curve25519-dalek 4, x25519-dalek 2

2025-04-03 19:07:42 +03:00 · 2023-12-17 16:38:52 +00:00 · 2023-12-17 16:38:52 +00:00 · 349fa9a7bb
commit 349fa9a7bb
parent 69f755731a
8 changed files with 156 additions and 137 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -87,8 +87,7 @@ dependencies = [
 "pprof",
 "quickcheck",
 "quickcheck_macros",
- "rand 0.7.3",
- "rand 0.8.5",
+ "rand",
 "rpassword",
 "rsa",
 "rust-embed",
@ -114,7 +113,7 @@ dependencies = [
 "hkdf",
 "io_tee",
 "nom",
- "rand 0.8.5",
+ "rand",
 "secrecy",
 "sha2",
 "tempfile",
@ -138,7 +137,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "91429305e9f0a25f6205c5b8e0d2db09e0708a7a6df0f42212bb56c32c8ac97a"
 dependencies = [
 "cfg-if",
- "getrandom 0.2.11",
+ "getrandom",
 "once_cell",
 "version_check",
 "zerocopy 0.7.31",
@ -615,7 +614,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
 dependencies = [
 "generic-array",
- "rand_core 0.6.4",
+ "rand_core",
 "typenum",
 ]

@ -640,17 +639,31 @@ dependencies = [

 [[package]]
 name = "curve25519-dalek"
-version = "3.2.0"
+version = "4.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
+checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c"
 dependencies = [
- "byteorder",
- "digest 0.9.0",
- "rand_core 0.5.1",
+ "cfg-if",
+ "cpufeatures",
+ "curve25519-dalek-derive",
+ "fiat-crypto",
+ "platforms",
+ "rustc_version",
 "subtle",
 "zeroize",
 ]

+[[package]]
+name = "curve25519-dalek-derive"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.41",
+]
+
 [[package]]
 name = "dashmap"
 version = "5.5.3"
@ -683,15 +696,6 @@ dependencies = [
 "zeroize",
 ]

-[[package]]
-name = "digest"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066"
-dependencies = [
- "generic-array",
-]
-
 [[package]]
 name = "digest"
 version = "0.10.7"
@ -772,6 +776,12 @@ version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5"

+[[package]]
+name = "fiat-crypto"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7"
+
 [[package]]
 name = "filetime"
 version = "0.2.23"
@ -1003,17 +1013,6 @@ dependencies = [
 "version_check",
 ]

-[[package]]
-name = "getrandom"
-version = "0.1.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
-dependencies = [
- "cfg-if",
- "libc",
- "wasi 0.9.0+wasi-snapshot-preview1",
-]
-
 [[package]]
 name = "getrandom"
 version = "0.2.11"
@ -1022,7 +1021,7 @@ checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f"
 dependencies = [
 "cfg-if",
 "libc",
- "wasi 0.11.0+wasi-snapshot-preview1",
+ "wasi",
 ]

 [[package]]
@ -1100,7 +1099,7 @@ version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
 dependencies = [
- "digest 0.10.7",
+ "digest",
 ]

 [[package]]
@ -1475,7 +1474,7 @@ dependencies = [
 "num-integer",
 "num-iter",
 "num-traits",
- "rand 0.8.5",
+ "rand",
 "smallvec",
 "zeroize",
 ]
@ -1627,7 +1626,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7676374caaee8a325c9e7a2ae557f216c5563a171d6997b0ef8a65af35147700"
 dependencies = [
 "base64ct",
- "rand_core 0.6.4",
+ "rand_core",
 "subtle",
 ]

@ -1637,7 +1636,7 @@ version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917"
 dependencies = [
- "digest 0.10.7",
+ "digest",
 "hmac",
 "password-hash",
 "sha2",
@ -1649,7 +1648,7 @@ version = "0.12.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2"
 dependencies = [
- "digest 0.10.7",
+ "digest",
 "hmac",
 ]

@ -1732,6 +1731,12 @@ version = "0.3.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"

+[[package]]
+name = "platforms"
+version = "3.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "14e6ab3f592e6fb464fc9712d8d6e6912de6473954635fd76a589d832cffcbb0"
+
 [[package]]
 name = "plotters"
 version = "0.3.5"
@ -1861,7 +1866,7 @@ checksum = "588f6378e4dd99458b60ec275b4477add41ce4fa9f64dcba6f15adccb19b50d6"
 dependencies = [
 "env_logger 0.8.4",
 "log",
- "rand 0.8.5",
+ "rand",
 ]

