diff --git a/Cargo.toml b/Cargo.toml index e8bbb36..ba20d91 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "nkeys" -version = "0.3.1" +version = "0.3.2" authors = ["wasmCloud Team"] edition = "2021" description = "Rust implementation of the NATS nkeys library" @@ -13,16 +13,25 @@ keywords = ["crypto", "nats", "ed25519", "cryptography"] categories = ["cryptography", "authentication"] [features] -cli = ["quicli", "structopt", "term-table", "exitfailure", "env_logger", "serde_json"] +cli = [ + "quicli", + "structopt", + "term-table", + "exitfailure", + "env_logger", + "serde_json", +] [[bin]] name = "nk" required-features = ["cli"] [dependencies] -signatory = "0.23" -ed25519 = { version = "1.3", default-features = false } -ed25519-dalek = { version = "1.0.1", default-features = false, features = ["u64_backend"] } +signatory = "0.27" +ed25519 = { version = "2.0.0", default-features = false } +ed25519-dalek = { version = "2.0.0", default-features = false, features = [ + "digest", +] } rand = "0.8" byteorder = "1.3.4" data-encoding = "2.3.0" @@ -32,7 +41,7 @@ log = "0.4.11" quicli = { version = "0.4", optional = true } structopt = { version = "0.3.17", optional = true } term-table = { version = "1.3.0", optional = true } -exitfailure = { version = "0.5.1", optional =true } +exitfailure = { version = "0.5.1", optional = true } env_logger = { version = "0.9", optional = true } serde_json = { version = "1.0", optional = true } diff --git a/src/bin/nk/main.rs b/src/bin/nk/main.rs index 67ffbbe..5f87cb5 100644 --- a/src/bin/nk/main.rs +++ b/src/bin/nk/main.rs @@ -96,7 +96,7 @@ fn generate(kt: &KeyPairType, output_type: &Output) { "seed": kp.seed().unwrap(), }); - println!("{}", output.to_string()); + println!("{}", output); } } } diff --git a/src/lib.rs b/src/lib.rs index dbab5b1..37adf0e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -48,7 +48,7 @@ use std::fmt::{self, Debug}; use crc::{extract_crc, push_crc, valid_checksum}; -use ed25519_dalek::{ExpandedSecretKey, PublicKey, SecretKey, Signature, Verifier}; +use ed25519_dalek::{SecretKey, Signer, SigningKey, Verifier, VerifyingKey}; use rand::prelude::*; const ENCODED_SEED_LENGTH: usize = 58; @@ -81,7 +81,8 @@ type Result = std::result::Result; pub struct KeyPair { kp_type: KeyPairType, sk: Option, //rawkey_kind: RawKeyKind, - pk: PublicKey, + signing_key: Option, + pk: VerifyingKey, } impl Debug for KeyPair { @@ -160,11 +161,12 @@ impl KeyPair { /// Returns an error if there is an issue using the bytes to generate the key /// NOTE: These bytes should be generated from a cryptographically secure random source. pub fn new_from_raw(kp_type: KeyPairType, random_bytes: [u8; 32]) -> Result { - let s = create_seed(random_bytes)?; + let signing_key = SigningKey::from_bytes(&random_bytes); Ok(KeyPair { kp_type, - pk: pk_from_seed(&s), - sk: Some(s), + pk: signing_key.verifying_key(), + signing_key: Some(signing_key), + sk: Some(random_bytes), }) } @@ -243,9 +245,8 @@ impl KeyPair { /// Attempts to sign the given input with the key pair's seed pub fn sign(&self, input: &[u8]) -> Result> { - if let Some(ref seed) = self.sk { - let expanded: ExpandedSecretKey = seed.into(); - let sig: Signature = expanded.sign(input, &self.pk); + if let Some(ref seed) = self.signing_key { + let sig = seed.sign(input); Ok(sig.to_bytes().to_vec()) } else { Err(err!(SignatureError, "Cannot sign without a seed key")) @@ -256,7 +257,7 @@ impl KeyPair { pub fn verify(&self, input: &[u8], sig: &[u8]) -> Result<()> { let mut fixedsig = [0; ed25519::Signature::BYTE_SIZE]; fixedsig.copy_from_slice(sig); - let insig = ed25519::Signature::from_bytes(&fixedsig)?; + let insig = ed25519::Signature::from_bytes(&fixedsig); match self.pk.verify(input, &insig) { Ok(()) => Ok(()), @@ -277,7 +278,7 @@ impl KeyPair { raw.push(b1); raw.push(b2); - raw.extend(seed.as_bytes().iter()); + raw.extend(seed.iter()); push_crc(&mut raw); Ok(data_encoding::BASE32_NOPAD.encode(&raw[..])) @@ -300,11 +301,12 @@ impl KeyPair { )) } else { raw.remove(0); - match PublicKey::from_bytes(&raw) { + match VerifyingKey::try_from(&raw[..]) { Ok(pk) => Ok(KeyPair { kp_type: KeyPairType::from(prefix), pk, sk: None, + signing_key: None, }), Err(_) => Err(err!(VerifyError, "Could not read public key")), } @@ -332,14 +334,16 @@ impl KeyPair { let b2 = (raw[0] & 7) << 5 | ((raw[1] & 248) >> 3); let kp_type = KeyPairType::from(b2); - let mut seed_bytes = [0u8; 32]; - seed_bytes.copy_from_slice(&raw[2..]); - let seed = SecretKey::from_bytes(&seed_bytes[..])?; + let mut seed = [0u8; 32]; + seed.copy_from_slice(&raw[2..]); + + let signing_key = SigningKey::from_bytes(&seed); Ok(KeyPair { kp_type, - pk: pk_from_seed(&seed), + pk: signing_key.verifying_key(), sk: Some(seed), + signing_key: Some(signing_key), }) } } @@ -350,10 +354,6 @@ impl KeyPair { } } -fn pk_from_seed(seed: &SecretKey) -> PublicKey { - seed.into() -} - fn decode_raw(raw: &[u8]) -> Result> { let mut b32_decoded = data_encoding::BASE32_NOPAD.decode(raw)?; @@ -371,10 +371,6 @@ fn generate_seed_rand() -> [u8; 32] { rng.gen::<[u8; 32]>() } -fn create_seed(rand_bytes: [u8; 32]) -> Result { - SecretKey::from_bytes(&rand_bytes[..]).map_err(|e| e.into()) -} - fn get_prefix_byte(kp_type: &KeyPairType) -> u8 { match kp_type { KeyPairType::Server => PREFIX_BYTE_SERVER,