Skip to content

Commit

Permalink
Merge pull request #35 from andrewwhitehead/update-deps
Browse files Browse the repository at this point in the history
Update dependencies
  • Loading branch information
andrewwhitehead authored Jan 12, 2022
2 parents 5b59446 + 8da6dad commit d7a7d61
Show file tree
Hide file tree
Showing 17 changed files with 153 additions and 114 deletions.
19 changes: 12 additions & 7 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ members = ["askar-bbs", "askar-crypto"]

[package]
name = "aries-askar"
version = "0.2.2"
version = "0.2.3"
authors = ["Hyperledger Aries Contributors <[email protected]>"]
edition = "2018"
description = "Hyperledger Aries Askar secure storage"
Expand All @@ -30,8 +30,8 @@ any = []
ffi = ["any", "ffi-support", "logger", "option-lock"]
jemalloc = ["jemallocator"]
logger = ["env_logger", "log"]
postgres = ["sqlx", "sqlx/postgres", "sqlx/tls"]
sqlite = ["num_cpus", "sqlx", "sqlx/sqlite"]
postgres = ["sqlx", "sqlx-core", "sqlx/postgres", "sqlx/tls"]
sqlite = ["num_cpus", "sqlx", "sqlx-core", "sqlx/sqlite"]
pg_test = ["postgres"]

[dev-dependencies]
Expand All @@ -42,12 +42,12 @@ async-lock = "2.4"
async-stream = "0.3"
bs58 = "0.4"
chrono = "0.4"
digest = "0.9"
digest = "0.10"
env_logger = { version = "0.7", optional = true }
ffi-support = { version = "0.4", optional = true }
futures-lite = "1.11"
hex = "0.4"
hmac = "0.11"
hmac = "0.12"
indy-wql = "0.4"
itertools = "0.10"
jemallocator = { version = "0.3", optional = true }
Expand All @@ -60,7 +60,7 @@ serde = { version = "1.0", features = ["derive"] }
serde_bytes = "0.11"
serde_cbor = "0.11"
serde_json = "1.0"
sha2 = "0.9"
sha2 = "0.10"
tokio = { version = "1.5", features = ["time"] }
url = { version = "2.1", default-features = false }
uuid = { version = "0.8", features = ["v4"] }
Expand All @@ -72,11 +72,16 @@ path = "./askar-crypto"
features = ["all_keys", "any_key", "argon2", "crypto_box", "std"]

[dependencies.sqlx]
version = "0.5.9"
version = "=0.5.9"
default-features = false
features = ["chrono", "runtime-tokio-rustls"]
optional = true

[dependencies.sqlx-core]
version = "=0.5.9"
default-features = false
optional = true

[profile.release]
lto = true
codegen-units = 1
Expand Down
37 changes: 19 additions & 18 deletions askar-crypto/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "askar-crypto"
version = "0.2.2"
version = "0.2.3"
authors = ["Hyperledger Aries Contributors <[email protected]>"]
edition = "2018"
description = "Hyperledger Aries Askar cryptography"
Expand All @@ -24,7 +24,7 @@ aes = ["aes-core", "aes-gcm", "block-modes", "hmac"]
bls = ["bls12_381", "hkdf"]
chacha = ["chacha20poly1305"]
crypto_box = ["alloc", "crypto_box_rs", "ed25519", "getrandom"]
ec_curves = ["k256", "p256"]
ec_curves = ["elliptic-curve", "k256", "p256"]
ed25519 = ["curve25519-dalek", "ed25519-dalek", "x25519-dalek"]
getrandom = ["rand/getrandom"]
std_rng = ["getrandom", "rand/std", "rand/std_rng"]
Expand All @@ -45,30 +45,31 @@ name = "kdf"
harness = false

