From 88f532927c75c0c904bfa18a9b03461d625699ca Mon Sep 17 00:00:00 2001 From: Benjamin Kampmann Date: Thu, 7 Feb 2019 19:08:25 +0100 Subject: [PATCH 1/4] update secio dependencies: ed25519-dalek, sha2, hmac --- misc/multiaddr/Cargo.toml | 4 ++-- protocols/secio/Cargo.toml | 10 +++++----- protocols/secio/src/codec/mod.rs | 8 ++++---- protocols/secio/src/handshake.rs | 13 ++++++++----- protocols/secio/src/lib.rs | 4 ++-- 5 files changed, 21 insertions(+), 18 deletions(-) diff --git a/misc/multiaddr/Cargo.toml b/misc/multiaddr/Cargo.toml index e262102e1a8..a0e1c123ed6 100644 --- a/misc/multiaddr/Cargo.toml +++ b/misc/multiaddr/Cargo.toml @@ -21,6 +21,6 @@ unsigned-varint = "0.2" bincode = "1" bs58 = "0.2.0" data-encoding = "2" -quickcheck = "0.7" -rand = "0.6" +quickcheck = "0.8.1" +rand = "0.6.5" serde_json = "1.0" diff --git a/protocols/secio/Cargo.toml b/protocols/secio/Cargo.toml index e64348de220..b5480ed8275 100644 --- a/protocols/secio/Cargo.toml +++ b/protocols/secio/Cargo.toml @@ -14,9 +14,9 @@ asn1_der = "0.6.1" bytes = "0.4" futures = "0.1" libp2p-core = { version = "0.3.0", path = "../../core" } -log = "0.4.1" +log = "0.4.6" protobuf = "2.3" -rand = "0.6" +rand = "0.6.5" secp256k1 = { version = "0.12", features = ["rand"], optional = true } aes-ctr = "0.3" aesni = { version = "0.6", features = ["nocheck"], optional = true } @@ -25,9 +25,9 @@ ctr = "0.3" lazy_static = "1.2.0" rw-stream-sink = { version = "0.1.0", path = "../../misc/rw-stream-sink" } tokio-io = "0.1.0" -sha2 = "0.7.1" -ed25519-dalek = "0.8.0" -hmac = "0.6.3" +sha2 = "0.8.0" +ed25519-dalek = "1.0.0-pre.1" +hmac = "0.7.0" [target.'cfg(not(any(target_os = "emscripten", target_os = "unknown")))'.dependencies] ring = { version = "0.14", features = ["use_heap"], default-features = false } diff --git a/protocols/secio/src/codec/mod.rs b/protocols/secio/src/codec/mod.rs index 66d5c73c67e..28c08045352 100644 --- a/protocols/secio/src/codec/mod.rs +++ b/protocols/secio/src/codec/mod.rs @@ -73,11 +73,11 @@ impl Hmac { match *self { Hmac::Sha256(ref mut hmac) => { hmac.input(crypted_data); - hmac.result().code().to_vec() + hmac.clone().result().code().to_vec() }, Hmac::Sha512(ref mut hmac) => { hmac.input(crypted_data); - hmac.result().code().to_vec() + hmac.clone().result().code().to_vec() }, } } @@ -88,11 +88,11 @@ impl Hmac { match *self { Hmac::Sha256(ref mut hmac) => { hmac.input(crypted_data); - hmac.verify(expected_hash).map_err(|_| ()) + hmac.clone().verify(expected_hash).map_err(|_| ()) }, Hmac::Sha512(ref mut hmac) => { hmac.input(crypted_data); - hmac.verify(expected_hash).map_err(|_| ()) + hmac.clone().verify(expected_hash).map_err(|_| ()) }, } } diff --git a/protocols/secio/src/handshake.rs b/protocols/secio/src/handshake.rs index 6ffd33433d3..77cc3b1e439 100644 --- a/protocols/secio/src/handshake.rs +++ b/protocols/secio/src/handshake.rs @@ -40,7 +40,7 @@ use ring::signature::{RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_SHA256, verify as ri use ring::rand::SystemRandom; #[cfg(feature = "secp256k1")] use secp256k1; -use sha2::{Digest as ShaDigestTrait, Sha256, Sha512}; +use