summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWiktor Kwapisiewicz <wiktor@metacode.biz>2023-09-01 11:32:53 +0200
committerWiktor Kwapisiewicz <wiktor@metacode.biz>2023-09-03 12:43:41 +0200
commitbad1de3de03a519009bd2d77844452971b620fa5 (patch)
tree3031a60835324fc63360397c3c5d9a4c8fc9c680
parentbedff19babee71325e5c2be695a468df90892780 (diff)
WIP: Upgrade dalekwiktor/upgrade-dalek
Diffstat
-rw-r--r--Cargo.lock226
-rw-r--r--openpgp/Cargo.toml14
-rw-r--r--openpgp/src/crypto/backend/cng/asymmetric.rs48
-rw-r--r--openpgp/src/crypto/backend/rust.rs4
-rw-r--r--openpgp/src/crypto/backend/rust/asymmetric.rs59
-rw-r--r--openpgp/src/crypto/mem.rs12
6 files changed, 166 insertions, 197 deletions
diff --git a/Cargo.lock b/Cargo.lock
index e9cadc26..1b7f9298 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -171,15 +171,6 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
[[package]]
name = "block-buffer"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4"
-dependencies = [
- "generic-array",
-]
-
-[[package]]
-name = "block-buffer"
version = "0.10.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
@@ -592,7 +583,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf4c2f4e1afd912bc40bfd6fed5d9dc1f288e0ba01bfcc835cc5bc3eb13efe15"
dependencies = [
"generic-array",
- "rand_core 0.6.4",
+ "rand_core",
"subtle",
"zeroize",
]
@@ -604,7 +595,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
dependencies = [
"generic-array",
- "rand_core 0.6.4",
+ "rand_core",
"typenum",
]
@@ -629,18 +620,33 @@ dependencies = [
[[package]]
name = "curve25519-dalek"
-version = "3.2.0"
+version = "4.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
+checksum = "f711ade317dd348950a9910f81c5947e3d8907ebd2b83f76203ff1807e6a2bc2"
dependencies = [
- "byteorder",
- "digest 0.9.0",
- "rand_core 0.5.1",
+ "cfg-if",
+ "cpufeatures",
+ "curve25519-dalek-derive",
+ "digest 0.10.6",
+ "fiat-crypto",
+ "platforms",
+ "rustc_version",
"subtle",
"zeroize",
]
[[package]]
+name = "curve25519-dalek-derive"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "83fdaf97f4804dcebfa5862639bc9ce4121e82140bec2a987ac5140294865b5b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.16",
+]
+
+[[package]]
name = "curve25519-dalek-ng"
version = "4.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -648,7 +654,7 @@ checksum = "1c359b7249347e46fb28804470d071c921156ad62b3eef5d34e2ba867533dec8"
dependencies = [
"byteorder",
"digest 0.9.0",
- "rand_core 0.6.4",
+ "rand_core",
"subtle-ng",
"zeroize",
]
@@ -719,7 +725,7 @@ version = "0.10.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f"
dependencies = [
- "block-buffer 0.10.4",
+ "block-buffer",
"const-oid",
"crypto-common",
"subtle",
@@ -783,7 +789,7 @@ dependencies = [
"num-traits",
"pkcs8 0.9.0",
"rfc6979 0.3.1",
- "sha2 0.10.6",
+ "sha2",
"signature 2.0.0",
"zeroize",
]
@@ -840,15 +846,26 @@ dependencies = [
]
[[package]]
+name = "ed25519"
+version = "2.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "60f6d271ca33075c88028be6f04d502853d63a5ece419d269c15315d4fc1cf1d"
+dependencies = [
+ "pkcs8 0.10.2",
+ "signature 2.0.0",
+]
+
+[[package]]
name = "ed25519-dalek"
-version = "1.0.1"
+version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d"
+checksum = "7277392b266383ef8396db7fdeb1e77b6c52fed775f5df15bb24f35b72156980"
dependencies = [
"curve25519-dalek",
- "ed25519",
- "rand 0.7.3",
- "sha2 0.9.9",
+ "ed25519 2.2.2",
+ "rand_core",
