Update crypto crates and fix sphinx issue (#94)

* single out crypto changes * phase out curve25519 for x25519 * tidy up tests and warnings * update rand dependencies * update crypto dependencies * bump crate version * cleanup * refactor BLindingFactor into StaticSecret * remove unused export alias
nymtech · May 7, 2024 · 2a2646e · 2a2646e
1 parent ca107d9
commit 2a2646e
Show file tree

Hide file tree

Showing 17 changed files with 173 additions and 320 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "sphinx-packet"
-version = "0.1.0"
+version = "0.2.0"
 authors = ["Ania Piotrowska <[email protected]>", "Dave Hrycyszyn <[email protected]>", "Jędrzej Stuczyński <[email protected]>"]
 edition = "2018"
 license = "Apache-2.0"
@@ -11,27 +11,28 @@ readme = "README.md"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aes = { version = "0.7.4", features = ["ctr"] }
-bs58 = "0.4.0"
-curve25519-dalek = "3.0.0"
-hmac = "0.11.0"
-digest = "0.9"
-log = "0.4"
-rand = {version = "0.7.3", features = ["wasm-bindgen"]}
-rand_distr = "0.3"
-sha2 = "0.9.1"
-hkdf = "0.11.0"
+aes = "0.8.4"
+ctr = "0.9.2"
+bs58 = "0.5.1"
+x25519-dalek = { version = "2.0.1", features = ["static_secrets", "getrandom"] }
+hmac = "0.12.1"
+digest = "0.10.7"
+log = "0.4.21"
+rand = "0.8.5"
+rand_distr = "0.4.3"
+sha2 = "0.10.8"
+hkdf = "0.12.4"
 lioness = "0.1.2"
-arrayref = "0.3.5"
+arrayref = "0.3.7"
 chacha = "0.3.0"
 blake2 = "0.8.0" # cannot be updated due to outdated dependency inside lioness
-byteorder = "1.3.2"
-subtle = "2.3.0"
+byteorder = "1.5.0"
+subtle = "2.4.1"
 
 
 [dev-dependencies]
-mockall = "0.10.2"
-criterion = "0.3"
+mockall = "0.12.1"
+criterion = "0.5.1"
 
 [[bench]]
 name = "benchmarks"

diff --git a/benches/benchmarks.rs b/benches/benchmarks.rs
@@ -18,9 +18,10 @@ use criterion::{black_box, criterion_group, criterion_main, Criterion};
 use sphinx_packet::constants::{
     DESTINATION_ADDRESS_LENGTH, IDENTIFIER_LENGTH, NODE_ADDRESS_LENGTH,
 };
-use sphinx_packet::crypto::keygen;
+
 use sphinx_packet::header::delays;
 use sphinx_packet::route::{Destination, DestinationAddressBytes, Node, NodeAddressBytes};
+use sphinx_packet::test_utils::fixtures::keygen;
 use sphinx_packet::SphinxPacket;
 use std::time::Duration;
 

diff --git a/src/crypto/keys.rs b/src/crypto/keys.rs
diff --git a/src/crypto/mod.rs b/src/crypto/mod.rs
@@ -12,22 +12,30 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use aes::cipher::{NewCipher, StreamCipher};
-use aes::Aes128Ctr;
-use digest::generic_array::{ArrayLength, GenericArray};
-use digest::{BlockInput, FixedOutput, Reset, Update};
-use hmac::{crypto_mac, Hmac, Mac, NewMac};
+use aes::{
+    cipher::{KeyIvInit, StreamCipher},
+    Aes128,
+};
+use digest::{
+    block_buffer::Eager,
+    consts::U256,
+    core_api::{BlockSizeUser, BufferKindUser, CoreProxy, FixedOutputCore},
+    generic_array::GenericArray,
+    typenum::{IsLess, Le, NonZero},
+    CtOutput, HashMarker,
+};
+use hmac::{Hmac, Mac};
 
-pub mod keys;
-
-// to not break existing imports
-pub use keys::*;
+//type export and aliasing to keep compatibility
+pub use x25519_dalek::PublicKey;
+pub type PrivateKey = x25519_dalek::StaticSecret;
 
 pub const STREAM_CIPHER_KEY_SIZE: usize = 16;
 pub const STREAM_CIPHER_INIT_VECTOR: [u8; 16] = [0u8; 16];
 