[dependencies]
aead = "0.3"
aes-core = { package = "aes", version = "0.6", default-features = false, optional = true }
aes-gcm = { version = "0.8", default-features = false, features = ["aes"], optional = true }
aead = "0.4"
aes-core = { package = "aes", version = "0.7", default-features = false, optional = true }
aes-gcm = { version = "0.9", default-features = false, features = ["aes"], optional = true }
arbitrary = { version = "1.0", optional = true, features = ["derive"] }
argon2 = { version = "0.1", default-features = false, features = ["password-hash"], optional = true }
argon2 = { version = "0.3", default-features = false, features = ["alloc", "password-hash"], optional = true }
base64 = { version = "0.13", default-features = false }
blake2 = { version = "0.9", default-features = false }
block-modes = { version = "0.7", default-features = false, optional = true }
blake2 = { version = "0.10", default-features = false }
block-modes = { version = "0.8", default-features = false, optional = true }
bls12_381 = { version = "0.6", default-features = false, features = ["groups", "zeroize"], optional = true }
chacha20 = { version = "0.6" } # should match chacha20poly1305
chacha20poly1305 = { version = "0.7", default-features = false, features = ["chacha20", "xchacha20poly1305"], optional = true }
crypto_box_rs = { package = "crypto_box", version = "0.5", default-features = false, features = ["u64_backend"], optional = true }
chacha20 = { version = "0.7" } # should match chacha20poly1305
chacha20poly1305 = { version = "0.8", default-features = false, optional = true }
crypto_box_rs = { package = "crypto_box", version = "0.6", default-features = false, features = ["u64_backend"], optional = true }
curve25519-dalek = { version = "3.1", default-features = false, features = ["u64_backend"], optional = true }
ed25519-dalek = { version = "1.0", default-features = false, features = ["u64_backend"], optional = true }
digest = "0.9"
elliptic-curve = { version = "0.11", optional = true }
digest = "0.10"
group = "0.11"
hkdf = { version = "0.11", optional = true }
hmac = { version = "0.11", optional = true }
k256 = { version = "0.9", default-features = false, features = ["arithmetic", "ecdsa", "ecdh", "sha256", "zeroize"], optional = true }
p256 = { version = "0.9", default-features = false, features = ["arithmetic", "ecdsa", "ecdh", "zeroize"], optional = true }
hkdf = { version = "0.12", optional = true }
hmac = { version = "0.12", optional = true }
k256 = { version = "0.10", default-features = false, features = ["arithmetic", "ecdsa", "ecdh", "sha256"], optional = true }
p256 = { version = "0.10", default-features = false, features = ["arithmetic", "ecdsa", "ecdh"], optional = true }
rand = { version = "0.8", default-features = false }
serde = { version = "1.0", default-features = false, features = ["derive"] }
serde-json-core = { version = "0.4", default-features = false }
subtle = "2.4"
sha2 = { version = "0.9", default-features = false }
x25519-dalek = { version = "1.1", default-features = false, features = ["u64_backend"], optional = true }
sha2 = { version = "0.10", default-features = false }
x25519-dalek = { version = "=1.1", default-features = false, features = ["u64_backend"], optional = true }
zeroize = { version = "1.4", features = ["zeroize_derive"] }
14 changes: 7 additions & 7 deletions askar-crypto/src/alg/aes/cbc_hmac.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ use aead::generic_array::ArrayLength;
use aes_core::{Aes128, Aes256};
use block_modes::{
block_padding::Pkcs7,
cipher::{BlockCipher, NewBlockCipher},
cipher::{BlockCipher, BlockDecrypt, BlockEncrypt, NewBlockCipher},
BlockMode, Cbc,
};
use digest::{BlockInput, FixedOutput, Reset, Update};
use hmac::{Hmac, Mac, NewMac};
use digest::{crypto_common::BlockSizeUser, Digest};
use hmac::{Mac, SimpleHmac};
use subtle::ConstantTimeEq;

use super::{AesKey, AesType, NonceSize, TagSize};
Expand Down Expand Up @@ -69,8 +69,8 @@ where
impl<C, D> KeyAeadInPlace for AesKey<AesCbcHmac<C, D>>
where
AesCbcHmac<C, D>: AesType,
C: BlockCipher + NewBlockCipher,
D: Update + BlockInput + FixedOutput + Reset + Default + Clone,
C: BlockCipher + NewBlockCipher + BlockEncrypt + BlockDecrypt,
D: Digest + BlockSizeUser,
C::KeySize: core::ops::Shl<consts::B1>,
<C::KeySize as core::ops::Shl<consts::B1>>::Output: ArrayLength<u8>,
{
Expand Down Expand Up @@ -106,7 +106,7 @@ where
.map_err(|_| err_msg!(Encryption, "AES-CBC encryption error"))?;
let ctext_end = msg_len + pad_len;

