Updated crypto dependencies.

2024-01-11 01:32:18 +01:00
parent b74b0e00a0
commit a92799fb2d
8 changed files with 621 additions and 616 deletions
@@ -17,10 +17,10 @@ simplelog = "0.12.0"
 toml = "0.7.2"
 digest = "0.10.5"
 sha2 = "0.10.6"
-ed25519-dalek = "1.0"
-x25519-dalek = "1.2"
-ecies-ed25519 = "0.5"
-chacha20poly1305 = "0.9.1"
+ed25519-dalek = "2.0.0"
+x25519-dalek = { version = "2.0.0", features = ["reusable_secrets"] }
+ecies-ed25519-ng = { git = "https://github.com/Revertron/ecies-ed25519-ng", rev = "577c4f2", version = "0.5.2" }
+chacha20poly1305 = "0.10.1"
 signature = "2.0.0"
 blakeout = "0.3.0"
 num_cpus = "1.13.1"
@@ -35,12 +35,11 @@ num-traits = "0.2.15"
 chrono = { version = "0.4.20", features = ["serde"] }
 time = "0.3.14"
 rand = { package = "rand", version = "0.8.5" }
-rand-old = { package = "rand", version = "0.7.0" } # For ed25519-dalek
-sqlite = "0.30.4"
+sqlite = "0.31.0"
 uuid = { version = "1.3.0", features = ["serde", "v4"] }
 mio = { version = "0.8.9", features = ["os-poll", "net"] }
-ureq = { version = "2.5", optional = true }
-lru = "0.9.0"
+ureq = { version = "2.9", optional = true, git = "https://github.com/algesten/ureq" }
+lru = "0.11.0"
 derive_more = "0.99.17"
 lazy_static = "1.4.0"
 spmc = "0.3.0"
@@ -48,7 +47,7 @@ spmc = "0.3.0"
 # Optional dependencies regulated by features
 web-view = { git = "https://github.com/Boscop/web-view", features = [], optional = true }
 tinyfiledialogs = { version = "3.9.1", optional = true }
-open = { version = "3.0.3", optional = true }
+open = { version = "5.0.0", optional = true }

 [target.'cfg(windows)'.dependencies]
 winapi = { version = "0.3.9", features = ["impl-default", "wincon", "shellscalingapi"] }
@@ -10,7 +10,7 @@ check_blocks = 8
 # All bootstrap nodes
 peers = ["peer-v4.alfis.name:4244", "peer-v6.alfis.name:4244", "peer-ygg.alfis.name:4244"]
 # Your node will listen on that address for other nodes to connect
-listen = "[::]:4244"
+listen = "[::]:42440"
 # Set true if you want your IP to participate in peer-exchange, or false otherwise
 public = true
 # Allow connections to/from Yggdrasil only (https://yggdrasil-network.github.io)
@@ -19,7 +19,7 @@ yggdrasil_only = false
 # DNS resolver options
 [dns]
 # Your DNS resolver will be listening on this address and port (Usual port is 53)
-listen = "127.0.0.1:53"
+listen = "127.0.0.1:5311"
 # How many threads to spawn by DNS server
 threads = 10
 # AdGuard DNS servers to filter ads and trackers
@@ -1,8 +1,8 @@
 use std::fmt;
 use std::fmt::{Debug, Formatter};

-use chacha20poly1305::aead::{Aead, Error, NewAead};
-use chacha20poly1305::{ChaCha20Poly1305, Key, Nonce};
+use chacha20poly1305::aead::{Aead, Error};
+use chacha20poly1305::{ChaCha20Poly1305, Key, KeyInit, Nonce};

 pub const ZERO_NONCE: [u8; 12] = [0u8; 12];

@@ -1,8 +1,8 @@
 use std::fmt;
 use std::fmt::{Debug, Formatter};

-use ecies_ed25519::{decrypt, encrypt, Error, PublicKey, SecretKey};
-use rand_old::{CryptoRng, RngCore};
+use ecies_ed25519_ng::{decrypt, encrypt, Error, PublicKey, SecretKey};
+use rand::{CryptoRng, RngCore};

 use crate::{from_hex, to_hex};