+ "serde",
+ "sha2",
"zeroize",
]
@@ -873,7 +890,7 @@ dependencies = [
"hkdf",
"pem-rfc7468",
"pkcs8 0.10.2",
- "rand_core 0.6.4",
+ "rand_core",
"sec1",
"subtle",
"zeroize",
@@ -942,11 +959,17 @@ version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449"
dependencies = [
- "rand_core 0.6.4",
+ "rand_core",
"subtle",
]
[[package]]
+name = "fiat-crypto"
+version = "0.1.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77"
+
+[[package]]
name = "fixedbitset"
version = "0.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1104,19 +1127,6 @@ dependencies = [
[[package]]
name = "getrandom"
-version = "0.1.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
-dependencies = [
- "cfg-if",
- "js-sys",
- "libc",
- "wasi 0.9.0+wasi-snapshot-preview1",
- "wasm-bindgen",
-]
-
-[[package]]
-name = "getrandom"
version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4"
@@ -1124,7 +1134,7 @@ dependencies = [
"cfg-if",
"js-sys",
"libc",
- "wasi 0.11.0+wasi-snapshot-preview1",
+ "wasi",
"wasm-bindgen",
]
@@ -1151,7 +1161,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
dependencies = [
"ff",
- "rand_core 0.6.4",
+ "rand_core",
"subtle",
]
@@ -1633,7 +1643,7 @@ checksum = "5b9d9a46eff5b4ff64b45a9e316a6d1e0bc719ef429cbec4dc630684212bfdf9"
dependencies = [
"libc",
"log",
- "wasi 0.11.0+wasi-snapshot-preview1",
+ "wasi",
"windows-sys 0.45.0",
]
@@ -1661,7 +1671,7 @@ version = "7.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9fdccf3eae7b161910d2daa2f0155ca35041322e8fe5c5f1f2c9d0b12356336"
dependencies = [
- "getrandom 0.2.9",
+ "getrandom",
"libc",
"nettle-sys",
"thiserror",
@@ -1719,7 +1729,7 @@ dependencies = [
"num-integer",
"num-iter",
"num-traits",
- "rand 0.8.5",
+ "rand",
"smallvec",
"zeroize",
]
@@ -1842,7 +1852,7 @@ dependencies = [
"ecdsa",
"elliptic-curve",
"primeorder",
- "sha2 0.10.6",
+ "sha2",
]
[[package]]
@@ -1958,6 +1968,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"
[[package]]
+name = "platforms"
+version = "3.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4503fa043bf02cee09a9582e9554b4c6403b2ef55e4612e96561d294419429f8"
+
+[[package]]
name = "plotters"
version = "0.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2039,7 +2055,7 @@ version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "588f6378e4dd99458b60ec275b4477add41ce4fa9f64dcba6f15adccb19b50d6"
dependencies = [
- "rand 0.8.5",
+ "rand",
]
[[package]]
@@ -2063,36 +2079,13 @@ dependencies = [
[[package]]
name = "rand"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
-dependencies = [
- "getrandom 0.1.16",
- "libc",
- "rand_chacha 0.2.2",
- "rand_core 0.5.1",
- "rand_hc",
-]
-
-[[package]]
-name = "rand"
version = "0.8.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
dependencies = [
"libc",
- "rand_chacha 0.3.1",
- "rand_core 0.6.4",
-]
-
-[[package]]
-name = "rand_chacha"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
-dependencies = [
- "ppv-lite86",
- "rand_core 0.5.1",
+ "rand_chacha",
+ "rand_core",
]
[[package]]
@@ -2102,16 +2095,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
dependencies = [
"ppv-lite86",
- "rand_core 0.6.4",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
-dependencies = [
- "getrandom 0.1.16",
+ "rand_core",
]
[[package]]
@@ -2120,16 +2104,7 @@ version = "0.6.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
dependencies = [
- "getrandom 0.2.9",
-]
-
-[[package]]
