
@@ -39,7 +39,7 @@ impl KeyExchangeScheme for X25519Sha256 {
             },
             None => {
                 let mut rng = OsRng::default();
-                let sk = StaticSecret::new(&mut rng);
+                let sk = StaticSecret::random_from_rng(&mut rng);
                 let pk = X25519PublicKey::from(&sk);
                 (pk, sk)
             }

diff --git a/crypto/src/signature/ed25519.rs b/crypto/src/signature/ed25519.rs
@@ -4,7 +4,7 @@
 use std::convert::TryFrom;
 
 use arrayref::array_ref;
-use ed25519_dalek::{Keypair, PublicKey as PK, Signature, Signer, Verifier};
+use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey as PK};
 pub use ed25519_dalek::{
     EXPANDED_SECRET_KEY_LENGTH as PRIVATE_KEY_SIZE, PUBLIC_KEY_LENGTH as PUBLIC_KEY_SIZE,
     SIGNATURE_LENGTH as SIGNATURE_SIZE,
@@ -19,6 +19,19 @@ const ALGORITHM: Algorithm = Algorithm::Ed25519;
 
 use crate::{Algorithm, Error, KeyGenOption, PrivateKey, PublicKey};
 
+fn parse_private_key(sk: &PrivateKey) -> Result<SigningKey, Error> {
+    assert_eq!(sk.digest_function, ALGORITHM);
+    SigningKey::from_keypair_bytes(
+        &<[u8; 64]>::try_from(&sk.payload[..]).map_err(|e| Error::Parse(e.to_string()))?,
+    )
+    .map_err(|e| Error::Parse(e.to_string()))
+}
+
+fn parse_public_key(pk: &PublicKey) -> Result<PK, Error> {
+    assert_eq!(pk.digest_function, ALGORITHM);
+    PK::try_from(&pk.payload[..]).map_err(|e| Error::Parse(e.to_string()))
+}
+
 #[derive(Debug, Clone, Copy)]
 pub struct Ed25519Sha512;
 
@@ -33,37 +46,32 @@ impl Ed25519Sha512 {
                     let hash = sha2::Sha256::digest(s.as_slice());
                     s.zeroize();
                     let mut rng = ChaChaRng::from_seed(*array_ref!(hash.as_slice(), 0, 32));
-                    Keypair::generate(&mut rng)
-                }
-                KeyGenOption::FromPrivateKey(ref s) => {
-                    assert_eq!(s.digest_function, ALGORITHM);
-                    Keypair::from_bytes(&s.payload[..]).map_err(|e| Error::KeyGen(e.to_string()))?
+                    SigningKey::generate(&mut rng)
                 }
+                KeyGenOption::FromPrivateKey(ref s) => parse_private_key(s)?,
             },
             None => {
                 let mut rng = OsRng::default();
-                Keypair::generate(&mut rng)
+                SigningKey::generate(&mut rng)
             }
         };
         Ok((
             PublicKey {
                 digest_function: ALGORITHM,
-                payload: ConstVec::new(kp.public.to_bytes().to_vec()),
+                payload: ConstVec::new(kp.verifying_key().to_bytes().to_vec()),
             },
             PrivateKey {
                 digest_function: ALGORITHM,
-                payload: ConstVec::new(kp.to_bytes().to_vec()),
+                payload: ConstVec::new(kp.to_keypair_bytes().to_vec()),
             },
         ))
     }
     pub fn sign(&self, message: &[u8], sk: &PrivateKey) -> Result<Vec<u8>, Error> {
-        assert_eq!(sk.digest_function, ALGORITHM);
-        let kp = Keypair::from_bytes(&sk.payload).map_err(|e| Error::KeyGen(e.to_string()))?;
+        let kp = parse_private_key(sk)?;
         Ok(kp.sign(message).to_bytes().to_vec())
     }
     pub fn verify(&self, message: &[u8], signature: &[u8], pk: &PublicKey) -> Result<bool, Error> {
-        assert_eq!(pk.digest_function, ALGORITHM);
-        let p = PK::from_bytes(&pk.payload).map_err(|e| Error::Parse(e.to_string()))?;
+        let p = parse_public_key(pk)?;
         let s = Signature::try_from(signature).map_err(|e| Error::Parse(e.to_string()))?;
         p.verify(message, &s)
             .map_err(|e| Error::Signing(e.to_string()))?;

