Merge branch 'update-rsa-v2' into 'main'
Update `rsa` dependency (and use `x25519-dalek` prerelease) Closes #448 See merge request tpo/core/arti!612
This commit is contained in:
commit
6878e3a2d4
|
@ -452,7 +452,7 @@ version = "0.5.1"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b88d82667eca772c4aa12f0f1348b3ae643424c8876448f3f7bd5787032e234c"
|
||||
dependencies = [
|
||||
"autocfg 1.1.0",
|
||||
"autocfg",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -472,15 +472,6 @@ dependencies = [
|
|||
"winapi 0.3.9",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "autocfg"
|
||||
version = "0.1.8"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0dde43e75fd43e8a1bf86103336bc699aa8d17ad1be60c76c0bdfd4828e19b78"
|
||||
dependencies = [
|
||||
"autocfg 1.1.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "autocfg"
|
||||
version = "1.1.0"
|
||||
|
@ -680,9 +671,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "const-oid"
|
||||
version = "0.6.2"
|
||||
version = "0.7.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9d6f2aa4d0537bcc1c74df8755072bd31c1ef1a3a1b85a68e8404a8c353b7b8b"
|
||||
checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3"
|
||||
|
||||
[[package]]
|
||||
name = "convert_case"
|
||||
|
@ -756,12 +747,11 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "crypto-bigint"
|
||||
version = "0.2.11"
|
||||
version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f83bd3bb4314701c568e340cd8cf78c975aa0ca79e03d3f6d1677d5b0c9c0c03"
|
||||
checksum = "03c6a1d5fa1de37e071642dfa44ec552ca5b299adb128fab16138e24b548fd21"
|
||||
dependencies = [
|
||||
"generic-array",
|
||||
"rand_core 0.6.3",
|
||||
"subtle",
|
||||
]
|
||||
|
||||
|
@ -806,9 +796,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "curve25519-dalek"
|
||||
version = "3.2.1"
|
||||
version = "3.2.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "90f9d052967f590a76e62eb387bd0bbb1b000182c3cefe5364db6b7211651bc0"
|
||||
checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
|
||||
dependencies = [
|
||||
"byteorder",
|
||||
"digest 0.9.0",
|
||||
|
@ -895,12 +885,13 @@ checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57"
|
|||
|
||||
[[package]]
|
||||
name = "der"
|
||||
version = "0.4.5"
|
||||
version = "0.5.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "79b71cca7d95d7681a4b3b9cdf63c8dbc3730d0584c2c74e31416d64a90493f4"
|
||||
checksum = "6919815d73839e7ad218de758883aae3a257ba6759ce7a9992501efbb53d705c"
|
||||
dependencies = [
|
||||
"const-oid",
|
||||
"crypto-bigint",
|
||||
"pem-rfc7468",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -1792,7 +1783,7 @@ version = "0.4.7"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "327fa5b6a6940e4699ec49a9beae1ea4845c6bab9314e4f84ac68742139d8c53"
|
||||
dependencies = [
|
||||
"autocfg 1.1.0",
|
||||
"autocfg",
|
||||
"scopeguard",
|
||||
]
|
||||
|
||||
|
@ -2041,18 +2032,17 @@ version = "0.4.3"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f"
|
||||
dependencies = [
|
||||
"autocfg 1.1.0",
|
||||
"autocfg",
|
||||
"num-integer",
|
||||
"num-traits",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "num-bigint-dig"
|
||||
version = "0.7.0"
|
||||
version = "0.8.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4547ee5541c18742396ae2c895d0717d0f886d8823b8399cdaf7b07d63ad0480"
|
||||
checksum = "566d173b2f9406afbc5510a90925d5a2cd80cae4605631f1212303df265de011"
|
||||
dependencies = [
