dh fix

veilid-core/src/crypto/tests/test_crypto.rs

@@ -139,7 +139,9 @@ pub async fn test_no_auth(vcrypto: CryptoSystemVersion) {
 pub async fn test_dh(vcrypto: CryptoSystemVersion) {
     trace!("test_dh");
     let (dht_key, dht_key_secret) = vcrypto.generate_keypair().into_split();
+    assert!(vcrypto.validate_keypair(&dht_key, &dht_key_secret));
     let (dht_key2, dht_key_secret2) = vcrypto.generate_keypair().into_split();
+    assert!(vcrypto.validate_keypair(&dht_key2, &dht_key_secret2));
 
     let r1 = vcrypto.compute_dh(&dht_key, &dht_key_secret2).unwrap();
     let r2 = vcrypto.compute_dh(&dht_key2, &dht_key_secret).unwrap();

veilid-core/src/crypto/vld0/mod.rs

@@ -9,7 +9,6 @@ use chacha20::XChaCha20;
 use chacha20poly1305 as ch;
 use chacha20poly1305::aead::AeadInPlace;
 use chacha20poly1305::KeyInit;
-use core::convert::TryInto;
 use curve25519_dalek::digest::Digest;
 use ed25519_dalek as ed;
 use x25519_dalek as xd;
@@ -17,27 +16,29 @@ use x25519_dalek as xd;
 const AEAD_OVERHEAD: usize = 16;
 pub const CRYPTO_KIND_VLD0: CryptoKind = FourCC(*b"VLD0");
 
-fn ed25519_to_x25519_pk(key: &ed::VerifyingKey) -> VeilidAPIResult<xd::PublicKey> {
-    let mp = key.to_montgomery();
-    Ok(xd::PublicKey::from(mp.to_bytes()))
+fn public_to_x25519_pk(public: &PublicKey) -> VeilidAPIResult<xd::PublicKey> {
+    let pk_ed = ed::VerifyingKey::from_bytes(&public.bytes).map_err(VeilidAPIError::internal)?;
+    Ok(xd::PublicKey::from(*pk_ed.to_montgomery().as_bytes()))
 }
-fn ed25519_to_x25519_sk(key: &ed::SigningKey) -> VeilidAPIResult<xd::StaticSecret> {
-    Ok(xd::StaticSecret::from(*key.to_scalar().as_bytes()))
+fn secret_to_x25519_sk(secret: &SecretKey) -> VeilidAPIResult<xd::StaticSecret> {
+    // NOTE: ed::SigningKey.to_scalar() does not produce an unreduced scalar, we want the raw bytes here
+    // See https://github.com/dalek-cryptography/curve25519-dalek/issues/565
+    let hash: [u8; SIGNATURE_LENGTH] = ed::Sha512::default()
+        .chain_update(secret.bytes)
+        .finalize()
+        .into();
+    let mut output = [0u8; 32];
+    output.copy_from_slice(&hash[..32]);
+
+    Ok(xd::StaticSecret::from(output))
 }
 
 pub fn vld0_generate_keypair() -> KeyPair {
     let mut csprng = VeilidRng {};
-    let keypair = ed::SigningKey::generate(&mut csprng);
-    let dht_key = PublicKey::new(
-        keypair.to_keypair_bytes()[ed::SECRET_KEY_LENGTH..]
-            .try_into()
-            .expect("should fit"),
-    );
-    let dht_key_secret = SecretKey::new(
-        keypair.to_keypair_bytes()[0..ed::SECRET_KEY_LENGTH]
-            .try_into()
-            .expect("should fit"),
-    );
+    let signing_key = ed::SigningKey::generate(&mut csprng);
+    let verifying_key = signing_key.verifying_key();
+    let dht_key = PublicKey::new(verifying_key.to_bytes());
+    let dht_key_secret = SecretKey::new(signing_key.to_bytes());
 
     KeyPair::new(dht_key, dht_key_secret)
 }
@@ -130,10 +131,9 @@ impl CryptoSystem for CryptoSystemVLD0 {
         SharedSecret::new(s)
     }
     fn compute_dh(&self, key: &PublicKey, secret: &SecretKey) -> VeilidAPIResult<SharedSecret> {
-        let pk_ed = ed::VerifyingKey::from_bytes(&key.bytes).map_err(VeilidAPIError::internal)?;
-        let pk_xd = ed25519_to_x25519_pk(&pk_ed)?;
-        let sk_ed = ed::SigningKey::from_bytes(&secret.bytes);
-        let sk_xd = ed25519_to_x25519_sk(&sk_ed)?;
+        let pk_xd = public_to_x25519_pk(&key)?;
+        let sk_xd = secret_to_x25519_sk(&secret)?;
+
         Ok(SharedSecret::new(sk_xd.diffie_hellman(&pk_xd).to_bytes()))
     }
     fn generate_keypair(&self) -> KeyPair {

veilid-core/src/tests/native/mod.rs

@@ -97,20 +97,16 @@ cfg_if! {
 
         pub fn setup() {
             SETUP_ONCE.call_once(|| {
-                cfg_if! {
-                    if #[cfg(feature = "tracing")] {
-                        use tracing_subscriber::{filter, fmt, prelude::*};
-                        let mut filters = filter::Targets::new().with_default(filter::LevelFilter::TRACE);
-                        for ig in DEFAULT_LOG_IGNORE_LIST {
-                            filters = filters.with_target(ig, filter::LevelFilter::OFF);
-                        }
-                        let fmt_layer = fmt::layer();
-                        tracing_subscriber::registry()
-                            .with(fmt_layer)
-                            .with(filters)
-                            .init();
-                    }
+                use tracing_subscriber::{filter, fmt, prelude::*};
+                let mut filters = filter::Targets::new().with_default(filter::LevelFilter::TRACE);
+                for ig in DEFAULT_LOG_IGNORE_LIST {
+                    filters = filters.with_target(ig, filter::LevelFilter::OFF);
                 }
+                let fmt_layer = fmt::layer();
+                tracing_subscriber::registry()
+                    .with(fmt_layer)
+                    .with(filters)
+                    .init();
             });
         }
 

veilid-core/src/veilid_api/serialize_helpers/compression.rs

@@ -1,8 +1,6 @@
 use super::*;
 use lz4_flex::block;
 
-use crate::apibail_generic;
-
 pub fn compress_prepend_size(input: &[u8]) -> Vec<u8> {
     block::compress_prepend_size(input)
 }