diff --git a/Cargo.lock b/Cargo.lock index 890eb5583ac..a80bf337dbb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -861,9 +861,9 @@ dependencies = [ [[package]] name = "const-oid" -version = "0.9.1" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cec318a675afcb6a1ea1d4340e2d377e56e47c266f28043ceccbf4412ddfdd3b" +checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" [[package]] name = "core-foundation" @@ -892,9 +892,9 @@ dependencies = [ [[package]] name = "cpufeatures" -version = "0.2.5" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320" +checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" dependencies = [ "libc", ] @@ -1120,18 +1120,32 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.0.0-rc.1" +version = "4.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d4ba9852b42210c7538b75484f9daa0655e9a3ac04f693747bb0f02cf3cfe16" +checksum = "f711ade317dd348950a9910f81c5947e3d8907ebd2b83f76203ff1807e6a2bc2" dependencies = [ "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest 0.10.6", "fiat-crypto", - "packed_simd_2", "platforms", + "rustc_version", "subtle", "zeroize", ] +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fdaf97f4804dcebfa5862639bc9ce4121e82140bec2a987ac5140294865b5b" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.15", +] + [[package]] name = "darling" version = "0.10.2" @@ -1251,6 +1265,16 @@ dependencies = [ "zeroize", ] +[[package]] +name = "der" +version = "0.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" +dependencies = [ + "const-oid", + "zeroize", +] + [[package]] name = "der-parser" version = "7.0.0" @@ -1365,7 +1389,7 @@ version = "0.14.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c" dependencies = [ - "der", + "der 0.6.1", "elliptic-curve", "rfc6979", "signature 1.6.4", @@ -1377,7 +1401,7 @@ version = "0.15.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "12844141594ad74185a926d030f3b605f6a903b4e3fec351f3ea338ac5b7637e" dependencies = [ - "der", + "der 0.6.1", "elliptic-curve", "rfc6979", "signature 2.0.0", @@ -1385,24 +1409,25 @@ dependencies = [ [[package]] name = "ed25519" -version = "1.5.3" +version = "2.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91cff35c70bba8a626e3185d8cd48cc11b5437e1a5bcd15b9b5fa3c64b6dfee7" +checksum = "60f6d271ca33075c88028be6f04d502853d63a5ece419d269c15315d4fc1cf1d" dependencies = [ - "signature 1.6.4", + "pkcs8 0.10.2", + "signature 2.0.0", ] [[package]] name = "ed25519-dalek" -version = "1.0.1" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d" +checksum = "7277392b266383ef8396db7fdeb1e77b6c52fed775f5df15bb24f35b72156980" dependencies = [ - "curve25519-dalek 3.2.0", + "curve25519-dalek 4.0.0", "ed25519", - "rand 0.7.3", + "rand_core 0.6.4", "serde", - "sha2 0.9.9", + "sha2 0.10.6", "zeroize", ] @@ -1420,14 +1445,14 @@ checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" dependencies = [ "base16ct", "crypto-bigint", - "der", + "der 0.6.1", "digest 0.10.6", "ff", "generic-array", "group", "hkdf", "pem-rfc7468", - "pkcs8", + "pkcs8 0.9.0", "rand_core 0.6.4", "sec1", "subtle", @@ -1517,9 +1542,9 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.1.17" +version = "0.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a214f5bb88731d436478f3ae1f8a277b62124089ba9fb67f4f93fb100ef73c90" +checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77" [[package]] name = "file-sharing" @@ -2264,12 +2289,6 @@ version = "0.2.142" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a987beff54b60ffa6d51982e1aa1146bc42f19bd26be28b0586f252fccf5317" -[[package]] -name = "libm" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fc7aa29613bd6a620df431842069224d8bc9011086b1db4c0e0cd47fa03ec9a" - [[package]] name = "libp2p" version = "0.51.3" @@ -2548,7 +2567,7 @@ dependencies = [ [[package]] name = "libp2p-identity" -version = "0.1.2" +version = "0.1.3" dependencies = [ "asn1_der", "base64 0.21.0", @@ -3588,16 +3607,6 @@ dependencies = [ "sha2 0.10.6", ] -[[package]] -name = "packed_simd_2" -version = "0.3.