-name = "rand_hc"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
-dependencies = [
- "rand_core 0.5.1",
+ "getrandom",
]
[[package]]
@@ -2178,7 +2153,7 @@ version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b"
dependencies = [
- "getrandom 0.2.9",
+ "getrandom",
"redox_syscall 0.2.16",
"thiserror",
]
@@ -2273,7 +2248,7 @@ dependencies = [
"num-traits",
"pkcs1",
"pkcs8 0.10.2",
- "rand_core 0.6.4",
+ "rand_core",
"signature 2.0.0",
"spki 0.7.2",
"subtle",
@@ -2287,6 +2262,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
[[package]]
+name = "rustc_version"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
+dependencies = [
+ "semver",
+]
+
+[[package]]
name = "rustix"
version = "0.37.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2374,6 +2358,12 @@ dependencies = [
]
[[package]]
+name = "semver"
+version = "1.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b0293b4b29daaf487284529cc2f5675b8e57c61f70167ba415a463651fd6a918"
+
+[[package]]
name = "sequoia-autocrypt"
version = "0.25.1"
dependencies = [
@@ -2408,7 +2398,7 @@ dependencies = [
"libc",
"memsec",
"quickcheck",
- "rand 0.8.5",
+ "rand",
"sequoia-openpgp",
"socket2",
"tempfile",
@@ -2431,7 +2421,7 @@ dependencies = [
"libc",
"native-tls",
"percent-encoding",
- "rand 0.8.5",
+ "rand",
"sequoia-openpgp",
"tempfile",
"thiserror",
@@ -2468,11 +2458,11 @@ dependencies = [
"eax",
"ecb",
"ecdsa",
- "ed25519",
+ "ed25519 1.5.3",
"ed25519-dalek",
"flate2",
"generic-array",
- "getrandom 0.2.9",
+ "getrandom",
"idea",
"idna 0.3.0",
"lalrpop",
@@ -2488,9 +2478,8 @@ dependencies = [
"openssl-sys",
"p256",
"quickcheck",
- "rand 0.7.3",
- "rand 0.8.5",
- "rand_core 0.6.4",
+ "rand",
+ "rand_core",
"regex",
"regex-syntax 0.6.29",
"ripemd",
@@ -2498,7 +2487,7 @@ dependencies = [
"rsa",
"sha-1",
"sha1collisiondetection",
- "sha2 0.10.6",
+ "sha2",
"thiserror",
"twofish",
"typenum",
@@ -2562,19 +2551,6 @@ dependencies = [
[[package]]
name = "sha2"
-version = "0.9.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800"
-dependencies = [
- "block-buffer 0.9.0",
- "cfg-if",
- "cpufeatures",
- "digest 0.9.0",
- "opaque-debug",
-]
-
-[[package]]
-name = "sha2"
version = "0.10.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0"
@@ -2603,7 +2579,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8fe458c98333f9c8152221191a77e2a44e8325d0193484af2e9421a53019e57d"
dependencies = [
"digest 0.10.6",
- "rand_core 0.6.4",
+ "rand_core",
]
[[package]]
@@ -2928,7 +2904,7 @@ dependencies = [
"futures-util",
"lazy_static",
"radix_trie",
- "rand 0.8.5",
+ "rand",
"thiserror",
"time",
"tokio",
@@ -2953,7 +2929,7 @@ dependencies = [
"ipnet",
"lazy_static",
"openssl",
- "rand 0.8.5",
+ "rand",
"smallvec",
"thiserror",
"tinyvec",
@@ -3085,12 +3061,6 @@ dependencies = [
[[package]]
name = "wasi"
-version = "0.9.0+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
-
-[[package]]
-name = "wasi"
version = "0.11.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
@@ -3167,13 +3137,13 @@ checksum = "17882f045410753661207383517a6f62ec3dbeb6a4ed2acce01f0728238d1983"
[[package]]
name = "win-crypto-ng"
-version = "0.5.0"
+version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aea60789d46dc8aa7d41758143c1b7dc2d6101a421712f88716a9646da2a4e39"
+checksum = "99abfb435a71e54ab2971d8d8c32f1a7e006cdbf527f71743b1d45b93517bb92"
dependencies = [
"cipher",
"doc-comment",
- "rand_core 0.5.1",
+ "rand_core",
"winapi",
"zeroize",
]
