vincenzopalazzo
/
arti
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'update-rsa-v2' into 'main' 

Update `rsa` dependency (and use `x25519-dalek` prerelease)

Closes #448

See merge request tpo/core/arti!612
This commit is contained in:
Ian Jackson 2022-07-06 14:42:26 +00:00
parent 993c0cbe98 c2e2da5dc3
commit 6878e3a2d4
6 changed files with 58 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
Cargo.lock generated
View File

@ -452,7 +452,7 @@ version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b88d82667eca772c4aa12f0f1348b3ae643424c8876448f3f7bd5787032e234c"
dependencies = [
"autocfg 1.1.0",
"autocfg",
]
[[package]]
@ -472,15 +472,6 @@ dependencies = [
"winapi 0.3.9",
]
[[package]]
name = "autocfg"
version = "0.1.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0dde43e75fd43e8a1bf86103336bc699aa8d17ad1be60c76c0bdfd4828e19b78"
dependencies = [
"autocfg 1.1.0",
]
[[package]]
name = "autocfg"
version = "1.1.0"
@ -680,9 +671,9 @@ dependencies = [
[[package]]
name = "const-oid"
version = "0.6.2"
version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9d6f2aa4d0537bcc1c74df8755072bd31c1ef1a3a1b85a68e8404a8c353b7b8b"
checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3"
[[package]]
name = "convert_case"
@ -756,12 +747,11 @@ dependencies = [
[[package]]
name = "crypto-bigint"
version = "0.2.11"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f83bd3bb4314701c568e340cd8cf78c975aa0ca79e03d3f6d1677d5b0c9c0c03"
checksum = "03c6a1d5fa1de37e071642dfa44ec552ca5b299adb128fab16138e24b548fd21"
dependencies = [
"generic-array",
"rand_core 0.6.3",
"subtle",
]
@ -806,9 +796,9 @@ dependencies = [
[[package]]
name = "curve25519-dalek"
version = "3.2.1"
version = "3.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "90f9d052967f590a76e62eb387bd0bbb1b000182c3cefe5364db6b7211651bc0"
checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
dependencies = [
"byteorder",
"digest 0.9.0",
@ -895,12 +885,13 @@ checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57"
[[package]]
name = "der"
version = "0.4.5"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "79b71cca7d95d7681a4b3b9cdf63c8dbc3730d0584c2c74e31416d64a90493f4"
checksum = "6919815d73839e7ad218de758883aae3a257ba6759ce7a9992501efbb53d705c"
dependencies = [
"const-oid",
"crypto-bigint",
"pem-rfc7468",
]
[[package]]
@ -1792,7 +1783,7 @@ version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "327fa5b6a6940e4699ec49a9beae1ea4845c6bab9314e4f84ac68742139d8c53"
dependencies = [
"autocfg 1.1.0",
"autocfg",
"scopeguard",
]
@ -2041,18 +2032,17 @@ version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f"
dependencies = [
"autocfg 1.1.0",
"autocfg",
"num-integer",
"num-traits",
]
[[package]]
name = "num-bigint-dig"
version = "0.7.0"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4547ee5541c18742396ae2c895d0717d0f886d8823b8399cdaf7b07d63ad0480"
checksum = "566d173b2f9406afbc5510a90925d5a2cd80cae4605631f1212303df265de011"
dependencies = [
"autocfg 0.1.8",
"byteorder",
"lazy_static",
"libm",
@ -2079,7 +2069,7 @@ version = "0.1.45"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
dependencies = [
"autocfg 1.1.0",
"autocfg",
"num-traits",
]
@ -2089,7 +2079,7 @@ version = "0.1.43"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252"
dependencies = [
"autocfg 1.1.0",
"autocfg",
"num-integer",
"num-traits",
]
@ -2100,7 +2090,7 @@ version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0638a1c9d0a3c0914158145bc76cff373a75a627e6ecbfb71cbe6f453a5a19b0"
dependencies = [
"autocfg 1.1.0",
"autocfg",
"num-integer",
"num-traits",
]
@ -2111,7 +2101,7 @@ version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
dependencies = [
"autocfg 1.1.0",
"autocfg",
"libm",
]
@ -2202,7 +2192,7 @@ version = "0.9.74"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "835363342df5fba8354c5b453325b110ffd54044e588c539cf2f20a8014e4cb1"
dependencies = [
"autocfg 1.1.0",
"autocfg",
"cc",
"libc",
"openssl-src",
@ -2289,9 +2279,9 @@ dependencies = [
[[package]]
name = "pem-rfc7468"
version = "0.2.3"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f22eb0e3c593294a99e9ff4b24cf6b752d43f193aa4415fe5077c159996d497"
checksum = "01de5d978f34aa4b2296576379fcc416034702fd94117c56ffd8a1a767cefb30"
dependencies = [
"base64ct",
]
@ -2380,24 +2370,22 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
[[package]]
name = "pkcs1"
version = "0.2.4"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "116bee8279d783c0cf370efa1a94632f2108e5ef0bb32df31f051647810a4e2c"
checksum = "a78f66c04ccc83dd4486fd46c33896f4e17b24a7a3a6400dedc48ed0ddd72320"
dependencies = [
"der",
"pem-rfc7468",
"pkcs8",
"zeroize",
]
[[package]]
name = "pkcs8"
version = "0.7.6"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee3ef9b64d26bad0536099c816c6734379e45bbd5f14798def6809e5cc350447"
checksum = "7cabda3fb821068a9a4fab19a683eac3af12edf0f34b94a8be53c4972b8149d0"
dependencies = [
"der",
"pem-rfc7468",
"pkcs1",
"spki",
"zeroize",
]
@ -2699,20 +2687,20 @@ dependencies = [
[[package]]
name = "rsa"
version = "0.5.0"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e05c2603e2823634ab331437001b411b9ed11660fbc4066f3908c84a9439260d"
checksum = "4cf22754c49613d2b3b119f0e5d46e34a2c628a937e3024b8762de4e7d8c710b"
dependencies = [
"byteorder",
"digest 0.9.0",
"lazy_static",
"digest 0.10.3",
"num-bigint-dig",
"num-integer",
"num-iter",
"num-traits",
"pkcs1",
"pkcs8",
"rand 0.8.5",
"rand_core 0.6.3",
"smallvec",
"subtle",
"zeroize",
]
@ -3113,10 +3101,11 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
[[package]]
name = "spki"
version = "0.4.1"
version = "0.5.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c01a0c15da1b0b0e1494112e7af814a678fec9bd157881b49beac661e9b6f32"
checksum = "44d01ac02a6ccf3e07db148d2be087da624fea0221a16152ed01f0496a6b0a27"
dependencies = [
"base64ct",
"der",
]
@ -4500,12 +4489,12 @@ dependencies = [
[[package]]
name = "x25519-dalek"
version = "1.2.0"
version = "2.0.0-pre.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2392b6b94a576b4e2bf3c5b2757d63f10ada8020a2e4d08ac849ebcf6ea8e077"
checksum = "e5da623d8af10a62342bcbbb230e33e58a63255a58012f8653c578e54bab48df"
dependencies = [
"curve25519-dalek",
"rand_core 0.5.1",
"rand_core 0.6.3",
"zeroize",
]
@ -4530,9 +4519,9 @@ dependencies = [
[[package]]
name = "zeroize"
version = "1.3.0"
version = "1.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4756f7db3f7b5574938c3eb1c117038b8e07f95ee6718c0efad4ac21508f1efd"
checksum = "20b578acffd8516a6c3f2a1bdefc1ec37e547bb4e0fb8b6b01a4cafc886b4442"
dependencies = [
"zeroize_derive",
]

