From 01dc8c05df884eb907ef6de98dfaf5b497b05d00 Mon Sep 17 00:00:00 2001 From: Jesse Szwedko Date: Mon, 14 Aug 2023 14:24:41 -0700 Subject: [PATCH 1/3] Update to version 2.0.0 of ed25519_dalek Signed-off-by: Jesse Szwedko --- Cargo.toml | 6 +++--- src/lib.rs | 32 ++++++++++++++++++-------------- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e8bbb36..264fa2b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,9 +20,9 @@ name = "nk" required-features = ["cli"] [dependencies] -signatory = "0.23" -ed25519 = { version = "1.3", default-features = false } -ed25519-dalek = { version = "1.0.1", default-features = false, features = ["u64_backend"] } +signatory = "0.27" +ed25519 = { version = "2.0.0", default-features = false } +ed25519-dalek = { version = "2.0.0", default-features = false, features = ["digest", "hazmat"] } rand = "0.8" byteorder = "1.3.4" data-encoding = "2.3.0" diff --git a/src/lib.rs b/src/lib.rs index dbab5b1..5ff1ebe 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -48,7 +48,7 @@ use std::fmt::{self, Debug}; use crc::{extract_crc, push_crc, valid_checksum}; -use ed25519_dalek::{ExpandedSecretKey, PublicKey, SecretKey, Signature, Verifier}; +use ed25519_dalek::{hazmat::ExpandedSecretKey, SecretKey, Signature, Verifier, VerifyingKey}; use rand::prelude::*; const ENCODED_SEED_LENGTH: usize = 58; @@ -81,7 +81,7 @@ type Result = std::result::Result; pub struct KeyPair { kp_type: KeyPairType, sk: Option, //rawkey_kind: RawKeyKind, - pk: PublicKey, + pk: VerifyingKey, } impl Debug for KeyPair { @@ -161,9 +161,10 @@ impl KeyPair { /// NOTE: These bytes should be generated from a cryptographically secure random source. pub fn new_from_raw(kp_type: KeyPairType, random_bytes: [u8; 32]) -> Result { let s = create_seed(random_bytes)?; + let pk = pk_from_seed(&s)?; Ok(KeyPair { kp_type, - pk: pk_from_seed(&s), + pk, sk: Some(s), }) } @@ -245,7 +246,9 @@ impl KeyPair { pub fn sign(&self, input: &[u8]) -> Result> { if let Some(ref seed) = self.sk { let expanded: ExpandedSecretKey = seed.into(); - let sig: Signature = expanded.sign(input, &self.pk); + let sig: Signature = ed25519_dalek::hazmat::raw_sign::( + &expanded, input, &self.pk, + ); Ok(sig.to_bytes().to_vec()) } else { Err(err!(SignatureError, "Cannot sign without a seed key")) @@ -256,7 +259,7 @@ impl KeyPair { pub fn verify(&self, input: &[u8], sig: &[u8]) -> Result<()> { let mut fixedsig = [0; ed25519::Signature::BYTE_SIZE]; fixedsig.copy_from_slice(sig); - let insig = ed25519::Signature::from_bytes(&fixedsig)?; + let insig = ed25519::Signature::from_bytes(&fixedsig); match self.pk.verify(input, &insig) { Ok(()) => Ok(()), @@ -277,7 +280,7 @@ impl KeyPair { raw.push(b1); raw.push(b2); - raw.extend(seed.as_bytes().iter()); + raw.extend(seed.iter()); push_crc(&mut raw); Ok(data_encoding::BASE32_NOPAD.encode(&raw[..])) @@ -300,7 +303,7 @@ impl KeyPair { )) } else { raw.remove(0); - match PublicKey::from_bytes(&raw) { + match VerifyingKey::try_from(&raw[..]) { Ok(pk) => Ok(KeyPair { kp_type: KeyPairType::from(prefix), pk, @@ -332,13 +335,14 @@ impl KeyPair { let b2 = (raw[0] & 7) << 5 | ((raw[1] & 248) >> 3); let kp_type = KeyPairType::from(b2); - let mut seed_bytes = [0u8; 32]; - seed_bytes.copy_from_slice(&raw[2..]); - let seed = SecretKey::from_bytes(&seed_bytes[..])