sha2::{Digest as ShaDigestTrait, Sha256}; use std::cmp::{self, Ordering}; use std::io::{Error as IoError, ErrorKind as IoErrorKind}; use crate::structs_proto::{Exchange, Propose}; @@ -385,7 +385,7 @@ where signature }, SecioKeyPairInner::Ed25519 { ref key_pair } => { - let signature = key_pair.sign::(&data_to_sign); + let signature = key_pair.sign(&data_to_sign); signature.to_bytes().to_vec() }, #[cfg(feature = "secp256k1")] @@ -468,7 +468,7 @@ where let pubkey = Ed25519PublicKey::from_bytes(remote_public_key); if let (Ok(signature), Ok(pubkey)) = (signature, pubkey) { - match pubkey.verify::(&data_to_verify, &signature) { + match pubkey.verify(&data_to_verify, &signature) { Ok(()) => (), Err(_) => { debug!("failed to verify the remote's signature"); @@ -591,8 +591,11 @@ fn stretch_key(hmac: Hmac, result: &mut [u8]) { } } -fn stretch_key_inner(hmac: ::hmac::Hmac, result: &mut [u8]) -where ::hmac::Hmac: Clone { +fn stretch_key_inner(hmac: ::hmac::Hmac, result: &mut [u8]) +where D: ::hmac::digest::Input + ::hmac::digest::BlockInput + + ::hmac::digest::FixedOutput + ::hmac::digest::Reset + Default + Clone, + ::hmac::Hmac: Clone + ::hmac::crypto_mac::Mac +{ use ::hmac::Mac; const SEED: &[u8] = b"key expansion"; diff --git a/protocols/secio/src/lib.rs b/protocols/secio/src/lib.rs index 758d3577ed8..a293ec55f53 100644 --- a/protocols/secio/src/lib.rs +++ b/protocols/secio/src/lib.rs @@ -238,7 +238,7 @@ impl SecioKeyPair { /// Generates a new Ed25519 key pair and uses it. pub fn ed25519_generated() -> Result> { let mut csprng = rand::thread_rng(); - let keypair: Ed25519KeyPair = Ed25519KeyPair::generate::(&mut csprng); + let keypair: Ed25519KeyPair = Ed25519KeyPair::generate::<_>(&mut csprng); Ok(SecioKeyPair { inner: SecioKeyPairInner::Ed25519 { key_pair: Arc::new(keypair), @@ -252,7 +252,7 @@ impl SecioKeyPair { pub fn ed25519_raw_key(key: impl AsRef<[u8]>) -> Result> { let secret = ed25519_dalek::SecretKey::from_bytes(key.as_ref()) .map_err(|err| err.to_string())?; - let public = ed25519_dalek::PublicKey::from_secret::(&secret); + let public = ed25519_dalek::PublicKey::from(&secret); Ok(SecioKeyPair { inner: SecioKeyPairInner::Ed25519 { From afa59b3f4e8181a0faeb7e8e753d3a5c852a2c20 Mon Sep 17 00:00:00 2001 From: Benjamin Kampmann Date: Thu, 7 Feb 2019 19:12:17 +0100 Subject: [PATCH 2/4] Update websocket --- transports/websocket/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/transports/websocket/Cargo.toml b/transports/websocket/Cargo.toml index 2890c8971f2..1267ded4992 100644 --- a/transports/websocket/Cargo.toml +++ b/transports/websocket/Cargo.toml @@ -17,7 +17,7 @@ rw-stream-sink = { version = "0.1.0", path = "../../misc/rw-stream-sink" } tokio-io = "0.1" [target.'cfg(not(any(target_os = "emscripten", target_os = "unknown")))'.dependencies] -websocket = { version = "0.21.0", default-features = false, features = ["async", "async-ssl"] } +websocket = { version = "0.22.2", default-features = false, features = ["async", "async-ssl"] } [target.'cfg(any(target_os = "emscripten", target_os = "unknown"))'.dependencies] stdweb = { version = "0.4", default-features = false } From dafd4c02d858afab4629a92509f5b925425c016e Mon Sep 17 00:00:00 2001 From: Benjamin Kampmann Date: Thu, 7 Feb 2019 19:16:43 +0100 Subject: [PATCH 3/4] update byteorder --- misc/multiaddr/Cargo.toml | 2 +- misc/multiaddr/src/errors.rs | 7 ------- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/misc/multiaddr/Cargo.toml b/misc/multiaddr/Cargo.toml index a0e1c123ed6..195579e0902 100644 --- a/misc/multiaddr/Cargo.toml +++ b/misc/multiaddr/Cargo.toml @@ -11,7 +11,7 @@ version = "0.1.0" [dependencies] arrayref = "0.3" bs58 = "0.2.0" -byteorder = "0.4" +byteorder = "1.3.1" data-encoding = "2.1" multihash = { package = "parity-multihash", version = "0.1.0", path = "../multihash" } serde = "1.0.70" diff --git a/misc/multiaddr/src/errors.rs b/misc/multiaddr/src/errors.rs index 44cb01b03ad..557a0bd8cc4 100644 --- a/misc/multiaddr/src/errors.rs +++ b/misc/multiaddr/src/errors.rs @@ -1,7 +1,6 @@ use std::{net, fmt, error, io, num, str, string}; use bs58; use multihash; -use byteorder; use unsigned_varint::decode; pub type Result = ::std::result::Result; @@ -70,12 +69,6 @@ impl From for Error { } } -impl From for Error { - fn from(err: byteorder::Error) -> Error { - Error::ParsingError(err.into()) - } -} - impl From for Error { fn from(err: num::ParseIntError) -> Error { Error::ParsingError(err.into()) From d881e50bce7af8d222cdc8461ffd32cdd3fb7a87 Mon Sep 17 00:00:00 2001 From: Benjamin Kampmann Date: Thu, 7 Feb 2019 19:31:51 +0100 Subject: [PATCH 4/4] cleaner hmac usage --- protocols/secio/src/codec/mod.rs | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/protocols/secio/src/codec/mod.rs b/protocols/secio/src/codec/mod.rs index 28c08045352..51a711cc5a7 100644 --- a/protocols/secio/src/codec/mod.rs +++ b/protocols/secio/src/codec/mod.rs @@ -69,30 +69,34 @@ impl Hmac { /// Signs the data. // TODO: better return type? - pub fn sign(&mut self, crypted_data: &[u8]) -> Vec { + pub fn sign(&self, crypted_data: &[u8]) -> Vec { match *self { - Hmac::Sha256(ref mut hmac) => { + Hmac::Sha256(ref hmac) => { + let mut hmac = hmac.clone(); hmac.input(crypted_data); - hmac.clone().result().code().to_vec() + hmac.result().code().to_vec() }, - Hmac::Sha512(ref mut hmac) => { + Hmac::Sha512(ref hmac) => { + let mut hmac = hmac.clone(); hmac.input(crypted_data); - hmac.clone().result().code().to_vec() + hmac.result().code().to_vec() }, } } /// Verifies that the data matches the expected hash. // TODO: better error? - pub fn verify(&mut self, crypted_data: &[u8], expected_hash: &[u8]) -> Result<(), ()> { + pub fn verify(&self, crypted_data: &[u8], expected_hash: &[u8]) -> Result<(), ()> { match *self { - Hmac::Sha256(ref mut hmac) => { + Hmac::Sha256(ref hmac) => { + let mut hmac = hmac.clone(); hmac.input(crypted_data); - hmac.clone().verify(expected_hash).map_err(|_| ()) + hmac.verify(expected_hash).map_err(|_| ()) }, - Hmac::Sha512(ref mut hmac) => { + Hmac::Sha512(ref hmac) => { + let mut hmac = hmac.clone(); hmac.input(crypted_data); - hmac.clone().verify(expected_hash).map_err(|_| ()) + hmac.verify(expected_hash).map_err(|_| ()) }, } }