Update to mirage-crypto 1.0.0 API (#314)

Zimmi48 · web-flow · commit f4b19805abb1 · 2024-10-22T12:59:49.000+02:00
diff --git a/bot-components.opam b/bot-components.opam
@@ -15,15 +15,15 @@ depends: [
   "lwt_ssl" {>= "1.1.3"}
   "ssl" {= "0.5.9"}
   "stdio" {>= "v0.14.0"}
-  "hex" {>= "1.4.0"}
-  "mirage-crypto" {>= "0.8.7"}
+  "ohex" {>= "0.2.0"}
+  "mirage-crypto" {>= "1.0.0"}
   "eqaf" {>= "0.7"}
   "yojson" {>= "1.7.0"}
   "graphql_ppx" {>= "1.2.0"}
-  "x509" {>= "0.11.2"}
-  "cstruct" {>= "5.0.0"}
+  "x509" {>= "1.0.0"}
   "ISO8601" {>= "0.2.0"}
   "camlzip" {>= "1.08"}
+  "digestif" {>= "1.2.0"}
   "odoc" {>= "1.5.2" & with-doc}
 ]
 build: [
diff --git a/bot-components/GitHub_app.ml b/bot-components/GitHub_app.ml
@@ -10,11 +10,10 @@ let github_headers token =
   ; ("authorization", "Bearer " ^ token) ]
 
 let rs256_sign ~key ~data =
-  (* Taken from https://github.com/mmaker/ocaml-letsencrypt *)
-  let data = Cstruct.of_string data in
-  let h = Mirage_crypto.Hash.SHA256.digest data in
+  (* Taken from https://github.com/robur-coop/ocaml-letsencrypt *)
+  let h = Digestif.SHA256.(to_raw_string (digest_string data)) in
   let pkcs1_digest = X509.Certificate.encode_pkcs1_digest_info (`SHA256, h) in
-  Mirage_crypto_pk.Rsa.PKCS1.sig_encode ~key pkcs1_digest |> Cstruct.to_string
+  Mirage_crypto_pk.Rsa.PKCS1.sig_encode ~key pkcs1_digest
 
 let base64 = Base64.encode ~pad:false ~alphabet:Base64.uri_safe_alphabet
 
diff --git a/bot-components/GitHub_subscriptions.ml b/bot-components/GitHub_subscriptions.ml
@@ -240,9 +240,8 @@ let receive_github ~secret headers body =
           match Header.get headers "X-Hub-Signature" with
           | Some signature ->
               let expected =
-                Mirage_crypto.Hash.SHA1.hmac ~key:(Cstruct.of_string secret)
-                  (Cstruct.of_string body)
-                |> Hex.of_cstruct |> Hex.show |> f "sha1=%s"
+                Digestif.SHA1.(to_raw_string (hmac_string ~key:secret body))
+                |> Ohex.encode |> f "sha1=%s"
               in
               if Eqaf.equal signature expected then Ok (Some install_id)
               else Error "Webhook signed but with wrong signature."
diff --git a/bot-components/dune b/bot-components/dune
@@ -1,8 +1,8 @@
 (library
  (name Bot_components)
  (public_name bot-components)
- (libraries base camlzip cohttp-lwt-unix cstruct eqaf hex mirage-crypto stdio
-   str x509 yojson ISO8601)
+ (libraries base camlzip cohttp-lwt-unix eqaf ohex mirage-crypto stdio str
+   x509 yojson ISO8601 digestif)
  (private_modules GraphQL_query GitHub_GraphQL Utils)
  (modules_without_implementation GitHub_types GitLab_types)
  (preprocess
diff --git a/coq-bot.opam b/coq-bot.opam
@@ -15,9 +15,9 @@ depends: [
   "cohttp-lwt-unix" {>= "2.5.4"}
   "lwt_ssl" {>= "1.1.3"}
   "ssl" {>= "0.5.9"}
-  "mirage-crypto" {>= "0.11.0"}
-  "mirage-crypto-rng" {>= "0.11.0"}
-  "mirage-crypto-rng-lwt" {>= "0.11.0"}
+  "mirage-crypto" {>= "1.0.0"}
+  "mirage-crypto-rng" {>= "1.0.0"}
+  "mirage-crypto-rng-lwt" {>= "1.0.0"}
   "stdio" {>= "v0.14.0"}
   "yojson" {>= "1.7.0"}
   "bot-components" {dev}
diff --git a/default.nix b/default.nix
@@ -1,6 +1,6 @@
 { pkgs ? import (fetchTarball {
-  url = "https://github.com/NixOS/nixpkgs/archive/280db3decab4cbeb22a4599bd472229ab74d25e1.tar.gz";
-  sha256 = "sha256:17n9wji64l7d16s8r100ypwlxkmwrypll4q3wkkfjswbilxkqjr6";
+  url = "https://github.com/NixOS/nixpkgs/archive/5ea573ca476915e0ccefb99be5687e4150fa049b.tar.gz";
+  sha256 = "0hsg6xjj4iclfrvplsf0rd9xiwkaazvmlp609qiwka65v7wcjja2";
 }) { } }:
 