|
||||
"autocfg 0.1.8",
|
||||
"byteorder",
|
||||
"lazy_static",
|
||||
"libm",
|
||||
|
@ -2079,7 +2069,7 @@ version = "0.1.45"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
|
||||
dependencies = [
|
||||
"autocfg 1.1.0",
|
||||
"autocfg",
|
||||
"num-traits",
|
||||
]
|
||||
|
||||
|
@ -2089,7 +2079,7 @@ version = "0.1.43"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252"
|
||||
dependencies = [
|
||||
"autocfg 1.1.0",
|
||||
"autocfg",
|
||||
"num-integer",
|
||||
"num-traits",
|
||||
]
|
||||
|
@ -2100,7 +2090,7 @@ version = "0.4.1"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0638a1c9d0a3c0914158145bc76cff373a75a627e6ecbfb71cbe6f453a5a19b0"
|
||||
dependencies = [
|
||||
"autocfg 1.1.0",
|
||||
"autocfg",
|
||||
"num-integer",
|
||||
"num-traits",
|
||||
]
|
||||
|
@ -2111,7 +2101,7 @@ version = "0.2.15"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
|
||||
dependencies = [
|
||||
"autocfg 1.1.0",
|
||||
"autocfg",
|
||||
"libm",
|
||||
]
|
||||
|
||||
|
@ -2202,7 +2192,7 @@ version = "0.9.74"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "835363342df5fba8354c5b453325b110ffd54044e588c539cf2f20a8014e4cb1"
|
||||
dependencies = [
|
||||
"autocfg 1.1.0",
|
||||
"autocfg",
|
||||
"cc",
|
||||
"libc",
|
||||
"openssl-src",
|
||||
|
@ -2289,9 +2279,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "pem-rfc7468"
|
||||
version = "0.2.3"
|
||||
version = "0.3.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8f22eb0e3c593294a99e9ff4b24cf6b752d43f193aa4415fe5077c159996d497"
|
||||
checksum = "01de5d978f34aa4b2296576379fcc416034702fd94117c56ffd8a1a767cefb30"
|
||||
dependencies = [
|
||||
"base64ct",
|
||||
]
|
||||
|
@ -2380,24 +2370,22 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
|
|||
|
||||
[[package]]
|
||||
name = "pkcs1"
|
||||
version = "0.2.4"
|
||||
version = "0.3.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "116bee8279d783c0cf370efa1a94632f2108e5ef0bb32df31f051647810a4e2c"
|
||||
checksum = "a78f66c04ccc83dd4486fd46c33896f4e17b24a7a3a6400dedc48ed0ddd72320"
|
||||
dependencies = [
|
||||
"der",
|
||||
"pem-rfc7468",
|
||||
"pkcs8",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "pkcs8"
|
||||
version = "0.7.6"
|
||||
version = "0.8.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ee3ef9b64d26bad0536099c816c6734379e45bbd5f14798def6809e5cc350447"
|
||||
checksum = "7cabda3fb821068a9a4fab19a683eac3af12edf0f34b94a8be53c4972b8149d0"
|
||||
dependencies = [
|
||||
"der",
|
||||
"pem-rfc7468",
|
||||
"pkcs1",
|
||||
"spki",
|
||||
"zeroize",
|
||||
]
|
||||
|
@ -2699,20 +2687,20 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "rsa"
|
||||
version = "0.5.0"
|
||||
version = "0.6.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e05c2603e2823634ab331437001b411b9ed11660fbc4066f3908c84a9439260d"
|
||||
checksum = "4cf22754c49613d2b3b119f0e5d46e34a2c628a937e3024b8762de4e7d8c710b"
|
||||
dependencies = [
|
||||
"byteorder",
|
||||
"digest 0.9.0",
|
||||
"lazy_static",
|
||||
"digest 0.10.3",
|
||||
"num-bigint-dig",
|
||||
"num-integer",
|
||||
"num-iter",
|
||||
"num-traits",
|
||||
"pkcs1",
|
||||
"pkcs8",
|
||||
"rand 0.8.5",
|
||||
"rand_core 0.6.3",
|
||||
"smallvec",
|
||||
"subtle",
|
||||
"zeroize",
|
||||
]
|
||||
|
@ -3113,10 +3101,11 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
|
|||
|
||||
[[package]]
|
||||
name = "spki"
|
||||
version = "0.4.1"
|
||||
