From aae6d2117e6f72a22979c28be69d0fe770c3d4da Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Mon, 9 May 2022 19:59:22 -0600 Subject: [PATCH] Upgrade RustCrypto crates Bumps the following to the latest versions: - `hmac` v0.12 - `k256` v0.11 - `p256` v0.11 - `pbkdf2` v0.10 - `ripemd` v0.1 - `sha2` v0.10 --- Cargo.lock | 155 ++++++++++++-------------- bip32/Cargo.toml | 12 +- bip32/src/error.rs | 4 +- bip32/src/extended_key/private_key.rs | 2 +- bip32/src/extended_key/public_key.rs | 2 +- bip32/src/lib.rs | 1 - bip32/src/public_key.rs | 2 +- hkd32/Cargo.toml | 8 +- hkd32/src/key_material.rs | 3 +- hkd32/src/lib.rs | 1 - signatory/Cargo.toml | 10 +- signatory/src/algorithm.rs | 2 +- signatory/src/ecdsa/keyring.rs | 3 - signatory/src/ecdsa/nistp256.rs | 2 +- signatory/src/ecdsa/secp256k1.rs | 2 +- signatory/src/ed25519.rs | 3 +- signatory/src/ed25519/sign.rs | 5 +- signatory/src/ed25519/verify.rs | 2 +- signatory/src/error.rs | 6 + signatory/src/key/store.rs | 2 +- signatory/src/key/store/fs.rs | 29 +++-- stdtx/Cargo.toml | 9 +- 22 files changed, 129 insertions(+), 136 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 45791b4b..e5a02957 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -81,7 +81,7 @@ checksum = "dea908e7347a8c64e378c17e30ef880ad73e3b4498346b055c2c00ea342f3179" [[package]] name = "bip32" -version = "0.3.0" +version = "0.4.0-pre" dependencies = [ "bs58", "hex-literal", @@ -90,9 +90,9 @@ dependencies = [ "once_cell", "pbkdf2", "rand_core 0.6.3", - "ripemd160", + "ripemd", "secp256k1", - "sha2", + "sha2 0.10.2", "subtle", "zeroize", ] @@ -109,7 +109,6 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" dependencies = [ - "block-padding", "generic-array", ] @@ -122,19 +121,13 @@ dependencies = [ "generic-array", ] -[[package]] -name = "block-padding" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d696c370c750c948ada61c69a0ee2cbbb9c50b1019ddb86d9317157a99c2cae" - [[package]] name = "bs58" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "771fe0050b883fcc3ea2359b1a96bcfbc090b7116eae7c3c512c7a083fdf23d3" dependencies = [ - "sha2", + "sha2 0.9.9", ] [[package]] @@ -182,9 +175,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "const-oid" -version = "0.7.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3" +checksum = "722e23542a15cea1f65d4a1419c4cfd7a26706c70871a13a04238ca3f40f1661" [[package]] name = "core-foundation" @@ -213,9 +206,9 @@ dependencies = [ [[package]] name = "crypto-bigint" -version = "0.3.2" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03c6a1d5fa1de37e071642dfa44ec552ca5b299adb128fab16138e24b548fd21" +checksum = "f322d21b9f3edc2a5d5e2237e78d7b72f4da0b979df0da94cae705df1edd0181" dependencies = [ "generic-array", "rand_core 0.6.3", @@ -233,16 +226,6 @@ dependencies = [ "typenum", ] -[[package]] -name = "crypto-mac" -version = "0.