dalek 2.0.0-rc.2 (#144)

* dalek-2.0.0-rc.2

* fix verfer tests

* format

* remove unused import

* don't be explicit about packages we no longer use

* revert to verify()

* use trait

* make preflight checks better

* clippy

* clippy

* makefile improvements

* fix wasm, add to preflight

* add wasm to ci

* install wasm-pack

---------

Co-authored-by: Kevin Griffin <griffin.kev@gmail.com>

.github/workflows/test.yml

@@ -29,7 +29,7 @@ jobs:
         run: cargo fmt --all -- --check
 
       - name: Outdated
-        run: cargo outdated -R --ignore rand --exit-code 1
+        run: cargo outdated -R --exit-code 1
 
       - name: Audit
         run: cargo audit
@@ -51,6 +51,12 @@ jobs:
         with:
           version: '0.22.0'
 
+      - name: WASM Sanity Build
+        run: |
+          cd wasm
+          cargo install wasm-pack
+          wasm-pack build
+
       - name: Upload to codecov.io
         uses: codecov/codecov-action@v3
         with:

Cargo.toml

@@ -15,20 +15,19 @@ base64 = "~0.21"
 blake2 = "~0.10"
 blake3 = "~1"
 chrono = { version = "~0.4", default-features = false, features = ["clock"] }
-ed25519-dalek = "~1"
+ed25519-dalek = { version = "2.0.0-rc.2", features = ["rand_core"] }
 indexmap = "~1"
 k256 = "~0.13"
 lazy_static = "~1"
 num-rational = "~0.4"
 p256 = "~0.13"
-rand = "0.7.0" # this needs pinning for one of the seeding pieces of a signing suite
 rand_core = "~0.6"
 regex = "~1"
 serde_json = { version = "~1", features = ["preserve_order"] }
 sha2 = "~0.10"
 sha3 = "~0.10"
 thiserror = "~1"
-zeroize = "~1"
+zeroize = { version = "~1", features = ["derive"] }
 
 [dev-dependencies]
 hex-literal = "0.4.0"

Makefile

@@ -1,15 +1,23 @@
+setup:
+	cargo install cargo-tarpaulin cargo-outdated cargo-audit wasm-pack
+
 clean:
 	cargo clean
 
 fix:
 	cargo fix
 	cargo fmt
 
+clippy:
+	cargo clippy --all-targets -- -D warnings
+
 preflight:
-	cargo audit
 	cargo fmt --check
-	cargo outdated -R --ignore rand --exit-code 1
+	cargo outdated -R --exit-code 1
+	cargo audit
+	cargo check
 	cargo clippy -- -D warnings
 	cargo build --release
 	cargo test --release
 	cargo tarpaulin
+	cd wasm && wasm-pack build && wasm-pack build --target=nodejs

src/core/verfer.rs

@@ -198,16 +198,17 @@ mod test {
         let bad_ser = hex!("e1be4d7a8ab5560aa4199eea339849ba8e293d55ca0a81006726d184519e647f"
                                      "5b49b82f805a538c68915c1ae8035c900fd1d4b13902920fd05e1450822f36df");
 
-        let mut csprng = rand::rngs::OsRng::default();
-        let keypair = ed25519_dalek::Keypair::generate(&mut csprng);
+        let mut csprng = rand_core::OsRng::default();
+        let keypair = ed25519_dalek::SigningKey::generate(&mut csprng);
 
         let sig = keypair.sign(&ser).to_bytes();
         let mut bad_sig = sig;
         bad_sig[0] ^= 0xff;
 
-        let raw = keypair.public.as_bytes();
+        let raw = keypair.verifying_key().to_bytes();
 