diff --git a/crypto/src/signature/secp256k1.rs b/crypto/src/signature/secp256k1.rs
@@ -81,16 +81,16 @@ mod ecdsa_secp256k1 {
     impl EcdsaSecp256k1Impl {
         pub fn public_key_compressed(&self, pk: &PublicKey) -> Vec<u8> {
             assert_eq!(pk.digest_function, ALGORITHM);
-            let pk = secp256k1::key::PublicKey::from_slice(&pk.payload[..]).unwrap();
+            let pk = secp256k1::PublicKey::from_slice(&pk.payload[..]).unwrap();
             pk.serialize().to_vec()
         }
         pub fn public_key_uncompressed(&self, pk: &PublicKey) -> Vec<u8> {
             assert_eq!(pk.digest_function, ALGORITHM);
-            let pk = secp256k1::key::PublicKey::from_slice(&pk.payload[..]).unwrap();
+            let pk = secp256k1::PublicKey::from_slice(&pk.payload[..]).unwrap();
             pk.serialize_uncompressed().to_vec()
         }
         pub fn parse(&self, data: &[u8]) -> Result<PublicKey, Error> {
-            let res = secp256k1::key::PublicKey::from_slice(data)?;
+            let res = secp256k1::PublicKey::from_slice(data)?;
             let pk = PublicKey {
                 digest_function: ALGORITHM,
                 payload: ConstVec::new(res.serialize().to_vec()),
@@ -116,22 +116,22 @@ mod ecdsa_secp256k1 {
                         rng.fill_bytes(&mut s);
                         let k = D::digest(&s);
                         s.zeroize();
-                        secp256k1::key::SecretKey::from_slice(k.as_slice())?
+                        secp256k1::SecretKey::from_slice(k.as_slice())?
                     }
                     KeyGenOption::FromPrivateKey(ref s) => {
                         assert_eq!(s.digest_function, ALGORITHM);
-                        secp256k1::key::SecretKey::from_slice(&s.payload[..])?
+                        secp256k1::SecretKey::from_slice(&s.payload[..])?
                     }
                 },
                 None => {
                     let mut s = [0u8; PRIVATE_KEY_SIZE];
                     OsRng.fill_bytes(&mut s);
                     let k = D::digest(&s);
                     s.zeroize();
-                    secp256k1::key::SecretKey::from_slice(k.as_slice())?
+                    secp256k1::SecretKey::from_slice(k.as_slice())?
                 }
             };
-            let pk = secp256k1::key::PublicKey::from_secret_key(&self.0, &sk);
+            let pk = secp256k1::PublicKey::from_secret_key(&self.0, &sk);
             Ok((
                 PublicKey {
                     digest_function: ALGORITHM,
@@ -149,9 +149,9 @@ mod ecdsa_secp256k1 {
         {
             assert_eq!(sk.digest_function, ALGORITHM);
             let h = D::digest(message);
-            let msg = secp256k1::Message::from_slice(h.as_slice())?;
-            let s = secp256k1::key::SecretKey::from_slice(&sk.payload[..])?;
-            let sig = self.0.sign(&msg, &s);
+            let msg = secp256k1::Message::from_digest_slice(h.as_slice())?;
+            let s = secp256k1::SecretKey::from_slice(&sk.payload[..])?;
+            let sig = self.0.sign_ecdsa(&msg, &s);
             Ok(sig.serialize_compact().to_vec())
         }
         pub fn verify<D>(
@@ -165,18 +165,18 @@ mod ecdsa_secp256k1 {
         {
             assert_eq!(pk.digest_function, ALGORITHM);
             let h = D::digest(message);
-            let msg = secp256k1::Message::from_slice(h.as_slice())?;
+            let msg = secp256k1::Message::from_digest_slice(h.as_slice())?;
             let p = secp256k1::PublicKey::from_slice(&pk.payload[..])?;
-            let sig = secp256k1::Signature::from_compact(signature)?;
-            let res = self.0.verify(&msg, &sig, &p);
+            let sig = secp256k1::ecdsa::Signature::from_compact(signature)?;
+            let res = self.0.verify_ecdsa(&msg, &sig, &p);
             match res {
                 Ok(()) => Ok(true),
                 Err(secp256k1::Error::IncorrectSignature) => Ok(false),
                 Err(err) => Err(Error::from(err)),
             }
         }
         pub fn normalize_s(&self, signature: &mut [u8]) -> Result<(), Error> {
-            let mut sig = secp256k1::Signature::from_compact(signature)?;
+            let mut sig = secp256k1::ecdsa::Signature::from_compact(signature)?;
             sig.normalize_s();
             let compact = sig.serialize_compact();
             signature.clone_from_slice(&compact[..]);
@@ -196,6 +196,16 @@ impl From<secp256k1::Error> for Error {
             secp256k1::Error::InvalidRecoveryId => Error::Parse("Invalid Recovery Id".to_string()),
             secp256k1::Error::InvalidTweak => Error::Parse("Invalid Tweak".to_string()),
             secp256k1::Error::NotEnoughMemory => Error::Parse("Not Enough Memory".to_string()),
+            secp256k1::Error::InvalidSharedSecret => {
+                Error::Parse("Invalid Shared Secret".to_string())
+            }
+            secp256k1::Error::InvalidPublicKeySum => {
+                Error::Parse("Invalid Public Key Sum".to_string())
+            }
+            secp256k1::Error::InvalidParityValue(e) => {
+                Error::Parse(format!("Invalid Parity Value: {}", e))
+            }
+            secp256k1::Error::InvalidEllSwift => Error::Parse("Invalid Ell Swift".to_string()),
         }
     }
 }