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714" -dependencies = [ - "generic-array", - "subtle", -] - [[package]] name = "ct-logs" version = "0.8.0" @@ -279,12 +262,13 @@ dependencies = [ [[package]] name = "der" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6919815d73839e7ad218de758883aae3a257ba6759ce7a9992501efbb53d705c" +checksum = "13dd2ae565c0a381dde7fade45fce95984c568bdcb4700a4fdbe3175e0380b2f" dependencies = [ "const-oid", "pem-rfc7468", + "zeroize", ] [[package]] @@ -304,13 +288,14 @@ checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506" dependencies = [ "block-buffer 0.10.2", "crypto-common", + "subtle", ] [[package]] name = "ecdsa" -version = "0.13.4" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0d69ae62e0ce582d56380743515fefaf1a8c70cec685d9677636d7e30ae9dc9" +checksum = "2d9cefce9f137ab016f5092c54277988ffaa598dea9ab964828ade036df05692" dependencies = [ "der", "elliptic-curve", @@ -335,7 +320,7 @@ checksum = "c762bae6dcaf24c4c84667b8579785430908723d5c889f469d76a41d59cc7a9d" dependencies = [ "curve25519-dalek", "ed25519", - "sha2", + "sha2 0.9.9", "zeroize", ] @@ -347,17 +332,19 @@ checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" [[package]] name = "elliptic-curve" -version = "0.11.12" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25b477563c2bfed38a3b7a60964c49e058b2510ad3f12ba3483fd8f62c2306d6" +checksum = "bdd8c93ccd534d6a9790f4455cd71e7adb53a12e9af7dd54d1e258473f100cea" dependencies = [ "base16ct", "crypto-bigint", "der", + "digest 0.10.3", "ff", "generic-array", "group", "pem-rfc7468", + "pkcs8", "rand_core 0.6.3", "sec1", "subtle", @@ -394,9 +381,9 @@ dependencies = [ [[package]] name = "ff" -version = "0.11.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2958d04124b9f27f175eaeb9a9f383d026098aa837eadd8ba22c11f13a05b9e" +checksum = "df689201f395c6b90dfe87127685f8dbfc083a5e779e613575d8bd7314300c3e" dependencies = [ "rand_core 0.6.3", "subtle", @@ -552,9 +539,9 @@ checksum = "78cc372d058dcf6d5ecd98510e7fbc9e5aec4d21de70f65fea8fecebcd881bd4" [[package]] name = "group" -version = "0.11.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc5ac374b108929de78460075f3dc439fa66df9d8fc77e8f12caa5165fcf0c89" +checksum = "7391856def869c1c81063a03457c676fbcd419709c3dfb33d8d319de484b154d" dependencies = [ "ff", "rand_core 0.6.3", @@ -628,26 +615,25 @@ checksum = "7ebdb29d2ea9ed0083cd8cece49bbd968021bd99b0849edb4a9a7ee0fdf6a4e0" [[package]] name = "hkd32" -version = "0.6.0" +version = "0.7.0-pre" dependencies = [ "hex-literal", "hmac", "once_cell", "pbkdf2", "rand_core 0.6.3", - "sha2", + "sha2 0.10.2", "subtle-encoding 0.5.1", "zeroize", ] [[package]] name = "hmac" -version = "0.11.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "crypto-mac", - "digest 0.9.0", + "digest 0.10.3", ] [[package]] @@ -838,15 +824,14 @@ dependencies = [ [[package]] name = "k256" -version = "0.10.4" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19c3a5e0a0b8450278feda242592512e09f61c72e018b8cd5c859482802daf2d" +checksum = "22588c7ced2b1dbf490ce24ea423c7fe981a78eed56ba944426fde3eb854de93" dependencies = [ "cfg-if", "ecdsa", "elliptic-curve", - "sec1", - "sha2", + "sha2 0.10.2", "sha3", ] @@ -1069,14 +1054,13 @@ dependencies = [ [[package]] name = "p256" -version = "0.10.1" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19736d80675fbe9fe33426268150b951a3fb8f5cfca2a23a17c85ef3adb24e3b" +checksum = "f3e7336b74eb43c009656d53a65648b5ff3941b8421207e6a23f42d5aa3a89f3" dependencies = [ "ecdsa", "elliptic-curve", - "sec1", - "sha2", + "sha2 0.10.2", ] [[package]] @@ -1110,18 +1094,18 @@ checksum = "0c520e05135d6e763148b6426a837e239041653ba7becd2e538c076c738025fc" [[package]] name = "pbkdf2" -version = "0.9.