Upgrade ed25519-dalek to 2.0.0-rc.2

Cargo.toml

@@ -30,9 +30,8 @@ experimental = []
 base64 = "0.21.0"
 byteorder = "1.4.3"
 openssl = "0.10.30"
-# Upgrade to 0.8.x is blocked by ed25519-dalek
-rand = "0.7.2"
-ed25519-dalek = "1.0.0"
+rand = "0.8.5"
+ed25519-dalek = { version = "2.0.0-rc.2", features = ["rand_core"] }
 zeroize = "1.1.0"
 log = "0.4.8"
 backtrace = "0.3.46"

src/format/ossh_privkey.rs

@@ -346,8 +346,8 @@ fn encode_key<W: Write + ?Sized>(key: &KeyPair, buf: &mut W) -> OsshResult<()> {
             buf.write_mpint(inner.private_key())?;
         }
         KeyPairType::ED25519(ed25519) => {
-            buf.write_string(&ed25519.key.public.to_bytes())?;
-            buf.write_string(&ed25519.key.to_bytes())?; // Actually is an ed25519 keypair
+            buf.write_string(&ed25519.key.verifying_key().to_bytes())?;
+            buf.write_string(&ed25519.key.to_keypair_bytes())?; // Actually is an ed25519 keypair
         }
     }
     Ok(())

src/format/ossh_pubkey.rs

@@ -2,7 +2,7 @@ use crate::error::*;
 use crate::keys::{dsa::*, ecdsa::*, ed25519::*, rsa::*, PublicKey, PublicParts};
 use crate::sshbuf::{SshReadExt, SshWriteExt};
 use base64::prelude::*;
-use ed25519_dalek::PublicKey as Ed25519PubKey;
+use ed25519_dalek::VerifyingKey as Ed25519PubKey;
 use ed25519_dalek::PUBLIC_KEY_LENGTH;
 use openssl::bn::BigNumContext;
 use openssl::dsa::DsaRef;

src/keys/ed25519.rs

@@ -4,15 +4,12 @@ use crate::format::ossh_pubkey::*;
 use openssl::pkey::{Id, PKey, Private, Public};
 #[rustfmt::skip]
 use ed25519_dalek::{
-    Keypair as DalekKeypair,
-    PublicKey as DalekPublicKey,
-    SecretKey as DalekSecretKey,
+    VerifyingKey,
+    SigningKey,
     Signature,
     Signer,
     Verifier,
     PUBLIC_KEY_LENGTH,
-    SECRET_KEY_LENGTH,
-    KEYPAIR_LENGTH,
 };
 use rand::rngs::OsRng;
 use std::fmt;
@@ -25,20 +22,20 @@ pub const ED25519_SHORT_NAME: &str = "ED25519";
 /// Represent the Ed25519 public key
 #[derive(Debug, Clone)]
 pub struct Ed25519PublicKey {
-    key: Box<DalekPublicKey>,
+    key: Box<VerifyingKey>,
 }
 
 impl Ed25519PublicKey {
     /// Create the Ed25519 public key from public components
     pub fn new(key: &[u8; PUBLIC_KEY_LENGTH]) -> Result<Self, ed25519_dalek::SignatureError> {
         Ok(Self {
-            key: Box::new(DalekPublicKey::from_bytes(key)?),
+            key: Box::new(VerifyingKey::from_bytes(key)?),
         })
     }
 
     pub(crate) fn from_ossl_ed25519(key: &[u8]) -> Result<Self, ed25519_dalek::SignatureError> {
         Ok(Self {
-            key: Box::new(DalekPublicKey::from_bytes(key)?),
+            key: Box::new(VerifyingKey::try_from(key)?),
         })
     }
 
@@ -86,7 +83,7 @@ impl fmt::Display for Ed25519PublicKey {
 
 /// Represent the Ed25519 key pair
 pub struct Ed25519KeyPair {
-    pub(crate) key: Box<DalekKeypair>,
+    pub(crate) key: Box<SigningKey>,
 }
 
 impl Key for Ed25519KeyPair {
@@ -113,49 +110,42 @@ impl Ed25519KeyPair {
         }
 
         Ok(Ed25519KeyPair {
-            key: Box::new(DalekKeypair::generate(&mut OsRng)),
+            key: Box::new(SigningKey::generate(&mut OsRng)),
         })
     }
 
     pub(crate) fn from_bytes(pk: &[u8], sk: &[u8]) -> OsshResult<Self> {
-        if pk.len() != PUBLIC_KEY_LENGTH {
-            return Err(ErrorKind::InvalidKeySize.into());
-        }
-        if sk.len() != KEYPAIR_LENGTH {
-            return Err(ErrorKind::InvalidKeySize.into());
-        }
-        if pk != &sk[SECRET_KEY_LENGTH..] {
+        let verify_key = VerifyingKey::try_from(pk)?;
+        let secret_key = SigningKey::from_keypair_bytes(sk.try_into()?)?;
+        if secret_key.verifying_key() != verify_key {
             return Err(ErrorKind::InvalidKey.into());
         }
         Ok(Ed25519KeyPair {
-            key: Box::new(DalekKeypair {
-                public: DalekPublicKey::from_bytes(pk)?,
-                secret: DalekSecretKey::from_bytes(&sk[..SECRET_KEY_LENGTH])?,
-            }),
+            key: Box::new(secret_key),
         })
     }
 
     /// Clone the public parts to generate public key
     pub fn clone_public_key(&self) -> Result<Ed25519PublicKey, Error> {
         Ok(Ed25519PublicKey {
-            key: Box::new(self.key.public),
+            key: Box::new(self.key.verifying_key()),
         })
     }
 
-    pub(crate) fn from_ossl_ed25519(key: &[u8]) -> Result<Self, ed25519_dalek::SignatureError> {
+    pub(crate) fn from_ossl_ed25519(key: &[u8]) -> Result<Self, Error> {
         Ok(Self {
-            key: Box::new(DalekKeypair::from_bytes(key)?),
+            key: Box::new(SigningKey::from_keypair_bytes(key.try_into()?)?),
         })
     }
 
     pub(crate) fn ossl_pkey(&self) -> Result<PKey<Private>, openssl::error::ErrorStack> {
-        PKey::private_key_from_raw_bytes(&self.key.secret.to_bytes(), Id::ED25519)
+        PKey::private_key_from_raw_bytes(&self.key.to_bytes(), Id::ED25519)
     }
 }
 
 impl PublicParts for Ed25519KeyPair {
     fn blob(&self) -> Result<Vec<u8>, Error> {
-        encode_ed25519_pubkey(&self.key.public)
+        encode_ed25519_pubkey(&self.key.verifying_key())
     }
 
     fn verify(&self, data: &[u8], sig: &[u8]) -> Result<bool, Error> {

tests/utils.rs

@@ -37,7 +37,7 @@ pub fn gen_random_pass(len: usize) -> String {
     let mut rng = ThreadRng::default();
     (0..len)
         .map(|_| -> char {
-            let i = rng.gen_range(0, charset_len);
+            let i = rng.gen_range(0..charset_len);
             PASSPHRASE_CHARSET.as_bytes()[i].into()
         })
         .collect()