?; + let mut seed = [0u8; 32]; + seed.copy_from_slice(&raw[2..]); + + let pk = pk_from_seed(&seed)?; Ok(KeyPair { kp_type, - pk: pk_from_seed(&seed), + pk, sk: Some(seed), }) } @@ -350,8 +354,8 @@ impl KeyPair { } } -fn pk_from_seed(seed: &SecretKey) -> PublicKey { - seed.into() +fn pk_from_seed(seed: &SecretKey) -> Result { + VerifyingKey::from_bytes(seed).map_err(|err| err.into()) } fn decode_raw(raw: &[u8]) -> Result> { @@ -372,7 +376,7 @@ fn generate_seed_rand() -> [u8; 32] { } fn create_seed(rand_bytes: [u8; 32]) -> Result { - SecretKey::from_bytes(&rand_bytes[..]).map_err(|e| e.into()) + Ok(rand_bytes) } fn get_prefix_byte(kp_type: &KeyPairType) -> u8 { From d9ecb884abd237f1994d4a41ba7c65bb26d08236 Mon Sep 17 00:00:00 2001 From: Jesse Szwedko Date: Mon, 14 Aug 2023 14:29:58 -0700 Subject: [PATCH 2/3] Remove unnecessary function Signed-off-by: Jesse Szwedko --- src/lib.rs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 5ff1ebe..744e68d 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -160,7 +160,7 @@ impl KeyPair { /// Returns an error if there is an issue using the bytes to generate the key /// NOTE: These bytes should be generated from a cryptographically secure random source. pub fn new_from_raw(kp_type: KeyPairType, random_bytes: [u8; 32]) -> Result { - let s = create_seed(random_bytes)?; + let s = random_bytes; let pk = pk_from_seed(&s)?; Ok(KeyPair { kp_type, @@ -375,10 +375,6 @@ fn generate_seed_rand() -> [u8; 32] { rng.gen::<[u8; 32]>() } -fn create_seed(rand_bytes: [u8; 32]) -> Result { - Ok(rand_bytes) -} - fn get_prefix_byte(kp_type: &KeyPairType) -> u8 { match kp_type { KeyPairType::Server => PREFIX_BYTE_SERVER, From 27c8cdcc55851c53aa1737b10cec7c9c4dec6e86 Mon Sep 17 00:00:00 2001 From: Taylor Thomas Date: Tue, 15 Aug 2023 16:34:01 -0600 Subject: [PATCH 3/3] fix(*): Fixes incorrect tests and removes use of hazmat Signed-off-by: Taylor Thomas --- Cargo.toml | 17 +++++++++++++---- src/bin/nk/main.rs | 2 +- src/lib.rs | 28 ++++++++++++---------------- 3 files changed, 26 insertions(+), 21 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 264fa2b..ba20d91 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "nkeys" -version = "0.3.1" +version = "0.3.2" authors = ["wasmCloud Team"] edition = "2021" description = "Rust implementation of the NATS nkeys library" @@ -13,7 +13,14 @@ keywords = ["crypto", "nats", "ed25519", "cryptography"] categories = ["cryptography", "authentication"] [features] -cli = ["quicli", "structopt", "term-table", "exitfailure", "env_logger", "serde_json"] +cli = [ + "quicli", + "structopt", + "term-table", + "exitfailure", + "env_logger", + "serde_json", +] [[bin]] name = "nk" @@ -22,7 +29,9 @@ required-features = ["cli"] [dependencies] signatory = "0.27" ed25519 = { version = "2.0.0", default-features = false } -ed25519-dalek = { version = "2.0.0", default-features = false, features = ["digest", "hazmat"] } +ed25519-dalek = { version = "2.0.0", default-features = false, features = [ + "digest", +] } rand = "0.8" byteorder = "1.3.4" data-encoding = "2.3.0" @@ -32,7 +41,7 @@ log = "0.4.11" quicli = { version = "0.4", optional = true } structopt = { version = "0.3.17", optional = true } term-table = { version = "1.3.0", optional = true } -exitfailure = { version = "0.5.1", optional =true } +exitfailure = { version = "0.5.1", optional = true } env_logger = { version = "0.9", optional = true } serde_json = { version = "1.0", optional = true } diff --git a/src/bin/nk/main.rs b/src/bin/nk/main.rs index 67ffbbe..5f87cb5 100644 --- a/src/bin/nk/main.rs +++ b/src/bin/nk/main.rs @@ -96,7 +96,7 @@ fn generate(kt: &KeyPairType, output_type: &Output) { "seed": kp.seed().unwrap(), }); - println!("{}", output.to_string()); + println!("{}", output); } } } diff --git a/src/lib.rs b/src/lib.rs index 744e68d..37adf0e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -48,7 +48,7 @@ use std::fmt::{self, Debug}; use crc::{extract_crc, push_crc, valid_checksum}; -use ed25519_dalek::{hazmat::ExpandedSecretKey, SecretKey, Signature, Verifier, VerifyingKey}; +use ed25519_dalek::{SecretKey, Signer, SigningKey, Verifier, VerifyingKey}; use rand::prelude::*; const ENCODED_SEED_LENGTH: usize = 58; @@ -81,6 +81,7 @@ type Result = std::result::Result; pub struct KeyPair { kp_type: KeyPairType, sk: Option, //rawkey_kind: RawKeyKind, + signing_key: Option, pk: VerifyingKey, } @@ -160,12 +161,12 @@ impl KeyPair { /// Returns an error if there is an issue using the bytes to generate the key /// NOTE: These bytes should be generated from a cryptographically secure random source. pub fn new_from_raw(kp_type: KeyPairType, random_bytes: [u8; 32]) -> Result { - let s = random_bytes; - let pk = pk_from_seed(&s)?; + let signing_key = SigningKey::from_bytes(&random_bytes); Ok(KeyPair { kp_type, - pk, - sk: Some(s), + pk: signing_key.verifying_key(), + signing_key: Some(signing_key), + sk: Some(random_bytes), }) } @@ -244,11 +245,8 @@ impl KeyPair { /// Attempts to sign the given input with the key pair's seed pub fn sign(&self, input: &[u8]) -> Result> { - if let Some(ref seed) = self.sk { - let expanded: ExpandedSecretKey = seed.into(); - let sig: Signature = ed25519_dalek::hazmat::raw_sign::( - &expanded, input, &self.pk, - ); + if let Some(ref seed) = self.signing_key { + let sig = seed.sign(input); Ok(sig.to_bytes().to_vec()) } else { Err(err!(SignatureError, "Cannot sign without a seed key")) @@ -308,6 +306,7 @@ impl KeyPair { kp_type: KeyPairType::from(prefix), pk, sk: None, + signing_key: None, }), Err(_) => Err(err!(VerifyError, "Could not read public key")), } @@ -338,12 +337,13 @@ impl KeyPair { let mut seed = [0u8; 32]; seed.copy_from_slice(&raw[2..]); - let pk = pk_from_seed(&seed)?; + let signing_key = SigningKey::from_bytes(&seed); Ok(KeyPair { kp_type, - pk, + pk: signing_key.verifying_key(), sk: Some(seed), + signing_key: Some(signing_key), }) } } @@ -354,10 +354,6 @@ impl KeyPair { } } -fn pk_from_seed(seed: &SecretKey) -> Result { - VerifyingKey::from_bytes(seed).map_err(|err| err.into()) -} - fn decode_raw(raw: &[u8]) -> Result> { let mut b32_decoded = data_encoding::BASE32_NOPAD.decode(raw)?;