 [[package]]
@ -1912,19 +1917,6 @@ dependencies = [
 "zip",
 ]

-[[package]]
-name = "rand"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
-dependencies = [
- "getrandom 0.1.16",
- "libc",
- "rand_chacha 0.2.2",
- "rand_core 0.5.1",
- "rand_hc",
-]
-
 [[package]]
 name = "rand"
 version = "0.8.5"
@ -1932,18 +1924,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
 "libc",
- "rand_chacha 0.3.1",
- "rand_core 0.6.4",
-]
-
-[[package]]
-name = "rand_chacha"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
-dependencies = [
- "ppv-lite86",
- "rand_core 0.5.1",
+ "rand_chacha",
+ "rand_core",
 ]

 [[package]]
@ -1953,16 +1935,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
 dependencies = [
 "ppv-lite86",
- "rand_core 0.6.4",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
-dependencies = [
- "getrandom 0.1.16",
+ "rand_core",
 ]

 [[package]]
@ -1971,16 +1944,7 @@ version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
 dependencies = [
- "getrandom 0.2.11",
-]
-
-[[package]]
-name = "rand_hc"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
-dependencies = [
- "rand_core 0.5.1",
+ "getrandom",
 ]

 [[package]]
@ -2074,13 +2038,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc"
 dependencies = [
 "const-oid",
- "digest 0.10.7",
+ "digest",
 "num-bigint-dig",
 "num-integer",
 "num-traits",
 "pkcs1",
 "pkcs8",
- "rand_core 0.6.4",
+ "rand_core",
 "signature",
 "spki",
 "subtle",
@ -2143,6 +2107,15 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"

+[[package]]
+name = "rustc_version"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
+dependencies = [
+ "semver",
+]
+
 [[package]]
 name = "rustix"
 version = "0.38.28"
@ -2221,6 +2194,12 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e388332cd64eb80cd595a00941baf513caffae8dce9cfd0467fc9c66397dade6"

+[[package]]
+name = "semver"
+version = "1.0.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090"
+
 [[package]]
 name = "serde"
 version = "1.0.193"
@ -2269,7 +2248,7 @@ checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
 dependencies = [
 "cfg-if",
 "cpufeatures",
- "digest 0.10.7",
+ "digest",
 ]

 [[package]]
@ -2280,7 +2259,7 @@ checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
 dependencies = [
 "cfg-if",
 "cpufeatures",
- "digest 0.10.7",
+ "digest",
 ]

 [[package]]
@ -2289,8 +2268,8 @@ version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
 dependencies = [
- "digest 0.10.7",
- "rand_core 0.6.4",
+ "digest",
+ "rand_core",
 ]

 [[package]]
@ -2671,12 +2650,6 @@ dependencies = [
 "winapi-util",
 ]

-[[package]]
-name = "wasi"
-version = "0.9.0+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
-
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
@ -3014,12 +2987,13 @@ checksum = "f8dab7ac864710bdea6594becbea5b5050333cf34fefb0dc319567eb347950d4"

 [[package]]
 name = "x25519-dalek"
-version = "1.1.1"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a0c105152107e3b96f6a00a65e86ce82d9b125230e1c4302940eca58ff71f4f"
+checksum = "fb66477291e7e8d2b0ff1bcb900bf29489a9692816d79874bea351e7a8b6de96"
 dependencies = [
 "curve25519-dalek",
- "rand_core 0.5.1",
+ "rand_core",
+ "serde",
 "zeroize",
 ]

--- a/Cargo.toml
+++ b/Cargo.toml
@ -26,7 +26,7 @@ base64 = "0.21"
 chacha20poly1305 = { version = "0.10", default-features = false, features = ["alloc"] }

 # - X25519 from RFC 7748
-x25519-dalek = "1"
+x25519-dalek = { version = "2", features = ["static_secrets"] }

 # - HKDF from RFC 5869 with SHA-256
 # - HMAC from RFC 2104 with SHA-256
@ -39,7 +39,6 @@ scrypt = { version = "0.11", default-features = false }