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f05894bce6a1ba4be299d0c5f29563e08af2bc18bb7d48313113bed71e904739" +checksum = "271779f35b581956db91a3e55737327a03aa051e90b1c47aeb189508533adfd7" dependencies = [ - "crypto-mac", + "digest 0.10.3", ] [[package]] name = "pem-rfc7468" -version = "0.3.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01de5d978f34aa4b2296576379fcc416034702fd94117c56ffd8a1a767cefb30" +checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac" dependencies = [ "base64ct", ] @@ -1140,13 +1124,12 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkcs8" -version = "0.8.0" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7cabda3fb821068a9a4fab19a683eac3af12edf0f34b94a8be53c4972b8149d0" +checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba" dependencies = [ "der", "spki", - "zeroize", ] [[package]] @@ -1194,7 +1177,7 @@ dependencies = [ "itertools 0.7.11", "proc-macro2", "quote", - "sha2", + "sha2 0.9.9", "syn", ] @@ -1265,9 +1248,9 @@ dependencies = [ [[package]] name = "rfc6979" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96ef608575f6392792f9ecf7890c00086591d29a83910939d430753f7c050525" +checksum = "6c0788437d5ee113c49af91d3594ebc4fcdcc962f8b6df5aa1c3eeafd8ad95de" dependencies = [ "crypto-bigint", "hmac", @@ -1290,14 +1273,12 @@ dependencies = [ ] [[package]] -name = "ripemd160" -version = "0.9.1" +name = "ripemd" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2eca4ecc81b7f313189bf73ce724400a07da2a6dac19588b03c8bd76a2dcc251" +checksum = "1facec54cb5e0dc08553501fa740091086d0259ad0067e0d4103448e4cb22ed3" dependencies = [ - "block-buffer 0.9.0", - "digest 0.9.0", - "opaque-debug", + "digest 0.10.3", ] [[package]] @@ -1376,10 +1357,11 @@ dependencies = [ [[package]] name = "sec1" -version = "0.2.1" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08da66b8b0965a5555b6bd6639e68ccba85e1e2506f5fbb089e93f8a04e1a2d1" +checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" dependencies = [ + "base16ct", "der", "generic-array", "pkcs8", @@ -1512,16 +1494,25 @@ dependencies = [ "opaque-debug", ] +[[package]] +name = "sha2" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55deaec60f81eefe3cce0dc50bda92d6d8e88f2a27df7c5033b42afeb1ed2676" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest 0.10.3", +] + [[package]] name = "sha3" -version = "0.9.1" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f81199417d4e5de3f04b1e871023acea7389672c4135918f05aa9cbf2f2fa809" +checksum = "881bf8156c87b6301fc5ca6b27f11eeb2761224c7081e69b409d5a1951a70c86" dependencies = [ - "block-buffer 0.9.0", - "digest 0.9.0", + "digest 0.10.3", "keccak", - "opaque-debug", ] [[package]] @@ -1535,7 +1526,7 @@ dependencies = [ [[package]] name = "signatory" -version = "0.24.0" +version = "0.25.0-pre" dependencies = [ "ecdsa", "ed25519-dalek", @@ -1550,11 +1541,11 @@ dependencies = [ [[package]] name = "signature" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02658e48d89f2bec991f9a78e69cfa4c316f8d6a6c4ec12fae1aeb263d486788" +checksum = "f054c6c1a6e95179d6f23ed974060dcefb2d9388bb7256900badad682c499de4" dependencies = [ - "digest 0.9.0", + "digest 0.10.3", "rand_core 