Skip to content

Commit

Permalink
Update dalek (#188)
Browse files Browse the repository at this point in the history
  • Loading branch information
giarc3 authored Dec 3, 2024
1 parent 70778ad commit 223e068
Show file tree
Hide file tree
Showing 9 changed files with 46 additions and 56 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
name: Rustfmt
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Cache cargo
uses: Swatinem/rust-cache@v1
- uses: IronCoreLabs/rust-toolchain@v1
Expand Down Expand Up @@ -50,7 +50,7 @@ jobs:
- os: windows-2019
target: x86_64-pc-windows-msvc
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Cache cargo
uses: Swatinem/rust-cache@v1
- uses: IronCoreLabs/rust-toolchain@v1
Expand All @@ -75,7 +75,7 @@ jobs:
- 1.70.0 #MSRV
fail-fast: false
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Cache cargo
uses: Swatinem/rust-cache@v1
- uses: IronCoreLabs/rust-toolchain@v1
Expand All @@ -98,7 +98,7 @@ jobs:
- name: base
ref: ${{ github.base_ref }}
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
ref: ${{ matrix.ref }}
- name: Cache cargo
Expand Down Expand Up @@ -128,7 +128,7 @@ jobs:
name: Upload benchmark results
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Cache cargo
uses: Swatinem/rust-cache@v1
- name: Retrieve benchmark results
Expand Down
5 changes: 4 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
# Changelog

## Unreleased
## 0.14.0 (2024-12-03)

- [[#184](https://github.com/IronCoreLabs/recrypt-rs/pull/188)]
- Switch from `ed25519-dalek-fiat` to `ed25519-dalek`.
- Remove `u64_backend` and `u32_backend` features.
- [[#184](https://github.com/IronCoreLabs/recrypt-rs/pull/184)]
- Change MSRV to Rust 1.70.0
- [[#177](https://github.com/IronCoreLabs/recrypt-rs/pull/177)]
Expand Down
9 changes: 3 additions & 6 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "recrypt"
version = "0.13.1"
version = "0.14.0"
authors = ["IronCore Labs <info@ironcorelabs.com>"]
readme = "README.md"
license = "AGPL-3.0-only"
Expand All @@ -23,7 +23,7 @@ cfg-if = "1"
clear_on_drop = "0.2"
derivative = "2.1"
# Disable all features for ed25519 and enable the proper ones down in the [features] section below
ed25519-dalek = {version = "=0.1.0", default-features = false, features = ["std"], package = "ed25519-dalek-fiat"}
ed25519-dalek = {version = "2.1.1", default-features = false, features = ["std", "rand_core"]}
# Explicit dependency so we can pass the wasm-bindgen flag to it
getrandom = {version = "0.2", optional = true}
gridiron = "0.10"
Expand Down Expand Up @@ -55,10 +55,7 @@ debug = false
lto = true

[features]
default = ["u64_backend"]
u64_backend = ["ed25519-dalek/u64_backend"]
u32_backend = ["ed25519-dalek/u32_backend"]
wasm = ["u32_backend", "clear_on_drop/no_cc", "getrandom/js"]
wasm = ["clear_on_drop/no_cc", "getrandom/js"]
#Can be used to disable the automatic mlock detection for architectures.
disable_memlock = []

Expand Down
24 changes: 12 additions & 12 deletions flake.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion rust-toolchain.toml
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
[toolchain]
profile = "default"
channel = "1.80.1"
channel = "1.82.0"
2 changes: 1 addition & 1 deletion src/api.rs
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ impl Recrypt<Sha256, Ed25519, RandomBytes<DefaultRng>> {
Recrypt::new_with_rand(ReseedingRng::new(
rand_chacha::ChaChaCore::from_entropy(),
BYTES_BEFORE_RESEEDING,
rand::rngs::OsRng::default(),
rand::rngs::OsRng,
))
}
}
Expand Down
6 changes: 3 additions & 3 deletions src/api_480.rs
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ impl Recrypt480<Sha256, Ed25519, RandomBytes<DefaultRng>> {
Recrypt480::new_with_rand(ReseedingRng::new(
rand_chacha::ChaChaCore::from_entropy(),
BYTES_BEFORE_RESEEDING,
rand::rngs::OsRng::default(),
rand::rngs::OsRng,
))
}
}
Expand Down Expand Up @@ -934,13 +934,13 @@ impl SixtyBytes {

impl fmt::Debug for SixtyBytes {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{:?}", self.0.to_vec())
write!(f, "{:?}", self.0)
}
}

impl fmt::LowerHex for SixtyBytes {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "{}", hex::encode(self.0.to_vec()))
write!(f, "{}", hex::encode(self.0))
}
}

Expand Down
43 changes: 17 additions & 26 deletions src/internal/ed25519.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ use crate::internal::ByteVector;
use crate::internal::{array_split_64, take_lock};
use clear_on_drop::clear::Clear;
use ed25519_dalek;
use ed25519_dalek::PublicKey;
use quick_error::quick_error;
use rand;
use std;
Expand Down Expand Up @@ -64,10 +63,10 @@ impl From<SigningKeypair> for [u8; 64] {
impl SigningKeypair {
const ENCODED_SIZE_BYTES: usize = 64;
pub fn new<CR: rand::RngCore + rand::CryptoRng>(rng: &Mutex<CR>) -> SigningKeypair {
let keypair = ed25519_dalek::Keypair::generate::<CR>(&mut *take_lock(rng));
let signing_key = ed25519_dalek::SigningKey::generate::<CR>(&mut *take_lock(rng));

