From 27c8cdcc55851c53aa1737b10cec7c9c4dec6e86 Mon Sep 17 00:00:00 2001
From: Taylor Thomas <taylor@cosmonic.com>
Date: Tue, 15 Aug 2023 16:34:01 -0600
Subject: [PATCH] fix(*): Fixes incorrect tests and removes use of hazmat

Signed-off-by: Taylor Thomas <taylor@cosmonic.com>
---
 Cargo.toml         | 17 +++++++++++++----
 src/bin/nk/main.rs |  2 +-
 src/lib.rs         | 28 ++++++++++++----------------
 3 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 264fa2b..ba20d91 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "nkeys"
-version = "0.3.1"
+version = "0.3.2"
 authors = ["wasmCloud Team"]
 edition = "2021"
 description = "Rust implementation of the NATS nkeys library"
@@ -13,7 +13,14 @@ keywords = ["crypto", "nats", "ed25519", "cryptography"]
 categories = ["cryptography", "authentication"]
 
 [features]
-cli = ["quicli", "structopt", "term-table", "exitfailure", "env_logger", "serde_json"]
+cli = [
+    "quicli",
+    "structopt",
+    "term-table",
+    "exitfailure",
+    "env_logger",
+    "serde_json",
+]
 
 [[bin]]
 name = "nk"
@@ -22,7 +29,9 @@ required-features = ["cli"]
 [dependencies]
 signatory = "0.27"
 ed25519 = { version = "2.0.0", default-features = false }
-ed25519-dalek = { version = "2.0.0", default-features = false, features = ["digest", "hazmat"] }
+ed25519-dalek = { version = "2.0.0", default-features = false, features = [
+    "digest",
+] }
 rand = "0.8"
 byteorder = "1.3.4"
 data-encoding = "2.3.0"
@@ -32,7 +41,7 @@ log = "0.4.11"
 quicli = { version = "0.4", optional = true }
 structopt = { version = "0.3.17", optional = true }
 term-table = { version = "1.3.0", optional = true }
-exitfailure = { version = "0.5.1", optional =true }
+exitfailure = { version = "0.5.1", optional = true }
 env_logger = { version = "0.9", optional = true }
 serde_json = { version = "1.0", optional = true }
 
diff --git a/src/bin/nk/main.rs b/src/bin/nk/main.rs
index 67ffbbe..5f87cb5 100644
--- a/src/bin/nk/main.rs
+++ b/src/bin/nk/main.rs
@@ -96,7 +96,7 @@ fn generate(kt: &KeyPairType, output_type: &Output) {
                 "seed": kp.seed().unwrap(),
             });
 
-            println!("{}", output.to_string());
+            println!("{}", output);
         }
     }
 }
diff --git a/src/lib.rs b/src/lib.rs
index 744e68d..37adf0e 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -48,7 +48,7 @@
 use std::fmt::{self, Debug};
 
 use crc::{extract_crc, push_crc, valid_checksum};
-use ed25519_dalek::{hazmat::ExpandedSecretKey, SecretKey, Signature, Verifier, VerifyingKey};
+use ed25519_dalek::{SecretKey, Signer, SigningKey, Verifier, VerifyingKey};
 use rand::prelude::*;
 
 const ENCODED_SEED_LENGTH: usize = 58;
@@ -81,6 +81,7 @@ type Result<T> = std::result::Result<T, crate::error::Error>;
 pub struct KeyPair {
     kp_type: KeyPairType,
     sk: Option<SecretKey>, //rawkey_kind: RawKeyKind,
+    signing_key: Option<SigningKey>,
     pk: VerifyingKey,
 }
 
@@ -160,12 +161,12 @@ impl KeyPair {
     /// Returns an error if there is an issue using the bytes to generate the key
     /// NOTE: These bytes should be generated from a cryptographically secure random source.
     pub fn new_from_raw(kp_type: KeyPairType, random_bytes: [u8; 32]) -> Result<KeyPair> {
-        let s = random_bytes;
-        let pk = pk_from_seed(&s)?;
+        let signing_key = SigningKey::from_bytes(&random_bytes);
         Ok(KeyPair {
             kp_type,
-            pk,
-            sk: Some(s),
+            pk: signing_key.verifying_key(),
+            signing_key: Some(signing_key),
+            sk: Some(random_bytes),
         })
     }
 
@@ -244,11 +245,8 @@ impl KeyPair {
 
     /// Attempts to sign the given input with the key pair's seed
     pub fn sign(&self, input: &[u8]) -> Result<Vec<u8>> {
-        if let Some(ref seed) = self.sk {
-            let expanded: ExpandedSecretKey = seed.into();
-            let sig: Signature = ed25519_dalek::hazmat::raw_sign::<ed25519_dalek::Sha512>(
-                &expanded, input, &self.pk,
-            );
+        if let Some(ref seed) = self.signing_key {
+            let sig = seed.sign(input);
             Ok(sig.to_bytes().to_vec())
         } else {
             Err(err!(SignatureError, "Cannot sign without a seed key"))
@@ -308,6 +306,7 @@ impl KeyPair {
                     kp_type: KeyPairType::from(prefix),
                     pk,
                     sk: None,
+                    signing_key: None,
                 }),
                 Err(_) => Err(err!(VerifyError, "Could not read public key")),
             }
@@ -338,12 +337,13 @@ impl KeyPair {
             let mut seed = [0u8; 32];
             seed.copy_from_slice(&raw[2..]);
 
-            let pk = pk_from_seed(&seed)?;
+            let signing_key = SigningKey::from_bytes(&seed);
 
             Ok(KeyPair {
                 kp_type,
-                pk,
+                pk: signing_key.verifying_key(),
                 sk: Some(seed),
+                signing_key: Some(signing_key),
             })
         }
     }
@@ -354,10 +354,6 @@ impl KeyPair {
     }
 }
 
-fn pk_from_seed(seed: &SecretKey) -> Result<VerifyingKey> {
-    VerifyingKey::from_bytes(seed).map_err(|err| err.into())
-}
-
 fn decode_raw(raw: &[u8]) -> Result<Vec<u8>> {
     let mut b32_decoded = data_encoding::BASE32_NOPAD.decode(raw)?;