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1914cd452d8fccd6f9db48147b29fd4ae05bea9dc5d9ad578509f72415de282" -dependencies = [ - "cfg-if", - "libm", -] - [[package]] name = "parity-send-wrapper" version = "0.1.0" @@ -3606,9 +3615,9 @@ checksum = "aa9777aa91b8ad9dd5aaa04a9b6bcb02c7f1deb952fca5a66034d5e63afc5c6f" [[package]] name = "parking" -version = "2.0.0" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "427c3892f9e783d91cc128285287e70a59e206ca452770ece88a76f7a3eddd72" +checksum = "14f2252c834a40ed9bb5422029649578e63aa341ac401f74e719dd1afda8394e" [[package]] name = "parking_lot" @@ -3743,8 +3752,18 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba" dependencies = [ - "der", - "spki", + "der 0.6.1", + "spki 0.6.0", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der 0.7.8", + "spki 0.7.2", ] [[package]] @@ -4465,9 +4484,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" dependencies = [ "base16ct", - "der", + "der 0.6.1", "generic-array", - "pkcs8", + "pkcs8 0.9.0", "subtle", "zeroize", ] @@ -4644,14 +4663,14 @@ dependencies = [ [[package]] name = "snow" -version = "0.9.2" +version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ccba027ba85743e09d15c03296797cad56395089b832b48b5a5217880f57733" +checksum = "0c9d1425eb528a21de2755c75af4c9b5d57f50a0d4c3b7f1828a4cd03f8ba155" dependencies = [ "aes-gcm 0.9.4", "blake2", "chacha20poly1305", - "curve25519-dalek 4.0.0-rc.1", + "curve25519-dalek 4.0.0", "rand_core 0.6.4", "ring", "rustc_version", @@ -4698,7 +4717,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b" dependencies = [ "base64ct", - "der", + "der 0.6.1", +] + +[[package]] +name = "spki" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a" +dependencies = [ + "base64ct", + "der 0.7.8", ] [[package]] diff --git a/identity/CHANGELOG.md b/identity/CHANGELOG.md index 0d2851ac6e2..d7881dca203 100644 --- a/identity/CHANGELOG.md +++ b/identity/CHANGELOG.md @@ -1,3 +1,8 @@ +## 0.1.3 + +- Fix [RUSTSEC-2022-0093] by updating `ed25519-dalek` to `2.0`. + See [PR 4337] + ## 0.1.2 - Add `impl From for PublicKey` so that `PublicKey::from(ed25519::PublicKey)` works. diff --git a/identity/Cargo.toml b/identity/Cargo.toml index 99012eeab6f..a85a02eb21b 100644 --- a/identity/Cargo.toml +++ b/identity/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libp2p-identity" -version = "0.1.2" +version = "0.1.3" edition = "2021" description = "Data structures and algorithms for identifying peers in libp2p." rust-version = "1.60.0" @@ -14,7 +14,7 @@ categories = ["cryptography"] [dependencies] asn1_der = { version = "0.7.6", optional = true } bs58 = { version = "0.4.0", optional = true } -ed25519-dalek = { version = "1.0.1", optional = true } +ed25519-dalek = { version = "2.0", optional = true, features = ["rand_core"] } libsecp256k1 = { version = "0.7.0", optional = true } log = "0.4" multiaddr = { version = "0.17.1", optional = true } diff --git a/identity/src/ed25519.rs b/identity/src/ed25519.rs index 90782de378a..2210eacb798 100644 --- a/identity/src/ed25519.rs +++ b/identity/src/ed25519.rs @@ -25,12 +25,12 @@ use core::cmp; use core::fmt; use core::hash; use ed25519_dalek::{self as ed25519, Signer as _, Verifier as _}; -use rand::RngCore; use std::convert::TryFrom; use zeroize::Zeroize; /// An Ed25519 keypair. -pub struct Keypair(ed25519::Keypair); +#[derive(Clone)] +pub struct Keypair(ed25519::SigningKey); impl Keypair { /// Generate a new random Ed25519 keypair. @@ -50,7 +50,7 @@ impl Keypair { /// of the secret scalar and the compressed public point, /// an informal standard for encoding Ed25519 keypairs. pub fn to_bytes(&self) -> [u8; 64] { - self.0.to_bytes() + self.0.to_keypair_bytes() } /// Decode a keypair from the [binary format](https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.5) @@ -70,7 +70,10 @@ impl Keypair { /// /// Note that this binary format is the same as `ed25519_dalek`'s and `ed25519_zebra`'s. pub fn try_from_bytes(kp: &mut [u8]) -> Result { - ed25519::Keypair::from_bytes(kp) + let bytes = <[u8; 64]>::try_from(&*kp) + .map_err(|e| DecodingError::failed_to_parse("Ed25519 keypair", e))?; + + ed25519::SigningKey::from_keypair_bytes(&bytes) .map(|k| { kp.zeroize(); Keypair(k) @@ -85,60 +88,41 @@ impl Keypair { /// Get the public key of this keypair. pub fn public(&self) -> PublicKey { - PublicKey(self.0.public) + PublicKey(self.0.verifying_key()) } /// Get the secret key of this keypair. pub fn secret(&self) -> SecretKey { - SecretKey::try_from_bytes(&mut self.0.secret.to_bytes()) - .expect("ed25519::SecretKey::from_bytes(to_bytes(k)) != k") + SecretKey(self.0.to_bytes()) } } impl fmt::Debug for Keypair { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("Keypair") - .field("public", &self.0.public) + .field("public", &self.0.verifying_key()) .finish() } } -impl Clone for Keypair { - fn clone(&self) -> Keypair { - let mut sk_bytes = self.0.secret.to_bytes(); - let secret = SecretKey::try_from_bytes(&mut sk_bytes) - .expect("ed25519::SecretKey::from_bytes(to_bytes(k)) != k") - .0; - - Keypair(ed25519::Keypair { - secret, - public: self.0.public, - }) - } -} - /// Demote an Ed25519 keypair to a secret key. impl From for SecretKey { fn from(kp: Keypair) -> SecretKey { - SecretKey(kp.0.secret) + SecretKey(kp.0.to_bytes()) } } /// Promote an Ed25519 secret key into a keypair. impl From for Keypair { fn from(sk: SecretKey) -> Keypair { - let secret: ed25519::ExpandedSecretKey = (&sk.0).into(); - let public = ed25519::PublicKey::from(&secret); - Keypair(ed25519::Keypair { - secret: sk.0, - public, - }) + let signing = ed25519::SigningKey::from_bytes(&sk.0); + Keypair(signing) } } /// An Ed25519 public key. #[derive(Eq, Clone)] -pub struct PublicKey(ed25519::PublicKey); +pub struct PublicKey(ed25519::VerifyingKey); impl fmt::Debug for PublicKey { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { @@ -209,27 +193,22 @@ impl PublicKey { /// Try to parse a public key from a byte array containing the actual key as produced by `to_bytes`. pub fn try_from_bytes(k: &[u8]) -> Result { - ed25519::PublicKey::from_bytes(k) + let k = <[u8; 32]>::try_from(k) + .map_err(|e| DecodingError::failed_to_parse("Ed25519 public key", e))?; + ed25519::VerifyingKey::from_bytes(&k) .map_err(|e| DecodingError::failed_to_parse("Ed25519 public key", e)) .map(PublicKey) } } /// An Ed25519 secret key. +#[derive(Clone)] pub struct SecretKey(ed25519::SecretKey); /// View the bytes of the secret key. impl AsRef<[u8]> for SecretKey { fn as_ref(&self) -> &[u8] { - self.0.as_bytes() - } -} - -impl Clone for SecretKey { - fn clone(&self) -> SecretKey { - let mut sk_bytes = self.0.to_bytes(); - Self::try_from_bytes(&mut sk_bytes) - .expect("ed25519::SecretKey::from_bytes(to_bytes(k)) != k") + &self.0[..] } } @@ -242,13 +221,8 @@ impl fmt::Debug for SecretKey { impl SecretKey { /// Generate a new Ed25519 secret key. pub fn generate() -> SecretKey { - let mut bytes = [0u8; 32]; - rand::thread_rng().fill_bytes(&mut bytes); - SecretKey( - ed25519::SecretKey::from_bytes(&bytes).expect( - "this returns `Err` only if the length is wrong; the length is correct; qed", - ), - ) + let signing = ed25519::SigningKey::generate(&mut rand::rngs::OsRng); + SecretKey(signing.to_bytes()) } /// Create an Ed25519 secret key from a byte slice, zeroing the input on success. @@ -269,7 +243,7 @@ impl SecretKey { /// returned. pub fn try_from_bytes(mut sk_bytes: impl AsMut<[u8]>) -> Result { let sk_bytes = sk_bytes.as_mut(); - let secret = ed25519::SecretKey::from_bytes(&*sk_bytes) + let secret = <[u8; 32]>::try_from(&*sk_bytes) .map_err(|e| DecodingError::failed_to_parse("Ed25519 secret key", e))?; sk_bytes.zeroize(); Ok(SecretKey(secret)) @@ -282,7 +256,7 @@ mod tests { use quickcheck::*; fn eq_keypairs(kp1: &Keypair, kp2: &Keypair) -> bool { - kp1.public() == kp2.public() && kp1.0.secret.as_bytes() == kp2.0.secret.as_bytes() + kp1.public() == kp2.public() && kp1.0.to_bytes() == kp2.0.to_bytes() } #[test] @@ -300,7 +274,7 @@ mod tests { fn ed25519_keypair_from_secret() { fn prop() -> bool { let kp1 = Keypair::generate(); - let mut sk = kp1.0.secret.to_bytes(); + let mut sk = kp1.0.to_bytes(); let kp2 = Keypair::from(SecretKey::try_from_bytes(&mut sk).unwrap()); eq_keypairs(&kp1, &kp2) && sk == [0u8; 32] }