//Unchecked is safe because the public is on the curve and the size is statically guaranteed.
SigningKeypair::new_unchecked(keypair.to_bytes())
SigningKeypair::new_unchecked(signing_key.to_keypair_bytes())
}
///
///Create a SigningKeypair from a byte array slice. If the array is not the right length or if the public
Expand All @@ -94,10 +93,10 @@ impl SigningKeypair {
///
pub fn from_bytes(sized_bytes: &[u8; 64]) -> Result<SigningKeypair, Ed25519Error> {
let (priv_key, pub_key) = array_split_64(sized_bytes);
//This can't fail because it's statically guaranteed to be 32 bytes long.
let ed25519_dalek_secret = ed25519_dalek::SecretKey::from_bytes(&priv_key).unwrap();
let ed25519_dalek_secret = ed25519_dalek::SigningKey::from_bytes(&priv_key);
//Calculate the public key to check that the value passed in is correct.
let ed25519_dalek_pub = ed25519_dalek::PublicKey::from(&ed25519_dalek_secret);

let ed25519_dalek_pub = ed25519_dalek::VerifyingKey::from(&ed25519_dalek_secret);
if ed25519_dalek_pub.to_bytes() == pub_key {
Ok(SigningKeypair::new_unchecked(*sized_bytes))
} else {
Expand Down Expand Up @@ -151,9 +150,8 @@ pub struct Ed25519;
impl Ed25519Signing for Ed25519 {
fn sign<T: Hashable>(&self, t: &T, signing_key: &SigningKeypair) -> Ed25519Signature {
use ed25519_dalek::Signer;
//This unwrap cannot fail. The only thing that the `from_bytes` does for validation is that the
//value is 64 bytes long, which we guarantee statically.
let key_pair = ed25519_dalek::Keypair::from_bytes(&signing_key.bytes[..]).unwrap();
let (priv_key, _) = array_split_64(&signing_key.bytes);
let key_pair = ed25519_dalek::SigningKey::from_bytes(&priv_key);
let sig = key_pair.sign(&t.to_bytes()[..]);

Ed25519Signature::new(sig.to_bytes())
Expand All @@ -166,10 +164,10 @@ impl Ed25519Signing for Ed25519 {
) -> bool {
use ed25519_dalek::Verifier;

PublicKey::from_bytes(&public_key.bytes[..])
ed25519_dalek::VerifyingKey::from_bytes(&public_key.bytes)
.and_then(|pk| {
TryFrom::try_from(&signature.bytes[..])
.and_then(|sig| pk.verify(&t.to_bytes()[..], &sig))
let sig = ed25519_dalek::Signature::from_bytes(&signature.bytes);
pk.verify(&t.to_bytes()[..], &sig)
})
.map(|_| true)
.unwrap_or(false)
Expand Down Expand Up @@ -197,7 +195,6 @@ pub trait Ed25519Signing {
pub(crate) mod test {
use super::*;
use crate::internal::array_concat_32;
use ed25519_dalek::SecretKey;

pub fn good_signing_keypair() -> SigningKeypair {
SigningKeypair::new_unchecked([
Expand All @@ -209,18 +206,13 @@ pub(crate) mod test {

#[test]
fn real_ed25519_matches_verify_good_message() {
let sec_key = SecretKey::from_bytes(&[1; 32]).unwrap();
let dalek_pub_key = ed25519_dalek::PublicKey::from(&sec_key);
let priv_key = SigningKeypair {
bytes: array_concat_32(&sec_key.to_bytes(), &dalek_pub_key.to_bytes()),
let sec_key = ed25519_dalek::SigningKey::from_bytes(&[1; 32]);
let keypair = SigningKeypair {
bytes: sec_key.to_keypair_bytes(),
};
let message = [100u8; 32].to_vec();
let result = Ed25519.sign(&message, &priv_key);
let verify_result = Ed25519.verify(
&message,
&result,
&PublicSigningKey::new(dalek_pub_key.to_bytes()),
);
let result = Ed25519.sign(&message, &keypair);
let verify_result = Ed25519.verify(&message, &result, &keypair.public_key());
assert!(verify_result);
}

Expand All @@ -238,10 +230,9 @@ pub(crate) mod test {

#[test]
fn signing_keypair_into_bytes() {
let sec_key = SecretKey::from_bytes(&[1; 32]).unwrap();
let dalek_pub_key = ed25519_dalek::PublicKey::from(&sec_key);
let dalek_pub_key = ed25519_dalek::VerifyingKey::from_bytes(&[1u8; 32]).unwrap();
let key_pair = SigningKeypair {
bytes: array_concat_32(&sec_key.to_bytes(), &dalek_pub_key.to_bytes()),
bytes: array_concat_32(&[1u8; 32], &dalek_pub_key.to_bytes()),
};
let key_pair_bytes = key_pair.bytes().clone();
let bytes: [u8; 64] = key_pair.into();
Expand Down
1 change: 0 additions & 1 deletion src/lib.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
#![cfg_attr(feature = "unstable", feature(test))]
#![doc(html_no_source)] // use github for source browsing

//! Recrypt implements a set of cryptographic primitives for building a
Expand Down

0 comments on commit 223e068

Please sign in to comment.