let mut hmac = Hmac::<D>::new_from_slice(&self.0[..C::KeySize::USIZE])
let mut hmac = SimpleHmac::<D>::new_from_slice(&self.0[..C::KeySize::USIZE])
.expect("Incompatible HMAC key length");
hmac.update(aad);
hmac.update(nonce.as_ref());
Expand Down Expand Up @@ -141,7 +141,7 @@ where
let ctext_end = buf_len - TagSize::<Self>::USIZE;
let tag = GenericArray::<u8, TagSize<Self>>::from_slice(&buffer.as_ref()[ctext_end..]);

let mut hmac = Hmac::<D>::new_from_slice(&self.0[..C::KeySize::USIZE])
let mut hmac = SimpleHmac::<D>::new_from_slice(&self.0[..C::KeySize::USIZE])
.expect("Incompatible HMAC key length");
hmac.update(aad);
hmac.update(nonce.as_ref());
Expand Down
6 changes: 4 additions & 2 deletions askar-crypto/src/alg/aes/key_wrap.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
use core::{convert::TryInto, marker::PhantomData};

use aes_core::{Aes128, Aes256};
use block_modes::cipher::{BlockCipher, NewBlockCipher};
use block_modes::cipher::{BlockCipher, BlockDecrypt, BlockEncrypt, NewBlockCipher};
use subtle::ConstantTimeEq;

use super::{AesKey, AesType, NonceSize, TagSize};
Expand Down Expand Up @@ -54,7 +54,9 @@ impl<C> KeyAeadInPlace for AesKey<AesKeyWrap<C>>
where
AesKeyWrap<C>: AesType,
C: NewBlockCipher<KeySize = <AesKeyWrap<C> as AesType>::KeySize>
+ BlockCipher<BlockSize = consts::U16>,
+ BlockCipher<BlockSize = consts::U16>
+ BlockDecrypt
+ BlockEncrypt,
{
fn encrypt_in_place(
&self,
Expand Down
8 changes: 4 additions & 4 deletions askar-crypto/src/alg/aes/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
use core::fmt::{self, Debug, Formatter};

use aead::{generic_array::ArrayLength, AeadInPlace, NewAead};
use aead::{generic_array::ArrayLength, AeadCore, AeadInPlace, NewAead};
use aes_gcm::{Aes128Gcm, Aes256Gcm};
use serde::{Deserialize, Serialize};
use zeroize::Zeroize;
Expand Down Expand Up @@ -174,9 +174,9 @@ impl AesType for A256Gcm {
}

// generic implementation applying to AesGcm
impl<T: AeadInPlace + AesType> KeyAeadMeta for AesKey<T> {
type NonceSize = <T as AeadInPlace>::NonceSize;
type TagSize = <T as AeadInPlace>::TagSize;
impl<T: AeadCore + AesType> KeyAeadMeta for AesKey<T> {
type NonceSize = <T as AeadCore>::NonceSize;
type TagSize = <T as AeadCore>::TagSize;
}

// generic implementation applying to AesGcm
Expand Down
2 changes: 1 addition & 1 deletion askar-crypto/src/alg/bls.rs
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,7 @@ impl KeyMaterial for BlsKeyGen<'_> {

self.salt.replace(match self.salt {
None => Sha256::digest(SALT),
Some(salt) => Sha256::digest(salt.as_ref()),
Some(salt) => Sha256::digest(salt),
});
let mut extract = hkdf::HkdfExtract::<Sha256>::new(Some(self.salt.as_ref().unwrap()));
extract.input_ikm(self.ikm);
Expand Down
8 changes: 4 additions & 4 deletions askar-crypto/src/alg/chacha20.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
use core::fmt::{self, Debug, Formatter};

use aead::{Aead, AeadInPlace, NewAead};
use aead::{AeadCore, AeadInPlace, NewAead};
use chacha20poly1305::{ChaCha20Poly1305, XChaCha20Poly1305};
use serde::{Deserialize, Serialize};
use zeroize::Zeroize;
Expand All @@ -25,7 +25,7 @@ pub static JWK_KEY_TYPE: &'static str = "oct";
/// Trait implemented by supported ChaCha20 algorithms
pub trait Chacha20Type: 'static {
/// The AEAD implementation
type Aead: NewAead + Aead + AeadInPlace;
type Aead: NewAead + AeadCore + AeadInPlace;

