upgrade dependencies and fix cargo locks
This commit is contained in:
John Smith
@@ -1,29 +1,66 @@
|
||||
use curve25519_dalek::digest::generic_array::typenum::U64;
|
||||
use curve25519_dalek::digest::{Digest, Output};
|
||||
use curve25519_dalek::digest::{
|
||||
Digest, FixedOutput, FixedOutputReset, Output, OutputSizeUser, Reset, Update,
|
||||
};
|
||||
use generic_array::GenericArray;
|
||||
|
||||
pub struct Blake3Digest512 {
|
||||
dig: blake3::Hasher,
|
||||
}
|
||||
|
||||
impl Digest for Blake3Digest512 {
|
||||
impl OutputSizeUser for Blake3Digest512 {
|
||||
type OutputSize = U64;
|
||||
}
|
||||
|
||||
impl Update for Blake3Digest512 {
|
||||
fn update(&mut self, data: &[u8]) {
|
||||
self.dig.update(data);
|
||||
}
|
||||
}
|
||||
|
||||
impl FixedOutput for Blake3Digest512 {
|
||||
fn finalize_into(self, out: &mut Output<Self>) {
|
||||
let mut b = [0u8; 64];
|
||||
self.dig.finalize_xof().fill(&mut b);
|
||||
for n in 0..64 {
|
||||
out[n] = b[n];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Reset for Blake3Digest512 {
|
||||
fn reset(&mut self) {
|
||||
self.dig.reset();
|
||||
}
|
||||
}
|
||||
|
||||
impl FixedOutputReset for Blake3Digest512 {
|
||||
fn finalize_into_reset(&mut self, out: &mut Output<Self>) {
|
||||
let mut b = [0u8; 64];
|
||||
self.dig.finalize_xof().fill(&mut b);
|
||||
for n in 0..64 {
|
||||
out[n] = b[n];
|
||||
}
|
||||
self.dig.reset();
|
||||
}
|
||||
}
|
||||
|
||||
impl Digest for Blake3Digest512 {
|
||||
fn new() -> Self {
|
||||
Self {
|
||||
dig: blake3::Hasher::new(),
|
||||
}
|
||||
}
|
||||
|
||||
fn update(&mut self, data: impl AsRef<[u8]>) {
|
||||
self.dig.update(data.as_ref());
|
||||
fn new_with_prefix(data: impl AsRef<[u8]>) -> Self {
|
||||
Self::new().chain_update(data)
|
||||
}
|
||||
|
||||
fn chain(mut self, data: impl AsRef<[u8]>) -> Self
|
||||
fn chain_update(mut self, data: impl AsRef<[u8]>) -> Self
|
||||
where
|
||||
Self: Sized,
|
||||
{
|
||||
self.update(data);
|
||||
<Self as Update>::update(&mut self, data.as_ref());
|
||||
self
|
||||
}
|
||||
|
||||
@@ -44,21 +81,17 @@ impl Digest for Blake3Digest512 {
|
||||
for n in 0..64 {
|
||||
out[n] = b[n];
|
||||
}
|
||||
self.reset();
|
||||
out
|
||||
}
|
||||
|
||||
fn reset(&mut self) {
|
||||
self.dig.reset();
|
||||
out
|
||||
}
|
||||
|
||||
fn output_size() -> usize {
|
||||
64
|
||||
}
|
||||
|
||||
fn digest(data: &[u8]) -> Output<Self> {
|
||||
fn digest(data: impl AsRef<[u8]>) -> Output<Self> {
|
||||
let mut dig = blake3::Hasher::new();
|
||||
dig.update(data);
|
||||
dig.update(data.as_ref());
|
||||
let mut b = [0u8; 64];
|
||||
dig.finalize_xof().fill(&mut b);
|
||||
let mut out = GenericArray::<u8, U64>::default();
|
||||
@@ -67,4 +100,26 @@ impl Digest for Blake3Digest512 {
|
||||
}
|
||||
out
|
||||
}
|
||||
|
||||
fn update(&mut self, data: impl AsRef<[u8]>) {
|
||||
<Self as Update>::update(self, data.as_ref())
|
||||
}
|
||||
|
||||
fn finalize_into(self, out: &mut Output<Self>) {
|
||||
<Self as FixedOutput>::finalize_into(self, out)
|
||||
}
|
||||
|
||||
fn finalize_into_reset(&mut self, out: &mut Output<Self>)
|
||||
where
|
||||
Self: FixedOutputReset,
|
||||
{
|
||||
<Self as FixedOutputReset>::finalize_into_reset(self, out)
|
||||
}
|
||||
|
||||
fn reset(&mut self)
|
||||
where
|
||||
Self: Reset,
|
||||
{
|
||||