0.6.3", ] @@ -1588,9 +1579,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" [[package]] name = "spki" -version = "0.5.4" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44d01ac02a6ccf3e07db148d2be087da624fea0221a16152ed01f0496a6b0a27" +checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b" dependencies = [ "base64ct", "der", @@ -1610,7 +1601,7 @@ dependencies = [ "rust_decimal", "serde", "serde_json", - "sha2", + "sha2 0.10.2", "subtle-encoding 0.5.1", "thiserror", "toml", @@ -1695,7 +1686,7 @@ dependencies = [ "serde_bytes", "serde_json", "serde_repr", - "sha2", + "sha2 0.9.9", "signature", "subtle", "subtle-encoding 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", diff --git a/bip32/Cargo.toml b/bip32/Cargo.toml index 1612a4d6..1af8b60a 100644 --- a/bip32/Cargo.toml +++ b/bip32/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "bip32" +version = "0.4.0-pre" description = """ BIP32 hierarchical key derivation implemented in a generic, no_std-friendly manner. Supports deriving keys using the pure Rust k256 crate or the C library-backed secp256k1 crate """ -version = "0.3.0" # Also update html_root_url in lib.rs when bumping this authors = ["Tony Arcieri "] license = "Apache-2.0 OR MIT" homepage = "https://github.com/iqlusioninc/crates/" @@ -18,17 +18,17 @@ rust-version = "1.56" [dependencies] bs58 = { version = "0.4", default-features = false, features = ["check"] } -hmac = { version = "0.11", default-features = false } +hmac = { version = "0.12", default-features = false } rand_core = { version = "0.6", default-features = false } -ripemd160 = { version = "0.9", default-features = false } -sha2 = { version = "0.9", default-features = false } +ripemd = { version = "0.1", default-features = false } +sha2 = { version = "0.10", default-features = false } subtle = { version = "2", default-features = false } zeroize = { version = "1", default-features = false } # optional dependencies -k256 = { version = "0.10", optional = true, default-features = false, features = ["ecdsa", "sha256", "keccak256"] } +k256 = { version = "0.11", optional = true, default-features = false, features = ["ecdsa", "sha256", "keccak256"] } once_cell = { version = "1", optional = true } -pbkdf2 = { version = "0.9", optional = true, default-features = false } +pbkdf2 = { version = "0.10", optional = true, default-features = false } secp256k1-ffi = { package = "secp256k1", version = "0.21", optional = true } [dev-dependencies] diff --git a/bip32/src/error.rs b/bip32/src/error.rs index 16dbb079..916847de 100644 --- a/bip32/src/error.rs +++ b/bip32/src/error.rs @@ -67,8 +67,8 @@ impl From for Error { } } -impl From for Error { - fn from(_: hmac::crypto_mac::InvalidKeyLength) -> Error { +impl From for Error { + fn from(_: hmac::digest::InvalidLength) -> Error { Error::Crypto } } diff --git a/bip32/src/extended_key/private_key.rs b/bip32/src/extended_key/private_key.rs index ac7168b7..f3c3bc35 100644 --- a/bip32/src/extended_key/private_key.rs +++ b/bip32/src/extended_key/private_key.rs @@ -8,7 +8,7 @@ use core::{ fmt::{self, Debug}, str::FromStr, }; -use hmac::{Mac, NewMac}; +use hmac::Mac; use subtle::{Choice, ConstantTimeEq}; use zeroize::Zeroize; diff --git