From 91bda43cc807917a585d7cf33e708e37a726433c Mon Sep 17 00:00:00 2001 From: Kai Michaelis Date: Wed, 13 Feb 2019 14:26:12 +0100 Subject: openpgp: use nettle 4.0 --- ffi-macros/Cargo.toml | 2 +- ffi/Cargo.toml | 2 +- openpgp-ffi/Cargo.toml | 2 +- openpgp/Cargo.toml | 2 +- openpgp/src/autocrypt.rs | 2 +- openpgp/src/crypto/aead.rs | 2 +- openpgp/src/crypto/asymmetric.rs | 8 ++++---- openpgp/src/crypto/ecdh.rs | 6 ++++-- openpgp/src/crypto/mod.rs | 3 +-- openpgp/src/crypto/s2k.rs | 2 +- openpgp/src/crypto/symmetric.rs | 2 +- openpgp/src/packet/key.rs | 25 +++++++++++++------------ openpgp/src/packet/signature/mod.rs | 10 +++++----- openpgp/src/packet/skesk.rs | 2 +- openpgp/src/serialize/stream.rs | 2 +- 15 files changed, 37 insertions(+), 35 deletions(-) diff --git a/ffi-macros/Cargo.toml b/ffi-macros/Cargo.toml index e37cab34..7a1aad74 100644 --- a/ffi-macros/Cargo.toml +++ b/ffi-macros/Cargo.toml @@ -19,7 +19,7 @@ maintenance = { status = "actively-developed" } [dependencies] lazy_static = "1.0.0" -nettle = "2.0" +nettle = "4.0" proc-macro2 = "0.4" quote = "0.6" diff --git a/ffi/Cargo.toml b/ffi/Cargo.toml index 2f62738d..4b6e6891 100644 --- a/ffi/Cargo.toml +++ b/ffi/Cargo.toml @@ -34,7 +34,7 @@ native-tls = "0.2.0" time = "0.1.40" [dev-dependencies] -nettle = "2.0" +nettle = "4.0" [lib] crate-type = ["cdylib", "staticlib"] diff --git a/openpgp-ffi/Cargo.toml b/openpgp-ffi/Cargo.toml index a719871b..beb78c22 100644 --- a/openpgp-ffi/Cargo.toml +++ b/openpgp-ffi/Cargo.toml @@ -30,7 +30,7 @@ memsec = "0.5.4" time = "0.1.40" [dev-dependencies] -nettle = "2.0" +nettle = "4.0" [lib] crate-type = ["lib", "cdylib", "staticlib"] diff --git a/openpgp/Cargo.toml b/openpgp/Cargo.toml index 65638202..db403b94 100644 --- a/openpgp/Cargo.toml +++ b/openpgp/Cargo.toml @@ -28,7 +28,7 @@ failure = "0.1.2" flate2 = { version = "1.0.1", optional = true } lalrpop-util = "0.16" memsec = "0.5.4" -nettle = "2.2" +nettle = "4.0" quickcheck = "0.8" rand = "0.6" time = "0.1.40" diff --git a/openpgp/src/autocrypt.rs b/openpgp/src/autocrypt.rs index e648d33c..07cac5b9 100644 --- a/openpgp/src/autocrypt.rs +++ b/openpgp/src/autocrypt.rs @@ -331,7 +331,7 @@ impl AutocryptSetupMessage { // Generates a new passcode in "numeric9x4" format. fn passcode_gen() -> Password { - use nettle::Yarrow; + use nettle::{Random, Yarrow}; // Generate a random passcode. diff --git a/openpgp/src/crypto/aead.rs b/openpgp/src/crypto/aead.rs index 33227997..b791e2b4 100644 --- a/openpgp/src/crypto/aead.rs +++ b/openpgp/src/crypto/aead.rs @@ -758,7 +758,7 @@ mod tests { #[test] fn roundtrip() { use std::io::Cursor; - use nettle::Yarrow; + use nettle::{Random, Yarrow}; let mut rng = Yarrow::default(); for cipher in [SymmetricAlgorithm::AES128, diff --git a/openpgp/src/crypto/asymmetric.rs b/openpgp/src/crypto/asymmetric.rs index b779176a..06eaf0ba 100644 --- a/openpgp/src/crypto/asymmetric.rs +++ b/openpgp/src/crypto/asymmetric.rs @@ -1,6 +1,6 @@ //! Asymmetric crypt operations. -use nettle::{dsa, ecdsa, ed25519, rsa, Yarrow}; +use nettle::{dsa, ecc, ecdsa, ed25519, rsa, Yarrow}; use packet::Key; use crypto::mpis::{self, MPI}; @@ -144,13 +144,13 @@ impl Signer for KeyPair { &mpis::SecretKey::ECDSA { ref scalar }) => { let secret = match curve { Curve::NistP256 => - ecdsa::PrivateKey::new::( + ecc::Scalar::new::( &scalar.value)?, Curve::NistP384 => - ecdsa::PrivateKey::new::( + ecc::Scalar::new::( &scalar.value)?, Curve::NistP521 => - ecdsa::PrivateKey::new::( + ecc::Scalar::new::( &scalar.value)?, _ => return