Skip to content

Commit

Permalink
runtime-sdk: bump crypto deps
Browse files Browse the repository at this point in the history
  • Loading branch information
nhynes committed Oct 3, 2023
1 parent 7d979b9 commit 922332d
Show file tree
Hide file tree
Showing 13 changed files with 216 additions and 290 deletions.
168 changes: 83 additions & 85 deletions Cargo.lock

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions contract-sdk/crypto/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ oasis-runtime-sdk = { path = "../../runtime-sdk" }
# Third party.
k256 = "0.13.1"
thiserror = "1.0.30"
x25519-dalek = "1.1.0"
sha2 = "0.9.8"
hmac = "0.11.0"
x25519-dalek = { version = "2.0.0", features = ["static_secrets"] }
sha2 = "0.10.8"
hmac = "0.12.1"

[dev-dependencies]
hex = "0.4.2"
6 changes: 3 additions & 3 deletions contract-sdk/crypto/src/x25519.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use hmac::{Hmac, Mac as _, NewMac as _};
use sha2::Sha512Trunc256;
use hmac::{Hmac, Mac as _};
use sha2::Sha512_256;
use x25519_dalek::{PublicKey, StaticSecret};

pub use oasis_runtime_sdk::core::common::crypto::mrae::deoxysii::KEY_SIZE;
Expand Down Expand Up @@ -33,7 +33,7 @@ pub fn derive_symmetric(public_key: &[u8], private_key: &[u8]) -> Result<[u8; KE
let public = PublicKey::from(public);
let private = StaticSecret::from(private);

let mut kdf = Hmac::<Sha512Trunc256>::new_from_slice(b"MRAE_Box_Deoxys-II-256-128")
let mut kdf = Hmac::<Sha512_256>::new_from_slice(b"MRAE_Box_Deoxys-II-256-128")
.map_err(|_| Error::KeyDerivationFunctionFailure)?;
kdf.update(private.diffie_hellman(&public).as_bytes());

Expand Down
10 changes: 4 additions & 6 deletions runtime-sdk/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,14 @@ oasis-runtime-sdk-macros = { path = "../runtime-sdk-macros", optional = true }
# Third party.
byteorder = "1.4.3"
curve25519-dalek = "3.2.0"
ed25519-dalek = "1.0.1"
ed25519-dalek = { version = "2.0.0", features = ["digest"] }
digest = "0.10.3"
digest_0_9 = { package = "digest", version = "0.9" } # Needed for ed25519-dalek.
hmac = "0.11.0"
sha2 = "0.9.8"
hmac = "0.12.1"
sha2 = "0.10.8"
sha3 = { version = "0.10.1", default-features = false }
sha3_0_9_1 = { package = "sha3", version = "0.9.1", default-features = false }
k256 = "0.13.1"
p256 = "0.13.2"
schnorrkel = "0.10.2"
schnorrkel = "0.11.2"
merlin = "3.0.0"
thiserror = "1.0.30"
hex = "0.4.2"
Expand Down
4 changes: 2 additions & 2 deletions runtime-sdk/modules/evm/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,15 @@ base64 = "0.13.0"
blake3 = { version = "~1.3.1", features = ["traits-preview"] }
thiserror = "1.0"
hex = "0.4.2"
sha2 = "0.9.5"
sha2 = "0.10.8"
substrate-bn = "0.6.0"
ripemd160 = { version = "0.9", default-features = false }
k256 = "0.13.1"
sha3 = { version = "0.10", default-features = false }
num = { version = "0.4", features = ["alloc"], default-features = false }
once_cell = "1.8.0"
x25519-dalek = "1.1.0"
hmac = "0.11.0"
hmac = "0.12.1"
rand_core = { version = "0.6.4", default-features = false }

# Ethereum.
Expand Down
20 changes: 8 additions & 12 deletions runtime-sdk/modules/evm/src/precompile/confidential.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use evm::{
executor::stack::{PrecompileFailure, PrecompileHandle, PrecompileOutput},
ExitError, ExitRevert, ExitSucceed,
};
use hmac::{Hmac, Mac, NewMac as _};
use hmac::{Hmac, Mac};
use once_cell::sync::Lazy;

use oasis_runtime_sdk::{
Expand Down Expand Up @@ -143,9 +143,11 @@ pub(super) fn call_x25519_derive(handle: &mut impl PrecompileHandle) -> Precompi
let public = x25519_dalek::PublicKey::from(public);
let private = x25519_dalek::StaticSecret::from(private);

let mut kdf = Hmac::<sha2::Sha512Trunc256>::new_from_slice(b"MRAE_Box_Deoxys-II-256-128")
.map_err(|_| PrecompileFailure::Error {
exit_status: ExitError::Other("unable to create key derivation function".into()),
let mut kdf =
Hmac::<sha2::Sha512_256>::new_from_slice(b"MRAE_Box_Deoxys-II-256-128").map_err(|_| {
PrecompileFailure::Error {
exit_status: ExitError::Other("unable to create key derivation function".into()),