version = "0.5.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5c01a0c15da1b0b0e1494112e7af814a678fec9bd157881b49beac661e9b6f32"
|
||||
checksum = "44d01ac02a6ccf3e07db148d2be087da624fea0221a16152ed01f0496a6b0a27"
|
||||
dependencies = [
|
||||
"base64ct",
|
||||
"der",
|
||||
]
|
||||
|
||||
|
@ -4500,12 +4489,12 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "x25519-dalek"
|
||||
version = "1.2.0"
|
||||
version = "2.0.0-pre.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2392b6b94a576b4e2bf3c5b2757d63f10ada8020a2e4d08ac849ebcf6ea8e077"
|
||||
checksum = "e5da623d8af10a62342bcbbb230e33e58a63255a58012f8653c578e54bab48df"
|
||||
dependencies = [
|
||||
"curve25519-dalek",
|
||||
"rand_core 0.5.1",
|
||||
"rand_core 0.6.3",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
|
@ -4530,9 +4519,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "zeroize"
|
||||
version = "1.3.0"
|
||||
version = "1.5.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4756f7db3f7b5574938c3eb1c117038b8e07f95ee6718c0efad4ac21508f1efd"
|
||||
checksum = "20b578acffd8516a6c3f2a1bdefc1ec37e547bb4e0fb8b6b01a4cafc886b4442"
|
||||
dependencies = [
|
||||
"zeroize_derive",
|
||||
]
|
||||
|
|
|
@ -35,7 +35,7 @@ hex = "0.4"
|
|||
old_rand_core = { package = "rand_core", version = "0.5.1" }
|
||||
openssl = { version = "0.10.30", optional = true }
|
||||
rand_core = "0.6.2"
|
||||
rsa = "0.5.0"
|
||||
rsa = "0.6.0"
|
||||
serde = "1.0.103"
|
||||
sha-1 = "0.10.0"
|
||||
sha2 = "0.10.0"
|
||||
|
@ -45,7 +45,7 @@ simple_asn1 = "0.6"
|
|||
subtle = "2"
|
||||
thiserror = "1"
|
||||
typenum = { version = "1.15.0", optional = true }
|
||||
x25519-dalek = "1.2"
|
||||
x25519-dalek = "2.0.0-pre.1"
|
||||
zeroize = "1"
|
||||
|
||||
[dev-dependencies]
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
//! This module should expose RustCrypto trait-based wrappers,
|
||||
//! but the [`rsa`] crate didn't support them as of initial writing.
|
||||
use arrayref::array_ref;
|
||||
use rsa::pkcs1::{FromRsaPrivateKey, FromRsaPublicKey};
|
||||
use rsa::pkcs1::{DecodeRsaPrivateKey, DecodeRsaPublicKey};
|
||||
use std::fmt;
|
||||
use subtle::{Choice, ConstantTimeEq};
|
||||
use zeroize::Zeroize;
|
||||
|
|
|
@ -8,29 +8,32 @@
|
|||
//!
|
||||
//! # Example:
|
||||
//!
|
||||
//! As of May 2021, if you're using the current version of
|
||||
//! [`x25519-dalek`], and the latest [`rand_core`], then you can't use
|
||||
//! As of July 2022, if you're using the current version of
|
||||
//! [`ed25519-dalek`], and the latest [`rand_core`], then you can't use
|
||||
//! this code, because of the compatibility issue mentioned above.
|
||||
//!
|
||||
//! ```compile_fail
|
||||
//! use rand_core::OsRng;
|
||||
//! use x25519_dalek::EphemeralSecret;
|
||||
//! use ed25519_dalek::Keypair;
|
||||
//!
|
||||
//! let my_secret = EphemeralSecret::new(OsRng);
|
||||
//! let keypair = Keypair::generate(&mut OsRng);
|
||||
//! ```
|
||||
//!
|
||||
//! (This used to be a problem for `x25519-dalek` too, but that crate has
|
||||
//! been updated to a version that doesn't have this problem.)
|
||||
//!
|
||||
//! But instead, you can wrap the random number generator using the
|
||||
//! [`RngCompatExt`] extension trait.
|
||||
//!
|
||||
//! ```
|
||||
//! use tor_llcrypto::util::rand_compat::RngCompatExt;
|
||||
//! use rand_core::OsRng;
|
||||
//! use x25519_dalek::EphemeralSecret;
|
||||
//! use ed25519_dalek::Keypair;
|
||||
//!
