Bump to 4.0.0; update curve25519-dalek (#82)

* upgrade curve25519-dalek to 4.0.0-rc.2

* clippy fixes

* activate ed25519/pem only when needed

* bump to 4.0.0; bump MSRV to 1.65; fix no_std support; test MSRV and no_std in CI

* use rust-toolchain instead of TOML to work with (unmaitained) actions-rs/toolchain

.github/workflows/main.yml

@@ -8,6 +8,20 @@ on:
       - main
 
 jobs:
+  test_msrv:
+    name: test on MSRV
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3.5.2
+    - uses: actions-rs/toolchain@v1.0.7
+      with:
+        # When toolchain is not specified, it uses rust-toolchain, which is the MSRV
+        override: true
+    - uses: actions-rs/cargo@v1.0.3
+      with:
+        command: test
+        args: --all-features
+
   test_nightly:
     name: test on nightly
     runs-on: ubuntu-latest
@@ -23,3 +37,20 @@ jobs:
       with:
         command: test
         args: --all-features
+
+  build_no_std:
+    name: build with no_std
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3.5.2
+    - uses: actions-rs/toolchain@v1.0.7
+      with:
+        toolchain: stable
+        override: true
+        # This does not support std, so we use to test if no_std works
+        target: thumbv6m-none-eabi
+    - uses: actions-rs/cargo@v1.0.3
+      with:
+        command: build
+        # Disables std feature
+        args: --no-default-features --target thumbv6m-none-eabi

CHANGELOG.md

@@ -2,11 +2,16 @@
 
 Entries are listed in reverse chronological order.
 
-# 3.2.0
+# 4.0.0
 
-* Updates `sha2` version to `0.10` and `curve25519-dalek` version to `4.0.0-pre.5`.
+* `Signature` is now an alias for `ed25519::Signature`
+  * `impl From<Signature> for [u8; 64]` no longer exists; use `to_bytes()` instead.
+* `signature::{Signer, Verifier} is now implemented for  `SigningKey` and `VerificationKey`.
+* Updates `sha2` version to `0.10` and `curve25519-dalek` version to `4.0.0-rc.2`.
+* Add DER & PEM support for SigningKeySeed and VerificationKeyBytes (RFC 8410) #46 https://github.com/ZcashFoundation/ed25519-zebra/pull/46
+  * This is under the non-default `pem` and `pkcs8` features
 
-MSRV increased to `1.60.0`.
+MSRV increased to `1.65.0`.
 
 # 3.1.0
 

Cargo.toml

@@ -2,7 +2,8 @@
 name = "ed25519-zebra"
 # Before publishing:
 # - update CHANGELOG.md
-version = "3.1.0"
+version = "4.0.0"
+rust-version = "1.65.0"
 authors = ["Henry de Valence <hdevalence@hdevalence.ca>"]
 license = "MIT OR Apache-2.0"
 edition = "2018"
@@ -15,9 +16,9 @@ features = ["nightly"]
 
 [dependencies]
 # "digest" is exempt from SemVer, so we should always use a specific version
-curve25519-dalek = { version = "=4.0.0-pre.5", default-features = false, features = ["alloc", "digest"] }
+curve25519-dalek = { version = "=4.0.0-rc.2", default-features = false, features = ["alloc", "digest", "zeroize", "precomputed-tables"] }
 der = { version = "0.7.1", optional = true }
-ed25519 = { version = "2.2.0", features = ["alloc", "pem"] }
+ed25519 = { version = "2.2.0", default-features = false }
 hashbrown = "0.14.0"
 hex = { version = "0.4.3", default-features = false, features = ["alloc"] }
 pkcs8 = { version = "0.10.1", optional = true, features = ["alloc", "pem"] }
@@ -37,9 +38,10 @@ once_cell = "1.4"
 [features]
 nightly = []
 default = ["serde", "std"]
-pem = ["der"]
+pem = ["der", "ed25519/pem"]
 pkcs8 = ["dep:pkcs8"]
-std = []
+serde = ["dep:serde", "ed25519/serde"]
+std = ["ed25519/std"]
 
 [[test]]
 name = "rfc8032"

rust-toolchain

@@ -0,0 +1 @@
+1.65.0

src/lib.rs

@@ -13,7 +13,9 @@ mod error;
 mod signing_key;
 mod verification_key;
 