@@ -19,7 +19,7 @@ impl CryptoBox {
    }

    pub fn generate<R>(csprng: &mut R) -> Self where R: CryptoRng + RngCore {
-        let (secret, public) = ecies_ed25519::generate_keypair(csprng);
+        let (secret, public) = ecies_ed25519_ng::generate_keypair(csprng);
        Self { secret, public }
    }

@@ -30,7 +30,7 @@ impl CryptoBox {
    }

    pub fn hide(&self, msg: &[u8]) -> Result<Vec<u8>, Error> {
-        let mut random = rand_old::thread_rng();
+        let mut random = rand::thread_rng();
        encrypt(&self.public, msg, &mut random)
    }

@@ -40,7 +40,7 @@ impl CryptoBox {

    pub fn encrypt(public: &[u8], message: &[u8]) -> Result<Vec<u8>, Error> {
        let public = PublicKey::from_bytes(public).unwrap();
-        let mut random = rand_old::thread_rng();
+        let mut random = rand::thread_rng();
        encrypt(&public, message, &mut random)
    }

@@ -13,14 +13,14 @@ use std::time::Instant;
 use std::{fs, thread};

 use blakeout::Blakeout;
-use ed25519_dalek::Keypair;
 #[allow(unused_imports)]
 use log::{debug, error, info, trace, warn};
-use rand_old::{CryptoRng, RngCore};
+use crate::keystore::rand::RngCore;
 use serde::{Deserialize, Serialize};

-use self::ed25519_dalek::ed25519::signature::Signature;
-use self::ed25519_dalek::{PublicKey, SecretKey, Signer, Verifier};
+use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, SecretKey};
+use ed25519_dalek::ed25519::SignatureBytes;
+use rand::CryptoRng;
 use crate::blockchain::hash_utils::*;
 use crate::bytes::Bytes;
 use crate::commons::KEYSTORE_DIFFICULTY;
@@ -31,7 +31,7 @@ use crate::{from_hex, setup_miner_thread, to_hex, Context};

 #[derive(Debug)]
 pub struct Keystore {
-    keypair: Keypair,
+    keypair: SigningKey,
    hash: RefCell<Bytes>,
    path: String,
    crypto_box: CryptoBox,
@@ -40,30 +40,40 @@ pub struct Keystore {

 impl Keystore {
    pub fn new() -> Self {
-        let mut csprng = rand_old::thread_rng();
-        let keypair = ed25519_dalek::Keypair::generate(&mut csprng);
+        let mut csprng = rand::thread_rng();
+        let mut buf = [0u8; 32];
+        csprng.fill_bytes(&mut buf);
+        let secret = SecretKey::from(buf);
+        let keypair = ed25519_dalek::SigningKey::from_bytes(&secret);
        let crypto_box = CryptoBox::generate(&mut csprng);
        Keystore { keypair, hash: RefCell::new(Bytes::default()), path: String::new(), crypto_box, old: false }
    }

    pub fn from_random<R>(csprng: &mut R) -> Self where R: CryptoRng + RngCore {
-        let keypair = ed25519_dalek::Keypair::generate(csprng);
+        let mut buf = [0u8; 32];
+        csprng.fill_bytes(&mut buf);
+        let secret = SecretKey::from(buf);
+        let keypair = ed25519_dalek::SigningKey::from_bytes(&secret);
        let crypto_box = CryptoBox::generate(csprng);
        Keystore { keypair, hash: RefCell::new(Bytes::default()), path: String::new(), crypto_box, old: false }
    }

    pub fn from_bytes(seed: &[u8]) -> Self {
-        let keypair = Keypair::from_bytes(seed).expect("Error creating keypair from bytes!");
-        let mut csprng = rand_old::thread_rng();
+        //TODO test thoroughly
+        let secret_key = SecretKey::try_from(seed).expect("Can't create Keystore from bytes");
+        let keypair = SigningKey::from_bytes(&secret_key);
+        let mut csprng = rand::thread_rng();
        let crypto_box = CryptoBox::generate(&mut csprng);
        Keystore { keypair, hash: RefCell::new(Bytes::default()), path: String::new(), crypto_box, old: false }
    }