<Self as Reset>::reset(self);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,9 +7,9 @@ use argon2::{
|
||||
use chacha20::cipher::{KeyIvInit, StreamCipher};
|
||||
use chacha20::XChaCha20;
|
||||
use chacha20poly1305 as ch;
|
||||
use chacha20poly1305::aead::{AeadInPlace, NewAead};
|
||||
use chacha20poly1305::aead::AeadInPlace;
|
||||
use chacha20poly1305::KeyInit;
|
||||
use core::convert::TryInto;
|
||||
use curve25519_dalek as cd;
|
||||
use curve25519_dalek::digest::Digest;
|
||||
use ed25519_dalek as ed;
|
||||
use x25519_dalek as xd;
|
||||
@@ -17,27 +17,27 @@ use x25519_dalek as xd;
|
||||
const AEAD_OVERHEAD: usize = 16;
|
||||
pub const CRYPTO_KIND_VLD0: CryptoKind = FourCC(*b"VLD0");
|
||||
|
||||
fn ed25519_to_x25519_pk(key: &ed::PublicKey) -> VeilidAPIResult<xd::PublicKey> {
|
||||
let bytes = key.to_bytes();
|
||||
let compressed = cd::edwards::CompressedEdwardsY(bytes);
|
||||
let point = compressed
|
||||
.decompress()
|
||||
.ok_or_else(|| VeilidAPIError::internal("ed25519_to_x25519_pk failed"))?;
|
||||
let mp = point.to_montgomery();
|
||||
fn ed25519_to_x25519_pk(key: &ed::VerifyingKey) -> VeilidAPIResult<xd::PublicKey> {
|
||||
let mp = key.to_montgomery();
|
||||
Ok(xd::PublicKey::from(mp.to_bytes()))
|
||||
}
|
||||
fn ed25519_to_x25519_sk(key: &ed::SecretKey) -> VeilidAPIResult<xd::StaticSecret> {
|
||||
let exp = ed::ExpandedSecretKey::from(key);
|
||||
let bytes: [u8; ed::EXPANDED_SECRET_KEY_LENGTH] = exp.to_bytes();
|
||||
let lowbytes: [u8; 32] = bytes[0..32].try_into().map_err(VeilidAPIError::internal)?;
|
||||
Ok(xd::StaticSecret::from(lowbytes))
|
||||
fn ed25519_to_x25519_sk(key: &ed::SigningKey) -> VeilidAPIResult<xd::StaticSecret> {
|
||||
Ok(xd::StaticSecret::from(*key.to_scalar().as_bytes()))
|
||||
}
|
||||
|
||||
pub fn vld0_generate_keypair() -> KeyPair {
|
||||
let mut csprng = VeilidRng {};
|
||||
let keypair = ed::Keypair::generate(&mut csprng);
|
||||
let dht_key = PublicKey::new(keypair.public.to_bytes());
|
||||
let dht_key_secret = SecretKey::new(keypair.secret.to_bytes());
|
||||
let keypair = ed::SigningKey::generate(&mut csprng);
|
||||
let dht_key = PublicKey::new(
|
||||
keypair.to_keypair_bytes()[ed::SECRET_KEY_LENGTH..]
|
||||
.try_into()
|
||||
.expect("should fit"),
|
||||
);
|
||||
let dht_key_secret = SecretKey::new(
|
||||
keypair.to_keypair_bytes()[0..ed::SECRET_KEY_LENGTH]
|
||||
.try_into()
|
||||
.expect("should fit"),
|
||||
);
|
||||
|
||||
KeyPair::new(dht_key, dht_key_secret)
|
||||
}
|
||||
@@ -130,9 +130,9 @@ impl CryptoSystem for CryptoSystemVLD0 {
|
||||
SharedSecret::new(s)
|
||||
}
|
||||
fn compute_dh(&self, key: &PublicKey, secret: &SecretKey) -> VeilidAPIResult<SharedSecret> {
|
||||
let pk_ed = ed::PublicKey::from_bytes(&key.bytes).map_err(VeilidAPIError::internal)?;
|
||||
let pk_ed = ed::VerifyingKey::from_bytes(&key.bytes).map_err(VeilidAPIError::internal)?;
|
||||
let pk_xd = ed25519_to_x25519_pk(&pk_ed)?;
|
||||
let sk_ed = ed::SecretKey::from_bytes(&secret.bytes).map_err(VeilidAPIError::internal)?;
|
||||
let sk_ed = ed::SigningKey::from_bytes(&secret.bytes);
|
||||
let sk_xd = ed25519_to_x25519_sk(&sk_ed)?;
|
||||
Ok(SharedSecret::new(sk_xd.diffie_hellman(&pk_xd).to_bytes()))
|
||||
}
|
||||
@@ -197,7 +197,7 @@ impl CryptoSystem for CryptoSystemVLD0 {
|
||||
|
||||
kpb[..SECRET_KEY_LENGTH].copy_from_slice(&dht_key_secret.bytes);
|
||||
