Upgrade RustCrypto crates

Bumps the following to the latest versions:

- `hmac` v0.12
- `k256` v0.11
- `p256` v0.11
- `pbkdf2` v0.10
- `ripemd` v0.1
- `sha2` v0.10

bip32/Cargo.toml

@@ -1,11 +1,11 @@
 [package]
 name = "bip32"
+version = "0.4.0-pre"
 description = """
 BIP32 hierarchical key derivation implemented in a generic, no_std-friendly
 manner. Supports deriving keys using the pure Rust k256 crate or the
 C library-backed secp256k1 crate
 """
-version = "0.3.0" # Also update html_root_url in lib.rs when bumping this
 authors = ["Tony Arcieri <tony@iqlusion.io>"]
 license = "Apache-2.0 OR MIT"
 homepage = "https://github.com/iqlusioninc/crates/"
@@ -18,17 +18,17 @@ rust-version = "1.56"
 
 [dependencies]
 bs58 = { version = "0.4", default-features = false, features = ["check"] }
-hmac = { version = "0.11", default-features = false }
+hmac = { version = "0.12", default-features = false }
 rand_core = { version = "0.6", default-features = false }
-ripemd160 = { version = "0.9", default-features = false }
-sha2 = { version = "0.9", default-features = false }
+ripemd = { version = "0.1", default-features = false }
+sha2 = { version = "0.10", default-features = false }
 subtle = { version = "2", default-features = false }
 zeroize = { version = "1", default-features = false }
 
 # optional dependencies
-k256 = { version = "0.10", optional = true, default-features = false, features = ["ecdsa", "sha256", "keccak256"] }
+k256 = { version = "0.11", optional = true, default-features = false, features = ["ecdsa", "sha256", "keccak256"] }
 once_cell = { version = "1", optional = true }
-pbkdf2 = { version = "0.9", optional = true, default-features = false }
+pbkdf2 = { version = "0.10", optional = true, default-features = false }
 secp256k1-ffi = { package = "secp256k1", version = "0.21", optional = true }
 
 [dev-dependencies]

bip32/src/error.rs

@@ -67,8 +67,8 @@ impl From<core::array::TryFromSliceError> for Error {
     }
 }
 
-impl From<hmac::crypto_mac::InvalidKeyLength> for Error {
-    fn from(_: hmac::crypto_mac::InvalidKeyLength) -> Error {
+impl From<hmac::digest::InvalidLength> for Error {
+    fn from(_: hmac::digest::InvalidLength) -> Error {
         Error::Crypto
     }
 }

bip32/src/extended_key/private_key.rs

@@ -8,7 +8,7 @@ use core::{
     fmt::{self, Debug},
     str::FromStr,
 };
-use hmac::{Mac, NewMac};
+use hmac::Mac;
 use subtle::{Choice, ConstantTimeEq};
 use zeroize::Zeroize;
 

bip32/src/extended_key/public_key.rs

@@ -5,7 +5,7 @@ use crate::{
     KeyFingerprint, Prefix, PrivateKey, PublicKey, PublicKeyBytes, Result, KEY_SIZE,
 };
 use core::str::FromStr;
-use hmac::{Mac, NewMac};
+use hmac::Mac;
 
 #[cfg(feature = "alloc")]
 use alloc::string::{String, ToString};

bip32/src/lib.rs

@@ -1,6 +1,5 @@
 #![no_std]
 #![cfg_attr(docsrs, feature(doc_cfg))]
-#![doc(html_root_url = "https://docs.rs/bip32/0.3.0")]
 #![doc = include_str!("../README.md")]
 #![forbid(unsafe_code, clippy::unwrap_used)]
 #![warn(missing_docs, rust_2018_idioms, unused_qualifications)]

bip32/src/public_key.rs

@@ -1,7 +1,7 @@
 //! Trait for deriving child keys on a given type.
 
 use crate::{KeyFingerprint, PrivateKeyBytes, Result, KEY_SIZE};
-use ripemd160::Ripemd160;
+use ripemd::Ripemd160;
 use sha2::{Digest, Sha256};
 