Err( diff --git a/openpgp/src/crypto/ecdh.rs b/openpgp/src/crypto/ecdh.rs index 3329bbb4..b3116485 100644 --- a/openpgp/src/crypto/ecdh.rs +++ b/openpgp/src/crypto/ecdh.rs @@ -14,12 +14,14 @@ use conversions::{ read_be_u64, }; use crypto::mpis::{MPI, PublicKey, SecretKey, Ciphertext}; -use nettle::{cipher, curve25519, mode, Mode}; +use nettle::{cipher, curve25519, mode, Mode, ecc, ecdh, Yarrow}; /// Wraps a session key using Elliptic Curve Diffie-Hellman. pub fn wrap_session_key(recipient: &Key, session_key: &[u8]) -> Result { + let mut rng = Yarrow::default(); + if let &PublicKey::ECDH { ref curve, ref q,.. } = recipient.mpis() { @@ -31,7 +33,7 @@ pub fn wrap_session_key(recipient: &Key, session_key: &[u8]) // Generate an ephemeral key pair {v, V=vG} let mut v = - ::crypto::SessionKey::from(curve25519::secret_key()); + ::crypto::SessionKey::from(curve25519::private_key(&mut rng)); // Compute the public key. We need to add an encoding // octet in front of the key. diff --git a/openpgp/src/crypto/mod.rs b/openpgp/src/crypto/mod.rs index 052be2d4..c0f514dd 100644 --- a/openpgp/src/crypto/mod.rs +++ b/openpgp/src/crypto/mod.rs @@ -6,8 +6,7 @@ use std::fmt; use std::cmp::Ordering; use memsec; -use nettle; -use nettle::random::Yarrow; +use nettle::{self, Random, Yarrow}; use constants::HashAlgorithm; use Result; diff --git a/openpgp/src/crypto/s2k.rs b/openpgp/src/crypto/s2k.rs index 98aacf69..193eafcb 100644 --- a/openpgp/src/crypto/s2k.rs +++ b/openpgp/src/crypto/s2k.rs @@ -14,7 +14,7 @@ use crypto::SessionKey; use std::fmt; -use nettle::{Hash, Yarrow}; +use nettle::{Hash, Yarrow, Random}; use quickcheck::{Arbitrary, Gen}; use rand::Rng; diff --git a/openpgp/src/crypto/symmetric.rs b/openpgp/src/crypto/symmetric.rs index 2caaa5a7..0d24b0c3 100644 --- a/openpgp/src/crypto/symmetric.rs +++ b/openpgp/src/crypto/symmetric.rs @@ -588,7 +588,7 @@ mod tests { #[test] fn roundtrip() { use std::io::Cursor; - use nettle::Yarrow; + use nettle::{Random, Yarrow}; let mut rng = Yarrow::default(); for algo in [SymmetricAlgorithm::TripleDES, diff --git a/openpgp/src/packet/key.rs b/openpgp/src/packet/key.rs index 79f10d66..2c805af6 100644 --- a/openpgp/src/packet/key.rs +++ b/openpgp/src/packet/key.rs @@ -136,7 +136,7 @@ impl Key { /// The ECDH key will use hash algorithm `hash` and symmetric algorithm `sym`. If one or both /// are `None` secure defaults will be used. The key will have it's creation date set to /// `ctime` or the current time if `None` is given. - pub fn import_secret_cv25519(secret_key: &[u8], hash: H, sym: S, ctime: T) + pub fn import_secret_cv25519(private_key: &[u8], hash: H, sym: S, ctime: T) -> Result where H: Into>, S: Into>, T: Into> @@ -144,10 +144,10 @@ impl Key { use nettle::curve25519::{self, CURVE25519_SIZE}; let mut public_key = [0x40u8; CURVE25519_SIZE + 1]; - curve25519::mul_g(&mut public_key[1..], secret_key).unwrap(); + curve25519::mul_g(&mut public_key[1..], private_key).unwrap(); - let mut secret_key = Vec::from(secret_key); - secret_key.reverse(); + let mut private_key = Vec::from(private_key); + private_key.reverse(); Ok(Key{ common: Default::default(), @@ -162,7 +162,7 @@ impl Key { }, secret: Some(SecretKey::Unencrypted{ mpis: mpis::SecretKey::ECDH{ - scalar: mpis::MPI::new(&secret_key) + scalar: mpis::MPI::new(&private_key) } }), }) @@ -197,13 +197,13 @@ impl Key { /// The ECDH key will use hash algorithm `hash` and symmetric algorithm `sym`. If one or both /// are `None` secure defaults will be used. The key will have it's creation