kpb[SECRET_KEY_LENGTH..].copy_from_slice(&dht_key.bytes);
|
||||
let keypair = ed::Keypair::from_bytes(&kpb)
|
||||
let keypair = ed::SigningKey::from_keypair_bytes(&kpb)
|
||||
.map_err(|e| VeilidAPIError::parse_error("Keypair is invalid", e))?;
|
||||
|
||||
let mut dig = Blake3Digest512::new();
|
||||
@@ -219,11 +219,9 @@ impl CryptoSystem for CryptoSystemVLD0 {
|
||||
data: &[u8],
|
||||
signature: &Signature,
|
||||
) -> VeilidAPIResult<()> {
|
||||
let pk = ed::PublicKey::from_bytes(&dht_key.bytes)
|
||||
let pk = ed::VerifyingKey::from_bytes(&dht_key.bytes)
|
||||
.map_err(|e| VeilidAPIError::parse_error("Public key is invalid", e))?;
|
||||
let sig = ed::Signature::from_bytes(&signature.bytes)
|
||||
.map_err(|e| VeilidAPIError::parse_error("Signature is invalid", e))?;
|
||||
|
||||
let sig = ed::Signature::from_bytes(&signature.bytes);
|
||||
let mut dig = Blake3Digest512::new();
|
||||
dig.update(data);
|
||||
|
||||
@@ -302,7 +300,7 @@ impl CryptoSystem for CryptoSystemVLD0 {
|
||||
nonce: &[u8; NONCE_LENGTH],
|
||||
shared_secret: &SharedSecret,
|
||||
) {
|
||||
let mut cipher = XChaCha20::new(&shared_secret.bytes.into(), nonce.into());
|
||||
let mut cipher = <XChaCha20 as KeyIvInit>::new(&shared_secret.bytes.into(), nonce.into());
|
||||
cipher.apply_keystream(body);
|
||||
}
|
||||
|
||||
@@ -313,7 +311,7 @@ impl CryptoSystem for CryptoSystemVLD0 {
|
||||
nonce: &[u8; NONCE_LENGTH],
|
||||
shared_secret: &SharedSecret,
|
||||
) {
|
||||
let mut cipher = XChaCha20::new(&shared_secret.bytes.into(), nonce.into());
|
||||
let mut cipher = <XChaCha20 as KeyIvInit>::new(&shared_secret.bytes.into(), nonce.into());
|
||||
cipher.apply_keystream_b2b(in_buf, out_buf).unwrap();
|
||||
}
|
||||
|
||||
|
||||
@@ -17,12 +17,10 @@ pub use protocol::*;
|
||||
|
||||
use async_tls::TlsAcceptor;
|
||||
use futures_util::StreamExt;
|
||||
use std::io;
|
||||
// xxx: rustls ^0.20
|
||||
//use rustls::{server::NoClientAuth, Certificate, PrivateKey, ServerConfig};
|
||||
use rustls::{Certificate, NoClientAuth, PrivateKey, ServerConfig};
|
||||
use rustls::{Certificate, PrivateKey, ServerConfig};
|
||||
use rustls_pemfile::{certs, pkcs8_private_keys, rsa_private_keys};
|
||||
use std::fs::File;
|
||||
use std::io;
|
||||
use std::io::BufReader;
|
||||
use std::path::{Path, PathBuf};
|
||||
|
||||
@@ -295,15 +293,10 @@ impl Network {
|
||||
return Err(io::Error::new(io::ErrorKind::InvalidInput, format!("Private key at {} could not be loaded.\nEnsure it is unencrypted and in RSA or PKCS8 format, beginning with '-----BEGIN RSA PRIVATE KEY-----' or '-----BEGIN PRIVATE KEY-----'",c.network.tls.private_key_path)));
|
||||
}
|
||||
|
||||
// xxx: rustls ^0.20
|
||||
// let mut config = ServerConfig::builder()
|
||||
// .with_safe_defaults()
|
||||
// .with_no_client_auth()
|
||||
// .with_single_cert(certs, keys.remove(0))
|
||||
// .map_err(|err| io::Error::new(io::ErrorKind::InvalidInput, err))?;
|
||||
let mut config = ServerConfig::new(NoClientAuth::new());
|
||||
config
|
||||
.set_single_cert(certs, keys.remove(0))
|
||||
let config = ServerConfig::builder()
|
||||
.with_safe_defaults()
|
||||
.with_no_client_auth()
|
||||
.with_single_cert(certs, keys.remove(0))
|
||||
.map_err(|err| io::Error::new(io::ErrorKind::InvalidInput, err))?;
|
||||
|
||||
Ok(config)
|
||||
|
||||
Reference in New Issue
Block a user