 #[cfg(feature = "secp256k1")]

hkd32/Cargo.toml

@@ -7,7 +7,7 @@ repeated applications of the Hash-based Message Authentication Code
 (HMAC) construction. Optionally supports storing root derivation
 passwords as a 24-word mnemonic phrase (i.e. BIP39).
 """
-version    = "0.6.0" # Also update html_root_url in lib.rs when bumping this
+version    = "0.7.0-pre"
 authors    = ["Tony Arcieri <tony@iqlusion.io>"]
 license    = "Apache-2.0 OR MIT"
 homepage   = "https://github.com/iqlusioninc/crates/"
@@ -22,14 +22,14 @@ rust-version = "1.56"
 maintenance = { status = "passively-maintained" }
 
 [dependencies]
-hmac = { version = "0.11", default-features = false }
+hmac = { version = "0.12", default-features = false }
 rand_core = { version = "0.6", default-features = false }
-sha2 = { version = "0.9", default-features = false }
+sha2 = { version = "0.10", default-features = false }
 zeroize = { version = "1", default-features = false, features = ["zeroize_derive"] }
 
 # optional dependencies
 once_cell = { version = "1", optional = true }
-pbkdf2 = { version = "0.9", optional = true, default-features = false }
+pbkdf2 = { version = "0.10", optional = true, default-features = false }
 subtle-encoding = { version = "0.5", optional = true, default-features = false, path = "../subtle-encoding" }
 
 [dev-dependencies]

hkd32/src/key_material.rs

@@ -7,8 +7,7 @@
 //! material, and is the primary type useful for deriving other keys.
 
 use crate::{path::Path, Error, KEY_SIZE};
-use hmac::crypto_mac::{Mac, NewMac};
-use hmac::Hmac;
+use hmac::{Hmac, Mac};
 use rand_core::{CryptoRng, RngCore};
 use sha2::Sha512;
 use zeroize::Zeroize;

hkd32/src/lib.rs

@@ -40,7 +40,6 @@
 
 #![no_std]
 #![cfg_attr(docsrs, feature(doc_cfg))]
-#![doc(html_root_url = "https://docs.rs/hkd32/0.6.0")]
 #![warn(missing_docs, rust_2018_idioms, unused_qualifications)]
 
 #[cfg(feature = "alloc")]

signatory/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name         = "signatory"
 description  = "Multi-provider elliptic curve digital signature library with ECDSA and Ed25519 support"
-version      = "0.24.0" # Also update html_root_url in lib.rs when bumping this
+version      = "0.25.0-pre"
 license      = "Apache-2.0 OR MIT"
 authors      = ["Tony Arcieri <tony@iqlusion.io>"]
 homepage     = "https://github.com/iqlusioninc/crates"
@@ -14,16 +14,16 @@ edition      = "2021"
 rust-version = "1.56"
 
 [dependencies]
-pkcs8 = { version = "0.8", features = ["alloc", "pem"] }
+pkcs8 = { version = "0.9", features = ["alloc", "pem"] }
 rand_core = "0.6"
 signature = "1.4"
 zeroize = "1.4"
 
 # optional dependencies
-ecdsa = { version = "0.13", optional = true, features = ["pem", "pkcs8"] }
+ecdsa = { version = "0.14", optional = true, features = ["pem", "pkcs8"] }
 ed25519-dalek = { version = "1", optional = true, default-features = false, features = ["u64_backend"] }
-k256 = { version = "0.10", optional = true, features = ["ecdsa", "sha256", "keccak256"] }
-p256 = { version = "0.10", optional = true, features = ["ecdsa", "sha256"] }
+k256 = { version = "0.11", optional = true, features = ["ecdsa", "sha256", "keccak256"] }
+p256 = { version = "0.11", optional = true, features = ["ecdsa", "sha256"] }
 
 [dev-dependencies]
 tempfile = "3"

signatory/src/algorithm.rs

@@ -51,7 +51,7 @@ impl TryFrom<pkcs8::AlgorithmIdentifier<'_>> for Algorithm {
         #[cfg(feature = "ecdsa")]
         if pkcs8_alg_id.oid == ecdsa::elliptic_curve::ALGORITHM_OID {
             #[cfg(any(feature = "nistp256", feature = "secp256k1"))]
-            use ecdsa::elliptic_curve::AlgorithmParameters;
+            use pkcs8::AssociatedOid;
 
             #[cfg(feature = "nistp256")]
             if pkcs8_alg_id.parameters_oid() == Ok(crate::ecdsa::NistP256::OID) {

signatory/src/ecdsa/keyring.rs

@@ -2,9 +2,6 @@
 
 use crate::{Algorithm, Error, KeyHandle, LoadPkcs8, Result};
 