4
crates/tor-llcrypto/Cargo.toml
View File

@ -35,7 +35,7 @@ hex = "0.4"
old_rand_core = { package = "rand_core", version = "0.5.1" }
openssl = { version = "0.10.30", optional = true }
rand_core = "0.6.2"
rsa = "0.5.0"
rsa = "0.6.0"
serde = "1.0.103"
sha-1 = "0.10.0"
sha2 = "0.10.0"
@ -45,7 +45,7 @@ simple_asn1 = "0.6"
subtle = "2"
thiserror = "1"
typenum = { version = "1.15.0", optional = true }
x25519-dalek = "1.2"
x25519-dalek = "2.0.0-pre.1"
zeroize = "1"
[dev-dependencies]

2
crates/tor-llcrypto/src/pk/rsa.rs
View File

@ -16,7 +16,7 @@
//! This module should expose RustCrypto trait-based wrappers,
//! but the [`rsa`] crate didn't support them as of initial writing.
use arrayref::array_ref;
use rsa::pkcs1::{FromRsaPrivateKey, FromRsaPublicKey};
use rsa::pkcs1::{DecodeRsaPrivateKey, DecodeRsaPublicKey};
use std::fmt;
use subtle::{Choice, ConstantTimeEq};
use zeroize::Zeroize;