Check warning on line 149 in runtime-sdk/modules/evm/src/precompile/confidential.rs

View check run for this annotation

Codecov / codecov/patch

runtime-sdk/modules/evm/src/precompile/confidential.rs#L148-L149

Added lines #L148 - L149 were not covered by tests
}
})?;
kdf.update(private.diffie_hellman(&public).as_bytes());

Expand Down Expand Up @@ -998,12 +1000,6 @@ mod test {
.expect("call should return something")
.expect_err("call should fail");

// Invalid private key.
let zeroes: Vec<u8> = vec![0; 32];
push_all_and_test(None, Some(&zeroes), None, None)
.expect("call should return something")
.expect_err("call should fail");

// All ok, with context.
push_all_and_test(None, None, None, None)
.expect("call should return something")
Expand Down Expand Up @@ -1031,7 +1027,7 @@ mod test {
let (context, message) = if signature_type.is_prehashed() {
use sha2::digest::Digest as _;
let mut digest = sha2::Sha256::default();
<sha2::Sha256 as sha2::digest::Update>::update(&mut digest, message);
<sha2::Sha256 as sha2::digest::Update>::update(&mut digest, &message);
(digest.finalize().to_vec(), vec![])
} else {
(
Expand Down Expand Up @@ -1217,7 +1213,7 @@ mod test {
let (context, message) = if signature_type.is_prehashed() {
use sha2::digest::Digest as _;
let mut digest = sha2::Sha256::default();
<sha2::Sha256 as sha2::digest::Update>::update(&mut digest, message);
<sha2::Sha256 as sha2::digest::Update>::update(&mut digest, &message);
(digest.finalize().to_vec(), vec![])
} else {
(
Expand Down
5 changes: 2 additions & 3 deletions runtime-sdk/modules/evm/src/precompile/sha512.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@ use evm::{
executor::stack::{PrecompileHandle, PrecompileOutput},
ExitSucceed,
};
use ripemd160::Digest as _;
use sha2::{Sha512, Sha512Trunc256};
use sha2::{digest::Digest as _, Sha512, Sha512_256};

use super::{record_linear_cost, PrecompileResult};

Expand All @@ -13,7 +12,7 @@ pub(super) fn call_sha512_256(handle: &mut impl PrecompileHandle) -> PrecompileR
// See benches/criterion_benchmark.rs for the benchmarks.
record_linear_cost(handle, handle.input().len() as u64, 115, 13)?;

let mut hasher = Sha512Trunc256::new();
let mut hasher = Sha512_256::new();
hasher.update(handle.input());
let digest = hasher.finalize();

Expand Down
62 changes: 0 additions & 62 deletions runtime-sdk/src/crypto/signature/digests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -47,13 +47,6 @@ where
}
}

impl<D> digest_0_9::BlockInput for DummyDigest<D>
where
D: digest_0_9::BlockInput,
{
type BlockSize = <D as digest_0_9::BlockInput>::BlockSize;
}

impl<D> digest::OutputSizeUser for DummyDigest<D>
where
D: digest::OutputSizeUser,
Expand Down Expand Up @@ -94,35 +87,6 @@ where
}
}

impl<D> digest_0_9::FixedOutput for DummyDigest<D>
where
D: digest_0_9::FixedOutput,
{
type OutputSize = <D as digest_0_9::FixedOutput>::OutputSize;

fn finalize_into(
self,
out: &mut digest_0_9::generic_array::GenericArray<u8, Self::OutputSize>,
) {
if let Some(digest) = self.underlying {
digest.finalize_into(out);
} else {
out.as_mut_slice().copy_from_slice(&self.preexisting);
}
}

fn finalize_into_reset(
&mut self,
out: &mut digest_0_9::generic_array::GenericArray<u8, Self::OutputSize>,
) {
if let Some(ref mut digest) = self.underlying {
digest.finalize_into_reset(out);
} else {
out.as_mut_slice().copy_from_slice(&self.preexisting);
}
}
}

impl<D> digest::Reset for DummyDigest<D>
where
D: digest::Reset,
Expand All @@ -136,19 +100,6 @@ where
}
}

impl<D> digest_0_9::Reset for DummyDigest<D>
where
D: digest_0_9::Reset,
{
fn reset(&mut self) {
if let Some(ref mut digest) = self.underlying {
digest.reset();
} else {
panic!("mutating dummy digest with precomputed hash");
}
}
}