    pub fn from_random_bytes(key: &[u8]) -> Self {
-        let secret = SecretKey::from_bytes(key).unwrap();
-        let public = PublicKey::from(&secret);
-        let keypair = Keypair { secret, public };
-        let mut csprng = rand_old::thread_rng();
+        //TODO test thoroughly
+        let keypair = SecretKey::try_from(key).expect("Can't create Keystore from bytes");
+        let keypair = SigningKey::from_bytes(&keypair);
+        //let public = PublicKey::from(&keypair);
+        //let keypair = SigningKey { secret, public };
+        let mut csprng = rand::thread_rng();
        let crypto_box = CryptoBox::generate(&mut csprng);
        Keystore { keypair, hash: RefCell::new(Bytes::default()), path: String::new(), crypto_box, old: false }
    }
@@ -74,12 +84,11 @@ impl Keystore {
            Ok(key) => {
                match toml::from_str::<Keys>(&String::from_utf8(key).unwrap_or_default()) {
                    Ok(keys) => {
-                        let secret = SecretKey::from_bytes(&from_hex(&keys.signing.secret).unwrap()).unwrap();
-                        let public = PublicKey::from_bytes(&from_hex(&keys.signing.public).unwrap()).unwrap();
-                        let keypair = Keypair { secret, public };
+                        let secret = SecretKey::try_from(from_hex(&keys.signing.secret).unwrap().as_slice()).unwrap();
+                        let keypair = SigningKey::from_bytes(&secret);
                        let crypto_box = CryptoBox::from_strings(&keys.encryption.secret, &keys.encryption.public);
                        let keystore = Keystore { keypair, hash: RefCell::new(Bytes::default()), path: String::from(filename), crypto_box, old: false };
-                        let bytes = Bytes::from_bytes(&keystore.keypair.public.to_bytes());
+                        let bytes = Bytes::from_bytes(&keystore.keypair.verifying_key().to_bytes());
                        if check_public_key_strength(&bytes, KEYSTORE_DIFFICULTY) {
                            Some(keystore)
                        } else {
@@ -112,11 +121,11 @@ impl Keystore {
    }

    pub fn get_public(&self) -> Bytes {
-        Bytes::from_bytes(&self.keypair.public.to_bytes())
+        Bytes::from_bytes(&self.keypair.verifying_key().to_bytes())
    }

    pub fn get_private(&self) -> Bytes {
-        Bytes::from_bytes(&self.keypair.secret.to_bytes())
+        Bytes::from_bytes(&self.keypair.to_bytes())
    }

    pub fn get_encryption_public(&self) -> Bytes {
@@ -124,7 +133,7 @@ impl Keystore {
    }

    pub fn get_keys(&self) -> Keys {
-        let signing = KeyPack::new(to_hex(&self.keypair.public.to_bytes()), to_hex(&self.keypair.secret.to_bytes()));
+        let signing = KeyPack::new(to_hex(&self.keypair.verifying_key().to_bytes()), to_hex(&self.keypair.to_bytes()));
        let encryption = KeyPack::new(to_hex(&self.crypto_box.public.to_bytes()), to_hex(&self.crypto_box.secret.to_bytes()));
        Keys::new(false, signing, encryption)
    }
@@ -145,9 +154,13 @@ impl Keystore {
    }

    pub fn check(message: &[u8], public_key: &[u8], signature: &[u8]) -> bool {
-        let key = PublicKey::from_bytes(public_key).expect("Wrong public key!");
-        let signature = Signature::from_bytes(signature).unwrap();
-        key.verify(message, &signature).is_ok()
+        let buf = public_key.try_into().expect("Wrong public key");
+        let key = ed25519_dalek::VerifyingKey::from_bytes(&buf).expect("Wrong public key!");
+        if let Ok(signature) = SignatureBytes::try_from(signature) {
+            let signature = Signature::from_bytes(&signature);
+            return key.verify(message, &signature).is_ok();
+        }
+        false
    }

    pub fn encrypt(&self, message: &[u8]) -> Bytes {
@@ -174,7 +187,7 @@ impl Default for Keystore {