17
crates/tor-llcrypto/src/util/rand_compat.rs
View File

@ -8,29 +8,32 @@
//!
//! # Example:
//!
//! As of May 2021, if you're using the current version of
//! [`x25519-dalek`], and the latest [`rand_core`], then you can't use
//! As of July 2022, if you're using the current version of
//! [`ed25519-dalek`], and the latest [`rand_core`], then you can't use
//! this code, because of the compatibility issue mentioned above.
//!
//! ```compile_fail
//! use rand_core::OsRng;
//! use x25519_dalek::EphemeralSecret;
//! use ed25519_dalek::Keypair;
//!
//! let my_secret = EphemeralSecret::new(OsRng);
//! let keypair = Keypair::generate(&mut OsRng);
//! ```
//!
//! (This used to be a problem for `x25519-dalek` too, but that crate has
//! been updated to a version that doesn't have this problem.)
//!
//! But instead, you can wrap the random number generator using the
//! [`RngCompatExt`] extension trait.
//!
//! ```
//! use tor_llcrypto::util::rand_compat::RngCompatExt;
//! use rand_core::OsRng;
//! use x25519_dalek::EphemeralSecret;
//! use ed25519_dalek::Keypair;
//!
//! let my_secret = EphemeralSecret::new(OsRng.rng_compat());
//! let keypair = Keypair::generate(&mut OsRng.rng_compat());
//! ```
//!
//! The wrapped RNG can be used with the old version of the RngCode
//! The wrapped RNG can be used with the old version of the RngCore
//! trait, as well as the new one.
use old_rand_core::{CryptoRng as OldCryptoRng, Error as OldError, RngCore as OldRngCore};

11
crates/tor-proto/src/crypto/handshake/ntor.rs
View File

@ -7,7 +7,6 @@ use tor_bytes::{Reader, Writer};
use tor_llcrypto::d;
use tor_llcrypto::pk::curve25519::*;
use tor_llcrypto::pk::rsa::RsaIdentity;
use tor_llcrypto::util::rand_compat::RngCompatExt;
use digest::Mac;
use rand_core::{CryptoRng, RngCore};
@ -134,7 +133,7 @@ fn client_handshake_ntor_v1<R>(
where
R: RngCore + CryptoRng,
{
let my_sk = StaticSecret::new(rng.rng_compat());
let my_sk = StaticSecret::new(rng);
let my_public = PublicKey::from(&my_sk);
client_handshake_ntor_v1_no_keygen(my_public, my_sk, relay_public)
@ -262,7 +261,7 @@ where
// actually going to find our nodeid or keyid. Perhaps we should
// delay that till later? It shouldn't matter for most cases,
// though.
let ephem = EphemeralSecret::new(rng.rng_compat());
let ephem = EphemeralSecret::new(rng);
let ephem_pub = PublicKey::from(&ephem);
server_handshake_ntor_v1_no_keygen(ephem_pub, ephem, msg, keys)
@ -323,7 +322,7 @@ mod tests {
#[test]
fn simple() -> Result<()> {
use crate::crypto::handshake::{ClientHandshake, ServerHandshake};
let mut rng = testing_rng().rng_compat();
let mut rng = testing_rng();
let relay_secret = StaticSecret::new(&mut rng);
let relay_public = PublicKey::from(&relay_secret);
let relay_identity = RsaIdentity::from_bytes(&[12; 20]).unwrap();
@ -353,7 +352,7 @@ mod tests {
fn make_fake_ephem_key(bytes: &[u8]) -> EphemeralSecret {
assert_eq!(bytes.len(), 32);
let mut rng = FakePRNG::new(bytes).rng_compat();
let mut rng = FakePRNG::new(bytes);
EphemeralSecret::new(&mut rng)
}
@ -405,7 +404,7 @@ mod tests {
#[test]
fn failing_handshakes() {
use crate::crypto::handshake::{ClientHandshake, ServerHandshake};
let mut rng = testing_rng().rng_compat();
let mut rng = testing_rng();
// Set up keys.
let relay_secret = StaticSecret::new(&mut rng);

2
maint/downgrade_dependencies
View File

@ -16,5 +16,5 @@ set -euo pipefail
cargo +nightly update -Z minimal-versions
cargo update \
-p crc32fast \
-p zeroize_derive:1.1.1 \
-p zeroize_derive:1.3.2 \
-p env_logger:0.5.0