@@ -3381,8 +3351,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bf7074de8999662970c3c4c8f7f30925028dd8f4ca31ad4c055efa9cdf2ec326"
dependencies = [
"curve25519-dalek-ng",
- "rand 0.8.5",
- "rand_core 0.6.4",
+ "rand",
+ "rand_core",
"zeroize",
]
diff --git a/openpgp/Cargo.toml b/openpgp/Cargo.toml
index 2f48b495..4cadd511 100644
--- a/openpgp/Cargo.toml
+++ b/openpgp/Cargo.toml
@@ -45,6 +45,8 @@ regex-syntax = "0.6"
sha1collisiondetection = { version = "0.2.3", default-features = false, features = ["std"] }
thiserror = "1.0.2"
xxhash-rust = { version = "0.8", features = ["xxh3"] }
+rand = { version = "0.8" }
+
# At least 0.10.55 is needed due `no-ocb` check:
# https://github.com/sfackler/rust-openssl/blob/master/openssl/CHANGELOG.md
openssl = { version = "0.10.55", optional = true }
@@ -75,16 +77,12 @@ ecdsa = { version = "0.16", optional = true, features = ["hazmat", "arithmetic"]
# need the std feature, at least so that ed25519::Error implements
# std::error::Error.
ed25519 = { version = "1", default-features = false, features = ["std"], optional = true }
-ed25519-dalek = { version = "1", default-features = false, features = ["rand", "u64_backend"], optional = true }
+ed25519-dalek = { version = "2", features = ["rand_core"], optional = true }
generic-array = { version = "0.14.4", optional = true }
idea = { version = "0.5", optional = true }
md-5 = { version = "0.10", features = ["oid"], optional = true }
num-bigint-dig = { version = "0.8", default-features = false, optional = true }
p256 = { version = "0.13", optional = true, features = ["ecdh", "ecdsa"] }
-# XXX: ed25519-dalek 1.0.1 depends on rand 0.7 and doesn't reexport it.
-# https://github.com/dalek-cryptography/ed25519-dalek/blob/1.0.1/Cargo.toml#L28
-rand07 = { package = "rand", version = "0.7.3", optional = true }
-rand = { package = "rand", version = "0.8", optional = true }
rand_core = { version = "0.6", optional = true }
ripemd = { version = "0.1", features = ["oid"], optional = true }
rsa = { version = "0.9.0", optional = true }
@@ -112,14 +110,12 @@ winapi = { version = "0.3.8", default-features = false, features = ["bcrypt"], o
[target.'cfg(all(target_arch = "wasm32", target_os = "unknown"))'.dependencies]
chrono = { version = "0.4.10", default-features = false, features = ["std", "wasmbind", "clock"] }
getrandom = { version = "0.2", features = ["js"] }
-rand07 = { package = "rand", version = "0.7", features = ["wasm-bindgen"] }
[build-dependencies]
lalrpop = { version = ">=0.17, <0.20", default-features = false }
[dev-dependencies]
quickcheck = { version = "1", default-features = false }
-rand = { version = "0.8" }
rpassword = "6.0"
criterion = { version = "0.4", features = ["html_reports"] }
@@ -130,13 +126,13 @@ crypto-nettle = ["nettle"]
crypto-rust = [
"aes", "block-padding", "blowfish", "camellia", "cast5", "cfb-mode", "cipher", "des",
"digest", "eax", "ecb", "ed25519", "ed25519-dalek", "generic-array", "idea",
- "md-5", "num-bigint-dig", "rand", "rand07", "ripemd", "rsa", "sha-1", "sha2",
+ "md-5", "num-bigint-dig", "ripemd", "rsa", "sha-1", "sha2",
"twofish", "typenum", "x25519-dalek-ng", "p256",
"rand_core", "rand_core/getrandom", "ecdsa", "aes-gcm", "dsa"
]
crypto-cng = [
"cipher", "eax", "winapi", "win-crypto-ng", "ed25519", "ed25519-dalek",
- "num-bigint-dig", "aes-gcm"
+ "num-bigint-dig", "aes-gcm", "rand_core"
]
crypto-openssl = ["openssl", "openssl-sys"]
crypto-botan = ["botan/botan3"]