|
||||
//! let my_secret = EphemeralSecret::new(OsRng.rng_compat());
|
||||
//! let keypair = Keypair::generate(&mut OsRng.rng_compat());
|
||||
//! ```
|
||||
//!
|
||||
//! The wrapped RNG can be used with the old version of the RngCode
|
||||
//! The wrapped RNG can be used with the old version of the RngCore
|
||||
//! trait, as well as the new one.
|
||||
|
||||
use old_rand_core::{CryptoRng as OldCryptoRng, Error as OldError, RngCore as OldRngCore};
|
||||
|
|
|
@ -7,7 +7,6 @@ use tor_bytes::{Reader, Writer};
|
|||
use tor_llcrypto::d;
|
||||
use tor_llcrypto::pk::curve25519::*;
|
||||
use tor_llcrypto::pk::rsa::RsaIdentity;
|
||||
use tor_llcrypto::util::rand_compat::RngCompatExt;
|
||||
|
||||
use digest::Mac;
|
||||
use rand_core::{CryptoRng, RngCore};
|
||||
|
@ -134,7 +133,7 @@ fn client_handshake_ntor_v1<R>(
|
|||
where
|
||||
R: RngCore + CryptoRng,
|
||||
{
|
||||
let my_sk = StaticSecret::new(rng.rng_compat());
|
||||
let my_sk = StaticSecret::new(rng);
|
||||
let my_public = PublicKey::from(&my_sk);
|
||||
|
||||
client_handshake_ntor_v1_no_keygen(my_public, my_sk, relay_public)
|
||||
|
@ -262,7 +261,7 @@ where
|
|||
// actually going to find our nodeid or keyid. Perhaps we should
|
||||
// delay that till later? It shouldn't matter for most cases,
|
||||
// though.
|
||||
let ephem = EphemeralSecret::new(rng.rng_compat());
|
||||
let ephem = EphemeralSecret::new(rng);
|
||||
let ephem_pub = PublicKey::from(&ephem);
|
||||
|
||||
server_handshake_ntor_v1_no_keygen(ephem_pub, ephem, msg, keys)
|
||||
|
@ -323,7 +322,7 @@ mod tests {
|
|||
#[test]
|
||||
fn simple() -> Result<()> {
|
||||
use crate::crypto::handshake::{ClientHandshake, ServerHandshake};
|
||||
let mut rng = testing_rng().rng_compat();
|
||||
let mut rng = testing_rng();
|
||||
let relay_secret = StaticSecret::new(&mut rng);
|
||||
let relay_public = PublicKey::from(&relay_secret);
|
||||
let relay_identity = RsaIdentity::from_bytes(&[12; 20]).unwrap();
|
||||
|
@ -353,7 +352,7 @@ mod tests {
|
|||
|
||||
fn make_fake_ephem_key(bytes: &[u8]) -> EphemeralSecret {
|
||||
assert_eq!(bytes.len(), 32);
|
||||
let mut rng = FakePRNG::new(bytes).rng_compat();
|
||||
let mut rng = FakePRNG::new(bytes);
|
||||
EphemeralSecret::new(&mut rng)
|
||||
}
|
||||
|
||||
|
@ -405,7 +404,7 @@ mod tests {
|
|||
#[test]
|
||||
fn failing_handshakes() {
|
||||
use crate::crypto::handshake::{ClientHandshake, ServerHandshake};
|
||||
let mut rng = testing_rng().rng_compat();
|
||||
let mut rng = testing_rng();
|
||||
|
||||
// Set up keys.
|
||||
let relay_secret = StaticSecret::new(&mut rng);
|
||||
|
|
|
@ -16,5 +16,5 @@ set -euo pipefail
|
|||
cargo +nightly update -Z minimal-versions
|
||||
cargo update \
|
||||
-p crc32fast \
|
||||
-p zeroize_derive:1.1.1 \
|
||||
-p zeroize_derive:1.3.2 \
|
||||
-p env_logger:0.5.0
|
||||
|
|
Loading…
Reference in New Issue