/// The associated algorithm type
const ALG_TYPE: Chacha20Types;
Expand Down Expand Up @@ -57,9 +57,9 @@ impl Chacha20Type for XC20P {

type KeyType<A> = ArrayKey<<<A as Chacha20Type>::Aead as NewAead>::KeySize>;

type NonceSize<A> = <<A as Chacha20Type>::Aead as Aead>::NonceSize;
type NonceSize<A> = <<A as Chacha20Type>::Aead as AeadCore>::NonceSize;

type TagSize<A> = <<A as Chacha20Type>::Aead as Aead>::TagSize;
type TagSize<A> = <<A as Chacha20Type>::Aead as AeadCore>::TagSize;

/// A ChaCha20 symmetric encryption key
#[derive(Serialize, Deserialize, Zeroize)]
Expand Down
18 changes: 18 additions & 0 deletions askar-crypto/src/alg/ec_common.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
use elliptic_curve::{
bigint::{Encoding, Limb},
Curve, SecretKey,
};

pub fn write_sk<C: Curve>(sk: &SecretKey<C>, out: &mut [u8]) {
let limbs = sk.as_scalar_core().as_limbs();
debug_assert_eq!(out.len(), Limb::BYTE_SIZE * limbs.len());

for (src, dst) in limbs
.iter()
.rev()
.cloned()
.zip(out.chunks_exact_mut(Limb::BYTE_SIZE))
{
dst.copy_from_slice(&src.to_be_bytes());
}
}
44 changes: 24 additions & 20 deletions askar-crypto/src/alg/k256.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,16 @@ use k256::{
signature::{Signer, Verifier},
Signature, SigningKey, VerifyingKey,
},
elliptic_curve::{self, ecdh::diffie_hellman, sec1::Coordinates},
elliptic_curve::{
self,
ecdh::diffie_hellman,
sec1::{Coordinates, FromEncodedPoint, ToEncodedPoint},
},
EncodedPoint, PublicKey, SecretKey,
};
use subtle::ConstantTimeEq;

use super::{EcCurves, HasKeyAlg, KeyAlg};
use super::{ec_common, EcCurves, HasKeyAlg, KeyAlg};
use crate::{
buffer::{ArrayKey, WriteBuffer},
error::Error,
Expand Down Expand Up @@ -115,7 +119,7 @@ impl KeyGen for K256KeyPair {
fn generate(mut rng: impl KeyMaterial) -> Result<Self, Error> {
ArrayKey::<FieldSize>::temp(|buf| loop {
rng.read_okm(buf);
if let Ok(key) = SecretKey::from_bytes(&buf) {
if let Ok(key) = SecretKey::from_be_bytes(&buf) {
return Ok(Self::from_secret_key(key));
}
})
Expand All @@ -125,13 +129,16 @@ impl KeyGen for K256KeyPair {
impl KeySecretBytes for K256KeyPair {
fn from_secret_bytes(key: &[u8]) -> Result<Self, Error> {
Ok(Self::from_secret_key(
SecretKey::from_bytes(key).map_err(|_| err_msg!(InvalidKeyData))?,
SecretKey::from_be_bytes(key).map_err(|_| err_msg!(InvalidKeyData))?,
))
}

fn with_secret_bytes<O>(&self, f: impl FnOnce(Option<&[u8]>) -> O) -> O {
if let Some(sk) = self.secret.as_ref() {
f(Some(sk.as_scalar_bytes().as_ref()))
ArrayKey::<FieldSize>::temp(|arr| {
ec_common::write_sk(sk, &mut arr[..]);
f(Some(&arr))
})
} else {
f(None)
}
Expand All @@ -155,12 +162,11 @@ impl KeypairBytes for K256KeyPair {
}