diff --git a/openpgp/src/crypto/backend/cng/asymmetric.rs b/openpgp/src/crypto/backend/cng/asymmetric.rs
index 668ea7ac..9e7df40d 100644
--- a/openpgp/src/crypto/backend/cng/asymmetric.rs
+++ b/openpgp/src/crypto/backend/cng/asymmetric.rs
@@ -102,36 +102,31 @@ impl Asymmetric for super::Backend {
fn ed25519_generate_key() -> Result<(Protected, [u8; 32])> {
let mut rng = cng::random::RandomNumberGenerator::system_preferred();
- let pair = ed25519_dalek::Keypair::generate(&mut rng);
- Ok((pair.secret.as_bytes().as_slice().into(), pair.secret.to_bytes()))
+ let pair = ed25519_dalek::SigningKey::generate(&mut rng);
+ Ok((pair.to_bytes().into(), pair.verifying_key().to_bytes()))
}
fn ed25519_derive_public(secret: &Protected) -> Result<[u8; 32]> {
- use ed25519_dalek::{PublicKey, SecretKey};
+ use ed25519_dalek::SigningKey;
- let secret = SecretKey::from_bytes(secret).map_err(|e| {
+ let secret = secret.as_ref().try_into().map_err(|e: std::array::TryFromSliceError| {
Error::InvalidKey(e.to_string())
})?;
- let public = PublicKey::from(&secret);
+
+ let secret = SigningKey::from_bytes(secret);
+ let public = secret.verifying_key();
Ok(public.to_bytes())
}
fn ed25519_sign(secret: &Protected, public: &[u8; 32], digest: &[u8])
-> Result<[u8; 64]> {
- use ed25519_dalek::{Keypair, Signer};
- use ed25519_dalek::{PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH};
+ use ed25519_dalek::{SigningKey, Signer};
- if secret.len() != SECRET_KEY_LENGTH {
- return Err(crate::Error::InvalidArgument(
- "Bad Ed25519 secret length".into()).into());
- }
+ let mut keypair = secret.as_ref().try_into().map_err(|e: std::array::TryFromSliceError| {
+ Error::InvalidKey(e.to_string())
+ })?;
- let mut keypair = Protected::from(
- vec![0u8; SECRET_KEY_LENGTH + PUBLIC_KEY_LENGTH]
- );
- keypair.as_mut()[..SECRET_KEY_LENGTH].copy_from_slice(secret);
- keypair.as_mut()[SECRET_KEY_LENGTH..].copy_from_slice(public);
- let pair = Keypair::from_bytes(&keypair)?;
+ let pair = SigningKey::from_bytes(&keypair);
unsafe {
memsec::memzero(keypair.as_mut_ptr(), keypair.len());
}
@@ -141,13 +136,16 @@ impl Asymmetric for super::Backend {
fn ed25519_verify(public: &[u8; 32], digest: &[u8], signature: &[u8; 64])
-> Result<bool> {
- use ed25519_dalek::{PublicKey, Signature};
- use ed25519_dalek::{Verifier};
+ use ed25519_dalek::{VerifyingKey, Verifier, Signature};
- let public = PublicKey::from_bytes(public).map_err(|e| {
+ let public = VerifyingKey::from_bytes(public).map_err(|e| {
Error::InvalidKey(e.to_string())
})?;
- let signature = Signature::from_bytes(&signature.clone())?;
+ let signature = signature.as_ref().try_into().map_err(|e: std::array::TryFromSliceError| {
+ Error::InvalidArgument(e.to_string())
+ })?;
+
+ let signature = Signature::from_bytes(signature);
Ok(public.verify(digest, &signature).is_ok())
}
@@ -921,18 +919,18 @@ where
},
(Curve::Ed25519, true) => {
// CNG doesn't support EdDSA, use ed25519-dalek instead
- use ed25519_dalek::Keypair;
+ use ed25519_dalek::SigningKey;
let mut rng = cng::random::RandomNumberGenerator::system_preferred();
- let Keypair { public, secret } = Keypair::generate(&mut rng);
+ let key = SigningKey::generate(&mut rng);
- let secret: Protected = secret.as_bytes().as_ref().into();
+ let secret: Protected = key.to_bytes().as_ref().into();
// Mark MPI as compressed point with 0x40 prefix. See
// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07#section-13.2.
