Bump sha2 from 0.9.9 to 0.10.6, curve25519-dalek from 3.2.0 to 4.0.0

The old curvee25519-dalek is still depended on by `libp2p-core`. Fixes #1422.
nimiq · Jul 25, 2023 · a299f93 · a299f93
1 parent fdf6c88
commit a299f93
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 49 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/hash/Cargo.toml b/hash/Cargo.toml
@@ -22,7 +22,7 @@ byteorder = "1.2"
 hex = "0.4"
 rust-argon2 = "1.0"
 serde = "1.0"
-sha2 = "0.9"
+sha2 = "0.10"
 
 nimiq-database-value = { path = "../database/database-value" }
 nimiq-macros = { path = "../macros" }

diff --git a/keys/Cargo.toml b/keys/Cargo.toml
@@ -17,15 +17,15 @@ is-it-maintained-open-issues = { repository = "nimiq/core-rs" }
 maintenance = { status = "experimental" }
 
 [dependencies]
-curve25519-dalek = "3"
+curve25519-dalek = { version = "4", features = ["digest", "legacy_compatibility"] }
 data-encoding = "2.4"
 ed25519-zebra = "3.1"
 hex = "0.4"
 rand = "0.8"
 rand_core = "0.6"
 serde = { version = "1.0", optional = true }
 serde-big-array = { version = "0.5", optional = true }
-sha2 = "0.9"
+sha2 = "0.10"
 thiserror = "1.0"
 
 nimiq-database-value = { path = "../database/database-value" }

diff --git a/keys/src/multisig.rs b/keys/src/multisig.rs
@@ -108,12 +108,12 @@ impl CommitmentPair {
 
         h.update(randomness);
         let scalar = Scalar::from_hash::<sha2::Sha512>(h);
-        if scalar == Scalar::zero() || scalar == Scalar::one() {
+        if scalar == Scalar::ZERO || scalar == Scalar::ONE {
             return Err(InvalidScalarError);
         }
 
         // Compute the point [scalar]B.
-        let commitment: EdwardsPoint = &scalar * &constants::ED25519_BASEPOINT_TABLE;
+        let commitment: EdwardsPoint = &scalar * constants::ED25519_BASEPOINT_TABLE;
 
         let rs = RandomSecret(scalar);
         let ct = Commitment(commitment);
@@ -141,7 +141,7 @@ impl SecureGenerate for CommitmentPair {
 
 #[derive(PartialEq, Eq, Debug, Clone, Copy)]
 pub struct PartialSignature(Scalar);
-implement_simple_add_sum_traits!(PartialSignature, Scalar::zero());
+implement_simple_add_sum_traits!(PartialSignature, Scalar::ZERO);
 
 impl PartialSignature {
     pub const SIZE: usize = 32;
@@ -290,6 +290,9 @@ impl ToScalar for ::ed25519_zebra::SigningKey {
         scalar_bytes[0] &= 248;
         scalar_bytes[31] &= 127;
         scalar_bytes[31] |= 64;
+        // The above bit operations ensure that the integer represented by
+        // `scalar_bytes` is less than 2***255-19 as required by this function.
+        #[allow(deprecated)]
         Scalar::from_bits(scalar_bytes)
     }
 }
diff --git a/keys/src/private_key.rs b/keys/src/private_key.rs
@@ -34,6 +34,9 @@ impl PrivateKey {
         scalar_bytes[0] &= 248;
         scalar_bytes[31] &= 127;
         scalar_bytes[31] |= 64;
+        // The above bit operations ensure that the integer represented by
+        // `scalar_bytes` is less than 2***255-19 as required by this function.
+        #[allow(deprecated)]
         Scalar::from_bits(scalar_bytes)
     }
 

diff --git a/keys/tests/multisig.rs b/keys/tests/multisig.rs
@@ -319,8 +319,7 @@ fn it_correctly_calculates_commitments() {
     let scalar = Scalar::from_hash::<::sha2::Sha512>(h);
 
     // Compute the point [scalar]B.
-    let commitment: EdwardsPoint =
-        &scalar * &::curve25519_dalek::constants::ED25519_BASEPOINT_TABLE;
+    let commitment: EdwardsPoint = &scalar * ::curve25519_dalek::constants::ED25519_BASEPOINT_TABLE;
 
     assert_eq!(
         scalar.as_bytes(),
@@ -504,7 +503,7 @@ fn it_can_construct_commitments() {
 
         for i in 0..test.priv_keys.len() {
             let commitment: EdwardsPoint =
-                &test.secrets[i].0 * &::curve25519_dalek::constants::ED25519_BASEPOINT_TABLE;
+                &test.secrets[i].0 * ::curve25519_dalek::constants::ED25519_BASEPOINT_TABLE;
             assert_eq!(
                 (j, i, commitment.compress().to_bytes()),
                 (j, i, test.commitments[i].to_bytes())

diff --git a/vrf/Cargo.toml b/vrf/Cargo.toml
@@ -11,13 +11,13 @@ edition = "2021"
 
