paritytech · ordian · May 11, 2019 · May 9, 2019 · May 10, 2019 · May 10, 2019
diff --git a/parity-crypto/Cargo.toml b/parity-crypto/Cargo.toml
@@ -23,7 +23,6 @@ hmac = "0.7"
 aes = "0.3.2"
 aes-ctr = "0.3.0"
 block-modes = "0.3.3"
-ring = "0.14.6"
 pbkdf2 = "0.3.0"
 constant_time_eq = "0.1.3"
 

diff --git a/parity-crypto/src/aes_gcm.rs b/parity-crypto/src/aes_gcm.rs
diff --git a/parity-crypto/src/error.rs b/parity-crypto/src/error.rs
@@ -14,7 +14,6 @@
 // You should have received a copy of the GNU General Public License
 // along with Parity.  If not, see <http://www.gnu.org/licenses/>.
 
-use ring;
 use rscrypt;
 use block_modes;
 use aes_ctr;
@@ -90,23 +89,6 @@ quick_error! {
 			display("Error with RustCrypto key length : {}", e)
 			from()
 		}
-		Ring(e: ring::error::Unspecified) {
-			display("symmetric crypto error")
-			cause(e)
-			from()
-		}
-	}
-}
-
-impl SymmError {
-	pub(crate) fn offset_error(x: usize) -> SymmError {
-		SymmError(PrivSymmErr::Offset(x))
-	}
-}
-
-impl From<ring::error::Unspecified> for SymmError {
-	fn from(e: ring::error::Unspecified) -> SymmError {
-		SymmError(PrivSymmErr::Ring(e))
 	}
 }
 

diff --git a/parity-crypto/src/hmac/mod.rs b/parity-crypto/src/hmac/mod.rs
@@ -14,77 +14,119 @@
 // You should have received a copy of the GNU General Public License
 // along with Parity.  If not, see <http://www.gnu.org/licenses/>.
 
-use digest;
-use ring::digest::{SHA256, SHA512};
-use ring::hmac::{self, SigningContext};
+use digest::{Sha256, Sha512};
+use rdigest::generic_array::{GenericArray, typenum::U32, typenum::U64, typenum::U128};
+use rhmac::{Hmac, Mac as _};
+use rsha2;
 use std::marker::PhantomData;
 use std::ops::Deref;
 
 /// HMAC signature.
-pub struct Signature<T>(hmac::Signature, PhantomData<T>);
+pub struct Signature<T>(HashInner, PhantomData<T>);
+
+enum HashInner {
+	Sha256(GenericArray<u8, U32>),
+	Sha512(GenericArray<u8, U64>),
+}
 
 impl<T> Deref for Signature<T> {
 	type Target = [u8];
+
 	fn deref(&self) -> &Self::Target {
-		self.0.as_ref()
+		match &self.0 {
+			HashInner::Sha256(a) => a.as_slice(),
+			HashInner::Sha512(a) => a.as_slice(),
+		}
 	}
 }
 
 /// HMAC signing key.
-pub struct SigKey<T>(hmac::SigningKey, PhantomData<T>);
+pub struct SigKey<T>(KeyInner, PhantomData<T>);
+
+enum KeyInner {
+	Sha256(GenericArray<u8, U64>),
+	Sha512(GenericArray<u8, U128>),
+}
 
-impl SigKey<digest::Sha256> {
-	pub fn sha256(key: &[u8]) -> SigKey<digest::Sha256> {
-		SigKey(hmac::SigningKey::new(&SHA256, key), PhantomData)
+impl SigKey<Sha256> {
+	pub fn sha256(key: &[u8]) -> SigKey<Sha256> {
+		SigKey(KeyInner::Sha256(*GenericArray::from_slice(key)), PhantomData)
 	}
 }
 