-        let mut m = Verfer::new(Some(matter::Codex::Ed25519), Some(raw), None, None, None).unwrap();
+        let mut m =
+            Verfer::new(Some(matter::Codex::Ed25519), Some(&raw), None, None, None).unwrap();
         assert!(m.verify(&sig, &ser).unwrap());
         assert!(!m.verify(&bad_sig, &ser).unwrap());
         assert!(!m.verify(&sig, &bad_ser).unwrap());
@@ -263,7 +264,7 @@ mod test {
         let private_key = SigningKey::random(&mut csprng);
 
         let sig = <SigningKey as Signer<Signature>>::sign(&private_key, &ser).to_bytes();
-        let mut bad_sig = sig.clone();
+        let mut bad_sig = sig;
         bad_sig[0] ^= 0xff;
 
         let public_key = VerifyingKey::from(private_key);
@@ -276,7 +277,7 @@ mod test {
         assert!(!m.verify(&sig, &bad_ser).unwrap());
         assert!(m.verify(&[], &ser).is_err());
 
-        m.set_code(&matter::Codex::ECDSA_256r1N);
+        m.set_code(matter::Codex::ECDSA_256r1N);
         assert!(m.verify(&sig, &ser).unwrap());
         assert!(!m.verify(&bad_sig, &ser).unwrap());
         assert!(!m.verify(&sig, &bad_ser).unwrap());

src/crypto/sign.rs

@@ -74,34 +74,40 @@ pub(crate) fn verify(code: &str, public_key: &[u8], sig: &[u8], ser: &[u8]) -> R
 }
 
 mod ed25519 {
-    use ed25519_dalek::{
-        ed25519::signature::Signer, Keypair, PublicKey, SecretKey, Signature, Verifier,
-    };
-    use rand::rngs::OsRng;
+    use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
+    use rand_core::OsRng;
 
     use crate::error::Result;
 
     pub(crate) fn generate() -> Result<Vec<u8>> {
         let mut csprng = OsRng {};
-        let private_key: SecretKey = SecretKey::generate(&mut csprng);
-        Ok(private_key.as_bytes().to_vec())
+        let mut private_key = SigningKey::generate(&mut csprng);
+        let verifying_key = private_key.verifying_key();
+        let mut weak = verifying_key.is_weak();
+
+        while weak {
+            private_key = SigningKey::generate(&mut csprng);
+            let verifying_key = private_key.verifying_key();
+            weak = verifying_key.is_weak();
+        }
+
+        Ok(private_key.to_bytes().to_vec())
     }
 
     pub(crate) fn public_key(private_key: &[u8]) -> Result<Vec<u8>> {
-        let private_key = SecretKey::from_bytes(private_key)?;
-        let public_key: PublicKey = (&private_key).into();
+        let private_key = SigningKey::from_bytes(&private_key[..32].try_into()?);
+        let public_key: VerifyingKey = (&private_key).into();
         Ok(public_key.as_bytes().to_vec())
     }
 
     pub(crate) fn sign(private_key: &[u8], ser: &[u8]) -> Result<Vec<u8>> {
-        let private_key = SecretKey::from_bytes(private_key)?;
-        let public_key: PublicKey = (&private_key).into();
-        Ok(Keypair { secret: private_key, public: public_key }.sign(ser).to_bytes().to_vec())
+        let private_key = SigningKey::from_bytes(private_key.try_into()?);
+        Ok(private_key.sign(ser).to_bytes().to_vec())
     }
 
     pub(crate) fn verify(public_key: &[u8], sig: &[u8], ser: &[u8]) -> Result<bool> {
-        let public_key = PublicKey::from_bytes(public_key)?;
-        let signature = Signature::from_bytes(sig)?;
+        let public_key = VerifyingKey::from_bytes(public_key.try_into()?)?;
+        let signature = Signature::from_bytes(sig.try_into()?);
 
         match public_key.verify(ser, &signature) {
             Ok(_) => Ok(true),

wasm/src/primitives/bexter.rs

@@ -1,7 +1,7 @@
 use std::ops::Deref;
 
 use crate::{error::*, Wrap};
-use cesride_core::{Bexter, Bext, Matter};
+use cesride_core::{Bext, Bexter, Matter};
 use wasm_bindgen::prelude::*;
 
 #[wasm_bindgen(js_name = Bexter)]