let mut compressed_public = [0u8; 1 + CURVE25519_SIZE];
compressed_public[0] = 0x40;
- compressed_public[1..].copy_from_slice(public.as_bytes());
+ compressed_public[1..].copy_from_slice(key.verifying_key().as_bytes());
(
EdDSA,
diff --git a/openpgp/src/crypto/backend/rust.rs b/openpgp/src/crypto/backend/rust.rs
index 41e95492..90e0ed16 100644
--- a/openpgp/src/crypto/backend/rust.rs
+++ b/openpgp/src/crypto/backend/rust.rs
@@ -21,8 +21,8 @@ impl super::interface::Backend for Backend {
}
fn random(buf: &mut [u8]) -> Result<()> {
- use rand07::rngs::OsRng;
- use rand07::RngCore;
+ use rand::rngs::OsRng;
+ use rand::RngCore;
OsRng.fill_bytes(buf);
Ok(())
}
diff --git a/openpgp/src/crypto/backend/rust/asymmetric.rs b/openpgp/src/crypto/backend/rust/asymmetric.rs
index 764f6803..3e229ceb 100644
--- a/openpgp/src/crypto/backend/rust/asymmetric.rs
+++ b/openpgp/src/crypto/backend/rust/asymmetric.rs
@@ -90,39 +90,32 @@ impl Asymmetric for super::Backend {
}
fn ed25519_generate_key() -> Result<(Protected, [u8; 32])> {
- // ed25519_dalek v1.0.1 doesn't reexport OsRng. It
- // depends on 0.7.
- use rand07::rngs::OsRng as OsRng;
- let pair = ed25519_dalek::Keypair::generate(&mut OsRng);
- Ok((pair.secret.as_bytes().as_slice().into(), pair.secret.to_bytes()))
+ use rand::rngs::OsRng as OsRng;
+ let pair = ed25519_dalek::SigningKey::generate(&mut OsRng);
+ Ok((pair.to_bytes().into(), pair.verifying_key().to_bytes()))
}
fn ed25519_derive_public(secret: &Protected) -> Result<[u8; 32]> {
- use ed25519_dalek::{PublicKey, SecretKey};
+ use ed25519_dalek::SigningKey;
- let secret = SecretKey::from_bytes(secret).map_err(|e| {
+ let secret = secret.as_ref().try_into().map_err(|e: std::array::TryFromSliceError| {
Error::InvalidKey(e.to_string())
})?;
- let public = PublicKey::from(&secret);
+
+ let secret = SigningKey::from_bytes(secret);
+ let public = secret.verifying_key();
Ok(public.to_bytes())
}
- fn ed25519_sign(secret: &Protected, public: &[u8; 32], digest: &[u8])
+ fn ed25519_sign(secret: &Protected, _public: &[u8; 32], digest: &[u8])
-> Result<[u8; 64]> {
- use ed25519_dalek::{Keypair, Signer};
- use ed25519_dalek::{PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH};
+ use ed25519_dalek::{SigningKey, Signer};
- if secret.len() != SECRET_KEY_LENGTH {
- return Err(crate::Error::InvalidArgument(
- "Bad Ed25519 secret length".into()).into());
- }
+ let mut keypair = secret.as_ref().try_into().map_err(|e: std::array::TryFromSliceError| {
+ Error::InvalidKey(e.to_string())
+ })?;
- let mut keypair = Protected::from(