 # - CSPRNG
 rand = "0.8"
-rand_7 = { package = "rand", version = "0.7" }

 # - Key encoding
 bech32 = "0.9"
--- a/age/Cargo.toml
+++ b/age/Cargo.toml
@ -30,7 +30,7 @@ rand.workspace = true
 rsa = { version = "0.9", default-features = false, optional = true }

 # - Conversion of public keys from Ed25519 to X25519
-curve25519-dalek = { version = "3", optional = true }
+curve25519-dalek = { version = "4", optional = true }

 # Async I/O
 futures = { version = "0.3", optional = true }
@ -46,7 +46,6 @@ cookie-factory.workspace = true
 i18n-embed-fl.workspace = true
 lazy_static.workspace = true
 nom.workspace = true
-rand_7.workspace = true
 rust-embed.workspace = true
 scrypt.workspace = true
 sha2.workspace = true
--- a/age/src/ssh.rs
+++ b/age/src/ssh.rs
@ -509,11 +509,9 @@ mod read_ssh {
        preceded(
            string_tag(SSH_ED25519_KEY_PREFIX),
            map_opt(string, |buf| {
-                if buf.len() == 32 {
-                    CompressedEdwardsY::from_slice(buf).decompress()
-                } else {
-                    None
-                }
+                CompressedEdwardsY::from_slice(buf)
+                    .ok()
+                    .and_then(|p| p.decompress())
            }),
        )(input)
    }
--- a/age/src/ssh/recipient.rs
+++ b/age/src/ssh/recipient.rs
@ -129,10 +129,10 @@ impl TryFrom<Identity> for Recipient {

 impl crate::Recipient for Recipient {
    fn wrap_file_key(&self, file_key: &FileKey) -> Result<Vec<Stanza>, EncryptError> {
+        let mut rng = OsRng;
+
        match self {
            Recipient::SshRsa(ssh_key, pk) => {
-                let mut rng = OsRng;
-
                let encrypted_file_key = pk
                    .encrypt(
                        &mut rng,
@ -152,8 +152,7 @@ impl crate::Recipient for Recipient {
            Recipient::SshEd25519(ssh_key, ed25519_pk) => {
                let pk: X25519PublicKey = ed25519_pk.to_montgomery().to_bytes().into();

-                let rng = rand_7::rngs::OsRng;
-                let esk = EphemeralSecret::new(rng);
+                let esk = EphemeralSecret::random_from_rng(rng);
                let epk: X25519PublicKey = (&esk).into();

                let tweak: StaticSecret =
--- a/age/src/x25519.rs
+++ b/age/src/x25519.rs
@ -7,7 +7,7 @@ use age_core::{
 };
 use base64::{prelude::BASE64_STANDARD_NO_PAD, Engine};
 use bech32::{ToBase32, Variant};
-use rand_7::rngs::OsRng;
+use rand::rngs::OsRng;
 use std::fmt;
 use subtle::ConstantTimeEq;
 use x25519_dalek::{EphemeralSecret, PublicKey, StaticSecret};
@ -57,7 +57,7 @@ impl Identity {
    /// Generates a new secret key.
    pub fn generate() -> Self {
        let rng = OsRng;
-        Identity(StaticSecret::new(rng))
+        Identity(StaticSecret::random_from_rng(rng))
    }

    /// Serializes this secret key as a string.
@ -187,7 +187,7 @@ impl fmt::Display for Recipient {
 impl crate::Recipient for Recipient {
    fn wrap_file_key(&self, file_key: &FileKey) -> Result<Vec<Stanza>, EncryptError> {
        let rng = OsRng;
-        let esk = EphemeralSecret::new(rng);
+        let esk = EphemeralSecret::random_from_rng(rng);
        let epk: PublicKey = (&esk).into();
        let shared_secret = esk.diffie_hellman(&self.0);

--- a/supply-chain/config.toml
+++ b/supply-chain/config.toml
@ -286,10 +286,6 @@ criteria = "safe-to-deploy"
 version = "0.14.6"
 criteria = "safe-to-deploy"

-[[exemptions.getrandom]]
-version = "0.1.16"
-criteria = "safe-to-deploy"
-
 [[exemptions.getrandom]]
 version = "0.2.10"
 criteria = "safe-to-deploy"
@ -538,26 +534,10 @@ criteria = "safe-to-run"
 version = "1.0.3"
 criteria = "safe-to-run"

