rust: bump tiny-keccak from 1.5.0 to 2.0.2

oasisprotocol · Sep 9, 2020 · baa2b44 · baa2b44
1 parent 518a104
commit baa2b44
Show file tree

Hide file tree

Showing 6 changed files with 29 additions and 19 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -66,4 +66,3 @@ updates:
       - dependency-name: serde_cbor
       - dependency-name: sha2
       - dependency-name: snow
-      - dependency-name: tiny-keccak
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/keymanager-lib/Cargo.toml b/keymanager-lib/Cargo.toml
@@ -16,6 +16,6 @@ io-context = "0.2.0"
 rand = "0.7.3"
 sgx-isa = { version = "0.3.2", features = ["sgxstd"] }
 sp800-185 = "0.2.0"
-tiny-keccak = "1.4.2"
+tiny-keccak = { version = "2.0.2", features = ["sha3"] }
 x25519-dalek = "1.1.0"
 zeroize = "1.1"
diff --git a/keymanager-lib/src/policy.rs b/keymanager-lib/src/policy.rs
@@ -7,7 +7,7 @@ use std::{
 use anyhow::Result;
 use lazy_static::lazy_static;
 use sgx_isa::Keypolicy;
-use tiny_keccak::sha3_256;
+use tiny_keccak::{Hasher, Sha3};
 
 use oasis_core_keymanager_api_common::*;
 use oasis_core_runtime::{
@@ -209,10 +209,15 @@ impl CachedPolicy {
         let policy = untrusted_policy.verify()?;
 
         let mut cached_policy = Self::default();
-        cached_policy.checksum = sha3_256(&raw).to_vec();
         cached_policy.serial = policy.serial;
         cached_policy.runtime_id = policy.id;
 
+        let mut sha3 = Sha3::v256();
+        sha3.update(&raw);
+        let mut k = [0; 32];
+        sha3.finalize(&mut k);
+        cached_policy.checksum = k.to_vec();
+
         // Convert the policy into a cached one.
         //
         // TODO: Need a mock enclave identity for non-sgx builds if we want to

diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml
@@ -39,7 +39,7 @@ io-context = "0.2.0"
 x25519-dalek = "1.1.0"
 ed25519-dalek = "1.0.0-pre.3"
 deoxysii = { git = "https://github.com/oasisprotocol/deoxysii-rust" }
-tiny-keccak = "1.4.2"
+tiny-keccak = { version = "2.0.2", features = ["sha3"] }
 sp800-185 = "0.2.0"
 zeroize = "1.1"
 intrusive-collections = "0.8"

diff --git a/runtime/src/common/sgx/egetkey.rs b/runtime/src/common/sgx/egetkey.rs
@@ -6,16 +6,7 @@ use sp800_185::KMac;
 #[cfg(target_env = "sgx")]
 use sgx_isa::{Keyname, Keyrequest};
 #[cfg(target_env = "sgx")]
-use tiny_keccak::sha3_256;
-
-// This crate is not portable due to dependencies, even when using the mock
-// key derivation:
-//
-//  * sp800_185 relies on tiny_keccak, which as of 1.4.2, will produce
-//    incorrect results on big endian targets, and will crash on any
-//    architecture that requires aligned 64 bit loads and stores.
-#[cfg(not(target_arch = "x86_64"))]
-error!("Only x86_64 is supported");
+use tiny_keccak::{Hasher, Sha3};
 
 #[cfg(not(target_env = "sgx"))]
 const MOCK_MRENCLAVE_KEY: &[u8] = b"Ekiden Test MRENCLAVE KEY";
@@ -32,7 +23,13 @@ fn egetkey_impl(key_policy: Keypolicy, context: &[u8]) -> [u8; 16] {
 
     req.keyname = Keyname::Seal as u16;
     req.keypolicy = key_policy;
-    req.keyid = sha3_256(context);
+
+    let mut sha3 = Sha3::v256();
+    sha3.update(context);
+    let mut k = [0; 32];
+    sha3.finalize(&mut k);
+    req.keyid = k.into();
+
     // Fucking sgx_isa::Attributes doesn't have a -> [u64;2].
     req.attributemask[0] = 1 | 2 | 4; // SGX_FLAGS_INITTED | SGX_FLAGS_DEBUG | SGX_FLAGS_MODE64BIT
     req.attributemask[1] = 3; // SGX_XFRM_LEGACY