+// Allows importing traits used by `Signature`.
+pub use ed25519;
+pub use ed25519::Signature;
 pub use error::Error;
 pub use signing_key::SigningKey;
 pub use verification_key::{VerificationKey, VerificationKeyBytes};
-pub use ed25519::Signature;

src/signing_key.rs

@@ -7,17 +7,22 @@ const ALGORITHM_ID: AlgorithmIdentifierRef = AlgorithmIdentifierRef {
 };
 
 use crate::Error;
-use core::convert::{TryFrom, TryInto};
+use core::convert::TryFrom;
+#[cfg(feature = "pem")]
+use core::convert::TryInto;
 use curve25519_dalek::{constants, digest::Update, scalar::Scalar};
 use rand_core::{CryptoRng, RngCore};
 use sha2::{Digest, Sha512};
 use zeroize::Zeroize;
 
 pub use ed25519::{
     signature::{Signer, Verifier},
-    ComponentBytes, Error as Ed25519Error, KeypairBytes, PublicKeyBytes, Signature,
+    ComponentBytes, Error as Ed25519Error, Signature,
 };
 
+#[cfg(feature = "pem")]
+pub use ed25519::{KeypairBytes, PublicKeyBytes};
+
 #[cfg(all(feature = "pem", feature = "pkcs8"))]
 use der::pem::LineEnding;
 #[cfg(feature = "pkcs8")]
@@ -118,7 +123,7 @@ impl From<[u8; 32]> for SigningKey {
         };
 
         // Compute the public key as A = [s]B.
-        let A = &s * &constants::ED25519_BASEPOINT_TABLE;
+        let A = &s * constants::ED25519_BASEPOINT_TABLE;
 
         SigningKey {
             seed,
@@ -194,12 +199,14 @@ impl TryFrom<&KeypairBytes> for SigningKey {
     }
 }
 
+#[cfg(feature = "pem")]
 impl From<SigningKey> for KeypairBytes {
     fn from(signing_key: SigningKey) -> KeypairBytes {
         KeypairBytes::from(&signing_key)
     }
 }
 
+#[cfg(feature = "pem")]
 impl From<&SigningKey> for KeypairBytes {
     fn from(signing_key: &SigningKey) -> KeypairBytes {
         KeypairBytes {
@@ -278,7 +285,7 @@ impl SigningKey {
     pub fn sign(&self, msg: &[u8]) -> Signature {
         let r = Scalar::from_hash(Sha512::default().chain(&self.prefix[..]).chain(msg));
 
-        let R_bytes = (&r * &constants::ED25519_BASEPOINT_TABLE)
+        let R_bytes = (&r * constants::ED25519_BASEPOINT_TABLE)
             .compress()
             .to_bytes();
 

tests/rfc8032.rs

@@ -4,10 +4,8 @@
 //! so these are basic sanity checks, rather than the more detailed test vectors
 //! in consensus.rs.
 
-use bincode;
 use ed25519::Signature;
 use ed25519_zebra::*;
-use hex;
 
 fn rfc8032_test_case(sk_bytes: Vec<u8>, pk_bytes: Vec<u8>, sig_bytes: Vec<u8>, msg: Vec<u8>) {
     let sk: SigningKey = bincode::deserialize(&sk_bytes).expect("sk should deserialize");

tests/small_order.rs

@@ -56,15 +56,10 @@ pub static SMALL_ORDER_SIGS: Lazy<Vec<TestCase>> = Lazy::new(|| {
             );
             let check = R + k * A;
             let non_canonical_R = R.compress().as_bytes() != R_bytes;
-            let valid_legacy = if vk_bytes == [0; 32]
+            let valid_legacy = !(vk_bytes == [0; 32]
                 || util::EXCLUDED_POINT_ENCODINGS.contains(R.compress().as_bytes())
                 || !check.is_identity()
-                || non_canonical_R
-            {
-                false
-            } else {
-                true
-            };
+                || non_canonical_R);
 
             tests.push(TestCase {
                 vk_bytes,

tests/util/mod.rs

@@ -181,12 +181,10 @@ pub fn order(point: EdwardsPoint) -> &'static str {
         } else {
             "8"
         }
+    } else if point.is_torsion_free() {
+        "p"
     } else {
-        if point.is_torsion_free() {
-            "p"
-        } else {
-            "8p"
-        }
+        "8p"
     }
 }