impl<D> digest::Update for DummyDigest<D>
where
D: digest::Update,
Expand All @@ -162,17 +113,4 @@ where
}
}

impl<D> digest_0_9::Update for DummyDigest<D>
where
D: digest_0_9::Update,
{
fn update(&mut self, data: impl AsRef<[u8]>) {
if let Some(ref mut digest) = self.underlying {
digest.update(data);
} else {
panic!("mutating dummy digest with precomputed hash");
}
}
}

impl<D> digest::HashMarker for DummyDigest<D> where D: digest::HashMarker {}
34 changes: 14 additions & 20 deletions runtime-sdk/src/crypto/signature/ed25519.rs
Original file line number Diff line number Diff line change
@@ -1,11 +1,9 @@
//! Ed25519 signatures.
use std::convert::TryInto;

use curve25519_dalek::{
digest::{consts::U64, Digest},
edwards::CompressedEdwardsY,
};
use sha2::Sha512Trunc256;
use curve25519_dalek::{digest::consts::U64, edwards::CompressedEdwardsY};
use ed25519_dalek::Signer as _;
use sha2::{Digest as _, Sha512_256};

use oasis_core_runtime::common::crypto::signature::{
PublicKey as CorePublicKey, Signature as CoreSignature,
Expand Down Expand Up @@ -85,7 +83,9 @@ impl PublicKey {
.as_ref()
.try_into()
.map_err(|_| Error::MalformedSignature)?;
let pk = ed25519_dalek::PublicKey::from_bytes(self.as_bytes())
let pk: ed25519_dalek::VerifyingKey = self
.as_bytes()
.try_into()
.map_err(|_| Error::MalformedPublicKey)?;
pk.verify_prehashed(digest, None, &sig)
.map_err(|_| Error::VerificationFailed)
Expand Down Expand Up @@ -118,33 +118,29 @@ impl From<PublicKey> for CorePublicKey {

/// A memory-backed signer for Ed25519.
pub struct MemorySigner {
sk: ed25519_dalek::ExpandedSecretKey,
sk: ed25519_dalek::SigningKey,
}

impl MemorySigner {
pub fn sign_digest<D>(&self, digest: D) -> Result<Signature, Error>
where
D: ed25519_dalek::Digest<OutputSize = U64>,
{
let pk = ed25519_dalek::PublicKey::from(&self.sk);
self.sk
.sign_prehashed(digest, &pk, None)
.sign_prehashed(digest, None)
.map_err(|_| Error::SigningError)
.map(|sig| sig.to_bytes().to_vec().into())
}
}

impl super::Signer for MemorySigner {
fn new_from_seed(seed: &[u8]) -> Result<Self, Error> {
let sk = ed25519_dalek::SecretKey::from_bytes(seed).map_err(|_| Error::InvalidArgument)?;
let esk = ed25519_dalek::ExpandedSecretKey::from(&sk);
Ok(Self { sk: esk })
Self::from_bytes(seed)
}

fn from_bytes(bytes: &[u8]) -> Result<Self, Error> {
Ok(Self {
sk: ed25519_dalek::ExpandedSecretKey::from_bytes(bytes)
.map_err(|_| Error::MalformedPrivateKey)?,
sk: bytes.try_into().map_err(|_| Error::MalformedPrivateKey)?,
})
}

Expand All @@ -153,25 +149,23 @@ impl super::Signer for MemorySigner {
}

fn public_key(&self) -> super::PublicKey {
let pk = ed25519_dalek::PublicKey::from(&self.sk);
let pk = ed25519_dalek::VerifyingKey::from(&self.sk);
super::PublicKey::Ed25519(PublicKey::from_bytes(pk.as_bytes()).unwrap())
}

fn sign(&self, context: &[u8], message: &[u8]) -> Result<Signature, Error> {
let mut digest = Sha512Trunc256::new();
let mut digest = Sha512_256::new();
digest.update(context);
digest.update(message);
let message = digest.finalize();

let pk = ed25519_dalek::PublicKey::from(&self.sk);
let signature = self.sk.sign(&message, &pk);
let signature = self.sk.sign(&message);

Ok(signature.to_bytes().to_vec().into())
}

fn sign_raw(&self, message: &[u8]) -> Result<Signature, Error> {
let pk = ed25519_dalek::PublicKey::from(&self.sk);
let signature = self.sk.sign(message, &pk);
let signature = self.sk.sign(message);
Ok(signature.to_bytes().to_vec().into())
}
}
Loading

0 comments on commit 922332d

Please sign in to comment.