- vec![0u8; SECRET_KEY_LENGTH + PUBLIC_KEY_LENGTH]
- );
- keypair.as_mut()[..SECRET_KEY_LENGTH].copy_from_slice(secret);
- keypair.as_mut()[SECRET_KEY_LENGTH..].copy_from_slice(public);
- let pair = Keypair::from_bytes(&keypair)?;
+ let pair = SigningKey::from_bytes(&keypair);
unsafe {
memsec::memzero(keypair.as_mut_ptr(), keypair.len());
}
@@ -132,13 +125,16 @@ impl Asymmetric for super::Backend {
fn ed25519_verify(public: &[u8; 32], digest: &[u8], signature: &[u8; 64])
-> Result<bool> {
- use ed25519_dalek::{PublicKey, Signature};
- use ed25519_dalek::{Verifier};
+ use ed25519_dalek::{VerifyingKey, Verifier, Signature};
- let public = PublicKey::from_bytes(public).map_err(|e| {
+ let public = VerifyingKey::from_bytes(public).map_err(|e| {
Error::InvalidKey(e.to_string())
})?;
- let signature = Signature::from_bytes(&signature.clone())?;
+ let signature = signature.as_ref().try_into().map_err(|e: std::array::TryFromSliceError| {
+ Error::InvalidArgument(e.to_string())
+ })?;
+
+ let signature = Signature::from_bytes(signature);
Ok(public.verify(digest, &signature).is_ok())
}
@@ -566,22 +562,19 @@ impl<R> Key4<SecretParts, R>
let (algo, public, private) = match (&curve, for_signing) {
(Curve::Ed25519, true) => {
- use ed25519_dalek::Keypair;
+ use ed25519_dalek::SigningKey;
- // ed25519_dalek v1.0.1 doesn't reexport OsRng. It
- // depends on 0.7.
- use rand07::rngs::OsRng as OsRng;
+ use rand::rngs::OsRng as OsRng;
- let Keypair { public, secret }
- = Keypair::generate(&mut OsRng);
+ let key = SigningKey::generate(&mut OsRng);
- let secret: Protected = secret.as_bytes().as_ref().into();
+ let secret: Protected = key.to_bytes().as_ref().into();
// Mark MPI as compressed point with 0x40 prefix. See
// https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07#section-13.2.
let mut compressed_public = [0u8; 1 + CURVE25519_SIZE];
compressed_public[0] = 0x40;
- compressed_public[1..].copy_from_slice(public.as_bytes());
+ compressed_public[1..].copy_from_slice(key.verifying_key().as_bytes());
(
PublicKeyAlgorithm::EdDSA,
diff --git a/openpgp/src/crypto/mem.rs b/openpgp/src/crypto/mem.rs
index dd63dfbd..f787043c 100644
--- a/openpgp/src/crypto/mem.rs
+++ b/openpgp/src/crypto/mem.rs
@@ -170,6 +170,18 @@ impl From<&[u8]> for Protected {
}
}
+impl From<[u8; 32]> for Protected {
+ fn from(v: [u8; 32]) -> Self {
+ let mut p = Protected::new(v.len());
+
+ // Very carefully copy the slice. The obvious
+ // `p.copy_from_slice(v);` indeed leaks secrets.
+ v.iter().zip(p.iter_mut()).for_each(|(f, t)| *t = *f);
+
+ p
+ }
+}
+
impl Drop for Protected {
fn d