From 878385f171d60effac4ad1a9d4dee41e777528b8 Mon Sep 17 00:00:00 2001 From: Jeff Hiner <37913568+jeff-hiner@users.noreply.github.com> Date: Mon, 3 Apr 2023 11:34:15 -0600 Subject: [PATCH] Update x25519_dalek to 2.0.0-rc.2 (#341) --- Cargo.lock | 102 ++++++++---------- boringtun/Cargo.toml | 11 +- .../x25519_public_key_benching.rs | 2 +- .../x25519_shared_key_benching.rs | 5 +- boringtun/src/device/integration_tests/mod.rs | 20 ++-- boringtun/src/ffi/mod.rs | 2 +- boringtun/src/noise/handshake.rs | 4 +- boringtun/src/noise/mod.rs | 4 +- 8 files changed, 75 insertions(+), 75 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 067245dd..16b4ecf7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -62,7 +62,7 @@ version = "0.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b9cf849ee05b2ee5fba5e36f97ff8ec2533916700fc0758d40d92136a42f3388" dependencies = [ - "digest 0.10.3", + "digest", ] [[package]] @@ -93,7 +93,7 @@ dependencies = [ "mock_instant", "nix", "parking_lot", - "rand_core 0.6.3", + "rand_core", "ring", "socket2", "thiserror", @@ -139,12 +139,6 @@ version = "3.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535" -[[package]] -name = "byteorder" -version = "1.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" - [[package]] name = "bytes" version = "1.1.0" @@ -361,7 +355,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2ccfd8c0ee4cce11e45b3fd6f9d5e69e0cc62912aa6a0cb1bf4617b0eba5a12f" dependencies = [ "generic-array", - "rand_core 0.6.3", + "rand_core", "typenum", ] @@ -389,13 +383,14 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "3.2.0" +version = "4.0.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61" +checksum = "03d928d978dbec61a1167414f5ec534f24bea0d7a0d24dd9b6233d3d8223e585" dependencies = [ - "byteorder", - "digest 0.9.0", - "rand_core 0.5.1", + "cfg-if", + "fiat-crypto", + "packed_simd_2", + "platforms", "subtle", "zeroize", ] @@ -410,15 +405,6 @@ dependencies = [ "libc", ] -[[package]] -name = "digest" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" -dependencies = [ - "generic-array", -] - [[package]] name = "digest" version = "0.10.3" @@ -445,6 +431,12 @@ dependencies = [ "arrayvec", ] +[[package]] +name = "fiat-crypto" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77" + [[package]] name = "generic-array" version = "0.14.5" @@ -455,17 +447,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "getrandom" -version = "0.1.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" -dependencies = [ - "cfg-if", - "libc", - "wasi 0.9.0+wasi-snapshot-preview1", -] - [[package]] name = "getrandom" version = "0.2.7" @@ -474,7 +455,7 @@ checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" dependencies = [ "cfg-if", "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", ] [[package]] @@ -510,7 +491,7 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest 0.10.3", + "digest", ] [[package]] @@ -616,6 +597,12 @@ version = "0.2.132" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5" +[[package]] +name = "libm" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fc7aa29613bd6a620df431842069224d8bc9011086b1db4c0e0cd47fa03ec9a" + [[package]] name = "lock_api" version = "0.4.7" @@ -720,6 +707,16 @@ version = "6.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "21326818e99cfe6ce1e524c2a805c189a99b5ae555a35d19f9a284b427d86afa" +[[package]] +name = "packed_simd_2" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1914cd452d8fccd6f9db48147b29fd4ae05bea9dc5d9ad578509f72415de282" +dependencies = [ + "cfg-if", + "libm", +] + [[package]] name = "parking_lot" version = "0.12.1" @@ -749,6 +746,12 @@ version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116" +[[package]] +name = "platforms" +version = "3.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3d7ddaed09e0eb771a79ab0fd64609ba0afb0a8366421957936ad14cbd13630" + [[package]] name = "plotters" version = "0.3.2" @@ -806,22 +809,13 @@ dependencies = [ "proc-macro2", ] -[[package]] -name = "rand_core" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" -dependencies = [ - "getrandom 0.1.16", -] - [[package]] name = "rand_core" version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" dependencies = [ - "getrandom 0.2.7", + "getrandom", ] [[package]] @@ -934,6 +928,9 @@ name = "serde" version = "1.0.139" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0171ebb889e45aa68b44aee0859b3eede84c6f5f5c228e6f140c0b2a0a46cad6" +dependencies = [ + "serde_derive", +] [[package]] name = "serde_cbor" @@ -1245,12 +1242,6 @@ dependencies = [ "winapi-util", ] -[[package]] -name = "wasi" -version = "0.9.