 impl Clone for Keystore {
    fn clone(&self) -> Self {
-        let keypair = Keypair::from_bytes(&self.keypair.to_bytes()).unwrap();
+        let keypair = SigningKey::from_bytes(&self.keypair.to_bytes());
        Self { keypair, hash: RefCell::new(Bytes::default()), path: self.path.clone(), crypto_box: self.crypto_box.clone(), old: self.old }
    }
 }
@@ -243,7 +256,6 @@ pub fn create_key(context: Arc<Mutex<Context>>) {
 }

 fn generate_key(difficulty: u32, mining: Arc<AtomicBool>) -> Option<Keystore> {
-    use self::rand::RngCore;
    let mut rng = rand::thread_rng();
    let mut time = Instant::now();
    let mut count = 0u128;
@@ -251,10 +263,11 @@ fn generate_key(difficulty: u32, mining: Arc<AtomicBool>) -> Option<Keystore> {
    let mut buf = [0u8; 32];
    loop {
        rng.fill_bytes(&mut buf);
-        let secret = SecretKey::from_bytes(&buf).unwrap();
-        let public = PublicKey::from(&secret);
+        let secret = SecretKey::try_from(buf).expect("Wrong buf length");
+        let keypair = SigningKey::from_bytes(&secret);
+        //let public = PublicKey::from(&secret);
        digest.reset();
-        digest.update(public.as_bytes());
+        digest.update(keypair.verifying_key().as_bytes());
        if key_hash_difficulty(digest.result()) >= difficulty {
            mining.store(false, atomic::Ordering::SeqCst);
            let keystore = Keystore::from_random_bytes(&buf);
@@ -6,7 +6,7 @@
 use std::path::Path;
 use std::sync::{Arc, Mutex};
 use std::time::Duration;
-use std::{env, fs, thread};
+use std::{env, thread};

 use getopts::{Matches, Options};
 #[allow(unused_imports)]
@@ -141,10 +141,11 @@ fn main() {
        }
    };

-    #[cfg(feature = "webgui")]
    let mut no_gui = opt_matches.opt_present("n");
-    #[cfg(not(feature = "webgui"))]
-    let no_gui = true;
+    if !cfg!(feature = "webgui")
+    {
+        no_gui = true;
+    }

    #[cfg(windows)]
    if opt_matches.opt_present("service") {
@@ -152,7 +153,7 @@ fn main() {

        // Create a new directory inside the AppData directory
        let new_directory = format!("{}\\ALFIS", appdata);
-        fs::create_dir_all(&new_directory).expect("Failed to create directory");
+        std::fs::create_dir_all(&new_directory).expect("Failed to create directory");

        // Change the current directory to the new directory
        env::set_current_dir(&new_directory).expect("Failed to change directory");
@@ -17,8 +17,8 @@ use mio::event::Event;
 use mio::net::{TcpListener, TcpStream};
 use mio::{Events, Interest, Poll, Registry, Token};
 use rand::{random, Rng, RngCore};
-use rand_old::prelude::thread_rng;
-use x25519_dalek::{PublicKey, StaticSecret};
+use rand::prelude::thread_rng;
+use x25519_dalek::{PublicKey, ReusableSecret};

 use crate::blockchain::types::BlockQuality;
 use crate::commons::*;
@@ -31,7 +31,7 @@ const SERVER: Token = Token(0);

 pub struct Network {
    context: Arc<Mutex<Context>>,
-    secret_key: StaticSecret,
+    secret_key: ReusableSecret,
    public_key: PublicKey,
    token: Token,
    // States of peer connections, and some data to send when sockets become writable
@@ -44,7 +44,7 @@ impl Network {
    pub fn new(context: Arc<Mutex<Context>>) -> Self {
        // P2P encryption primitives
        let mut thread_rng = thread_rng();
-        let secret_key = StaticSecret::new(&mut thread_rng);
+        let secret_key = ReusableSecret::random_from_rng(&mut thread_rng);
        let public_key = PublicKey::from(&secret_key);
        let peers = Peers::new();
        Network { context, secret_key, public_key, token: Token(1), peers, future_blocks: HashMap::new() }