-impl SigKey<digest::Sha512> {
-	pub fn sha512(key: &[u8]) -> SigKey<digest::Sha512> {
-		SigKey(hmac::SigningKey::new(&SHA512, key), PhantomData)
+impl SigKey<Sha512> {
+	pub fn sha512(key: &[u8]) -> SigKey<Sha512> {
+		SigKey(KeyInner::Sha512(*GenericArray::from_slice(key)), PhantomData)
 	}
 }
 
 /// Compute HMAC signature of `data`.
 pub fn sign<T>(k: &SigKey<T>, data: &[u8]) -> Signature<T> {
-	Signature(hmac::sign(&k.0, data), PhantomData)
+	let mut signer = Signer::with(k);
+	signer.update(data);
+	signer.sign()
 }
 
 /// Stateful HMAC computation.
-pub struct Signer<T>(SigningContext, PhantomData<T>);
+pub struct Signer<T>(SignerInner, PhantomData<T>);
+
+enum SignerInner {
+	Sha256(Hmac<rsha2::Sha256>),
+	Sha512(Hmac<rsha2::Sha512>),
+}
 
 impl<T> Signer<T> {
 	pub fn with(key: &SigKey<T>) -> Signer<T> {
-		Signer(hmac::SigningContext::with_key(&key.0), PhantomData)
+		match &key.0 {
+			KeyInner::Sha256(k) => Signer(SignerInner::Sha256(Hmac::new(k)), PhantomData),
+			KeyInner::Sha512(k) => Signer(SignerInner::Sha512(Hmac::new(k)), PhantomData),
+		}
 	}
 
 	pub fn update(&mut self, data: &[u8]) {
-		self.0.update(data)
+		match &mut self.0 {
+			SignerInner::Sha256(hmac) => hmac.input(data),
+			SignerInner::Sha512(hmac) => hmac.input(data),
+		}
 	}
 
 	pub fn sign(self) -> Signature<T> {
-		Signature(self.0.sign(), PhantomData)
+		match self.0 {
+			SignerInner::Sha256(hmac) => Signature(HashInner::Sha256(hmac.result().code()), PhantomData),
+			SignerInner::Sha512(hmac) => Signature(HashInner::Sha512(hmac.result().code()), PhantomData),
+		}
 	}
 }
 
 /// HMAC signature verification key.
-pub struct VerifyKey<T>(hmac::VerificationKey, PhantomData<T>);
+pub struct VerifyKey<T>(KeyInner, PhantomData<T>);
 
-impl VerifyKey<digest::Sha256> {
-	pub fn sha256(key: &[u8]) -> VerifyKey<digest::Sha256> {
-		VerifyKey(hmac::VerificationKey::new(&SHA256, key), PhantomData)
+impl VerifyKey<Sha256> {
+	pub fn sha256(key: &[u8]) -> VerifyKey<Sha256> {
+		VerifyKey(KeyInner::Sha256(*GenericArray::from_slice(key)), PhantomData)
 	}
 }
 
-impl VerifyKey<digest::Sha512> {
-	pub fn sha512(key: &[u8]) -> VerifyKey<digest::Sha512> {
-		VerifyKey(hmac::VerificationKey::new(&SHA512, key), PhantomData)
+impl VerifyKey<Sha512> {
+	pub fn sha512(key: &[u8]) -> VerifyKey<Sha512> {
+		VerifyKey(KeyInner::Sha512(*GenericArray::from_slice(key)), PhantomData)
 	}
 }
 
 /// Verify HMAC signature of `data`.
 pub fn verify<T>(k: &VerifyKey<T>, data: &[u8], sig: &[u8]) -> bool {
-	hmac::verify(&k.0, data, sig).is_ok()
+	match &k.0 {
+		KeyInner::Sha256(k) => {
+			let mut ctxt = Hmac::<rsha2::Sha256>::new(k);
+			ctxt.input(data);
+			ctxt.verify(sig).is_ok()
+		}
+		KeyInner::Sha512(k) => {
+			let mut ctxt = Hmac::<rsha2::Sha512>::new(k);
+			ctxt.input(data);
+			ctxt.verify(sig).is_ok()
+		}
+	}
 }
 
 #[cfg(test)]