-// Type alias for ease of use so that it would not require explicit import of crypto_mac or Hmac
-pub type HmacOutput<D> = crypto_mac::Output<Hmac<D>>;
+// Type alias for ease of use
+pub type HmacOutput<D> = CtOutput<Hmac<D>>;
+type Aes128Ctr = ctr::Ctr64BE<Aes128>;
 
 pub fn generate_pseudorandom_bytes(
     // TODO: those should use proper generic arrays to begin with!!
@@ -49,9 +57,10 @@ pub fn generate_pseudorandom_bytes(
 /// Compute keyed hmac
 pub fn compute_keyed_hmac<D>(key: &[u8], data: &[u8]) -> HmacOutput<D>
 where
-    D: Update + BlockInput + FixedOutput + Reset + Default + Clone,
-    D::BlockSize: ArrayLength<u8>,
-    D::OutputSize: ArrayLength<u8>,
+    D: CoreProxy,
+    D::Core: HashMarker + FixedOutputCore + BufferKindUser<BufferKind = Eager> + Default + Clone,
+    <D::Core as BlockSizeUser>::BlockSize: IsLess<U256>,
+    Le<<D::Core as BlockSizeUser>::BlockSize, U256>: NonZero,
 {
     let mut hmac =
         Hmac::<D>::new_from_slice(key).expect("HMAC should be able to take key of any size!");

diff --git a/src/header/delays.rs b/src/header/delays.rs
@@ -176,7 +176,7 @@ mod delay_summing {
         let delay2 = Delay(123);
 
         let expected1 = Delay(165);
-        assert_eq!(expected1, &delay1 + &delay2);
+        assert_eq!(expected1, delay1 + delay2);
 
         let expected2 = Delay(265);
         let delay3 = Delay(100);
@@ -185,7 +185,7 @@ mod delay_summing {
 
     #[test]
     fn works_with_iterator() {
-        let delays = vec![Delay(42), Delay(123), Delay(100)];
+        let delays = [Delay(42), Delay(123), Delay(100)];
         let expected = Delay(265);
 
         assert_eq!(expected, delays.iter().sum());

diff --git a/src/header/filler.rs b/src/header/filler.rs
@@ -90,7 +90,7 @@ mod test_creating_pseudorandom_bytes {
     use crate::header::keys;
 
     use super::*;
-    use crypto::{EphemeralSecret, SharedSecret};
+    use x25519_dalek::{PublicKey, StaticSecret};
 
     #[test]
     fn with_no_keys_it_generates_empty_filler_string() {
@@ -102,7 +102,7 @@ mod test_creating_pseudorandom_bytes {
 
     #[test]
     fn with_1_key_it_generates_filler_of_length_1_times_3_times_security_parameter() {
-        let shared_keys = vec![SharedSecret::from(&EphemeralSecret::new())];
+        let shared_keys = [PublicKey::from(&StaticSecret::random())];
         let routing_keys: Vec<_> = shared_keys
             .iter()
             .map(|&key| keys::RoutingKeys::derive(key))
@@ -114,10 +114,10 @@ mod test_creating_pseudorandom_bytes {
 
     #[test]
     fn with_3_key_it_generates_filler_of_length_3_times_3_times_security_parameter() {
-        let shared_keys = vec![
-            SharedSecret::from(&EphemeralSecret::new()),
-            SharedSecret::from(&EphemeralSecret::new()),
-            SharedSecret::from(&EphemeralSecret::new()),
+        let shared_keys = [
+            PublicKey::from(&StaticSecret::random()),
+            PublicKey::from(&StaticSecret::random()),
+            PublicKey::from(&StaticSecret::random()),
         ];
         let routing_keys: Vec<_> = shared_keys
             .iter()
@@ -132,7 +132,7 @@ mod test_creating_pseudorandom_bytes {
     fn panics_with_more_keys_than_the_maximum_path_length() {
         let shared_keys: Vec<_> = std::iter::repeat(())
             .take(constants::MAX_PATH_LENGTH + 1)
-            .map(|_| SharedSecret::from(&EphemeralSecret::new()))
+            .map(|_| PublicKey::from(&StaticSecret::random()))
             .collect();
         let routing_keys: Vec<_> = shared_keys
             .iter()