 [dependencies]
 byteorder = "1.3"
-curve25519-dalek = "3"
+curve25519-dalek = { version = "4", features = ["digest"] }
 hex = "0.4"
 log = { package = "tracing", version = "0.1", features = ["log"] }
 num-traits = "0.2"
 rand = "0.8"
 serde = { version = "1.0", optional = true }
-sha2 = "0.9"
+sha2 = "0.10"
 
 nimiq-hash = { path = "../hash" }
 nimiq-keys = { path = "../keys" }

diff --git a/vrf/src/vrf.rs b/vrf/src/vrf.rs
@@ -86,19 +86,25 @@ impl VrfSeed {
     pub fn verify(&self, prev_seed: &VrfSeed, public_key: &PublicKey) -> Result<(), VrfError> {
         // Deserialize signature.
         let V = CompressedEdwardsY::from_slice(&self.signature[..32])
+            .unwrap() // Fails if the slice is not length 32.
             .decompress()
             .ok_or(VrfError::InvalidSignature)?;
 
-        let h = Scalar::from_canonical_bytes(self.signature[32..64].try_into().unwrap())
-            .ok_or(VrfError::InvalidSignature)?;
+        let h: Scalar = Option::from(Scalar::from_canonical_bytes(
+            self.signature[32..64].try_into().unwrap(),
+        ))
+        .ok_or(VrfError::InvalidSignature)?;
 
-        let s = Scalar::from_canonical_bytes(self.signature[64..].try_into().unwrap())
-            .ok_or(VrfError::InvalidSignature)?;
+        let s: Scalar = Option::from(Scalar::from_canonical_bytes(
+            self.signature[64..].try_into().unwrap(),
+        ))
+        .ok_or(VrfError::InvalidSignature)?;
 
         // Deserialize public key.
         let A_bytes = public_key.as_bytes();
 
         let A = CompressedEdwardsY::from_slice(A_bytes)
+            .unwrap() // Fails if the slice is not length 32.
             .decompress()
             .ok_or(VrfError::InvalidSignature)?;
 
@@ -109,12 +115,13 @@ impl VrfSeed {
 
         // Follow the verification algorithm for VXEdDSA.
         // https://www.signal.org/docs/specifications/xeddsa/#vxeddsa
-        let B_v = EdwardsPoint::hash_from_bytes::<Sha512>(&[A_bytes, &message[..]].concat());
+        #[allow(deprecated)]
+        let B_v = EdwardsPoint::nonspec_map_to_curve::<Sha512>(&[A_bytes, &message[..]].concat());
         if A.is_small_order() || V.is_small_order() || B_v.is_identity() {
             return Err(VrfError::InvalidSignature);
         }
-        let R = &s * &constants::ED25519_BASEPOINT_TABLE - h * A;
-        let R_v = s * B_v - h * V;
+        let R: EdwardsPoint = &s * constants::ED25519_BASEPOINT_TABLE - h * A;
+        let R_v: EdwardsPoint = s * B_v - h * V;
         let h_check = Scalar::hash_from_bytes::<Sha512>(
             &[
                 A_bytes,
@@ -168,10 +175,11 @@ impl VrfSeed {
 
         // Follow the signing algorithm for VXEdDSA.
         // https://www.signal.org/docs/specifications/xeddsa/#vxeddsa
-        let B_v = EdwardsPoint::hash_from_bytes::<Sha512>(&[A_bytes, &message[..]].concat());
+        #[allow(deprecated)]
+        let B_v = EdwardsPoint::nonspec_map_to_curve::<Sha512>(&[A_bytes, &message[..]].concat());
         let V = (a * B_v).compress();
         let r = Scalar::hash_from_bytes::<Sha512>(&[a.as_bytes(), V.as_bytes(), &Z[..]].concat());
-        let R = (&r * &constants::ED25519_BASEPOINT_TABLE).compress();
+        let R = (&r * constants::ED25519_BASEPOINT_TABLE).compress();
         let R_v = (r * B_v).compress();
         let h = Scalar::hash_from_bytes::<Sha512>(
             &[
@@ -205,6 +213,7 @@ impl VrfSeed {
 
         // Calculate the point V and serialized it.
         let V = CompressedEdwardsY::from_slice(&self.signature[..32])
+            .unwrap() // Fails if the slice is not length 32.
             .decompress()
             .expect("Tried to use an invalid signature for the VRF RNG!");
         let V_bytes = V.mul_by_cofactor().compress().to_bytes();