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" - [[package]] name = "wasi" version = "0.11.0+wasi-snapshot-preview1" @@ -1397,12 +1388,13 @@ checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680" [[package]] name = "x25519-dalek" -version = "2.0.0-pre.1" +version = "2.0.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5da623d8af10a62342bcbbb230e33e58a63255a58012f8653c578e54bab48df" +checksum = "fabd6e16dd08033932fc3265ad4510cc2eab24656058a6dcb107ffe274abcc95" dependencies = [ "curve25519-dalek", - "rand_core 0.6.3", + "rand_core", + "serde", "zeroize", ] diff --git a/boringtun/Cargo.toml b/boringtun/Cargo.toml index 38c86106..829a83ad 100644 --- a/boringtun/Cargo.toml +++ b/boringtun/Cargo.toml @@ -2,7 +2,11 @@ name = "boringtun" description = "an implementation of the WireGuard® protocol designed for portability and speed" version = "0.5.2" -authors = ["Noah Kennedy ", "Andy Grover ", "Jeff Hiner "] +authors = [ + "Noah Kennedy ", + "Andy Grover ", + "Jeff Hiner ", +] license = "BSD-3-Clause" repository = "https://github.com/cloudflare/boringtun" documentation = "https://docs.rs/boringtun/0.5.2/boringtun/" @@ -27,7 +31,10 @@ tracing-subscriber = { version = "0.3", features = ["fmt"], optional = true } ip_network = "0.4.1" ip_network_table = "0.2.0" ring = "0.16" -x25519-dalek = { version = "2.0.0-pre.1", features = ["reusable_secrets"] } +x25519-dalek = { version = "=2.0.0-rc.2", features = [ + "reusable_secrets", + "static_secrets", +] } rand_core = { version = "0.6.3", features = ["getrandom"] } chacha20poly1305 = "0.10.0-pre.1" aead = "0.5.0-pre.2" diff --git a/boringtun/benches/crypto_benches/x25519_public_key_benching.rs b/boringtun/benches/crypto_benches/x25519_public_key_benching.rs index 5814d9bb..7e257595 100644 --- a/boringtun/benches/crypto_benches/x25519_public_key_benching.rs +++ b/boringtun/benches/crypto_benches/x25519_public_key_benching.rs @@ -8,7 +8,7 @@ pub fn bench_x25519_public_key(c: &mut Criterion) { group.bench_function("x25519_public_key_dalek", |b| { b.iter(|| { - let secret_key = x25519_dalek::StaticSecret::new(OsRng); + let secret_key = x25519_dalek::StaticSecret::random_from_rng(OsRng); let public_key = x25519_dalek::PublicKey::from(&secret_key); (secret_key, public_key) diff --git a/boringtun/benches/crypto_benches/x25519_shared_key_benching.rs b/boringtun/benches/crypto_benches/x25519_shared_key_benching.rs index c2af6982..0ba90625 100644 --- a/boringtun/benches/crypto_benches/x25519_shared_key_benching.rs +++ b/boringtun/benches/crypto_benches/x25519_shared_key_benching.rs @@ -7,10 +7,11 @@ pub fn bench_x25519_shared_key(c: &mut Criterion) { group.sample_size(1000); group.bench_function("x25519_shared_key_dalek", |b| { - let public_key = x25519_dalek::PublicKey::from(&x25519_dalek::StaticSecret::new(OsRng)); + let public_key = + x25519_dalek::PublicKey::from(&x25519_dalek::StaticSecret::random_from_rng(OsRng)); b.iter_batched( - || x25519_dalek::StaticSecret::new(OsRng), + || x25519_dalek::StaticSecret::random_from_rng(OsRng), |secret_key| secret_key.diffie_hellman(&public_key), BatchSize::SmallInput, ); diff --git a/boringtun/src/device/integration_tests/mod.rs b/boringtun/src/device/integration_tests/mod.rs index ede23f03..b4e360c3 100644 --- a/boringtun/src/device/integration_tests/mod.rs +++ b/boringtun/src/device/integration_tests/mod.rs @@ -87,7 +87,7 @@ mod tests { /// Create a new peer with a given endpoint and a list of allowed IPs fn new(endpoint: SocketAddr, allowed_ips: Vec) -> Peer { Peer { - key: StaticSecret::new(OsRng), + key: StaticSecret::random_from_rng(OsRng), endpoint, allowed_ips, container_name: None, @@ -476,7 +476,7 @@ mod tests { /// Test if wireguard starts and creates a unix socket that we can use to set settings fn test_wireguard_set() { let port = next_port(); - let private_key = StaticSecret::new(OsRng); + let private_key = StaticSecret::random_from_rng(OsRng); let own_public_key = PublicKey::from(&private_key); let wg = WGHandle::init("192.0.2.0".parse().unwrap(), "::2".parse().unwrap()); @@ -494,7 +494,7 @@ mod tests { ) ); - let peer_key = StaticSecret::new(OsRng); + let peer_key = StaticSecret::random_from_rng(OsRng); let peer_pub_key = PublicKey::from(&peer_key); let endpoint = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(172, 0, 0, 1)), 50001); let allowed_ips = [ @@ -543,7 +543,7 @@ mod tests { #[ignore] fn test_wg_start_ipv4_non_connected() { let port = next_port(); - let private_key = StaticSecret::new(OsRng); + let private_key = StaticSecret::random_from_rng(OsRng); let public_key = PublicKey::from(&private_key); let addr_v4 = next_ip(); let addr_v6 = next_ip_v6(); @@ -590,7 +590,7 @@ mod tests { #[ignore] fn test_wg_start_ipv4() { let port = next_port(); - let private_key = StaticSecret::new(OsRng); + let private_key = StaticSecret::random_from_rng(OsRng); let public_key = PublicKey::from(&private_key); let addr_v4 = next_ip(); let addr_v6 = next_ip_v6(); @@ -626,7 +626,7 @@ mod tests { /// Test if wireguard can handle simple ipv6 connections fn test_wg_start_ipv6() { let port = next_port(); - let private_key = StaticSecret::new(OsRng); + let private_key = StaticSecret::random_from_rng(OsRng); let public_key = PublicKey::from(&private_key); let addr_v4 = next_ip(); let addr_v6 = next_ip_v6(); @@ -662,7 +662,7 @@ mod tests { #[cfg(target_os = "linux")] // Can't make docker work with ipv6 on macOS ATM fn test_wg_start_ipv6_endpoint() { let port = next_port(); - let private_key = StaticSecret::new(OsRng); + let private_key = StaticSecret::random_from_rng(OsRng); let public_key = PublicKey::from(&private_key); let addr_v4 = next_ip(); let addr_v6 = next_ip_v6(); @@ -701,7 +701,7 @@ mod tests { #[cfg(target_os = "linux")] // Can't make docker work with ipv6 on macOS ATM fn test_wg_start_ipv6_endpoint_not_connected() { let port = next_port(); - let private_key = StaticSecret::new(OsRng); + let private_key = StaticSecret::random_from_rng(OsRng); let public_key = PublicKey::from(&private_key); let addr_v4 = next_ip(); let addr_v6 = next_ip_v6(); @@ -750,7 +750,7 @@ mod tests { #[ignore] fn test_wg_concurrent() { let port = next_port(); - let private_key = StaticSecret::new(OsRng); + let private_key = StaticSecret::random_from_rng(OsRng); let public_key = PublicKey::from(&private_key); let addr_v4 = next_ip(); let addr_v6 = next_ip_v6(); @@ -801,7 +801,7 @@ mod tests { #[ignore] fn test_wg_concurrent_v6() { let port = next_port(); - let private_key = StaticSecret::new(OsRng); + let private_key = StaticSecret::random_from_rng(OsRng); let public_key = PublicKey::from(&private_key); let addr_v4 = next_ip(); let addr_v6 = next_ip_v6(); diff --git a/boringtun/src/ffi/mod.rs b/boringtun/src/ffi/mod.rs index 4c77af9e..3b4e3bb3 100644 --- a/boringtun/src/ffi/mod.rs +++ b/boringtun/src/ffi/mod.rs @@ -99,7 +99,7 @@ pub struct x25519_key { #[no_mangle] pub extern "C" fn x25519_secret_key() -> x25519_key { x25519_key { - key: StaticSecret::new(OsRng).to_bytes(), + key: StaticSecret::random_from_rng(OsRng).to_bytes(), } } diff --git a/boringtun/src/noise/handshake.rs b/boringtun/src/noise/handshake.rs index 1dd096c6..b7c93731 100644 --- a/boringtun/src/noise/handshake.rs +++ b/boringtun/src/noise/handshake.rs @@ -729,7 +729,7 @@ impl Handshake { let mut hash = INITIAL_CHAIN_HASH; hash = b2s_hash(&hash, self.params.peer_static_public.as_bytes()); // initiator.ephemeral_private = DH_GENERATE() - let ephemeral_private = x25519::ReusableSecret::new(OsRng); + let ephemeral_private = x25519::ReusableSecret::random_from_rng(OsRng); // msg.message_type = 1 // msg.reserved_zero = { 0, 0, 0 } message_type.copy_from_slice(&super::HANDSHAKE_INIT.to_le_bytes()); @@ -815,7 +815,7 @@ impl Handshake { let (encrypted_nothing, _) = rest.split_at_mut(16); // responder.ephemeral_private = DH_GENERATE() - let ephemeral_private = x25519::ReusableSecret::new(OsRng); + let ephemeral_private = x25519::ReusableSecret::random_from_rng(OsRng); let local_index = self.inc_index(); // msg.message_type = 2 // msg.reserved_zero = { 0, 0, 0 } diff --git a/boringtun/src/noise/mod.rs b/boringtun/src/noise/mod.rs index 60c814fb..79a6b923 100644 --- a/boringtun/src/noise/mod.rs +++ b/boringtun/src/noise/mod.rs @@ -598,11 +598,11 @@ mod tests { use rand_core::{OsRng, RngCore}; fn create_two_tuns() -> (Tunn, Tunn) { - let my_secret_key = x25519_dalek::StaticSecret::new(OsRng); + let my_secret_key = x25519_dalek::StaticSecret::random_from_rng(OsRng); let my_public_key = x25519_dalek::PublicKey::from(&my_secret_key); let my_idx = OsRng.next_u32(); - let their_secret_key = x25519_dalek::StaticSecret::new(OsRng); + let their_secret_key = x25519_dalek::StaticSecret::random_from_rng(OsRng); let their_public_key = x25519_dalek::PublicKey::from(&their_secret_key); let their_idx = OsRng.next_u32();