fn with_keypair_bytes<O>(&self, f: impl FnOnce(Option<&[u8]>) -> O) -> O {
if let Some(secret) = self.secret.as_ref() {
if let Some(sk) = self.secret.as_ref() {
ArrayKey::<<Self as KeypairMeta>::KeypairSize>::temp(|arr| {
let sk_b = secret.as_scalar_bytes();
let pk_enc = EncodedPoint::encode(self.public, true);
arr[..SECRET_KEY_LENGTH].copy_from_slice(sk_b.as_ref());
arr[SECRET_KEY_LENGTH..].copy_from_slice(pk_enc.as_ref());
ec_common::write_sk(sk, &mut arr[..SECRET_KEY_LENGTH]);
let pk_enc = self.public.to_encoded_point(true);
arr[SECRET_KEY_LENGTH..].copy_from_slice(pk_enc.as_bytes());
f(Some(&*arr))
})
} else {
Expand All @@ -171,18 +177,15 @@ impl KeypairBytes for K256KeyPair {

impl KeyPublicBytes for K256KeyPair {
fn from_public_bytes(key: &[u8]) -> Result<Self, Error> {
let pk = EncodedPoint::from_bytes(key)
.and_then(|pt| pt.decode())
.map_err(|_| err_msg!(InvalidKeyData))?;
let pk = PublicKey::from_sec1_bytes(key).map_err(|_| err_msg!(InvalidKeyData))?;
Ok(Self {
secret: None,
public: pk,
})
}

fn with_public_bytes<O>(&self, f: impl FnOnce(&[u8]) -> O) -> O {
let pt = EncodedPoint::encode(self.public, true);
f(pt.as_ref())
f(self.public.to_encoded_point(true).as_bytes())
}
}

Expand Down Expand Up @@ -225,7 +228,7 @@ impl KeySigVerify for K256KeyPair {

impl ToJwk for K256KeyPair {
fn encode_jwk(&self, enc: &mut dyn JwkEncoder) -> Result<(), Error> {
let pk_enc = EncodedPoint::encode(self.public, false);
let pk_enc = self.public.to_encoded_point(false);
let (x, y) = match pk_enc.coordinates() {
Coordinates::Identity => {
return Err(err_msg!(
Expand Down Expand Up @@ -276,9 +279,10 @@ impl FromJwk for K256KeyPair {
Ok(())
}
})?;
let pk = EncodedPoint::from_affine_coordinates(pk_x.as_ref(), pk_y.as_ref(), false)
.decode()
.map_err(|_| err_msg!(InvalidKeyData))?;
let pk = Option::from(PublicKey::from_encoded_point(
&EncodedPoint::from_affine_coordinates(pk_x.as_ref(), pk_y.as_ref(), false),
))
.ok_or_else(|| err_msg!(InvalidKeyData))?;
if jwk.d.is_some() {
ArrayKey::<FieldSize>::temp(|arr| {
if jwk.d.decode_base64(arr)? != arr.len() {
Expand All @@ -305,7 +309,7 @@ impl KeyExchange for K256KeyPair {
fn write_key_exchange(&self, other: &Self, out: &mut dyn WriteBuffer) -> Result<(), Error> {
match self.secret.as_ref() {
Some(sk) => {
let xk = diffie_hellman(sk.to_secret_scalar(), other.public.as_affine());
let xk = diffie_hellman(sk.to_nonzero_scalar(), other.public.as_affine());
out.buffer_write(xk.as_bytes())?;
Ok(())
}
Expand Down
3 changes: 3 additions & 0 deletions askar-crypto/src/alg/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ pub mod ed25519;
#[cfg_attr(docsrs, doc(cfg(feature = "ed25519")))]
pub mod x25519;

#[cfg(feature = "ec_curves")]
mod ec_common;

#[cfg(feature = "k256")]
#[cfg_attr(docsrs, doc(cfg(feature = "k256")))]
pub mod k256;
Expand Down
Loading

0 comments on commit d7a7d61

Please sign in to comment.