-#[allow(unused_imports)]
-use ecdsa::elliptic_curve::AlgorithmParameters;
-
 #[cfg(feature = "nistp256")]
 use super::nistp256;
 

signatory/src/ecdsa/nistp256.rs

@@ -96,7 +96,7 @@ impl TryFrom<&[u8]> for SigningKey {
 #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
 impl GeneratePkcs8 for SigningKey {
     /// Randomly generate a new PKCS#8 private key.
-    fn generate_pkcs8() -> pkcs8::PrivateKeyDocument {
+    fn generate_pkcs8() -> pkcs8::SecretDocument {
         p256::SecretKey::random(&mut rand_core::OsRng)
             .to_pkcs8_der()
             .expect("DER error")

signatory/src/ecdsa/secp256k1.rs

@@ -99,7 +99,7 @@ impl TryFrom<&[u8]> for SigningKey {
 #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
 impl GeneratePkcs8 for SigningKey {
     /// Randomly generate a new PKCS#8 private key.
-    fn generate_pkcs8() -> pkcs8::PrivateKeyDocument {
+    fn generate_pkcs8() -> pkcs8::SecretDocument {
         k256::SecretKey::random(&mut rand_core::OsRng)
             .to_pkcs8_der()
             .expect("DER error")

signatory/src/ed25519.rs

@@ -12,7 +12,8 @@ pub use self::{
 pub use ed25519_dalek::ed25519::Signature;
 
 /// Ed25519 Object Identifier (OID).
-pub const ALGORITHM_OID: pkcs8::ObjectIdentifier = pkcs8::ObjectIdentifier::new("1.3.101.112");
+pub const ALGORITHM_OID: pkcs8::ObjectIdentifier =
+    pkcs8::ObjectIdentifier::new_unwrap("1.3.101.112");
 
 /// Ed25519 Algorithm Identifier.
 pub const ALGORITHM_ID: pkcs8::AlgorithmIdentifier<'static> = pkcs8::AlgorithmIdentifier {

signatory/src/ed25519/sign.rs

@@ -59,11 +59,10 @@ impl TryFrom<pkcs8::PrivateKeyInfo<'_>> for SigningKey {
 #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
 impl GeneratePkcs8 for SigningKey {
     /// Randomly generate a new PKCS#8 private key.
-    fn generate_pkcs8() -> pkcs8::PrivateKeyDocument {
+    fn generate_pkcs8() -> pkcs8::SecretDocument {
         let mut private_key = Zeroizing::new([0u8; SECRET_KEY_LENGTH]);
         OsRng.fill_bytes(&mut *private_key);
-        pkcs8::PrivateKeyInfo::new(ALGORITHM_ID, &*private_key)
-            .to_der()
+        pkcs8::SecretDocument::encode_msg(&pkcs8::PrivateKeyInfo::new(ALGORITHM_ID, &*private_key))
             .expect("DER encoding error")
     }
 }

signatory/src/ed25519/verify.rs

@@ -47,7 +47,7 @@ impl From<&ed25519_dalek::Keypair> for VerifyingKey {
 impl DecodePublicKey for VerifyingKey {}
 
 impl EncodePublicKey for VerifyingKey {
-    fn to_public_key_der(&self) -> pkcs8::spki::Result<pkcs8::PublicKeyDocument> {
+    fn to_public_key_der(&self) -> pkcs8::spki::Result<pkcs8::Document> {
         pkcs8::SubjectPublicKeyInfo {
             algorithm: ALGORITHM_ID,
             subject_public_key: self.inner.as_bytes(),

signatory/src/error.rs

@@ -89,6 +89,12 @@ impl From<pkcs8::der::Error> for Error {
     }
 }
 
+impl From<pkcs8::der::pem::Error> for Error {
+    fn from(err: pkcs8::der::pem::Error) -> Error {
+        pkcs8::der::Error::from(err).into()
+    }
+}
+
 #[cfg(feature = "std")]
 #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
 impl From<std::io::Error> for Error {

signatory/src/key/store.rs

@@ -9,5 +9,5 @@ pub use fs::FsKeyStore;
 /// Trait for generating PKCS#8-encoded private keys.
 pub trait GeneratePkcs8 {
     /// Randomly generate a new PKCS#8 private key.
-    fn generate_pkcs8() -> pkcs8::PrivateKeyDocument;
+    fn generate_pkcs8() -> pkcs8::SecretDocument;
 }