 pkgs.stdenv.mkDerivation rec {
@@ -22,7 +22,7 @@ pkgs.stdenv.mkDerivation rec {
     camlzip
     cohttp
     cohttp-lwt-unix
-    hex
+    ohex
     iso8601
     mirage-crypto
     mirage-crypto-rng-lwt
@@ -31,7 +31,7 @@ pkgs.stdenv.mkDerivation rec {
     toml
     eqaf
     x509
-    cstruct
+    digestif
     ppx_expect
     odoc
   ];
diff --git a/dune-project b/dune-project
@@ -20,9 +20,9 @@
   (cohttp-lwt-unix (>= 2.5.4))
   (lwt_ssl (>= 1.1.3))
   (ssl (>= 0.5.9))
-  (mirage-crypto (>= 0.11.0))
-  (mirage-crypto-rng (>= 0.11.0))
-  (mirage-crypto-rng-lwt (>= 0.11.0))
+  (mirage-crypto (>= 1.0.0))
+  (mirage-crypto-rng (>= 1.0.0))
+  (mirage-crypto-rng-lwt (>= 1.0.0))
   (stdio (>= v0.14.0))
   (yojson (>= 1.7.0))
   (bot-components :dev)
@@ -42,14 +42,14 @@
   (lwt_ssl (>= 1.1.3))
   (ssl (= 0.5.9))
   (stdio (>= v0.14.0))
-  (hex (>= 1.4.0))
-  (mirage-crypto (>= 0.8.7))
+  (ohex (>= 0.2.0))
+  (mirage-crypto (>= 1.0.0))
   (eqaf (>= 0.7))
   (yojson (>= 1.7.0))
   (graphql_ppx (>= 1.2.0))
-  (x509 (>= 0.11.2))
-  (cstruct (>= 5.0.0))
+  (x509 (>= 1.0.0))
   (ISO8601 (>= 0.2.0))
   (camlzip (>= 1.08))
+  (digestif (>= 1.2.0))
   (odoc (and (>= 1.5.2) :with-doc)))
 )
diff --git a/src/config.ml b/src/config.ml
@@ -123,10 +123,7 @@ let github_app_id toml_data =
 
 let github_private_key () =
   (*string_of_file_path "./github.private-key.pem"*)
-  match
-    Sys.getenv_exn "GITHUB_PRIVATE_KEY"
-    |> Cstruct.of_string |> X509.Private_key.decode_pem
-  with
+  match Sys.getenv_exn "GITHUB_PRIVATE_KEY" |> X509.Private_key.decode_pem with
   | Ok (`RSA priv) ->
       priv
   | Ok _ ->