a/bip32/src/extended_key/public_key.rs b/bip32/src/extended_key/public_key.rs index 17c54cf7..b4a17740 100644 --- a/bip32/src/extended_key/public_key.rs +++ b/bip32/src/extended_key/public_key.rs @@ -5,7 +5,7 @@ use crate::{ KeyFingerprint, Prefix, PrivateKey, PublicKey, PublicKeyBytes, Result, KEY_SIZE, }; use core::str::FromStr; -use hmac::{Mac, NewMac}; +use hmac::Mac; #[cfg(feature = "alloc")] use alloc::string::{String, ToString}; diff --git a/bip32/src/lib.rs b/bip32/src/lib.rs index 041b9adc..feb8b5ee 100644 --- a/bip32/src/lib.rs +++ b/bip32/src/lib.rs @@ -1,6 +1,5 @@ #![no_std] #![cfg_attr(docsrs, feature(doc_cfg))] -#![doc(html_root_url = "https://docs.rs/bip32/0.3.0")] #![doc = include_str!("../README.md")] #![forbid(unsafe_code, clippy::unwrap_used)] #![warn(missing_docs, rust_2018_idioms, unused_qualifications)] diff --git a/bip32/src/public_key.rs b/bip32/src/public_key.rs index fa933b86..0b1beaea 100644 --- a/bip32/src/public_key.rs +++ b/bip32/src/public_key.rs @@ -1,7 +1,7 @@ //! Trait for deriving child keys on a given type. use crate::{KeyFingerprint, PrivateKeyBytes, Result, KEY_SIZE}; -use ripemd160::Ripemd160; +use ripemd::Ripemd160; use sha2::{Digest, Sha256}; #[cfg(feature = "secp256k1")] diff --git a/hkd32/Cargo.toml b/hkd32/Cargo.toml index 07764310..f65e7a37 100644 --- a/hkd32/Cargo.toml +++ b/hkd32/Cargo.toml @@ -7,7 +7,7 @@ repeated applications of the Hash-based Message Authentication Code (HMAC) construction. Optionally supports storing root derivation passwords as a 24-word mnemonic phrase (i.e. BIP39). """ -version = "0.6.0" # Also update html_root_url in lib.rs when bumping this +version = "0.7.0-pre" authors = ["Tony Arcieri "] license = "Apache-2.0 OR MIT" homepage = "https://github.com/iqlusioninc/crates/" @@ -22,14 +22,14 @@ rust-version = "1.56" maintenance = { status = "passively-maintained" } [dependencies] -hmac = { version = "0.11", default-features = false } +hmac = { version = "0.12", default-features = false } rand_core = { version = "0.6", default-features = false } -sha2 = { version = "0.9", default-features = false } +sha2 = { version = "0.10", default-features = false } zeroize = { version = "1", default-features = false, features = ["zeroize_derive"] } # optional dependencies once_cell = { version = "1", optional = true } -pbkdf2 = { version = "0.9", optional = true, default-features = false } +pbkdf2 = { version = "0.10", optional = true, default-features = false } subtle-encoding = { version = "0.5", optional = true, default-features = false, path = "../subtle-encoding" } [dev-dependencies] diff --git a/hkd32/src/key_material.rs b/hkd32/src/key_material.rs index b7ab9b3a..66e9513b 100644 --- a/hkd32/src/key_material.rs +++ b/hkd32/src/key_material.rs @@ -7,8 +7,7 @@ //! material, and is the primary type useful for deriving other keys. use crate::{path::Path, Error, KEY_SIZE}; -use hmac::crypto_mac::{Mac, NewMac}; -use hmac::Hmac; +use hmac::{Hmac, Mac}; use rand_core::{CryptoRng, RngCore}; use sha2::Sha512; use zeroize::Zeroize; diff --git a/hkd32/src/lib.rs b/hkd32/src/lib.rs index 381dfb4f..49a25d8f 100644 --- a/hkd32/src/lib.rs +++ b/hkd32/src/lib.rs @@ -40,7 +40,6 @@ #![no_std] #![cfg_attr(docsrs, feature(doc_cfg))] -#![doc(html_root_url = "https://docs.rs/hkd32/0.6.0")] #![warn(missing_docs, rust_2018_idioms, unused_qualifications)] #[cfg(feature = "alloc")] diff --git a/signatory/Cargo.toml b/signatory/Cargo.toml index fa19c6f3..4783727e 100644 --- a/signatory/Cargo.toml +++ b/signatory/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "signatory" description = "Multi-provider elliptic curve digital signature library with ECDSA and Ed25519 support" -version = "0.24.0" # Also update html_root_url in lib.rs when bumping this +version = "0.25.0-pre" license = "Apache-2.0 OR MIT" authors = ["Tony Arcieri "] homepage = "https://github.com/iqlusioninc/crates" @@ -14,16 +14,16 @@ edition = "2021" rust-version = "1.56" [dependencies] -pkcs8 = { version = "0.8", features = ["alloc", "pem"] } +pkcs8 = { version = "0.9", features = ["alloc", "pem"] } rand_core = "0.6" signature = "1.4" zeroize = "1.4" # optional dependencies -ecdsa = { version = "0.13", optional = true, features = ["pem", "pkcs8"] } +ecdsa = { version = "0.14", optional = true, features = ["pem", "pkcs8"] } ed25519-dalek = { version = "1", optional = true, default-features = false, features = ["u64_backend"] } -k256 = { version = "0.10", optional = true, features = ["ecdsa", "sha256", "keccak256"] } -p256 = { version = "0.10", optional = true, features = ["ecdsa", "sha256"] } +k256 = { version = "0.11", optional = true, features = ["ecdsa", "sha256", "keccak256"] } +p256 = { version = "0.11", optional = true, features = ["ecdsa", "sha256"] } [dev-dependencies] tempfile = "3" diff --git a/signatory/src/algorithm.rs b/signatory/src/algorithm.rs index 470b59d3..2a5a01c5 100644 --- a/signatory/src/algorithm.rs +++ b/signatory/src/algorithm.rs @@ -51,7 +51,7 @@ impl TryFrom> for Algorithm { #[cfg(feature = "ecdsa")] if pkcs8_alg_id.oid == ecdsa::elliptic_curve::ALGORITHM_OID { #[cfg(any(feature = "nistp256", feature = "secp256k1"))] - use ecdsa::elliptic_curve::AlgorithmParameters; + use pkcs8::AssociatedOid; #[cfg(feature = "nistp256")] if pkcs8_alg_id.parameters_oid() == Ok(crate::ecdsa::NistP256::OID) { diff --git a/signatory/src/ecdsa/keyring.rs b/signatory/src/ecdsa/keyring.rs index f5b89b32..1aa88e6f 100644 --- a/signatory/src/ecdsa/keyring.rs +++ b/signatory/src/ecdsa/keyring.rs @@ -2,9 +2,6 @@ use crate::{Algorithm, Error, KeyHandle, LoadPkcs8, Result}; -#[allow(unused_imports)] -use ecdsa::elliptic_curve::AlgorithmParameters; - #[cfg(feature = "nistp256")] use super::nistp256; diff --git a/signatory/src/ecdsa/nistp256.rs b/signatory/src/ecdsa/nistp256.rs index 23cc15da..30b76acc 100644 --- a/signatory/src/ecdsa/nistp256.rs +++ b/signatory/src/ecdsa/nistp256.rs @@ -96,7 +96,7 @@ impl TryFrom<&[u8]> for SigningKey { #[cfg_attr(docsrs, doc(cfg(feature = "std")))] impl GeneratePkcs8 for SigningKey { /// Randomly generate a new PKCS#8 private key. - fn generate_pkcs8() -> pkcs8::PrivateKeyDocument { + fn generate_pkcs8() -> pkcs8::SecretDocument { p256::SecretKey::random(&mut rand_core::OsRng) .to_pkcs8_der() .expect("DER error") diff --git a/signatory/src/ecdsa/secp256k1.rs b/signatory/src/ecdsa/secp256k1.rs index ed02c9be..d23c12d5 100644 --- a/signatory/src/ecdsa/secp256k1.rs +++ b/signatory/src/ecdsa/secp256k1.rs @@ -99,7 +99,7 @@ impl TryFrom<&[u8]> for SigningKey { #[cfg_attr(docsrs, doc(cfg(feature = "std")))] impl GeneratePkcs8 for SigningKey { /// Randomly generate a new PKCS#8 private key. - fn generate_pkcs8() -> pkcs8::PrivateKeyDocument { + fn generate_pkcs8() -> pkcs8::SecretDocument { k256::SecretKey::random(&mut rand_core::OsRng) .to_pkcs8_der() .expect("DER error") diff --git a/signatory/src/ed25519.rs b/signatory/src/ed25519.rs index 935299ac..d819436b 100644 --- a/signatory/src/ed25519.rs +++ b/signatory/src/ed25519.rs @@ -12,7 +12,8 @@ pub use self::{ pub use ed25519_dalek::ed25519::Signature; /// Ed25519 Object Identifier (OID). -pub const ALGORITHM_OID: pkcs8::ObjectIdentifier = pkcs8::ObjectIdentifier::new("1.3.101.112"); +pub const ALGORITHM_OID: pkcs8::ObjectIdentifier = + pkcs8::ObjectIdentifier::new_unwrap("1.3.101.112"); /// Ed25519 Algorithm Identifier. pub const ALGORITHM_ID: pkcs8::AlgorithmIdentifier<'static> = pkcs8::AlgorithmIdentifier { diff --git a/signatory/src/ed25519/sign.rs b/signatory/src/ed25519/sign.rs index 718e1a62..44fc4b90 100644 --- a/signatory/src/ed25519/sign.rs +++ b/signatory/src/ed25519/sign.rs @@ -59,11 +59,10 @@ impl TryFrom> for SigningKey { #[cfg_attr(docsrs, doc(cfg(feature = "std")))] impl GeneratePkcs8 for SigningKey { /// Randomly generate a new PKCS#8 private key. - fn generate_pkcs8() -> pkcs8::PrivateKeyDocument { + fn generate_pkcs8() -> pkcs8::SecretDocument { let mut private_key = Zeroizing::new([0u8; SECRET_KEY_LENGTH]); OsRng.fill_bytes(&mut *private_key); - pkcs8::PrivateKeyInfo::new(ALGORITHM_ID, &*private_key) - .to_der() + pkcs8::SecretDocument::encode_msg(&pkcs8::PrivateKeyInfo::new(ALGORITHM_ID, &*private_key)) .expect("DER encoding error") } } diff --git a/signatory/src/ed25519/verify.rs b/signatory/src/ed25519/verify.rs index 96f9345f..a073fcb6 100644 --- a/signatory/src/ed25519/verify.rs +++ b/signatory/src/ed25519/verify.rs @@ -47,7 +47,7 @@ impl From<&ed25519_dalek::Keypair> for VerifyingKey { impl DecodePublicKey for VerifyingKey {} impl EncodePublicKey for VerifyingKey { - fn to_public_key_der(&self) -> pkcs8::spki::Result { + fn to_public_key_der(&self) -> pkcs8::spki::Result { pkcs8::SubjectPublicKeyInfo { algorithm: ALGORITHM_ID, subject_public_key: self.inner.as_bytes(), diff --git a/signatory/src/error.rs b/signatory/src/error.rs index af00d546..b44fadd1 100644 --- a/signatory/src/error.rs +++ b/signatory/src/error.rs @@ -89,6 +89,12 @@ impl From for Error { } } +impl From for Error { + fn from(err: pkcs8::der::pem::Error) -> Error { + pkcs8::der::Error::from(err).into() + } +} + #[cfg(feature = "std")] #[cfg_attr(docsrs, doc(cfg(feature = "std")))] impl From for Error { diff --git a/signatory/src/key/store.rs b/signatory/src/key/store.rs index 1b884604..554ff912 100644 --- a/signatory/src/key/store.rs +++ b/signatory/src/key/store.rs @@ -9,5 +9,5 @@ pub use fs::FsKeyStore; /// Trait for generating PKCS#8-encoded private keys. pub trait GeneratePkcs8 { /// Randomly generate a new PKCS#8 private key. - fn generate_pkcs8() -> pkcs8::PrivateKeyDocument; + fn generate_pkcs8() -> pkcs8::SecretDocument; } diff --git a/signatory/src/key/store/fs.rs b/signatory/src/key/store/fs.rs index 8a6c13a2..b13d4a86 100644 --- a/signatory/src/key/store/fs.rs +++ b/signatory/src/key/store/fs.rs @@ -1,7 +1,7 @@ //! Filesystem-backed keystore use crate::{Error, KeyHandle, KeyInfo, KeyName, KeyRing, LoadPkcs8, Result}; -use pkcs8::der::Document; +use pkcs8::der::pem::PemLabel; use std::{ fs, path::{Path, PathBuf}, @@ -79,8 +79,9 @@ impl FsKeyStore { let algorithm = if encrypted { None } else { - pkcs8::PrivateKeyDocument::from_pem(&pem_data)? - .decode() + let (label, der) = pkcs8::SecretDocument::from_pem(&pem_data)?; + pkcs8::PrivateKeyInfo::validate_pem_label(label)?; + der.decode_msg::>()? .algorithm .try_into() .ok() @@ -95,19 +96,23 @@ impl FsKeyStore { /// Import a key with a given name into the provided keyring. pub fn import(&self, name: &KeyName, key_ring: &mut KeyRing) -> Result { - key_ring.load_pkcs8(self.load(name)?.decode()) + key_ring.load_pkcs8(self.load(name)?.decode_msg()?) } /// Load a PKCS#8 key from the keystore. - pub fn load(&self, name: &KeyName) -> Result { - Ok(pkcs8::PrivateKeyDocument::read_pem_file( - &self.key_path(name), - )?) + pub fn load(&self, name: &KeyName) -> Result { + let (label, doc) = pkcs8::SecretDocument::read_pem_file(&self.key_path(name))?; + pkcs8::PrivateKeyInfo::validate_pem_label(&label)?; + Ok(doc) } /// Import a PKCS#8 key into the keystore. - pub fn store(&self, name: &KeyName, der: &pkcs8::PrivateKeyDocument) -> Result<()> { - der.write_pem_file(&self.key_path(name), Default::default())?; + pub fn store(&self, name: &KeyName, der: &pkcs8::SecretDocument) -> Result<()> { + der.write_pem_file( + &self.key_path(name), + pkcs8::PrivateKeyInfo::PEM_LABEL, + Default::default(), + )?; Ok(()) } @@ -144,7 +149,7 @@ mod tests { /// Create a keystore containing one key named `example_key` with the given content #[allow(dead_code)] - fn create_example_keystore(example_key: &pkcs8::PrivateKeyDocument) -> FsStoreHandle { + fn create_example_keystore(example_key: &pkcs8::SecretDocument) -> FsStoreHandle { let dir = tempfile::tempdir().unwrap(); let keystore = FsKeyStore::create_or_open(&dir.path().join("keys")).unwrap(); @@ -163,7 +168,7 @@ mod tests { let ks = create_example_keystore(&example_key); let example_key2 = ks.keystore.load(&key_name).unwrap(); - assert_eq!(example_key.as_ref(), example_key2.as_ref()); + assert_eq!(example_key.as_bytes(), example_key2.as_bytes()); ks.keystore.delete(&key_name).unwrap(); } diff --git a/stdtx/Cargo.toml b/stdtx/Cargo.toml index 8726452b..d96b9fbb 100644 --- a/stdtx/Cargo.toml +++ b/stdtx/Cargo.toml @@ -12,19 +12,16 @@ keywords = ["amino", "crypto", "cosmos", "transaction", "tendermint"] edition = "2021" rust-version = "1.56" -[badges] -circle-ci = { repository = "tendermint/kms" } - [dependencies] -ecdsa = { version = "0.13", features = ["std"] } +ecdsa = { version = "0.14", features = ["std"] } eyre = "0.6" -k256 = { version = "0.10", features = ["ecdsa", "sha256"] } +k256 = { version = "0.11", features = ["ecdsa", "sha256"] } prost-amino = "0.6" prost-amino-derive = "0.6" rust_decimal = "1.19" serde = { version = "1", features = ["serde_derive"] } serde_json = "1" -sha2 = "0.9" +sha2 = "0.10" subtle-encoding = { version = "0.5", features = ["bech32-preview"], path = "../subtle-encoding" } thiserror = "1" toml = "0.5"