date set to /// `ctime` or the current time if `None` is given. - pub fn import_secret_ed25519(secret_key: &[u8], ctime: T) + pub fn import_secret_ed25519(private_key: &[u8], ctime: T) -> Result where T: Into> { use nettle::ed25519::{self, ED25519_KEY_SIZE}; let mut public_key = [0x40u8; ED25519_KEY_SIZE + 1]; - ed25519::public_key(&mut public_key[1..], secret_key).unwrap(); + ed25519::public_key(&mut public_key[1..], private_key).unwrap(); Ok(Key{ common: Default::default(), @@ -216,7 +216,7 @@ impl Key { }, secret: Some(SecretKey::Unencrypted{ mpis: mpis::SecretKey::EdDSA{ - scalar: mpis::MPI::new(&secret_key) + scalar: mpis::MPI::new(&private_key) } }), }) @@ -291,10 +291,11 @@ impl Key { use PublicKeyAlgorithm::*; use Error; + let mut rng = Yarrow::default(); + #[allow(deprecated)] let (mpis, secret) = match pk_algo { RSASign | RSAEncrypt | RSAEncryptSign => { - let mut rng = Yarrow::default(); let (public,private) = rsa::generate_keypair(&mut rng, 3072)?; let (p,q,u) = private.as_rfc4880(); let public_mpis = PublicKey::RSA { @@ -316,7 +317,7 @@ impl Key { EdDSA => { let mut public = [0u8; ED25519_KEY_SIZE + 1]; - let mut private: SessionKey = ed25519::private_key().into(); + let mut private: SessionKey = ed25519::private_key(&mut rng).into(); public[0] = 0x40; ed25519::public_key(&mut public[1..], &private)?; @@ -337,7 +338,7 @@ impl Key { ECDH => { let mut public = [0u8; CURVE25519_SIZE + 1]; - let mut private: SessionKey = curve25519::secret_key().into(); + let mut private: SessionKey = curve25519::private_key(&mut rng).into(); public[0] = 0x40; @@ -542,7 +543,7 @@ impl SecretKey { -> Result<(S2K, SymmetricAlgorithm, Box<[u8]>)> { use std::io::Write; use crypto::symmetric::Encryptor; - use nettle::Yarrow; + use nettle::{Random, Yarrow}; match self { &SecretKey::Encrypted { .. } => diff --git a/openpgp/src/packet/signature/mod.rs b/openpgp/src/packet/signature/mod.rs index 6c216c92..92d7794e 100644 --- a/openpgp/src/packet/signature/mod.rs +++ b/openpgp/src/packet/signature/mod.rs @@ -23,7 +23,7 @@ use packet; use packet::signature::subpacket::SubpacketArea; use serialize::Serialize; -use nettle::{self, dsa, ecdsa, ed25519, rsa}; +use nettle::{self, dsa, ecc, ecdsa, ed25519, Hash, rsa}; use nettle::rsa::verify_digest_pkcs1; #[cfg(test)] @@ -531,11 +531,11 @@ impl Signature { let (x, y) = q.decode_point(curve)?; let key = match curve { Curve::NistP256 => - ecdsa::PublicKey::new::(x, y)?, + ecc::Point::new::(x, y)?, Curve::NistP384 => - ecdsa::PublicKey::new::(x, y)?, + ecc::Point::new::(x, y)?, Curve::NistP521 => - ecdsa::PublicKey::new::(x, y)?, + ecc::Point::new::(x, y)?, _ => return Err( Error::UnsupportedEllipticCurve(curve.clone()) @@ -813,7 +813,7 @@ impl From for Packet { #[cfg(test)] mod test { - use nettle::Yarrow; + use nettle::{Random, Yarrow}; use super::*; use crypto::KeyPair; use crypto::mpis::MPI; diff --git a/openpgp/src/packet/skesk.rs b/openpgp/src/packet/skesk.rs index b5d9eba0..caf40178 100644 --- a/openpgp/src/packet/skesk.rs +++ b/openpgp/src/packet/skesk.rs @@ -1,7 +1,7 @@ use std::ops::{Deref, DerefMut}; use quickcheck::{Arbitrary, Gen}; -use nettle::Yarrow; +use nettle::{Random, Yarrow}; use Result; use crypto::s2k::S2K; diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index d18f9a5d..4e771573 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -13,7 +13,7 @@ use std::fmt; use std::io::{self, Write}; use std::iter; use time; -use nettle::{Hash, Yarrow}; +use nettle::{Hash, Yarrow, Random}; use { crypto, -- cgit v1.2.3