signatory/src/key/store/fs.rs

@@ -1,7 +1,7 @@
 //! Filesystem-backed keystore
 
 use crate::{Error, KeyHandle, KeyInfo, KeyName, KeyRing, LoadPkcs8, Result};
-use pkcs8::der::Document;
+use pkcs8::der::pem::PemLabel;
 use std::{
     fs,
     path::{Path, PathBuf},
@@ -79,8 +79,9 @@ impl FsKeyStore {
         let algorithm = if encrypted {
             None
         } else {
-            pkcs8::PrivateKeyDocument::from_pem(&pem_data)?
-                .decode()
+            let (label, der) = pkcs8::SecretDocument::from_pem(&pem_data)?;
+            pkcs8::PrivateKeyInfo::validate_pem_label(label)?;
+            der.decode_msg::<pkcs8::PrivateKeyInfo<'_>>()?
                 .algorithm
                 .try_into()
                 .ok()
@@ -95,19 +96,23 @@ impl FsKeyStore {
 
     /// Import a key with a given name into the provided keyring.
     pub fn import(&self, name: &KeyName, key_ring: &mut KeyRing) -> Result<KeyHandle> {
-        key_ring.load_pkcs8(self.load(name)?.decode())
+        key_ring.load_pkcs8(self.load(name)?.decode_msg()?)
     }
 
     /// Load a PKCS#8 key from the keystore.
-    pub fn load(&self, name: &KeyName) -> Result<pkcs8::PrivateKeyDocument> {
-        Ok(pkcs8::PrivateKeyDocument::read_pem_file(
-            &self.key_path(name),
-        )?)
+    pub fn load(&self, name: &KeyName) -> Result<pkcs8::SecretDocument> {
+        let (label, doc) = pkcs8::SecretDocument::read_pem_file(&self.key_path(name))?;
+        pkcs8::PrivateKeyInfo::validate_pem_label(&label)?;
+        Ok(doc)
     }
 
     /// Import a PKCS#8 key into the keystore.
-    pub fn store(&self, name: &KeyName, der: &pkcs8::PrivateKeyDocument) -> Result<()> {
-        der.write_pem_file(&self.key_path(name), Default::default())?;
+    pub fn store(&self, name: &KeyName, der: &pkcs8::SecretDocument) -> Result<()> {
+        der.write_pem_file(
+            &self.key_path(name),
+            pkcs8::PrivateKeyInfo::PEM_LABEL,
+            Default::default(),
+        )?;
         Ok(())
     }
 
@@ -144,7 +149,7 @@ mod tests {
 
     /// Create a keystore containing one key named `example_key` with the given content
     #[allow(dead_code)]
-    fn create_example_keystore(example_key: &pkcs8::PrivateKeyDocument) -> FsStoreHandle {
+    fn create_example_keystore(example_key: &pkcs8::SecretDocument) -> FsStoreHandle {
         let dir = tempfile::tempdir().unwrap();
         let keystore = FsKeyStore::create_or_open(&dir.path().join("keys")).unwrap();
 
@@ -163,7 +168,7 @@ mod tests {
         let ks = create_example_keystore(&example_key);
 
         let example_key2 = ks.keystore.load(&key_name).unwrap();
-        assert_eq!(example_key.as_ref(), example_key2.as_ref());
+        assert_eq!(example_key.as_bytes(), example_key2.as_bytes());
 
         ks.keystore.delete(&key_name).unwrap();
     }

stdtx/Cargo.toml

@@ -12,19 +12,16 @@ keywords    = ["amino", "crypto", "cosmos", "transaction", "tendermint"]
 edition     = "2021"
 rust-version = "1.56"
 
-[badges]
-circle-ci = { repository = "tendermint/kms" }
-
 [dependencies]
-ecdsa = { version = "0.13", features = ["std"] }
+ecdsa = { version = "0.14", features = ["std"] }
 eyre = "0.6"
-k256 = { version = "0.10", features = ["ecdsa", "sha256"] }
+k256 = { version = "0.11", features = ["ecdsa", "sha256"] }
 prost-amino = "0.6"
 prost-amino-derive = "0.6"
 rust_decimal = "1.19"
 serde = { version = "1", features = ["serde_derive"] }
 serde_json = "1"
-sha2 = "0.9"
+sha2 = "0.10"
 subtle-encoding = { version = "0.5", features = ["bech32-preview"], path = "../subtle-encoding" }
 thiserror = "1"
 toml = "0.5"