-[[exemptions.rand]]
-version = "0.7.3"
-criteria = "safe-to-deploy"
-
 [[exemptions.rand]]
 version = "0.8.5"
 criteria = "safe-to-deploy"

-[[exemptions.rand_chacha]]
-version = "0.2.2"
-criteria = "safe-to-deploy"
-
-[[exemptions.rand_core]]
-version = "0.5.1"
-criteria = "safe-to-deploy"
-
-[[exemptions.rand_hc]]
-version = "0.2.0"
-criteria = "safe-to-deploy"
-
 [[exemptions.redox_syscall]]
 version = "0.3.5"
 criteria = "safe-to-deploy"
@ -762,10 +742,6 @@ criteria = "safe-to-deploy"
 version = "2.3.3"
 criteria = "safe-to-deploy"

-[[exemptions.wasi]]
-version = "0.9.0+wasi-snapshot-preview1"
-criteria = "safe-to-deploy"
-
 [[exemptions.wasi]]
 version = "0.11.0+wasi-snapshot-preview1"
 criteria = "safe-to-deploy"
--- a/supply-chain/imports.lock
+++ b/supply-chain/imports.lock
@ -673,6 +673,65 @@ who = "David Cook <dcook@divviup.org>"
 criteria = "safe-to-deploy"
 version = "1.6.1"

+[[audits.isrg.audits.fiat-crypto]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+version = "0.1.17"
+notes = """
+This crate does not contain any unsafe code, and does not use any items from
+the standard library or other crates, aside from operations backed by
+`std::ops`. All paths with array indexing use integer literals for indexes, so
+there are no panics due to indexes out of bounds (as rustc would catch an
+out-of-bounds literal index). I did not check whether arithmetic overflows
+could cause a panic, and I am relying on the Coq code having satisfied the
+necessary preconditions to ensure panics due to overflows are unreachable.
+"""
+
+[[audits.isrg.audits.fiat-crypto]]
+who = "Brandon Pitman <bran@bran.land>"
+criteria = "safe-to-deploy"
+delta = "0.1.17 -> 0.1.18"
+
+[[audits.isrg.audits.fiat-crypto]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "0.1.18 -> 0.1.19"
+notes = """
+This release renames many items and adds a new module. The code in the new
+module is entirely composed of arithmetic and array accesses.
+"""
+
+[[audits.isrg.audits.fiat-crypto]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "0.1.19 -> 0.1.20"
+
+[[audits.isrg.audits.fiat-crypto]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "0.1.20 -> 0.2.0"
+
+[[audits.isrg.audits.fiat-crypto]]
+who = "Brandon Pitman <bran@bran.land>"
+criteria = "safe-to-deploy"
+delta = "0.2.0 -> 0.2.1"
+
+[[audits.isrg.audits.fiat-crypto]]
+who = "Tim Geoghegan <timg@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "0.2.1 -> 0.2.2"
+notes = "No changes to `unsafe` code, or any functional changes that I can detect at all."
+
+[[audits.isrg.audits.fiat-crypto]]
+who = "Brandon Pitman <bran@bran.land>"
+criteria = "safe-to-deploy"
+delta = "0.2.2 -> 0.2.4"
+
+[[audits.isrg.audits.fiat-crypto]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "0.2.4 -> 0.2.5"
+
 [[audits.isrg.audits.getrandom]]
 who = "Brandon Pitman <bran@bran.land>"
 criteria = "safe-to-deploy"
@ -1604,6 +1663,21 @@ criteria = "safe-to-deploy"
 delta = "0.1.22 -> 0.1.23"
 aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"

+[[audits.zcash.audits.rustc_version]]
+who = "Jack Grigg <jack@electriccoin.co>"
+criteria = "safe-to-deploy"
+version = "0.4.0"
+notes = """
+Most of the crate is code to parse and validate the output of `rustc -vV`. The caller can
+choose which `rustc` to use, or can use `rustc_version::{version, version_meta}` which will
+try `$RUSTC` followed by `rustc`.
+
+If an adversary can arbitrarily set the `$RUSTC` environment variable then this crate will
+execute arbitrary code. But when this crate is used within a build script, `$RUSTC` should
+be set correctly by `cargo`.
+"""
+aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
+
 [[audits.zcash.audits.sha2]]
 who = "Jack Grigg <jack@electriccoin.co>"
 criteria = "safe-to-deploy"