From 42006bad1c904afd6d93f43005ad30ae025f5fda Mon Sep 17 00:00:00 2001
From: Ghenadie <118184705+GhenadieVP@users.noreply.github.com>
Date: Mon, 18 Nov 2024 03:26:15 -0500
Subject: [PATCH] Fix Dalek vulnerability (#260)

* bump version

* wip

* wip
---
 Cargo.lock                      | 68 ++++++++++-----------------------
 crates/sargon-uniffi/Cargo.toml |  2 +-
 crates/sargon/Cargo.toml        |  6 +--
 3 files changed, 24 insertions(+), 52 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 7706017d6..e9aecc15c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -473,7 +473,7 @@ version = "0.10.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
 dependencies = [
- "digest 0.10.7",
+ "digest",
 ]
 
 [[package]]
@@ -843,19 +843,6 @@ dependencies = [
  "cipher",
 ]
 
-[[package]]
-name = "curve25519-dalek"
-version = "3.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
-dependencies = [
- "byteorder",
- "digest 0.9.0",
- "rand_core 0.5.1",
- "subtle",
- "zeroize 1.8.1",
-]
-
 [[package]]
 name = "curve25519-dalek"
 version = "4.1.3"
@@ -865,7 +852,7 @@ dependencies = [
  "cfg-if",
  "cpufeatures",
  "curve25519-dalek-derive",
- "digest 0.10.7",
+ "digest",
  "fiat-crypto",
  "rustc_version",
  "subtle",
@@ -992,15 +979,6 @@ version = "0.1.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "56254986775e3233ffa9c4d7d3faaf6d36a2c09d30b20687e9f88bc8bafc16c8"
 
-[[package]]
-name = "digest"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066"
-dependencies = [
- "generic-array 0.14.7",
-]
-
 [[package]]
 name = "digest"
 version = "0.10.7"
@@ -1026,7 +1004,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
 dependencies = [
  "der",
- "digest 0.10.7",
+ "digest",
  "elliptic-curve",
  "rfc6979",
  "signature",
@@ -1049,7 +1027,7 @@ version = "2.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871"
 dependencies = [
- "curve25519-dalek 4.1.3",
+ "curve25519-dalek",
  "ed25519",
  "serde",
  "sha2",
@@ -1063,7 +1041,7 @@ version = "4.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7d9ce6874da5d4415896cd45ffbc4d1cfc0c4f9c079427bd870742c30f2f65a9"
 dependencies = [
- "curve25519-dalek 4.1.3",
+ "curve25519-dalek",
  "ed25519",
  "hashbrown 0.14.5",
  "hex 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1086,7 +1064,7 @@ checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
 dependencies = [
  "base16ct",
  "crypto-bigint",
- "digest 0.10.7",
+ "digest",
  "ff",
  "generic-array 0.14.7",
  "group",
@@ -1482,7 +1460,7 @@ version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
 dependencies = [
- "digest 0.10.7",
+ "digest",
 ]
 
 [[package]]
@@ -1663,12 +1641,12 @@ dependencies = [
 
 [[package]]
 name = "iota-crypto"
-version = "0.23.1"
-source = "git+https://github.com/iotaledger/crypto.rs?rev=47460d64fd0514af136ea1c2c6f3aa29ed89d1b8#47460d64fd0514af136ea1c2c6f3aa29ed89d1b8"
+version = "0.23.2"
+source = "git+https://github.com/iotaledger/crypto.rs?rev=8c13125541e762206e2dc57b8bfde89c7f6ce8e3#8c13125541e762206e2dc57b8bfde89c7f6ce8e3"
 dependencies = [
  "autocfg",
- "curve25519-dalek 3.2.0",
- "digest 0.10.7",
+ "curve25519-dalek",
+ "digest",
  "ed25519-zebra",
  "hmac",
  "k256 0.13.4",
@@ -2536,12 +2514,6 @@ dependencies = [
  "rand_core 0.6.4 (git+https://github.com/rust-random/rand/?rev=937320cbfeebd4352a23086d9c6e68f067f74644)",
 ]
 
-[[package]]
-name = "rand_core"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
-
 [[package]]
 name = "rand_core"
 version = "0.6.4"
@@ -2737,7 +2709,7 @@ dependencies = [
 
 [[package]]
 name = "sargon"
-version = "1.1.50"
+version = "1.1.52"
 dependencies = [
  "actix-rt",
  "aes-gcm",
@@ -2791,7 +2763,7 @@ dependencies = [
 
 [[package]]
 name = "sargon-uniffi"
-version = "1.1.50"
+version = "1.1.52"
 dependencies = [
  "actix-rt",
  "assert-json-diff",
@@ -3172,7 +3144,7 @@ checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
 dependencies = [
  "cfg-if",
  "cpufeatures",
- "digest 0.10.7",
+ "digest",
 ]
 
 [[package]]
@@ -3181,7 +3153,7 @@ version = "0.10.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60"
 dependencies = [
- "digest 0.10.7",
+ "digest",
  "keccak",
 ]
 
@@ -3206,7 +3178,7 @@ version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
 dependencies = [
- "digest 0.10.7",
+ "digest",
  "rand_core 0.6.4 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
@@ -4232,12 +4204,12 @@ dependencies = [
 
 [[package]]
 name = "x25519-dalek"
-version = "1.1.1"
+version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a0c105152107e3b96f6a00a65e86ce82d9b125230e1c4302940eca58ff71f4f"
+checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277"
 dependencies = [
- "curve25519-dalek 3.2.0",
- "rand_core 0.5.1",
+ "curve25519-dalek",
+ "rand_core 0.6.4 (registry+https://github.com/rust-lang/crates.io-index)",
  "zeroize 1.8.1",
 ]
 
diff --git a/crates/sargon-uniffi/Cargo.toml b/crates/sargon-uniffi/Cargo.toml
index 836d3aa1f..d7a7d3ddc 100644
--- a/crates/sargon-uniffi/Cargo.toml
+++ b/crates/sargon-uniffi/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "sargon-uniffi"
 # Don't forget to update version in crates/sargon/Cargo.toml
-version = "1.1.51"
+version = "1.1.52"
 edition = "2021"
 build = "build.rs"
 
diff --git a/crates/sargon/Cargo.toml b/crates/sargon/Cargo.toml
index 973be87af..ea4d83c93 100644
--- a/crates/sargon/Cargo.toml
+++ b/crates/sargon/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "sargon"
 # Don't forget to update version in crates/sargon-uniffi/Cargo.toml
-version = "1.1.51"
+version = "1.1.52"
 edition = "2021"
 build = "build.rs"
 
@@ -110,8 +110,8 @@ itertools = { git = "https://github.com/rust-itertools/itertools/", rev = "98eca
 enum-as-inner = { git = "https://github.com/bluejekyll/enum-as-inner/", rev = "c15f6e5c4f98ec865e181ae1fff9fc13a1a2e4e2" }
 
 # SLIP10 implementation
-# iota_crypto = "0.23.1"
-iota-crypto = { git = "https://github.com/iotaledger/crypto.rs", rev = "47460d64fd0514af136ea1c2c6f3aa29ed89d1b8", features = [
+# iota_crypto = "0.23.2"
+iota-crypto = { git = "https://github.com/iotaledger/crypto.rs", rev = "8c13125541e762206e2dc57b8bfde89c7f6ce8e3", features = [
   "slip10",
   "ed25519",
   "secp256k1",